Malwarebytes blocking

Daedalus-NC

Proud Deplorable & Authorized Contrarian
Charter Life Member
Joined
Dec 31, 2016
Messages
1,119
Location
Lower Cape Fear, NC
Rating - 100%
3   0   0
There have been a couple of sites blocked by MWB over the past two days. In each instance I was browsing the Basement (Awesome, Funny, WTF) when it occurred. Today it popped up as soon as I clicked on the A,F,WTF sub directory. I think it was the same yesterday, but am not certain.
Is anyone else seeing any strange behavior?

For the technical folks here, this is the report I just got from WWB this moning:
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/5/18
Protection Event Time: 9:11 PM
Log File: 919e1622-6926-11e8-82e5-00ff938fae00.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5372
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Hijack
Domain: s15.pixxxels.cc
IP Address: 207.244.121.193
Port: [53305]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)
 
Category: Hijack
Domain: s15.pixxxels.cc
IP Address: 207.244.121.193
Sounds like content, a picture or something, that someone linked to tickled the MB filter. The log shows its in JSON format, which is human readable (generally) so if you open the log file it might have more info.
 
Perhaps of some significance, or maybe not: When I clicked on the Political Meme Thread moments ago I got the same MWB warning. It is repeatable there. Where is the log found? The Report Summary is below and the Advanced report is what was initially posted.


Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/6/18
Protection Event Time: 11:37 AM
Log File: 8432c810-699f-11e8-acab-00ff938fae00.json
Administrator: Yes

-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5378
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Hijack
Domain: s15.pixxxels.cc
IP Address: 207.244.121.193
Port: [50202]
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe



(end)

s15.pixxels.cc appears to be a adult content hosting site. Is there a way to see if any posted images came from/through that site? Also, just discovered if I try to connect directly to the site it is blocked by MWB
 
Last edited:
Taking a quick look, that thread does have a lot of imported, or 3rd party content, so there is probably something on one or more of those pages that links to or has been re-linked to that site. Your log file should be in \Docs and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti malware\logs.

If you can get an administrator's (admin > moderator privilege) attention, XF under the admin tool, logs section, has logs for linked content (image proxy, link proxy, and embedded proxy) and this may show up there, letting them zero in on the offender).
 
I know what site a lot of them come from. I save the pics and repost them...but somebody else just hotlinks to the site. If I gave you the site directly, could you visit it and see if it causes an issue?
 
I know what site a lot of them come from. I save the pics and repost them...but somebody else just hotlinks to the site. If I gave you the site directly, could you visit it and see if it causes an issue?


Oh just say it man..
 
Last edited:
Have malware and got same message. The ip address links back to Manassas Va. Don't worry its Uncle Sam looking out for you. ip 207.244.121.193
 
i've had malware bytes alarm also.. in the Basement section on specific pages, classified as an outgoing block from a potentially 'bad' website.
have not copied logs....
 
Here's a clue. I just opened the last page on WTF and got the MWB warning. The ONLY thing on teh page are three posts by Over Mountain Man showing only .

Edit - part of that message was truncated. The posts were numbers 45641, 45642, 45643. Maybe somebody can find a common source there[IMG]http://. The post numbers are 45641, 45642 and 45643.
 
Last edited:
Likely in the links within the threads. MWB, as far I can tell, does not filter viewpoints. But it is pretty good at blocking malware infested web sites.
 
yep
 
Back
Top Bottom