Jump to content

False Positive: shibaclassic.sc/dapp.shibaclassic.sc

Go to solution Solved by thisisu,

Recommended Posts

Hello Malwarebytes (and community!), 

This is such an odd way to do reports - hopefully this encourages transparency and community engagement in maintaining a safer internet for one another!

I am a community member (first) and moderator (due to making efforts like these) of a community who is suffering from False Positive reports.

I am here to inform that the domains: 

- shibaclassic.sc
- dapp.shibaclassic.sc
- any differences (http/https, etc)

are NOT phishing, scams, malware or anything like this.

The first is a simple landing page to explain our project, a legitimate community website, the second is our dApp (decentralised application) with NFT minting front end, and useful tools useful for not just our project, but the entire blockchain (and community) we're on (I am not here to promote).

We have issues open with MetaMask on GitHub here:


We are chasing this down with numerous other vendors, too.

There was an attack that began in September, we are still learning of the events and the dates. A "competing" project has reported us a phishing website to PhishTank and we're actively finding out if anywhere else - hence my presence today.

- We do NOT claim to be any other project.

- Our information is extremely precise.
Our theme, branding, logo, and multiple direct text references all scream what network we are on, and what project we are - we are unique.

- We do NOT host any nefarious files, or actions.
Again, our branding (etc) is about all that is hosted on the landing/information page. 
The dApp has some front end frameworks and is largely the same.

- I am NOT here to advertise any project (our own, or others), I offer these proofs as our investigation into what is happening with our website.
I ask you to search Phishtank > "Felix0101" > previous submissions > page 2 = "moonswamp" = and find another community that this is happening to - I can't quantify how many there are, I am just 1 person who doesn't have the time to commit to underhanded tactics like this.

- Interaction 3: 


- Interaction 2:



- Interaction 1:



- I only began looking into this other project when they started doing blatantly manipulative actions - ones that the whole community (potentially world) would witness. This looks poorly on us all. What followed was the "jumper unravelling after the thread".

- "felix0101" is a user of nearly 3 years on PhishTank, who has been consistently, manually submitting legitimate websites as phishing (there are many websites, low hanging fruit, that are also submitted).

- This consistency leads me to assume this isn't someone who has created a new account on PhishTank (registrations have been closed for a long time) just to pretend to be Felix. 

It appears they're using many nefarious tactics to cripple projects (most unaware) and this type of activity should be really shamed upon (is it not criminal? technically libellous?)

Edited by AdvancedSetup
Corrected font issue
Link to post

Thank you for this information - we are indeed probably low traffic.
For being both reasonably new, and having (IMO) suffered from underhanded tactics that deceive appearances. 

If I can help with any other screenshots or information, I will.

Additional info:

Twitter was used as the form of communication with this entity, because:

0) we have nothing to hide - it's all there, and we're now wasting our time chasing this stuff up.
1) private discussions are mostly antithetical to our space
2) it makes no point to ask someone in private, to stop doing what they're doing in public (or to the public)
3) full disclosure to our wider ecosystem is the best way to confirm/deny this type of stuff - much like this forum.

In searching their submission history today, I notice many projects that seem valid, from my quick perusal. 

1) This project is indeed unique and not pretending to be any other - it may be a clone (maybe), but it isn't a phish, it too proudly declares itself (who, what, when, where and why - critical story telling procedure).
2) the rest of their submissions seem really low effort, like they're looking for fake websites - maybe to pad their stats? Who knows. Again, I don't like assuming peoples behaviour - consistency is key and it tells the story.

I have zero to do with the below project, outside of being submitted to PhishTank by "Felix0101".


Link to post

I understand this is solved with Malwarebytes, and that's really appreciated (so fast!)
This has been a huge thorn in our sides, we didn't even know existed immediately.

Do you guys have any ideas on best steps, moving forward?

We're still chasing this up, specifically with MetaMask phishing filter.


Is this likely to propagate across other databases (like VirusTotal, or other vendors)?

Is there any sort of organisation that's dealing with this, as a whole?
Or is it another situation where it's islands of space between, some have fences around their shores, some are open, etc

Again, thank you for your help today - you've really lifted my spirits, and the projects as a whole - our energy isn't being *wasted* anymore.

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.