VirusTotal is saying our domain keyauth.win is flagged for:
ET INFO Fake Game Cheat Related Domain in DNS Lookup (keyauth .win)
Our website is a legitimate software licensing API. We’re open-source and you can our projects here KeyAuth repositories · GitHub
We have over 126,000 clients and we frequently disable user accounts if malware is found https://keyauth.win/
Please remove this false positive, it negatively impacts reach ability of our API and most likely increases virus scores.
- Software Engineer, KeyAuth LLC
Hey @wnelson -
Thanks for reaching out and providing us with the additional information! I’ll get the verbiage of the rule updated today and add a reference to the explanation you’ve provided here. I think there is value in keeping the signature active so that users who observe this domain will see the details that you’ve shared and continue to have visibility into their network.
Since the rule is in the INFO category it should be used to provide context to traffic as opposed to determining maliciousness.
Here are the sid details that will updated in today’s release.
KeyAuth Open-source Authentication System Domain in DNS Lookup (keyauth .win) - 2050231
KeyAuth Open-source Authentication System Domain (keyauth .win) in TLS SNI - 2050233
Thanks!
Isaac