Jump to content

67.213.214.178

therealex

By therealex
in Website Blocking

 Share

Recommended Posts

therealex

therealex

Posted
Posted

I'm using C-Port to find out what's going on with some reported blocks. This one came up, and here's the info:

ashWebSv.exe 3244 TCP 2388 192.168.1.2 80 http 67.213.214.178 178-host199440.midphase.com Sent C:\Program Files\Alwil Software\Avast4\ashWebSv.exe avast! Antivirus avast! Web Scanner 4, 8, 1367, 0 ALWIL Software 3/9/2010 20:37:19 NT AUTHORITY\SYSTEM avast! Web Scanner A 3/9/2010 21:12:10 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

It seems to be blocking Avast! from contacting midphase.com. Any idea if this is a mistake? Thanks.

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

Pretty confident it's not an F/P, and confused actually, as there's nothing related to Avast at that IP. It belongs to pace-media.net, which is owned by "Live Internet Marketing Limited".

If possible, could you get me a packet capture please?

www.wireshark.org

Link to post
Share on other sites
therealex

therealex

Posted
  • Author
Posted

Got it (finally!) it's for a different address, 208.73.210.27, which I posted about in the general forum.

I've uploaded the files - they're only 1kb each, but I also included the full capture in case there was something else you wanted to see, bringing the size up to 4.2 megs. I also uploaded just the 1kb files, as "208 files small".

This is really driving me nuts, as it's something that's pretending to be Avast! and keeps trying to access that IP (and others, too.)

Any help would be greatly appreciated!

- Russ

Link to post
Share on other sites
MysteryFCM

MysteryFCM

Posted
Posted

I've removed the attachments due to the sensitive nature of some of the data in the captures.

I'm not seeing anything in them related to 67.213.214.178 however?, and the only thing I can see related to 208.73.210.27 is a DNS lookup for purchasestationery.com ?? (the 208.* IP isn't blocked by MBAM).

Link to post
Share on other sites
therealex

therealex

Posted
  • Author
Posted
I've removed the attachments due to the sensitive nature of some of the data in the captures.

I'm not seeing anything in them related to 67.213.214.178 however?, and the only thing I can see related to 208.73.210.27 is a DNS lookup for purchasestationery.com ?? (the 208.* IP isn't blocked by MBAM).

Yes, I couldn't catch the 67.213.214.178 block, but I'll set it up to try and get it. However, MBAM definitely is block the 208 IP:

:48:59 Russell Alexander IP-BLOCK 208.73.210.27

It seems to try and access it four or five times in a row, and MBAM blocks it each time. Here's a quote from another thread about that address:

antispywarepro.net 208.73.210.27 parkinglot.information.com Rogue Antivirus Bogdan Pankiv / software@fabrica.net.ua 2009-04-28

This is one line from just one report on IP 208.73.210.27 -

I hope it will give you a basic idea why it is blocked - McAfee also Red Lists it -

QUOTE

clef.ca, wzbt.org, pal9.com, mlbk.com, azais.net and at least 100 other hosts point to 208.73.210.27. It is blacklisted in two lists.

So, the question is, it seems to be Avast! that's trying to access it (which can't be true). MBAM does a scan every night and has not found anything, but SOMETHING is trying to access this site. I'm sorry that I don't know more about packets, but I gather that there wasn't anything there that would help in pinning it down.

Any suggestions on how I might find this rogue program would be appreciated. I realize this is not the correct forum, as this is for false positives. I've already posted in the general forum prior to this.

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept