MalwareBytes blocks Vivaldi



  • I am sorry, but I would think that since the malware report states:
    -Blocked Website Details-
    Malicious Website: 1
    , , Blocked, [-1], [-1],0.0.0

    -Website Data-
    Category: Unspecified
    Domain: akxsrsdbursfpx.bid
    IP Address: 216.21.13.14
    Port: [21627]
    Type: Outbound
    File: C:\Users......\AppData\Local\Vivaldi\Application\vivaldi.exe

    I would think that this shows that Vivaldi is trying to contact a website that has been flagged
    as malicious.
    To me, this means that it does have something to do with Vivaldi.
    I will send the same information to Malwarebytes and see if they can show any light on the matter.


  • Moderator

    From the Community Rules

    • Use the search feature before starting a new thread.

    That issue does not affect only you.



  • I think what is most likely happening is a website you're on is trying to load this domain in an iframe or something. If your anti-malware can block it, then you don't need to take any further action, though be wary of the sites you visit as some of the skechier ones use more unscrupulous forms of generating revenue.



  • Thanks for the reply.
    I get the warnings from Malwarebytes on booting up the computer, before opening
    any browser or anything else.


  • Moderator

    @scbs29 Glad to know it's not Vivaldi related. Check the software settings and change how it runs according to your needs.
    I will tag the topic as resolved.



  • @scbs29 said in MalwareBytes blocks Vivaldi:

    Thanks for the reply.
    I get the warnings from Malwarebytes on booting up the computer, before opening
    any browser or anything else.

    There's some information in Malwarebytes forums (https://forums.malwarebytes.com/topic/193296-outbound-connection-blocked-305-premium/) regarding a Chrome-user's report about a Malwarebytes blocking warning for IP 216.21.13.14: "The IP addresses blocked by MB3's Malicious Website Protection module you've quoted are supporting many dozens of equally randomized URLs and whose true geographic location/ownership is equally masked with lack of answers raising reasonable questions of unknown intent." In other words, Malwarebytes deems the IP to be suspicious due to a lack of supporting ownership who/what/why/where-data in public records and its apparent support of a myriad of randomized domain names (a common ploy for adware/malware).

    Malwarebytes is likely detecting the link to the IP in session information files which are related to Vivaldi and reflect a previous site visit to a webpage containing a link (perhaps for a rotating ad-server) to that IP, and which is now 'frozen' in that session record. The less-pleasant (and less likely) alternative is that your browser has been hijacked by adware/malware actively pointing it to that IP, and reflected in its files and shortcuts.



  • @scbs29 It is strange that it would mark vivaldi as the cause if it happens each time you start up your computer.

    It might be possible that's there is an auto-starting extension installed surreptitiously to your profile (I use a legitimate VPN extension which can auto-start vivaldi).

    Try visiting vivaldi://extensions and disabling your extensions and see if that helps find the cause.


 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.