Jump to content

asianmusicguy

Honorary Members
  • Posts

    291
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

6,501 profile views
  1. Hi team, I work for a web hosting and design firm. One of our clients has reported that their website is being blocked by Malwarebytes as potentially malicious when accessed via a browser. Given the client's concern, I have conducted a thorough check using both Sucuri and VirusTotal, and both services have indicated that the site is clean. Below are the links to the scans: [Sucuri https://sitecheck.sucuri.net/results/altasierrastorage.com VirusTotal Scan https://www.virustotal.com/gui/url/ee47920cf282cc5d5848e95516b171d4fb9bbcdfe9a4471df82cd7eba2573c6c Unfortunately, I am unable to provide detailed logs or additional information as the client is elderly and not particularly tech-savvy. Could you please review this case and let us know if this is a false positive? Any assistance you can provide would be greatly appreciated. Thank you for your attention to this matter.
  2. @DashkeVery welcome I take it this means it was indeed a FP?
  3. Thanks @Dashke how soon do you think we will know for sure?
  4. visiting https://www.mi.com gave me the following detection may be related to a cdn they use? Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2022-11-24 Protection Event Time: 11:44 AM Log File: bd870302-6c0a-11ed-b5d6-9c5c8e3e5192.json -Software Information- Version: 4.5.17.221 Components Version: 1.0.1806 Update Package Version: 1.0.62728 License: Premium -System Information- OS: Windows 10 (Build 19044.2251) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: i01.appmifile.com.wsglb0.com IP Address: 157.185.165.41 Port: 443 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end)
  5. This detection appeared while attempting to access the cPanel address of the hosting provider I work for if this is legitimate please let me know so we can take action if needed.. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2022-11-10 Protection Event Time: 1:25 PM Log File: 7fa5cd4a-6118-11ed-b13f-9c5c8e3e5192.json -Software Information- Version: 4.5.17.221 Components Version: 1.0.1806 Update Package Version: 1.0.62104 License: Premium -System Information- OS: Windows 10 (Build 19044.2251) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Compromised Domain: wolverine.server-protocol.com IP Address: 192.169.82.134 Port: 2083 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end)
  6. Virus Total https://www.virustotal.com/gui/url/2b36775ad14fa3921ec91a2b76e0615aa8f059ffc5c585172f84246a1ca52834?nocache=1 Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/20/22 Protection Event Time: 6:44 PM Log File: 6c047b77-929a-11ec-a72b-10bf487f7f03.json -Software Information- Version: 4.5.2.157 Components Version: 1.0.1562 Update Package Version: 1.0.51421 License: Premium -System Information- OS: Windows 10 (Build 19042.1526) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: looking-glass.io IP Address: 139.99.244.113 Port: 443 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end)
  7. Please review the following Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/9/21 Protection Event Time: 7:38 PM Log File: f799af9c-41b1-11ec-8bb7-10bf487f7f03.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.47030 License: Premium -System Information- OS: Windows 10 (Build 19042.1288) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: www.lazygamereviews.com IP Address: 192.252.149.19 Port: 80 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end) https://www.virustotal.com/gui/url/c4dab318ad6f44eb7af2a9420e08b7597518ba3b22357d5a09931d9be4045030
  8. SHP is the first place to turn to for technical with the Sierra/Sierra Family classic games. It hosts most of the official patches from the original Sierra FTP server. SHP has been a resource for GOG. Some of the GOG releases were a collaborative with Collector of The Sierra Help Pages. SHP is also home to the new installers that ease the setup of these classics on modern PCs. https://www.virustotal.com/gui/url/67a108ec497a7c24e58e1c55b2370a1b5f6531ffd33374568af4005587015ed8 Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 11/10/21 Protection Event Time: 4:46 PM Log File: 1b91b280-4263-11ec-8df9-10bf487f7f03.json -Software Information- Version: 4.4.10.144 Components Version: 1.0.1499 Update Package Version: 1.0.47054 License: Premium -System Information- OS: Windows 10 (Build 19042.1288) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: sierrahelp.com IP Address: 143.95.253.117 Port: 80 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end) Note from website owner when i made them aware "Not much that I can do about that. It is a false positive because of the installers that are scripted with NSIS. Malwarebytes flags NSIS installers because malware authors have used it to deliver their "goods". The only thing that I can do is either to remove the installers or spend a lot to sign them, which I am not not going to do for just a hobby."
  9. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 7/28/21 Protection Event Time: 12:11 PM Log File: ef02f26e-efb1-11eb-9bce-10bf487f7f03.json -Software Information- Version: 4.4.3.125 Components Version: 1.0.1387 Update Package Version: 1.0.43650 License: Premium -System Information- OS: Windows 10 (Build 19042.1110) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: wcnews.com IP Address: 184.173.25.96 Port: 443 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end) VT: https://www.virustotal.com/gui/url/6b4a7a76a3a7ea5be82e37e8630a7e6aac54eea9561b5bbacfba5dd9014685ea/detection
  10. https://www.virustotal.com/gui/url/b9b5375c112a2ef931afefbaaac6373685376af8b873c7717317caf82d81eb16/detection
  11. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 3/4/21 Protection Event Time: 1:30 PM Log File: 25909e2c-7d0b-11eb-a2fe-10bf487f7f03.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37781 License: Premium -System Information- OS: Windows 10 (Build 18362.1379) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: similarworlds.com IP Address: 162.0.210.143 Port: 443 Type: Outbound File: C:\Program Files\Vivaldi\Application\vivaldi.exe (end)
  12. @portnos thanks can you ask someone to look at that particular link though
  13. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 12/8/20 Protection Event Time: 12:59 PM Log File: 9ba4fd57-3972-11eb-aa12-10bf487f7f03.json -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.34085 License: Premium -System Information- OS: Windows 10 (Build 18362.1198) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Users\Branden\AppData\Local\Vivaldi\Application\vivaldi.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: www.ojrq.net IP Address: 34.95.127.121 Port: 443 Type: Outbound File: C:\Users\Branden\AppData\Local\Vivaldi\Application\vivaldi.exe (end) Blocked Url was https://www.ojrq.net/p/?return=https%3A%2F%2Finstacart.oloiyb.net%2Fc%2F1434500%2F415003%2F7412%3FsubId1%3D916d7502a9a967cae45a4fe9885f9675%26level%3D1%26srcref%3Dhttps%253A%252F%252Fww55.siteplug.com%252Ffb_veve.php%253Fenk%253D34c8221c58596c1d64c2d6013730c1600201cd87a5370ef0%2526fb%253D916d7502a9a967cae45a4fe9885f9675%2526setup%253Dql%2526csk%253Dujl09%2526site_id%253D53105&cid=7412&tpsync=yes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.