Hey HN. Posting this here in the hope that someone who can help sees this. I work on security and compliance at Buffer. A couple of hours ago, Google blocked our entire domain start.page and now shows the "The site ahead may contain harmful programs" warning when trying to visit any subdomain.
start.page is the primary domain for hosting Buffer's link page product. Eg: https://buffer.start.page . About 24 hours ago, a spammer created a start page which linked to a .rar malware file hosted on Google drive. We did not host the file. Just carried a link to it.
That page was detected during our routine content moderation this evening but it had also been reported to Google. We have removed the content at this time and submitted the start.page domain to Google's review process.
In the meantime however, instead of blocking the individual subdomain that had linked to the malware, Google has blocked our entire domain start.page which means that all valid customers are also affected by this. Any customer start page visited on desktop/android now shows the scary red screen warning.
Reaching out on HN right now to see if there's anyone at all on Google who can help expedite the review process so that our customers aren't further affected by this.
Also, if anyone from Google sees this I can further help by sharing information to the linked google drive file. It's password protected so I'm guessing that that helps it bypass detection.
Thanks. Fingers crossed for this since I've never done/had to do this before.