Well, whatever. What is going on is basically that:
- you have
DHCP enabled
- your browser searches for proxy configuration via
proxy autodiscovery, doing that, they query
wpad hostname for configuration file location. The file is - per RFC - called
wpad.dat- the domain name your IT added your machine to is
appended to the lookup, so that you get wpad.<my employer>.org query
- your employer has a
wildcard DNS record that points to the GoDaddy webhosting (mkay, wildcard records are bad...
)
- the webhosting for whatever reason happily
serves the same parking index page no matter what your try to GET - instead of proper
404 Not Found # wget http://68.178.232.99/dfdfsdfsdfewretretretre
--2011-03-27 19:14:33-- http://68.178.232.99/dfdfsdfsdfewretretretre
Connecting to 68.178.232.99:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 24363 (24K) [text/html]
Saving to: dfdfsdfsdfewretretretre
100%[==============================>] 24,363 41.1K/s in 0.6s
2011-03-27 19:14:34 (41.1 KB/s) - dfdfsdfsdfewretretretre
- avast! dislikes that page for whatever reason. Beyond the advert links, I do not see anything suspicious in the source of the parking page.
Outta here. Someone might want to look at the source of the page. If it is clean, report as false positive. I do
not think there is any infection on your machine. I also think that GoDaddy sucks.