False Positive | unillantas.com.sv #1955
Description
What are the subjects of the false-positive (domains, URLs, or IPs)?
- unillantas.com.sv
- http://unillantas.com.sv/
- https://unillantas.com.sv/
Why do you believe this is a false-positive?
I believe this is a false positive because unillantas.com.sv is our official business website and it does not host phishing content.
We reviewed the website and server and found no phishing pages, malicious scripts, or suspicious redirects. We also:
- Updated the CMS/core, themes and plugins (and removed unused components)
- Reset all admin/hosting/SFTP passwords and reviewed admin users
- Checked the homepage and common entry points for injected code and external suspicious resources
- Verified that the site returns normal content (HTTP 200) and does not redirect to third-party domains
VirusTotal report: [PASTE YOUR VIRUSTOTAL LINK HERE]
Please re-scan and remove/whitelist this domain/URL from the phishing database if confirmed clean.
How did you discover this false-positive(s)?
VirusTotal
Where did you find this false-positive if not listed above?
I discovered this false positive through a VirusTotal URL scan. VirusTotal shows detections from “Phishing Database” and “SOCRadar” for the domain/URL below.
Have you requested a review from other sources?
Not yet. I have not submitted removal/whitelisting requests to other sources at this time. VirusTotal report:
https://github.com/user-attachments/assets/adde7ea5-15bc-4b16-b484-7910b2824d82
Do you have a screenshot?
Screenshot
Additional Information or Context
additional context:
- unillantas.com.sv is our official business website (UNILLANTAS).
- The site serves normal content (HTTP 200) and we do not host login/credential collection pages intended for third parties.
- We checked for suspicious redirects, injected JavaScript/iframes, and unknown admin users; none were found.
- We updated the CMS/plugins/themes and rotated credentials (hosting/SFTP/admin) as a precaution.