Jump to content

safer

Members
  • Content Count

    1
  • Joined

  • Last visited

Posts posted by safer

  1. MalwareBytes is blocking an attempted outbound connection several times a day coming from an IIS worker process on my web server. The server is running Windows Server 2012 R2.

    This is being categorized as RiskWare, and I've been unable to find out much information at all about this domain/IP on the web.

    Does anybody have any information about why MalwareBytes blocks this? What is the particular risk and where does this outbound request typically originate from?

    Thanks in advance.

    - safer

     

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Protection Event Date: 9/30/19
    Protection Event Time: 1:41 PM
    Log File: 8971163a-e3a9-11e9-9874-005056b9b9ae.json

    -Software Information-
    Version: 3.8.3.2965
    Components Version: 1.0.627
    Update Package Version: 1.0.12709
    License: Premium

    -System Information-
    OS: Windows Server 2012 R2
    CPU: x64
    File System: NTFS
    User: System

    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Category: RiskWare
    Domain: bellsystem.usite.pro
    IP Address: 213.174.157.151
    Port: [65324]
    Type: Outbound
    File: C:\Windows\SysWOW64\inetsrv\w3wp.exe

    (end)

    Capture.PNG

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.