hashflare.io

[PiERiT]

Sometimes (not always) when browsing [H], I get a popup from my Malwarebytes saying hashflare.io 104.20.13.241 has been blocked. A quick search says this is one of those browser-based crypto miners.

Was this put in intentionally? If not, thought I'd mention it here in case it's being fed from some malicious ad or something like that.

Kyle Bennett Edit: Response from Malwarebytes! False positive.

 

[RoldanLT]

https://www.hardocp.com or https://hardforum.com/ ?

 

[PiERiT]

Sorry -- the latter, HardForum.

 

[Loose Nut]

Today both the home page and the forum

 

[DooKey]

Yep, I'm getting the same thing.

 

[FrgMstr]

Yes, I have been able to confirm this now. I am seeing Malwarebytes warning this on both HardOCP and HardForum. Keep in mind that the two a totally separate systems, fully 100% independent of each other. Odd to see both with the same issue. It is NOT an ad issues either, that I have been able to verify. Both sites site behind CloudFlare and I am wondering if this is not a false positive associated with something to do with that.

FWIW, I no longer fun Malwarebytes due to the amount of false positives it has made me run down in the past couple of years. I have no trust in it. I will surely be looking into this, but I would suggest that our IP somehow got swept up in one of Malwarebytes reports. I can find NOTHING specific to the issue with the code on our site. There are no miners running on it that I can see and we surely have not put one in ourselves.

Again, HardOCP and HardForum are 100% independent of each other besides sharing a Cloudflare account and given that IP is the only common denominator here, I would suggest Malwarebytes is giving a false positive based on that.

 

[FrgMstr]

Going back and reading on how Malwarebytes does this, it is NOT DETECTING anything.

"Malicious Website Blocking provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges, for example, NetDirekt, which is host to the Internet Service Team."

https://forums.malwarebytes.com/topic/21076-info-malicious-website-blocking/

Someone, has put our Cloudflare IP in this database? That said, we have had our CF IPs for around six months now IIRC.

 

[FrgMstr]

I have started a topic at Malwarebytes here: https://forums.malwarebytes.com/topic/216561-hardocpcom-hardforumcom-blocked/

Let's see if we get any attention or explanation of its actions.

 

[FrgMstr]

I have now notified Cloudflare as well.

 

[PiERiT]

Good info, thanks Kyle.

 

[FrgMstr]

 

[FrgMstr]

Should be fully fixed. Update your Malwarebytes database.