Jump to content

sp123

Honorary Members
  • Posts

    232
  • Joined

  • Last visited

Reputation

38 Excellent

Profile Information

  • Location
    Lost
  • Interests
    Security

Recent Profile Visitors

5,723 profile views
  1. Interesting. I didn't trigger MBAM when I tested, but I now realize that was due to a misconfiguration on my system. Sorry for the error. Thanks for pointing that out.
  2. Distributed Denial of Secrets is an organization which publishes data from whistleblowers and hacktivists. The domain data.ddosecrets.com is used by this organization to share the published data, for example: https://data.ddosecrets.com/Israel%20Ministry%20of%20Defense/ Visiting any page on that domain returns the following block: While this organization is controversial, it does not distribute malware. Thank you
  3. I was testing just by curling that IP directly (curl 104.21.87[.]149), but it seems for some reason Windows was connecting to the domain anyway? I cleared the DNS cache and now it correctly shows MBAM does not block this IP. I apologize for the mistake. Nevertheless, why is that domain malicious? It appears to be just a comics website, and people have reported it to be legitimate. I do not have VirusTotal Premium, so I can not see the information you linked to (I assume there are some malicious URLs on this domain?). Thank you
  4. Note: I just used curl for testing. Thanks Malwarebytes Website Blocked Report 2024-05-12 103500.txt
  5. This IP is owned by CloudFlare, and as such blocklisting it blocks many legitimate domains who happen to use CloudFlare. Abusive websites should be reported to CloudFlare or blocklisted separately, rather than blocking the entire IP. Thank you
  6. I am aware. I was recommending MBAR for systems where malware blocked Malwarebytes. Ok, thank you. I will no longer recommend it, and instead will point to Malwarebytes' rootkit scanning and offline installer.
  7. I am curious what the current status of Malwarebytes Anti-Rootkit is, and where it would be possible to download it. Even the forum post with instructions has disappeared (https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/) I have been recommending it for users who are unable to install Malwarebytes due to a malware infection, but maybe I should stop recommending it? I understand rootkits are rare, but there are sometimes cases where MBAR or something like it might be helpful (though I can't think of any off the top of my head). If it is no longer, is there another tool for me to recommend? Thanks
  8. https://mcfp.felk.cvut.cz/publicDatasets/CTU-AIPP-BlackList/ The above URL is an example of one legitimate URL affected by the blocking of mcfp.felk.cvut[.]cz, which is a result of the blocklisting of the IP address it is hosted on. I do not see any red flags on the domain, nor do I see any obvious evidence of abuse relating to the IP address it (and only it) is hosted on (147.32.82.194). Thank you.
  9. @gatortail sorry to bother you, but would you mind commenting on the license situation? Thanks
  10. uBlock Origin's developer strongly recommends people not use other content/ad blockers with uBlock Origin. While I doubt the malware protection will conflict, the adblocking will (and there are reports of it conflicting). uBlock Origin has specific rules which take advantage of it's features to enhance EasyList, such as by redirecting blocked ad scripts to "fillers" to prevent breakage. Thanks
  11. Hello, biometrictoday.com is blocked because the IP it is hosted on - 108.163.193[.]186 - is blocklisted. This appears to be a legitimate website about biometrics, and the IP looks clean. I am not affiliated with this website or it's hosting provider. Thank you.
  12. No, uBlock Origin has other filterlists. However, this does mean the adblocking-component of MBG will conflict with uBlock Origin (the malware/scam blocking parts shouldn't). Then the EasyList authors should be credited in the extension's description. Also, I am not sure (not a lawyer), but given EasyList is under GPL and CC BY-SA 3.0 (both of which are so-called viral licenses), you may be required to license part of/all of the extension under GPL. Thanks
  13. Hello, I noticed Malwarebytes is blocking 192.160.102[.]164 This is a Tor node, and blocking it breaks programs which use Tor. While Tor is abused - and it seems threat actors may have used the same server for malicious activities - an entire IP should not be blocked for a abuse unless it is used only for abuse, which is not the case. Thank you.
  14. Does this mean Malwarebytes Browser Guard is using EasyList? Test URLs: https://web.archive.org/web/20231121153314/https://www.c-span.org/video/?531450-1/fbi-director-homeland-security-secretary-testify-threats-part-1 https://www.npr.org/2023/02/23/1159084476/know-it-all-ai-and-police-surveillance Thanks
  15. This website is supposedly run by a "well known Youtuber within germany". By blocklisting 144.76.85.238, this website is inadvertently blocked. I do not see any issues with 144.76.85.238, and the only notable issue with schroederdennis[.]de is a malware URL which has been taken down. Thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.