Jump to content

Suspicious Outgoing traffic


Recommended Posts

I have the below suspicious outgoing traffic.  It is sometimes blocked even before I start a browser.  Is this the right place to post such items?

 

2013/07/10 07:53:41 -0400 XXXXXXXXXX IP-BLOCK 93.114.45.136 (Type: outgoing, Port: 8)
2013/07/10 07:53:41 -0400 XXXXXXXXXX IP-BLOCK 94.242.255.35 (Type: outgoing, Port: 8)
2013/07/10 07:53:41 -0400 XXXXXXXXXX IP-BLOCK 5.199.171.224 (Type: outgoing, Port: 8)
2013/07/10 07:53:49 -0400 XXXXXXXXXX IP-BLOCK 46.183.217.233 (Type: outgoing, Port: 8)

 

I have run Malwarebytes multiple times and have never found any items...

 

Any help or comments would be appreciated!

Link to post
Share on other sites

Hi, 123zorn:

 

Welcome.

 

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.
They also contain instructions on how to determine what process might be trying to make the connections.
You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the False Positives forum.

Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with cleaning process Available Assistance For Possibly Infected Computers.

>>This is what I would suggest for you, under the circumstances, as the IPs you list are in Romania, Lithuania, Latvia, etc.

HTH,

daledoc1

Link to post
Share on other sites

  • 4 weeks later...

I have the below suspicious outgoing traffic.  It is sometimes blocked even before I start a browser.  Is this the right place to post such items?

 

2013/07/10 07:53:41 -0400 XXXXXXXXXX IP-BLOCK 93.114.45.136 (Type: outgoing, Port: 8)

2013/07/10 07:53:41 -0400 XXXXXXXXXX IP-BLOCK 94.242.255.35 (Type: outgoing, Port: 8)

2013/07/10 07:53:41 -0400 XXXXXXXXXX IP-BLOCK 5.199.171.224 (Type: outgoing, Port: 8)

2013/07/10 07:53:49 -0400 XXXXXXXXXX IP-BLOCK 46.183.217.233 (Type: outgoing, Port: 8)

 

I have run Malwarebytes multiple times and have never found any items...

 

Any help or comments would be appreciated!

 

I get the same blocks just recently and Google turned up nothing.  However, I just started using IPVanish and their software - which I suspect is the culprit.  Are you using the same VPN?

Link to post
Share on other sites

  • Root Admin

That IP is blocked typically due to some type of participation in malware threat distribution of one type or another.

 

IP address: 93.114.45.136
Host name: lh20598.voxility.net
93.114.45.136 is from Romania(RO) in region Eastern Europe

 

It's possible that  your VPN software is using random public IP to provide you with access but you may want to have someone review your computer just in case, there is no charge - just a bit of your time.

 

I would suggest following the advice from the topic here Available Assistance for Possibly Infected Computers and having one of the Experts assist you with looking into your issue.


Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.