ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

How to prove which Firefox add-on is trying to access 128.127.110.10 ?

<< < (3/4) > >>

Curt:
@IainB - I don't know why your version didn't work properly, but GRIS was updated the day before yesterday and works perfectly. And it doesn't do anything out of order.

https://addons.mozilla.org/en-US/firefox/addon/google-reverse-image-search/

 :up:

Notice who the author is: Baris Derin (Readability, etcetera) http://barisderin.com

J-Mac:
I'd say that you are infected. Take a look at  http://www.scumware.org/report/128.127.110.10

Might want to run a few online scans, like Eset's and Kaspersky's. It appears that a lot of malware sites are based at that same server/host.

Jim

PhilB66:
1tvlive.in Server Details
 
IP address: 128.127.110.10
 
Server Location: Netherlands
 
ISP: Altushost

1tvlive.in  Whois

Registrar: Net4India (R7-AFIN)
 
Registrant: 
NET4INDIA NET4INDIA
D-25,Sec-3
Noida, Ut 201301
IN
Telephone: +91.1204323500
Fax: +91.120432350
Email: [email protected]

Administrative Contact:
NET4INDIA NET4INDIA
D-25,Sec-3
Noida, Ut 201301
IN
Telephone: +91.1204323500
Fax: +91.120432350
Email: [email protected]

Technical Contact:
NET4INDIA NET4INDIA
D-25,Sec-3
Noida, Ut 201301
IN
Telephone: +91.1204323500
Fax: +91.120432350
Email: [email protected]

Nameservers:
NS21.ALTUSHOST.COM
NS22.ALTUSHOST.COM
--- End quote ---

Scan result: clean
http://www.urlvoid.com/scan/1tvlive.in/

PhilB66:
The site had issues before but seems clean now:

http://support.clean-mx.de/clean-mx/viruses.php?domain=1tvlive.in&sort=netname%20ASC

tslim:
I would be interested if anyone has any ideas as to how you could identify/prove the source of such an outgoing call from an add-on, other than the hit-or-miss process of elimination that I employed.
-IainB (July 06, 2012, 05:19 AM)
--- End quote ---

Knowing exactly who is the sender and thus able to block outgoing traffic is supposed to be the job of a firewall -- a software firewall like Outpost Pro. This is the major reason I do not use a hardware firewall (generally speaking, one which is made available in a modem or networking switch) which is hopeless in filtering outgoing traffic.

If you use Outpost, just disable the Windows DNS Client Service and that will force every single outgoing traffic to use Outpost's service (for DNS request). You can then tells exactly "what program" is trying to call home... It is the "Should I allow" or "Should I block" game that I often play with Outpost firewall.

Try it and you will like it.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version