Jump to content
Shdwdrgn

ANSWERED FP check for sourpuss.net

Recommended Posts

I am seeing entries on hpHosts for sourpuss.net and www.sourpuss.net (at different IP addresses).  Could someone please review these records and let me know why it was considered a malware distributor?

Thanks.

Share this post


Link to post
Share on other sites

Hello,

Block is related to this: 

https://www.hybrid-analysis.com/sample/9226d08158c1536dfa7c4f15bbed9fd6b0d6e59880eeaae2143e9025436123a0?environmentId=100

https://www.virustotal.com/#/file/9226d08158c1536dfa7c4f15bbed9fd6b0d6e59880eeaae2143e9025436123a0/detection

 

Edited by Zynthesist
spelling

Share this post


Link to post
Share on other sites

Thanks for the links, but I'm still having trouble with this one.  I see a number of references to "payload.exe" and "ping.exe" however I have searched my web folders and can't seem to find any such files.  There doesn't seem to be any reference on either of the above links which show WHERE they found this file at under my domain?  Did I miss something?  If I accidentally hosted an infected file on my server I certainly want to get rid of it.

About the only thing of relevance I can seem to make out of these pages is that my domain is somehow listed as a reference within this virus.  I also see 8.8.8.8 in that list, so I assume this is a list of DNS servers, and while I have run a public DNS server in the past my current DNS setup only answers non-recursive queries, so I don't know that there is anything else I can do about this particular issue.  Even so, I would assume that providing a DNS host is not the cause for blacklisting my domain name since obviously google isn't being blacklisted for having their IP in that virus...

So what else can I do here to get this resolved?

Share this post


Link to post
Share on other sites

Yeap, I was looking into this further and it was only the memory, and this was considered betabot. I am going to be removing the domain block. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.