CSNDev Posted October 21, 2021 ID:1484812 Share Posted October 21, 2021 rcntechnologies.com is showing as a Trojan via Malwarebytes Endpoint protection. I have scanned with several other services and they claim the site is clean. Can you verify? Screenshot attached, also logs below: 10/20/21 " 10:37:57.281" 8143484 16a0 14a4 INFO MwacLib NetworkEventHandler::connectionRedirected "networkeventhandler.cpp" 260 "Connection redirected: ProcessId=17440 (C:\Program Files (x86)\Google\Chrome\Application\chrome.exe) RemoteAddress=209.87.149.128:443 LocalAddress=0.0.0.0:64742 Protocol=TCP" 10/20/21 " 10:37:57.281" 8143484 16a0 14a4 INFO MwacLib MwacLibImpl::InvokeBlockCallback "mwaclibimpl.cpp" 1307 "Connection blocked! ProcessId=17440 ProcessPath=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Domain=rcntechnologies.com Address=209.87.149.128 Port=443 Category=Trojan Direction=Outbound ReportOnly=0 ListName=ipBlockList" 10/20/21 " 10:37:57.281" 8143484 16a0 14a4 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 2664 "Block notification callback: url='rcntechnologies.com', ipAddr='209.87.149.128', processPath='C:\Program Files (x86)\Google\Chrome\Application\chrome.exe', category='Trojan'" 10/20/21 " 10:37:57.281" 8143484 16a0 14a4 INFO MwacControllerImpl mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallback "mwaccontrollerimplhelper.cpp" 2665 "AppDetectionNotification=T, BlockNotification=F" Link to post Share on other sites More sharing options...
Staff Solution Zynthesist Posted October 21, 2021 Staff Solution ID:1484817 Share Posted October 21, 2021 Hello, This is an IP block for malware distro. IP appears cleaned up now so block will be removed. 209.87.149.128 Link to post Share on other sites More sharing options...
Recommended Posts