Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive | https://2m.ma/ar/ #1029

Open
OMAYMAETTABAI opened this issue Jan 16, 2025 · 4 comments
Open

False Positive | https://2m.ma/ar/ #1029

OMAYMAETTABAI opened this issue Jan 16, 2025 · 4 comments
Assignees
@spirillen @g0d33p3rsec

Comments

@OMAYMAETTABAI
Copy link

What are the subjects of the false-positive (domains, URLs, or IPs)?

2m.ma : https://2m.ma/ar/

Why do you believe this is a false-positive?

I believe this is a false-positive because our website, 2m.ma/ar/, is a legitimate news and media platform for the second television channel in Morocco. We have thoroughly reviewed the site, and it does not contain any suspicious content or malware.

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

N/A

Have you requested a review from other sources?

I have also contacted Cloudflare, which provides security and performance services for our website, to review this false-positive detection. As the site owner, I have conducted a thorough internal review to ensure no malicious content is present.

Do you have a screenshot?

https://drive.google.com/file/d/1k5OUfXPHN4vSAYCjPZdns3HxowYBi8uH/view?usp=sharing

Additional Information or Context

I have also noticed that...
@phishing-database-bot
Copy link
Member

Verification Required

@OMAYMAETTABAI, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

  1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

    • Record Name: _phishingdb
    • Record Value: antiphish-0b5bd9ba7eb5dc9a21d9b6a47f0dd312f2ead497

    Your Verification ID: antiphish-0b5bd9ba7eb5dc9a21d9b6a47f0dd312f2ead497

  2. Wait for DNS propagation (this may take a few minutes to a few hours).

  3. Reply to this issue once the TXT record has been set.

Important Notes

  • Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
  • If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

@OMAYMAETTABAI
Copy link
Author

OMAYMAETTABAI commented Jan 17, 2025 via email

@OMAYMAETTABAI OMAYMAETTABAI mentioned this issue Jan 20, 2025
Closed
@OMAYMAETTABAI
Copy link
Author

Dear,

I’m following up on my previous message regarding the DNS TXT record verification for https://2m.ma/ar/. Could you kindly let me know if any further steps are needed from my side?

Thank you for your attention.

Best regards,

@spirillen
Copy link
Contributor

Cloudflare, which provides security and performance

An utterly absurd contradiction, I must say. CloudFlare does not provide security; rather, they do the opposite by decrypting all established connections to harvest personally identifiable information (PII) from your visitors. This action strips them of their fundamental human rights, freedoms, and any semblance of democracy. Before you pen such drivel again and propagate misleading claims that infringe upon human rights, I suggest you take a moment to familiarise yourself with the privacy statements and acceptable use policies in the contracts.

I won't go further on this topic until I see a HTTP code 410 or in lack thereof by a misconfiguration in the server 404

curl -IL https://2m.ma/ar
HTTP/2 403 
date: Sun, 02 Feb 2025 15:12:42 GMT
content-type: text/html; charset=UTF-8

HTTP 403, can never be other than a, On the best say, this could be down for a split second targeted my request methods.

Potentially Inactive Status Codes: https://github.com/Phishing-Database/Phishing.Database?tab=readme-ov-file#potentially-inactive-status-codes

HTTP response status codes 410 Gone

Indicates that the resource requested was previously in use but is no longer available and will not be available again. This should be used when a resource has been intentionally removed and the resource should be purged. Upon receiving a 410 status code, the client should not request the resource in the future. Clients such as search engines should remove the resource from their indices. Most use cases do not require clients and search engines to purge the resource, and a "404 Not Found" may be used instead.
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#4xx_client_errors

@spirillen spirillen moved this from 🆕 New to 🚫 Blocked / Waiting in Phishing Database Backlog Feb 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@spirillen spirillen

@g0d33p3rsec g0d33p3rsec

Labels
None yet
Projects
Phishing Database Backlog
Status: 🚫 Blocked / Waiting
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mitchellkrogza @funilrys @spirillen @OMAYMAETTABAI @g0d33p3rsec @phishing-database-bot