bigpress
-
Posts
8 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by bigpress
-
-
Our customers thta make use of the domain receive millions of visits every day so we are very proactive about resolving these issues beuse uasually many users are affected.
-
I have searched but didn't found any information about that IPv6 bug. Can we do anything to resolve this situation? If it is a Malwarebytes bug will be solved with a Malwarebytes update in hours or days?
-
Sample for one of the subdomains (we have many subdomains)
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/15/24
Protection Event Time: 8:49 PM
Log File: 594f312e-cc3b-11ee-bbff-bc2411dc42e8.json
-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2259
Update Package Version: 1.0.80977
License: Trial
-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: Phishing
Domain: elidealgallego.cdn.bigpress.net
IP Address: 79.143.93.75
Port: 443
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe
(end) -
Sample for domain bigpress.net
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/15/24
Protection Event Time: 8:48 PM
Log File: 2e700762-cc3b-11ee-ad6f-bc2411dc42e8.json
-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2259
Update Package Version: 1.0.80977
License: Trial
-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: Phishing
Domain: bigpress.net
IP Address: 46.183.115.164
Port: 443
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe
(end) -
Sorry I am not very familiar with your product (it was reported by users and now we installed Malwarebytes to check) The message appears in both Firefox and Chrome. Probably that meas it's a Browser Guard block as you say.
The affected domain seems to be bigpress.net and all it's subdomains. We have multiple IPs and seems to affect all of them. Here is an screenshot of the detection history.
-
It seems it affects all the domain bigpress.net and it's subdomains
-
We have users reporting that beta.bigpress.net is being reported as phishing. Our website is
https://bigpress.net
We are the owners of that domain. We use it to provide services to multiple newspapers. For example it was reported to us that the message appears at
https://www.elidealgallego.com/
which is one of our customers
beta.bigpress.net
in Website Blocking
Posted
I don't know what the IPv6 bug is but thought it could be related with IPv6 being dislabled in the domain.
So decided to create a subdomain with IPv6 enabled to check if it still gets detected. It does, https://ipv6.bigpress.net gets detected
The detection happens both with the extension installed (Browser Guard) and the Windows desktop application.
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/16/24
Protection Event Time: 6:07 AM
Log File: 54bae5e2-cc89-11ee-8bcb-bc2411dc42e8.json
-Software Information-
Version: 4.6.8.311
Components Version: 1.0.2259
Update Package Version: 1.0.80993
License: Trial
-System Information-
OS: Windows 10 (Build 19045.3086)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: Phishing
Domain: ipv6.bigpress.net
IP Address: 165.22.22.250
Port: 80
Type: Outbound
File: C:\Program Files\Google\Chrome\Application\chrome.exe
(end)