False positive block for hxxps://velocitii.com when navigating to apex URL with Malwarebytes Premium installed on an endpoint. The site had been infected prior to June 25, 2020 but was remediated on that date. It has been security scanned by the WAF & Website Security Scanner daily since 6/25/2020 and is showing free of malicious code or exploit.
IP: 3.128.164.100
Hostname/URL: hxxp://velocitii.com & hxxps://velcotii.com
Protection Log extract: [Also attached as txt file with screenshot of blocking]
07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 1054 "Connection blocked! ProcessId=504 ProcessPath=C:\Windows\System32\MicrosoftEdgeCP.exe Domain=velocitii.com Address=3.128.164.100 Port=80 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist"
07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1919 "Block notification callback 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'"
07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1920 "AppDetectionNotification=F, BlockNotification=T"
07/23/20 " 16:49:39.082" 190671 12ac 1bb0 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1551 "Malicious Website Protection, domainblocklist, 3.128.164.100, velocitii.com, 80, Outbound, C:\Windows\System32\MicrosoftEdgeCP.exe"
07/23/20 " 16:49:39.082" 190671 12ac 0eb8 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 2022 "Block notification callback impl 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'"
07/23/20 " 16:49:39.087" 190671 12ac 0eb8 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails "mwaccontrollerimplhelper.cpp" 2006 "White list disposition (0) for 'C:\Windows\System32\MicrosoftEdgeCP.exe'"
07/23/20 " 16:49:39.095" 190671 12ac 184c INFO MWACControllerCOM CMWACController::TelemetryDataCallbackV3 "mwaccontroller.cpp" 1990 "Successfully sent the block event data to telemetry server."
MBAM Premium Log Excerpt.txt