Add/Update entries in falsepositive.list

[whitetiger264]

Domain/URL/IP(s) where you have found the Phishing:

ccchange.net
nomadnamibia.com
namibiafoodshop.com
goodwill.com.na

Impersonated domain

No Record

Related external source

Describe the issue

1. CMS sites were compromised.
2. ImunifyAV shows us a list of affected domain names on WHM servers.

Screenshot

Click to expand

[spirillen]

I don't see anything that indicates you have solved your problem or what should have coursed the listing

[whitetiger264]

I don't see anything that indicates you have solved your problem or what should have coursed the listing

Sorry for that. These domain names run CMS websites, and they were compromised around May 2023. The developers have since made sure the CMS core, plugins and themes were updated and all malicious injections removed, which means there is no longer phishing activity originating from these domain names.

The listings on Google were successfully removed, however, ImunifyAV still shows us that they're listed here, hence the request to remove them.

[spirillen]

I'm parsing this one to @mitchellkrogza or @funilrys for re-checking the domain and log files to verify your changes are sufficient.

[spirillen]

Ping @mitchellkrogza @funilrys

[whitetiger264]

Hi @spirillen @mitchellkrogza @funilrys

Any idea when this can be expected to be resolved?

[spirillen]

Hi @whitetiger264

Would love to be able to add anything new, but this is entirely a back end issue, that only seems solvable by @mitchellkrogza, or maybe @funilrys have access?.

Please read #395 && mitchellkrogza/Phishing.Database#899