Could you please elaborate on your question? We do have some users submitting us samples here for analysis of the URL.
We get the URL's from our customer's reports in the SAS portal and also through other third party feeds like malware blogs. We have our automation and also our analysts who categorizes the URL's if they are malicious.
If you are facing any false positive URL's, please report it to our SAS website here.