False Positive | vlolabs.com

[vlohayk]

What are the subjects of the false-positive (domains, URLs, or IPs)?

• vlolabs.com
• www.vlolabs.com
• https://vlolabs.com
• https://www.vlolabs.com

Why do you believe this is a false-positive?

I believe this is a false-positive because I't my website. it has been hacked 2-3 years ago and they used my mailgun token to send mass emails. But I have cleaned up since, 2 days ago I actually rebuild a new website and put on AWS Amplify as a static website. can we please reevaluate it? it affects my business

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

I discovered this false-positive by not being able to visit my website on mobile when being on spectrum internet

Have you requested a review from other sources?

I have requested to fix the rating from alphaMountain.ai, Fortinet, CyRadar, Sophos.
Sophos is the only one taking actions, I'm waiting for others to respond, thank you

Do you have a screenshot?

No response

Additional Information or Context

I have also noticed that...

[phishing-database-bot]

Verification Required

@vlohayk, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-04dd25de1b0659f42356d914f8e283e54f26da1c

   Your Verification ID: antiphish-04dd25de1b0659f42356d914f8e283e54f26da1c

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[vlohayk]

@phishing-database-bot done

[vlohayk]

AlphaMountain reclassified us too

[vlohayk]

I'm going to followup with the other ones to make sure to resolve on their side as well

[spirillen]

ptcheck vlolabs.com antiphish-04dd25de1b0659f42356d914f8e283e54f26da1c
The test value matches the DNS TXT record.

Thanks for using my tools.
Please consider a sponsor ship at https://www.mypdns.org/donate

[spirillen]

Search results

Lookup provided by My Privacy DNS

Hosts-Sources

External Hosts-Sources can be found here

phishing_database/ALL-phishing-links.csv:www.vlolabs.com
phishing_database/phishing.database/domain.csv:vlolabs.com

Sorted result

www.vlolabs.com

EasyList

Matrix blacklist project

Matrix blacklist project, Filtered

Response Policy Zone - RPZ

Did not find any matching RPZ records

Known Issues

• There are no known issue for vlolabs.com in [My Privacy DNS]
• There are no known issue for vlolabs.com in [My Privacy DNS (Issue Backup)]
• There are no known issue for vlolabs.com in [Matrix:GitHub]
• There are no known issue for vlolabs.com in [phishing (Database)]
• False Positive | vlolabs.com #1065
• False Positive | vlolabs.com #1065

DNS lookup

ns-1447.awsdns-52.org.
ns-1831.awsdns-36.co.uk.
ns-355.awsdns-44.com.
ns-582.awsdns-08.net.

HTTP header

HTTP response, click to expand

HTTP/2 302 
location: https://www.vlolabs.com/
date: Sun, 02 Feb 2025 17:21:27 GMT
x-cache: Miss from cloudfront
via: 1.1 c1e31c801257ebc563cbb890e887cb1e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 7ntEJb_v0J80yggQ8Shra0qEx8hG0ir3vlRSSyqedRoJVI4F0R1vZw==

HTTP/2 200 
content-type: text/html; charset=utf-8
date: Sun, 02 Feb 2025 17:21:28 GMT
content-security-policy: default-src 'none'; style-src 'self' https://trusted-cdn.com; img-src 'self' https://trusted-cdn.com; script-src 'self' https://trusted-cdn.com; object-src 'none'; frame-ancestors 'self';
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-permitted-cross-domain-policies: none
referrer-policy: strict-origin-when-cross-origin
permissions-policy: geolocation=(), microphone=(), camera=()
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
expect-ct: max-age=86400, enforce
clear-site-data: "cookies", "storage", "cache", "executionContexts"
cache-control: no-store, no-cache, must-revalidate, max-age=0
x-powered-by: Next.js
etag: "5x92191cmh3bp"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 671c13f54b1ad36c801a07e5c548b1c8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P5
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: 2UsrbBji7tn899iQ3YQXBepUAs-vKZ-Ihj71DGIghxjrrjl3shAy9A==

[spirillen]

Confirmed and added in 239e99dce5b6f55e15358d0eaf6b5283db8f79f1

• The change should be visible to https://github.com/Phishing-Database/ within a few hours
• It can take a few days before you see any changes on VirusTotal