False Positive | mmtro.com

[Solvik]

What are the subjects of the false-positive (domains, URLs, or IPs)?

• mmtro.com

Why do you believe this is a false-positive?

I've opened an issue last week on this very domain but it came back and I don't udnerstand how

the two URLs reported always returned a 403, it was never exploited as phishing

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

I discovered this false-positive by getting a report from VirusTotal

Have you requested a review from other sources?

No response

Do you have a screenshot?

No response

Additional Information or Context

We've been reporting the domain as false positive for several times and we never found proof that it was used as phishing

It's not an openredirect so the fact a pwned domain is passed as a GET argument is not sufficient proof that it's exploited for phishing purposes

Thanks a lot for your help

[phishing-database-bot]

Verification Required

@Solvik, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-8c0b041c50637859c5525275f8ea2d8379e5df24

   Your Verification ID: antiphish-8c0b041c50637859c5525275f8ea2d8379e5df24

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at contact@phish.co.za - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[Solvik]

see #1462

[Lowaiz]

These 2 URLS are still flagged inside the phishing-links-ACTIVE.txt file, while they both respond with a 403 status code, and with a Page not found HTML content:

http://mmtro.com/c?tagid=6565774-fc05868ce53638cc265ed86660c435cc&rtgzid=1887&idc=82679&redir=http://ksmuou1p5egy.karlthehandyman.com?=peter.ongena@ing.be
http://mmtro.com/c?tagid=6565774-fc05868ce53638cc265ed86660c435cc&rtgzid=1887&idc=82679&redir=http://ksMuou1P5egy.karlthehandyman.com?=peter.ongena@ing.be

Can you remove them from the database please ?

Thanks a lot for your help.