Wcinstaller.exe via port 80 blocked by my Sonicwall

The offending IP address is owned by Cloudflare 104.18.87.101 - why is a Cloudflare IP distributing unwanted (possibly malicious) malware?

That’s most likely an infected website that’s using Cloudflare. Without context, it’s difficult to tell how this was initiated, but you’re most likely connecting to something that has this malware.

Thanks, sdayman. I would think I could inform Cloudflare, so they could contact the owner of the site, but I don’t know that procedure. I have a free Cloudflare account with my website brisknet.com (which is NOT directly connected to my office where the Sonicwall blocked the malware).

You can report it here:

https://www.cloudflare.com/abuse/

Thanks again, but I cannot find a URL for that IP address, and the Cloudflare abuse site won’t accept IP addresses without a URL.

Nobody randomly pushed this into your firewall. You need to figure out what at your end requested this.

1 Like

Ironically, the internal IP address is my notebook that (according to the logged times) had Outlook open, accepting email (M365 and Intermedia Hosted Exchange) but nothing else. I also have another two PCs that I work with, with one that had the same Outlook email accounts active (but Sonicwall only identified the destination as my notebook). I have scanned the notebook with Bitdefender and MalwareBytes, finding no identifiable malware. As the Sonicwall indicated it was port 80, I also saw that Firefox was running, as is common, but there were no tabs at websites that were questionnaire.

As this is my work-at-home network, there are not a lot of hidden possibilities. Thank you, sdayman, as I realize as an MSSP, I should know what at my end could have possibly requested this, but I do not.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.