IP address question

Discussion in 'other anti-malware software' started by emmjay, Aug 1, 2014.

Thread Status:
Not open for further replies.
  1. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    I visited a site that is considered safe (themoscowtimes.com) by trafficlight and WOT. There was an article that I was interested in, so I clicked on it and MBAM immediately intervened and blocked an IP address countering that it was malicious. The IP address associated with themoscowtimes is different from the one that was blocked. I checked the IP address that was blocked 195.2.253.134 ( Russian Federation in Moscow forum spam).

    Is this a go-around to avoid the safe-site check, embed the malicious site inside the articles? If so, should not the parent IP address also be blocked as they must know about it?
     
  2. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    Sorry for an offtopic, but I just love, what that IP says, especially related to it being blocked. :argh:
     

    Attached Files:

  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,054
    There might be some malware hosted on that site somewhere on some "subdomain"...
     
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    700
    Location:
    North of the 38th parallel.
    The IP address (195.2.253.134) does receive approximately 15 hits on Stop Forum Spam in the last month and a half. 8 of those hits may be Search Engine Optimizer related thereby possibly explaining the IP blocks. That IP address does resolve to hosted-by.spheral.ru, but curiously a reverse nslookup fails to link.

    Perhaps The Moscow Times does not vet the URLs their site links to, or some other innocent explanation.
     
  5. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    So that would explain why the parent IP address is not also blocked. However, it also means (to me) that the site can not be trusted. It should not have a safe rating.
     
  6. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    700
    Location:
    North of the 38th parallel.
    Is the article/link you clicked on still available? Its URL might be interesting to analyze.
     
  7. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    http://www.themoscowtimes.com/news/article/russia-places-127th-in-world-transparency-rankings/490786.html
     
    Last edited by a moderator: Aug 4, 2014
  8. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    700
    Location:
    North of the 38th parallel.
    Hello emmjay:

    I wonder if someone at The Moscow Times corrected something on their end? That article's link does not cause MBAM to block a browser outgoing request to that IP address, and yet that IP address itself alone is still blocked by MBAM. If it had been a name server look-up table error, it must have been quite isolated. Perhaps other web page content had been causing the IP address block, but has since been corrected or removed. Curious...
     
  9. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    880
    Location:
    Triassic
    Tnx for looking into it. Maybe they follow this forum ;).
     
Thread Status:
Not open for further replies.