Jump to content


Photo

94.23.4.164 - How deadly is this site?


  • Please log in to reply
1 reply to this topic

#1 Zubb

Zubb

    Member

  • New Member
  • Pip
  • 1 posts

Posted 22 June 2010 - 10:31 AM

Hey guys,
I was just browsing a website which i know is 100% safe and out of the blue I get a message from my firewall saying it has blocked a website.

How come it just appeared when I wasn't browsing anything dodgy?
Also, I read up on it on google and it says Never ever go on it. It has serious malware.

How bad is it, and how did it end up trying to open the website on my computer?

I've scanned my computer several times and it's clean.

Thank you :)
Jason.

I posted the screenshot in the attachment :]

Attached Files



#2 mikey

mikey

    Advanced Member

  • Expert
  • PipPipPip
  • 104 posts

Posted 22 June 2010 - 08:43 PM

I was just browsing a website which i know is 100% safe and out of the blue I get a message from my firewall saying it has blocked a website.

What site were you browsing and how do you know it is safe? Sites are hacked all the time.

As for the IP blocked;

Much is noted here; http://www.robtex.co...x?q=94.23.4.164 More info incl blocklists; http://www.robtex.co...4.23.4.164.html

WOT; http://www.mywot.com...ard/94.23.4.164

SiteAdvisor; http://www.siteadvis...tes/94.23.4.164

Proxomitron Log;
Note; No page view was allowed.

+++GET 764+++
GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
User-Agent: Mikey/0.02 [fu] (Win67; X; SK)
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 09 Nov 2009 08:38:30 GMT
If-None-Match: "55f17-1fb-477ec1e3acd80"-gzip
Host: 94.23.4.164
Pragma: no-cache
Connection: keep-alive
Browser reload detected...

+++RESP 764+++
HTTP/1.1 200 OK
Date: Wed, 23 Jun 2010 02:33:39 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny3 with Suhosin-Patch
Last-Modified: Mon, 09 Nov 2009 08:38:30 GMT
ETag: "55f17-1fb-477ec1e3acd80"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 326
Content-Type: text/html
BlockList 764: in AdKeys, line 14
Match 764: Banner Blaster (limit text)
Match 764: Kill pop-up windows
Match 764: Suppress all JavaScript errors
Match 764: Stop browser window resizing
<end> 764: Restore pop-ups after a page loads
+++CLOSE 764+++
BlockList 765: in Bypass, line 19
Browser reload detected...


Fiddler Source Capture; http://voiceofthepub...94.23.4.164.txt iframe; http://voiceofthepub...64fling_com.txt

I've scanned my computer several times and it's clean

BTW IMO a reactionary scanner that depends on definitions can NOT and NEVER will be able to tell whether your sys is 'clean' or not.

Edited by mikey, 22 June 2010 - 09:22 PM.





Member of ASAP and UNITE
Support SpywareInfo Forum - click the button