False Positive | forms.zohopublic.com

[dhivya-mk-8451]

What are the subjects of the false-positive (domains, URLs, or IPs)?

forms.zohopublic.com

Why do you believe this is a false-positive?

We are contacting you from Zoho Corporation.

One of our Domain "http://forms.zohopublic.com/" is listed in your black list. We request to check and remove our domain URL from your list.

How did you discover this false-positive(s)?

Other (Please fill out the next box)

Where did you find this false-positive if not listed above?

This is our service domain url, Used by millions of zoho users.

Have you requested a review from other sources?

Reviewed by google.

Do you have a screenshot?

Additional Information or Context

We are contacting you from Zoho Corporation.

One of our Domain "http://forms.zohopublic.com/" is listed in your black list. We request to check and remove our domain URL from your list.

Also, let us know the reason for how it got blacklisted, so that we can also check and avoid getting listed in the future.
We already added TXT record in dns our end.

Record Name: _phishingdb
Record Value: antiphish-be75f09fb99608d78aa8eda902b08bc6ad86630f

Your Verification ID: antiphish-be75f09fb99608d78aa8eda902b08bc6ad86630f

#999

Regards
Dhivyabharathi
Zoho Corporation

[phishing-database-bot]

Verification Required

@dhivya-mk-8451, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-9a96feb395e4b94ab2a94b45110c6baa622b7cde

   Your Verification ID: antiphish-9a96feb395e4b94ab2a94b45110c6baa622b7cde

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at contact@phish.co.za - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[dhivya-mk-8451]

Hello Team,
We have updated the TXT record on our end. Please check and remove the domain from your blacklist.

[g0d33p3rsec]

duplicate of #999 (which is still mislabeled). Sibling of #949.

 wget -qO- "https://phish.co.za/latest/ALL-phishing-links.lst" | grep -i  'forms\.zohopublic\.com'
http://forms.zohopublic.com/requestedspecifications/form/details/formperma/qS1ycl9jJ7v25dnaYuAQHTjbSEHizPRfjIUnyS54X1M
http://forms.zohopublic.com/webindex1/form/WebManagementOffice/formperma/7zd-ijNs8C7zeO2sUjHPfDBR-tQxkPSUBYa0Mk0FFvE
https://forms.zohopublic.com/administrativeassistanturgentl3/form/AdministrativeAssistantUrgentlyNeeded/formperma/jU_Shc42hVaytnOQTh4ZoDOEEsOM5-8UKQQswd1kz_Q
https://forms.zohopublic.com/arlenemartinez1986/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/YpqOpi09EjHz2SniJt_NirfsDyorMkavHsrgr_-N340
https://forms.zohopublic.com/asgot/form/CyberDriveIllinois/formperma/WyJFXAX0X5SYZIx3CWtXPU3ZB3udnZRN8-kWiJtDfRQ
https://forms.zohopublic.com/bloodsuck/form/VerifyYourID/formperma/EQdCd2StM97POC9QI5i4HxRuY2sgQLugXg7FQAYw4FU
https://forms.zohopublic.com/bradfordinc/form/GOVERNMENTPANDEMICSTIMULUSBONUSUNDERPRESIDENTJOEBI/formperma/j-81BhM_TlAY-4ovheYA6kumvJHZF1TZd7ZsxmdGwh4
https://forms.zohopublic.com/cook/form/Untitled/formperma/EeRM6BL1QFEDY92nFZGkUOgkOyCiXcg6rZWEcwizw_w
https://forms.zohopublic.com/covidpandemicreliefextrabonus/form/COVIDPANDEMICRELIEFEXTRABONUS/formperma/JpArETzHEJ5mlMO2OsQD9yP0oD_T5kpOdwc9u6JxhHs
https://forms.zohopublic.com/dddino/form/ATTUPGRADING/formperma/czWEMLFhVIOSidp-wl_E_TyxOJlmXEhJYgGUEGZ40Rc
https://forms.zohopublic.com/directrelief1/form/DIRECTRELIEFINTERNATIONAL/formperma/VZRyTwPYIk8Q9XUT2AoJnVMHx4_uJsGhPZd0hRGPiEw
https://forms.zohopublic.com/governmentpandemicbonusprogram/form/GOVERNMENPANDEMICBONUSRELIEFPROGRAM/formperma/W7ebpRP2FbIwOWlBA5ryPQfzoAjw5CC0qq_eaetq1ok
https://forms.zohopublic.com/governmentpandemicextrastimulu32/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/ncTc0etgaf0Ak9HEZhdnIMdhSPUbz7V8k6DvQcjm79k
https://forms.zohopublic.com/governmentpandemicextrastimulu42/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/iJr5mBSxLVOhLhrN_ngMrfzGW_oKceVF5qe9gDSeEXU
https://forms.zohopublic.com/governmentpandemicextrastimulu51/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUSPROGRAM/formperma/xRNLuPyu2hfo_jL76g18QWKtPZVj8-YuzZNE8Igl0N0
https://forms.zohopublic.com/governmentpandemicextrastimulu57/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/3s2rRZGo1WoHB_cjq6_ma4QMlxe5NSuQPt_8rbTPDHw
https://forms.zohopublic.com/governmentpandemicextrastimulu59/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/tl56oZJ-VtOkmnsBCUy5cq5Gr3CeS8FVOu_XfV1CpLY
https://forms.zohopublic.com/governmentpandemicextrastimulu5/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/39zYBRZPbaY4j7OZAtLnrmoE48ZlwYFi68qLwofNpLA
https://forms.zohopublic.com/governmentpandemicextrastimulu66/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/q1zUDBAQ6qqjUhrX8TqCVJTjT6z53oR49D9-2uKwQB4
https://forms.zohopublic.com/governmentpandemic/form/GOVERNMENTPANDEMICSTIMULUSBONUSUNDERPRESIDENTJOEBI/formperma/xdGfqXqtrs
https://forms.zohopublic.com/governmentpandemicjoebiddenpro2/form/GOVERNMENTPANDEMICJOEBIDDENPROGRAM/formperma/PLWvlUzctXm9vtNBA2ipAC1SHmmtjnc3ybnwTiDgg58
https://forms.zohopublic.com/ham12we/form/YAHOOUPGRADING/formperma/6PiagRNggGJjIeF2KNdixq760kWWGgQwVrM3IGMPPhc
https://forms.zohopublic.com/hjjmj/form/VERIFYYOURID/formperma/2uuqw9OlcBacVqtubUrDHfvlRrBVmoILtfRhjLS5G7Q
https://forms.zohopublic.com/krogersecretsurveyprogram/form/GOVERNMENTPANDEMICSTIMULUSBONUSUNDERPRESIDENTJOEBI/formperma/XHrUq6R2s4wet4UU0vV8e34hhI4-rKPWq-Lv_9D1WCE
https://forms.zohopublic.com/pandemicstimulus1/form/PANDEMICSTIMULUSBONUSEXTRA/formperma/l0Arf-ApaNVmrEJTu3gBbeWMZ2KWIGXNTwJcujFQ_sM
https://forms.zohopublic.com/pandemicstimulusbonus/form/PANDEMICSTIMULUSBONUSEXTRA/formperma/8-feUYBOQ8d3MVnb_szCtrohDIo9v-a4FsyeqETBHIw
https://forms.zohopublic.com/pjawski/form/GovernmentPandemicStimulus/formperma/ov3QLmiCNK1utbVSw-cwMs31orw0InTObCL9t4oqPU0?_branch_match_id=898647604381719822&utm_medium=marketing
https://forms.zohopublic.com/psb5/form/GOVERNMENTPANDEMICSTIMULUSBONUSUNDERPRESIDENTJOEBI/formperma/R6q63xzhtteKYk7PSHIS2rr_EezIHEpcKEy1y8zkJL4
https://forms.zohopublic.com/romarov2804/form/GOVERNMENTPANDEMICEXTRASTIMULUSBONUS/formperma/VKiNeidLOClGexkDT2A9MCVZnv_BUUvne0QVeu5Hvxs
https://forms.zohopublic.com/stimulusbonus1/form/COVID19STIMULUSBONUSEXTRA/formperma/a3KKVjtfH9mSiwXr_uohBs7UXGmlRO0TYY_8VyeUoFY
https://forms.zohopublic.com/stimulusbonus3/form/PANDEMICBONUSEXTRA/formperma/BljhdPBtWx61bK7IAi3rT6axRisq2lQ9xR_N-QGoofY
https://forms.zohopublic.com/worldbest1/form/Untitled/formperma/abPHzQ0yuUPe27wbI4pkdVxeVmJj7tX9EcWMW-_XaFc

a quick glance at recent scan history for the reported domain shows plenty of malicious content. For example:
https://forms.zohopublic.com/bakerdanvill1/form/NEWSCANDOCUMENT7/formperma/v_-Np92wY-H_NQx2EUIPW0QJ1bqKactUH6VIUVX-7Yg redirects to an Office365 lure hosted at db.andicketrian.ru
https://urlscan.io/result/ce28690c-c68d-477f-a1eb-707356adfa14/
https://app.any.run/tasks/4d9834e2-42bc-436d-bc42-1c23f695ffb8

[spirillen]

As mentioned by @g0d33p3rsec

Duplicate of #999 = closing