False Positive | campus.ceoearagon.es #1030
Comments
Verification Required@sebastianciocarlan, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:
Important Notes
How to Check the TXT Record ?You can verify that the TXT record is properly set using:
Thank you for your cooperation! We will address your issue as soon as possible after verification. The Phishing.Database Project Team. |
|
Should be done as soon as the DNS propagate |
|
Any update on this? The TXT should be ready |
|
Hi guys, sorry to be a nuisance but im still having students that cant enter the campus, could you pls remove us from the list? Also, could you check why did the subdomain got marked as a false positive? Thanks in advance |
|
ptcheck Thanks for using my tools. |
|
Maybe because you do hosts phishing and Spyware content...
We need access to a public site, we can not support intranet sites. |
github-project-automation
bot
moved this from 🆕 New
to ✅ Done
in Phishing Database Backlog
|
That doesn't really check out on my end.
These are all the logs I have from anyone trying to access anything remotely related to alibaba
And this is what is currently showing the link you posted. Am i suppoused to need certain GET token to access that page? Nothing in my webserver looks suspicious. |
|
We actually moved servers and started fresh 3 weeks ago. That might be old? I dont know the foster server hoster or so. Also the server that is currently hosting the campus is hosting several other campuses and neither are blacklisted by your service. I'd like to throw some light on this, Cheers. |
I understand your perspective, but access is restricted to members of the walled garden's intranet. I am committed to human rights, democracy, and free speech - values that this "educational" center does not seem to uphold. Additionally, as I've mentioned to others, we only provide support for publicly available domains, not intranet sites. |
I get a 404 for that URL. https://urlscan.io/result/8a4c1c2b-03a3-41ff-b9eb-44cf2a793da7/
I can successfully scan the reported domain with urlscan https://urlscan.io/result/3ed856e9-0660-42c8-b73f-0277090b81cf/ Screenshot, click to expand.
Other than the previously mentioned link, which was in our dataset, I am unable to find any other negative threat intelligence for this domain.
While it does seem that this domain was once host to malicious content, that issue appears to have been resolved. Give me a few minutes and I'll add the domain to the falsepositive list. |
|
@spirillen I noticed you closed this report and added the wontfix label after I staged Phishing-Database/phishing#742 I don't want to step on your toes, but personally am okay with adding this to the falsepositive list. We are the only outlier that is flagging this domain on VirusTotal and I only see the single link which seems to have since been resolved. |
|
Hi @g0d33p3rsec, I appreciate your enthusiasm for committing that PR and exploring domains that interest you. However, I believe it's important for us and the requestor to recognize that we shouldn't expect "support" for non-public domains. By choosing to limit access to those domains, they have made a decision that impacts our ability to assist. If we, as supporters, can't access a domain, it becomes challenging for us to verify, scan, or address any issues related to it. If you or anyone else chooses to navigate around these restrictions, that's entirely your decision, and I respect that. However, I feel that no one should be compelled to compromise their principles or rights in order to work on an issue. That's why I tend to close down these Cloudflare-censored "meta sheep farms" quickly; they have created their own limitations by restricting access and, in doing so, have shown a lack of support for democratic values. It's disappointing when entities prioritize their own interests over the collaborative spirit we value. Thank you for understanding my perspective! They locked us out, not the other way around. Therefore, I won't waste much time on those issues since they excluded me. If you can't uncover any deceitful actions, then please trust your heart, mind, and conscience. |
What are the subjects of the false-positive (domains, URLs, or IPs)?
Why do you believe this is a false-positive?
This is a false positive, it's a moodle my team is developing. Im guessing that since the site changed versions and server it might has been registered as a false positive.
How did you discover this false-positive(s)?
VirusTotal
Where did you find this false-positive if not listed above?
I discovered this false-positive when a student told me that his antivirus was blocking the site, then checked it on VirusTotal
Have you requested a review from other sources?
No, i didnt request any review from other sources. I only used Virus Total on the site and discovered that no one else is registering the site as a phishing, just Phishing Database.
Do you have a screenshot?
Screenshot
Additional Information or Context
I have also noticed that...
The text was updated successfully, but these errors were encountered: