Jump to content

Blocked Site / 'Anti Hacker Alliance' Query


Recommended Posts

Hi all

Just came across the thread below (Not sure if what's now displaying was meant to happen - I just pasted the url and ... ). Anyhow, thought I'd start a new thread rather than tag onto the previous.

My experience seems similar to the other thread's OP.

I was researching an apparently innocuous topic (ancient Greek roads in Attica). I started exploring links from a page (A GIS-BASED STUDY OF ATTICA) on the bordersofattica.org website. The further pages I tried to access, I assume, were all in that website.

MBAM threw up a number of Malicious Website Blocked alerts. I checked these and found only one IP address* referenced (*212.27.63.106) although there were a number of blocks.

I checked that address (on Central Ops net).  That didn't enlighten me. Then, possibly like thais, I googled the address. This produced many links, one of which was "The Anti Hacker Alliance fights against 212.27.63.106". I clicked on this link, and first came to (I've left off the http bit deliberately) "//anti-hacker-alliance.com/index.php?ip=212.27.63.106". That page seemed to load successfully, but then it suddenly 'flipped' to a page "//www.validome.org/lang/en/get/http://212.27.63.106". At this point I think MBAM again threw up a couple of popups announcing further blockages. (On VirusTotal, Yandex Safebrowsing called the "Anti Hacker Alliance" a Malware site. The "Validome" url had no bad reports).

The flip to the "Validome" page worried me as further googling didn't seem to establish a connection between "The Anti Hacker Alliance" and "Validome" so I don't know if this was a valid redirection. I'll attach a (composite) screenshot of the "Validome" page below. I gather MBAM thought loading the "Validome" page was an attempt to access the malicious site.

I looked at the protection log again (an MBAM threat scan had been running at the time) and noted there were 3 "outbounds". There had been 2 when I first checked after noting the alert popups, but I subsaequently re-launched the "Validome" page from Firefox memory to get the screenshots.

I've kept the Threatlog and Protection Log if they're needed.

Help appreciated

ausgumbie

 

ScSh02.png

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.