127.42.0.* - IP being blocked when visiting specific websites

[D4rkR3pu13r]

Hello,

Lately I have been receiving "Malicious Website Blocked" messages from malwarebytes anti-malware which all seem to be going outbound with the an IP address which varies but it is usually 127.42.0.* with a random port number. This only seems to happen on specific websites (like dot.tk).

 

I notice when I ping dot.tk (site that is being blocked by mbam) in command prompt the IP address is 127.42.0.* but when I disable malicious website protection in malwarebytes and ping the same website again it goes to the normal websites IP address (213.206.98.165) and allows the website to be viewed inside the browser.

 

I also see another site that randomly pops up like "zeroredirect1" which also goes to the same IP (127.42.0.*). I have checked my computer for that adware/virus and no trace of the virus was found on my computer.

 

I have searched everywhere and could not find anything about this issue.

 

Thanks.

[Maurice Naggar]

 

I noticed your mention of "zerodirect1"   and related messages of IP blocks.

First, the malicious website protection is doing its job.   The reason these particular ones are brought about is due to 2 things.

Malvertising and non-existant domains.

 

If you would make adjustments in the DNS server settings on this machine, you would then see these issues go away.

 

Please review this post on our  forum.


Then follow his suggestions to make changes for the selections for DNS  for just TCP IP v4.

Choose OpenDNS or otherwise Google. ( just like on the page above).
By the way, please do not make changes to the Hosts file.

Just only the DNS adpater settings as layed out by MysteryFCM on our forum page above.

This is a sample picture to go along with the article mentioned above.



That should clear up the original issue.   Once you have made the changes, I would recommend a Reboot ( restart ) of the system.
Let me know how this goes.

[bdg2]

I believe these weird loopback addresses 127.42.x.x are something to do with nmap and npcap for Windows (see https://nmap.org ).

So if anyone else sees this weird behaviour check if you have nmap (or zenmap) or npcap installed and try uninstalling them.

I was testing nmap on Windows and something went wrong and suddenly these weird addresses are popping up upexpectedly including in the results of nslookup of some domains!

So I used System Restore to go back to before I installed nmap and npcap and things returned to normal.

[dcollins]

This thread is over 2 years old and most of the information here has changed when discussing Web Protection. If you're still having issues like this, please make a new thread.