Update rules.py with scnv.io

[spirillen]

This fix is for Phishing-Database/Phishing.Database#971

Whitelisting this domain in general would be wrong. This is a better and safer approach.

curl -ILs http://scnv.io/S4z2
HTTP/1.1 308 Permanent Redirect
Connection: close
Location: https://scnv.io/S4z2
Server: Caddy
Date: Thu, 26 Dec 2024 10:41:03 GMT

HTTP/2 404 
alt-svc: h3=":443"; ma=2592000
content-language: en
content-security-policy-report-only: img-src 'self' data: https://* *.amazonaws.com; font-src 'self' data: https://fonts.gstatic.com *.bootstrapcdn.com *.amazonaws.com *.flaticon.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com qcg-media.s3.amazonaws.com qcg-media.s3.us-west-2.amazonaws.com *.diageohorizon.com *.diageoagegate.com *.googletagmanager.com *.bootstrapcdn.com *.amazonaws.com *.flaticon.com; frame-ancestors 'none'; form-action 'self'; connect-src 'self' *.google.com *.amazonaws.com *.cloudfare.com; default-src 'self' *.amazonaws.com; frame-src 'self' *.youtube.com *.amazonaws.com; style-src 'self' 'unsafe-inline' *.googleapis.com *.amazonaws.com; base-uri 'self'; media-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflare.com static.cloudflareinsights.com qcg-media.s3.us-west-2.amazonaws.com qcg-media.s3.amazonaws.com *.diageohorizon.com *.diageoagegate.com *.googletagmanager.com *.youtube.com *.bootstrapcdn.com *.amazonaws.com; report-uri https://scanova.uriports.com/reports/report/
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Thu, 26 Dec 2024 10:41:04 GMT
referrer-policy: strict-origin
referrer-policy: same-origin
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://scanova.report-uri.com/a/d/g"}],"include_subdomains":true}
server: Caddy
strict-transport-security: max-age=31536000;includeSubdomains
vary: Accept-Language
x-content-type-options: nosniff
x-frame-options: DENY
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 1650

curl -ILs https://scnv.io/QH2v
HTTP/2 404 
alt-svc: h3=":443"; ma=2592000
content-language: en
content-security-policy-report-only: form-action 'self'; style-src 'self' 'unsafe-inline' *.googleapis.com *.amazonaws.com; frame-src 'self' *.youtube.com *.amazonaws.com; frame-ancestors 'none'; base-uri 'self'; font-src 'self' data: https://fonts.gstatic.com *.bootstrapcdn.com *.amazonaws.com *.flaticon.com; connect-src 'self' *.google.com *.amazonaws.com *.cloudfare.com; img-src 'self' data: https://* *.amazonaws.com; style-src-elem 'self' 'unsafe-inline' *.googleapis.com qcg-media.s3.amazonaws.com qcg-media.s3.us-west-2.amazonaws.com *.diageohorizon.com *.diageoagegate.com *.googletagmanager.com *.bootstrapcdn.com *.amazonaws.com *.flaticon.com; media-src 'self' *.amazonaws.com; default-src 'self' *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.cloudflare.com static.cloudflareinsights.com qcg-media.s3.us-west-2.amazonaws.com qcg-media.s3.amazonaws.com *.diageohorizon.com *.diageoagegate.com *.googletagmanager.com *.youtube.com *.bootstrapcdn.com *.amazonaws.com; report-uri https://scanova.uriports.com/reports/report/
content-type: text/html; charset=utf-8
cross-origin-opener-policy: same-origin
date: Thu, 26 Dec 2024 10:41:50 GMT
referrer-policy: strict-origin
referrer-policy: same-origin
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://scanova.report-uri.com/a/d/g"}],"include_subdomains":true}
server: Caddy
strict-transport-security: max-age=31536000;includeSubdomains
vary: Accept-Language
x-content-type-options: nosniff
x-frame-options: DENY
x-frame-options: DENY
x-xss-protection: 1; mode=block
content-length: 1650

[amit-scanova]

Hi Team,
I hope this email finds you well.

We would like to bring to your attention that we have already blacklisted the user and deactivated the associated URLs. However, we are unsure why these QR Codes are still being flagged in your phishing database. Please rest assured that we take prompt and appropriate action against any suspicious QR Codes to maintain the integrity of our services.

We have deleted these urls:
http://scnv.io/S4z2: This was deleted on Feb 16, 2023
https://scnv.io/QH2v: This was deleted on April 22, 2024

Given the measures we have taken, we kindly request you to remove our domain, "scnv.io," from your phishing database. Please let us know if you require any additional information or clarification to expedite this process.

We look forward to your positive response..

[spirillen]

Given the measures we have taken, we kindly request you to remove our domain, scnv.io. from your phishing database. Please let us know if you require any additional information or clarification to expedite this process.

This is the right way to do it, and yes I have noticed and registered your actions. In any other case I would not have created this MR, to have your URI removed, when they are deactivated for what ever reason. This tool are used for a lot of other things than just the Phishing Database.

And since your type of product in general are target by bad guys, it would be wrong to whitelist your domains, and thereby, leave it a open target. 1 testing tool is good, 2 should be better, for caching evil deeds

[amit-scanova]

Hi Team,

Could you please provide an update on when we can expect our domain to be removed from your database? We understand the importance of maintaining the integrity of your systems and processes, but we would appreciate some clarity on the expected timeline or the steps involved in completing this action.

If there are any additional requirements or information needed from our end to facilitate the removal, please let us know, and we’ll be happy to assist.

Looking forward to your response.