user8233 Posted April 14, 2021 ID:1451317 Share Posted April 14, 2021 Hello, please delist the following links (the phishing threat has been removed): falix.gg www.falix.gg de10.falix.gg de12.falix.gg (other subdomains for falix.gg might also be affected, note that all subdomains are clean now) Link to post
user8233 Posted April 14, 2021 Author ID:1451320 Share Posted April 14, 2021 also affected (reputation): 157.90.180.53 157.90.214.103 Link to post
Staff gatortail Posted April 14, 2021 Staff ID:1451324 Share Posted April 14, 2021 VirusTotal and Google Safe Browsing still flag it so the block will remain until everything is resolved. Link to post
user8233 Posted April 14, 2021 Author ID:1451326 Share Posted April 14, 2021 I don't see any SafeBrowsing flags, VirusTotal consists of many engines, most of which I have already contacted, sadly there are some with support teams that just simply do not exist and are not reachable at all (Comodo Valkyrie Verdict, CyRadar) Link to post
Staff gatortail Posted April 14, 2021 Staff ID:1451329 Share Posted April 14, 2021 https://urlscan.io/result/3f1d35c5-5b21-4e2b-ae13-4ea603b00318/ Link to post
user8233 Posted April 14, 2021 Author ID:1451332 Share Posted April 14, 2021 urlscan's data on google safebrowsing seems to be wrong, i can confirm that locally using chrome with the security settings all enabled do not result in any safe browsing warnings from visiting the root of the sites (they seem to mark points of the site that literally don't exist at all as malicious, like /home, i do not understand what their problem with that is, as those parts of the site have never existed at all, i will get in contact with them about this) Link to post
user8233 Posted April 14, 2021 Author ID:1451375 Share Posted April 14, 2021 Safebrowsing warning was removed Link to post
Staff gatortail Posted April 14, 2021 Staff ID:1451400 Share Posted April 14, 2021 Still 12 VirusTotal flags: https://www.virustotal.com/gui/url/37a5208b18ef608342c2749bd04e4203c47032668b792177ea01a53871cda0ee/detection Link to post
alvarnell Posted April 16, 2021 ID:1451692 Share Posted April 16, 2021 Down to 8 at this time. Link to post
leo3487 Posted April 18, 2021 ID:1451955 Share Posted April 18, 2021 6 of then "Phishing" and 2 "Malware" (and are not at top 10 engines) Link to post
user8233 Posted April 23, 2021 Author ID:1452829 Share Posted April 23, 2021 I've decided to contact the vendors that are still detecting it on VirusTotal, this is how that's going: alphaMountain.ai: ticket received, waiting for reply CLEAN MX: email sent, no response Comodo Valkyrie Verdict: literally impossible to get in contact with them Cyradar: literally impossible to get in contact with them Forcepoint ThreatSeeker: waiting for reply Fortinet: waiting for reply G-Data: ticket received, waiting for reply Phishing Database: already delisted, but a bug causes the detection to stay there, see https://github.com/mitchellkrogza/Phishing.Database/issues/191 ESET: multiple emails sent, no response Link to post
Staff Solution TeMerc Posted April 23, 2021 Staff Solution ID:1452857 Share Posted April 23, 2021 On 4/14/2021 at 7:41 AM, user8233 said: Hello, please delist the following links (the phishing threat has been removed): falix.gg www.falix.gg de10.falix.gg de12.falix.gg (other subdomains for falix.gg might also be affected, note that all subdomains are clean now) Hello, thanks for bringing this to our attention. We've reviewed the site again and have determined it no longer warrants being blocked so we've removed it from our database. Removal should be reflected in the next database update going out in a few hours or so. 1 Link to post
gonzo Posted April 23, 2021 ID:1452916 Share Posted April 23, 2021 All of the domains listed were accessible to me using Browser Guard, but the IP addresses listed encountered reputation blocks. I added whitelist entries for those. Please allow 15-30 minutes for changes to take effect. Link to post
Recommended Posts