All Activity

Hi, The IP (146.190.222.240) block was removed about three weeks ago. Please tell your costumers to check if they're using the latest database.

Dear MalwareBytes Team, I hope this message finds you well. We have recently been informed by our users that our domain, saftehnika.com, has been blocked by MalwareBytes due to alleged fraudulent activity. Attached is a screenshot illustrating this. I would like to clarify that saftehnika.com, along with all affiliated websites under our domain, is owned and operated by our company, AS “SAF Tehnika,” a registered legal entity in Latvia (registration details available at https://www.ur.gov.lv/en/legal-entity/?id=40003474109). We take security and compliance seriously and do not engage in any knowingly malicious activities, including but not limited to fraud or the distribution of malware. If there is any evidence indicating fraudulent activity originating from our online resources, we kindly request that you share it with us so that we can promptly address the issue. However, if there has been a misunderstanding or if there is no substantiated evidence of malicious activity associated with our domain, we respectfully request the removal of saftehnika.com from your blacklist. Thank you for your attention to this matter. We look forward to your prompt response and resolution. Best regards, Viesturs Eihentāls System Administrator IT department, AS "SAF Tehnika"

@JPopovic should the URL be blocked by the browser guard, if there is and instant redirection from https://win.jugabet.cl/casino/wheel-v1 to https://win.jugabet.cl/casino/wheel-v1/ and back to https://win.jugabet.cl/casino/wheel-v1 ? We have localised that some redirections happen, could it be a false positive trigger for Malwarebytes browser guard?

Just for extra clarity, the blocked domain is: https://rbtdaorv.gelato.com/assets/wxyz.rb.js

We're getting intermitent reports of the following domain being blocked: Source domain: gelato.com Blocked domain: rbtdaorv.gelato.com/assets/wxyz.rb.js When I personally visit gelato.com I don't see an issue: But this is the report we've gotten: If there's anything else I can provide please let me know.

Hi, Thanks for reporting. The block will be removed.

@miekiemoes @Porthos Thanks a million for fixing this, I can confirm it works now. This is going to make my life easier.

Additional info, If I use Chrome browser I have no issues. It only happens with Edge.

Malwarebytes detected this website and I want to verify if the detection is legitimate for research reasons. -------------------------------------------------------------------------------------------------------- Website Blocked: modsreloaded.com v2.6.25 | Trojan: 2.0.202404260906 Malwarebytes Browser Guard blocked this page because it may contain malicious activity.

This might help. https://support.threatdown.com/hc/en-us/articles/4413802356755-Anti-exploit-policy-settings-in-Nebula

This may or may not help you, But in the consumer version, you would disable the following setting in the Advanced exploit settings. I do not know if you have similar controls.

Apologies, followed the support links so assumed it was the appropriate place to raise a ticket. I'll do as you suggest. Geoff.

I will ask @Arthi to assist. I do not have experience with With Threatdown. only the consumer version. As a business customer, if you're having issues affecting your business then I would highly suggest you create a Business Support Ticket https://service.malwarebytes.com/hc/en-us/requests/new

Hi - we are on the corporate version, Threatdown Core. Regards - Geoff

Hi, This is detected by our MachineLearning engine, which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation: https://forums.malwarebytes.com/topic/238670-machinelearninganomalous-detections-and-explanation/ Thanks for reporting these, as this helps to finetune the engine, so these won't be detected in the future anymore. This should be fixed by now. Please give it some time (max 10 minutes) in order to have it populate, so detection won't happen anymore.

You have a version installed by an employer or a support/repair service. You have no control over it. You might want to contact the company that installed it to be sure you are using an updated database and version. The log you provided will help staff fix the issue.

@Porthos I don't seem to have those apps. Malwarebytes seems to run as a service without an interface. I only have a "Nebula Agent" but only has 1 option to start scanning for threats.

I'm unsure how to get the logs, because I don't have the Malwarebytes interface, it runs like a service, not an app. I managed to get some sort of detection log, and I attached the code for the app being quarantined. Unsuspend.zip RTP Detection Log.txt

Hi, Yes, I'll do it next time. FYI - It was just a white page with text message in the middle about "blocked by content blocker". Disabling/Enabling extension solved it (maybe cache?). As it is working now, feel free to close it. Thank you!

You say Malwarebytes is blocking your app? Those are the instructions for finding the protection logs from the Malwarebytes program.

Hi, I'm not able to reproduce the issue. If you get blocked again, please post a screenshot of the block so we can investigate further.

@Porthos I don't have these apps, I searched for them to try and control the quarantine exceptions, but there is nothing on my computer.

@oxyzn You can find Scan and Protection logs within the Malwarebytes 5 program in the following location You can find Scan and Protection logs within the Malwarebytes 4 program in the following location RTP stands for Real-Time Protection and is where automatic protection operations would normally be logged If you click on the View option you should get something similar to the following with other options available.

I have moved your post to the Browser Guard for Safari. @JPopovic@BjelakovicL

Hi, I scanned the file and I don't get a detection here. Can you post the detection log please? Thanks.