Jump to content

Recommended Posts

Hi there, I noticed a malwarebytes browser guard flag appear on a clients site, and wondered if it was a false flag.

Or if not some indication of what may be the issue. 

The 'quick quote' pop up uses a gravity form which loads in via an iframe, required to have the form appear within a modal. we wondered if this is what was causing it.

Many thanks.

Details below:

Server ip: 46.101.60.200

Domain: hxxps://oneplm.com

Log: 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/13/21
Protection Event Time: 3:22 PM
Log File: 00b910d6-149e-11ec-9c86-f48e38e7f6c7.json

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.44932
License: Premium

-System Information-
OS: Windows 10 (Build 19042.1165)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Phishing
Domain: 
IP Address: 46.101.60.200
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Wordfence and sucuri scans came clean

antivirus status on virustotal

https://www.virustotal.com/gui/url/802f8e42e45e2536336be1546ed430eb8ec3b907d28e7c6d09ca5a41fe70bcb3/detection

Link to post
Share on other sites

  • Staff
36 minutes ago, Thom2k said:

Hi there, I noticed a malwarebytes browser guard flag appear on a clients site, and wondered if it was a false flag.

Or if not some indication of what may be the issue. 

The 'quick quote' pop up uses a gravity form which loads in via an iframe, required to have the form appear within a modal. we wondered if this is what was causing it.

Many thanks.

Details below:

Server ip: 46.101.60.200

Domain: hxxps://oneplm.com

Log: 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 9/13/21
Protection Event Time: 3:22 PM
Log File: 00b910d6-149e-11ec-9c86-f48e38e7f6c7.json

-Software Information-
Version: 4.4.3.125
Components Version: 1.0.1387
Update Package Version: 1.0.44932
License: Premium

-System Information-
OS: Windows 10 (Build 19042.1165)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , 

-Website Data-
Category: Phishing
Domain: 
IP Address: 46.101.60.200
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Wordfence and sucuri scans came clean

antivirus status on virustotal

https://www.virustotal.com/gui/url/802f8e42e45e2536336be1546ed430eb8ec3b907d28e7c6d09ca5a41fe70bcb3/detection

Hello, thanks for bringing this to our attention. We've reviewed the site again and have determined it no longer warrants being blocked so we've disabled the block in our database. 

Removal should be reflected in the next database update going out in a few hours or so.

Link to post
Share on other sites

  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.