Skype attempt to connect outbound to 212.95.32.165

[vrx233]

Hi,

I'm a registered user of Malwarebytes. In the past few weeks I have been receiving popup warnings from Protection mode that Skype is trying to send messages out via port 60326 to 212.95.32.165. My program is up to date, automatically updated. I have run several full scans, nil malware. I have traced the IP address to; netdiretk Germany which has been affiliated with Leaseweb Germany GmbH. I have the paid version of Norton Anitvirus, automatically updated. Scans run with negative result. This is really becoming annoying, any suggestions would be appreciated. If it is a known false positive I'll place it in the IGNORE, if it isn't I will need to learn how to deal with it

Thanks

[AdvancedSetup]

Probably the easiest thing to do would be to temporarily disable the Web blocker. Skype uses a peer2peer network to allow it to reach across the globe. It's own network protocol is safe but since it rides on this peer2peer network it access networks that are known to participate in malware delivery and that's why we block the IP.

Once you're done using it then simply re-enable the Web blocker.

[Andrew Swallow]

I have the same problem however the answer given suggests to me that the adviser thinks we are using Skype at the time, in my case Skype sits there ready to receive calls and every hour or two Malware bytes pops up and proudly announces it has blocked access to an unacceptable site. I have tried to add Skype and its directory to the ignore list with no avail. I appreciate Skype must broadcast to let itself know its on line and whilst the sites when looked up often look dodgy the expert suggested disabling the web blocker but we would have to do that all the time.

[AdvancedSetup]

Well I'm sorry but Skype is the one that is using Peer2Peer IP addresses.

It was suggested because not everyone keeps Skype running.

If you want to keep Skype running then you would have to either disable the blocker or keep adding the listed IP to your ignore list because we will not be removing those IPs from our list as they do potentially pose a threat for a Web browser or peer2peer software.

Thanks

[vrx233]

Probably the easiest thing to do would be to temporarily disable the Web blocker. Skype uses a peer2peer network to allow it to reach across the globe. It's own network protocol is safe but since it rides on this peer2peer network it access networks that are known to participate in malware delivery and that's why we block the IP.

Once you're done using it then simply re-enable the Web blocker.

Thanks for the quick response. My primary concern lies in the fact that the owner of this IP address is Leaseweb which is affiliated with Netdirekt which seems to have a nasty history. A search around the net for information on Netdirekt returns some pretty bad stuff. A search on Leaseweb brings up complaints of spamming attacks from that site, often severe. The Dutch anti- piracy organization, BRIEN, has been involved in ongoing battles with Leaseweb over several years. It has affiliations with notorious Bit Torrent trackers such as Demonoid.com and Everlasting.nu.

Since I have no way of knowing what information is being fed back to Leaseweb from my PC and laptop via Skype, which I have a critical business need for, it makes me a little nervous. Perhaps there are many others 'out there' who are also under surveillance by Leaseweb.

I have a genuine respect for the efficiency and vigilance of Malwarebytes (that's why I pay for the full version) and am fully aware that this is not a problem with Malwarebytes. I'm only asking is there a way that Protection Mode can continue to do it's job of blocking such sites without the endless array of pop up advice telling us that it has done so? Can I acknowledge that I have been advised and then turn off further advice on that specific entity? If the problem is being effectively blocked I don't need to be told endlessly that it has been blocked. If there is no such facility in the program at present, could one easily be built into it?

Thanks again.

[L00N3R]

You can disable the pop-ups by unchecking "Show tooltip balloon when malicious website is blocked".

(Screenshot by daledoc1)

[vrx233]

Well I'm sorry but Skype is the one that is using Peer2Peer IP addresses.

It was suggested because not everyone keeps Skype running.

If you want to keep Skype running then you would have to either disable the blocker or keep adding the listed IP to your ignore list because we will not be removing those IPs from our list as they do potentially pose a threat for a Web browser or peer2peer software.

Thanks

Thank you for your response. If you read what I actually wrote no mention is made of removing any IPs from the Malwarebytes lists.

What I asked was there a simple means of preventing the endless repetition of pop-ups informing me that Malwarebytes had done the same job over and over again. I don't need that much convincing.

Thank you Loon3R for providing the simple and correct answer. I should have seen that myself but somehow missed it. I think you may have answered that same question for others as well.

Thank you

[John A]

Just ignore it, see the thread below for details about this skype issue. Blocking the IP will not affect Skype operation

http://forums.malwarebytes.org/index.php?showtopic=67140&st=0&p=343387&hl=john%20a&fromsearch=1entry343387