I got this alert randomly when I opened Chrome. I have Avast! free, Malwarebytes PRO, and Superantispyware, and did quick scans with all 3 and found nothing but the usual cookies.
hxxp://107.191.108.68:22222/favicon.ico
URL:MAL
Is this a FP? I quickly closed out of Chrome, and opened it again but the alert didn’t go off.
I also should say Chrome is not my default browser. Firefox is. I use Chrome occasionally for some things I can’t do on Firefox. According to Avast’s program updater, it’s also out of date. The reason I haven’t updated Chrome yet is because every time I try it from Avast’s program updater, it hangs on “preparing” and the last time this happened, I just waited and Chrome just updated itself one day. So I thought I’d wait it out.
That generally means one of the icons in your favourites folder for chrome has a little addition to it. Reset all your favourites and see if that cures it
From the IP and port probe flagged, we can conclude that the following has been going on:
Victim has been in contact with an IP from RAMNODE-9, meaning an Android.Riskware.SMSReg.CS bitcoin malware or banking malware.
Could have been any of the probes for malcode mentioned here: http://www.adminsub.net/tcp-udp-port-finder/22222
My guesses and bets are set on: RUX The TIc.K, as we have seen more of these lately, also victims with this here in the “virus and worms”.
polonus (volunteer website analyzer and error-hunter)