Jump to content

Blocking Outgoing IP Address


Recommended Posts

I was on the Yahoo News site a minute ago and MBAM blocked 50.23.124.152.

My question is: Is it safe for me to be on the Yahoo News site (or any other "safe" site), if the MBAM blocking doesn't make a difference in being able to access/read that particular site? In other words, can I ignore these alert messages if I'm on a safe site like Yahoo, MarketWatch.com etc?

Link to post
Share on other sites

  • Replies 77
  • Created
  • Last Reply

Top Posters In This Topic

  • Root Admin

I'm still experiencing it, don't give your hopes up

You're probably experiencing different IP blocks. There are multiple listed ones by different people here in the forum and some of them are not false positives and will not be removed from our list until the ISP or Host Provider cleans up the reason for the block.

You can repost a new Quick Scan log and Protection log and we'll take another look if you like.

Link to post
Share on other sites

Hi

I have also been experiencing the multiple IP blocks on 50.23.124.152 and 50.97.214.162.

The protection log is pasted below as well as the report after the quick scan (itself done immediately after checking for MBAM updates.

Assistance gratefully received!

Bruce

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.18.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Bruce :: BRUCE-LIANLI-PC [administrator]

Protection: Enabled

18/04/2013 5:57:11 PM

mbam-log-2013-04-18 (17-57-11).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 210990

Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

2013/04/18 07:13:51 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting protection

2013/04/18 07:13:51 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Protection started successfully

2013/04/18 07:13:51 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting IP protection

2013/04/18 07:13:52 +1000 BRUCE-LIANLI-PC Bruce MESSAGE IP Protection started successfully

2013/04/18 10:00:16 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51332, Process: chrome.exe)

2013/04/18 10:02:40 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51792, Process: chrome.exe)

2013/04/18 10:02:40 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51823, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54041, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54042, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54043, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54055, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54056, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54057, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54095, Process: chrome.exe)

2013/04/18 10:45:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 54096, Process: chrome.exe)

2013/04/18 11:05:30 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54940, Process: chrome.exe)

2013/04/18 11:08:37 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting database refresh

2013/04/18 11:08:37 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Stopping IP protection

2013/04/18 11:08:37 +1000 BRUCE-LIANLI-PC Bruce MESSAGE IP Protection stopped successfully

2013/04/18 11:08:39 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Database refreshed successfully

2013/04/18 11:08:39 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting IP protection

2013/04/18 11:08:39 +1000 BRUCE-LIANLI-PC Bruce MESSAGE IP Protection started successfully

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56099, Process: chrome.exe)

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56110, Process: chrome.exe)

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56111, Process: chrome.exe)

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56112, Process: chrome.exe)

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56123, Process: chrome.exe)

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56124, Process: chrome.exe)

2013/04/18 11:45:21 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56147, Process: chrome.exe)

2013/04/18 11:45:37 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56177, Process: chrome.exe)

2013/04/18 11:46:33 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56254, Process: chrome.exe)

2013/04/18 11:48:17 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56334, Process: chrome.exe)

2013/04/18 11:54:17 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 56509, Process: chrome.exe)

2013/04/18 11:54:17 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 56510, Process: chrome.exe)

2013/04/18 11:54:17 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 56512, Process: chrome.exe)

2013/04/18 11:55:37 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56591, Process: chrome.exe)

2013/04/18 11:56:41 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 56645, Process: chrome.exe)

2013/04/18 13:04:38 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting protection

2013/04/18 13:04:38 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Protection started successfully

2013/04/18 13:04:38 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting IP protection

2013/04/18 13:04:38 +1000 BRUCE-LIANLI-PC Bruce MESSAGE IP Protection started successfully

2013/04/18 17:02:08 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 51502, Process: chrome.exe)

2013/04/18 17:06:08 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51747, Process: chrome.exe)

2013/04/18 17:06:08 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51748, Process: chrome.exe)

2013/04/18 17:06:08 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51749, Process: chrome.exe)

2013/04/18 17:08:36 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting database refresh

2013/04/18 17:08:36 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Stopping IP protection

2013/04/18 17:08:37 +1000 BRUCE-LIANLI-PC Bruce MESSAGE IP Protection stopped successfully

2013/04/18 17:08:38 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Database refreshed successfully

2013/04/18 17:08:38 +1000 BRUCE-LIANLI-PC Bruce MESSAGE Starting IP protection

2013/04/18 17:08:39 +1000 BRUCE-LIANLI-PC Bruce MESSAGE IP Protection started successfully

2013/04/18 17:10:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 52104, Process: chrome.exe)

2013/04/18 17:10:06 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 52105, Process: chrome.exe)

2013/04/18 17:46:15 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54003, Process: chrome.exe)

2013/04/18 17:50:23 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54181, Process: chrome.exe)

2013/04/18 17:50:23 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54182, Process: chrome.exe)

2013/04/18 17:50:23 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54183, Process: chrome.exe)

2013/04/18 17:54:24 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54400, Process: chrome.exe)

2013/04/18 17:54:24 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54401, Process: chrome.exe)

2013/04/18 17:58:24 +1000 BRUCE-LIANLI-PC Bruce IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 54550, Process: chrome.exe)

Link to post
Share on other sites

It would be very helpful if someone could explain whether the IP Blocking (obviously a good thing at this point) results from something unpleasant which is resident in my pc and is trying to make contact with a potentially malicious site, or whether a malicious site knows my IP address and is trying to enter my pc but is being blocked by MBAM. I am certainly not consciously attempting to access any site when the blocking takes place. Thanks

Link to post
Share on other sites

I use Firefox almost exclusively (along with Chrome at times), very rarely do I use IE. I haven't gotten any IP block from MBAM for a few days now. I visited eBay quite often and never did get any blocked IPs either. It might be because I have the Firefox add-on Flashblock installed, I don't know if that's the reason or not. However, it did block all the flash ads in eBay, as well as all websites I visited (including YouTube).

You might try that to see if that helps. Just a suggestion.

Link to post
Share on other sites

I am the computer "expert" at my office and one of the computers started doing this two days ago. Actually, it started with a virus that installs itself and acts like an antivirus program. We finally (after installing rkill) were able to Malwarebytes in safe mode with networking, under the user and the admin. MBAM found the problem, deleted, ran fine. Then it happened again, repeat all. Now I haven't seen that one reinstall itself, but we are seeing this problem. I've run MBAM in safe mode and regular mode five times today. MBAM found a different threat each time, which I deleted. Rootkit.Oacces is one of them, the other being fakealert, agent.tsv and agent.rre. But then I get that pop-up about a malicious site being blocked again. The biggest mystery to this whole thing is that she is NOT on the internet when she gets the message. Most everyone on this thread is using the internet when that message pops up, my user is not. The only thing she has open is her outlook email, which is linked to Intermedia. Do you have any suggestions on what to try next?

Link to post
Share on other sites

I am the computer "expert" at my office and one of the computers started doing this two days ago. Actually, it started with a virus that installs itself and acts like an antivirus program. We finally (after installing rkill) were able to Malwarebytes in safe mode with networking, under the user and the admin. MBAM found the problem, deleted, ran fine. Then it happened again, repeat all. Now I haven't seen that one reinstall itself, but we are seeing this problem. I've run MBAM in safe mode and regular mode five times today. MBAM found a different threat each time, which I deleted. Rootkit.Oacces is one of them, the other being fakealert, agent.tsv and agent.rre. But then I get that pop-up about a malicious site being blocked again. The biggest mystery to this whole thing is that she is NOT on the internet when she gets the message. Most everyone on this thread is using the internet when that message pops up, my user is not. The only thing she has open is her outlook email, which is linked to Intermedia. Do you have any suggestions on what to try next?

It sounds as though the system may be infected with a rootkit/Trojan which is trying to contact the malicious IP to download more malware or phone home to a command and control server belonging to the botnet's master. I'd highly recommend contacting support here so that they may assist you with getting the machine looked at and cleaned up.
Link to post
Share on other sites

I too am frequently receiving a pop up from Malwarebytes that it has blocked Softlayer outbound when visiting website with heavy flash ads. 50.97.218.220; as of today it has only been that address. Other few past days there were other variables.

Link to post
Share on other sites

I started getting the messages a couple days ago also. I'm running Windows 7 Home Premium. Here's the log for today:

2013/04/18 08:03:30 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 65178, Process: iexplore.exe)

2013/04/18 08:03:38 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 65237, Process: iexplore.exe)

2013/04/18 08:03:38 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 65238, Process: iexplore.exe)

2013/04/18 08:03:38 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 65240, Process: iexplore.exe)

2013/04/18 08:03:38 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 65239, Process: iexplore.exe)

2013/04/18 08:05:08 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 65340, Process: iexplore.exe)

2013/04/18 08:06:13 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 65496, Process: iexplore.exe)

2013/04/18 08:45:45 -0700 PJHDELL7 Pete IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51817, Process: iexplore.exe)

2013/04/18 09:20:27 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 53914, Process: iexplore.exe)

2013/04/18 09:20:36 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 54049, Process: iexplore.exe)

2013/04/18 09:20:36 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 54048, Process: iexplore.exe)

2013/04/18 09:20:36 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 54050, Process: iexplore.exe)

2013/04/18 09:38:08 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 54994, Process: iexplore.exe)

2013/04/18 12:17:43 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 61132, Process: iexplore.exe)

2013/04/18 12:17:43 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 61133, Process: iexplore.exe)

2013/04/18 12:17:43 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 61134, Process: iexplore.exe)

2013/04/18 12:35:42 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 61977, Process: iexplore.exe)

2013/04/18 12:41:16 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 62472, Process: iexplore.exe)

2013/04/18 12:41:41 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 62549, Process: iexplore.exe)

2013/04/18 12:41:58 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 62637, Process: iexplore.exe)

2013/04/18 12:43:19 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 62794, Process: iexplore.exe)

2013/04/18 12:43:19 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 62844, Process: iexplore.exe)

2013/04/18 12:45:47 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 63030, Process: iexplore.exe)

2013/04/18 12:45:55 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 63111, Process: iexplore.exe)

2013/04/18 12:46:03 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 63142, Process: iexplore.exe)

2013/04/18 12:49:18 -0700 PJHDELL7 Pete IP-BLOCK 50.23.124.152 (Type: outgoing, Port: 63359, Process: iexplore.exe)

2013/04/18 13:55:03 -0700 PJHDELL7 Pete IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 50367, Process: iexplore.exe)

2013/04/18 14:14:41 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 51375, Process: iexplore.exe)

2013/04/18 14:14:41 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 51398, Process: iexplore.exe)

2013/04/18 14:14:49 -0700 PJHDELL7 Pete IP-BLOCK 50.97.218.220 (Type: outgoing, Port: 51443, Process: iexplore.exe)

2013/04/18 14:14:49 -0700 PJHDELL7 Pete IP-BLOCK 50.97.214.162 (Type: outgoing, Port: 51473, Process: iexplore.exe)

I ran first the Flash Scan:

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.17.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

Pete :: PJHDELL7 [limited]

Protection: Enabled

4/18/2013 10:42:20 AM

mbam-log-2013-04-18 (10-42-20).txt

Scan type: Flash scan

Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: Registry | File System

Objects scanned: 169382

Time elapsed: 54 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Then I ran the full scan

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

Database version: v2013.04.17.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16540

Pete :: PJHDELL7 [limited]

Protection: Enabled

4/18/2013 10:55:55 AM

mbam-log-2013-04-18 (10-55-55).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 425977

Time elapsed: 1 hour(s), 56 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

but I'm still getting the messages.

Link to post
Share on other sites

50.x.x.x is still being blocked despite my running a number of cleaning applications recently, such as tdsskiller, rkill, adwcleaner, roguekiller, blitzbank, combofix, ccleaner, spybot s&d update + scan, microsoft security essentials update + scan, eset online scanner and malwarebytes Anti-Malware trial update + scan. My most used browser is chrome, but I also use firefox and the steam overlay browser. It's shown up on all three. I can try to use safari, opera or internet explorer, but I doubt it would make a difference.

I shouldn't be too worried since it's being blocked, but the fact that my PC is trying to access it so many times is starting to make my patience wear thin...

Link to post
Share on other sites

50.x.x.x is still being blocked despite my running a number of cleaning applications recently, such as tdsskiller, rkill, adwcleaner, roguekiller, blitzbank, combofix, ccleaner, spybot s&d update + scan, microsoft security essentials update + scan, eset online scanner and malwarebytes Anti-Malware trial update + scan. My most used browser is chrome, but I also use firefox and the steam overlay browser. It's shown up on all three. I can try to use safari, opera or internet explorer, but I doubt it would make a difference.

I shouldn't be too worried since it's being blocked, but the fact that my PC is trying to access it so many times is starting to make my patience wear thin...

You could click on the wrench at the top right of the notification and change the settings to "hide icon and notifications", but I found that when I ran an update on MB this afternoon, and got the latest, I could change the settings back to "show notifications only", and I am not being bothered anymore.
Link to post
Share on other sites

Around 5PM today, after my last post, I was getting about one IP block message PER MINUTE!, so I turned the machine off for a few hours, and just came back on a little while ago. The IP blocks started again, and I was also getting repeated IE messages "Internet Explorer has closed this web page to help protect your computer"..., which I have gotten a few times throughout the day, but started getting them all the time. The message also mentioned a possible malfunctioning or malicious add-on, so I turned off all add-ons except for McAfee and HP printer add-ons. Right as I finished doing that, MB did an update to database v2013.04.19.02. I don't know which did what, but in the past hour I have not seen any more IP block messages. I guess I'll check tomorrow to see if there were any other IP blocks, and if not, I'll try to turn on the extensions one by one to see what happens.

Link to post
Share on other sites

  • Root Admin

Some of the one still listed are from SoftLayer who controls the IP range that some users are using for various threat mechanisms. We've contacted them and once they're cleaned up the IP block will be removed and you'll no longer get that alert.

This can take a while though for them to respond and take care of it - we have no control over that.

Thank you

Link to post
Share on other sites

  • 5 months later...

Hi everyone,

 

I'm not sure if this problem is still ongoing for everyone. However, I re-installed my OS and I'm getting this problem.

 

Here's what I got:

 

Database version: v2013.10.05.04
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Stormtrooper :: STORMTROOPER-PC [administrator]
 
Protection: Enabled
 
10/5/2013 10:17:53 AM
mbam-log-2013-10-05 (10-17-53).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217484
Time elapsed: 2 minute(s), 22 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
2013/10/04 20:08:31 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:08:31 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:08:39 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:09:11 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:09:19 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:09:27 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:10:08 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 54901, Process: pmb.exe)
2013/10/04 20:12:00 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Starting protection
2013/10/04 20:12:00 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Protection started successfully
2013/10/04 20:12:00 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Starting IP protection
2013/10/04 20:12:04 -0700 STORMTROOPER-PC Stormtrooper MESSAGE IP Protection started successfully
2013/10/04 20:18:00 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 109.95.114.247 (Type: outgoing, Port: 49676, Process: pmb.exe)
2013/10/04 20:18:48 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 109.95.114.247 (Type: outgoing, Port: 50184, Process: chrome.exe)
2013/10/04 20:18:48 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 109.95.114.247 (Type: outgoing, Port: 50185, Process: chrome.exe)
2013/10/04 20:18:48 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 109.95.114.247 (Type: outgoing, Port: 50186, Process: chrome.exe)
2013/10/04 20:19:04 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:19:04 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:19:12 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:19:20 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 50457, Process: pmb.exe)
2013/10/04 20:21:44 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 51537, Process: pmb.exe)
2013/10/04 20:21:52 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 51730, Process: pmb.exe)
2013/10/04 20:29:04 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:29:04 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:29:12 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:44:25 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:44:25 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:44:33 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 98.142.248.22 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/04 20:45:53 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 63458, Process: pmb.exe)
2013/10/04 20:46:17 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 63931, Process: pmb.exe)
2013/10/04 20:47:05 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 65178, Process: pmb.exe)
 
2013/10/05 01:47:10 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: outgoing, Port: 57212, Process: pmb.exe)
2013/10/05 01:47:50 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: outgoing, Port: 57673, Process: pmb.exe)
2013/10/05 01:48:14 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: outgoing, Port: 58030, Process: pmb.exe)
2013/10/05 01:48:38 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 85.234.169.164 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/05 01:49:50 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 89.28.75.29 (Type: outgoing, Port: 59598, Process: pmb.exe)
2013/10/05 01:50:30 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 89.28.75.29 (Type: outgoing, Port: 60328, Process: pmb.exe)
2013/10/05 01:50:38 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: outgoing, Port: 60446, Process: pmb.exe)
2013/10/05 01:52:06 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/05 01:53:02 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 85.234.172.13 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/05 01:53:02 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: outgoing, Port: 62442, Process: pmb.exe)
2013/10/05 01:53:35 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.249.154 (Type: outgoing, Port: 62831, Process: pmb.exe)
2013/10/05 01:55:51 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 193.169.12.118 (Type: incoming, Port: 56573, Process: pmb.exe)
2013/10/05 01:56:07 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 89.28.75.29 (Type: outgoing, Port: 64606, Process: pmb.exe)
2013/10/05 02:21:03 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 31.133.52.39 (Type: outgoing, Port: 50431, Process: pmb.exe)
2013/10/05 02:41:36 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 109.95.114.247 (Type: outgoing, Port: 51283, Process: pmb.exe)
2013/10/05 02:41:36 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 58.241.131.195 (Type: outgoing, Port: 51286, Process: pmb.exe)
2013/10/05 03:02:09 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 178.152.6.137 (Type: incoming, Port: 14006, Process: skype.exe)
2013/10/05 09:57:35 -0700 STORMTROOPER-PC (null) MESSAGE Starting protection
2013/10/05 09:57:35 -0700 STORMTROOPER-PC (null) MESSAGE Protection started successfully
2013/10/05 09:57:35 -0700 STORMTROOPER-PC (null) MESSAGE Starting IP protection
2013/10/05 09:57:37 -0700 STORMTROOPER-PC (null) MESSAGE IP Protection started successfully
2013/10/05 10:08:07 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 50571, Process: pmb.exe)
2013/10/05 10:10:31 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 51338, Process: pmb.exe)
2013/10/05 10:11:35 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 51750, Process: pmb.exe)
2013/10/05 10:13:43 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 52490, Process: pmb.exe)
2013/10/05 10:15:19 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 53228, Process: pmb.exe)
2013/10/05 10:16:39 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 53878, Process: pmb.exe)
2013/10/05 10:17:14 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Starting database refresh
2013/10/05 10:17:14 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Stopping IP protection
2013/10/05 10:17:14 -0700 STORMTROOPER-PC Stormtrooper MESSAGE IP Protection stopped successfully
2013/10/05 10:17:16 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Database refreshed successfully
2013/10/05 10:17:16 -0700 STORMTROOPER-PC Stormtrooper MESSAGE Starting IP protection
2013/10/05 10:17:19 -0700 STORMTROOPER-PC Stormtrooper MESSAGE IP Protection started successfully
2013/10/05 10:19:00 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 54917, Process: pmb.exe)
2013/10/05 10:23:56 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 77.78.252.236 (Type: outgoing, Port: 57329, Process: pmb.exe)
2013/10/05 10:25:33 -0700 STORMTROOPER-PC Stormtrooper IP-BLOCK 91.188.50.230 (Type: incoming, Port: 56573, Process: pmb.exe)
 
Suggestions would be grand.
 
Thank you!
 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.