Jump to content

Access to a potentially dangerous web-site blocked (Zugang zu einer potenziell gefährlichen Webseite gestoppt)


Recommended Posts

From time to time i get a popup-message like "Access to a potentially dangerous website blocked",

although i don't surf (Firefox is on, but quiet).

Below the nessgae comes the offending IP.

The Popup lasts only seconds, so that i can hartly notice it (to find out who is it)

My questions:

Can i re-read the popup-message anywhere?

Why pops it up when i dont surf?

Link to post
Share on other sites

Hello brawol and :welcome:

 

Please copy and paste a few of the block notices from your MBAM's protection log in a reply to this thread.

 

e.g.

 

For MBAM1:

 

2014/04/24 06:39:23 -0500    ComputersName    User    IP-BLOCK    184.173.97.196 (Type: outgoing)

 

or

 

For MBAM2:


Detection, 4/24/2014 6:44:10 AM, SYSTEM, ComputersName, Protection, Malicious Website Protection, Domain, 184.173.97.196, iptest.malwarebytes.org, 18144, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

Thank you.

Link to post
Share on other sites

I found them now:

 

2014/04/07 20:38:54 +0200    IP-BLOCK    46.183.216.107 (Type: outgoing, Port: 22245, Process: java.exe)
DataClub S.A.,Lettland/Latvia

2014/04/07 20:42:30 +0200    IP-BLOCK    64.90.187.193 (Type: outgoing, Port: 22245, Process: java.exe)
2014/04/07 20:55:03 +0200    IP-BLOCK    64.90.187.193 (Type: outgoing, Port: 1794, Process: java.exe)
The New York Internet Company


2014/04/10 01:45:59 +0200    IP-BLOCK    109.163.227.73 (Type: outgoing, Port: 26493, Process: firefox.exe)
Voxility S.R.L.,Bukarest

2014/04/10 17:43:51 +0200    IP-BLOCK    130.0.238.36 (Type: outgoing, Port: 22245, Process: java.exe)
2014/04/17 17:06:51 +0200    IP-BLOCK    130.0.238.36 (Type: outgoing, Port: 30138, Process: java.exe)
ITL Company,Ukraine,Verbivka

2014/04/14 19:28:29 +0200    IP-BLOCK    103.31.186.17 (Type: outgoing, Port: 22245, Process: java.exe)
Voxility S.R.L.,Hongkong


2014/04/18 14:28:57 +0200    IP-BLOCK    162.210.192.26 (Type: outgoing, Port: 37948, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.26 (Type: outgoing, Port: 37947, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.22 (Type: outgoing, Port: 37949, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.22 (Type: outgoing, Port: 37950, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.26 (Type: outgoing, Port: 37952, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.26 (Type: outgoing, Port: 37951, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.22 (Type: outgoing, Port: 37954, Process: iexplore.exe)
2014/04/18 14:28:59 +0200    IP-BLOCK    162.210.192.22 (Type: outgoing, Port: 37953, Process: iexplore.exe)
Leaseweb USA,Manassas(USA)

2014/04/22 16:42:06 +0200    ACER110    brawol    IP-BLOCK    66.77.96.140 (Type: outgoing, Port: 11032, Process: firefox.exe)
CenturyLink,Newton/Kansas, NW 120.Str.

2014/04/23 15:52:41 +0200    ACER110    brawol    IP-BLOCK    46.249.53.34 (Type: outgoing, Port: 22245, Process: java.exe)
Serverius Holding B.V.,Nederlands,Dronten,Haringweg

2014/04/24 14:42:05 +0200    ACER110    brawol    IP-BLOCK    212.117.183.170 (Type: outgoing, Port: 40309, Process: java.exe)
root S.A.,Luxemburg,Schoos,Rue du Puits

Link to post
Share on other sites

Hello and :welcome:

IP blocks can indicate a number of things:

  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.
--> There is more information about the IP blocking module in the in the Help Desk topics HERE and HERE and HERE, and in the FAQ - Section G.

They also contain instructions on how to determine what process might be trying to make the connections.

You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this pinned topic before starting a new topic in the Website False Positives sub-forum.

Alternatively, and probably your best choice in your case, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with the cleaning process Available Assistance For Possibly Infected Computers.

Thanks!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.