Jump to content

Phishing false positive for our domain name


Go to solution Solved by Zynthesist,

Recommended Posts

Hello,

 

A customer is reporting that our domain name, sportwagentouren.dmanalytics2.com and/or dmanalytics2.com is being flagged by Malwarebytes Premium 4.0.4 as a phishing domain (please see attached screenshot). We believe this to be a false positive, as we do not host or serve any malware. If Malwarebytes has detected someone abusing our domain to redirect to a malware site, we would of course want to investigate that.

 

Thanks,

Jonathan

image001.png

Link to post
Share on other sites
49 minutes ago, jhammer said:

Hello,

 

A customer is reporting that our domain name, sportwagentouren.dmanalytics2.com and/or dmanalytics2.com is being flagged by Malwarebytes Premium 4.0.4 as a phishing domain (please see attached screenshot). We believe this to be a false positive, as we do not host or serve any malware. If Malwarebytes has detected someone abusing our domain to redirect to a malware site, we would of course want to investigate that.

 

Thanks,

Jonathan

image001.png

Please send us the logs showing the specific block data and we'll evaluate from there, thanks.

Link to post
Share on other sites

Looks like this was reported:

https://dmanalytics2.com/delivery-update-email?d=MkfhcpurSZyXc3E_gS1imQ&e=gmorantes@ft.newyorklife.com&a=--VCim_gSIefU9l5OehX7Q&f=

https://www.virustotal.com/gui/url/95d3a539ec3d6300fde1f93bfd51ca8e724daeb416d3ddcf4346e9a3d3a4d34b/detection

 

Link to post
Share on other sites

Hi Andres,

Thanks for your reply and for that info. I did some research into the URL to try and figure out why it may have been reported as malicious. 

That particular URL is hosted by our servers, but the page at that URL does not contain any malicious content (or user-generated content), cannot be used for phishing, and does not redirect anywhere off-site. The URL was originally embedded in the footer of an email newsletter that was sent out from our service on 20 Jan as a link for the recipient to update their email address if desired. I can see that the form at that URL was used four times in an attempt to update the recipient’s email address, but was not successful (the new email address they entered was never verified).

Please let me know if the above information is sufficient for you to rectify the false positive. If you need additional information, I’m happy to provide it.

Thanks!

 

 That is a legitimate URL hosted by our servers, but it does not containing any malicious content, cannot be used for phishing, and is 

 

I did some research into that URL to fin. That URL points was included as an “update my email address” link in the footer of an email newsletter that was sent out from our service. 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.