Jump to content
Sign in to follow this  
TomFace

https://www.lbhydju.net ExpressVPN

Recommended Posts

I was online using my VPN (ExpressVPN) logged out of it and then started getting blocked address messages from ESET (from various IPs). Am scanning now. Does anyone have any information on this issue? I am still getting the messages logging back into ExpressVPN as of now. First time I have had an issue with this.  I'm disconnecting now till after the scan is done.

3.thumb.jpg.01fc221c014448fe436dc89d6463d099.jpg

Edited by TomFace

Share this post


Link to post
Share on other sites

Looks like it has been blacklisted for serving up potentially dangerous content.

Eset_Black_Listed.thumb.png.5cd5d24589f7e98c4b6a34e1114bf23c.png

I also ran a scan with Robtex using the IP address, 107.6.159.114, shown in your alert window. The domain name shown in your alert, hxxps://www.lbhydju.net, does not resolve to that IP address. Only shown are the following domain names associated with that IP address:

asdjkljfjaowjfq.net
bezakef.net
fjffpwt.net
jovqxxh.net
n1ui5fms.net
sonwf81nt.net
yzdkh.net
apis-chi-7.expressvpn.com

According to WHOIS IP Address lookup the IP address associated with hxxps://www.lbhydju.net is 198.143.153.42. This does appear to be related to ExpressVPN; i.e. Singlehop LLC. Finally, Eset detected IP address, 173.236.44.10, for my attempted access to the domain.  

Edited by itman

Share this post


Link to post
Share on other sites

I'll submit it to ESET for review.

Share this post


Link to post
Share on other sites

It was fixed yesterday a few minutes after you reported it here.

Share this post


Link to post
Share on other sites
7 hours ago, Marcos said:

It was fixed yesterday a few minutes after you reported it here.

Excellent Marcos....I did submit an e-mail to samples@ESET this morning before I logged in here.

Thanks again.

Regards,

Tom

Share this post


Link to post
Share on other sites

Dear friends. i am still facing this issue. My antivirus is constantly popping with that website name and has been blocked message. While I am writing this I can see its popping. What should I do? 

Share this post


Link to post
Share on other sites
15 hours ago, Ajit said:

Dear friends. i am still facing this issue. My antivirus is constantly popping with that website name and has been blocked message. While I am writing this I can see its popping. What should I do? 

Either you are using older ESET modules or it's another domain / IP address which is blocked. Please post the appropriate records (the whole row) from the Filtered websites log.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×