JKeelerLMT Posted July 24, 2020 ID:1396637 Share Posted July 24, 2020 False positive block for hxxps://velocitii.com when navigating to apex URL with Malwarebytes Premium installed on an endpoint. The site had been infected prior to June 25, 2020 but was remediated on that date. It has been security scanned by the WAF & Website Security Scanner daily since 6/25/2020 and is showing free of malicious code or exploit. IP: 3.128.164.100 Hostname/URL: hxxp://velocitii.com & hxxps://velcotii.com Protection Log extract: [Also attached as txt file with screenshot of blocking] 07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 1054 "Connection blocked! ProcessId=504 ProcessPath=C:\Windows\System32\MicrosoftEdgeCP.exe Domain=velocitii.com Address=3.128.164.100 Port=80 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist" 07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1919 "Block notification callback 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'" 07/23/20 " 16:49:39.064" 190640 12ac 1bb0 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 1920 "AppDetectionNotification=F, BlockNotification=T" 07/23/20 " 16:49:39.082" 190671 12ac 1bb0 INFO MWACControllerCOM CMWACController::WebsiteBlockedNotificationCallback "mwaccontroller.cpp" 1551 "Malicious Website Protection, domainblocklist, 3.128.164.100, velocitii.com, 80, Outbound, C:\Windows\System32\MicrosoftEdgeCP.exe" 07/23/20 " 16:49:39.082" 190671 12ac 0eb8 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl "mwaccontrollerimplhelper.cpp" 2022 "Block notification callback impl 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'" 07/23/20 " 16:49:39.087" 190671 12ac 0eb8 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails "mwaccontrollerimplhelper.cpp" 2006 "White list disposition (0) for 'C:\Windows\System32\MicrosoftEdgeCP.exe'" 07/23/20 " 16:49:39.095" 190671 12ac 184c INFO MWACControllerCOM CMWACController::TelemetryDataCallbackV3 "mwaccontroller.cpp" 1990 "Successfully sent the block event data to telemetry server." MBAM Premium Log Excerpt.txt Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted July 24, 2020 Staff Solution ID:1396686 Share Posted July 24, 2020 Thanks, the block will be reviewed. Link to post Share on other sites More sharing options...
Recommended Posts