FP check for sourpuss.net

[Shdwdrgn]

I am seeing entries on hpHosts for sourpuss.net and www.sourpuss.net (at different IP addresses).  Could someone please review these records and let me know why it was considered a malware distributor?

Thanks.

[Zynthesist]

Hello,

Block is related to this: 

https://www.hybrid-analysis.com/sample/9226d08158c1536dfa7c4f15bbed9fd6b0d6e59880eeaae2143e9025436123a0?environmentId=100

https://www.virustotal.com/#/file/9226d08158c1536dfa7c4f15bbed9fd6b0d6e59880eeaae2143e9025436123a0/detection

 

Edited December 4, 2018 by Zynthesist
spelling

[Shdwdrgn]

Thanks for the links, but I'm still having trouble with this one.  I see a number of references to "payload.exe" and "ping.exe" however I have searched my web folders and can't seem to find any such files.  There doesn't seem to be any reference on either of the above links which show WHERE they found this file at under my domain?  Did I miss something?  If I accidentally hosted an infected file on my server I certainly want to get rid of it.

About the only thing of relevance I can seem to make out of these pages is that my domain is somehow listed as a reference within this virus.  I also see 8.8.8.8 in that list, so I assume this is a list of DNS servers, and while I have run a public DNS server in the past my current DNS setup only answers non-recursive queries, so I don't know that there is anything else I can do about this particular issue.  Even so, I would assume that providing a DNS host is not the cause for blacklisting my domain name since obviously google isn't being blacklisted for having their IP in that virus...

So what else can I do here to get this resolved?

[Zynthesist]

Yeap, I was looking into this further and it was only the memory, and this was considered betabot. I am going to be removing the domain block.