Jump to content

Website blocked due to Trojan: areasrc.net - 172.67.202.90 or 104.21.52.178


Go to solution Solved by JPopovic,

Recommended Posts

Since March 29 I have been seeing blocked websites every time I do a Google searches.  There appears to be just two IP addresses, but the hostname is always areasrc.net. 

I have no idea whether this is a false positive or something real, in which case I have no idea what is causing them. 

I note that the executable {6D809377-6AF0-444B-8957-A3773F02200E}_Malwarebytes_Anti-Malware_mbam_exe appears in the folder ...AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\ with a timestamp of 29/3/2021 10:32AM although the first report in my History shows a timestamp of 9:13 AM. 

Screenshot 2021-04-05 13.51.41.png

Screenshot 2021-04-05 13.52.06.png

Screenshot 2021-04-05 13.52.25.png

Screenshot 2021-04-05 13.52.35.png

Link to post
Share on other sites
  • Staff
  • Solution

Hello,

The domain (areasrc.net) is blocked due to potentially malicious JS file:

 https://areasrc.net/2339920b5259779583.js 

 

VirusTotal detection:

https://www.virustotal.com/gui/file/a86088da4981cc3541abfbf4a114e37f6e3ebb18e0fd05fd9a10617117db3b8e/detection

 

We wouldn't be able to remove the block until this file is deleted.

Thank you for your understanding!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.