Author Topic: Very bad IP address leads to possible infection (Read 2448 times)

bruce_b · « **on:** October 28, 2016, 01:08:40 PM »

After not being able to connect to: http://www.satinsubmissions.com .. I decided to try a Trace Route
to see what was up. This site is a story site only, no porn on it. When I did the trace route yesterday,
the final location was an IPV4 address. I typed that address in the browser (Firefox 47.0.1 on Windows 10 Home
64) and it is going to a very bad, try to take over the computer type of web page. I did not get a problem as I killed Firefox with Task Manager, cleared all history and then restarted it. Avast did not pick up this as a problem.
Also for all users some advice: Be sure you turn off the Auto Session Restore in Firefox or next time you reopen it you would be right back to that same trouble page. The final IP is: 103.224.182.241
Not sure when or who may have hijacked that site.

Pondus · « **Reply #1 on:** October 28, 2016, 01:37:01 PM »

Quote

it is going to a very bad, try to take over the computer type of web page

was it a fake alert and call this number?

IP History https://virustotal.com/en/ip-address/103.224.182.241/information/

bruce_b · « **Reply #2 on:** October 28, 2016, 01:44:12 PM »

Not sure if a fake, but yes, it did have a call this number. The webpage first came up with a User Login Box, which could not be closed, nor could anything else (x on the tab did nothing) .. As mentioned, was able to kill it with Task Manager.
Just figured the team should be aware of it.

Eddy · « **Reply #3 on:** October 28, 2016, 01:48:04 PM »

There is only a ad when you go directly to that IP and it leads to this :
https://www.virustotal.com/en/url/8de5d15f766fbb3589bb4557971de0b872e253a20d07d1cdea1f11a1f2792f56/analysis/1477655021/

ABP is blocking the malicious ad.

Pondus · « **Reply #4 on:** October 28, 2016, 02:00:26 PM »

Quote

I typed that address in the browser

If you remember the exact url, scan it at VT and post link to result here

bruce_b · « **Reply #5 on:** October 28, 2016, 02:52:39 PM »

I do not recall it. But it should be that IP address I put in the first post. It is possible maybe I mistyped it when I entered it in the web browser yesterday. Not going to try it again and possibly get in trouble.

polonus · « **Reply #6 on:** October 28, 2016, 03:23:37 PM »

@Eddy,

-http://instantfwding.com/?dn=182.241&pid=7PO2UM885 is in Dr.Web malicious sites list!
-http://instantfwding.com/?dn=182.241&pid=7PO2UM885 is present in the Dr.Web database of unwanted sites!

polonus

HonzaZ · « **Reply #7 on:** October 31, 2016, 12:09:27 PM »

The domain seems parked now. The IP you mentioned does indeed have many blocked domains parked on it, but doesn't seem malicious per se.

Author Topic: Very bad IP address leads to possible infection (Read 2448 times)

bruce_b

Very bad IP address leads to possible infection

Pondus

Re: Very bad IP address leads to possible infection

bruce_b

Re: Very bad IP address leads to possible infection

Eddy

Re: Very bad IP address leads to possible infection

Pondus

Re: Very bad IP address leads to possible infection

bruce_b

Re: Very bad IP address leads to possible infection

polonus

Re: Very bad IP address leads to possible infection

HonzaZ

Re: Very bad IP address leads to possible infection