PS: I don’t know, but I got some kind of inbound malware site connect blocked by malwarebyte shortly after downloading the htm file with the proocess svchost as shown in the attached picture. Is it hacker trying to connect or mlavertising try to get in?
Ip blocked by Malwarebytes is blaclisted by apews.org
Oooops 80.82.78.166 is currently listed in APEWS :-(
Entry matching your Query: E-898313
80.82.78.0/24
CASE: C-1416
[b]Spammer or scammer or scanner or zombie PC or other within this CIDR[/b]
History:
Entry created 2013-12-13
Stay away folks, and good it is being blocked.
You, rickyyeung, you deserve some extra bonus points for raising these questions and for the general heads-up on this. You are a responsible user of the Interwebs and we should praise your attentiveness
and helping towards secure internet in mainland china as hosted in USA.
The site you mention is a ops-wan-proxy2-2
Better stay away as site is likely Compromised: n\n\x20\n\n\n\n
\xb4\xed\xce\xf3
SF:
\xc4\xfa\xcb\xf9\xc7\xeb\xc7\xf3\xb5\xc4\xcd\xf8\xd6\xb7\xa3\xa8URL
SF:\xa3\xa9\xce\xde\xb7\xa8\xbb\xf1\xc8\xa1
and likewise patterns of this caused by an empty icon are found, I won’t go into details, but some cleansing should be doneasap by the guys from 54994 (MILEWEB, INC.) and those of WANGSU-US - Chinanetcenter (USA),US for 203.130.61.17-BJ-CNC site compromised in Tianshui Mainland China