Jump to content

Search the Community

Showing results for tags 'IP Address'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 19 results

  1. Hi, I started using ExitLag to connect games to the internet due to severe lag. However, whenever I start up ExitLag, I get the IP address 23.82.136.147 blocked due to either malware or trojan. Is this a false positive or should I make sure this address is always blocked? Thanks for any information.
  2. Hi everyone, I have just upgraded my Malwarebytes subscription to include the VPN software. Could you please advise me why my IP is not hidden, for example when I run an internet speed test? However it remains hidden while checking it in the browser - see below. Am I missing something?
  3. I just installed the Version 4 upgrade and was looking around the new interface and noticed that there was a single "Allow List" entry with an unknown IP address. I am not aware that I have ever entered an IP address that allowed a website to be skipped with Malwarebytes. The IP address is owned by a Russian company. The IP address is 91.226.116.137. Has anyone ever heard of this or know what it might be? Could it have been entered remotely? Kaspersky addresses are not in this range. I thought it very peculiar.
  4. So, I recently updated my Malwarebytes to the newest version and it gave me another free trial. With the new trial, I immediately started getting notifications of a specific IP address and subnet of my ISP provider blocked. I tracked it to Boulder Colorado, if that helps. The reports an near constant, all outgoing, usually 8-reports a minute. Near every time, the svchost.exe is the executable at "fault". Only when I open up Chrome or Firefox do those come up. I went through every similar instance on the forums, and I've ran 90% of tools suggested and they always come up negative. Before I just create an exclusion for this possible false positive, I wanted to get a professional opinion Addition.txt FRST.txt Threat_Scan_Report.txt
  5. I have a known-safe program that is consistently talking to a pool of about 200 different IP addresses, and MB will complain from time to time about any one of them. Rather than enter each address separately, can I simply list them in bulk, separated with something like a comma or space? Either that or loaded into file somewhere? I didn't see this particular question in my search, but I doubt I'm the only one who's asked this... I've also tried to add the application (and any related executable I can find, AND the folder it lives in) as an exclusion - but I'm still getting alerts. MB must separate the application from the target website, and treat them independently as possible threats...? Thanks!
  6. This morning MWB on Windows has started presenting 'toast' pop ups warning me about a malicious website via ports 60074 and 52938 at: 239.255.255.250 The related executable is chrome.exe and spotify.exe. I've never had any warning about this address from either executable. The warning are coming in quite regularly (see log attached). Below is the whois lookup and I have attached a screenshot of the toast. Can anybody give any more information on why I am getting this warning? # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/public/whoisinaccuracy/index.xhtml # # # The following results may also be obtained via: # https://whois.arin.net/rest/nets;q=239.255.255.250?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2 # NetRange: 224.0.0.0 - 239.255.255.255 CIDR: 224.0.0.0/4 NetName: MCAST-NET NetHandle: NET-224-0-0-0-1 Parent: () NetType: IANA Special Use OriginAS: Organization: Internet Assigned Numbers Authority (IANA) RegDate: 1991-05-22 Updated: 2013-08-30 Comment: Addresses starting with a number between 224 and 239 are used for IP multicast. IP multicast is a technology for efficiently sending the same content to multiple destinations. It is commonly used for distributing financial information and video streams, among other things. Comment: Comment: A full list of IPv4 multicast assignments can be found at: Comment: Comment: http://www.iana.org/assignments/multicast-addresses Comment: Comment: A document describing the policies for assigning multicast addresses can be found at: Comment: http://datatracker.ietf.org/doc/rfc5771 Ref: https://whois.arin.net/rest/net/NET-224-0-0-0-1 OrgName: Internet Assigned Numbers Authority OrgId: IANA Address: 12025 Waterfront Drive Address: Suite 300 City: Los Angeles StateProv: CA PostalCode: 90292 Country: US RegDate: Updated: 2012-08-31 Ref: https://whois.arin.net/rest/org/IANA OrgTechHandle: IANA-IP-ARIN OrgTechName: ICANN OrgTechPhone: +1-310-301-5820 OrgTechEmail: email@iana.org OrgTechRef: https://whois.arin.net/rest/poc/IANA-IP-ARIN OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: ICANN OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: email@iana.org OrgAbuseRef: https://whois.arin.net/rest/poc/IANA-IP-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # https://www.arin.net/public/whoisinaccuracy/index.xhtml # MWB Log.txt
  7. Hi all, I run a web server with a number of sites hosted on it. I have recently installed MalwareBytes and it keeps logging a number of ip addresses of malicious websites attempting to connect to my server. Although I believe that MalwareBytes is stopping such connections from doing any harm, I have, nevertheless, added the IP address's range to a blocking inbound rule on the web server's native firewall (Windows Server 2012). Despite this, MB keeps bringing up alerts of access attempts from the same IP addresses. Isn't the firewall supposed to block the connection before it even gets to the point where it is detected by MB? The firewall's rules appear to be working because when I added a friend's IP address to a rule, she could not access any of the sites on the server until I removed her IP again. Thank you
  8. Hi all, I run a web server with a number of sites hosted on it. I have recently installed MalwareBytes and it keeps logging a number of ip addresses of malicious websites attempting to connect to my server. Although I believe that MalwareBytes is stopping such connections from doing any harm, I have, nevertheless, added the IP address's range to a blocking inbound rule on the web server's native firewall (Windows Server 2012). Despite this, MB keeps bringing up alerts of access attempts from the same IP addresses. Isn't the firewall supposed to block the connection before it even gets to the point where it is detected by MB? The firewall's rules appear to be working because when I added a friend's IP address to a rule, she could not access any of the sites on the server until I removed her IP again. Thank you
  9. Hello, I scanned according to your instructions with Farbar. Meanwhile, Maleware has found two DNS Changer -threats, which are put in quarantine. - Hanna FRST_21-03-2015_00-28-45.txtAddition_21-03-2015_00-28-43.txt
  10. So, whenever I open my web browser (Opera, ADBLOCKER installed), malewarebytes pops up and tells me: IP address 91.194.254.105 is blocked Type: Outbound Process: Windows/system32/svchost.exe Sometimes I don't even need to open the browser, and it still keeps on telling me over and over again that the IP address is blocked. The same thing happens e.g. when I switch from one tab to another etc. I have scanned multiple times with different programmes (Kaspersky TDSSKiller, Hitman, Avira, and ofc malwarebytes and I even used CCleaner), but none of them found anything. Since I have read about DNS changing viruses disguising as svchost.exe, I've scanned the file just to make sure, still nothing. The IP address belongs to DIMLINE Ltd. from Austria. I guess I will have to send them a report? Since I don't really know about all the technical stuff and what to search for, I'm getting really desperate. Especially since it's hard to take in so much information reading as many posts as possible here on the forum. Apparently, similar things have happened to others, but I couldn't find any clear instructions. Thank you so much for your help! I don't want to throw my laptop in the bin just yet
  11. A couple of days ago I started getting these pop-ups from Malwarebytes saying malicious websites have been blocked.I checked the IP addresses of the blocked websites and they're all from Ecatel LDT from Netherlands.I've run both MBAM and Malwarebytes Anti-Rootkit but no malware has been found.I've attached the Application logs from the past three days since this problem started and Scan logs. mbam-scan-log-2014-10-30.txtmbam-daily-log-2014-10-30.txtmbam-daily-log-2014-10-31.txtmbam-daily-log-2014-11-01.txt
  12. Hi everyone, i'm having a chronic problem with Svchost.exe having connections with random IPs. For the past 3 days now Mbam has been blocking many incoming IP connections under the Svchost process, with all IP addresses coming from Ecatel LTD in the Netherlands (except for 1 attempt yesterday from Harbin, China). I'm seeing these blocked connections about 10 times per day, and they seem to be from different Ecatel IPs each time. The latest IP was 93.174.93.67. All ports targeted were different each time. Also, today after another IP connection block, that same IP ended up invoking my BitDef firewall to prompt for permission for Chrome having an outgoing connection to that same IP few seconds later! I blocked it. Yesterday I disconnected my internet and scanned my pc with MBAM, Bitdefender AV, Malwarebytes Anti-rootkit, TDSSkiller, Kaspersky Virus Removal tool, Microsoft Safety Scanner (msert.exe), Microsoft Malware Removal tool, and all these scans found nothing. Today i scanned using Rkill, Combofix, and Adwcleaner with results attached below. This is a very chronic problem i've had for the past year, with Mbam blocking svchost connections or my former Comodo firewall prompting for svchost connections from random IPs from Brazil, China, Russia, Iceland, and now Ecatel, and each time i run an AV, MBAM, Rkill and Combofix scan it found no malware (except once combofix deleted a worm few months ago). The majority of these were inbound, although many were outbound too. I also reformatted my pc many times in the past few months ( as recently as 4 days ago), because I didn't know what problem is going on, but i don't think the marathon of reformatting is a lasting solution because it'll reoccur again sooner or later. I also tried blocking svchost from having any incoming connections with my firewall, but it only worked for last night. For some reason, right after i made that firewall rule, i couldn't find it in the list of firewall rules... Is there any way I can make this problem stop once and for all? What is it that causes svchost to make these connections? Can i just block svchost altogether from connecting to the web? I would greatly appreciate any help to stop this madness. Thanks Rkill.txt Rkill.txt ComboFix.txt AdwCleanerR0.txt AdwCleanerS0.txt
  13. Hey guys, I use Raptr, a common program to track and log your gaming hours and achievements, and is used as a cross-Instant Messanger for XBoXLive, PSN, Yahoo, MSN and a few others. Just yesterday I bought the Pro service, and noticed that the progam frequently calls out. To me, this makes sense because I think every 3-5 minutes it synchronizes with the computer in order to track my hours on a PC game, and synchronizes with me and the website in case I'm playing a game on a different platform, so I can accurately check any recent hours or achievements. As a side note, I know Raptr to be a reputable company, based in either Canada or North America, and the program itself does not display any ads. But when I was Google searching some of these IPs, I noticed that some were coming from China. Specifically the 200.0.0.0+ IP addresses, and one (222.68.183.118) was said to come from "Jiangsu Sumeida International Freight Substitute Co. Ltd Shanghai Office". Then I found some from a country named Moldova. In comparison, I have a few IPS from the 70/80.0.0.0+, and then the rest are 200.0.0.0+. Anyways, I was originally going to ask if there was a way to add the actual program raptr.exe to the exceptions to get these notifications to cease, since I'd want the normal traffic to flow, but when I saw the Chinese IPs, I can't help but be suspicious. So far all of my blocked traffic notifications have come from the program (raptr.exe), in the port 6881 with the varying incoming traffic on mixed IPs. Is there an explanation or solution? this is a new machine, and has not been compromised (yet), and I'd like to keep it that way. I think shutting down Raptr is the best idea at the moment -.-;
  14. Hi I think that I am in big trouble. I recently found sirefef.ac and .ah through MSE which kept on finding them every 15 min. While malware found nothing. MSE recently updated itself and asked me to restart. Since then I cant get online. Modem working fine, however my comp cant get an IP address. If I try and repair, it says failed to query TCP/IP settings of the connections. I did a system restore and now MSE found sirefef.j and win32/karagany.I Any advice????
  15. Hi Mwb Team, Just a thought: It would be nice to be able to, once Malwarebytes has identified potential malicious attacks from a certain IP, and the user may have discovered the IP to be from a suspicious origin, to create a rule of sorts that would block the IP by default. I keep seeing the same IP trying to get in and wonder if he will not get in at some point or port. If the IP could be blocked for good, once Identified, then the attempt does not even need to get deep enough to cause an alert. I believe that this is how one attacker got in sometime ago. I kept seeing an IP attack, and soon an attack had my computer go crazy. I fixed it, thank goodness, but my worries are related to information getting stolen. Sincerely JS
  16. Hey, and thanks in advance for any help. So I installed MBAM recently, and it's been blocking outgoing connections to IP addresses really frequently lately. I'm not sure what could be causing these potentially malicious connections...my antivirus protection (Symantec) as well as MBAM consistently give me clean scan results (from quick scans, flash scans, and full scans). I'd really appreciate some help with figuring out what is going on and if I need to do anything about it. Also, I was wondering if I could PM the logs to you in some way? I'd rather not post them publicly unless it's totally necessary. Thank you!
  17. Hey, So I installed MBAM recently, and it's been blocking outgoing connections to IP addresses really frequently lately. I'm not sure what could be causing these potentially malicious connections...my antivirus protection (Symantec) as well as MBAM consistently give me clean scan results (from quick scans, flash scans, and full scans). I'd really appreciate some help with figuring out what is going on and if I need to do anything about it. Thanks in advance!
  18. Hi Please can any one tell me how I stop or unblock and IP address that is being blocked by Malwarebytes? Thank you Angela
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.