sp123
Honorary Members-
Posts
232 -
Joined
-
Last visited
Reputation
38 ExcellentProfile Information
-
Location
Lost
-
Interests
Security
Recent Profile Visitors
5,723 profile views
-
Interesting. I didn't trigger MBAM when I tested, but I now realize that was due to a misconfiguration on my system. Sorry for the error. Thanks for pointing that out.
-
sp123 started following need help removing malware and possible rootkit , False positive: data.ddosecrets.com , Convoluted Issue and 7 others
-
Distributed Denial of Secrets is an organization which publishes data from whistleblowers and hacktivists. The domain data.ddosecrets.com is used by this organization to share the published data, for example: https://data.ddosecrets.com/Israel%20Ministry%20of%20Defense/ Visiting any page on that domain returns the following block: While this organization is controversial, it does not distribute malware. Thank you
-
I was testing just by curling that IP directly (curl 104.21.87[.]149), but it seems for some reason Windows was connecting to the domain anyway? I cleared the DNS cache and now it correctly shows MBAM does not block this IP. I apologize for the mistake. Nevertheless, why is that domain malicious? It appears to be just a comics website, and people have reported it to be legitimate. I do not have VirusTotal Premium, so I can not see the information you linked to (I assume there are some malicious URLs on this domain?). Thank you
-
Note: I just used curl for testing. Thanks Malwarebytes Website Blocked Report 2024-05-12 103500.txt
-
This IP is owned by CloudFlare, and as such blocklisting it blocks many legitimate domains who happen to use CloudFlare. Abusive websites should be reported to CloudFlare or blocklisted separately, rather than blocking the entire IP. Thank you
-
I am aware. I was recommending MBAR for systems where malware blocked Malwarebytes. Ok, thank you. I will no longer recommend it, and instead will point to Malwarebytes' rootkit scanning and offline installer.
-
I am curious what the current status of Malwarebytes Anti-Rootkit is, and where it would be possible to download it. Even the forum post with instructions has disappeared (https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/) I have been recommending it for users who are unable to install Malwarebytes due to a malware infection, but maybe I should stop recommending it? I understand rootkits are rare, but there are sometimes cases where MBAR or something like it might be helpful (though I can't think of any off the top of my head). If it is no longer, is there another tool for me to recommend? Thanks
-
https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/ The above URL is an example of one legitimate URL affected by the blocking of mcfp.felk.cvut[.]cz, which is a result of the blocklisting of the IP address it is hosted on. I do not see any red flags on the domain, nor do I see any obvious evidence of abuse relating to the IP address it (and only it) is hosted on (147.32.82.194). Thank you.
-
@gatortail sorry to bother you, but would you mind commenting on the license situation? Thanks
-
uBlock Origin's developer strongly recommends people not use other content/ad blockers with uBlock Origin. While I doubt the malware protection will conflict, the adblocking will (and there are reports of it conflicting). uBlock Origin has specific rules which take advantage of it's features to enhance EasyList, such as by redirecting blocked ad scripts to "fillers" to prevent breakage. Thanks
-
Hello, biometrictoday.com is blocked because the IP it is hosted on - 108.163.193[.]186 - is blocklisted. This appears to be a legitimate website about biometrics, and the IP looks clean. I am not affiliated with this website or it's hosting provider. Thank you.
-
No, uBlock Origin has other filterlists. However, this does mean the adblocking-component of MBG will conflict with uBlock Origin (the malware/scam blocking parts shouldn't). Then the EasyList authors should be credited in the extension's description. Also, I am not sure (not a lawyer), but given EasyList is under GPL and CC BY-SA 3.0 (both of which are so-called viral licenses), you may be required to license part of/all of the extension under GPL. Thanks
-
Hello, I noticed Malwarebytes is blocking 192.160.102[.]164 This is a Tor node, and blocking it breaks programs which use Tor. While Tor is abused - and it seems threat actors may have used the same server for malicious activities - an entire IP should not be blocked for a abuse unless it is used only for abuse, which is not the case. Thank you.
-
Does this mean Malwarebytes Browser Guard is using EasyList? Test URLs: https://web.archive.org/web/20231121153314/https://www.c-span.org/video/?531450-1/fbi-director-homeland-security-secretary-testify-threats-part-1 https://www.npr.org/2023/02/23/1159084476/know-it-all-ai-and-police-surveillance Thanks
-
This website is supposedly run by a "well known Youtuber within germany". By blocklisting 144.76.85.238, this website is inadvertently blocked. I do not see any issues with 144.76.85.238, and the only notable issue with schroederdennis[.]de is a malware URL which has been taken down. Thank you.