Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
855
Views
0
Helpful
4
Replies

Does Cisco own PhishTank?

RussellDymond
Level 1
Level 1

‎03-04-2024 02:35 PM

Dear Cisco,

Re: https://www.eib.edu.au | PhishTank

OVERVIEW:

Have been desperately trying to get a client's (Australian Gov't Registered Training College) domain name reclassified by PhishTank for approximately 10-months, without success. Thankfully, you answered my Twitter X post, providing me with guidance.  Thank you once again.

BRIEF INCIDENT OVERVIEW:

My client's site WAS indeed compromised in March '23. But it was immediately restored from a clean backup on the day of the attack by myself.  The backup deployed, was *dated one month prior to the attack*.  Unfortunately, at that time, I was not aware that PhishTank even existed (my fault).

My client's Hosting Provider has also validated that the site is still clean.  This is also evidenced on VirusTotal (with the exclusion of PhishTank - being the only VirusTotal security vendor remaining to re-classify my client's domain).

CISCO OWNS PhishTank??

I do believe that Cisco owns PhishTank, hence why I am reaching out to you.  Hopefully you can provide me with the name and email of someone who can assist me?

I can provide a comprehensive overview of this particular situation (in private), which will clearly explain what transpired, and the action taken to correct the issue from my end.

Thank you in advance for your assistance.

Kind regards,

Russell D

Labels:
0 Helpful
4 Replies 4

Ken Stieers
VIP
VIP

‎03-04-2024 03:00 PM

Here's the note from their FAQ at
https://phishtank.org/faq.php#whydoesciscooperatep.


How do I report a "false positive," where PhishTank wrongly labels a site as a phishing site?[https://phishtank.org/images/top.gif]<>

False positives -- where a site is labeled as a phishing site incorrectly -- are very damaging. Go to the Phish detail page for the site in question, click on the link "Something wrong with this submission?" and follow instructions. These reports will be taken seriously.



I would also file a reputation dispute at Talosintelligence.com
0 Helpful

RussellDymond
Level 1
Level 1
In response to Ken Stieers

‎03-04-2024 03:12 PM

Thank. You very much for your response.

Unfortunately for me, the PhishTank have disabled the ability for me (or anyone new) to Register on the site and to report the false positive in the way you described.

Thank you for your assistance, though.

Kind regards,
Russell
0 Helpful

Pulkit Mittal
Spotlight
Spotlight

‎03-04-2024 03:01 PM

Hi Russell,

I checked the domain reputation on Cisco TALOS which is the central repository for Cisco. It comes out to be neutral. OpenDNS was acquired by Cisco and branded as Cisco Umbrella which shares database with Cisco TALOS. From my experience, Umbrella has its own threat intel too, as I have had issues where the reputation was different in TALOS database and umbrella investigate.

I suggest raising a web reputation ticket on TALOS also asking them to update this in all their databases including umbrella threat intel and investigate.

Regards,

Pulkit M.

Please mark this helpful if you are happy with the response, and accept the solution.

0 Helpful

RussellDymond
Level 1
Level 1
In response to Pulkit Mittal

‎03-04-2024 03:17 PM

Hello Pulpit,

Thank you very much for taking the time and effort to respond to my post.

Unfortunately, Talos has not responded to any of my 4 email attempts to Support, using the Web Reputation Tickets. This is why I’m reaching out to Cisco, because Talos. Seems to have no support whatsoever.

Once again, thank you for your reply.

Kind regards,
Russell
0 Helpful
Customers Also Viewed These Support Documents