Not sure if I should post this here or in a malware forum so let me know if it’s beyond scope.
I copied my HA VM to another PC as I wanted to upgrade RAM on my optiplex nuc and possibly try out proxmox. The copy was successful, I am able to access the server through external browsers after updating the IP my instance is on. I haven’t been monitoring the host PC of the VM for a few days and recently I came back to it to find this alert from malware bytes.
“Website blocked due to malware
If you don’t want to block this website, you can exclude it from
website protection by accessing Exclusions.
IP Address:
18.194.180.142
Port:
80
Type:
Outbound
File:
C:\Windows\SysWOW64\vmnat.exe”
I’m unsure whatever caused it, I’ve added a few add ons recently, before I roll back to a backup has anyone else seen or encountered this? Do you know which add on ior integration is causing the alert, so I can risk access and remove the cause? I currently have no other VMs on the PC though I have recently installed a VPN on the network this is attached to. I can’t find record of this IP anywhere I’ve looked on my system thus far.
