run.plnkr.co detected by Microsoft SmartScreen as phishingpage

[SteBeSec]

Describe the bug Microsoft SmartScreen detects run.plnkr.co as a phishing site.

To Reproduce Steps to reproduce the behavior:

1. Open Edge Brwoser with an enabled SmartScreen Feature OR use Chrome with the Extension "Microsoft Defender Brwoser Protection"
2. Navigate to http://run.plnkr.co
3. The SmartSCreen Blockpage appears, stating that the page contains a phishing threat:

Expected behavior No detection from Microsoft SmartScreen Filter (I already reportet this site as safe, but it is much faster if the siteowner takes action)

Screenshots From Edge:

From Chrome with the Extension "Microsoft Defender Brwoser Protection"

From Defender ATP Alert:

Desktop (please complete the following information):

• OS: Windows 10
• Browser: See above
• Version 1909

[ggoodman]

Hello @SteBeSec, I'll take a look at this. It seems as if Microsoft Defender has mistakenly gone and block-listed the whole subdomain.

[SteBeSec]

Short update from my side: I opened a supportrequest at Microsoft about this issue, the support is stating that they have a problem whitelisting "run.plnkr.co" as it seems that "the page looks broken". Any progress on your side so far?

[ggoodman]

I also opened a ticket requesting review but have yet to receive a response.

Interestingly, I noticed that https: is unaffected.

On Wed., Dec. 2, 2020, 6:00 a.m. SteBeSec, notifications@github.com wrote:

Short update from my side: I opened a supportrequest at Microsoft about this issue, the support is stating that they have a problem whitelisting " run.plnkr.co" as it seems that "the page looks broken". Any progress on your side so far?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/plnkr/feedback/issues/542#issuecomment-737156948, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAMG3S4ZSNFACNCLYG3XMDSSYM47ANCNFSM4T7MQNZQ .

[SteBeSec]

Hello,

thank you for this point - I adressed this to Microsoft and hope they will see that it would be illogical to allow https, but block http.

[SteBeSec]

Microsoft replied to me that they finally whitelisted run.plnkr.co. My test was fine and the SmartSCreen detection is gone now, could you please perform a test on your side? Thanks :)

[ggoodman]

Hi @SteBeSec, it looks good to me as well!

Thank you for your diligent follow-up on this. I have yet to get a response via the official dispute channel despite being the owner of the domain 🤷‍♂️.

Cheers for all your work!!

[SteBeSec]

Thank you for the confimation, I think this issue can be closed. :)