False Positive | hyperfollow.com

[reillybr]

What are the subjects of the false-positive (domains, URLs, or IPs)?

• hyperfollow.com

Why do you believe this is a false-positive?

I'm reaching out from DistroKid - an online music distribution service provider for independent artists and labels. One of our services is Hyperfollow (https://hyperfollow.com/), which is a personal link aggregator / landing page creator.

We actively monitor and respond to all abuse complaints for user-generated content, and have processes in place to detect/prevent malicious content. We're requesting that you remove hyperfollow.com from your blocklist. Additionally, the footer on Hyperfollow pages indicate that they are user-created content.

Please let me know if we can provide any additional information.

Thank you,

DistroKid Security
[email protected]

How did you discover this false-positive(s)?

VirusTotal

Where did you find this false-positive if not listed above?

VirusTotal, listed avove.

Have you requested a review from other sources?

I have requested a review from...

Do you have a screenshot?

Screenshot

Additional Information or Context

I have also noticed that...

[spirillen]

I can see phishingArmy, @AdguardTeam and @hagezi are marking you as well

Search results

Lookup provided by My Privacy DNS

Hosts-Sources

External Hosts-Sources can be found here

phishingArmy.csv:hyperfollow.com
phishing_army_blocklist_extended.csv:hyperfollow.com
phishing_database/ALL-phishing-links.csv:hyperfollow.com
phishing_database/phishing.database/domain.csv:hyperfollow.com

Sorted result

EasyList

Matrix blacklist project

Did not find any matching RPZ records

Known Issues

• There are no known issue for hyperfollow.com at https://kb.mypdns.org/issues/MTX?u=1
• There are no known issue for hyperfollow.com at https://mypdns.youtrack.cloud/issues/MTX?u=1
• We did not find any existing issues for the domain in Matrix
• We did not find any existing phishing issues for the domain in PD
• hyperfollow.com AdguardTeam/AdguardFilters#184020
• hyperfollow.com hagezi/dns-blocklists#2200

DNS lookup

hyperfollow.com.        43200   IN      NS      anuj.ns.cloudflare.com.
hyperfollow.com.        43200   IN      NS      evelyn.ns.cloudflare.com.

My good, this is spyware... Evert heart about PRIVACY MATTERS for human freedom and democracy?
Not finding any Phis here. @g0d33p3rsec What do you think, do you have access to other informations?

wget -qO- 'https://phish.co.za/latest/ALL-phishing-links.lst' | grep -iE 'hyperfollow\.com'
https://hyperfollow.com/mailsrvice

Details

curl -IL https://hyperfollow.com/mailsrvice
HTTP/2 302 
date: Mon, 06 Jan 2025 16:29:07 GMT
content-type: text/html;charset=UTF-8
set-cookie: AWSALBTG=Y8K/b1Wz2rlVhF9K5JGPQoC+Wbzf94l/grdjrJOLkaKaxNG12SOOW6UYCFqv7qMyZm0hPtRQKBETeUk7z14tNqjfbTGzD97CuvEvrHzOTgx51EhP6u3JbFymxAVvy4Kofp+m7JCrl6owG1uJl0wo/y3ARRFFGdYlZ9S+LMx/p/pUFThAFpY=; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/
set-cookie: AWSALBTGCORS=Y8K/b1Wz2rlVhF9K5JGPQoC+Wbzf94l/grdjrJOLkaKaxNG12SOOW6UYCFqv7qMyZm0hPtRQKBETeUk7z14tNqjfbTGzD97CuvEvrHzOTgx51EhP6u3JbFymxAVvy4Kofp+m7JCrl6owG1uJl0wo/y3ARRFFGdYlZ9S+LMx/p/pUFThAFpY=; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/; SameSite=None; Secure
set-cookie: AWSALB=4r9sZ+LcGiblZsaex1uw8Tetm6vz3R0eeWgpixjotYkInBIqZrlulhkeIl+aqtLxMxf3hY98Z4Ol3iz0diRCc+8cgMcLDBSkbpjPr0V1rQnwtShSv7Mp2tgDUI0P; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/
set-cookie: AWSALBCORS=4r9sZ+LcGiblZsaex1uw8Tetm6vz3R0eeWgpixjotYkInBIqZrlulhkeIl+aqtLxMxf3hY98Z4Ol3iz0diRCc+8cgMcLDBSkbpjPr0V1rQnwtShSv7Mp2tgDUI0P; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/; SameSite=None; Secure
set-cookie: cfid=bfe33ca3-e624-414c-96b7-72cbfa3b5c16;Path=/;Expires=Tue, 06-Jan-2026 16:29:07 UTC;HttpOnly
set-cookie: cftoken=0;Path=/;Expires=Tue, 06-Jan-2026 16:29:07 UTC;HttpOnly
x-frame-options: SAMEORIGIN
location: /
x-request-id: c0429dde29ee216770797293600140a5
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8fdd15c8ca6c1bcf-FRA

HTTP/2 200 
date: Mon, 06 Jan 2025 16:29:07 GMT
content-type: text/html;charset=UTF-8
set-cookie: AWSALBTG=tbxCekkY5ltHctr0IRKQAPSj8qapjJsN33hryGS9AF9FQnf5jrAjW8phUip61ZukkfW9gP2FWYt49UMbpMYVqe809brRsBIpoe4Ob8DnnH9+8uRVpPIno+8SkoTu4PHC41eMNlaqI2/WrD1Mbnln7VLlpX111So+LGzy7UT+FRxiSFKt6lI=; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/
set-cookie: AWSALBTGCORS=tbxCekkY5ltHctr0IRKQAPSj8qapjJsN33hryGS9AF9FQnf5jrAjW8phUip61ZukkfW9gP2FWYt49UMbpMYVqe809brRsBIpoe4Ob8DnnH9+8uRVpPIno+8SkoTu4PHC41eMNlaqI2/WrD1Mbnln7VLlpX111So+LGzy7UT+FRxiSFKt6lI=; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/; SameSite=None; Secure
set-cookie: AWSALB=HNkztGDlxfqyr5amlVuY7vfQ6vHzCQoRCx005xQmwBZ3IGUstFU9rTibD9VpFE1aCK54u8Dp3qaXcDMYcbFCa7uGSo8/qbDTFvlvwdxOkO+f/psaq5MxXAYbvKHF; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/
set-cookie: AWSALBCORS=HNkztGDlxfqyr5amlVuY7vfQ6vHzCQoRCx005xQmwBZ3IGUstFU9rTibD9VpFE1aCK54u8Dp3qaXcDMYcbFCa7uGSo8/qbDTFvlvwdxOkO+f/psaq5MxXAYbvKHF; Expires=Mon, 13 Jan 2025 16:29:07 GMT; Path=/; SameSite=None; Secure
set-cookie: cfid=5524c3ee-6c7c-4483-ae22-2e5f81382758;Path=/;Expires=Tue, 06-Jan-2026 16:29:07 UTC;HttpOnly
set-cookie: cftoken=0;Path=/;Expires=Tue, 06-Jan-2026 16:29:07 UTC;HttpOnly
set-cookie: LD_REP_ID=8BE7B0EC-8AC9-4284-875E715581F8D381;Path=/;Expires=Tue, 07-Jan-2025 16:29:07 UTC
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-request-id: c9d65de3a2b1159220f97e0762ea49ae
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8fdd15cb7d421bcf-FRA

[g0d33p3rsec]

https://hyperfollow.com/TFH -> https://sanolaguna.com/n/?c3Y9bzM2NV8xX29uZSZyYW5kPVNtSkxRMlE9JnVpZD1VU0VSMTkwODIwMjRVNTcwODE5MjY=N0123N
https://urlscan.io/result/7a068cd4-d9e4-4727-a6b5-36a941358c5e/

https://urlscan.io/result/2829b8ce-42c4-4fe0-acdc-e3a0dda5f85c/

[reillybr]

Thanks @g0d33p3rsec . https://hyperfollow.com/TFH has been addressed.

[spirillen]

https://hyperfollow.com/TFH

Can confirm this have been solved. whitelisting you for now.