• Browser
  • Mail
  • News
  • Community
  • About
Register Login
HomeBlogsForumThemesContributeSocial

Vivaldi

  • Browser
  • Mail
  • News
  • Community
  • About

Navigation

    • Home
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Desktop
    3. Vivaldi for Windows
    4. Malvertising Reported by Malwarebytes

    Malvertising Reported by Malwarebytes

    Vivaldi for Windows
    4
    6
    249
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • janrif
      J
      janrif
      last edited by

      Both in Snapshot & Stable versions I'm getting a block running Malwarebytes Premium. The file it is identifying as problematic is Application > (Snapshot) Vivaldi.exe.

      I just downloaded the most current stable version of Vivaldi to its own folder & I am getting the same popup.

      Can anyone offer me any suggestions? Does anyone else use Malwarebytes who is getting the same problem? Is it even possible that the malvertising snuck into the Vivaldi servers after it went down & was fixed a few days ago? TIA

      06d10916-e167-4d03-bc82-6836c24b71d8-image.png

      Jan Rifkinson
      Ridgefield CT

      Vivaldi 7.4.3671.3 (Official Build) (64-bit)
      Revision 3a863f57b5de5c97834577463e4586fc8c9a0b37
      OS Windows 11 Version 24H2 (Build 26200.5518)

      DoctorG
      D
      Pathduck
      P
      Hadden89
      H
             4 Replies Last reply       Reply Quote 0
      • DoctorG
        D
        DoctorG Soprano @janrif
        last edited by

        @janrif Perhaps a extension which wants to fetch ad data connects to this IP.

        _bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
        Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting

        Linux Debian 12 KDE X11 / Windows 11 Pro
        Intel i5-7400 / NVidia GT 710

        1 Reply Last reply Reply Quote 0
        • DoctorG
          D
          DoctorG Soprano @janrif
          last edited by DoctorG

          @janrif said in Malvertising Reported by Malwarebytes:

          Is it even possible that the malvertising snuck into the Vivaldi servers after it went down & was fixed a few days ago?

          No, Vivaldi servers were not affected by malware or other security issues, so the Vivaldi binary can not have been hijacked or infected.
          Vivaldi installer and exe file is signed by a certificate and that can be checked.

          I guess some "free" software on your PC could have installed such malware.

          _bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
          Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting

          Linux Debian 12 KDE X11 / Windows 11 Pro
          Intel i5-7400 / NVidia GT 710

          1 Reply Last reply Reply Quote 0
          • Pathduck
            P
            Pathduck Soprano Moderator Supporters @janrif
            last edited by Pathduck

            @janrif It's not reporting vivaldi.exe as malware. It's reporting an outbound connection from Vivaldi to the IP in question.

            This connection could be initiated by an extension for instance, or simply from visiting a website that in turn makes a request for a resource on that IP.

            Would be interesting to know when you get this warning, what website you're visiting when it happens, how often etc.

            Listing all domains hosted on an IP is difficult, but there are tools out there that can do it.
            https://2ip.io/domain-list-by-ip/139.45.197.154/
            That's a lot of shady-looking domains...

            🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
            🦆"With a rubber duck, one's never alone" -Douglas Adams🦆

            1 Reply Last reply Reply Quote 1
            • DoctorG
              D
              DoctorG Soprano
              last edited by DoctorG

              Some report on this IP at
              https://www.virustotal.com/gui/ip-address/139.45.197.154/details

              Loosk like website behind this IP send ads and othr unwanted things.

              Oh strange domains behind this IP:
              https://urlscan.io/search/#139.45.197.154

              _bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
              Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting

              Linux Debian 12 KDE X11 / Windows 11 Pro
              Intel i5-7400 / NVidia GT 710

              1 Reply Last reply Reply Quote 1
              • Hadden89
                H
                Hadden89 @janrif
                last edited by Hadden89

                @janrif Probably some bad site snatched into the browser data. Purge the whole cache and check the service workers:
                vivaldi://serviceworker-internals

                Vivaldi Stable+Snap | Patience Is The Key To Get The Vivaldi Spree | Unsupported Extensions | Github | windows 11 | Manjaro KDE | Q4OS Trinity | Android 13

                1 Reply Last reply Reply Quote 2
                Loading More Posts
                • Oldest to Newest
                • Newest to Oldest
                • Most Votes
                Reply
                • Reply as topic
                Log in to reply
                • 1 / 1
                • First post
                  Last post

                Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.

                Copyright © Vivaldi Technologies™ — All rights reserved. Privacy Policy | Code of conduct | Terms of use | Vivaldi Status