Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive | santander.kwh.fino.digital #1059

Open
madmuffin1 opened this issue Jan 24, 2025 · 2 comments
Open

False Positive | santander.kwh.fino.digital #1059

madmuffin1 opened this issue Jan 24, 2025 · 2 comments
Assignees
@mitchellkrogza @funilrys @spirillen @g0d33p3rsec

Comments

@madmuffin1
Copy link

What are the subjects of the false-positive (domains, URLs, or IPs)?

  • santander.kwh.fino.digital

Why do you believe this is a false-positive?

I believe this is a false-positive because...

We, fino run GmbH are supervised by the German Federal Financial Authority (BaFin) (see https://portal.mvp.bafin.de/database/InstInfo/institutDetails.do?cmd=loadInstitutAction&;institutId=150228) As such, we are account switching service provider for more than 500 banks in Germany. The account switching service is a white-label SaaS solution, that banks offer their customers, therefore the application is following the banks style-guide accordingly. One of our customers is Santander Germany. This login page is intended to be used by bank staff only.

If required, we are happy to provide more information if required.

Thank you,
Patrick

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

I discovered this false-positive by...

Have you requested a review from other sources?

I have requested a review from...

JeroenGUI, BrightCloud, AlphaMountain, CRDF, FortiGuard, Netcraft

The request has been approved by

Netcraft (https://sitereport.netcraft.com/?url=https%3A%2F%2Fsantander.kwh.fino.digital)

FortiGuard (https://fortiguard.fortinet.com/webfilter)

and JeroenGui

but is still pending for most other lists.

Do you have a screenshot?

Screenshot

Additional Information or Context

I have also noticed that...
@phishing-database-bot
Copy link
Member

Verification Required

@madmuffin1, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

  1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

    • Record Name: _phishingdb
    • Record Value: antiphish-391a076ae4d26a922c6a16fdf5a31cf3c9bd04cf

    Your Verification ID: antiphish-391a076ae4d26a922c6a16fdf5a31cf3c9bd04cf

  2. Wait for DNS propagation (this may take a few minutes to a few hours).

  3. Reply to this issue once the TXT record has been set.

Important Notes

  • Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
  • If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

@madmuffin1
Copy link
Author

requested TXT record has been set.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mitchellkrogza mitchellkrogza

@funilrys funilrys

@spirillen spirillen

@g0d33p3rsec g0d33p3rsec

Labels
None yet
Projects
Phishing Database Backlog
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
6 participants
@madmuffin1 @mitchellkrogza @funilrys @spirillen @g0d33p3rsec @phishing-database-bot