quack2

- I don't know where to find that view, I can't see those links on my end - Look at the scanned date, recent results have less detections. Scan the URLs again and they will be clean. - Those are all domain-level flags, so the number of links doesn't matter.

Download server for qiwi.gg, similar to qiwi.lol previous thread where qiwi.lol was unblocked:

buzzheavier.com is now clean on virustotal.

Looking at the detections, they all seem low-quality or inaccessible as a free user. For example Quttera detects the site linking to itself as malware, and the according to the website the "Blacklist Removal" requires payment before they will remove the detection.

buzzheavier keeps files around for longer than other file hosting sites, so any malware would stick around forever until it was removed manually. For an inactive threat or a false positive, that might never happen. That could explain the greater number of false positives compared to other filehosting sites

I see some inconsistent detections on some of the subdomains but nothing actually malicious, looks like more false positives

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 5/22/2024 Protection Event Time: 10:11 AM Log File: 51a62562-185e-11ef-9edb-00155d00063e.json -Software Information- Version: 5.1.4.112 Components Version: 1.0.1244 Update Package Version: 1.0.84941 License: Premium -System Information- OS: Windows 10 (Build 19044.4412) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: buzzheavier.com IP Address: 104.26.5.225 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) another file hosting site

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/28/2024 Protection Event Time: 1:35 PM Log File: 5888055e-d681-11ee-a240-00155d00063e.json -Software Information- Version: 5.0.17.99 Components Version: 1.0.1169 Update Package Version: 1.0.81556 License: Premium -System Information- OS: Windows 10 (Build 19044.4046) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: qiwi.lol IP Address: 172.67.173.227 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) qiwi.lol is the download server for qiwi.gg

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/1/2024 Protection Event Time: 3:21 PM Log File: b11e1638-c158-11ee-996c-00155d00063e.json -Software Information- Version: 5.0.16.97 Components Version: 1.0.1135 Update Package Version: 1.0.80390 License: Premium -System Information- OS: Windows 10 (Build 19044.3930) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: clicknupload.click IP Address: 104.21.41.79 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Another FP

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/1/2024 Protection Event Time: 12:43 PM Log File: 95a90482-c142-11ee-802b-00155d00063e.json -Software Information- Version: 5.0.16.97 Components Version: 1.0.1135 Update Package Version: 1.0.80386 License: Premium -System Information- OS: Windows 10 (Build 19044.3930) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: darkibox.com IP Address: 104.21.27.32 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Another files upload site FP

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/12/23 Protection Event Time: 8:53 PM Log File: 11013c9a-697c-11ee-92a0-00155d000609.json -Software Information- Version: 4.6.4.286 Components Version: 1.0.2163 Update Package Version: 1.0.76139 License: Trial -System Information- OS: Windows 10 (Build 19044.3448) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: download-send.com IP Address: 172.67.147.35 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) another false positive, this time for a download server. Its unrelated to the above site but I didn't want to spam the forum with too many posts.

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/12/23 Protection Event Time: 8:37 PM Log File: d242ab3a-6979-11ee-855a-00155d000609.json -Software Information- Version: 4.6.4.286 Components Version: 1.0.2163 Update Package Version: 1.0.76139 License: Trial -System Information- OS: Windows 10 (Build 19044.3448) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: cloudfilt.com IP Address: 51.222.108.20 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) bot protection site with captcha

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/12/23 Protection Event Time: 8:18 PM Log File: 2a1da7b8-6977-11ee-9264-00155d000609.json -Software Information- Version: 4.6.4.286 Components Version: 1.0.2163 Update Package Version: 1.0.76139 License: Trial -System Information- OS: Windows 10 (Build 19044.3448) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: hexupload.net IP Address: 185.125.171.207 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) false positive, it is just a file sharing site

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 9/30/23 Protection Event Time: 12:38 AM Log File: 67cb434e-5f64-11ee-9b54-00155d000609.json -Software Information- Version: 4.6.3.282 Components Version: 1.0.2158 Update Package Version: 1.0.75815 License: Trial -System Information- OS: Windows 10 (Build 19044.3448) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: multiup.io IP Address: 104.21.77.53 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) This site doesn't even host downloads themselves, I'm not sure why it is flagged.

I can replicate the issue with the IP address itself being blocked with this site. 104.21.235.105 is blocked as malware only after visiting krakenfiles.com. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/15/23 Protection Event Time: 5:55 PM Log File: 6d293972-2373-11ee-a6c1-00155d000609.json -Software Information- Version: 4.5.33.272 Components Version: 1.0.2069 Update Package Version: 1.0.72481 License: Trial -System Information- OS: Windows 10 (Build 19044.3208) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 104.21.235.105 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

krakenfiles.com is a filesharing site. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/15/23 Protection Event Time: 5:48 PM Log File: 6beed9fa-2372-11ee-96c1-00155d000609.json -Software Information- Version: 4.5.33.272 Components Version: 1.0.2069 Update Package Version: 1.0.72439 License: Trial -System Information- OS: Windows 10 (Build 19044.3208) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: krakenfiles.com IP Address: 104.21.235.105 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

I ran an update check and get the same results.

Seems the block only happens if I navigate to a blocked website before trying the IP, I didn't notice that during my tests. nxbrew.com can be used for testing, though I looked at the site and the domain level-block for that site seems to also be a false positive.

Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/14/23 Protection Event Time: 10:30 PM Log File: ad22b7ae-22d0-11ee-8ad2-00155d000609.json -Software Information- Version: 4.5.33.272 Components Version: 1.0.2069 Update Package Version: 1.0.72439 License: Trial -System Information- OS: Windows 10 (Build 19044.3208) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 172.67.216.181 Port: 80 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

172.67.216.181 is part of the cloudflare network and not tied to any specific site.

This is the download server for megadb, another filesharing site. The main page is unblocked, but downloads will fail. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/11/23 Protection Event Time: 10:27 AM Log File: 34556046-2010-11ee-ad6a-00155d000609.json -Software Information- Version: 4.5.32.271 Components Version: 1.0.2051 Update Package Version: 1.0.72259 License: Trial -System Information- OS: Windows 10 (Build 19044.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: fs1.megadb.xyz IP Address: 78.46.21.228 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

It is not my site, but I think a bit of malware out of all the files that are uploaded is expected given the anonymous upload ability. I've seen the site used in multiple legitimate scripts and there is an abuse email on the site. The files also can't be edited after upload and will expire eventually, so I think its use for malware distribution is limited compared to its usefulness for legitimate file upload and sharing.

Thanks. https://x0.at/ is a very similar site also blocked, here is the log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/27/23 Protection Event Time: 10:01 PM Log File: c83991c4-1570-11ee-84a0-00155d000609.json -Software Information- Version: 4.5.31.270 Components Version: 1.0.2047 Update Package Version: 1.0.71636 License: Trial -System Information- OS: Windows 10 (Build 19044.2965) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: x0.at IP Address: 167.235.245.18 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)

The website is a useful and simple filesharing site. The code is open source. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/27/23 Protection Event Time: 10:11 AM Log File: 99f84b24-150d-11ee-87f7-00155d000609.json -Software Information- Version: 4.5.31.270 Components Version: 1.0.2047 Update Package Version: 1.0.71610 License: Trial -System Information- OS: Windows 10 (Build 19044.2965) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: 0x0.st IP Address: 168.119.145.117 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end)