Jump to content

2 new domains and blocked immediately?

hansje

By hansje
in Website Blocking

 Share
Go to solution Solved by Dashke,

Recommended Posts

hansje

hansje

Posted
Posted (edited)

Hi,

I registered 2 new domain names on Namecheap, and 1 minute later MalwareBytes immediately reported it as a trojan treat ?!?!

Related to the following 2 domains:

[/removed]

Please check why this is? It's a bit strange that it automatically blocked right after registration 2 new domains.

Thank you.

NOTE: I contacted Namecheap support as well, they told me to contact MalwareBytes, as they said nothing wrong from their end.

 

Domain1 log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 04/10/2018
Protection Event Time: 10:50
Log File: afdf1a80-c788-11e8-ab9f-d05099714be6.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7171
Licence: Premium

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: www.[/removed]
IP Address: 198.54.117.211
Port: [58363]
Type: Outbound
File: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

(end)

 

Domain Log 2:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 04/10/2018
Protection Event Time: 10:32
Log File: 2509d8c0-c786-11e8-9fca-d05099714be6.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.463
Update Package Version: 1.0.7171
Licence: Premium

-System Information-
OS: Windows 10 (Build 17134.285)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: www.[/removed]
IP Address: 198.54.117.211
Port: [55596]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Edited by Dashke
Link to post
Share on other sites
exile360

exile360

Posted
Posted

Greetings,

Until one of the Research team members responds, I believe I can offer some additional information that may prove helpful.  I looked up the IP address of the sites being blocked and found a listing for it here on hpHosts which is a site run by members of the Malwarebytes Research team and includes a lot of the same information used for the Web Protection component in Malwarebytes 3:

https://hosts-file.net/default.asp?s=198.54.117.211

I also checked the IP address itself by pinging it and discovered that Malwarebytes is actually blocking the IP address (198.54.117.211), not specifically your newly registered domains meaning any site hosted on that IP address will be blocked unless the Research team makes an exception (which they are likely to do if either the server is no longer a threat, if it is a false positive, or if there is a way to block the malicious content found on that server without blocking your specific domains as well however I do not know what course of action they can or will take so we'll have to await their response).

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.