False Positive | su.vc #976
Comments
|
The link that was in our db
When reviewing the domain history, I came across another phishing lure that has since been removed.
When looking at that result, my primary concern is a lack of a reporting mechanism on the generated form. If I look at other forms on your service, I can see that you can add your corporate watermark so a link to report abuse shouldn't be an unreasonable ask.
|
|
I agree the link (Record) in the database, no longer are active. But whitelisting the domain as such, raises the same question as regarding any url_shortners like funilrys/PyFunceble#412 (comment), #971 and #970 @wardhache Are you open for the possibility to return HTTP code 410 on removed links?, or any other HTTP code uniq for disabled URI's, then I'm open for adding a MR to add a special rule to PyFunceble for your domain. Touches funilrys/PyFunceble#409 |
|
Solved in Phishing-Database/phishing@62307bc |
github-project-automation
bot
moved this from 🆕 New
to ✅ Done
in Phishing Database Backlog
|
@spirillen Thanks for going forward with this. We will look into the possibility to return HTTP Code 410 on removed links. |
|
Sounds eminent, Looking forward to receive news on the implementation. If you need more private chat channel, you are welcome to use https://www.mypdns.org/contact @g0d33p3rsec have access to the system as well |
What are the subjects of the false-positive (domains, URLs, or IPs)?
Why do you believe this is a false-positive?
As the Lead Developer of Pointerpro, I want to address the blacklisting of our short domain, su.vc, in the Phishing-Database. This domain is integral to our platform, which provides secure and professional services for creating and distributing online assessments and surveys.
Pointerpro is a reputable company serving numerous clients worldwide. The su.vc domain is used exclusively for these clients to generate a short link to their assessment. It has a valid HTTPS connection, ensuring security and trustworthiness. It also immediately redirects to s.pointerpro.com. We also offer white-labeling to ensure our clients' branding is reflected through their surveys and emails. As part of this service, emails sent from the platform may use the su.vc domain.
I believe this blacklisting is a false positive, likely stemming from the nature of survey distribution, which is occasionally misinterpreted as phishing activity. However, I can assure you that su.vc is not involved in any malicious or deceptive practices. Its sole purpose is to facilitate the sharing of legitimate surveys for our platform users.
We take security and compliance very seriously and are confident in the integrity of our domain and its use. I kindly request that you review this case and remove su.vc from the blacklist.
How did you discover this false-positive(s)?
VirusTotal
Where did you find this false-positive if not listed above?
We have an automated cronjob using the API of virustotal.com
Have you requested a review from other sources?
No response
Do you have a screenshot?
No response
Additional Information or Context
No response
The text was updated successfully, but these errors were encountered: