Jump to content

Fraud site Blocked - I need some more info


Recommended Posts

Hello. I'm hitting problems! For a start, I have Malwarebytes Premium and I can't find a forum for it. (Will a Moderator please move it as appropriate.) When I tried to log in, my password was rejected and my email address was said to be already taken. This was me from a long time ago, but the system still wouldn't let me in. I could find a "get a new password" but not "check user name" as some forums have. Anyway, I'm here now and can see what my User Name is! I can also see from my own records that at some time in the past I'd been advised to change my User Name & password but I've no idea why.

The reason for my post is that MBAM (is that an accepted abbreviation?) blocked access to a Fraud site. It's name & IP is tech-life.life 8.36.44.186. I posted in the Microsoft Community to see if there was any further action that I needed to take - this provoked furious outbursts from an expert there including "99.99999% of other members will likely never have encountered this site, so whom are you helping?", "If everyone experiencing something like this posted, we'd have thousands or even millions of individual posts daily about something most would never care about or encounter." and "And how do you know that the detection by MBAM was even accurate or not simply a false positive?"

I bing'd the site and found quite a few sites with critical reviews of tech-life.life but what I really appreciate from you are hard facts or info that I can throw back at the Microsoft Community expert. My thread there is detailed here and you'll see that, unusually, a Moderator there has marked the reply as the answer, which is my job as OP, not a Moderators.

Fingers crossed that you will sort me out!

 

 

 

 

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab
    Repair menu_arrows.png
     
  7. Click the Gather Logs button
    Advanced_arrows.png
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    Advanced Gather Logs_arrows.png
     
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Advanced Gather Logs completed_arrows.png
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

Link to post
Share on other sites

10 hours ago, exile360 said:

Greetings,

I'll ping members of the Malwarebytes web Research team to take a look and respond here.

@Zynthesist, @Dashke could one of you take a look and respond to the user please and let them know why tech-life.life, IP: 8.36.44.186 is blocked?

Thanks

Many thanks Exile360. My MS Community thread is getting even hotter now, unfortunately, so I hope your guys will work their magic urgently. Thanks

Link to post
Share on other sites

Hi Taffy1812,

Both the domain and IP address you've mentioned are blocked for engaging in fraudulent activity (specifically related to pushing fake scanning software and fake gift cards/prizes). Neither of the blocks are false-positives.

Is tech-life.life a website you've tried to explicitly access or did the Malwarebytes block occur when visiting a seemingly unrelated website? How many times have you encountered the block?

Edited by LiquidTension
Link to post
Share on other sites

Hello Liquid Tension. I'm pretty sure that the block occurred when I went to visit an innocuous site i.e. I'd never heard of tech-life.life before. I did make a copy of the report and this is attached below - does this help?

I'm currently reconstituting all my screen prints and photos, having learned that when I renewed my Home 365  two months ago they gave me a duff copy of OneDrive! I now have the current version and will post a snip when I find it.

Thanks

MBAM blocked fraud site.docx

Link to post
Share on other sites

The LIFE TLD  is one of those that have a propensity for nefarious and malicious sites.

I get Access Denied trying to read the Microsoft Thread even when logged into a Microsoft Account.

The tech-life.life  Domain was created on 10/12/2017 and is barely 1.5 years old and is Registered through NameCheap.  NameCheap  a registrar that is known to allow registration of nefarious and malicious sites and they put up all sorts of road blocks when provided Abuse reports.

When I try to visit  tech-life.life  I get "403, Forbidden, Access to this resource on the server is denied!".  That is a Red Flag that when accessing the Root of a web site you get Access Denied.

With all that in mind and the report from a Malwarebytes Employee indicating " blocked for engaging in fraudulent activity (specifically related to pushing fake scanning software and fake gift cards/prizes) " I do not understand the hesitation in accepting why that site is blocked.

 

Edited by David H. Lipman
Link to post
Share on other sites

Many thanks Dave. Most helpful. The MS Community Moderator who sided with the MS expert when he (the latter) went OTT has since deleted my thread and appears to be running scared at the moment eg he's posting faux replies to me but no real replies. I've complained about him and hope they'll resolve it shortly. Why ignore an MBAM report? Inconceivable

By the way, how long will it take for someone to check out the report that I sent yesterday. (Not pushing, just so that I know for the future). And is that likely to show where I was looking when I got the Fraud alert?

Link to post
Share on other sites

Hi Taffy1812,

Providing the Malwarebytes Web Protection blocks do not continuously occur, no further action is required. This was simply a case of Malwarebytes proactively blocking a connection attempt to a potentially malicious website; the source of which was likely one of the websites you've recently visited using Microsoft Edge. Unfortunately, with the data that's available, it's not possible to determine the source that made the connection attempt to the blocked website.

Link to post
Share on other sites

Many thanks for your reply. I know that I never visit a strange site so I was just wondering where I'd been to generate the alert. Thanks anyway.

By the way, when I hit 'Go to this site' in the notification email I was expecting a blank reply window but instead my earlier reply was showing there. Is there a setting that I need to change please?

I'll read the Forum's FAQs in a day or two when I've sorted out Windows Updates but how do I give you kudos for your very helpful reply please?

Link to post
Share on other sites

4 hours ago, Taffy1812 said:

By the way, when I hit 'Go to this site' in the notification email I was expecting a blank reply window but instead my earlier reply was showing there. Is there a setting that I need to change please?

I'm afraid I'm not certain what caused that issue.

Members of our forum team might have a better idea.
@AdvancedSetup @AlexSmith

Link to post
Share on other sites

Hello Firefox. I hit 'go to this post' in the notification email and the below was showing in what would have been the Blank reply box.. You'll see from the above post that I did actually submit the reply so I shouldn't need to clear my cache. However, before trying your suggestion about Clear Editor, I saw that you use IE11 (I prefer that to blasted Edge) so I came here via IE11 and the reply window was blank, as it should be. Might this be a browser issue? @Liquid Tension - I'll follow your advice later.

 

Many thanks for your reply. I know that I never visit a strange site so I was just wondering where I'd been to generate the alert. Thanks anyway.

By the way, when I hit 

Link to post
Share on other sites

9 hours ago, Taffy1812 said:

Might this be a browser issue?

There's no issue here unless you're experiencing consistent blocks across multiple websites.

You were using Microsoft Edge to browse the Internet. One of the websites you visited made a connection attempt to a blacklisted domain and Malwarebytes consequently blocked the connection. No damage was done and no further action is required.

Link to post
Share on other sites

6 minutes ago, LiquidTension said:

There's no issue here unless you're experiencing consistent blocks across multiple websites.

You were using Microsoft Edge to browse the Internet. One of the websites you visited made a connection attempt to a blacklisted domain and Malwarebytes consequently blocked the connection. No damage was done and no further action is required.

I probably explained it badly - it was the reply window that was the problem. In Edge it showed remnants of my previous reply but it didn't do it when I used IE11  - the reply box was clear.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.