False Positive | binbit.net

[iacaro]

What are the subjects of the false-positive (domains, URLs, or IPs)?

binbit.net

Why do you believe this is a false-positive?

I believe this is a false-positive because this is our company website. No phishing site there.

How did you discover this false-positive(s)?

Other (Please fill out the next box)

Where did you find this false-positive if not listed above?

I discovered this false-positive by running Imunify 360 on the server

Have you requested a review from other sources?

No, I did not find this site on any other list.

Do you have a screenshot?

Screenshot

Additional Information or Context

I have also noticed that...

[phishing-database-bot]

Verification Required

@iacaro, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-85347e0429b8e34dc036d4fffaaa08c831d50cdf

   Your Verification ID: antiphish-85347e0429b8e34dc036d4fffaaa08c831d50cdf

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[iacaro]

Done. Thanks.

[spirillen]

Hello there!

Thank you for your message and for bringing this to our attention. It appears we’ve stumbled upon a classic case of “example domain confusion” – a bit like trying to order a proper cup of tea in a coffee shop, isn’t it?

To proceed with the whitelist process, it is required to change the issue topic to reflect the actual situation regarding your domain (and domain name only). Until that’s done, I’m afraid we’ll be stuck in a bit of a holding pattern, much like a plane circling Heathrow on a foggy day.

As a gentle reminder, the RFCs concerning example domains (RFC 2606) clarify that domains like example.com, example.net, and example.org are reserved for documentation and should not be used for actual operational purposes.

Once you’ve made the necessary adjustments, we’ll be more than happy to unlock the issue and continue our merry way. Looking forward to your update!

Cheers!
@spirillen

[phishing-database-bot]

Closing.

Domain(s) or IP(s) not found in issue message or title.

-- We appreciate your help in refining this. Please let us know if anything seems incorrect.

[spirillen]

Comments

DNS Check

ptcheck binbit.net antiphish-85347e0429b8e34dc036d4fffaaa08c831d50cdf
Failed to query DNS TXT record for _phishingdb.binbit.net

Known phishing records

What can you tell me about these records, known to us from the PD project?

Please take the time to update PyFunceble!
Your version: 4.3.0a15.dev (Blue Duckling: Tulip)
Upstream version: 4.3.0a23.dev (Blue Duckling: Tulip)


Subject                                                                                              Status      Source     Expiration Date   HTTP Code  Checker       Tested At          
---------------------------------------------------------------------------------------------------- ----------- ---------- ----------------- ---------- ------------- -------------------
https://binbit.net/Grimsrudpdfdoc                                                                    ACTIVE      HTTP CODE  Unknown           301        AVAILABILITY  11. Apr 2025 13:18:37

Execution Time: 00:00:00:44.197454

Verdict

A 301 redirect on a suspected phishing url are never the first choice....

HTTP response status codes 410 Gone

The guidelines outlined in RFC 7231, specifically section 6.5.9, are quite explicit: the appropriate status code to use for links that will not be restored is 410 Gone. In contrast, a 404 status code indicates that the resource is temporarily unavailable.

The 410 (Gone) status code indicates that access to the target resource is no longer available at the origin server and that this condition is likely to be permanent. If the origin server does not

know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) ought to be used instead.

The 410 response is primarily intended to assist the task of web maintenance by notifying the recipient that the resource is intentionally unavailable and that the server owners desire that remote links to that resource be removed. Such an event is common for limited-time, promotional services and for resources belonging to individuals no longer associated with the origin server's site.
It is not necessary to mark all permanently unavailable resources as "gone" or to keep the mark for any length of time -- that is left to the discretion of the server owner.

A 410 response is cacheable by default; i.e., unless otherwise indicated by the method definition or explicit cache controls

---

Thank you for reaching out. I want to clarify that I am not the owner of this project nor user of it. I assist with the whitelisting of domains to the best of my ability, but I do this as an unpaid volunteer in my free time. Your understanding and patience are greatly appreciated.
Additionally, I would like to share that I occasionally struggle with a mild degree of PTSD, which means I tend to forget even small details, like did I have breakfast this morning. So please bare with me, if I'm loosing the thread sometimes. Your understanding and patience in this matter are greatly appreciated.

If you feel inclined to buy me a cup of Coffee, it would certainly help speed up the process, but please know that it will not influence my decisions or verdicts in any way.

Additionally, I want to be very clear: I do not access any Cloudflare, CloudFront, or Google networks. This is a matter of principle for me, as I believe in upholding human rights, the right to online privacy, and network security. These services often intercept traffic to collect personally identifiable information (PII), which I believe compromises our autonomy and makes us all puppets to the big tech puppeteers.

Thank you for your understanding!

Best regards.