P44

I got computer repaired so was able to access the logs. There are about 20 entries reporting blocking IP addresses that Malwarebytes associated with the domain name flightkelly.com. The two IP addresses are: 172.67.156.213, in the first and several subsequent reports on 3/16/21 and 104.21.8.45. Here is the first one from the 20+ from 3/16, followed by the last on I received on 3/18: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/16/21 Protection Event Time: 5:11 PM Log File: 4ab02796-86b5-11eb-a9da-d8eb97b3abce.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38267 License: Trial -System Information- OS: Windows 10 (Build 21332.1010) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: flightkelly.com IP Address: 172.67.156.213 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/18/21 Protection Event Time: 12:04 PM Log File: c4d37196-881c-11eb-8dc5-d8eb97b3abce.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38347 License: Trial -System Information- OS: Windows 10 (Build 21337.1000) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: flightkelly.com IP Address: 104.21.8.45 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end)

AdvancedSetup said: Both of the IP in your first post are not for the flightkelly domain 172.67.156.213 104.21.8.45 I knew that before I made my first post because I looked them up. That is how I knew (and reported) they were in Cloudflare's assigned ranges. The reason flightkelly.com appeared is because it was reported by Malwarebytes as being associated with IP=104.21.8.45 (as that above log I submitted shows). I reported both IPs because Malwarebytes blocked reported both. I don't have access to the laptop this happened on is out of service waiting on a fan replacement. Your explanation sounds perfectly reasonable. If you did not visit that site it's possible it was just an Ad and will probably not show up again. I cannot get to the logs on my end, or tell if it is still a problem until I get the laptop Malwarebytes Premium is on. I am surprised that Malwarebytes doesn't have an internal diagnostic tool to check the two IPs in whatever data lake Malwarebytes uses (or didn't use it) before responding to my first post.

I never tried to access flightkelly.com in the first place. Malwarebytes generated an error referencing that site. To repeat what i wrote above, Malwarebytes blocked these two IP addresses owned by Cloudflare.: 172.67.156.213 104.21.8.45 I use Cloudflare's DNS server. Some program on my system referenced those IPs, but I did not explicitly try to access them. Malwarebytes popped up an alert saying those two IPs were blocked. The Malwarebytes alert referenced flightkelly.com. My guess is that previously those IPs were associated with flightkelly.com, but no longer are, and Malwarebytes should not be blocking them any longer. At the moment, the Windows 10 laptop I installed the Premium trial on is out of service because the fan needs to be replaced.

What is the conclusion?

@dashke I am taking a stab at what you meant by "protection log". Here is one of several identical entries that appears under "notifications". Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/18/21 Protection Event Time: 12:04 PM Log File: c4d37196-881c-11eb-8dc5-d8eb97b3abce.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.38347 License: Trial -System Information- OS: Windows 10 (Build 21337.1000) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: flightkelly.com IP Address: 104.21.8.45 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end)

@porthos: I would be happy to post it in the correct spot. As a newbie, I thought i was. You told me I did it wrong but you didn't tell me where i should post it. @AdvancedSetup: I do not own the site flightkelly.com @Dashke : I don't know what the "protection log" is. Malwarebytes help doesn't seem to know that precise term either. If you tell me precisely what you want me to post, i will be happy to do so. It is possible I have a bad extension in Microsoft Edge, but Malwarebytes scan has shown 0 problems since I installed it. What Malware bytes does is alert me about a possible trojan at the website I am accessing. The message doesn't look to me like it is telling me i have a trojan on my system. Here is the message: Website blocked due to a Trojan Your Malwarebytes Premium trial blocked this website because it may contain a Trojan. I use CloudFlare's DNS server. As a guess, your database (and others) appears to associate those two IPs with a domain name, flightkelly.com that doesn't appear to be current. Its registration record has blanks for registrar and abuse contacts but does list cloudflare.com name servers. Maybe I am misunderstanding, but I don't think the error is telling me it is detecting a trojan on my system, and the fact that virustotal.com correctly identified a file as a trojan does not demonstrate that one still exists at those two IP addresses, and I see no evidence those two IP addresses are associated with the domain, flightkelly.com.

I have installed a trial of Malwarebytes Premium on Windows 10, and it is blocking multiple IP addresses associated with the domain flightkelly.com. When I look up the IP addresses, they belong to Cloudflare. IPs include 172.67.156.213 104.21.8.45 Google finds at least one similar report about Malwarebytes blocking Cloudflare access, but I was disappointed to see your response was, you would check it out, but you closed it out after that without any further info about what, if anything, you found, and what you did about it.