davork Posted January 8, 2021 ID:1431183 Share Posted January 8, 2021 Folks Looks like f002.backblaze2.com is being blocked - this is one of the backblaze backup domains so this feels like a false positive :( Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 1/8/21 Protection Event Time: 3:35 AM Log File: 6a2bb2ba-518c-11eb-bd62-c85b764bbd2d.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1130 Update Package Version: 1.0.35397 License: Premium -System Information- OS: Windows 10 (Build 19041.685) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Haystack Software\Arq 5\ArqAgent.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: f000.backblazeb2.com IP Address: 104.153.233.177 Port: 443 Type: Outbound File: C:\Program Files (x86)\Haystack Software\Arq 5\ArqAgent.exe (end) Link to post Share on other sites More sharing options...
Staff Solution JPopovic Posted January 8, 2021 Staff Solution ID:1431185 Share Posted January 8, 2021 Hello, This is not a FP. There are some phishing links related to this IP address and this domain. For example: https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?hkoxnqc=V51CBA3IiQJ5WjGskdzvmw85HC9q3&trygpvdiq=fvmwelVQvj5vlKV&jkbzp=fLjqbj2UjgvmiZHV4FB&uxtls=sr8xm8BQ2qnFswMOoD&rzytpe=ANlbJRRvfhbuINAhcTontPj9MAFf&xiyvk=yEkn8SVFoiUvDiwx&qkypdhdwpf=QBKIR5kQ9YgmqWYb4SZZ&ocmssei=hTzIBvEE4AIumOxsdW8s6TUwTYO&crkgwlr=LoMDRVBrR5UKPRvvIbQpJZPXVr http://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/index.html https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?fubxdzf=GVbHhFrvgHPgOxxe&htcjaqnc=fQ2UWTu5fhBDToR9uTX3SnljWd&wtcjkubbp=fcZRRaLlWKHxs1VovfZs&qmcazjsa=xlIvUIqJc2ligPl2&rhuytqic=3Lco4YWRkwyKOcNypPypX8gUy2 https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?fubxdzf=GVbHhFrvgHPgOxxe&htcjaqnc=fQ2UWTu5fhBDToR9uTX3SnljWd&wtcjkubbp=fcZRRaLlWKHxs1VovfZs&qmcazjsa=xlIvUIqJc2ligPl2&rhuytqic=3Lco4YWRkwyKOcNypPypX8gUy2 https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?fubxdzf=GVbHhFrvgHPgOxxe&htcjaqnc=fQ2UWTu5fhBDToR9uTX3SnljWd&wtcjkubbp=fcZRRaLlWKHxs1VovfZs&qmcazjsa=xlIvUIqJc2ligPl2&rhuytqic=3Lco4YWRkwyKOcNypPypX8gUy2 etc. Unfortunately, we wouldn't be able to remove the block due to that problem. Thank you for your understanding! Link to post Share on other sites More sharing options...
davork Posted January 8, 2021 Author ID:1431187 Share Posted January 8, 2021 13 minutes ago, JPopovic said: Hello, This is not a FP. There are some phishing links related to this IP address and this domain. For example: https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?hkoxnqc=V51CBA3IiQJ5WjGskdzvmw85HC9q3&trygpvdiq=fvmwelVQvj5vlKV&jkbzp=fLjqbj2UjgvmiZHV4FB&uxtls=sr8xm8BQ2qnFswMOoD&rzytpe=ANlbJRRvfhbuINAhcTontPj9MAFf&xiyvk=yEkn8SVFoiUvDiwx&qkypdhdwpf=QBKIR5kQ9YgmqWYb4SZZ&ocmssei=hTzIBvEE4AIumOxsdW8s6TUwTYO&crkgwlr=LoMDRVBrR5UKPRvvIbQpJZPXVr http://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/index.html https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?fubxdzf=GVbHhFrvgHPgOxxe&htcjaqnc=fQ2UWTu5fhBDToR9uTX3SnljWd&wtcjkubbp=fcZRRaLlWKHxs1VovfZs&qmcazjsa=xlIvUIqJc2ligPl2&rhuytqic=3Lco4YWRkwyKOcNypPypX8gUy2 https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?fubxdzf=GVbHhFrvgHPgOxxe&htcjaqnc=fQ2UWTu5fhBDToR9uTX3SnljWd&wtcjkubbp=fcZRRaLlWKHxs1VovfZs&qmcazjsa=xlIvUIqJc2ligPl2&rhuytqic=3Lco4YWRkwyKOcNypPypX8gUy2 https://f000.backblazeb2.com/file/url-data-web-storage-secured-650asadbcsjhdcbjs/web-data-server-1uyhchduiahc/login.html?fubxdzf=GVbHhFrvgHPgOxxe&htcjaqnc=fQ2UWTu5fhBDToR9uTX3SnljWd&wtcjkubbp=fcZRRaLlWKHxs1VovfZs&qmcazjsa=xlIvUIqJc2ligPl2&rhuytqic=3Lco4YWRkwyKOcNypPypX8gUy2 etc. Unfortunately, we wouldn't be able to remove the block due to that problem. Thank you for your understanding! Okay, I understand I have logged a trouble ticket with backblaze and as I need to backup, added an exception for the backup program Link to post Share on other sites More sharing options...
Backblaze_Compliance Posted January 8, 2021 ID:1431257 Share Posted January 8, 2021 Hi Backblaze Compliance here! My name is Annalisa and I am the compliance specialist at Backblaze. I have suspended the account that was hosting the above links. Unfortunately, we are not able to suspend an account without a report being sent to us and an investigation into the phishing compliant. Once we receive the report though, we do try to take down the offending material asap. If you find other similar links please let us know so we can take care of it! We take phishing/spam very seriously and want to remove it as quickly as possible. You can report it to by emailing helpme@backblaze.com. This email may change, so also make sure to check out our KB article area as well. 1 Link to post Share on other sites More sharing options...
thisisu Posted January 9, 2021 ID:1431357 Share Posted January 9, 2021 20 hours ago, Backblaze_Compliance said: Hi Backblaze Compliance here! My name is Annalisa and I am the compliance specialist at Backblaze. I have suspended the account that was hosting the above links. Unfortunately, we are not able to suspend an account without a report being sent to us and an investigation into the phishing compliant. Once we receive the report though, we do try to take down the offending material asap. If you find other similar links please let us know so we can take care of it! We take phishing/spam very seriously and want to remove it as quickly as possible. You can report it to by emailing helpme@backblaze.com. This email may change, so also make sure to check out our KB article area as well. Thank you. We can remove the block on 104.153.233.177. It's pending a database update. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now