Jump to content

False positive or malicious site?


Recommended Posts

Good afternoon!

I've never posted in this particular section of the MBAM forums, so please bear with me as I'm not sure I'll even get this right!

Yesterday, 9/3/2011, I visited a couple of game websites (where you can download 60-minute trial versions before deciding to purchase). While on 2 different sites, I attempted to download a trial game. MBAM generated a popup that it had blocked an OUTGOING access attempt to a potentially malicious website. The game download stopped mid-way through the download and the "Internet Explorer cannot display the page" screen was then shown.

The website names were: takegame(dot)com and download-free-games(dot)com.

The IP addresses displayed by MBAM were: 208.76.172.2 and 218.93.248.120.

Following another member's advice here, I found the IP address, 218.93.248.120 is located in China. NO host name is given. The other IP address, 208.76.172.2 is listed as belonging to awem.awem.com, here in the USA. (I am familiar with awem as a legitimate game provider).

I also tried using the TCPView by Microsoft Sysinternals, however, since these issues occurred on 9/3, the Remote Address listing only showed the most recent activity for today.

I have pasted below a portion of the MBAM log recorded on 9/3 for reference.

======================================================================================================

20:37:01 Administrator MESSAGE Protection started successfully

20:37:16 Administrator MESSAGE IP Protection started successfully

22:03:17 Administrator IP-BLOCK 218.93.248.120 (Type: outgoing)

22:03:20 Administrator IP-BLOCK 218.93.248.120 (Type: outgoing)

22:03:26 Administrator IP-BLOCK 218.93.248.120 (Type: outgoing)

22:12:36 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:12:39 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:12:45 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:12:57 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:00 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:06 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:26 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:29 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:35 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:38 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:41 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:47 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:50 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:56 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

22:13:59 Administrator IP-BLOCK 208.76.172.2 (Type: outgoing)

Thank you for your time and review of my post! (I hope I've posted this correctly)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.