Jump to content

JKeelerLMT

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. False positive block for hxxps://velocitii.com when navigating to apex URL with Malwarebytes Premium installed on an endpoint. The site had been infected prior to June 25, 2020 but was remediated on that date. It has been security scanned by the WAF & Website Security Scanner daily since 6/25/2020 and is showing free of malicious code or exploit. IP: 3.128.164.100 Hostname/URL: hxxp://velocitii.com & hxxps://velcotii.com Protection Log extract: [Also attached as txt file with screenshot of blocking] 07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 1054 "Connection blocked! ProcessId=504 ProcessPath=C:\Windows\System32\MicrosoftEdgeCP.exe Domain=velocitii.com Address=3.128.164.100 Port=80 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist" 07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1919 "Block notification callback 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'" 07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1920 "AppDetectionNotification=F, BlockNotification=T" 07/23/20 " 16:49:39.082" 190671 12ac 1bb0 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1551 "Malicious Website Protection, domainblocklist, 3.128.164.100, velocitii.com, 80, Outbound, C:\Windows\System32\MicrosoftEdgeCP.exe" 07/23/20 " 16:49:39.082" 190671 12ac 0eb8 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 2022 "Block notification callback impl 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'" 07/23/20 " 16:49:39.087" 190671 12ac 0eb8 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails "mwaccontrollerimplhelper.cpp" 2006 "White list disposition (0) for 'C:\Windows\System32\MicrosoftEdgeCP.exe'" 07/23/20 " 16:49:39.095" 190671 12ac 184c INFO MWACControllerCOM CMWACController::TelemetryDataCallbackV3 "mwaccontroller.cpp" 1990 "Successfully sent the block event data to telemetry server." MBAM Premium Log Excerpt.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.