Skip to content

False Positive | thedividendtracker.com #2173

Description

@brycematheson

What are the subjects of the false-positive (domains, URLs, or IPs)?

Why do you believe this is a false-positive?

thedividendtracker.com is a legitimate SaaS application (a dividend/portfolio tracker) and has never hosted phishing content.

The listed URL was an email-link-tracking endpoint provided by the third-party Laravel package "jdavidbakr/mail-tracker". That endpoint acted as an open redirect (/email/n?l=), and attackers abused it to bounce victims from our trusted domain to phishing pages they hosted elsewhere (e.g. the IPFS URL in the listed entry). The phishing content was never on our domain — only the redirect hop was.

The vulnerable package has since been fully removed. The /email/n route no longer exists and now returns HTTP 404:

$ curl -sI "https://thedividendtracker.com/email/n?l=https://example.com"
HTTP/2 404

Because the redirect is gone, the domain can no longer be used as a phishing hop. Requesting that this entry be re-scanned and moved to the inactive list.

How did you discover this false-positive(s)?

Other (Please fill out the next box)

Where did you find this false-positive if not listed above?

We are the owners/operators of thedividendtracker.com. We became aware of the listing after users reported that their ISPs and browsers were showing security warnings for our site. Investigating, we found the URL in this project's phishing-links-ACTIVE.txt feed, and in AlienVault OTX pulses tagged "phishing-database" and "threatfox". Tracing it back, we identified the removed mail-tracker open-redirect as the cause.

Have you requested a review from other sources?

Google Search Console → Security & Manual Actions → Security issues currently reports "No issues detected" for the domain (screenshot available on request), confirming Google Safe Browsing does not flag it.

We are also submitting a re-scan request to VirusTotal and a false-positive report to abuse.ch ThreatFox (which the OTX pulses mirror).

Do you have a screenshot?

Screenshot

Additional Information or Context

No response

Metadata

Metadata

Labels

bot:check-false-positiveInforms our bots that they should check for the possible false-positive.bot:check-staleInforms our bots that they should check for possible stale.bot:verify-dnsInforms our bots that they should check for the DNS verification.false-positive-reportA False-Positive report that has to be verified.

Type

No type

Fields

No fields configured for issues without a type.

Projects

Status
🆕 New

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions