Site Blocked Due to Malware

See a problem on the website, wiki, or forum? Tell us here.
Post Reply
jacob32123
Posts: 96
Joined: Thu Dec 12, 2013 4:53 am

Site Blocked Due to Malware

Post by jacob32123 » Fri Nov 11, 2016 6:17 am

FYI, OpenDNS has shapeoko.com sinkholed at the DNS level, claiming it's malicious. I can't find much info on what the issue is; VirusTotal says shapeoko.com is clean, but https://sitecheck.sucuri.net/results/shapeoko.com is clearly unhappy with the domain.

EDIT: Found this: http://www.malware-traffic-analysis.net ... index.html. If I have time tomorrow, I'll take a detailed look at it.

twforeman
Posts: 1351
Joined: Tue Jan 29, 2013 4:51 pm
Location: Minneapolis, MN
Contact:

Re: Site Blocked Due to Malware

Post by twforeman » Sat Nov 12, 2016 3:25 am

jacob32123 wrote:FYI, OpenDNS has shapeoko.com sinkholed at the DNS level, claiming it's malicious. I can't find much info on what the issue is; VirusTotal says shapeoko.com is clean, but https://sitecheck.sucuri.net/results/shapeoko.com is clearly unhappy with the domain.
The sucuri.net site is complaining that the carbide3d website (which the bare http://www.shapeoko.com redirects to) has indexing turned on for /press/

Which it does. But:

1. That's not the forum.

2. That's not even hosted on the same server as the forum.

3. That's not malware.

4. Sucuri.net is trying to sell you malware detection...

If you go to the "scan the site" page you can scan the forum and it comes up clean:

https://sitecheck.sucuri.net/results/ww ... com/forum/

The wiki also comes up clean:

https://sitecheck.sucuri.net/results/ww ... .com/wiki/

Can you provide more information about the OpenDNS issue? According to this there are no tags on shapeoko.com

https://community.opendns.com/domaintag ... apeoko.com
jacob32123 wrote:EDIT: Found this: http://www.malware-traffic-analysis.net ... index.html. If I have time tomorrow, I'll take a detailed look at it.
This is from October. The site was cleaned a few weeks ago and I just scanned all the forum files for the string that is in that analysis.

The web proxies where I work are also blocking shapeoko.com and I'm still trying to figure out why. As far as I can tell there is no malware here, but if you find differently please let me know.
Ender 3 3D Printer
ShapeOko v3 serial #0004 - upgrade thread
All of my ShapeOko related blog posts

jacob32123
Posts: 96
Joined: Thu Dec 12, 2013 4:53 am

Re: Site Blocked Due to Malware

Post by jacob32123 » Sat Nov 12, 2016 3:37 pm

Here's a screenshot of the OpenDNS issue:

Image

I did "contact my network administrator" and am waiting to hear back.

JuKu
Posts: 69
Joined: Sun Sep 02, 2012 2:55 pm

Re: Site Blocked Due to Malware

Post by JuKu » Sat Dec 17, 2016 7:14 pm

Norton says you have "Rig Exploit Kit Website 8" from add.whitecoatlies.net (81.177.6.49)

jacob32123
Posts: 96
Joined: Thu Dec 12, 2013 4:53 am

Re: Site Blocked Due to Malware

Post by jacob32123 » Sun Dec 18, 2016 3:47 am

JuKu wrote:Norton says you have "Rig Exploit Kit Website 8" from add.whitecoatlies.net (81.177.6.49)
I definitely don't have it given that this occurred on my phone and laptop and (more importantly), my ISP was able tor resolve it my adding a whitelist entry for shapeoko.com. They would not tell me why it was blocked in the first place though.

twforeman
Posts: 1351
Joined: Tue Jan 29, 2013 4:51 pm
Location: Minneapolis, MN
Contact:

Re: Site Blocked Due to Malware

Post by twforeman » Mon Dec 19, 2016 2:27 pm

I also submitted a request to the company that runs our web proxies and they unblocked it without any comments about why it was blocked in the first place.

I think it was a spurious blocking.
Ender 3 3D Printer
ShapeOko v3 serial #0004 - upgrade thread
All of my ShapeOko related blog posts

Post Reply