X2.c.lencr.org flagged as compromised

ABIDI · September 30, 2022, 6:07pm

Hello,

Our WatchGuard firewall is flagging x2.c.lencr.org as a compromised website.

I tested the host x2.c.lencr.org in virustotal.com and it still shows me that the host is flagged as malicious

Could you please check.

Regards,

Bruce5051 · September 30, 2022, 6:12pm

Hello @ABIDI, welcome to the Let's Encrypt community.

What version of the WatchGuard firewall?
Is it up-to-date?

Also please see lencr.org - Let's Encrypt

Bruce5051 · September 30, 2022, 6:23pm

Also there is WatchGuard Community WatchGuard Community — WatchGuard Community which may also be helpful.

mcpherrinm · September 30, 2022, 6:29pm

I've filed this as a false positive with Valkyrie, which is what shows up in VirusTotal.

Do you know if WatchGuard uses that service? If not, we'll need to follow up with them as well. Your screenshot shows it as "Bot Networks", which is likely flagged because some bot checked CRLs from that domain.

ABIDI · September 30, 2022, 6:31pm

Hello @Bruce5051

The alert was generated by WatchGuard's Threat Detection and Response system
Should I ask WatchGuard support to verify?

mcpherrinm · September 30, 2022, 6:32pm

If you could give me the information I need to fill out this form, I can follow up with them. Alternatively if you could contact Watchguard support, that would be much appreciated.

Bruce5051 · September 30, 2022, 6:32pm

Hello @ABIDI please coordinate with @mcpherrinm
Thanks to both of you!

ABIDI · September 30, 2022, 7:22pm

Hello @mcpherrinm
I just submitted a support case to WatchGuard.
I will let you know as soon as I have an answer.

mcpherrinm · September 30, 2022, 7:44pm

Thank you!

ABIDI · October 3, 2022, 7:22pm

Hello @mcpherrinm @Bruce5051

I got the response from WatchGuad support :
"x2.c.lencr.org appears to have already been updated:
http://x2.c.lencr.org is categorized as Information Technology
But e1.o.lencr.org is still registered as Bot Networks:
http://e1.o.lencr.org is categorized as Bot Networks"
I just scanned the host in e1.o.lencr.org and it is still flagged as malicious
Valkyrie Verdict
VirusTotal

mcpherrinm · October 3, 2022, 8:49pm

Valkyrie has confirmed in the thread they've removed x2.c.lencr.org

Thank you for pointing out e1.o.lencr.org is also flagged. I've checked the rest of our domains and found out that x1.i.lencr.org is flagged as well.

I've requested they be unflagged as well:

ABIDI · October 5, 2022, 7:31am

Hello @mcpherrinm
The e1.o.lencr.org host is clean again

Thanks for your collaboration

system · November 4, 2022, 7:32am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.