« previous next »
Pages: [1]   Go Down

Author Topic: 184.82.146.118  (Read 2011 times)

0 Members and 1 Guest are viewing this topic.

ClassyJakey

  • Guest
184.82.146.118
« on: July 13, 2013, 01:21:02 PM »
I keep getting a ip blocked from 184.82.146.118 on chrome all the time, it seems to lead to a very bad website.
 Thank you malwarebytes for stopping it! I suspect i have a virus.
Logged

Offline Michael (alan1998)

  • Massive Poster
  • ****
  • Posts: 2768
  • Volunteer
Re: 184.82.146.118
« Reply #1 on: July 13, 2013, 01:48:02 PM »
False Positive I think.

VirusTotal: https://www.virustotal.com/en/url/294cb3bb196ce3e1d17b0163b5638f35abdfb495f3b56a553c9f1e53379cd1a2/analysis/1373715958/

Avast didn't say anything. It's a Photo sharing site.
Logged
VOLUNTEER

Senior Security Analyst; Sys Admin (Linux); Forensics/Incident Response.

Security is a mindset, not an application. Think BEFORE you click.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: 184.82.146.118
« Reply #2 on: July 13, 2013, 02:25:32 PM »
Hi alan1998,

FP maybe momentarily, but blacklisted and for valid reasons. Unable to connect.
http://hosts-file.net/default.asp?s=184.82.146.118

Do some further  investigation please, before giving advice!

I do not know about the actual situation at that IP but,
there was malware there: http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=184.82.146.118
Down:   mdl_trojan   ARIN   US   nic at hostnoc.net   184.82.146.118    to 184.82.146.118   insightmatch.com   htxp://army.insightmatch.com/w.php?f=19&e=2
Togglevirusname:   mdl_Blackhole exploit kit to unknown_html_RFI   ARIN   US   nic at hostnoc.net   184.82.146.118    to 184.82.146.118   insightmatch.com   htxp://army.insightmatch.com/main.php?page=e54d81cabec42639

Chinese Taiwan provider had flash malware galore for other IPs,
Up(nil):   unknown_html_RFI   ARIN   US   nic at hostnoc.net   184.82.146.118    to 184.82.146.118   insightmatch.com   htxp://army.insightmatch.com/main.php?page=e54d81cabec42639 (situation on 2012-01-19- now also dead)
IP is therefore still being blacklisted: http://www.ipvoid.com/scan/184.82.146.118/
3 red warnings from WOT web rep: http://www.mywot.com/en/scorecard/184.82.146.118

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: 184.82.146.118
« Reply #3 on: July 13, 2013, 02:41:32 PM »
Furthermore see what issues could arise with the application server for that IP "Phusion Passenger (mod_rails/mod_rack) 3.0.11" resulting in  problems towards scanning as we see at hpHosts. "Passenger" seems to override Apache's ErrorDocument entirely or rather has it's own. That's a shame: if a 404
error could get passed back to Apache, it could call a non-static resource (another
redirect, a PHP script, anything)  credits go to jes5 on google documents...  (support ISSUE in relation to Apache, solution is to use full URLs should rather than relative URLs))...

pol
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »