I'm looking into an issue for which 2 legit domains are falsely being flagged as phishing:

• https://hivedebit.com
• https://v4v.app

 
The issue with hivedebit was brought to my attention by @eddiespino on behalf of @starkerz. While investigating, I saw a similar problem with v4v.app. And here we are.

HIVEDEBIT.COM

V4V.APP

MORE CONTEXT

 
These are the bot public commands currently supported:

Who can blacklist a user or domain with the commands above:

• Top-40 witnesses
• 3 different users with reputation over 50 reporting the same user/domain
• (Myself)

Every time someone reports anything with the commands above, it also triggers a notification in this project's Discord.

I searched in my Discord history and there are no reports for these 2 domains.
I only see notifications of these 2 domains (wrongly) marked as phishing:

• Did someone maliciously use the on-chain command and quickly delete their comment to prevent my automated reply to go out?   [ it can easily be verified, and it would not stop the Discord notification ]

• Did the notifications in Discord fail for some reason, and I should dig into the code to find a bug?   [ it always worked though - PS. I just did a test and this seems fine ]

 
The only other explanation is that these domains were added for some reason (by mistake or legit reasons) in other blacklists that this bot consumes:

1. @spaminator's blacklists:

• https://spaminator.me/api/p/domains.json
• https://api.github.com/repos/gryter/plentyofphish/contents/phishingurls.txt?ref=master

@logic @guiltyparties any clue?

2. My own lists stored on Hive: @keys-defender/phishing-db
_{( These lists are periodically migrated to my own database as required )}

But only I have access to the latter. And these 2 flagged domains are not (and never were) there.

If the issue is not identified shortly, I'll add those domains to a whitelist to prevent more automated memos from going out incorrectly.

UPDATE 1

The issue seems to not be there anymore for v4v.app. It's still there for hivedebit.com so it should be easy for me to to find out where it's coming from.

UPDATE 2

It looks like it was just an innocent bug 🐛 - HiveDebit.com partially matched with another blacklisted domain.
For v4v.app instead, it's not currently being flagged as phishing but I would like to understand why it was. Waiting for some answers from the maintainers of the blacklists this bot consumes.
My thinking is that v4v might have been temporarily marked as compromised during the recent hack.

Appreciate the work I do? _{(that never received any sort of funding)}         VOTE for my witness