by Guest on 2023/02/03 10:56:22 AM
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 2/3/23
Protection Event Time: 3:21 PM
Log File: 4b9ef814-a3a8-11ed-8db2-d8bbc1765df3.json
-Software Information-
Version: 4.5.21.231
Components Version: 1.0.1890
Update Package Version: 1.0.65253
License: Pro
-System Information-
OS: Windows 11 (Build 22621.1105)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\tixati\tixati.exe, Blocked, -1, -1, 0.0.0, ,
-Website Data-
Category: Trojan
Domain:
IP Address: **********
Port: *****
Type: Outbound
File: C:\Program Files\tixati\tixati.exe
(end)
You are reading your report incorrectly. Tixati is trying to contact a blocked IP address. It is not that Tixati is doing anything wrong, it was given the address it is trying to contact by a torrent you downloaded. There is so much redacted I can't say more. There are trackers and other things like seeds and peers that are on the Malwarebites hit list. Whether they are real or just some corporate agreement within the industry it is hard to say. Personally I investigate the site using several methods on the net. You are fine to just let Malwarebites do it's thing, at worst you will be a little slower downloading, maybe.
I need to repeat it time and time again. There's no "malicious" anything in the Bittorrent protocol if we speak of the network. It is a false-positive by MalwareBytes. It goes like this:
1. Years ago a malicious website was hosted on IP "Bravo"
2. It was detected and reported as a bad website using the IP "Bravo"
3. IP "Bravo" is now on a malware list
4. The malicious actor stops paying for the web hosting. IP "Bravo" no longer belongs to a bad website
5. The IP "Bravo" is given to a new person renting a server. It may be a VPN, a new website or a tracker server
6. Tixati tries to communicate with the peer or tracker behind IP "Bravo". MalwareBytes still thinks it's a malicious website and gives this warning.
There's nothing in Bittorrent protocol that would be malicious. The worst case is a security bug in a torrent client and in that case it must be reported and fixed. Currently there are no known vulnerabilities in up-to-date clients.