False Positive | l1nq.com #766
Comments
spirillen
changed the title
|
Where do you expect this domain to redirect to?? and is it yours domain, and what is it purpose?? @g0d33p3rsec do you understand this issue, as a native speaking? |
|
Hello,
The link was supposed to redirect to https://repeatable.ai/ where Kevin Connor, the owner of the website, is a joint venture partner of mine. I was simply promoting his business. I have no idea why the tinyURL was sending traffic somewhere else. I'm not at all a techy.
Hopefully that clarifies things. Please let me know if you need more information from me.
Thank you,
Patrick
On Thursday, February 27, 2025 at 04:27:38 AM GMT+3, spirillen ***@***.***> wrote:
Where do you expect this domain to redirect to?? and is it yours domain, and what is it purpose??
@g0d33p3rsec do you understand this issue, as a native speaking?
https://l1nq.com/ftZOx
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
spirillen left a comment (Phishing-Database/phishing#766)
Where do you expect this domain to redirect to?? and is it yours domain, and what is it purpose??
@g0d33p3rsec do you understand this issue, as a native speaking?
https://l1nq.com/ftZOx
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
Have you inadvertently selected the False Positive report, when in fact, you intended to report the link as Phishing, given that the destination URL is |
Fix #866 MTX-203600 Added ad company #MTX-203600 FIXED Rel Phishing-Database/phishing#766
Fix #121070 MTX-203600 Added ad company #MTX-203600 FIXED Rel Phishing-Database/phishing#766
|
Hi again, no I'm sure this is a false positive. I copied and pasted that link (https://www.encurtador.dev/redirecionamento/ftZOx ) into my browser and it took me to a strange page which was loading some check marks (bottom of the image)
You can see that the "anti-malware" checks were turning blue...
before moving me on to this page: https://repeatable.ai/repeatable-session-page?affiliate_code=7111
I hope that clears this up.Thank you,
Patrick Bell
On Thursday, February 27, 2025 at 05:33:51 PM GMT+3, spirillen ***@***.***> wrote:
Have you inadvertently selected the False Positive report, when in fact, you intended to report the link as Phishing, given that the destination URL is https://www.encurtador.dev/redirecionamento/ftZOx rather than the expected repeatable.ai?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
spirillen left a comment (Phishing-Database/phishing#766)
Have you inadvertently selected the False Positive report, when in fact, you intended to report the link as Phishing, given that the destination URL is https://www.encurtador.dev/redirecionamento/ftZOx rather than the expected repeatable.ai?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Not really. I'm still unsure of which domains the reporting party actually has control of. From what I can gather, the first of the two link shorteners, which is the domain listed in this report, is included in our dataset. LinkedIn uses VirusTotal to scan links used on their platform and a post with the shortened link led to the reporter's account being restricted.
https://urlscan.io/result/51a42cc4-b2af-43ae-b099-f92ce391f27d/
Additionally, I see https://www.virustotal.com/gui/domain/encurtador.dev/ Checking
The same "anti-malware" tracker that can't even bother to include the right domain name in the header?
|
|
@patrikbell do you understand the concept of what a False Positive is? |
|
Hi again, I understand that a False Positive is something that looks like a threat but is actually innocent (I confess I had to look that up--I'm not that technical).
I wonder if the agency I used (advisorappointments.com) used https://www.encurtador.dev/ to shorten a link. I have no relation to them or to l1nq.com. I was only trying to promote my partner's offer (https://repeatable.ai/repeatable-session-page?affiliate_code=7111).
I've grown my connections on Linkedin over the past 15 years to nearly 6,000 connections and have never intended to put out anything malicious which would put my account at risk, or anyone else's.
Again, your help is appreciated to clear this URL for me: https://l1nq.com/ftZOx and also https://www.encurtador.dev/redirecionamento/ftZOx. I can't get my Linkedin restored without the clearing of these two.
Please let me know if you have any other questions.
Thank you,
Patrick
On Friday, February 28, 2025 at 12:18:21 PM GMT+3, spirillen ***@***.***> wrote:
@patrikbell do you understand the concept of what a False Positive is?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
spirillen left a comment (Phishing-Database/phishing#766)
@patrikbell do you understand the concept of what a False Positive is?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Alright, so if I’ve understood you correctly, you would like to request that they be added as phishing, as they link to harmful webpages, but at the same time, you want them removed from the Phishing Database so that you can have your trapped in Metasheep account released? Am I getting closer to grasping your request? |
|
Actually, no, these links don't need to be added as phishing because they aren't harmful. And yes, I'd like them removed from the Phishing database so that my Linkedin account can be released. I have no idea what "Metasheep" means.
Thank you.
Patrick
On Friday, February 28, 2025 at 11:24:19 PM GMT+3, spirillen ***@***.***> wrote:
Alright, so if I’ve understood you correctly, you would like to request that they be added as phishing, as they link to harmful webpages, but at the same time, you want them removed from the Phishing Database so that you can have your trapped in Metasheep account released? Am I getting closer to grasping your request?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
spirillen left a comment (Phishing-Database/phishing#766)
Alright, so if I’ve understood you correctly, you would like to request that they be added as phishing, as they link to harmful webpages, but at the same time, you want them removed from the Phishing Database so that you can have your trapped in Metasheep account released? Am I getting closer to grasping your request?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
|
Meta sheep:
In any case, the concept highlights the importance of being aware of privacy issues and understanding how personal data is collected, used, and shared (abused) in the digital landscape. It encourages individuals to take an active role in managing their online privacy rather than passively accepting the status quo. |
|
is it |
|
Yes please and thank you. Specifically for me it was https://l1nq.com/ftZOx
Thank you for the explanation. Oh, I've definitely been meta sheep. ;-(
Patrick On Monday, March 3, 2025 at 06:13:52 PM GMT+3, spirillen ***@***.***> wrote:
is it l1nq.com you want whitelisted?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
spirillen left a comment (Phishing-Database/phishing#766)
is it l1nq.com you want whitelisted?
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Super, This issue should be solved by @PeterDaveHello as this is a url_shortner, and for some reasons they are not included into this project?? 🤷🏻 ¯_(ツ)_/¯
|
|
Thank you so much.
On Monday, March 3, 2025 at 08:16:44 PM GMT+3, spirillen ***@***.***> wrote:
Yes please and thank you.
Super, This issue should be solved by @PeterDaveHello as this is a url_shortner, and for some reasons they are not included into this project?? 🤷🏻 ¯_(ツ)_/¯
- https://mypdns.youtrack.cloud/issue/MTXB-203616 l1nq.com)
- https://mypdns.youtrack.cloud/issue/MTXB-203617 (Head of the snake encurtador.dev)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
spirillen left a comment (Phishing-Database/phishing#766)
Yes please and thank you.
Super, This issue should be solved by @PeterDaveHello as this is a url_shortner, and for some reasons they are not included into this project?? 🤷🏻 ¯_(ツ)_/¯
- https://mypdns.youtrack.cloud/issue/MTXB-203616 l1nq.com)
- https://mypdns.youtrack.cloud/issue/MTXB-203617 (Head of the snake encurtador.dev)
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
What are the subjects of the false-positive (domains, URLs, or IPs)?
Why do you believe this is a false-positive?
Hello, I hired a LinkedIn marketing agency (
advisorappointments.com) to handle the marketing for my business. They adapted a tiny URL from a legitimate partner website and somehow it directed traffic to another site which is the justifiable reason why I got tagged and suspended. After reaching out to LI corporate, I received a message from Selina who is one of their Executive Escalations Case Managers to contact you. In the meantime, I have released Advisor Appointments from helping me. I would respectfully like to have my account reinstated and will promise to double check all links in the future.I believe this is a false-positive because it was it originally went to a legitimate web page but this link no longer goes anywhere.
Thank you,
Patrick
How did you discover this false-positive(s)?
Other (Please fill out the next box)
Where did you find this false-positive if not listed above?
I discovered this false-positive by being contacted by LinkedIn corporate.
Have you requested a review from other sources?
I have requested a review from CRDF Labs and they removed the false positive. Here is their email:
Hello,
False Positive Reference #20250226837032
You receive this confirmation after your request for a URL that is a false positive.
We are pleased to inform you that the domain name "l1nq.com" have been removed from our database.
Thank you kindly note that the spread of the new corrected database may take some time (about 4 hours).
If you need to notify us of other domain names or if the application does not correspond to your expectations, thank you to send a request to https://threatcenter.crdf.fr/false_positive.html.
In any case, thank you kindly note that we take very seriously the reports that you send us the false positive and we thank you.
If you have any questions, please consult our FAQ accessible at the following address: https://threatcenter.crdf.fr/faq.html
Satisfied with our response? Feel free to leave us a feedback on:
https://threatcenter.crdf.fr/feedback.php?ref=67bf0243c51445.89142507
Regards,
CRDF Labs,
Do you have a screenshot?
Screenshot
Additional Information or Context
Your help is so very appreciated. Thank you.
The text was updated successfully, but these errors were encountered: