bigpress

I don't know what the IPv6 bug is but thought it could be related with IPv6 being dislabled in the domain. So decided to create a subdomain with IPv6 enabled to check if it still gets detected. It does, https://ipv6.bigpress.net gets detected The detection happens both with the extension installed (Browser Guard) and the Windows desktop application. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/16/24 Protection Event Time: 6:07 AM Log File: 54bae5e2-cc89-11ee-8bcb-bc2411dc42e8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80993 License: Trial -System Information- OS: Windows 10 (Build 19045.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: ipv6.bigpress.net IP Address: 165.22.22.250 Port: 80 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end)

Our customers thta make use of the domain receive millions of visits every day so we are very proactive about resolving these issues beuse uasually many users are affected.

I have searched but didn't found any information about that IPv6 bug. Can we do anything to resolve this situation? If it is a Malwarebytes bug will be solved with a Malwarebytes update in hours or days?

Sample for one of the subdomains (we have many subdomains) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 8:49 PM Log File: 594f312e-cc3b-11ee-bbff-bc2411dc42e8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80977 License: Trial -System Information- OS: Windows 10 (Build 19045.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: elidealgallego.cdn.bigpress.net IP Address: 79.143.93.75 Port: 443 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end)

Sample for domain bigpress.net Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 8:48 PM Log File: 2e700762-cc3b-11ee-ad6f-bc2411dc42e8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80977 License: Trial -System Information- OS: Windows 10 (Build 19045.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: bigpress.net IP Address: 46.183.115.164 Port: 443 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end)

Sorry I am not very familiar with your product (it was reported by users and now we installed Malwarebytes to check) The message appears in both Firefox and Chrome. Probably that meas it's a Browser Guard block as you say. The affected domain seems to be bigpress.net and all it's subdomains. We have multiple IPs and seems to affect all of them. Here is an screenshot of the detection history.

It seems it affects all the domain bigpress.net and it's subdomains

We have users reporting that beta.bigpress.net is being reported as phishing. Our website is https://bigpress.net We are the owners of that domain. We use it to provide services to multiple newspapers. For example it was reported to us that the message appears at https://www.elidealgallego.com/ which is one of our customers