Jump to content
mossman

192.168.1.255

Recommended Posts

Started getting this potentially malicious website blocked message today, quoting 192.168.1.255. Am on V2014.01.15.07

 

Another member has reported a simuilar issue on the main forum.

Share this post


Link to post
Share on other sites

If this can't be fixed pretty quickly, can I assume it's safe to add this IP to the ignore list to stop the popup messages?

Share this post


Link to post
Share on other sites

2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.01.15.06 to version v2014.01.15.07
2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    Starting database refresh
2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    Stopping IP protection
2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    IP Protection stopped successfully
2014/01/15 08:41:00 -0800    HOME-PC    Doc    MESSAGE    Database refreshed successfully
2014/01/15 08:41:00 -0800    HOME-PC    Doc    MESSAGE    Starting IP protection
2014/01/15 08:41:01 -0800    HOME-PC    Doc    MESSAGE    IP Protection started successfully
2014/01/15 08:41:25 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:41:25 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:41:25 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:07 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:07 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:07 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:24 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:24 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:24 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:43:05 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:43:05 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)

Share this post


Link to post
Share on other sites

This is a typical broadcast.  This is normal behavior for Windows PCs using file and print sharing with NETBIOS turned on.

 

2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    Scheduled update executed successfully:  database updated from version v2014.01.15.06 to version v2014.01.15.07
2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    Starting database refresh
2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    Stopping IP protection
2014/01/15 08:40:53 -0800    HOME-PC    Doc    MESSAGE    IP Protection stopped successfully
2014/01/15 08:41:00 -0800    HOME-PC    Doc    MESSAGE    Database refreshed successfully
2014/01/15 08:41:00 -0800    HOME-PC    Doc    MESSAGE    Starting IP protection
2014/01/15 08:41:01 -0800    HOME-PC    Doc    MESSAGE    IP Protection started successfully
2014/01/15 08:41:25 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:41:25 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:41:25 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:07 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:07 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:07 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:24 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:24 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:42:24 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:43:05 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 08:43:05 -0800    HOME-PC    Doc    IP-BLOCK    192.168.1.255 (Type: outgoing, Port: 137)

Share this post


Link to post
Share on other sites

I'm getting same continuous popup, outgoing port 138, potentially malicious website; virustotal says it goes back to myrice(dot)com and threatstop says it's ok.

Thanks for further info on this.

Share this post


Link to post
Share on other sites

Same thing here. I hope that this doesn't turn into another fiasco for Malewarebytes with massive consequences, like the last year's one with the false positive storm that swept the globe.

Share this post


Link to post
Share on other sites

Hi,

 

I'm also getting this block on port 137/138. Would be surprised if this wasn't a false positive.

 

xXToffeeXx~

Share this post


Link to post
Share on other sites

Same issue here. Is it safe to whitelist the IP? I can't imagine it's not.

 

2014/01/15 11:38:31 -0500 WILL-PC Will MESSAGE Scheduled update executed successfully:  database updated from version v2014.01.14.04 to version v2014.01.15.07
2014/01/15 11:38:31 -0500 WILL-PC Will MESSAGE Starting database refresh
2014/01/15 11:38:31 -0500 WILL-PC Will MESSAGE Stopping IP protection
2014/01/15 11:38:31 -0500 WILL-PC Will MESSAGE IP Protection stopped successfully
2014/01/15 11:38:34 -0500 WILL-PC Will MESSAGE Database refreshed successfully
2014/01/15 11:38:34 -0500 WILL-PC Will MESSAGE Starting IP protection
2014/01/15 11:38:36 -0500 WILL-PC Will MESSAGE IP Protection started successfully
2014/01/15 11:38:42 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)
2014/01/15 11:40:02 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:46:10 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:52:02 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)
2014/01/15 11:53:46 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)
2014/01/15 11:56:18 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:56:19 -0500 WILL-PC Will IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 12:00:19 -0500 WILL-PC (null) IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)

Share this post


Link to post
Share on other sites

Ditto here. I've scanned my PC with multiple scanners and it is clean. Appears to be a bug in the latest update.

Database version: v2014.01.15.07

2014/01/15 11:35:07 -0500 TEMP-PC temp MESSAGE Executing scheduled update:  Hourly | Silent
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE Scheduled update executed successfully:  database updated from version v2014.01.15.06 to version v2014.01.15.07
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE Starting database refresh
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE Stopping IP protection
2014/01/15 11:35:11 -0500 TEMP-PC temp MESSAGE IP Protection stopped successfully
2014/01/15 11:35:14 -0500 TEMP-PC temp MESSAGE Database refreshed successfully
2014/01/15 11:35:14 -0500 TEMP-PC temp MESSAGE Starting IP protection
2014/01/15 11:35:16 -0500 TEMP-PC temp MESSAGE IP Protection started successfully
2014/01/15 11:36:02 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:02 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:10 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)
2014/01/15 11:36:42 -0500 TEMP-PC temp IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)

Share this post


Link to post
Share on other sites

Same thing here, about every 30 seconds I'm getting a notification for port 138.  Very annoying

You're lucky - sometimes it can be 30 seconds, but more often it's every three or four seconds

2014/01/15 17:26:54 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:26:54 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:26:57 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:26:58 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:26:59 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:01 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:02 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:03 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:06 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:06 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:07 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:09 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:10 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:11 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:11 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:14 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:15 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:16 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:18 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:27:39 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:28:09 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)2014/01/15 17:28:39 GMT	MAINPC	***	IP-BLOCK	192.168.1.255 (Type: outgoing)

Share this post


Link to post
Share on other sites

Sorry, posted to the old thread. 192.x.x.x is a private address range so can't see any reason why it should be in Malwarebytes IP-block range.

Share this post


Link to post
Share on other sites
2014/01/15 12:36:00 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:00 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:08 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:08 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:08 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:08 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:16 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:16 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:16 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:16 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:24 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:24 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:32 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:32 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:32 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:32 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:40 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:40 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:40 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:40 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:48 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:48 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:56 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:56 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)2014/01/15 12:36:56 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)2014/01/15 12:36:56 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52797, Process: plex media server.exe)2014/01/15 12:36:56 -0500 SAGER8 matth_000 IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 52801, Process: plex media server.exe)

This is what happens over the course of a minute on my computer. Mine primarily revolves around plex media server though, but is the same IP.

Share this post


Link to post
Share on other sites
2014/01/15 18:07:38 +0100 USER-PC Minus MESSAGE Scheduled update executed successfully:  database updated from version v2014.01.14.05 to version v2014.01.15.072014/01/15 18:07:38 +0100 USER-PC Minus MESSAGE Starting database refresh2014/01/15 18:07:38 +0100 USER-PC Minus MESSAGE Stopping IP protection2014/01/15 18:07:44 +0100 USER-PC Minus MESSAGE IP Protection stopped successfully2014/01/15 18:08:15 +0100 USER-PC USER MESSAGE Database refreshed successfully2014/01/15 18:08:15 +0100 USER-PC USER MESSAGE Starting IP protection2014/01/15 18:08:24 +0100 USER-PC USER MESSAGE IP Protection started successfully2014/01/15 18:08:42 +0100 USER-PC USER IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)2014/01/15 18:09:15 +0100 USER-PC USER IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 138)2014/01/15 18:09:32 +0100 USER-PC USER IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)2014/01/15 18:09:32 +0100 USER-PC USER IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137)2014/01/15 18:09:41 +0100 USER-PC USER IP-BLOCK 192.168.1.255 (Type: outgoing, Port: 137).... +20time more port 137 and 138

Win8 64bit, Router Firmware: DD-WRT v24-sp2

Share this post


Link to post
Share on other sites

The new database is uploaded. its fixed in 1.15.08

Thank you for fixing this!

 

xXToffeeXx~

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.