Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive | ldsofmichigan[.]com #780

Open
sarahlloyd-cgi opened this issue Mar 10, 2025 · 4 comments
Open

False Positive | ldsofmichigan[.]com #780

sarahlloyd-cgi opened this issue Mar 10, 2025 · 4 comments
Assignees
@mitchellkrogza @funilrys @g0d33p3rsec

Comments

@sarahlloyd-cgi
Copy link

What are the subjects of the false-positive (domains, URLs, or IPs)?

  • ldsofmichigan.com

Why do you believe this is a false-positive?

I believe this is a false-positive because my company owns this website and we have removed any malicious content.

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

n/a

Have you requested a review from other sources?

n/a

Do you have a screenshot?

Screenshot

Additional Information or Context

]
@spirillen
Copy link
Contributor

Comments

DNS Check

Known phishing records

What can you tell me about these records, known to us from the PD project?

Subject                                                                                              Status      Source     Expiration Date   HTTP Code  Checker       Tested At          
---------------------------------------------------------------------------------------------------- ----------- ---------- ----------------- ---------- ------------- -------------------
https://ldsofmichigan.com/wp-admin/cf/uy/step1.php?id=58182957                                       ACTIVE      HTTP CODE  Unknown           200        AVAILABILITY  11. Mar 2025 12:18:37

Execution Time: 00:00:00:58.462794

Verdict

Nothing, as their are no DNS TXT validation, and the PD record are still active, and stuff served over wp-admin/ are seriously bad, not at least because that path should be protected by IP + extra username + passsword as Wordpress is insecure by default. Just as it is the most used Porn CMS makes it the target

Thank you for reaching out. I want to clarify that I am not the owner of this project nor user of it. I assist with the whitelisting of domains to the best of my ability, but I do this as an unpaid volunteer in my free time. Your understanding and patience are greatly appreciated.
Additionally, I would like to share that I occasionally struggle with a mild degree of PTSD, which means I tend to forget even small details, like did I have breakfast this morning. So please bare with me, if I'm loosing the thread sometimes. Your understanding and patience in this matter are greatly appreciated.

If you feel inclined to buy me a cup of coffee, it would certainly help speed up the process, but please know that it will not influence my decisions or verdicts in any way.

Additionally, I want to be very clear: I do not access any Cloudflare, CloudFront, or Google networks. This is a matter of principle for me, as I believe in upholding human rights, the right to online privacy, and network security. These services often intercept traffic to collect personally identifiable information (PII), which I believe compromises our autonomy and makes us all puppets to the big tech puppeteers.

Thank you for your understanding!

Best regards.

@spirillen
Copy link
Contributor

Verification Required

Thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

  1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

    • Record Name: _phishingdb
    • Record Value: antiphish-8fddec8fdc38c2cbaea783c8785abc5e77ac0c61

    Your Verification ID:

    antiphish-8fddec8fdc38c2cbaea783c8785abc5e77ac0c61

  2. Wait for DNS propagation (this may take a few minutes to a few hours).

  3. Reply to this issue once the TXT record has been set.

Important Notes

  • Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

The command line:

  • Nix based OS should use

    dig TXT _phishingdb.example.com

  • Spyware OS should be able to use this command

    nslookup -type=TXT _phishingdb.example.com

There are also a few apps, specipicly design to this task here:

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

@spirillen
Copy link
Contributor

Search results

Lookup provided by My Privacy DNS

DNS Servers

rosemary.ns.cloudflare.com.
rudy.ns.cloudflare.com.

@spirillen spirillen removed their assignment Mar 11, 2025
@sarahlloyd-cgi
Copy link
Author

Hello, I have added the TXT record.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mitchellkrogza mitchellkrogza

@funilrys funilrys

@g0d33p3rsec g0d33p3rsec

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mitchellkrogza @funilrys @spirillen @sarahlloyd-cgi @g0d33p3rsec