Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Trend Micro Malicious Software Alert

  1. #1
    Join Date
    Jan 2006
    Posts
    1,022

    Default Trend Micro Malicious Software Alert

    With the newest updates of Trend Micro and Firefox every page of the the Arizona Cardinals forum produces this notice:

    https://api.aalbbh84.info/api/conf?h...47083d37a46e77
    Rating: Dangerous Page (49)
    Response: Blocked
    Detected By: Web Reputation Ratings

    Trend Micro has confirmed that this website can transmit malicious software or has been involved in online scams or fraud.



    I thought someone should know and perhaps look into the issue. Thanks.

  2. #2
    Join Date
    Nov 2008
    Location
    The Verde Valley
    Posts
    7,909

    Default

    looking into it...Thanks
    The Wilks era begin

  3. #3
    Join Date
    Sep 2014
    Posts
    114

    Default

    Quote Originally Posted by JimHart View Post
    With the newest updates of Trend Micro and Firefox every page of the the Arizona Cardinals forum produces this notice:

    https://api.aalbbh84.info/api/conf?h...47083d37a46e77
    Rating: Dangerous Page (49)
    Response: Blocked
    Detected By: Web Reputation Ratings

    Trend Micro has confirmed that this website can transmit malicious software or has been involved in online scams or fraud.



    I thought someone should know and perhaps look into the issue. Thanks.
    I don't know if you guys figured this out but I get reports that this forum is running mining scripts whenever I come here. I believe that would cause all these warnings you guys are seeing. It's very possible that this is what is happening and that there actually are mining scripts being run...

  4. #4
    Join Date
    Nov 2010
    Location
    Alexandria, VA
    Posts
    5,776

    Default

    Some networks sleuthing and forensics would answer a concern about amateur mining scripts. That takes time and cash.

    I'm guessing only, perhaps alerts are because the detection and monitoring software is doing its job, labeling sites that are performing fine but at some level of mining risk.

    Labs also want to sell software to protect us.

  5. #5
    Join Date
    Jan 2006
    Location
    Paradise Valley, AZ
    Posts
    3,960

    Default

    Checking into it as Malwarebytes is giving me a message but I have it into the powers that be.
    "Let's Shock The World" - Kurt Warner Jan 10, 2009 after defeating Carolina Panthers 33-13


  6. #6
    Join Date
    Jan 2006
    Location
    Paradise Valley, AZ
    Posts
    3,960

    Default Still working on this

    This is what I am getting with every time getting a different port number.

    malware-error message.jpg
    "Let's Shock The World" - Kurt Warner Jan 10, 2009 after defeating Carolina Panthers 33-13


  7. #7
    Join Date
    Nov 2008
    Location
    The Verde Valley
    Posts
    7,909

    Default

    i haven`t had a hit this time around...good
    The Wilks era begin

  8. #8
    Join Date
    Sep 2014
    Posts
    114

    Default

    Quote Originally Posted by Drachir View Post
    This is what I am getting with every time getting a different port number.

    malware-error message.jpg
    Is there any reason that you'd be accessing http://absenteb.beget.tech/ ?

    There is a script that runs from there called http://absenteb.beget.tech/ASjhgfudasfgiwgSjhdkjsdfk.js

    Maybe I'll pull it up later and see if if it looks like anything weird. That could be the mining script though...

    Edit
    It doesn't look like a mining script but whoever runs the server may want to make sure that it's secure because that file doesn't do anything useful for the site.
    Last edited by TMoney; 03-20-2018 at 05:57 PM.

  9. #9
    Join Date
    Jan 2006
    Location
    Paradise Valley, AZ
    Posts
    3,960

    Default

    Quote Originally Posted by TMoney View Post
    Is there any reason that you'd be accessing http://absenteb.beget.tech/ ?

    There is a script that runs from there called http://absenteb.beget.tech/ASjhgfudasfgiwgSjhdkjsdfk.js

    Maybe I'll pull it up later and see if if it looks like anything weird. That could be the mining script though...
    Nope no reason whatsoever to go to that site. Every page I load from Cardinals forum gives that message.
    "Let's Shock The World" - Kurt Warner Jan 10, 2009 after defeating Carolina Panthers 33-13


  10. #10
    Join Date
    Sep 2007
    Location
    Seattle, WA
    Posts
    417

    Default

    Same here, with Malwarebytes (Premium).

    Quote Originally Posted by Drachir View Post
    Nope no reason whatsoever to go to that site. Every page I load from Cardinals forum gives that message.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •