Jump to content

https://www.lbhydju.net ExpressVPN

TomFace

By TomFace
in Malware Finding and Cleaning

 Share

Recommended Posts

TomFace

TomFace 539

Posted
Posted (edited)

I was online using my VPN (ExpressVPN) logged out of it and then started getting blocked address messages from ESET (from various IPs). Am scanning now. Does anyone have any information on this issue? I am still getting the messages logging back into ExpressVPN as of now. First time I have had an issue with this.  I'm disconnecting now till after the scan is done.

3.thumb.jpg.01fc221c014448fe436dc89d6463d099.jpg

Edited by TomFace
Link to comment
Share on other sites
itman

itman 1,659

Posted
Posted (edited)

Looks like it has been blacklisted for serving up potentially dangerous content.

Eset_Black_Listed.thumb.png.5cd5d24589f7e98c4b6a34e1114bf23c.png

I also ran a scan with Robtex using the IP address, 107.6.159.114, shown in your alert window. The domain name shown in your alert, hxxps://www.lbhydju.net, does not resolve to that IP address. Only shown are the following domain names associated with that IP address:

asdjkljfjaowjfq.net
bezakef.net
fjffpwt.net
jovqxxh.net
n1ui5fms.net
sonwf81nt.net
yzdkh.net
apis-chi-7.expressvpn.com

According to WHOIS IP Address lookup the IP address associated with hxxps://www.lbhydju.net is 198.143.153.42. This does appear to be related to ExpressVPN; i.e. Singlehop LLC. Finally, Eset detected IP address, 173.236.44.10, for my attempted access to the domain.  

Edited by itman
Link to comment
Share on other sites
TomFace

TomFace 539

Posted
  • Author
Posted
7 hours ago, Marcos said:

It was fixed yesterday a few minutes after you reported it here.

Excellent Marcos....I did submit an e-mail to samples@ESET this morning before I logged in here.

Thanks again.

Regards,

Tom

Link to comment
Share on other sites
Ajit

Ajit 0

Posted
Posted

Dear friends. i am still facing this issue. My antivirus is constantly popping with that website name and has been blocked message. While I am writing this I can see its popping. What should I do? 

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
15 hours ago, Ajit said:

Dear friends. i am still facing this issue. My antivirus is constantly popping with that website name and has been blocked message. While I am writing this I can see its popping. What should I do? 

Either you are using older ESET modules or it's another domain / IP address which is blocked. Please post the appropriate records (the whole row) from the Filtered websites log.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...