Jump to content

False Positive - 64.207.176.126


Recommended Posts

Our URL is being flagged in the Windows app as an mwac RTP detection as Compromised. Can you confirm whether this is a false positive or tell us which file is causing the alert, that would be helpful. If you need the URL, please PM me.

Thanks

========================================================================================

0E634BAE490BF69E60C103E899D65E91EB60529E75445AF1D4C878185A1FA2DE
{
   "applicationVersion": "4.5.29.268",
   "chromeSyncResetQueryRequested": false,
   "chromeSyncResetQueryResult": false,
   "clientID": "",
   "clientType": "other",
   "componentsUpdatePackageVersion": "1.0.2022",
   "coreDllFileVersion": "0.0.0",
   "cpu": "x64",
   "dbSDKUpdatePackageVersion": "1.0.69871",
   "detectionDateTime": "2023-05-23T12:48:57Z",
   "fileSystem": "NTFS",
   "id": "2e9320ae-f968-11ed-9112-18037332d823",
   "isUserAdmin": true,
   "licenseState": "trial",
   "linkagePhaseComplete": false,
   "loggedOnUserName": "System",
   "machineID": "",
   "os": "Windows 10 (Build 19045.2965)",
   "schemaVersion": 20,
   "sourceDetails": {
      "type": "mwac"
   },
   "threats": [
      {
         "ddsSigFileVersion": "",
         "linkedTraces": [

         ],
         "mainTrace": {
            "archiveMember": "",
            "archiveMemberMD5": "",
            "cleanAction": "block",
            "cleanResult": "successful",
            "cleanResultErrorCode": 0,
            "cleanTime": "",
            "generatedByPostCleanupAction": false,
            "hubbleRequestErrorCode": 0,
            "id": "2e9320af-f968-11ed-90d5-18037332d823",
            "igExitCode": "",
            "isPEFile": false,
            "isPEFileValid": false,
            "isWhitelistedByAdsInfo": false,
            "linkType": "none",
            "objectMD5": "",
            "objectPath": "",
            "objectSha256": "",
            "objectSize": -1,
            "objectType": "website",
            "resolvedPath": "",
            "websiteData": {
               "blockType": 2,
               "ip": "64.207.176.126",
               "isInbound": false,
               "port": 443,
               "processPath": "C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe",
               "url": REDACTED
            }
         },
         "ruleID": -1,
         "ruleString": "",
         "rulesVersion": "0.0.0",
         "srcEngineComponent": "unknown",
         "srcEngineThreatNames": [

         ],
         "threatID": -1,
         "threatName": ""
      }
   ],
   "threatsDetected": 1
}

===================================================================================================

Link to post
Share on other sites

9 minutes ago, ndjake said:

Our URL is being flagged in the Windows app as an mwac RTP detection as Compromised. Can you confirm whether this is a false positive or tell us which file is causing the alert, that would be helpful. If you need the URL

The IP is the issue probably not your site.  https://www.abuseipdb.com/check/64.207.176.126

image.thumb.png.9fab4b8a94d78faeca8462e2ef386d7d.png

https://www.virustotal.com/gui/url/96f3d9bbd9ce9db907b7d2d882886e4cd60ee64e165725b63943578b8fd07f18/detection

Edited by Porthos
  • Thanks 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.