Jump to content

malicious site protection warning question


Recommended Posts

hello i was browsing a site and got this pop up from malicious site protection and was curious what exactly it means

 

Malicious Website Protection, IP, 98.158.102.108, img.beeg.com, 58040, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

i closed the site but was just curious since it says "outbound" does that mean that my computer was sending info out?  just curious if i should be worried about it.

Link to post
Share on other sites

Hello and :welcome: :
 
It sounds as if MBAM was doing its job.
See here: What does it mean when I get an alert that Malwarebytes Anti-Malware has blocked a malicious site?
 
If you're not sure, and would like an expert to help check the system, to be sure, then you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue - the helper will guide you through the scanning and cleanup process.

Thanks,

Link to post
Share on other sites

Yesterda I also got a malicious website pop up.

On a site I've gone to for years, a NY Mets blog.

Similarly it was outbound, n1.smartyads.com

it pops up repeatedly on this site...just since yesterday

and it poped up once somewhere in Yahoo.

 

what do I do with this?

Thanks, Julie

I have Malwarebytes premium

Link to post
Share on other sites

Hello and welcome back, @Hawkzon:
 

Yesterda I also got a malicious website pop up.
On a site I've gone to for years, a NY Mets blog.
Similarly it was outbound, n1.smartyads.com
it pops up repeatedly on this site...just since yesterday
and it poped up once somewhere in Yahoo.
 
what do I do with this?
Thanks, Julie
I have Malwarebytes premium

 
It sounds as if MBAM was doing its job.
See here: What does it mean when I get an alert that Malwarebytes Anti-Malware has blocked a malicious site?
also read this https://blog.malwarebytes.org/online-security/2013/05/oh-the-sites-you-will-never-see/

If you think that the block might be a False Positive, then please start with the advice HERE and then please post the requested information (URL and IP being blocked) in the website F/P section HERE.

If you're not sure, and would like an expert to help check the system, then you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.
A malware analyst will assist you with looking into your issue - the helper will guide you through the scanning and cleanup process.

Thanks,

Link to post
Share on other sites

I keep getting this same warning while using the Pale Moon browser:

Outbound and while I am using the Pale Moon 32 bit browser on Win 7 HP SP1 64bit.

8 times in under a minute 

2 of the next:

n1.smartyads.com   outgoing from palemoon.exe

Domain,127.42.0.0

Domain,127.42.0.2

 

6 of the next:

us-w-node1-smartyads.com   outgoing from palemoon.exe

Domain,127.42.0.4

 

I submitted both of the above to virustotal.com and they both came up clean. Strange, even with the MBAM scan that virustotal.com uses.

Why clean on that scan and not on the MBAM Pro I am using. Ver: 2.1.8.1057 Database version: 2015.10.11.3

 

I will try to only use FF 41.0.1 several hours and see it MBAM finds it and stops it there.

 

Thanks,

PS: I have also run AdwCleaner,Avast free and a manual scan with SAS with no hits.

Link to post
Share on other sites

I just tried FF 41.0,1 and it is the same here, so 'perhaps' it is a false positive. I also am running the free  MBAE program in real time.

Hopefully you guys can check out if the  n1.smartyads and us-w-smartyads sites are bad or not. Lots of hits talking about smartyads in Internet searches, All bad.!!

I will not add it as an exclusion until I hear further as I see no benefit to doing so and perhaps harm.

Thanks,

Buffalo

Link to post
Share on other sites

Hello and welcome, @Buffalo:

 

I just tried FF 41.0,1 and it is the same here, so 'perhaps' it is a false positive. I also am running the free  MBAE program in real time.

Hopefully you guys can check out if the  n1.smartyads and us-w-smartyads sites are bad or not. Lots of hits talking about smartyads in Internet searches, All bad.!!

I will not add it as an exclusion until I hear further as I see no benefit to doing so and perhaps harm.

Thanks,

Buffalo

 

It sounds as if MBAM was doing its job.
See here: What does it mean when I get an alert that Malwarebytes Anti-Malware has blocked a malicious site?
also read this https://blog.malware...will-never-see/

If you think that the block might be a False Positive, then please start with the advice HERE and then please post the requested information (URL and IP being blocked) in the website F/P section HERE.

If you're not sure, and would like an expert to help check the system, then you might want to please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
It explains the options for free, expert help >>AND<< the suggested, preliminary steps to expedite the process.

 

Thank you,

Link to post
Share on other sites

Once again, why doesn't the MBAM that VirusTotal.com uses not find a problem with the n1.smartyads.com URL when the MBAM I have on my computer does find a problem?

If this is not the proper forum to address this issue, please point me to the one that does.

I am running program ver:2.2.0.1024   2015.0.14.4 on a Win7HP sp1 64bit desktop.

Thanks,

Link to post
Share on other sites

Once again, why doesn't the MBAM that VirusTotal.com uses not find a problem with the n1.smartyads.com URL when the MBAM I have on my computer does find a problem?

If this is not the proper forum to address this issue, please point me to the one that does.

I am running program ver:2.2.0.1024   2015.0.14.4 on a Win7HP sp1 64bit desktop.

Thanks,

 

What you report seems to be more of a False Negative (or at least some sort of discrepancy).

There is no specific sub-forum for that, and I don't know how to explain the difference. :(

 

As previously suggested, you might wish to please start with the advice HERE and then please post the requested information (URL and IP being blocked) in the website F/P section HERE.

 

Alternatively, you might wish to please start with the advice HERE, and then please post the requested information in the IP/URL section of the Research Center HERE.

 

Either place ought to bring your issue to the attention of the staff experts who handle these matters. :)

 

Thank you again.

 

P.S. It's always a good idea to start a new, separate forum post for new issues. As the one you report is unrelated to that of the OP or that of the other person who joined this thread, it may have escaped attention by the malware researchers. ;)  No worries, though.

Link to post
Share on other sites

Once again, why doesn't the MBAM that VirusTotal.com uses not find a problem with the n1.smartyads.com URL when the MBAM I have on my computer does find a problem?

If this is not the proper forum to address this issue, please point me to the one that does.

I am running program ver:2.2.0.1024   2015.0.14.4 on a Win7HP sp1 64bit desktop.

Thanks,

 

Because there is no correlation.

 

MBAM works on specific file types and does not target scripted malware such as malicious PHP and JavaScripts.  At the same time MBAM blocks IP addresses and/or sites based upon a different criteria.  For example ( and this is NOT the reason )  The IP address for n1.smartyads.com [ 88.214.193.91 ] may be shared for multiple sites and one of those sites may be a problem and not the URL.

 

It is a complex combination of factors and the fact that n1.smartyads.com is not flagged by Malwarebytes on Virus Total should not raise concerns.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.