guruuno
Honorary Members-
Posts
31 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
1,041 profile views
-
SPLASHTOP RELAY Server being blocked, please white-list?
guruuno replied to guruuno's topic in Website Blocking
Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/26/23 Protection Event Time: 2:31 PM Log File: ee98596a-5c9a-11ee-8a7f-b083fe889a7e.json -Software Information- Version: 4.6.3.282 Components Version: 1.0.2151 Update Package Version: 1.0.75695 License: Premium -System Information- OS: Windows 10 (Build 19045.3448) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Exploit.PayloadProcessBlock, C:\WINDOWS\system32\cscript.exe cscript prnmngr.vbs -a -p Splashtop PDF Remote Printer -m Microsoft Print to PDF -r FILE:, Blocked, 701, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cscript.exe cscript prnmngr.vbs -a -p Splashtop PDF Remote Printer -m Microsoft Print to PDF -r FILE: URL: (end) -
SPLASHTOP RELAY Server being blocked, please white-list?
guruuno replied to guruuno's topic in Website Blocking
I also have log/notification. This is from last week or so but identical info i added/allowed Splashtop in Malwarebytes but it still occurs Will provide more info as I gather it -
SPLASHTOP RELAY Server being blocked, please white-list?
guruuno replied to guruuno's topic in Website Blocking
I do. Allow me a bit to put them together -
guruuno started following SPLASHTOP RELAY Server being blocked, please white-list?
-
September 13th this was informed of issues (I cannot reply or reopen, hence new here topic); Splashtop remote printing being blocked, again please advise as to a resolution their reply was For the fixed ip solution, follow the steps below to configure: 1. Please update and whitelist the following ip addresses 2. Once the ip addresses are whitelisted, please respond and inform us that this has been done 3. When we are notified, we can tag your account to properly route on our backend Please find the list of current fixed ip addresses. 150.136.132.17 3.132.193.204 18.191.44.25 35.165.160.97 50.18.229.181 129.159.111.190 129.159.101.179 3.141.58.188 158.101.45.160 158.101.35.45 129.159.110.20 34.235.90.206 129.159.85.200 129.146.211.84 132.226.113.124 35.211.56.94 18.233.112.74 54.173.10.171 129.146.228.243 54.176.215.111 3.141.82.240 129.159.74.46 129.159.114.84 35.212.232.80 35.155.46.184 129.159.99.162 35.211.185.165 35.211.205.237 132.226.24.89 35.208.36.229 193.122.185.220 150.136.0.254 35.211.20.190 54.241.4.254 54.203.233.2 35.211.146.105 34.225.225.238 3.140.205.16 44.230.159.46 44.241.96.242 35.211.145.52 54.163.92.216 129.159.105.223 132.226.30.183 129.146.216.189 193.122.200.117 129.159.106.212 129.159.92.21 132.226.25.67 132.226.121.15 129.159.84.35 193.122.191.67 158.101.39.21 158.101.39.108 129.146.234.94 3.12.183.222 35.172.169.64 184.169.237.2 158.101.38.12 50.18.55.179 3.141.226.31 35.207.37.114 35.80.107.79 158.101.24.240 54.71.160.66 35.153.163.73 129.159.89.174 44.233.167.217 54.203.67.36 35.212.212.174 129.159.86.83 129.159.100.58 158.101.32.219 35.212.248.219 132.226.113.48 54.198.215.106 193.122.172.160 54.176.48.173 54.241.2.8 132.226.124.195 129.159.116.1 193.122.192.28 158.101.45.12 129.146.197.13 132.226.124.196 35.211.247.4 35.211.34.194 35.209.244.86 129.146.150.170 158.101.37.95 129.159.101.198 150.136.0.219 35.215.99.56 129.146.208.44 129.146.229.237 18.224.115.69 193.122.199.224 132.226.124.145 54.176.81.135 52.9.42.215 3.142.162.106 129.159.108.9 35.215.67.29 132.226.126.196 129.159.82.0/24 129.159.89.16 129.159.108.8 35.208.104.94 132.226.29.110 132.226.144.0/24 35.174.216.37 54.164.19.64 44.238.115.102 132.226.24.212 50.18.0.172 35.211.141.116 150.136.187.68 35.215.81.247 54.151.91.105 132.226.112.220 3.132.98.42 193.122.199.213 35.209.14.26 54.241.14.13 Thank you, -Splashtop Team Regards, Splashtop Business Support Team
-
Validated with Splashtop, this needs to be addressed with a false positive fix or however it is resolved. Thank you. Please whitelist connection to *.relay.splashtop.com. This is for Splashtop remote connection (02:23:26 PM) ME: So, to be clear, the IP is valid/Splashtop and not a compromise? (02:24:47 PM) Steffi - Splashtop : Yes, this is our IP. We use dynamic ip so the digits will change from time to time but the domain remain the same However, *.relay.splashtop cannot be manually added into anything, only individual IP addresses. Splashtop support says they will send me a IP list, but is it not easier for Malwarebytes to do it on your end (white-list it)?
-
Running 'fixlist.txt' now, will provide file(s) upon completion as requested, sorry for the delay (holiday). Question(s)? You state: "CCleaner (computer experts no longer recommend this program)"...can you advise as to why? Can you suggest alternative tool? Yes, the new PC was upgraded with a Macrium image from a previous machine. Does the 'fixlist.txt' address the files/items that you reference or do I manually do the removal? Thanks
-
Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/23/22 Protection Event Time: 5:41 AM Log File: 72abc9c0-6b1b-11ed-bfba-a4bb6dd8b56b.json -Software Information- Version: 4.5.17.221 Components Version: 1.0.1806 Update Package Version: 1.0.62669 License: Premium -System Information- OS: Windows 11 (Build 22000.1281) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: IP Address: 159.203.73.163 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe ----------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/23/22 Protection Event Time: 5:05 AM Log File: 5fe6314a-6b16-11ed-9a2a-a4bb6dd8b56b.json -Software Information- Version: 4.5.17.221 Components Version: 1.0.1806 Update Package Version: 1.0.62669 License: Premium -System Information- OS: Windows 11 (Build 22000.1281) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 159.203.73.163 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) ------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/23/22 Protection Event Time: 5:04 AM Log File: 3d03f252-6b16-11ed-ba1d-a4bb6dd8b56b.json -Software Information- Version: 4.5.17.221 Components Version: 1.0.1806 Update Package Version: 1.0.62669 License: Premium -System Information- OS: Windows 11 (Build 22000.1281) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: IP Address: 159.203.73.163 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end) -------------- Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/22/22 Protection Event Time: 5:49 PM Log File: fd94e18e-6ab7-11ed-a665-a4bb6dd8b56b.json -Software Information- Version: 4.5.17.221 Components Version: 1.0.1806 Update Package Version: 1.0.62649 License: Premium -System Information- OS: Windows 11 (Build 22000.1281) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 159.89.239.212 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)