Jump to content

67.212.74.82 Constantly Flagged as Blocked

imjohn
 Share

Recommended Posts

imjohn

imjohn

Posted
  • Author
Posted
Hi -

This seems to be located in Canada , just near the US boarder - It may be SKYPE related -

Have you ever installed SENDER VERIFICATION FOR THUNDERBIRD3 ? This will always show it also -

Please post back if any of this may be correct -

Thank You -

Thanks noknojon,

Yes, the hosting service is located in Laval, Canada just outside Montreal. But, from what I can find out it's just the host and you're redirected to another site that is hosted on their service.

Thanks for the SENDER VERIFICATION for Thunderbird. My problem occurs in Firefox, IE, & Chrome, but I did down load and installed the SENDER VERIFICATION add on in Thunderbird.

Appreciate the tip.

John

Link to post
Share on other sites
imjohn

imjohn

Posted
  • Author
Posted
This started today and is rather annoying.

Every time there is a site change or a change on a page within a site I get a message that 67.212.74.82 is a malicious site and Malwarebytes has blocked it.

This is not browser dependent.

How do I stop it ???

Interesting ::: Today the site IP Address has changed to 67.212.74.83, the last digit has incremented by one.

Link to post
Share on other sites
sandstorm871

sandstorm871

Posted
Posted
Interesting ::: Today the site IP Address has changed to 67.212.74.83, the last digit has incremented by one.

Hi Im getting the same on a Joomla site. - 67.212.74.83 :D

The site is new and is in testing at the moment, but have noticed since moving server this IP address is showing up in anti malware?

My site is hosted on a UK server, I have not installed anything for thunderbird, and have no external ads on the site.

The only thing I have coming in as the use of a live chat/support module, which is powered by a component on my other UK based server.

Link to post
Share on other sites
noknojon

noknojon

Posted
Posted

Hi -

You can install TCP View by Mark Russinovich , Free from systernals (a M/soft program) that shows the item as it hits -

This updates every second so it will show any active program accessing your system -

If you get constant blocks on this IP , it will identify the source for you - We may soon add a similar item to Malwarebytes program -

Thank You -

@ sandstorm871 - Yours is similar (most likely SKYPE or chat) -

If you think this should be reported as a F/P , please follow The Directions Listed Here and submit it to that area -

Link to post
Share on other sites
  • 3 weeks later...
DLS

DLS

Posted
Posted

This started for me today, Dec 1. Has anyone found a resolution?

This is a sample from the log file:

15:44:07 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49288, Process: chrome.exe)

15:44:08 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49290, Process: chrome.exe)

15:44:24 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49342, Process: chrome.exe)

15:44:24 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49343, Process: chrome.exe)

17:15:45 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49484, Process: chrome.exe)

17:15:45 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49485, Process: chrome.exe)

17:15:45 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49497, Process: chrome.exe)

17:15:45 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49498, Process: chrome.exe)

17:15:53 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49504, Process: chrome.exe)

17:15:53 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49505, Process: chrome.exe)

17:15:53 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49518, Process: chrome.exe)

17:15:53 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49519, Process: chrome.exe)

17:16:49 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49524, Process: chrome.exe)

17:16:49 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49525, Process: chrome.exe)

17:16:49 XXXXXX IP-BLOCK 67.212.74.82 (Type: outgoing, Port: 49531, Process: chrome.exe)

17:16:49 XXXXXX IP-BLOCK 67.212.74.83 (Type: outgoing, Port: 49532, Process: chrome.exe

Link to post
Share on other sites
DLS

DLS

Posted
Posted
Knowing that it is Google Chrome that is accessing the site, and tat it doesn't happen on your computer with internet accesses from other programs, I suggest that you ask Google Support for an answer.

I started on Google help and of course was referred here since it is MBAM blocking the address. Doesn't make much sense to me either. Since 67.212.74.82 & .83 are registered to a web hosting company in Canada I'm not clear why chrome would be attempting to contact that address, unless it was an extension phoning home. After removing all extensions it is still doing it so I'm at a loss. I'm not running any p2p software, no unusual processes are running and both MBAM and MSE say the system is clean.

Anyway, thanks for the reply.

Link to post
Share on other sites
John A

John A

Posted
Posted

You need to ask Google why Chrome might be accessing that IP address - and they should be able to at least give you some clues. Is Chome actually loaded when you get the IP block - Chrome loads something at startup, I recall, maybe it is that?

I also got a Canadian IP block from Thunderbird - InterWeb at Montreal 76.76.106.186. I am fairly sure it happened when I accidently clicked on a spam email

Link to post
Share on other sites
  • 1 month later...
dhufstader

dhufstader

Posted
Posted
This started today and is rather annoying.

Every time there is a site change or a change on a page within a site I get a message that 67.212.74.82 is a malicious site and Malwarebytes has blocked it.

This is not browser dependent.

How do I stop it ???

I was getting this and was getting annoyed with it as well, are you using the "ultimate chrome flag" extension or one similar? where it checks the IP of the website yo are visiting and tells you where it is?

I found disabling that stops the problem

Link to post
Share on other sites
  • 4 weeks later...
cactusguy

cactusguy

Posted
Posted
This started today and is rather annoying.

Every time there is a site change or a change on a page within a site I get a message that 67.212.74.82 is a malicious site and Malwarebytes has blocked it.

This is not browser dependent.

How do I stop it ???

I think this is NORTON - do you have Norton Internet Security ? or Antivirus?

Link to post
Share on other sites
  • 1 month later...
ipinfodb

ipinfodb

Posted
Posted

The IP addresses 67.212.74.82 and 67.212.74.83 belong to our website IPInfoDB.com which provides a free service for IP GeoLocation. Unfortunately, being a free service, anyone can sign up for an account. So this particular account was used by the malware to get GeoLocation info about the infected PC. Upon detecting this abuse, we have blocked his account from accessing our services.

If you need further assistance, please feel free to contact us at support(at)ipinfodb.com

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.