quack2 Posted June 27 ID:1574717 Share Posted June 27 The website is a useful and simple filesharing site. The code is open source. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/27/23 Protection Event Time: 10:11 AM Log File: 99f84b24-150d-11ee-87f7-00155d000609.json -Software Information- Version: 4.5.31.270 Components Version: 1.0.2047 Update Package Version: 1.0.71610 License: Trial -System Information- OS: Windows 10 (Build 19044.2965) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: 0x0.st IP Address: 168.119.145.117 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Link to post Share on other sites More sharing options...
Solution thisisu Posted June 28 Solution ID:1574826 Share Posted June 28 Thanks. Will get this one whitelisted and we'll use full URL blocks instead. An offending file that most likely triggered the block: https://www.virustotal.com/gui/url/95efb1db2697942d1c4ba66bb2ccaa31cfb9c9b06b4d358c1d86ed059cf92354 Regards Link to post Share on other sites More sharing options...
quack2 Posted June 28 Author ID:1574834 Share Posted June 28 Thanks. https://x0.at/ is a very similar site also blocked, here is the log: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/27/23 Protection Event Time: 10:01 PM Log File: c83991c4-1570-11ee-84a0-00155d000609.json -Software Information- Version: 4.5.31.270 Components Version: 1.0.2047 Update Package Version: 1.0.71636 License: Trial -System Information- OS: Windows 10 (Build 19044.2965) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: RiskWare Domain: x0.at IP Address: 167.235.245.18 Port: 443 Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Link to post Share on other sites More sharing options...
thisisu Posted June 29 ID:1575141 Share Posted June 29 Going to keep this one blocked for now as most if not all of the urls here can be considered riskware. Please at least kill the paths to start a good reputation with your domain if it is yours Link to post Share on other sites More sharing options...
quack2 Posted June 29 Author ID:1575158 Share Posted June 29 It is not my site, but I think a bit of malware out of all the files that are uploaded is expected given the anonymous upload ability. I've seen the site used in multiple legitimate scripts and there is an abuse email on the site. The files also can't be edited after upload and will expire eventually, so I think its use for malware distribution is limited compared to its usefulness for legitimate file upload and sharing. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now