Blocked domains
https://irys.xyz
Why should this be unblocked?
Hi PhishDestroy team,
I am Gustavo Lobo, CMO at Irys (https://irys.xyz). I am filing an appeal for the listing of irys.xyz (REF 6E04C64E, Risk Score 61/100, classification HIGH).
This is a classification error containing a factual inaccuracy that's verifiable in seconds.
Key issues with the current listing
1. The "Taken Down" status is wrong. irys.xyz is fully operational right now. It serves our marketing site, blog at /blog, documentation at docs.irys.xyz, security policy at /security, and abuse form at /report-abuse. A simple curl -I https://irys.xyz from any network will confirm. Whatever snapshot triggered the "offline" classification was misattributed or captured during a transient issue.
2. Your own classifier flags our security.txt as a positive signal. Quoting your Site Configuration Analysis on the listing: "security.txt is unusual for phishing — could indicate legitimate infrastructure." We deployed RFC 9116 security.txt at https://irys.xyz/.well-known/security.txt and a full security policy at https://irys.xyz/security on June 10, 2026. The security page documents:
- Our complete subdomain inventory
- Known impersonators (
irys.vu and ethgasfoundation.app — both already on your DestroyList)
- Our 24-hour abuse-handling SLA
- All operated domains (datasprite-cdn.com, bundlr.network, irysnetwork.com, plus defensive registrations)
3. The WHOIS data in your report appears incorrect. Your report states the domain was "created on February 23, 2026" resolving to IP 192.99.13.108 (OVH). Irys (rebranded from Bundlr Network in 2024) has operated irys.xyz well before that, and our current infrastructure does not route through that IP. The "4 mo old" notation likely reflects an SSL certificate renewal (Let's Encrypt R12), not domain registration. Happy to provide WHOIS verification on request.
4. Only 1 of 95 VirusTotal vendors flags us. The single flag (Forcepoint ThreatSeeker) is downstream of the same incident affecting our uploader.irys.xyz subdomain, propagating through shared threat-intel feeds.
Related case
We have an active appeal on uploader.irys.xyz (case PD-20260210-ED4ECE), where the abuse was a third-party-uploaded Phantom wallet drainer ("Kumbaya" page) through our permissionless storage gateway. That content has been offline since March 15, 2026, re-verified offline on June 10, 2026. The legitimate uploader.irys.xyz/ root continues to return the expected Irys SDK wallet-address JSON.
About Irys
Layer-1 data infrastructure for AI and blockchain developers. Project formerly known as Bundlr Network.
Verification (please load these directly)
What we are asking
- Re-evaluation of REF 6E04C64E
- Correction of the "Taken Down" status (the domain is verifiably operational)
- Removal of
irys.xyz from the DestroyList based on the legitimacy signals your own classifier identified
- Coordination with the related uploader.irys.xyz case PD-20260210-ED4ECE
Happy to provide WHOIS records, corporate registration, or a video call with engineering on request.
Contact: security@irys.xyz
Site owner: Gustavo Lobo, CMO, Irys
Contact email (optional)
security@irys.xyz
Duplicate check
Blocked domains
https://irys.xyz
Why should this be unblocked?
Hi PhishDestroy team,
I am Gustavo Lobo, CMO at Irys (https://irys.xyz). I am filing an appeal for the listing of
irys.xyz(REF 6E04C64E, Risk Score 61/100, classification HIGH).This is a classification error containing a factual inaccuracy that's verifiable in seconds.
Key issues with the current listing
1. The "Taken Down" status is wrong.
irys.xyzis fully operational right now. It serves our marketing site, blog at/blog, documentation atdocs.irys.xyz, security policy at/security, and abuse form at/report-abuse. A simplecurl -I https://irys.xyzfrom any network will confirm. Whatever snapshot triggered the "offline" classification was misattributed or captured during a transient issue.2. Your own classifier flags our security.txt as a positive signal. Quoting your Site Configuration Analysis on the listing: "security.txt is unusual for phishing — could indicate legitimate infrastructure." We deployed RFC 9116 security.txt at https://irys.xyz/.well-known/security.txt and a full security policy at https://irys.xyz/security on June 10, 2026. The security page documents:
irys.vuandethgasfoundation.app— both already on your DestroyList)3. The WHOIS data in your report appears incorrect. Your report states the domain was "created on February 23, 2026" resolving to IP
192.99.13.108(OVH). Irys (rebranded from Bundlr Network in 2024) has operatedirys.xyzwell before that, and our current infrastructure does not route through that IP. The "4 mo old" notation likely reflects an SSL certificate renewal (Let's Encrypt R12), not domain registration. Happy to provide WHOIS verification on request.4. Only 1 of 95 VirusTotal vendors flags us. The single flag (Forcepoint ThreatSeeker) is downstream of the same incident affecting our
uploader.irys.xyzsubdomain, propagating through shared threat-intel feeds.Related case
We have an active appeal on
uploader.irys.xyz(case PD-20260210-ED4ECE), where the abuse was a third-party-uploaded Phantom wallet drainer ("Kumbaya" page) through our permissionless storage gateway. That content has been offline since March 15, 2026, re-verified offline on June 10, 2026. The legitimateuploader.irys.xyz/root continues to return the expected Irys SDK wallet-address JSON.About Irys
Layer-1 data infrastructure for AI and blockchain developers. Project formerly known as Bundlr Network.
Verification (please load these directly)
What we are asking
irys.xyzfrom the DestroyList based on the legitimacy signals your own classifier identifiedHappy to provide WHOIS records, corporate registration, or a video call with engineering on request.
Contact: security@irys.xyz
Site owner: Gustavo Lobo, CMO, Irys
Contact email (optional)
security@irys.xyz
Duplicate check