Is this actually malicious? Getting tons of alerts for traffic to parrable

[asda]

Over the past few days we've been receiving tons of alerts from Malwarebytes for traffic to h[.]parrable[.]com. After a bit of analysis I found the file dropped from that site is gmpopenh264[.]dll[.]tmp but it is signed by Mozilla and deemed safe by VirusTotal. The file hash is:ced08ce5bc45dbe505fa94b3a4268c0830ccda016a23c0acb16dd7268cfa7a65

So it appears the site itself is just classified as malicious, does anyone know why or have they experienced this too recently?

[Maurice Naggar]

@asda 

Hi. 

For Your Information:

The Block notices from Malwarebytes web protection do mean that Malwarebytes is keeping your pc safe from potential harm.
A block notice is an advisory of the "block".
A "malicious website blocked" is entirely different from a "malware detected" event.

The website  Block message indicates that a potential risk was blocked by the malicious website protection.
The Malwarebytes web protection, by default, will always show each IP block occurrence.
The Malwarebytes Web protection feature will advise customers when a known or suspected malicious IP is attempted to be reached (outgoing) or is trying access your PC.
 
See our info page https://www.malwarebytes.com/lp/ip-blocking/?ipblock=true
 
Incoming block notice can be ignored, our software is blocking the threat and there is nothing more that can be done.
On Outbound blocks, any attempted connection was stopped.
 
No action is required unless you’re also experiencing malware symptoms or there are multiple (different) IPs (ex;123.23.34 and 4.44.56).
 A browser is not required to be running, just an active Internet connection with processes running,
such as Instant messenger clients, or Discord app, or SKYPE or Peer-to-peer software, to trigger these alerts.

These are also triggered by banner ads running on websites which is the most common form of alert.

First action step: 

Let's do one scan with Malwarebytes Adwcleaner to check for adwares. Just before pressing that "scan" button, be sure that Chrome & Edge, or other web browser are Closed.

It will not take much time,

First download & save it
guide & download link

Then be sure to close all web browsers after the download & before launching the tool.

Then go to where the EXE file is saved. Start Adwcleaner.  Then do a scan with Adwcleaner

Guide article

Attach the clean log from Adwcleaner when all completed.

[Maurice Naggar]

After that, these are next action steps. 

[   1   ]

for Chrome, while Chrome is running:
Press & hold SHIFT+CTRL+Del keys  on keyboard to get menu for clearing browsing data:

Check mark the line  "Browsing history"

Check mark the line "Download history"

Check mark the lined "Cached images and files"
and press Clear Data button  ( in blue )

[   2   ]

I would like a report set for review.   This is a report only.

Please download MALWAREBYTES MBST Support Tool

Once you start it click Advanced >>> then   Gather Logs

 Have patience till the run has finished.

Upload an archive once it is done. Attach the mbst-grab-results.zip from the Desktop.

 

• Please attach  mbst-grab-results.zip    to your reply
• The IP block actions by Malwarebytes are keeping the machine safe from potential threats.
• We do need the support zip reports to see more detail  ( the screen grabs just do not have full details + those screens give no clue as to what processes are running.
• NOTE: This thread-topic is ONLY for "Asda".  All others needing help must have their own separate thread=topic.
• Thanks

[Maurice Naggar]

Hello @asda How are you doing as far as my earlier tips above ? Please advise. just so that it is real clear, A) no entity should be 'sending' any DLL[,]TMP file + B) the Malwarebytes web protection team is advising that, yes, the parrable[.]com domain is found to have malicious threats.

[Maurice Naggar]

Hello @asda Do you still need help? I have not heard back from you after many days.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you