Running a server results in malicious link attack

Victor Rattlehead

Victor Rattlehead

Anyone else getting this?
Never happened before in 2 years of running servers.

Event: Visit to a website was prevented
User type: Initiator
Application name: AssettoCorsa.exe
Application path: C:\Program Files (x86)\Steam\steamapps\common\assettocorsa
Component: Safe Browsing
Result description: Blocked
Type: Malicious link
Name: removed
Precision: Exactly
Threat level: High
Object type: Web page
Object name: removed
Object path: removed
Reason: Cloud Protection

Edit: I removed the name because i don't want anyone accidentally clicking on it, but its an ip address
 
Last edited:
Victor Rattlehead said:
Anyone else getting this?
Never happened before in 2 years of running servers.
Click to expand...
Am not quite sure what you did to generate this error.
The thread title is "Running a server results in malicious link attack", but I am wondering if in fact you
(a) connected to a server (from what source?) rather than running a server
and
(b) then got an error from Windows when doing so?
 
So what I posted is from Kaspersky anti-virus.

I haven't used this PC in 2 months. Last time I logged off, it was running fine
The first thing I did when I launched Content Manager was run my server. So I assumed it was me launching a server.

After I closed my port forwards & changed my firewall to not allow AssettoCorsa.exe to connect.
Quick note AssettoCorsa.exe is actually Content Manager because I clicked launch through Steam on the CM settings ages ago.
Even after this Kaspersky still picked up AssettoCorsa.exe trying to open a web site.
This time I didn't even try anything with a server.
Just CM running was enough to trigger it.

Really odd. It says the IP address is located in Turkey.

I've run a few full scans (no threats detected) and also scanned the AssettoCorsa.exe (Content Manager) and it does not pick it up as a virus.
 
Last edited:
Victor Rattlehead said:
Just CM running was enough to trigger it.

Really odd. It says the IP address is located in Turkey.
Click to expand...
Yeah OK that's pretty odd.
I have no experience with CM but I would be a little bit concerned if I saw that happening on my own machine. That IP address (the one which you deleted) comes up as being linked to malware C&C ("command and control"). Perhaps that's an old designation for it (IP addresses do change from time to time for any given machine) but that is likely to be the reason why it's flagging a problem. And I can't explain why CM would be connecting to that address...
 
Michael Krone said:
Ive always been very skeptical of those "install missing content" buttons in CM. Any possibility of "catching" something from those?
Click to expand...
I think you got a good point.

CM also has its own browser that allows you to download mods.
I have used that before. I wonder if one of those tabs are stil open to a site that is now compromised.
This would make sense as to how i haven't touched anything in 2 months and am now getting this out of nowhere.

Ill check some things to try narrow it down but probably end up re installing CM.

Im very careful with any mods i download & always scan them even if they come from trusted sources.
 
Michael Krone said:
Ive always been very skeptical of those "install missing content" buttons in CM. Any possibility of "catching" something from those?
Click to expand...
I would like someone to speak on this, if possible. Someone who knows the workings of that "button". Id like to know if there are any security measures in place. -Or if you can point anyone to a malicious file simply by renaming it.
 
So I tried to delete some web site stuff from CM and removed the CefSharp plugin in hopes that maybe that would prevent another attempt.
That didn't work & Kaspersky detected it again.
So I did a full uninstall of Assetto & CM, deleted any files or folders related to them.
Installed Assetto & ran it, no issues. Then insalled CM and so far (30 minutes in) no issues.

I had a lot of mods on CM so I'm not sure what it was.
It had to be something I installed that created an exploit on CM to get into my PC.
Unlikely to be car or tracks mods. I think it would be an app or weather mods.
So not Content Manager itself.
 
You must log in or register to reply here.

Top Stories This Month

Assetto Corsa Evo and the Mod Dilemma
Assetto Corsa Evo
Assetto Corsa Evo and the Mod Dilemma
Luca Munroe
Comments
136
Pimax Crystal Light Giveaway: Win A Freshly-Unveiled High-End VR Headset
Hardware
Sponsored Pimax Crystal Light Giveaway: Win A Freshly-Unveiled High-End VR Headset
Yannik Haustein
Comments
299
Le Mans Ultimate Needs Content - And Fast
  • Poll
Le Mans Ultimate
Le Mans Ultimate Needs Content - And Fast
Angus Martin
Comments
76
Racing Club Schedule: May 5 - 11
Misc
Racing Club Schedule: May 5 - 11
Yannik Haustein
Comments
8
GTRevival's Unusually Long Radio Silence - What's Next?
GTRevival
GTRevival's Unusually Long Radio Silence - What's Next?
Yannik Haustein
Comments
57
Why a Four-Time BTCC Champion Created a Sim Racing Business
Hardware
Why a Four-Time BTCC Champion Created a Sim Racing Business
Thomas Harrison-Lord
Comments
17
The BTCC Game May Not Be Dead After All...
rFactor 2
The BTCC Game May Not Be Dead After All...
Thomas Harrison-Lord
Comments
54
How The BTCC and Motorsport Games Reunited
rFactor 2
How The BTCC and Motorsport Games Reunited
Thomas Harrison-Lord
Comments
43
MOZA Racing And Lamborghini Join Forces In Sim Racing
Assetto Corsa Competizione
Sponsored MOZA Racing And Lamborghini Join Forces In Sim Racing
OverTake.gg
Comments
1
$95 Million BlackRock Motor Park Debuts In Assetto Corsa
Assetto Corsa
$95 Million BlackRock Motor Park Debuts In Assetto Corsa
Connor Minniss
Comments
10

Latest News

What's needed for simracing in 2024?

  • More games, period

  • Better graphics/visuals

  • Advanced physics and handling

  • More cars and tracks

  • AI improvements

  • AI engineering

  • Cross-platform play

  • New game Modes

  • Other, post your idea

Results are only viewable after voting.
See comments…
Back
Top