03-01-2017 09:21 AM
Has anybody else noticed that their botnet report is triggering on weird URLs that couldn't actually exist. I've listed some examples but I can't figure out why some of the URLs being reported are so clearly 'wrong'.
Visited malware URL 8M{zy!ces{~yeo{au?qfg.>Kcf~%7fwze%7fm%20}crzfeg!~znbe?mk%7fi%20}%7feca$lbkez|5#T82<:59<#%207;L-`bm2xefy/8M(<I5#T~}|~znbe``h~bh%20l%7f|7;Lfec`jc~fh'x!~mg%7f~~$y%7fm%7fztpfl'x|x||=w{nb%7f%7f(<I!)%?2<?>?*W4z7bv}`~v#v$8j=<m?$r
Visited malware URL 8Miczjbes`dficz*Ws{~x)?Hcq<w}'ha%20a|sp`z'ecykm%7f~y$geoxb{i<%209;<<?<8=bffxrezb|7~fi6dyz%7f5S,8M)?Hxgf<ek%7fe`k|>r}d/9Jh`{ucfhceah`{5#Thx%7f%7f(<I|p?l~&o`#`crs{y&bbzjr~}b'fbn{cdh?;::;=<='<a}eyu#f{}}4z7bv}c{w!t$2<oh?6)'
Visited malware URL 9J)?B%204A|~cxxdp|(dgd/9J`kkosg{n%7f?#tmv;Oc.?It6Y5-;<~~a!6Bo|}z.?L!7@:O~|e~plr~&jef)?Bqnb%ek%7fi~p(oi%kojyy}(rumgnx)?B#jhk4b%7fx}!6G:O/9Jyslusa}s%obi%204A|ao&`lp`us%`d&nhepr~%}xnbiw%204A
Visited malware URL 3@'1B%204A%7f~w/pf`aos&jol'1Bw#5Nhlm'1B#jhk4huvs!6G:O=tsr(nfmeqgm``hs&jo/wh!7@im~s$0Esjtkl,2Gcnawodiz=tllrb%aotqf)aiiied,vqqhv*xeaovf`(`fcl-rvlv|+telas/skiosajo,pftjtsm{-mgbov+pizhhldpjh*mqalkmaw+f??02235+nsee&r?j~ukqbz3,f:6`b>ih
03-19-2017 09:24 AM
I've not seen these personally, but they look like they are worth reporting in an official support ticket. Seems likely to be a bug they will need to work on.
03-20-2017 07:30 AM
Actually this appears to have vanished with time. I'm not sure why it started reporting correctly again since it corrected itself prior to any interaction from myself. I have restarted since then and haven't seen it come back at all.
03-20-2017 12:52 PM
I agree. Mine has also corrected on its own. Not sure why.
03-20-2017 01:03 PM
@GHoffman glad to know I wasn't the only one affected, hadn't seen it getting reported anywhere.
03-21-2017 08:22 AM
I was also glad that someone else was experiencing the problem. I reported yesterday that the problem seemed to have gone away, but I had some pop up in this morning's botnet report. I sent in a ticket.
03-21-2017 09:31 AM
@GHoffman, That's awesome as this morning I actually saw them pop back up again as well. The funny thing is they report perfectly fine this time in my logs, and the same URL was fine for other clients, so not exactly sure what's going on with it.
03-22-2017 07:55 AM
My botnet reporting is still showing the crazy URL syntax as well. Not on every suspected entry though.
03-22-2017 08:43 AM
@Brandon_Wertz ya it appears to have come back within the last few days for some reason. I would say likely 70% of my entires show fine and the rest will be crazy and unusable; however I can look in my logs and see that it records the correct data for the entry.
03-23-2017 06:25 AM
Hey all; so i've been looking through this and it appears that all of my weird entires are from fqtag.com, and it's only listing the last section of the URL which is why it looks so god awfully weird. I've open a case to see why it's doing this and not showing fqtag.com/whatever so we can at least verify what domain they are going to.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
