-
Posts
5,829 -
Joined
Content Type
Events
Profiles
Forums
Posts posted by Dashke
-
-
This IP got blocked for hosting fake tech support scams.
-
-
Before submitting a possible FP, please be sure that you have -
1. Checked the list of blocked gTLDs (Generic top-level domains (gTLDs) are one of the categories of top-level domains (TLDs) maintained by the Internet Assigned Numbers Authority (IANA) for use in the Domain Name System of the Internet. These gTLDs are blocked because the ratio of bad to good domains may be higher than average, indicating that the registry could do a better job of enforcing policies and shunning abusers.)
Currently we are blocking the following gTLDs -
.accountant
.reisen
2. Used the search function on the forum
Please be sure that the domain/IP that you want to submit is not already submitted by another member.
3. Gathered protection logs/screenshots and attach them with your message
How to get protection logs in Malwarebytes 4:
Press the button
Click Reports:
The logs are stored here. Save / export the log that contains the detections you would like to have us review. You can either save it or copy it to clipboard and paste it in a new topic HERE
-------------------------------------------------------------------------------------------------------------------------------------------------
If the gTLD/domain/IP is blocked and you still want to access it, you can add it to the Malwarebytes exclusions list -
Malwarebytes 4
https://support.malwarebytes.com/docs/DOC-3543
Malwarebytes 3
https://www.malwarebytes.com/support/guides/mbam/Settings3.html#exclusions
-------------------------------------------------------------------------------------------------------------------------------------------------
If you still want to submit the FP, please create a new thread and provide the domain/IP with your protection logs (please open 'MBAM', go to 'History' and attach the log where the detection is recorded). For more information about the protection logs, please see this link.
Thanks to everyone who follows these instructions!
-
Hello Lasker,
The domain got blocked because of this article -
https://gwillem.gitlab.io/2016/10/11/5900-online-stores-found-skimming/
-
Can you please update your database and let us know if that helps? The block has been removed yesterday.
-
Hello tmikct,
The hostname has been blocked for multiple malicious sources -
hxxp://img.ed4.net/dcsg/images/09_EasyToneTour/ => https://virustotal.com/en/file/fdaf6f07edbfb23407bccbc2bd5566a9c7cb3623054b2d11b0813a03c81a91a1/analysis/1492354812/ hxxp://img.ed4.net/paypal/2013_Q3/10544_sweeps/
-
The block will not be removed due to mobile scams. Thank you for the understanding!
-
The block is due to malicious content on the server -
Quotehxxp://img.ed4.net/dcsg/images/09_EasyToneTour/ => https://virustotal.com/en/file/fdaf6f07edbfb23407bccbc2bd5566a9c7cb3623054b2d11b0813a03c81a91a1/analysis/1492354812/
-
Thank you very much Kevin!
-
Hello Kevin,
If you want, you can add it to the exclusions list -
https://www.malwarebytes.com/support/guides/mb/Settings3.html#exclusions
-
Hello Basketrage,
We have a block on *.bid because of the malicious activity seen on the gTLD.
If you want to disable the notifications, please go Settings and set "Show Malwarebytes notifications in the Windows System Tray" as off.
-
Hello Kevin,
The hostname is blocked for PayPal phish -
http://img.ed4.net/paypal/2013_Q3/10544_sweeps/
-
Hello luv2decor8,
We have a block on *.bid because of the malicious activity seen on the gTLD.
If you want to disable the notifications, please go Settings and set "Show Malwarebytes notifications in the Windows System Tray" as off.
-
Hello adrianp,
As Zynthesist said, the IP you listed is filled with tech support scam domains.
-
Unfortunately, the block is on 193.109.69.0/24 due to malicious content.
-
Hello Brumby777,
You can still visit deposit files as the ads are probably causing the warning, but you don't have to worry since you will be secured.
-
Thanks Porthos! The IP is blocked for sending Dridex/Locky malspam.
-
Hello MaheshK,
The domain rocketavenue is blocked for malvertising.
-
Hello Brumby777,
As you can see from the logs, the domain that is blocked is
jleads.in
a known infection source.
-
Hello Idontknow,
The domain has been blocked for PUP.
-
Hello dugn8r,
The block was on the IP, but it will be removed because the malicious content has been cleaned up. Thank you!
-
Hello Navneet,
Fortunately, we are not blocking this domain. Can you please post the protection log so we can take a look at it?
-
Hello rubisc,
The block will be removed since the website is clean now.
-
Hello perz,
Unfortunately, the whole .bid TLD is blocked at this point.
Real Life Canes - block
in Website Blocking
Posted
We are not blocking this domain.