IT.COM

reviews Somebody reported my blog to Phishtank and they suspended my domain name

NameSilo
Watch

decades80

Account Closed (Requested)
Impact
2,261
I can not believe that this goes so easy. I tried yesterday to set up my domain and was thinking that I changed the cname because it was not resolving. Than later on I wrote to Namecheap and asked where I can see the history of cname entries. I got this:

Hello Robert,

Thank you for contacting Namecheap Support Team!

Please accept our sincere apologies for the delayed reply.

Regrettably, the status Server Hold has been assigned to your domain name ++++++++ by Registry.

In order to fix the issue, please contact the domain's Registry at https://radix.website/contact as soon as possible and follow their instructions then.

Feel free to update this ticket if you have any questions or concerns.

I contacted Radix and got this:

Hello Robert,

We see that your domain has been suspended by "Phishtank" as they suspect your domain to be involved in Phishing. Therefore we would request you to kindly contact Phishtank and have the domain unsuspended, you can check the below link:
https://www.phishtank.com/

Once the domain is delisted kindly let us know and we will initiate communication with the registry and ask them to unsuspend the domain name.

Kindly check and let us know if you need any further assistance.

Regards,
Hari

Is it really so easy? To report a plain blog for phishing and they simply suspend domain without notice?
 
5
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Is your domain newly registered (ie. registered only by you since its creation) or was it used in the past by someone else?

Maybe an old report might have gotten in effect when your domain got live again.
If that's the case then that would be easy to fix by contacting them and letting them know that domain now has a new owner.

I had a similar case in the past where Avast showed one of my domains as a malware domain. All I did was letting them know that the domain now has a new owner and that was it.
 
2
•••
Are you violating a trademark?
 
1
•••
Are you violating a trademark?

No, it was generic .press name, only bought for a mini site. It was clearly reported as phishing site, I got the reason at phishtank. It was not a TM or any legal issue, I guess WIPO is the platform to report such or not?
 
0
•••
Correct, WIPO would be the place to report a TM problem. Glad you got fixed.
 
1
•••
No, it was generic .press name, only bought for a mini site. It was clearly reported as phishing site, I got the reason at phishtank. It was not a TM or any legal issue, I guess WIPO is the platform to report such or not?

If you contact phishtank (and if you are willing), please share with us what happened. I'm curious how that report came to be.
If you have ads on your mini-site, could the content of an ad lead to a report?
 
2
•••
If you contact phishtank (and if you are willing), please share with us what happened. I'm curious how that report came to be.
If you have ads on your mini-site, could the content of an ad lead to a report?
Could be that phishing site was using Adwords, well see, but if its so easy to report and you only need somebody to confirm, I would be rather affraid for all my parked names.
 
1
•••
nice read , great info to know :xf.eek:
 
Last edited:
0
•••
No, it was generic .press name, only bought for a mini site. It was clearly reported as phishing site, I got the reason at phishtank. It was not a TM or any legal issue, I guess WIPO is the platform to report such or not?

Did you agree with Phishtank or did they agree with you? What is the current status of this domain? If it is still in their list or have they removed it? if it's still in their list what are they saying you need to do, to get it removed from their list? Are they being helpful or unhelpful?
 
1
•••
Stub they have not even responded and i was writing them twice. I just switched to another domain and insert the cname records of the blog.
 
3
•••
I hate that this sort of thing happens so easily. A lot of straight up punks out there that will sabotage you any chance they get. Its as easy as reporting a domain.
 
Last edited:
2
•••
Why does Radix (the registry) depends upon third-party-site/forum phishing reports? Never heard Verisign or other registries suspending domains because someone reported to some forum and few members upvoted it!!

How reliable and trustworthy is PhishTank data?

BTW, the PhishTank marks domain/URL as phishing only by counting member votes. What if a competitor creates 15 accounts on PhisTank forum, and submit 1 [false] phishing complaint and other 14 accounts marking the same as "phishing" site and then the competitors' domain is suspend by the registry!! OMG!

@decades80 thanks for bring this to our notice here. Will stay away from Radix registry TLDs. Whose gonna invest in those domains and then some day some random false phishing complaint against your domain and the domain is gone!
 
Last edited:
3
•••
Our company faced even much bigger problems when Radix blocked our domain for 24hours due to falling into PhishTank's list. You can never be sure about security of your business while domain registered in Radix zones. Moreover, in our case, it was well-prepared attack via phishtank by a real phishing website.

Аttackers submitted CryptobrowserDotSite to Phishtank service, who quickly detected it as a phishing website without any verification of facts or prior checking. The decision of a community-based phishing verification system Phishtank, was based on a few anonymous votes!

By the time of the incident, its audience reached 2.5 million users from all over the world and more than 3 million daily visitors of product's official website CryptobrowserDotSite
 
2
•••
i think the phish report were made because of the previous owner of the domain were using it to for phishing
 
0
•••
I have had names reported for beating opposition in search engines.
 
1
•••
i think the phish report were made because of the previous owner of the domain were using it to for phishing

It's totally impossible.

1. This domain had never been registered by anyone before.
2. The website has been successfully operating for almost a year when it got to Phistank list.
 
0
•••
You are wrong @Jen005, Since I was formely with PhishTank I can clearly tell that Only phishtank.com's moderators' votes and phishing URLs submitted by various Anti-virus companies and blacklist databases are counted. These moderators verify if its really a phishing site or not and then only mark it as phishing site. Users cannot influence the phishing URL by simply creating accounts (fake ones) or voting for/against it.
 
Last edited:
4
•••
You are wrong @Jen005, Since I was formely with PhishTank I can clearly tell that Only phishtank.com's moderators' votes and phishing URLs submitted by various Anti-virus companies and blacklist databases are counted. These moderators verify if its really a phishing site or not and then only mark it as phishing site. Users cannot influence the phishing URL by simply creating accounts (fake ones) or voting for/against it.
Thank you for answering that! Is there an appeals process in the event a mistake is made? Thank you in advance!
 
0
•••
Thank you for answering that! Is there an appeals process in the event a mistake is made? Thank you in advance!

yes, the domain-owner can appeal by either selecting "false positive or false negative" by clicking the link in the phishing report for respective URL. Please remember that it is only for individual URL and not entire domain. Also, removing URLs from PhishTank does not removes them from the original feeds like blacklist databases, anti-virus companies, etc. Domain owner has to contact each anti-virus database individually and request them to remove it, or else it will again appear in PhishTank if its still ONLINE.
 
3
•••
yes, the domain-owner can appeal by either selecting "false positive or false negative" by clicking the link in the phishing report for respective URL. Please remember that it is only for individual URL and not entire domain. Also, removing URLs from PhishTank does not removes them from the original feeds like blacklist databases, anti-virus companies, etc. Domain owner has to contact each anti-virus database individually and request them to remove it, or else it will again appear in PhishTank if its still ONLINE.

How many confirmations from moderators are needed for domain to be added to a phishing list? And another question - does Phishtank bear any responsibility for this kind of issues? Our domain was totally blocked for 24 hours and we’ve suffered huge losses because of this mistake.
 
0
•••
How many confirmations from moderators are needed for domain to be added to a phishing list? And another question - does Phishtank bear any responsibility for this kind of issues? Our domain was totally blocked for 24 hours and we’ve suffered huge losses because of this mistake.

1. Minimum 5 moderators are required to validate a phishing report. Some doubtful URLs require 10 people to upvote.

2. Though every link is manually verified and also checked with other phishing sources such as OpenPhish, CleanMX, Malvertise, sometimes there can be a false positive and such URLs are instantly whitelisted once someone reports it.
 
0
•••
Your blog was probably compromised. Could be the script that runs it or a third party plugin.
 
0
•••
How it could have happened then that our domain was detected as a phishing one? cryptobrowser dot site has nothing to do with phishing! We have over 2.5 million monthly active users and for more than a year now we provide the best service of its kind.
It's very possible that those 5 or 10 phishtank moderators voted to blacklist the domain without even looking deeply into the issue or checking the facts. So it seems that they were interested in our domain particularly.
We've suffered enormous traffic and reputational damage that resulted in significant financial losses (we assume it's about XXXXXX$ figure up to this day). Obviously, it's a completely phishtank's fault and they still don't provide any feedback or take any responsibility for what happened.
 
0
•••
How it could have happened then that our domain was detected as a phishing one? cryptobrowser dot site has nothing to do with phishing! We have over 2.5 million monthly active users and for more than a year now we provide the best service of its kind.
It's very possible that those 5 or 10 phishtank moderators voted to blacklist the domain without even looking deeply into the issue or checking the facts. So it seems that they were interested in our domain particularly.
We've suffered enormous traffic and reputational damage that resulted in significant financial losses (we assume it's about XXXXXX$ figure up to this day). Obviously, it's a completely phishtank's fault and they still don't provide any feedback or take any responsibility for what happened.
In your particular case, you should be thankful that you have a free service pointing you in the right direction.
Your site, with reverse IP 190.2.136.200, is blacklisted almost everywhere. Securi, SpamHouse, AbuseIP, Maltiverse etc.
You're even hosting generic malware! e.g. CryptoTabBrowserx64__cf8VRUd.exe/Trojan.PWS.Siggen2

Conclusion:
Your site has been compromised and easily hackable. Urgently get someone (not me) to do vulnerability test on your site and fix things.
 
Last edited:
0
•••
Where did you get this information ? Do you have any proofs? You didn’t provide any facts as I see. Here are my facts:

sitecheck.sucuri.net/results/https/cryptobrowser.site

abuseipdb.com/check/190.2.136.200

virustotal.com/#/url/86fofbe3448acd93ebbde59a96c42109f0d7926d3687686e2959bex465be4dfd/detection

Check it and don’t extend false information anymore.

The domain sometimes falls into the spamhouse list. This happens because the project is public, with a large amount of traffic and a huge audience (more than 2.5 million). We have automatic mailing for the new users, thousands daily. Then we send them email verification and welcome letters. Also we send payment confirmations for the verified users. The spamhouse system automatically triggering on it (we use the “sendgrid” service for mailings), sometimes we appear in the list and then they remove us from it.


We’re getting a little bit-off topic: phishtank blocks websites and services without any reason and accuse it of phishing. In our case, this led to huge financial and reputational losses. Who is responsible for such mistakes? Moreover, in our particular case, the actions of phishtank helped to promote the real phishing websites . Our users could not find the original site and came to phishing websites from search results. After the incident, we’ve received claims from victims for a long time. Do you have something to say about it?
 
Last edited:
0
•••
Back