bigpress Posted February 15 ID:1617791 Share Posted February 15 (edited) We have users reporting that beta.bigpress.net is being reported as phishing. Our website is https://bigpress.net We are the owners of that domain. We use it to provide services to multiple newspapers. For example it was reported to us that the message appears at https://www.elidealgallego.com/ which is one of our customers Edited February 15 by TeMerc Disabled link Link to post Share on other sites More sharing options...
bigpress Posted February 15 Author ID:1617801 Share Posted February 15 It seems it affects all the domain bigpress.net and it's subdomains Link to post Share on other sites More sharing options...
Staff TeMerc Posted February 15 Staff ID:1617804 Share Posted February 15 1 hour ago, bigpress said: We have users reporting that beta.bigpress.net is being reported as phishing. Our website is https://bigpress.net We are the owners of that domain. We use it to provide services to multiple newspapers. For example it was reported to us that the message appears at https://www.elidealgallego.com/ which is one of our customers Hello- We do not show either the domain nor the IP which the domain resides on in our database, was this perhaps a Browser Guard block only? Link to post Share on other sites More sharing options...
Porthos Posted February 15 ID:1617809 Share Posted February 15 (edited) 11 minutes ago, TeMerc said: Hello- We do not show either the domain nor the IP which the domain resides on in our database, was this perhaps a Browser Guard block only? Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 1:35 PM Log File: 7249d29e-cc39-11ee-bb1c-001a7dda7102.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80979 License: Premium -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: bigpress.net IP Address: 46.183.115.164 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 1:40 PM Log File: 094bdc6e-cc3a-11ee-bb40-001a7dda7102.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80979 License: Premium -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: elidealgallego.cdn.bigpress.net IP Address: 79.143.93.75 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end) Edited February 15 by Porthos 1 Link to post Share on other sites More sharing options...
bigpress Posted February 15 Author ID:1617810 Share Posted February 15 Sorry I am not very familiar with your product (it was reported by users and now we installed Malwarebytes to check) The message appears in both Firefox and Chrome. Probably that meas it's a Browser Guard block as you say. The affected domain seems to be bigpress.net and all it's subdomains. We have multiple IPs and seems to affect all of them. Here is an screenshot of the detection history. Link to post Share on other sites More sharing options...
bigpress Posted February 15 Author ID:1617811 Share Posted February 15 Sample for domain bigpress.net Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 8:48 PM Log File: 2e700762-cc3b-11ee-ad6f-bc2411dc42e8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80977 License: Trial -System Information- OS: Windows 10 (Build 19045.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: bigpress.net IP Address: 46.183.115.164 Port: 443 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end) Link to post Share on other sites More sharing options...
bigpress Posted February 15 Author ID:1617812 Share Posted February 15 Sample for one of the subdomains (we have many subdomains) Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 8:49 PM Log File: 594f312e-cc3b-11ee-bbff-bc2411dc42e8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80977 License: Trial -System Information- OS: Windows 10 (Build 19045.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: elidealgallego.cdn.bigpress.net IP Address: 79.143.93.75 Port: 443 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end) Link to post Share on other sites More sharing options...
Staff TeMerc Posted February 15 Staff ID:1617813 Share Posted February 15 19 minutes ago, Porthos said: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 1:35 PM Log File: 7249d29e-cc39-11ee-bb1c-001a7dda7102.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80979 License: Premium -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: bigpress.net IP Address: 46.183.115.164 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/15/24 Protection Event Time: 1:40 PM Log File: 094bdc6e-cc3a-11ee-bb40-001a7dda7102.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80979 License: Premium -System Information- OS: Windows 10 (Build 19045.4046) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: elidealgallego.cdn.bigpress.net IP Address: 79.143.93.75 Port: 443 Type: Outbound File: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (end) This looks to be the IPV6 bug detection and can be ignored. Link to post Share on other sites More sharing options...
bigpress Posted February 15 Author ID:1617815 Share Posted February 15 I have searched but didn't found any information about that IPv6 bug. Can we do anything to resolve this situation? If it is a Malwarebytes bug will be solved with a Malwarebytes update in hours or days? Link to post Share on other sites More sharing options...
bigpress Posted February 15 Author ID:1617816 Share Posted February 15 Our customers thta make use of the domain receive millions of visits every day so we are very proactive about resolving these issues beuse uasually many users are affected. Link to post Share on other sites More sharing options...
bigpress Posted February 16 Author ID:1617895 Share Posted February 16 I don't know what the IPv6 bug is but thought it could be related with IPv6 being dislabled in the domain. So decided to create a subdomain with IPv6 enabled to check if it still gets detected. It does, https://ipv6.bigpress.net gets detected The detection happens both with the extension installed (Browser Guard) and the Windows desktop application. Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/16/24 Protection Event Time: 6:07 AM Log File: 54bae5e2-cc89-11ee-8bcb-bc2411dc42e8.json -Software Information- Version: 4.6.8.311 Components Version: 1.0.2259 Update Package Version: 1.0.80993 License: Trial -System Information- OS: Windows 10 (Build 19045.3086) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0, , -Website Data- Category: Phishing Domain: ipv6.bigpress.net IP Address: 165.22.22.250 Port: 80 Type: Outbound File: C:\Program Files\Google\Chrome\Application\chrome.exe (end) Link to post Share on other sites More sharing options...
Staff BjelakovicL Posted February 17 Staff ID:1618146 Share Posted February 17 Hi, The block has been removed. Sorry for the inconvenience. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now