[buzzheavier.com]

- I don't know where to find that view, I can't see those links on my end

- Look at the scanned date, recent results have less detections. Scan the URLs again and they will be clean.

- Those are all domain-level flags, so the number of links doesn't matter.

 

[spyderrock.com]

Download server for qiwi.gg, similar to qiwi.lol

previous thread where qiwi.lol was unblocked:

 

[buzzheavier.com]

buzzheavier.com is now clean on virustotal.

[buzzheavier.com]

Looking at the detections, they all seem low-quality or inaccessible as a free user. For example Quttera detects the site linking to itself as malware, and the according to the website the "Blacklist Removal" requires payment before they will remove the detection.

[buzzheavier.com]

2 minutes ago, TeMerc said:

Highly unlikely there are that many FPs, if it were a few I'd agree but not in this case. 

buzzheavier keeps files around for longer than other file hosting sites, so any malware would stick around forever until it was removed manually. For an inactive threat or a false positive, that might never happen. That could explain the greater number of false positives compared to other filehosting sites

[buzzheavier.com]

1 hour ago, TeMerc said:

Helio- Thanks for reaching out, this is not an fp, tons of urls detected by multiple vendors: VirusTotal - Domain - buzzheavier.com

I see some inconsistent detections on some of the subdomains but nothing actually malicious, looks like more false positives

[buzzheavier.com]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 5/22/2024
Protection Event Time: 10:11 AM
Log File: 51a62562-185e-11ef-9edb-00155d00063e.json

-Software Information-
Version: 5.1.4.112
Components Version: 1.0.1244
Update Package Version: 1.0.84941
License: Premium

-System Information-
OS: Windows 10 (Build 19044.4412)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: buzzheavier.com
IP Address: 104.26.5.225
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

another file hosting site

[qiwi.lol]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/28/2024
Protection Event Time: 1:35 PM
Log File: 5888055e-d681-11ee-a240-00155d00063e.json

-Software Information-
Version: 5.0.17.99
Components Version: 1.0.1169
Update Package Version: 1.0.81556
License: Premium

-System Information-
OS: Windows 10 (Build 19044.4046)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: RiskWare
Domain: qiwi.lol
IP Address: 172.67.173.227
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

 

qiwi.lol is the download server for qiwi.gg

[clicknupload.click]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/1/2024
Protection Event Time: 3:21 PM
Log File: b11e1638-c158-11ee-996c-00155d00063e.json

-Software Information-
Version: 5.0.16.97
Components Version: 1.0.1135
Update Package Version: 1.0.80390
License: Premium

-System Information-
OS: Windows 10 (Build 19044.3930)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: RiskWare
Domain: clicknupload.click
IP Address: 104.21.41.79
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

 

Another FP

[darkibox.com]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/1/2024
Protection Event Time: 12:43 PM
Log File: 95a90482-c142-11ee-802b-00155d00063e.json

-Software Information-
Version: 5.0.16.97
Components Version: 1.0.1135
Update Package Version: 1.0.80386
License: Premium

-System Information-
OS: Windows 10 (Build 19044.3930)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: RiskWare
Domain: darkibox.com
IP Address: 104.21.27.32
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

(end)

 

Another files upload site FP

[FP: hexupload.net]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/12/23
Protection Event Time: 8:53 PM
Log File: 11013c9a-697c-11ee-92a0-00155d000609.json

-Software Information-
Version: 4.6.4.286
Components Version: 1.0.2163
Update Package Version: 1.0.76139
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3448)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: download-send.com
IP Address: 172.67.147.35
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

another false positive, this time for a download server. Its unrelated to the above site but I didn't want to spam the forum with too many posts.

[FP: cloudfilt.com]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/12/23
Protection Event Time: 8:37 PM
Log File: d242ab3a-6979-11ee-855a-00155d000609.json

-Software Information-
Version: 4.6.4.286
Components Version: 1.0.2163
Update Package Version: 1.0.76139
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3448)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Phishing
Domain: cloudfilt.com
IP Address: 51.222.108.20
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

bot protection site with captcha

[FP: hexupload.net]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/12/23
Protection Event Time: 8:18 PM
Log File: 2a1da7b8-6977-11ee-9264-00155d000609.json

-Software Information-
Version: 4.6.4.286
Components Version: 1.0.2163
Update Package Version: 1.0.76139
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3448)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Trojan
Domain: hexupload.net
IP Address: 185.125.171.207
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

false positive, it is just a file sharing site

[FP: multiup.io]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/30/23
Protection Event Time: 12:38 AM
Log File: 67cb434e-5f64-11ee-9b54-00155d000609.json

-Software Information-
Version: 4.6.3.282
Components Version: 1.0.2158
Update Package Version: 1.0.75815
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3448)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: multiup.io
IP Address: 104.21.77.53
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

This site doesn't even host downloads themselves, I'm not sure why it is flagged.

[krakenfiles.com is blocked as riskware]

I can replicate the issue with the IP address itself being blocked with this site. 104.21.235.105 is blocked as malware only after visiting krakenfiles.com.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/15/23
Protection Event Time: 5:55 PM
Log File: 6d293972-2373-11ee-a6c1-00155d000609.json

-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.72481
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3208)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malware
Domain: 
IP Address: 104.21.235.105
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

[krakenfiles.com is blocked as riskware]

krakenfiles.com is a filesharing site.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/15/23
Protection Event Time: 5:48 PM
Log File: 6beed9fa-2372-11ee-96c1-00155d000609.json

-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.72439
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3208)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: krakenfiles.com
IP Address: 104.21.235.105
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

[172.67.216.181 is blocked as malware]

I ran an update check and get the same results.

[172.67.216.181 is blocked as malware]

Seems the block only happens if I navigate to a blocked website before trying the IP, I didn't notice that during my tests. nxbrew.com can be used for testing, though I looked at the site and the domain level-block for that site seems to also be a false positive.

[172.67.216.181 is blocked as malware]

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/14/23
Protection Event Time: 10:30 PM
Log File: ad22b7ae-22d0-11ee-8ad2-00155d000609.json

-Software Information-
Version: 4.5.33.272
Components Version: 1.0.2069
Update Package Version: 1.0.72439
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3208)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Malware
Domain: 
IP Address: 172.67.216.181
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

 

[172.67.216.181 is blocked as malware]

172.67.216.181 is part of the cloudflare network and not tied to any specific site.

[fs1.megadb.xyz is blocked as riskware]

This is the download server for megadb, another filesharing site. The main page is unblocked, but downloads will fail.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/11/23
Protection Event Time: 10:27 AM
Log File: 34556046-2010-11ee-ad6a-00155d000609.json

-Software Information-
Version: 4.5.32.271
Components Version: 1.0.2051
Update Package Version: 1.0.72259
License: Trial

-System Information-
OS: Windows 10 (Build 19044.3086)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: fs1.megadb.xyz
IP Address: 78.46.21.228
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

[0x0.st is blocked]

It is not my site, but I think a bit of malware out of all the files that are uploaded is expected given the anonymous upload ability. I've seen the site used in multiple legitimate scripts and there is an abuse email on the site. The files also can't be edited after upload and will expire eventually, so I think its use for malware distribution is limited compared to its usefulness for legitimate file upload and sharing.

[0x0.st is blocked]

Thanks.

 

https://x0.at/ is a very similar site also blocked, here is the log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/27/23
Protection Event Time: 10:01 PM
Log File: c83991c4-1570-11ee-84a0-00155d000609.json

-Software Information-
Version: 4.5.31.270
Components Version: 1.0.2047
Update Package Version: 1.0.71636
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2965)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: x0.at
IP Address: 167.235.245.18
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)

[0x0.st is blocked]

The website is a useful and simple filesharing site. The code is open source.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/27/23
Protection Event Time: 10:11 AM
Log File: 99f84b24-150d-11ee-87f7-00155d000609.json

-Software Information-
Version: 4.5.31.270
Components Version: 1.0.2047
Update Package Version: 1.0.71610
License: Trial

-System Information-
OS: Windows 10 (Build 19044.2965)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: RiskWare
Domain: 0x0.st
IP Address: 168.119.145.117
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

(end)