Author Topic: Malwarebytes block notice - question  (Read 1625 times)

0 Members and 1 Guest are viewing this topic.

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1046
  • advanced techno feeb
    • View Profile
Malwarebytes block notice - question
« on: August 28, 2017, 07:03:21 PM »
I have MalwareBytes Pro, and occasionally see website block popups from them.  Which is great, because that means my real-time protection is doing its job.

However I wanted to ask if the one I saw last night needs further investigation.

The popup said it had blocked a website, but that it was out-going and the source was firefox.exe.  I had just clicked into a news page that aggregates photos from other sites.  The blocked website seems to be an image hosting service.


Here is the event log details:
-Log Details-
Protection Event Date: 8/27/17
Protection Event Time: 10:13 PM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2670
License: Premium

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Domain: image.ibb.co
IP Address: 104.27.127.62
Port: [65231]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe


=======================

I then looked at the scan details for the scan that MB did a couple hours later.   They showed that the Rootkit scan was disabled (In settings, it is set to ON):

-Log Details-
Scan Date: 8/28/17
Scan Time: 1:37 AM
Log File:
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2671
License: Premium

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 407619
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 8 min, 12 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)
(end)


I ran a scan a few minutes ago and the report says the Rootkit scan is enabled on that scan.  The scan found no threats.


So my question is,  was this just some anomaly, a routine type website block, or do I need any further intervention?





Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1038
    • View Profile
Re: Malwarebytes block notice - question
« Reply #1 on: August 29, 2017, 12:57:29 PM »
FWIW, when I entered image.ibb.co into my browser, Malwarebytes blocked it too.

Norton Safe Web reported that site had not been tested yet. TrendMicro says it is safe, so does Google. So I suspect it is false positive.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7207
  • Liverpool FC - YNWA
    • View Profile
Re: Malwarebytes block notice - question
« Reply #2 on: August 29, 2017, 01:21:08 PM »
FWIW, I just checked on a box without Malwarebytes installed.  Firefox directed that link to http://imgbb.com/ and it displayed just fine.
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1038
    • View Profile
Re: Malwarebytes block notice - question
« Reply #3 on: August 29, 2017, 02:33:15 PM »
And I just clicked on your redirected link and it displayed fine too, without Malwarebytes blocking it.

But, I am not finding anything to show ibb.co and imgbb.com are related other than there seems to be some Panama connection for the domain registrants.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018