Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive - request #943

Closed
hwtechsupport opened this issue Dec 19, 2024 · 2 comments · Fixed by Phishing-Database/phishing#563
Closed

False Positive - request #943

hwtechsupport opened this issue Dec 19, 2024 · 2 comments · Fixed by Phishing-Database/phishing#563
Assignees
@mitchellkrogza @funilrys
Labels
false positive Should not be listed

Comments

@hwtechsupport
Copy link

Domains or links
Please list any domains and links listed here that you believe are a false positive.

ams-shared-2.hostwindsdns.com

More Information
How did you discover your website or domain was listed here?

  1. Website was hacked
  2. Incorrectly marked as Phishing on Phishtank or OpenPhish?

Have you requested removal from other sources?
Please include all relevant links to your existing removals / whitelistings.

Additional context
Add any other context about the problem here.

https://hw-screenshots.sea-proxy.windystorage.com/screenshots/2024-12-19_15-43-00_ab92873a-51a8-43f0-a96e-1db9cddd87de.png

We understand being listed on a Phishing Database like this can be frustrating and embarrassing for many web site owners. The first step is to remain calm. The second step is to rest assured one of our maintainers will address your issue as soon as possible. Please make sure you have provided as much information as possible to help speed up the process.

Send a Pull Request for faster removal
Users who understand github and creating Pull Requests can assist us with faster removals by sending a PR to mitchellkrogza/phishing repository, on the falsepositive.list file

https://github.com/mitchellkrogza/phishing/blob/main/falsepositive.list
Please include the same above information to help speed up the whitelisting process.
@hwtechsupport hwtechsupport added the false positive Should not be listed label Dec 19, 2024
@funilrys funilrys moved this from 🆕 New to 📋 Backlog in Phishing Database Backlog Dec 24, 2024
@g0d33p3rsec
Copy link

looking over the urlscan history, the only malicious content I am seeing is from 4 years ago.
https://urlscan.io/search/#ams-shared-2.hostwindsdns.com
https://urlscan.io/result/11f85520-0c7b-4f5b-91a4-adaaef05a24c/
https://urlscan.io/result/d67f489e-a6af-45d3-bd5e-056646a4d2cc/
The related account seems to have been suspended since July 14, 2020.

11f85520-0c7b-4f5b-91a4-adaaef05a24c
d67f489e-a6af-45d3-bd5e-056646a4d2cc
4badbe9b-22d9-4aab-bec8-d3e681e4c28e

https://cleantalk.org/blacklists/23.254.228.123
https://cdn-front.cleantalk.org/blacklists/23.254.228.193
image

  1. Website was hacked

does that align with the time of your incident?

@g0d33p3rsec
Copy link

double checked the db and those are the only two entries for that subdomain

https://ams-shared-2.hostwindsdns.com/~qzsfapqt/dkb
https://ams-shared-2.hostwindsdns.com/~qzsfapqt/dkb/credit.php

image
image

the parent domain does have many more entries, did you loose control of your DNS?

http://ams-shared-12.hostwindsdns.com/~ptmjzpjr/raiffei/index.php?error_login=verfgernummer%20ungltig.
http://dal-business-25.hostwindsdns.com/~mumlclim/akt
http://dal-shared-11.hostwindsdns.com/~wdpwpqmj/wp-includes/theme-compat/cpsess5721925080/file/up343453456/1213456624/inter/account/tmp/expires/banks/Desjardins
http://dal-shared-11.hostwindsdns.com/~wdpwpqmj/wp-includes/theme-compat/cpsess5721925080/file/up343453456/1213456624/inter/account/tmp/expires/banks/Desjardins/ondetverifier.html
http://dal-shared-11.hostwindsdns.com/~wdpwpqmj/wp-includes/theme-compat/cpsess5721925080/file/up343453456/1213456624/inter/account/tmp/expires/banks/Simplii
http://hwsrv-1252301.hostwindsdns.com
http://hwsrv-728665.hostwindsdns.com/Finance/atb/details.php
http://hwsrv-728665.hostwindsdns.com/Finance/atb/finishmsg.html
http://hwsrv-728665.hostwindsdns.com/Finance/atb/secquestions.php
http://hwsrv-943988.hostwindsdns.com/ad2d.php
https://ams-business-7.hostwindsdns.com/~tupxyyaq/netflix
https://ams-business-8.hostwindsdns.com/~pggtflir/dkb
https://ams-business-8.hostwindsdns.com/~pggtflir/dkb/credit.php
https://ams-shared-11.hostwindsdns.com/~ztzabnfm/fifa210/fonts/velviqrk/Fbm
https://ams-shared-2.hostwindsdns.com/~qzsfapqt/dkb
https://ams-shared-2.hostwindsdns.com/~qzsfapqt/dkb/credit.php
https://ams-shared-7.hostwindsdns.com/~jhrsmshs/particulares.bancosantander.es/Santander
https://ams-shared-7.hostwindsdns.com/~xgtlfrsx/alpha/alphsecure
http://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppl/verification/app/signin.php
https://hwsrv-926859.hostwindsdns.com/a4025faae0e2679c5d59ca43a8da579a
https://sea-shared-10.hostwindsdns.com/~jbuhbuju/update/en/auth/?pwd=applexN9dG1/login.php?id=60049113
https://sea-shared-10.hostwindsdns.com/~jbuhbuju/update/en/auth/xN9dG1/login.php
https://sea-shared-10.hostwindsdns.com/~jbuhbuju/update/en/auth/xN9dG1/login.php?id=3207548
https://sea-shared-10.hostwindsdns.com/~jbuhbuju/update/en/auth/xN9dG1/login.php?id=33039382
https://sea-shared-10.hostwindsdns.com/~jbuhbuju/update/en/auth/xN9dG1/login.php?id=94658358
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppltest
https://sea-shared-16.hostwindsdns.com/~jjftndem/alerte/ppltest/verification

@g0d33p3rsec g0d33p3rsec mentioned this issue Dec 28, 2024
Merged
@github-project-automation github-project-automation bot moved this from 📋 Backlog to ✅ Done in Phishing Database Backlog Dec 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mitchellkrogza mitchellkrogza

@funilrys funilrys

Labels
false positive Should not be listed
Projects
Phishing Database Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add ams-shared-2.hostwindsdns.com to falsepositives g0d33p3rsec/phishing
4 participants
@mitchellkrogza @funilrys @g0d33p3rsec @hwtechsupport