frozen Posted October 4, 2021 ID:1482537 Share Posted October 4, 2021 1Password Community being flagged https://1password.community/discussion/121163/1password-for-windows-early-access Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/3/21 Protection Event Time: 7:52 PM Log File: 6a4339f4-24ad-11ec-b3ef-90e6ba57cdd5.json -Software Information- Version: 4.4.7.134 Components Version: 1.0.1464 Update Package Version: 1.0.45556 License: Premium -System Information- OS: Windows 10 (Build 19043.1237) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\BraveSoftware\Brave-Browser-Beta\Application\brave.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Trojan Domain: dsc.cloud IP Address: 207.148.0.169 Port: 443 Type: Outbound File: C:\Program Files\BraveSoftware\Brave-Browser-Beta\Application\brave.exe (end) Link to post Share on other sites More sharing options...
Staff JPopovic Posted October 4, 2021 Staff ID:1482545 Share Posted October 4, 2021 (edited) The domain (dsc.cloud) is legitimately blocked. Thank you! Edited October 4, 2021 by JPopovic Link to post Share on other sites More sharing options...
frozen Posted October 6, 2021 Author ID:1482860 Share Posted October 6, 2021 So you are saying the above block and this one is a valid block and it is not a false positive? If so I will try to contact 1Password regarding this as I do not think it is something they want showing up when one is using a Password Manager. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/6/21 Protection Event Time: 8:45 AM Log File: b7d5c844-26ab-11ec-8d4b-90e6ba57cdd5.json -Software Information- Version: 4.4.7.134 Components Version: 1.0.1464 Update Package Version: 1.0.45602 License: Premium -System Information- OS: Windows 10 (Build 19043.1237) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\BraveSoftware\Brave-Browser-Beta\Application\brave.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Malware Domain: IP Address: 207.148.0.169 Port: 443 Type: Outbound File: C:\Program Files\BraveSoftware\Brave-Browser-Beta\Application\brave.exe (end) Link to post Share on other sites More sharing options...
Staff JPopovic Posted October 6, 2021 Staff ID:1482863 Share Posted October 6, 2021 Yes the domain (dsc.cloud) is still infected. Link to post Share on other sites More sharing options...
Ben1P Posted October 7, 2021 ID:1483040 Share Posted October 7, 2021 Hi folks. Ben from 1Password here. Some of the images in the post in question were intentionally hosted with the Dropshare service, which operates the 'dsc.cloud' domain. Dropshare is similar to Dropbox, MEGA, etc in that they host a lot of files from a lot of different users. Are you claiming that Dropshare itself has been compromised? Do you have any additional explanation for why dsc.cloud is being blocked by MalwareBytes wholesale? It seems there would have to be some justification beyond some of their users uploading files containing malware, as otherwise I imagine you'd have to block all similar file sharing / image hosting services. Please let us know. Thanks! Ben Link to post Share on other sites More sharing options...
Staff JPopovic Posted October 8, 2021 Staff ID:1483208 Share Posted October 8, 2021 Hi Ben, There are some phishing pages related to this domain: http://dsc.cloud/eae89d/appfacebook2021.html https://dsc.cloud/5533cc/A%20POP.html https://dsc.cloud/dc8150/E%20PAYMENT%20NOTIFICATION.html https://dsc.cloud/dc8150/E+PAYMENT+NOTIFICATION.html Would you be able, by any chance, to contact them and ask them to remove these pages? Thank you in advance! Link to post Share on other sites More sharing options...
Ben1P Posted October 10, 2021 ID:1483431 Share Posted October 10, 2021 I submitted an abuse report using Dropshare's form, here: https://dropshare.cloud/abuse and included those URLs. These are files uploaded by users of their service, and do not appear to represent any sort of compromise of the Dropshare service itself. Can you please advise when the domain is unblocked? Link to post Share on other sites More sharing options...
Staff Solution JPopovic Posted October 10, 2021 Staff Solution ID:1483437 Share Posted October 10, 2021 The block had been removed already. Thank you! Link to post Share on other sites More sharing options...
Ben1P Posted October 10, 2021 ID:1483438 Share Posted October 10, 2021 Many thanks! 1 Link to post Share on other sites More sharing options...
Recommended Posts