JasonManfred Posted December 23, 2020 ID:1428760 Share Posted December 23, 2020 I represent bunburymotel.com.au which is being blocked by Malwarebytes due to "a trojan". We're not blacklisted by anyone else I'm aware of and I don't know what it's detecting as "a trojan". Log details below, basically the same whether HTTP or HTTPS except for port, different browsers don't matter, different computers same result too. Server IP is a pretty standard Aussie web hosting one (https://hostopia.com.au/). -Log Details- Protection Event Date: 12/23/20 Protection Event Time: 12:55 PM -Software Information- Version: 4.2.3.96 Components Version: 1.0.1122 Update Package Version: 1.0.34647 License: Premium -System Information- OS: Windows 10 (Build 19041.685) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: IP Address: 111.67.21.187 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe Link to post Share on other sites More sharing options...
Staff Solution JPopovic Posted December 23, 2020 Staff Solution ID:1428771 Share Posted December 23, 2020 Hello, There are some potentially malicious files related to this IP address. One of them: http://111.67.21.187/~cancalc/order/invoice_74645.jar VT detection: https://www.virustotal.com/gui/file/caed7828ba15c4c9b0d90c1e7f0d308c26ee32a17433e2492da349eafe7ee400/detection Link to another one: http://111.67.21.187/~cancalc/order/un1.jar VT detection: https://www.virustotal.com/gui/file/46336d11c0a510e9565055772daf977a18e4179a7ec744dfc6d8a6f2094b0cb0/detection One more: http://111.67.21.187/~cancalc/order/invoice_34315R18.jar VirusTotal detection: https://www.virustotal.com/gui/file/c65d3ff20b9a591b41d0b575e70167ebd8963e003f619652660d0fa7adf84c9d/detection Unfortunately, we still wouldn't be able to remove the block from this IP address. One IP address can have several different domains on it. Even if your domain is not malicious, many other can make some trouble and that is the reason we block complete IP address. Thank you for your understanding! Link to post Share on other sites More sharing options...
JasonManfred Posted December 23, 2020 Author ID:1428789 Share Posted December 23, 2020 Thanks. After posting I noted the zoob dot net site shared the IP and had been blacklisted by a couple of sites. I'll advise the host and if they don't take action I guess we'll move hosts. Link to post Share on other sites More sharing options...
Staff JPopovic Posted December 23, 2020 Staff ID:1428791 Share Posted December 23, 2020 Thank you Jason! Link to post Share on other sites More sharing options...
JasonManfred Posted December 24, 2020 Author ID:1428943 Share Posted December 24, 2020 Our host requested zoob remove the files and they have done so. Could you check again and unblock if it's all clear? Link to post Share on other sites More sharing options...
Staff Dashke Posted December 24, 2020 Staff ID:1428994 Share Posted December 24, 2020 8 hours ago, JasonManfred said: Our host requested zoob remove the files and they have done so. Could you check again and unblock if it's all clear? Thank you very much, the block will be removed. Happy Holidays and all the best! Link to post Share on other sites More sharing options...
JasonManfred Posted December 25, 2020 Author ID:1429108 Share Posted December 25, 2020 Thanks mate, all looks good on this end. Cheers. Link to post Share on other sites More sharing options...
Staff Dashke Posted December 25, 2020 Staff ID:1429131 Share Posted December 25, 2020 You are always welcome! I will be locking this topic, but in case you need additional help, please let us know. Link to post Share on other sites More sharing options...
Recommended Posts