Jump to content


Photo

False Positive on URL (?)


  • Please log in to reply
3 replies to this topic

#1 yarl

yarl

    New Member

  • Members
  • Pip
  • 16 posts

Posted 26 April 2012 - 03:06 PM

Hi MB,

Could you double check that www.ice2012.org is a dangerous site and should be blocked? MB is blocking it but the conference organizers have a different opinion.

Thanks!

E

#2 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 27 April 2012 - 04:34 AM

That domain resolves to 110.45.146.30, which we don't actually block.

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#3 yarl

yarl

    New Member

  • Members
  • Pip
  • 16 posts

Posted 30 April 2012 - 12:01 PM

Would you mind checking again? It does resolve to 110.45.146.30 but the log below shows what MB does:

Thanks for your help!

2012/04/30 07:32:00 -0700 PW52 eb MESSAGE Executing scheduled scan: Quick Scan | Daily | Silent | -remove | -terminate | -reboot | -log
2012/04/30 07:32:00 -0700 PW52 eb MESSAGE Scheduled scan executed successfully
2012/04/30 08:16:31 -0700 PW52 eb IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 53585, Process: firefox.exe)
2012/04/30 08:16:31 -0700 PW52 eb IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 53592, Process: firefox.exe)
2012/04/30 08:16:39 -0700 PW52 eb IP-BLOCK 173.192.183.195 (Type: outgoing, Port: 53606, Process: firefox.exe)
2012/04/30 09:38:37 -0700 PW52 eb IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 56483, Process: firefox.exe)
2012/04/30 09:38:37 -0700 PW52 eb IP-BLOCK 173.192.183.196 (Type: outgoing, Port: 56489, Process: firefox.exe)

#4 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,390 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 30 April 2012 - 12:08 PM

Can you e-mail me a Fiddler (www.fiddlertool.com) and Wireshark (www.wireshark.org) capture please?

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users