yummypugs Posted February 17, 2021 ID:1439357 Share Posted February 17, 2021 Not sure where this is coming from, I'0m not connected to a server, PIA is open however. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/16/21 Protection Event Time: 11:10 PM Log File: c4c2f3f6-70a3-11eb-acbb-244bfe58cee9.json -Software Information- Version: 4.3.0.98 Components Version: 1.0.1173 Update Package Version: 1.0.37209 License: Premium -System Information- OS: Windows 10 (Build 19041.804) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Private Internet Access\pia-service.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: IP Address: 212.102.52.87 Port: 0 (No malicious items detected) Type: Outbound File: C:\Program Files\Private Internet Access\pia-service.exe (end) Link to post Share on other sites More sharing options...
Staff Solution Dashke Posted February 17, 2021 Staff Solution ID:1439359 Share Posted February 17, 2021 The IP is malicious as it servers as C2. Link to post Share on other sites More sharing options...
Underdog Posted February 17, 2021 ID:1439505 Share Posted February 17, 2021 I am seeing this message too. Are you saying that Private Internet Access is malware? I don't know what "it servers as C2" means. I have the program "pia-service.exe" running but I am not connected to any VPN right now so this is a concern. Why is it connecting to a "C2" whatever that is? Link to post Share on other sites More sharing options...
Staff Dashke Posted February 18, 2021 Staff ID:1439589 Share Posted February 18, 2021 Private Internet Access should be safe, but it seems that one of their IPs has been used by a trojan as malware command and control. Command & control, also called C&C or C2, is a centralized server or computer that online criminals use to issue commands to control malware and bots as well as to receive reports from them. If the notifications are too distracting for you, you can disable them in MB4 settings and continue being safe. :) Link to post Share on other sites More sharing options...
Underdog Posted February 18, 2021 ID:1439593 Share Posted February 18, 2021 Thank you for the explanation. I've been in contact with PIA and I opened a ticket on PIA and I just sent the a follow-up email with more details. Sorry if I hijacked the thread. It looks like they were unaware of the problem but I'm spelling it out for them now. :) ipqualityscore.com for instance has this IP flagged as suspicious. What bothers me is that I had pia-service.exe running but it was not attached to anything. So, why is my PC trying to open up an Apache connection on there? This was an outbound connection. Link to post Share on other sites More sharing options...
Staff Dashke Posted February 18, 2021 Staff ID:1439598 Share Posted February 18, 2021 Thanks Underdog for this information! It is possible that PIA is trying to query its servers and see which are up/down and available for connecting. Link to post Share on other sites More sharing options...
yummypugs Posted February 18, 2021 Author ID:1439604 Share Posted February 18, 2021 Thanks Underdog for looking into this! (It seems you have exactly the same issue). Link to post Share on other sites More sharing options...
CurtisS Posted June 13, 2021 ID:1463131 Share Posted June 13, 2021 @Dashke Is this IP address blocked due to the /32 range being flagged as a network serving Malware (It's served by DataCamp LTD which is a hosting CDN77) or to that specific IP Address being flagged as a bad address? Link to post Share on other sites More sharing options...
Staff Dashke Posted June 14, 2021 Staff ID:1463222 Share Posted June 14, 2021 Hi CurtisS, The offended IP is 212.102.52.87 as there are malicious files connecting to it recently. 1 Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now