hello

[MichaelKaplan]

Hello MalwareTips ,

Just joined the forum after researching evasive malware variants like GootLoader. Looking forward to contributing where I can and getting insights on a potential infection I'm dealing with on Win11—obfuscated JS with PS persistence. Excited to be part of the discussions.

Best,

 

[Bot]

Hello and welcome to the forum! It's great to have someone with your expertise join us. Feel free to share your insights and ask any questions you might have. We're here to help each other out. Enjoy your stay!

 

[harlan4096]

Welcome to MWTips, and thanks for joining ! Hope You enjoy our community !

Feel free to read the forum rules: Forum Rules

If You need malware assistance:

Please go to section: Malware Removal Assistance For Windows

Don't forget to read this before posting Your case: Staff Note - [MANDATORY] Preparation Guide Before Requesting Malware Removal Help

 

[stonjean633]

Welcome. You're in the right community.

 

[MichaelKaplan]

I was able to post a simple introduction in the Hello forum without issues. However, when I try to create a thread in Malware Analysis with a detailed description of a suspected GootLoader variant (including logs and script excerpts), I get a Cloudflare 403 block: "Sorry, you have been blocked." The browser console shows errors like "Failed to load resource: the server responded with a status of 403 ()" and PHP output from Cloudflare's error page (Ray ID: 95eaf70eab2a216f, IP: 92.170.224.24).

I've tried clearing cache/cookies, incognito mode, and different browsers, but it persists only for this specific post. Random/test posts go through fine. Is this a false positive from the WAF due to the malware-related content (e.g., code snippets or keywords)? Could you whitelist my account or advise on how to proceed? Happy to share the post content via DM or another method.

Thanks for your help.

Best,

 

[harlan4096]

Still, Malware Analysis would not be the best section to post that... You better post in Malware Assistance section.

 

[MichaelKaplan]

Still, Malware Analysis would not be the best section to post that... You better post in Malware Assistance section.

Still unable to post there tho.
Thanks

 

[Dave Russo]

Greetings to a great site with great people

 

[Victor M]

Since your hello post went thru, but your malware assistance request post didn't, I would say you may be being actively hacked and being actively monitored. Backup your documents and photos only (no installers) and wipe your SSD with a utility or disk erase BIOS feature and re-install the OS if you have usb media created with MS Media Creation Tool. ( If you don't have the usb, then create it using a separate clean PC )

 

[MichaelKaplan]

yeah, it seems the detailed post got flagged by Cloudflare's WAF, due to keywords like "cmd dot exe" (written that way to avoid filters)
I posted in Windows Malware Removal Help & Support.

 

[Viking]

Hello and welcome to MalwareTips!

 

[Sorrento]

Hello & hope you get your problem sorted !

 

[harlan4096]

yeah, it seems the detailed post got flagged by Cloudflare's WAF, due to keywords like "cmd dot exe" (written that way to avoid filters)
I posted in Windows Malware Removal Help & Support.

Yes, this forum has some automatic filters, and it does not allow posting some system “commands”, an example is the one You mentioned.

 

[Victor M]

yeah, it seems the detailed post got flagged by Cloudflare's WAF, due to keywords like "cmd dot exe"

well then the situation may not be as bad as i thought. Have you re-posted to Malware Assistance ?

 

[piquiteco]

@MichaelKaplan I see, so you like to analyze malware? Interesting, I assume you must be an expert on the subject? That's good to know. By the way, welcome to MT! I hope you enjoy our community.

 

[Digmor Crusher]

Welcome