Hi everybody, I’m getting scared from these things:
FireFox blocks redirections on the following sites:
chiponline [dot] hu
pcguru [dot] hu
faviccek [dot] hu
brusheezy [dot] com
NoScript whitelist contained unknown sites and 1 malware site (rated by wot)
One of them is orbitcycle [ dot ] com - the malicious
I ran MBAM and Avast!, both says CLEAN.
Everything started when I visited msn.com - I randomly clicked on “The MSN’s Homepage” when it’s menu didn’t appeared.
I PM-ed essexboy about this.
Report 2010-06-26 20:25:47 (GMT 1)
Website chiponline.hu
Domain Hash 6ecbc443b47b13f1c73c082ead664aa1
IP Address 193.28.86.140 [SCAN]
IP Hostname 3.bleed.hu
IP Country HU (Hungary)
AS Number 47381
AS Name EASYGO-AS EasyGO Kft.
Detections 0 / 19 (0 %)
Status CLEAN
Report 2010-06-26 20:27:48 (GMT 1)
Website pcguru.hu
Domain Hash 45929b188d96310c907a9a292cd0baaf
IP Address 193.28.86.140 [SCAN]
IP Hostname 3.bleed.hu
IP Country HU (Hungary)
AS Number 47381
AS Name EASYGO-AS EasyGO Kft.
Detections 2 / 19 (11 %)
Status SUSPICIOUS
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan DETECTED
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT CLEAN
Scanning site with: Norton SafeWeb SUSPICIOUS
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard CLEAN
Scanning site with: ZeuS Tracker CLEAN
Report 2010-06-26 20:29:13 (GMT 1)
Website faviccek.hu
Domain Hash 627053620bdbbf28ab97b4a92a6fd0c8
IP Address 85.25.77.86 [SCAN]
IP Hostname server3-customer.iworx-host.com
IP Country DE (Germany)
AS Number 8972
AS Name PLUSSERVER-AS PlusServer AG, Germany
Detections 0 / 19 (0 %)
Status CLEAN
Report 2010-06-26 20:30:41 (GMT 1)
Website brusheezy.com
Domain Hash c9afdeeddab08edf01996aaae099a1c0
IP Address 174.36.237.116 [SCAN]
IP Hostname dale.eezyinc.com
IP Country US (United States)
AS Number 36351
AS Name SOFTLAYER - SoftLayer Technologies Inc.
Detections 0 / 19 (0 %)
Status CLEAN
Report 2010-06-26 20:32:12 (GMT 1)
Website orbitcycle.com
Domain Hash 6449e67a3e4aff54d797b807c405e3ea
IP Address 216.234.246.157 [SCAN]
IP Hostname 9d.f6.ead8.static.theplanet.com
IP Country US (United States)
AS Number 21844
AS Name THEPLANET-AS - ThePlanet.com Internet Service…
Detections 3 / 19 (16 %)
Status DANGEROUS
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender UNRATED
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts DETECTED
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: McAfee SiteAdvisor CLEAN
Scanning site with: McAfee TrustedSource CLEAN
Scanning site with: MyWOT DETECTED
Scanning site with: Norton SafeWeb UNRATED
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard DETECTED
Scanning site with: ZeuS Tracker CLEAN
Avast! Network shield also scans the following: twitter.com/steive23isking
A hour ago, avast! checked a rapidshare connection with a stupid and long filename ended with rar.htm
Could go there, faviccek.hu, with flock browser with NS and RP activated, no flag whatsoever. Scan reports clean.
See attached gif. So I think our qualified eliminator essexboy should come into action once again,
Did he try to ping the various sites’ IPs from the command prompt, and what were the results, did he try to check to see if the sites were only off-limit to him, was the IP-range from his provider being blocked higher upstream because someone in that range did something “devious”, questions, questions,
I will try it with IE, but I don’t trust it
I didn’t started Internet Explorer since a year. I don’t have any ad / script blocking addons for Internet Explorer, that’s why I don’t use it
Did you try to go to these sites using a website proxy of some sort like Hidemyass or similar, were you allowed to go there then, then it has something to do with a situation outside your machine, try that,
Maybe you set FF up to do so…??
There’s an option for it, but sorry can’t lead you there, as I use the german version.
English users would know better, where to find it… Please jump in…!
asyn
AWWW… I installed internet explorer 8 and asked me to restart, I restarted my system and freezed with a window: Adding personal settings
I rebooted more than 4 times and now Online Armor asked about 2 files from IE8 but Windows Started normally and everything is loaded.
I need back IE7 :S