Dashke

Thanks Mike, the block will be corrected!

Hello jmgbooks, Thank you very much for the log! As you can see, the blocked domain is www.trovi.com which is a known infection source. Please try to run a scan with MB and AdwCleaner and let us know if that helps.

Hello jmgbooks, Can you please attach the log one more time?

We are not blocking this domain.

This IP got blocked for hosting fake tech support scams.

That's great news, thank you very much for letting us know @tmikct @Eagleeye!

Before submitting a possible FP, please be sure that you have - 1. Checked the list of blocked gTLDs (Generic top-level domains (gTLDs) are one of the categories of top-level domains (TLDs) maintained by the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of the Internet. These gTLDs are blocked because the ratio of bad to good domains may be higher than average, indicating that the registry could do a better job of enforcing policies and shunning abusers.) Currently we are blocking the following gTLDs - .accountant .reisen 2. Used the search function on the forum Please be sure that the domain/IP that you want to submit is not already submitted by another member. 3. Gathered protection logs/screenshots and attach them with your message How to get protection logs in Malwarebytes 4: Press the button Click Reports: The logs are stored here. Save / export the log that contains the detections you would like to have us review. You can either save it or copy it to clipboard and paste it in a new topic HERE ------------------------------------------------------------------------------------------------------------------------------------------------- If the gTLD/domain/IP is blocked and you still want to access it, you can add it to the Malwarebytes exclusions list - Malwarebytes 4 https://support.malwarebytes.com/docs/DOC-3543 Malwarebytes 3 https://www.malwarebytes.com/support/guides/mbam/Settings3.html#exclusions ------------------------------------------------------------------------------------------------------------------------------------------------- If you still want to submit the FP, please create a new thread and provide the domain/IP with your protection logs (please open 'MBAM', go to 'History' and attach the log where the detection is recorded). For more information about the protection logs, please see this link. Thanks to everyone who follows these instructions!

Hello Lasker, The domain got blocked because of this article - https://gwillem.gitlab.io/2016/10/11/5900-online-stores-found-skimming/

Can you please update your database and let us know if that helps? The block has been removed yesterday.

Hello tmikct, The hostname has been blocked for multiple malicious sources - hxxp://img.ed4.net/dcsg/images/09_EasyToneTour/ => https://virustotal.com/en/file/fdaf6f07edbfb23407bccbc2bd5566a9c7cb3623054b2d11b0813a03c81a91a1/analysis/1492354812/ hxxp://img.ed4.net/paypal/2013_Q3/10544_sweeps/

The block will not be removed due to mobile scams. Thank you for the understanding!

The block is due to malicious content on the server -

Thank you very much Kevin!

Hello Kevin, If you want, you can add it to the exclusions list - https://www.malwarebytes.com/support/guides/mb/Settings3.html#exclusions

Hello Basketrage, We have a block on *.bid because of the malicious activity seen on the gTLD. If you want to disable the notifications, please go Settings and set "Show Malwarebytes notifications in the Windows System Tray" as off.

Hello Kevin, The hostname is blocked for PayPal phish - http://img.ed4.net/paypal/2013_Q3/10544_sweeps/

Hello luv2decor8, We have a block on *.bid because of the malicious activity seen on the gTLD. If you want to disable the notifications, please go Settings and set "Show Malwarebytes notifications in the Windows System Tray" as off.

Hello adrianp, As Zynthesist said, the IP you listed is filled with tech support scam domains.

Unfortunately, the block is on 193.109.69.0/24 due to malicious content.

Hello Brumby777, You can still visit deposit files as the ads are probably causing the warning, but you don't have to worry since you will be secured.

Thanks Porthos! The IP is blocked for sending Dridex/Locky malspam.

Hello MaheshK, The domain rocketavenue is blocked for malvertising.

Hello Brumby777, As you can see from the logs, the domain that is blocked is jleads.in a known infection source.

Hello Idontknow, The domain has been blocked for PUP.

Hello dugn8r, The block was on the IP, but it will be removed because the malicious content has been cleaned up. Thank you!