Discussion topic: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

This message was authored by: timbol · ‎17 Apr 2024

Hi, I use Outlook365 on my Acer Desktop PC and have Norton360 installed for my internet security and Malwarebytes Premium also installed for malware and phishing threat protection. I have been receiving 'Blocked Website due to phishing' warnings from Malwarebytes when I view random emails in Outlook365. I raised a support ticket with Malwarebytes Support who have responded saying

"The blocks are on the website d15k2d11r6t6rlcloudfront.net
The IP 90.207.238.183 does indeed belong to SKY UK Ltd.
the process used is Outlook
You would need to find out from sky what the website d15k2d11r6t6rlcloudfront.net is used for with relation to Outlook emails, it may be their email server.
There are some indications that the site is hosting malware
(Removed)

I've looked on Sky's website and can't identify who I should contact to report this and the Virtual Assistant couldn't cope with simple questions. Has anyone else using Malwarebytes received a similar 'website blocked' notification flagging a potentially malicious sky domain and ip address? The website address d15k2d11r6t6rlcloudfront.net is also flagged as malware by Norton Private BrowserAny assistance would be much appreciated - thanks in advance

Moderator note: Removed third party link.

This message was authored by: GD1 · ‎17 Apr 2024

@timbol What was the original email about? was it telling youyou needed to ugrade your Yahoo email account by any chance? If yes, then it is 100% scam email and the site has been blocked by the AV correctly to prevent any persoanl data from being ollated.

Like you I'm a customer here, Sky Employees are clearly identified as such.
43" Glass TV & Puck Whole Home
Please note I only provide help on the main forums and not via PM, PM's are switched off.

Samsung 75" 4K TV, Sky Glass Gen 2 55", Sky Stream, EE FTTC Broadband, Three 5G Broadband (Backup), Sony 7.1 AV Receiver, Technisat MultiSat receiver.

This message was authored by: Mark39 · ‎17 Apr 2024

I use Malwarebytes Premium and Outlook 2019 and haven't come across this. The domain address isn't a Sky website but looks to me like a page,you might see if you click on one of the articles/ads at the end of a Sky News article, in this case promoting links to heavy lifting equipment, such as fork lifts.

This message was authored by: timbol · ‎17 Apr 2024

Hi, thank you for responding so promptly. The irony is that the email I was reading when I received this notification was a newsletter from Malwarebytes, but the 'website blocked due to phishing' pop-up has also appeared previously when reading other random emails from reputable senders. My previous ISP was TalkTalk as I was originally a customer with Tiscali and still use tiscali.co.uk email addresses. I know that at least one of my tiscali.co.uk email addresses was subject to TalkTalk's data breach a few years ago and almost daily receive phishing emails, scam telephone calls and scam text messages. I am extremely careful to identify phishing emails and forward any I receive to the email address that you can report phishing to gov.uk (wouldn't allow me to quote the actually gov.uk email address) then I promptly delete them. The other odd thing is that full system scans by both Norton360 and Malwarebytes Premium fail to identify any potential malware on my system. These website blocked notifications just appear randomly when viewing emails but the notifications always display a Sky domain and ip address. Malwarebytes Support advised me to contact Sky to flag the potentially malicious domain and ip address but I just didn't know who to make contact with thus my post on sky community

This message was authored by: jayach · ‎17 Apr 2024

@timbol wrote:
These website blocked notifications just appear randomly when viewing emails but the notifications always display a Sky domain and ip address.

The I.P. address you show is definitely Sky, but the URL isn't (it's I.P. address is 103.224.212.213 and yes, it's definately a phishing site.) so I don't know how or why Malwarebytes is associating them.

This message was authored by: Mark39 · ‎17 Apr 2024

@timbol wrote:

Malwarebytes Support advised me to contact Sky to flag the potentially malicious domain and ip address but I just didn't know who to make contact with thus my post on sky community

Sky's help article here gives several addresses you can report it to: https://www.sky.com/help/articles/sky-scams-help

This message was authored by: Mark39 · ‎17 Apr 2024

@jayach wrote:

The I.P. address you show is definitely Sky, but the URL isn't (it's I.P. address is 103.224.212.213 and yes, it's definately a phishing site.) so I don't know how or why Malwarebytes is associating them.

I agree. The reported domain isn't a Sky website.

This message was authored by: timbol · ‎17 Apr 2024

Hi, thanks for your comments. Malwarebytes Support have confirmed the domain and ip address belong to Sky, it was also identified as belonging to Sky when I checked on the NordVPN IP Address Lookup website. It's all very odd as the pop-ups are completely sporadic. However, rather oddly the website blocked warning appeared on two separate newsletter emails from Malwarebytes. It really is a mystery

Discussion topic: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

All Replies

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Re: Suspected Malware Picked Up By Malwarebytes Anti-Malware Software

Was this discussion not helpful?

Search Sky Community

Start a new discussion