www.trinity.art

[doschott]

When I visit my new website https://www.Trinity.art , the browser page "Ethereum Phishing Detection" comes up.

This is a new website that has no known issues and is simply a Global Christian Art Marketplace. Why is this site included in a phishing list? How can this be corrected? I accept crypto so I don't want all of the browsers with metamask to get this message when visiting www.trinity.art

Thank You,
Daniel Schott

[trn1ty]

We're in the same boat. You can check why your site is blocked here and both trinity.moe (my domain) and trinity.art (yours) are blocked for "similarity to dfinity.org, a historical phishing target". I think it's that all three sites match the regex ..inity\.* or something.

[trn1ty]

Checking this out (as you can probably see from all my comments on related issues). Looks like dfinity.org was added to a list of domains for which to fuzzy-match to detect phishing in commit 045b1c5f569d6f5b35cb898d221e7f4618980830 from 2018.

This fuzzy matching works by stripping 'www.' from the domain being visited, removing the top-level domain, and calculating the Levenshtein distance between it and any of the domains on the "fuzzylist". The default tolerance is a Levenshtein distance of 3, so when sites are under the threshold PhishingDetector.check will return { type: 'fuzzy', result: true, match }.

The issue with dfinity.org being added to the fuzzylist is that a number of words have a Levenshtein distance equal to or less than 3 from dfinity. Just check a Scrabble word finder for any words that end in inity and then look at the words at or under 8 characters. Not to mention words that don't yet exist that use the suffix -inity.

Some issues that currently deal with this specific problem, besides the ones in which I commented a link to this issue, are:

• Affinity.id marketing website incorrectly flagged as Phishing site #3076
• unblock dfinity.fun  #3739
• Wrong detection: infinity.inc #3742
• infinity.yt - Website Incorrectly Being Blocked #3898
• Please remove "definite.finance" from blacklist #4177
• Allow definity.finance #4228
• https://dfinity.cool is incorrectly on the eth-phishing list #4570
• My domain is currently blocked and marked as Phishing when Metamask is running... #4601
• domain: infinity.fish flagged #4641
• DFINITY.ID IS NOT SCAM #4772
• Finite.io incorrectly on domain warning list #4868
• nftinity.art #4992
• False positive domain warning list #5000
• divinity.dev #5009
• Whitelist exfinity.io #5032
• Whitelist infinity.co #5033
• nfinita.com is not a phishing site related to dfinity. #allowlist request #fuzzylist #5076
• Australian product comparison website finty.com is incorrectly flagged and blocked. #5198
• .fish domains #5215
• Not phishing site #5255

But I'm sure there are many more.

[gravelcycles]

commenting here in case it will speed up your process: we are processing PRs faster than we are processing Issues. If you'd like to streamline getting your domains on the allowlist, a PR will go a long ways :)

cc @devenblake

[trn1ty]

I'll submit a PR sometime soon, when I have time. However further action should be taken as there are so many false positives for dfinity.

[trn1ty]

Continued in #6720.