Jump to content

blocking my home address, blocking web and ssh


mikeur
 Share

Recommended Posts

blocking my home address, blocking web and ssh

home.mycal.net

had to add exception,

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 7/16/21
Protection Event Time: 11:54 AM
Log File: 43b8fb9a-e667-11eb-8c8c-00ff2f7aead2.json

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.43172
License: Trial

-System Information-
OS: Windows 10 (Build 19042.1110)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Trojan
Domain: home.mycal.net
IP Address: 76.103.120.41
Port: 1025
Type: Outbound
File:

 

(end)

Link to post
Share on other sites

so you block *.domain for anything at that domain?      The file is actually legit since its whitehat archive, but I understand why you would block it.    So how do we lookup why you blocked it without having to post here?  Virus total does not show anything on the raw domains, is there a trick to get them to report on the whole domain?

Do not think there is anything at home.mycal.net which is a completely different server.  

 

Link to post
Share on other sites

  • Staff
4 hours ago, mikeur said:

so you block *.domain for anything at that domain?      The file is actually legit since its whitehat archive, but I understand why you would block it.    So how do we lookup why you blocked it without having to post here?  Virus total does not show anything on the raw domains, is there a trick to get them to report on the whole domain?

Do not think there is anything at home.mycal.net which is a completely different server.  

 

I believe you need to have an account on VirusTotal to see any full URL paths that were submitted to its site. In this case, they could be found from this URL: https://www.virustotal.com/gui/domain/www.mycal.net/relations

Here's a screenshot:

image.png.bcabcd940893c8ce0ef4df175385d917.png

After learning that https://www.virustotal.com/gui/url/26940720a6b63f45e5f8b26c25ab8e4b0f5daebf21a044ce06b168417aa9bdf7/detection is a false positive, I'm going to unblock the domain in question. Sorry for the inconvenience.

As far as your other question, sometimes users submit the domains for blocking here: https://forums.malwarebytes.com/forum/155-newest-ip-or-url-threats/

Hope this helps. Have a good weekend

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.