Meneer Posted January 7, 2015 ID:927386 Share Posted January 7, 2015 Hi, Malwarebytes started blocked hxxt://gsmarena.com/ for me. Here is the line from the log:<record severity="debug" process="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" LoggingEventType="0" datetime="2015-01-07T23:49:57.231137+01:00" source="Protection" type="Detection" username="SYSTEM" systemname="*******" last_modified_tag="c0878a7d-520d-47ed-a5d1-2bc5fcf78604" subtype="Malicious Website Protection" direction="Outbound" domain="cdn2.gsmarena.com" ip="94.31.29.3" malwaretype="IP" port="53651"></record> Link to post Share on other sites More sharing options...
Meneer Posted January 7, 2015 Author ID:927388 Share Posted January 7, 2015 Message for the mods: Please remove my "systemname" from my previous post. (Can't I edit posts myself?) Link to post Share on other sites More sharing options...
Staff Spud Posted January 8, 2015 Staff ID:927534 Share Posted January 8, 2015 I obfuscated the systemname for you. The IP is not a False Positive and gsmarena.com had nothing to do with the block. Link to post Share on other sites More sharing options...
Meneer Posted January 8, 2015 Author ID:927575 Share Posted January 8, 2015 I obfuscated the systemname for you. The IP is not a False Positive and gsmarena.com had nothing to do with the block.Thanks obfuscating my systemname. Could you explain this a bit more for me?Why is the IP 94.31.29.3 blocked than?The IP is not listed on SpamHaus nor on VirusTotal.94.31.29.3 is part of hxxp://gsmarena.com/, according to the page-source of gsmarena, 94.31.29.3 does host some .css and ,js files.And why is another sub-domain of gsmarena 'cdn.gsmarena.com' not blocked, while "cdn2.gsmarena.com" is blocked?Thanks. Link to post Share on other sites More sharing options...
MysteryFCM Posted January 8, 2015 ID:927578 Share Posted January 8, 2015 The IP is being blocked because it is housing Browlock. I'm still waiting for a response from the ASN (owner of the IP). Important to note - 94.31.29.3 is NOT a dedicated IP, it's a shared IP, and unfortunately in this case, the site you mention has simply been caught in the cross-fire (had the ASN responded and/or taken action, the block would not have been put in place) Link to post Share on other sites More sharing options...
Meneer Posted January 8, 2015 Author ID:927582 Share Posted January 8, 2015 The IP is being blocked because it is housing Browlock. I'm still waiting for a response from the ASN (owner of the IP). Important to note - 94.31.29.3 is NOT a dedicated IP, it's a shared IP, and unfortunately in this case, the site you mention has simply been caught in the cross-fire (had the ASN responded and/or taken action, the block would not have been put in place)Thanks for clearing things up for me. I appreciate it Link to post Share on other sites More sharing options...
Recommended Posts