MWW Posted January 19, 2022 ID:1498192 Share Posted January 19, 2022 We were notified by some partners using the malwarebytes AV client that our site was being blocked for potential trojan. The log shows a "malicious A record was detected". Can you please let me know how to get this whitelisted? Malwarebytes A record Blocking.txt Link to post Share on other sites More sharing options...
Staff TeMerc Posted January 19, 2022 Staff ID:1498200 Share Posted January 19, 2022 9 minutes ago, MWW said: We were notified by some partners using the malwarebytes AV client that our site was being blocked for potential trojan. The log shows a "malicious A record was detected". Can you please let me know how to get this whitelisted? Malwarebytes A record Blocking.txt 6.04 kB · 1 download Hello-We'll recheck the domain and return with our analysis to see if the block can be disabled, please be patient. Link to post Share on other sites More sharing options...
Staff Dashke Posted January 20, 2022 Staff ID:1498383 Share Posted January 20, 2022 22 hours ago, MWW said: We were notified by some partners using the malwarebytes AV client that our site was being blocked for potential trojan. The log shows a "malicious A record was detected". Can you please let me know how to get this whitelisted? Malwarebytes A record Blocking.txt 6.04 kB · 6 downloads Hello MWW, We have conducted that this links was used by CobaltStrike - cdn.coterieinsurance.com/Inform/v6.02/YMRGGGIAL6 Can you please check it out and remove the offending files? Link to post Share on other sites More sharing options...
MWW Posted January 21, 2022 Author ID:1498405 Share Posted January 21, 2022 5 hours ago, Dashke said: Hello MWW, We have conducted that this links was used by CobaltStrike - cdn.coterieinsurance.com/Inform/v6.02/YMRGGGIAL6 Can you please check it out and remove the offending files? Thanks Dashke! It looked like the file was caught in cache left over from a security test. I ran a purge on the /Inform/v6.02/* directory. Can you recheck? Link to post Share on other sites More sharing options...
Staff Solution BjelakovicL Posted January 21, 2022 Staff Solution ID:1498429 Share Posted January 21, 2022 Hi MWW, The block will be removed in the next database update. Thank you! Link to post Share on other sites More sharing options...
Recommended Posts