its only been happening the past 2 days but my malwarebytes keeps blocking a phishing attempt whenever I open this site
can anyone else replicate this issue?
not sure if it’s malewarebytes but preview pics and scripts got error messages
firefox: SSL_ERROR_RX_RECORD_TOO_LONG
Every time I open the site my Malwarebytes also has been blocking something for a couple of days.
Phishing is the reason given, address is eroscripts-uploads.nyc3.digitaloceanspaces.com Port 443.
Edit: Malwarebytes tends to occasionally give false positives on things so I haven’t been worried, thought i’d chime in and affirm that it’s doing it however.
do you know if there’s a specific file or something that’s being flagged?
I can also confirm this is happening to me as of today (didn’t visit the site yesterday, so can’t speak specifically if it was happening for me yesterday). Exactly like feanorr1 is describing above.
Malwarebytes isn’t throwing any warnings or notifications about the site but I can confirm that something appears to be wrong with previews. I can’t get any images on the site to load at all.
yeah i get the same blocking message
Adding the eroscripts-uploads.nyc3.digitaloceanspaces.com URL to the allowed list on MalwareBytes solved the issue for me
Well, this is not a solution. I don’t want to add this to the exception. Someone is trying to send something to 162.243.189.2 this IP, and that’s weird. This is happening only the last few days, so I’m sure there is a real issue, not just a false positive.
So yeah, everytime I try to open eroscripts or any page on the site, there is an outbound connection to the Ip I meant above that is blocked by malwarebytes. Also, I can’t download any script now and see previews…
yh it was exactly this it was blocking al the gif/video/picture previews on posts
yh this was what was pinging mb for me, previews were being blocked
yh same for me i cant even download scripts since malwarebytes blocks it
Basically everything that is uploaded to ES (images, funscripts etc.) seems to be uploaded to a storage area, i.e. a kind of a CDN (content delivery network). If I recall it correctly ES is hosted by Digital Ocean and Spaces is a service provided by Digital Ocean.
There has been malware/phishing related stuff occurring related to the IP for the Spaces server that also serves eroscripts-uploads.nyc3.digitaloceanspaces. com and this trigger Malwarebytes to block all downloads from the IP. Either you wait and hope that the block is lifted at some point or you whitelist the URL in Malwarebytes.
Nslookup for eroscripts-uploads.nyc3.digitaloceanspaces.com to get the IP
Information about 162.243.189.2 at VirusTotal
As you can see in the VirusTotal link there are many subdomains that resolve to the same IP.
BTW, Malwarebytes uses a rather crude filter to protect its users. Basically all CDN:s share IP:s among several customers/subdomains. The filter should be done using the subdomain that has been requested, not the resolved IP. Since Malwarebytes use a browser plugin that should be easily done.
This is the same problem with email and RBLs.
When one RBL’s business model is to aggregate other RBLs and a bunch of them do that, you get a very easy global lockout with false positives.
It’s one reason I don’t use RBLs for spam filtering, and why people generally shouldn’t use an anti-virus that depends on user-generated moderation.
For everyone’s info, windows defender is not like it used to be. It’s actually really good these days. It still has some shortcomings in my opinion, but for most people, they don’t really matter.
My advice is, don’t use third-party anti-malware. Most of the time, they’re bloat or malware themselves.
thank you for the context @sentinel and @VladTheImplier , you know way more about this than i do
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.