Jump to content

Apparent false positive for my company's website reported by a customer


chrisplumb

Recommended Posts

Hey there, Malwarebytes team!

I am the admin of a marketing website for a tech company who recently deployed a new website several weeks ago. We have a talented team of engineers with backgrounds in security standards when it comes to building, hosting, and deploying websites.

 

Yesterday, one of our customers sent a private message to my coworker regarding a Malwarebytes alert they received for our marketing website -- the message contained the standard "Blocked Website Details" that appear alongside an alert, stating that our domain was blocked in Chrome for outbound activity on port 443, categorized as "Trojan."  They claimed that they had visited our domain prior to the new website's launch, and this had never triggered before. We are using the same basic marketing tools we always have, served correctly through Google Tag Manager. Our site is served over HTTPS with a valid certificate. The only thing that I can think of that has changed is our IP is now different, procured through a popular and industry-standard web hosting provider -- perhaps it is a recycled IP address that was previously flagged for unrelated issues? My senior web developer and I immediately responded -- we ran numerous scans of our website using multiple tools, including both the Malwarebytes Chrome Extension, as well as the Malwarebytes application itself. Both of the Malwarebytes tools, as well as other tools we've used, show no issues, and we cannot reproduce the Blocked Website notification. As far as we can tell, there should be no reason that our site was blocked for this user.

 

Unfortunately, I do not have any detailed logs from the customer to share, as I only have the contents of the "Blocked Website Details" notification they received. But if possible, I would sincerely appreciate any assistance the Malwarebytes team may be able to offer in terms of verifying whether or not this was indeed a false positive.

 

Thanks in advance for any assistance you may be able to offer, and I am happy to PM the details of the site and the notification that the customer received!

Link to post
Share on other sites

I am providing the needed info on your behalf.

https://www.virustotal.com/gui/url/2b10e2c217d521247006e4c9abb8e96bd0adf912b19a2fdf0612612819add72a?nocache=1

 

-Website Data-
Category: Trojan
Domain: edgedelta.com
IP Address: 134.122.127.151
Port: 443
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

 

  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.