Jump to content

3.128.164.100


Go to solution Solved by Dashke,

Recommended Posts

False positive block for hxxps://velocitii.com when navigating to apex URL with Malwarebytes Premium installed on an endpoint.  The site had been infected prior to June 25, 2020 but was remediated on that date.  It has been security scanned by the WAF & Website Security Scanner daily since 6/25/2020 and is showing free of malicious code or exploit.

IP:  3.128.164.100

Hostname/URL:  hxxp://velocitii.com & hxxps://velcotii.com

Protection Log extract:  [Also attached as txt file with screenshot of blocking]

07/23/20    " 16:49:39.064"    190640    12ac    1bb0    INFO    MwacLib    MwacLibImpl::InvokeBlockCallback    "mwaclibimpl.cpp"    1054    "Connection blocked! ProcessId=504 ProcessPath=C:\Windows\System32\MicrosoftEdgeCP.exe Domain=velocitii.com Address=3.128.164.100 Port=80 Category=Trojan Direction=Outbound ReportOnly=0 ListName=domainblocklist"
07/23/20    " 16:49:39.064"    190640    12ac    1bb0    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback    "mwaccontrollerimplhelper.cpp"    1919    "Block notification callback 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'"
07/23/20    " 16:49:39.064"    190640    12ac    1bb0    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback    "mwaccontrollerimplhelper.cpp"    1920    "AppDetectionNotification=F, BlockNotification=T"
07/23/20    " 16:49:39.082"    190671    12ac    1bb0    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1551    "Malicious Website Protection, domainblocklist, 3.128.164.100, velocitii.com, 80, Outbound, C:\Windows\System32\MicrosoftEdgeCP.exe"
07/23/20    " 16:49:39.082"    190671    12ac    0eb8    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackImpl    "mwaccontrollerimplhelper.cpp"    2022    "Block notification callback impl 'velocitii.com' '3.128.164.100' 'C:\Windows\System32\MicrosoftEdgeCP.exe'"
07/23/20    " 16:49:39.087"    190671    12ac    0eb8    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::GetDetectedFileDetails    "mwaccontrollerimplhelper.cpp"    2006    "White list disposition (0) for 'C:\Windows\System32\MicrosoftEdgeCP.exe'"
07/23/20    " 16:49:39.095"    190671    12ac    184c    INFO    MWACControllerCOM    CMWACController::TelemetryDataCallbackV3    "mwaccontroller.cpp"    1990    "Successfully sent the block event data to telemetry server."

MBAM Premium Website Blocking.PNG

MBAM Premium Log Excerpt.txt

Link to post
Share on other sites

  • Dashke locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.