Jump to content

Is this a false positive ?

Cale

By Cale
in File Detections

 Share

Recommended Posts

Cale

Cale

Posted
Posted

The site in question is:

http://www.platformines.com/

==========================

Malwarebytes has successfully blocked access to a potentially malicious website:

213.186.33.87

Type: outgoing

Port: 61539, Process: firefox.exe

==========================

This site i thought to be safe, as i've visited it before. My understanding of the criteria for blocked sites by MBAM, is if they are proven malicious. So is it just the case that this site has been hijacked since i last visited it, or is it just a false positive ? or is it just sharing an similar IP with one known to be malicious ?

Cheers.

Link to post
Share on other sites
Cale

Cale

Posted
  • Author
Posted

It's not an F/P, no. To date there have been 92 instances of malicious content on that IP, and as of this morning, OVH are still blocking reports from me, despite numerous phone calls.

Sorry you'll have to forgive me, but i'm unfamiliar with "OVH" ? - is this the host ?

Also whats your source for the "92 instances of malicious content" ? as if thats the case, there are a few friends i would like to pass this on to. Thx

Link to post
Share on other sites
Cale

Cale

Posted
  • Author
Posted

OVH is the IP owner and ASN that owns the IP range the IP belongs to.

The source is me (all instances were identified and checked, by myself)

Thx MysteryFCM. I'm thinking that this is both odd and serious. As there have been at least 3 major video games news sites that have linked directly to this site (http://www.platformines.com/), and thousands of people that have probably access it and even downloaded the beta of the game from it. I have to say i'm surprised that the site has not been taken down, if it contains that much malicious content.

Anyway, thank you for the prompt replys, much appreciated. I'll try to email / contact rock paper shotgun, along with the other news sites, and pass on this info.

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

No problem at all.

I'd certainly advise notifying them, but please also assure them that none of the instances have been on their domain (their domain shares its IP with numerous others, and because of the instances of malware and amount of them, on the IP, I'd strongly advise they move their site elsewhere).

Link to post
Share on other sites
Cale

Cale

Posted
  • Author
Posted
No problem at all. I'd certainly advise notifying them, but please also assure them that none of the instances have been on their domain (their domain shares its IP with numerous others, and because of the instances of malware and amount of them, on the IP, I'd strongly advise they move their site elsewhere).

Ahh i see, sry my bad, i misunderstood. So the domain platformines.com contains nothing malicious, (which explains how so many people were able to access it with apparently no ill effects.) however the IP is one used by other domains that constitute the 92 instances of malware. Ok i get it now. So this then may just be a case of the dev team behind the game, being unaware of history of the IP they use for the platformines game site.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.