Tumgik.com

Hi. Found this phishing link tumgik.com. The vpn did not catch this link but one of my phone security service blocked the connection.

Detailed description:




Product & version number: Norton 360 version 5.96.0.24.0909137

OS details: Android

2/96 security vendors flagged this URL as malicious
https://tumgik.com/
Last Analysis Date a moment ago

VirusTotal report [here]

=============================================

tumgik.com
URL Analysed: https://tumgik.com/
Norton Rating  Warning
CURRENT CATEGORY  Malicious Sources/Malnets

https://safeweb.norton.com/report?url=https://tumgik.com/

===============================================

Malware Found
https://tumgik.com/ [More Details]

https://sitecheck.sucuri.net/results/https/tumgik.com

1 Like

What is virustotal and sucuri and who own them?

And that is how it should be. A VPN does not block or scan anything. It just encrypts your data as it leaves and returns to your computer and changes where you appear to be. The other security feature’s job is to scan for and catch malware or phishing attempts.

1 Like

So. What blocked the malicious highrevenuegate link from going through?

uBlock Origin has prevented the following page from loading:
https://pl18787327.highrevenuegate.com/
Because of the following filter:
||highrevenuegate.com^
Found in: EasyList (Optimized)

========================================

pl18787327.highrevenuegate.com
URL Analysed: pl18787327.highrevenuegate.com
CURRENT CATEGORY Scam/Questionable Legality | Suspicious
https://safeweb.norton.com/report?url=pl18787327.highrevenuegate.com

==================================

We resolved the domain pl18787327.highrevenuegate.com to IP address 192.243.59.20
This IP address has been reported a total of 62 times from 26 distinct sources. 192.243.59.20 was first reported on November 22nd 2020, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago. It is possible that this IP is no longer involved in abusive activities.
https://www.abuseipdb.com/check/192.243.59.20

Cool. But then what’s Tumgik link supposed to be?

was https://tumgik.com/ blocked by AT&T ActiveArmor?

No. That went through. Highrevenuegate was the one blocked.

blocked by AT&T ActiveArmor?
https://www.att.com/security/

Yep. Active Armor blocked the link on multiple fronts. But not the tumgik one.

What security services do you have on your phone? If 360, it could have been the Safe Web feature, or if you have an ad blocker it may have flagged the site.

Hello @MattPat
https://forums.malwarebytes.com/topic/319338-malicious-site/

Hello @MattPat

pl18787327.highrevenuegate.com
URL Analysed: pl18787327.highrevenuegate.com
Norton Rating Caution
CURRENT CATEGORY Scam/Questionable Legality | Suspicious
https://safeweb.norton.com/report?url=pl18787327.highrevenuegate.com

1 Like

So. Tumgik is highrevenuegate?

I have 360 with Lifelock Advantage and the thing that blocked highrevenuegate is my ATT active Armor.

We’ve recently re-evaluated the security of tumgik.com
The website rating hasn’t been changed.
To see the full re-evaluation report, please visit Safeweb
Thank you!
Norton Safe Web

1 Like