Jump to content

IP Block Question


Recommended Posts

I installed the Pro version of MBAM on a client's pc a couple of months ago. It blocks many IP addresses all day long, even without a browser running. That means, to me, that something is running that is trying to access sites/IPs that MBAM thinks are malicious.

Is there a "reverse mapping" of IPs to what malware is trying to contact whichever IP address on the net? MBAM is not finding anything on the pc when it scans. That might help me search out what is the problem.

Here are a few of IPs: 194.28.112.6, 194.60.205.224, 91.212.226.5 and 91.212.226.67.

If I am in the wrong forum section, just let me know.

Thanks, in advance, for any assistance.

RandyC

Link to post
Share on other sites

I installed the Pro version of MBAM on a client's pc a couple of months ago. It blocks many IP addresses all day long, even without a browser running. That means, to me, that something is running that is trying to access sites/IPs that MBAM thinks are malicious.

Is there a "reverse mapping" of IPs to what malware is trying to contact whichever IP address on the net? MBAM is not finding anything on the pc when it scans. That might help me search out what is the problem.

Here are a few of IPs: 194.28.112.6, 194.60.205.224, 91.212.226.5 and 91.212.226.67.

If I am in the wrong forum section, just let me know.

Thanks, in advance, for any assistance.

RandyC

Very interesting. MBAM on one of our PCs also started blocking these exact IP addresses and scanning with MBAM, Spybot S&D, Avast!, and ESET Online Scanner come up clean after they find some other minor infections not related to this. I also have a thread on this exact subject.

Link to post
Share on other sites

@ RandyC -

Copy and paste the IP's into Google Search - That is our normal method -

IP address: 194.28.112.6

This is a: Moldova, Republic of, IP address - 10 second result - Took me longer to copy and paste a result than look it up -

IP address: 194.60.205.224

This is a: Russian Federation IP address

Thank You -

Link to post
Share on other sites

@ RandyC -

Copy and paste the IP's into Google Search - That is our normal method -

IP address: 194.28.112.6

This is a: Moldova, Republic of IP address - 10 second result -

Thank You -

Hello noknojon. I did Google those IPs and one of the reasons it brought up a red flag is because one of them is in Russia. Since we don't have any dealings at all with anyone over there, there is something running on the machine that is trying to "call home". Thankfully, MBAM is blocking the IP traffic, but it would be better to be able to find the culprit and remove it altogether.

Link to post
Share on other sites

noknojon, I never even thought to try Googling the ip addresses (picture me smacking my forehead and saying Duh!).

I think I'll get a Hijackthis log later on today from the client's pc.

Haider, I'm not aware of my client's pc having any p2p software on it. But, I'll check that as well.

Thank you.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.