Jump to content

impression.uprise.website IP 8.34.112.224 and 225


parkmcgraw
 Share

Recommended Posts

I am getting malware alerts for "impression.uprise.website" from Straits Times and Deutsche Welle along with some other news sites. This appearing to be a continuing problem associated with my last report which was pertaining to "impression.dubnov.com" and per the Malware Bytes staff, an Adware.BrowseFox infection. 

malwarebytes-warning-dw.com-impression.u malwarebytes-warning-straitstimes.com-im

My system and possibly a specific target by unscrupulous groups to include my own government, being constantly hacked within a day or two of each, fresh, Win7 Ult64 Install. I using WSUS to update Windows not the windows update function. That from my 4 decades of computing experience, have reached the conclusion that no antivirus or anti malware effectively preempts in a prophylactic manner the assaults upon my computer systems, less the insinuating program code has already been identified into its discreet form, a precise solution to address the rouge code having already been independently developed, tested and show to be repeatable.

Like the other alerts I had last week "impression.dubnov.com", this alert "impression.uprise.website" and malware appears to be immune to the anti malware and antivirus programs I have installed along with what has been made available to me by your helping staff. I running the gauntlet of programs only to find nothing out of the ordinary being detected and expected result, each "detection" program like trying to write a program that determines in advance if a piece of code will crash. Most all malware and antivirus programs being ineffective to new exploits less part of the exploit that is visible is being reused or very similar to another exploit, the reused element having already been identified and shown to be isolatable.

This warning (exploit) "impression.uprise.website" like others appearing to be a zero day exploit and does as it wills. One of the notable symptoms on the computer being not able to past text into the Google search line to text pasted into the Disqust forum chat box being badly corrupted or the text repeating with most of the text exclude when pasted, typically taking multiple attempts to be successful.

The try this try that routine being provided by the staff at Malwarebytes being symptomatic of not fully comprehending thus understanding the core problem at software level, thus the low productivity, low yield, high time consuming, dart throwing approach (a.k.a. guessing) to troubleshooting warning issues. That unlike troubleshooting electronic hardware or lasers where a person goes directly to the problem, knowing in advance what is causes the observed symptoms being displayed on the oscilloscope, beam profiler or spectrum analyzer, because the person performing the troubleshooting understand why the physical processes are occurring in the first place.

As a request, would appreciate it if the staff on this forum had more patience with the users, for just because the customer has not responded in a few days, the staff grown impatient after just 5 days of user silence, I observing conditions with the system along with other task, does not mean the underlying issue promoting the waning notice has been resolved, nor should the issue be disregarded as binned in nature, thus worthy to be shelved in such short order.

To close, I find it arrogant and grossly inappropriate to remotely refer to this section for reporting a warning notice as a "false positive" and expression of "failure to comprehend or respect" the nature of each event that is being reported, that or a juvenile lack of appreciate for the magnitude of the malicious acts taking place on the internet.

 

Link to post
Share on other sites

I saw the same activity while on a local newstation's site. This includes the URL "impression.uprise.website" with IP address 8.34.112.225 and "click.uprise.website" for IP address 8.34.112.224. After using virustotal.com and domaintools.com, I found various things.

The IP lookup on domaintools.com shows it to be part of Level 3 Communications in Germany (contact: ops@uprisenow.com). Using the URL, it also found the owner to Level 3 Communications. This is a well known company that does work for the military among other things. However, when I do an nslookup from my machine for the IP address 8.34.112.225 and the URL, they both cannot be found. My firewalls (computer and router) allow for nslookup to pass through.

When I ping the address, I get a Malwarebytes Anti-Malware message that it was blocked as shown above. The "impression.uprise.website" nslookup causes the same blocked message. So I assume the IP and url are listed in the IPS.ref and domains.ref files for Malwarebytes Anti-Malware.

The virustotal.com scan of "impression.uprise.website" returned 8.34.112.225 as the resolved address and a finding 0/67 for anything bad. When scanning the IP 8.34.112.225, it returns 2/67 sites finding it malicious or suspicious: "Dr. Web   Malicious site" and "CLEAN MX   Suspicious site". A scan of the other IP 8.34.112.224, only "Dr. Web" found it as malicious. Not quite consistent.

I'm curious what Malwarebytes reasoning is for blocking this site. Since this issue, I've created a firewall rule to block any traffic to or from the range IPS in 8.34.112.0-8.34.112.255 and blocked the domain uprise.website. I'd like to know why I need to block it if anyone has a reason.

Thanks,

Steve

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.