sp123

I was testing just by curling that IP directly (curl 104.21.87[.]149), but it seems for some reason Windows was connecting to the domain anyway? I cleared the DNS cache and now it correctly shows MBAM does not block this IP. I apologize for the mistake. Nevertheless, why is that domain malicious? It appears to be just a comics website, and people have reported it to be legitimate. I do not have VirusTotal Premium, so I can not see the information you linked to (I assume there are some malicious URLs on this domain?). Thank you

Note: I just used curl for testing. Thanks Malwarebytes Website Blocked Report 2024-05-12 103500.txt

This IP is owned by CloudFlare, and as such blocklisting it blocks many legitimate domains who happen to use CloudFlare. Abusive websites should be reported to CloudFlare or blocklisted separately, rather than blocking the entire IP. Thank you

I am aware. I was recommending MBAR for systems where malware blocked Malwarebytes. Ok, thank you. I will no longer recommend it, and instead will point to Malwarebytes' rootkit scanning and offline installer.

I am curious what the current status of Malwarebytes Anti-Rootkit is, and where it would be possible to download it. Even the forum post with instructions has disappeared (https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/) I have been recommending it for users who are unable to install Malwarebytes due to a malware infection, but maybe I should stop recommending it? I understand rootkits are rare, but there are sometimes cases where MBAR or something like it might be helpful (though I can't think of any off the top of my head). If it is no longer, is there another tool for me to recommend? Thanks

https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/ The above URL is an example of one legitimate URL affected by the blocking of mcfp.felk.cvut[.]cz, which is a result of the blocklisting of the IP address it is hosted on. I do not see any red flags on the domain, nor do I see any obvious evidence of abuse relating to the IP address it (and only it) is hosted on (147.32.82.194). Thank you.

@gatortail sorry to bother you, but would you mind commenting on the license situation? Thanks

uBlock Origin's developer strongly recommends people not use other content/ad blockers with uBlock Origin. While I doubt the malware protection will conflict, the adblocking will (and there are reports of it conflicting). uBlock Origin has specific rules which take advantage of it's features to enhance EasyList, such as by redirecting blocked ad scripts to "fillers" to prevent breakage. Thanks

Hello, biometrictoday.com is blocked because the IP it is hosted on - 108.163.193[.]186 - is blocklisted. This appears to be a legitimate website about biometrics, and the IP looks clean. I am not affiliated with this website or it's hosting provider. Thank you.

No, uBlock Origin has other filterlists. However, this does mean the adblocking-component of MBG will conflict with uBlock Origin (the malware/scam blocking parts shouldn't). Then the EasyList authors should be credited in the extension's description. Also, I am not sure (not a lawyer), but given EasyList is under GPL and CC BY-SA 3.0 (both of which are so-called viral licenses), you may be required to license part of/all of the extension under GPL. Thanks

Hello, I noticed Malwarebytes is blocking 192.160.102[.]164 This is a Tor node, and blocking it breaks programs which use Tor. While Tor is abused - and it seems threat actors may have used the same server for malicious activities - an entire IP should not be blocked for a abuse unless it is used only for abuse, which is not the case. Thank you.

Does this mean Malwarebytes Browser Guard is using EasyList? Test URLs: https://web.archive.org/web/20231121153314/https://www.c-span.org/video/?531450-1/fbi-director-homeland-security-secretary-testify-threats-part-1 https://www.npr.org/2023/02/23/1159084476/know-it-all-ai-and-police-surveillance Thanks

This website is supposedly run by a "well known Youtuber within germany". By blocklisting 144.76.85.238, this website is inadvertently blocked. I do not see any issues with 144.76.85.238, and the only notable issue with schroederdennis[.]de is a malware URL which has been taken down. Thank you.

I noticed Malwarebytes was blocking wtools[.]io due to the IP addresses it is hosted on. 104.21.6.247 172.67.135.130 Both of these IP addresses are CloudFlare IPs. While I understand CloudFlare is quite untrustworthy, I do not think it should be blocked as malware. Please reclassify these IPs as privacy threats. Thanks

It is a pastebin-like site, so I imagine people often upload malware to it (hence the detections). However, I am open to evidence to the contrary. Thanks