Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on February 12, 2017, 04:36:35 PM

Title: Background connections that should be blocked?
Post by: polonus on February 12, 2017, 04:36:35 PM: 1. http://toolbar.netcraft.com/site_report?url=http://tlb.hwcdn.net
and been reported 19 times: https://www.abuseipdb.com/check/69.16.175.10
malicious host: https://otx.alienvault.com/indicator/ip/69.16.175.10/
on IP: https://www.herdprotect.com/ip-address-69.16.175.10.aspx
and https://www.threatminer.org/host.php?q=69.16.175.10
adware mainly and tracking: http://www.malwareurl.com/ns_listing.php?as=AS20446
-> https://www.threatcrowd.org/ip.php?ip=69.16.175.10

2. Not blacklisted? IP Address:   -94.31.29.55
[ IP Lookup ]
Hostname:   -94.31.29.55.IPYX-077437-ZYO.above.net
IP Location:   - United Kingdom (GB)
ISP:   Zayo Group EU Limited
Organization:   netDNA

but malware reported on that IP: https://cymon.io/94.31.29.168

polonus
Title: Re: Background connections that should be blocked?
Post by: polonus on May 27, 2017, 02:52:35 PM: That malware tracker is still active: -94.31.29.55.IPYX-077437-ZYO dot above dot net
Re: https://www.abuseipdb.com/whois/94.31.29.55
and http://toolbar.netcraft.com/site_report?url=94.31.29.55.IPYX-077437-ZYO.above.net
https://cymon.io/94.31.29.55 Lu Lan Shanghai's disrupting ongoing spam abuse for ye all.
Read: https://groups.google.com/forum/#!topic/news.admin.net-abuse.email/N-5exO_i2fI

polonus (volunteer wbsite security analyst and website error-hunter)

SMF 2.0.18 | SMF © 2015, Simple Machines