• Announcements

    • AdvancedSetup

      Support Alert - Hurricane Irma   09/08/2017

      Due to weather in the South East United States response times may be delayed. We appreciate your patience and understanding.  

ausgumbie

Members
  • Content count

    40
  • Joined

  • Last visited

About ausgumbie

  • Rank
    New Member
  1. Hi all Just came across the thread below (Not sure if what's now displaying was meant to happen - I just pasted the url and ... ). Anyhow, thought I'd start a new thread rather than tag onto the previous. My experience seems similar to the other thread's OP. I was researching an apparently innocuous topic (ancient Greek roads in Attica). I started exploring links from a page (A GIS-BASED STUDY OF ATTICA) on the bordersofattica.org website. The further pages I tried to access, I assume, were all in that website. MBAM threw up a number of Malicious Website Blocked alerts. I checked these and found only one IP address* referenced (*212.27.63.106) although there were a number of blocks. I checked that address (on Central Ops net). That didn't enlighten me. Then, possibly like thais, I googled the address. This produced many links, one of which was "The Anti Hacker Alliance fights against 212.27.63.106". I clicked on this link, and first came to (I've left off the http bit deliberately) "//anti-hacker-alliance.com/index.php?ip=212.27.63.106". That page seemed to load successfully, but then it suddenly 'flipped' to a page "//www.validome.org/lang/en/get/http://212.27.63.106". At this point I think MBAM again threw up a couple of popups announcing further blockages. (On VirusTotal, Yandex Safebrowsing called the "Anti Hacker Alliance" a Malware site. The "Validome" url had no bad reports). The flip to the "Validome" page worried me as further googling didn't seem to establish a connection between "The Anti Hacker Alliance" and "Validome" so I don't know if this was a valid redirection. I'll attach a (composite) screenshot of the "Validome" page below. I gather MBAM thought loading the "Validome" page was an attempt to access the malicious site. I looked at the protection log again (an MBAM threat scan had been running at the time) and noted there were 3 "outbounds". There had been 2 when I first checked after noting the alert popups, but I subsaequently re-launched the "Validome" page from Firefox memory to get the screenshots. I've kept the Threatlog and Protection Log if they're needed. Help appreciated ausgumbie