False Positive | alexalo.com

[adriacobo]

What are the subjects of the false-positive (domains, URLs, or IPs)?

• alexalo.com

Why do you believe this is a false-positive?

I believe this is a false-positive because website is fine. Is only a catalog from one of my clients.
I think they send a massive email and some users marked as phising.

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

Have you requested a review from other sources?

Do you have a screenshot?

Additional Information or Context

[phishing-database-bot]

Verification Required

@adriacobo, thank you for submitting a false positive report! To help us verify your ownership of the affected domain(s), please complete the following steps:

1. Set a DNS TXT record for the domain(s) listed in this issue with the following details:

   • Record Name: _phishingdb
   • Record Value: antiphish-545a517cbd656119ccabf73fb3ac8d824882a180

   Your Verification ID: antiphish-545a517cbd656119ccabf73fb3ac8d824882a180

2. Wait for DNS propagation (this may take a few minutes to a few hours).

3. Reply to this issue once the TXT record has been set.

Important Notes

• Verification does not guarantee whitelisting. The Phishing.Database team will review your report after verifying ownership, but the decision to whitelist depends on further investigation and analysis.
• If the record cannot be set or you need alternative methods of verification, please contact us at [email protected] - preferably from the domain's official email address.

How to Check the TXT Record ?

You can verify that the TXT record is properly set using:

• Online tools like MXToolBox TXT Lookup.
• The command line:

  dig TXT _phishingdb.example.com
  

Thank you for your cooperation! We will address your issue as soon as possible after verification.

The Phishing.Database Project Team.

[adriacobo]

Hi! The TXT record is set.
Thanks!

[spirillen]

ptcheck alexalo.com antiphish-545a517cbd656119ccabf73fb3ac8d824882a180
The test value matches the DNS TXT record.

Thanks for using my tools.
Please consider a sponsor ship at https://www.mypdns.org/donate

Right then, lets move on to the investigation phase

[spirillen]

Search results

Lookup provided by My Privacy DNS

Hosts-Sources

External Hosts-Sources can be found here

phishing_database/ALL-phishing-links.csv:alexalo.com
phishing_database/phishing.database/domain.csv:alexalo.com

Sorted result

EasyList

Matrix blacklist project

Matrix blacklist project, Filtered

Response Policy Zone - RPZ

Did not find any matching RPZ records

Known Issues

• There are no known issue for alexalo.com in [My Privacy DNS]
• There are no known issue for alexalo.com in [My Privacy DNS (Issue Backup)]
• There are no known issue for alexalo.com in [Matrix:GitHub]
• There are no known issue for alexalo.com in [phishing (Database)]
• False Positive | alexalo.com #1090
• False Positive | alexalo.com #1090

DNS lookup

ns50111.webempresa.eu.
ns50112.webempresa.eu.

HTTP header

HTTP response, click to expand

[spirillen]

You have a problem here http://alexalo.com/snd/cgn-in/login.php

$ curlx -IL http://alexalo.com/snd/cgn-in/login.php
HTTP/1.1 403 O

When I can't review it, access the domain, we can't help, that's why we only provide support to public domains

[adriacobo]

I don't know how are you getting this:

curl -IL http://alexalo.com/snd/cgn-in/login.php
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 03 Feb 2025 17:08:15 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Redirect-By: Solid Security
Location: https://alexalo.com/snd/cgn-in/login.php
Cache-Control: max-age=0
Expires: Mon, 03 Feb 2025 14:31:25 GMT
X-Always-Cache: False
Age: 9409
X-Cache: cached
X-Microcache: True
Server-Timing: BYPASS , rt;dur=0.000;desc=Process-Time

HTTP/2 404
server: nginx
date: Mon, 03 Feb 2025 17:08:21 GMT
content-type: text/html; charset=UTF-8
content-length: 271627
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: https://alexalo.com/wp-json/; rel="https://api.w.org/"
x-always-cache: False
vary: Accept-Encoding
age: 9414
x-cache: cached

This is redirected from the http:// to a https:// and then returns a 404.

However, having a 403 that's forbidden is not a symptom that marks us as phishing.

Can you please guide me on what we should do to get off the list?

Thanks!

[spirillen]

However, having a 403 that's forbidden is not a symptom that marks us as phishing.

No it does not, and not something I ever claimed,

A 403 is the response to, this request is denied access, and it do not mean the url is accessible with some well formed url,

In this case I suspect, this is related to blocking the online safe Tor network.

And as already said:

When I can't review it, access the domain, we can't help, that's why we only provide support to public domains

Using Tor

curlx -IL http://alexalo.com/snd/cgn-in/login.php
HTTP/1.1 403 OK
Content-type: text/html

Without tor

curl -IL http://alexalo.com/snd/cgn-in/login.php
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 03 Feb 2025 20:47:54 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Redirect-By: Solid Security
Location: https://alexalo.com/snd/cgn-in/login.php
Cache-Control: max-age=0
Expires: Mon, 03 Feb 2025 14:31:25 GMT
X-Always-Cache: False
Age: 22588
X-Cache: cached
X-Microcache: True
Server-Timing: BYPASS , rt;dur=0.000;desc=Process-Time

HTTP/2 404 
server: nginx
date: Mon, 03 Feb 2025 20:48:00 GMT
content-type: text/html; charset=UTF-8
content-length: 271627
vary: Accept-Encoding
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
link: <https://alexalo.com/wp-json/>; rel="https://api.w.org/"
x-always-cache: False
vary: Accept-Encoding
age: 22593
x-cache: cached

We do clearly not share the view and understanding of human right, freedom and democracy.

Despite out HUGE differences eaaaa40304976266c68e24a812900a8412851183