Re: Why is/who listed live.barcap.com as phishing?

itguy11 · ‎01-13-2014

This morning some of my users noticed that they couldn't get to the barcap trading platform, it seems opendns has decided this is a phishing URI.

Phishtank shows this as invalid, why is it still blocked?

2224368 https://live.barcap.com/UAB/ct_logon_basic?CT_ORIG_URL=%2FPRC%2Fservle...
added on Jan 10th 2014 8:20 PM by prebytes INVALID Offline

Not impressed with this. I think prebytes needs to meet a clue stick.

cptkaos · ‎01-13-2014

Still trying to get a hold of OpenDNS support staff to flush the cache. Ridiculous to say the least.

itguy11 · ‎01-13-2014

I raised a ticket and no response from that either. God knows how one person raising a phishtank report resulted in this.

rotblitz · ‎01-13-2014

"added on Jan 10th 2014 8:20 PM by prebytes INVALID Offline"

Beside https://www.phishtank.com/phish_detail.php?phish_id=2224368 I see also: Submitted Jan 12th 2014 11:30 AM by cleanmx for https://www.phishtank.com/phish_detail.php?phish_id=2226349

Whatever, did you open a support ticket?

rotblitz · ‎01-13-2014

"I raised a ticket and no response from that either."

You should have received an automatic e-mail confirmation with the ticket number within minutes. See your spam folders.

Simply add barcap.com to your "never block" list for the time being. You are not locked out!

itguy11 · ‎01-13-2014

re my ticket "This request is awaiting assignment to a support agent" so no progress for hours.

I can't white-list on my account, there is no option to allow me to do this. I suspect because i'm not a paying customer.

I had to disable the phishing protection globally on my account to work around this. I have since changed all my resolvers to Google DNS (Shudder)

cptkaos · ‎01-13-2014

Ticket opened a while ago.

ahoncian · ‎01-13-2014

Hello all,

Thank you for your patience on this matter. We have escalated the domain to our research team for further assistance. Here's a Virus Total scan for that domain: https://www.virustotal.com/en/url/4b3c00856c74d32c3cc33c22f5575553f4369d734279b226a798881ef9ab6976/analysis/1389636733/.

We have also found your ticket and will follow up with you there as well. Please let us know if you have any other questions, and we'll be more than happy to help you.

Best regards

itguy11 · ‎01-13-2014

Anthony,

VT shows all clean, its only you that is broken.

Thanks.

kpatullo1 · ‎01-13-2014

After review this site has been whitelisted, it should now be reachable.

itguy11 · ‎01-13-2014

Kristy , Many thanks.

How did this happen?

kpatullo1 · ‎01-13-2014

The URL rotblitz listed was submitted to Phishtank and verified as a phish, which caused a phishing tag to live.barcap.com. After review by our Research Team the phish was either already removed or ended up being a false positive so the tag was removed.

itguy11 · ‎01-13-2014

Why wasn't it automatically removed after peer review said it wasn't a phishing site?

kpatullo1 · ‎01-13-2014

Certain URLs on this domain are still flagged by sources as malicious according to Virus Total: https://www.virustotal.com/en/domain/live.barcap.com/information/, it was reviewed to make sure this site did not actually contain any phishing resources.

cptkaos · ‎01-13-2014

Every one of those clean-mx entries are based on the original ticket that rotblitz submitted. Some extra due-diligence prior to adding a site to the block list is definitely warranted here.