Hi. Found this phishing link tumgik.com. The vpn did not catch this link but one of my phone security service blocked the connection.
Detailed description:
Product & version number: Norton 360 version 5.96.0.24.0909137
OS details: Android
Hi. Found this phishing link tumgik.com. The vpn did not catch this link but one of my phone security service blocked the connection.
Detailed description:
Product & version number: Norton 360 version 5.96.0.24.0909137
OS details: Android
2/96 security vendors flagged this URL as malicious
https://tumgik.com/
Last Analysis Date a moment ago
VirusTotal report [here]
=============================================
tumgik.com
URL Analysed: https://tumgik.com/
Norton Rating Warning
CURRENT CATEGORY Malicious Sources/Malnets
https://safeweb.norton.com/report?url=https://tumgik.com/
===============================================
Malware Found
https://tumgik.com/ [More Details]
What is virustotal and sucuri and who own them?
And that is how it should be. A VPN does not block or scan anything. It just encrypts your data as it leaves and returns to your computer and changes where you appear to be. The other security feature’s job is to scan for and catch malware or phishing attempts.
So. What blocked the malicious highrevenuegate link from going through?
uBlock Origin has prevented the following page from loading:
https://pl18787327.highrevenuegate.com/
Because of the following filter:
||highrevenuegate.com^
Found in: EasyList (Optimized)
========================================
pl18787327.highrevenuegate.com
URL Analysed: pl18787327.highrevenuegate.com
CURRENT CATEGORY Scam/Questionable Legality | Suspicious
https://safeweb.norton.com/report?url=pl18787327.highrevenuegate.com
==================================
We resolved the domain pl18787327.highrevenuegate.com
to IP address 192.243.59.20
This IP address has been reported a total of 62 times from 26 distinct sources. 192.243.59.20 was first reported on November 22nd 2020, and the most recent report was 8 months ago.
Old Reports: The most recent abuse report for this IP address is from 8 months ago. It is possible that this IP is no longer involved in abusive activities.
https://www.abuseipdb.com/check/192.243.59.20
Cool. But then what’s Tumgik link supposed to be?
was https://tumgik.com/
blocked by AT&T ActiveArmor?
No. That went through. Highrevenuegate was the one blocked.
blocked by AT&T ActiveArmor?
https://www.att.com/security/
Yep. Active Armor blocked the link on multiple fronts. But not the tumgik one.
What security services do you have on your phone? If 360, it could have been the Safe Web feature, or if you have an ad blocker it may have flagged the site.
Hello @MattPat
pl18787327.highrevenuegate.com
URL Analysed: pl18787327.highrevenuegate.com
Norton Rating Caution
CURRENT CATEGORY Scam/Questionable Legality | Suspicious
https://safeweb.norton.com/report?url=pl18787327.highrevenuegate.com
So. Tumgik is highrevenuegate?
I have 360 with Lifelock Advantage and the thing that blocked highrevenuegate is my ATT active Armor.
We’ve recently re-evaluated the security of tumgik.com
The website rating hasn’t been changed.
To see the full re-evaluation report, please visit Safeweb
Thank you!
Norton Safe Web