mountaintree16 Posted June 22, 2011 ID:444281 Share Posted June 22, 2011 I got an IP block for the first time today while I was watching a show on Hulu.comI have to temporarily disable my Hosts file so that the content will play properly and display the advertisements (just adding this in case it is relevant at all).I have never had a problem with Hulu.com throwing up flags at my security software before and I've been disabling my hosts file temporarily in order to watch shows for a while too. Also I dunno if this is related but normally I watch it in Full Screen but the video would not show in full screen, only in normal screen :/Exact URL:http://www.hulu.com/watch/250713/pretty-little-liars-the-goodbye-lookIP Address:12:26:16 IP-BLOCK 208.73.210.29 (Type: outgoing)12:26:18 IP-BLOCK 208.73.210.29 (Type: outgoing)12:26:24 IP-BLOCK 208.73.210.29 (Type: outgoing)Just wondering if this is an error or if it is really a threat of some sort.Thank you Link to post Share on other sites More sharing options...
MysteryFCM Posted June 25, 2011 ID:445515 Share Posted June 25, 2011 There's no site on this IP, it's an Oversee IP. Link to post Share on other sites More sharing options...
Mystery Posted June 25, 2011 ID:445648 Share Posted June 25, 2011 No, there's no site as it seems, on the other hand, there are several threads in the HijackThis subforum which show a blocking of this same IP on infected machines.And here is what I've found additionally among others:hxxp://amada.abuse.ch/palevotracker.php?host=ns.paidmailer-list.comhxxp://www.threatexpert.com/report.aspx?md5=ef6a596cb3136872080356f577ba87ebTherefore this IP number seems suspicious to me. Link to post Share on other sites More sharing options...
MysteryFCM Posted June 25, 2011 ID:445657 Share Posted June 25, 2011 Not quite - it's being flagged on infected machines because domains are now resolving to it, that resolved to other IPs previously (normally happens when a domain gets retired by the bad guys, or temporarily disabled (in order to get it flagged as no longer existing, and removed from blacklists - then the cycle begins again (domain gets "re-activated" so to speak)).That's not to say the IP itself is safe, on the contrary. Alot of parking sites, aren't picky about where the links lead to - they're all mostly "sponsored", and aslong as the "advertisers" are paying, the parking server owners are happy. Link to post Share on other sites More sharing options...
mountaintree16 Posted June 25, 2011 Author ID:445674 Share Posted June 25, 2011 There's no site on this IP, it's an Oversee IP.Could you please clarify a little bit to me what this means?Am I to worry if I get this IP blocked? Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445689 Share Posted June 26, 2011 There's two occasions where an IP may be blocked;1. Internal to external traffic2. External to internal trafficIf the traffic is [2] then no, you need not worry.However, if the traffic is internal to external, then whilst not worrying unnecessarily, it is recommended to check the machine for the presence of infection. The quickest method of doing this, from a traffic standpoint, is with Wireshark, as this will allow you to identify what data is attempted to be sent. You can combine this with a process monitor, to identify the actual process sending the traffic (netstat* will also allow you to identify the process <> IP/hostname relationships).* The following was written for XP, but works for Vista/7 too;http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/netstat.mspx?mfr=trueYou can use these commands and the data output, to cross reference with the task manager or process explorer/process monitor, to identify the offending process itself. Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445694 Share Posted June 26, 2011 Thank you for the information Steven I am pretty sure that it was #2 because I only saw it when on Hulu when I was trying to watch that episode and I have not seen that IP or any IP blocked since.There's no site on this IP, it's an Oversee IP.Is what you just told me what the above means? Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445697 Share Posted June 26, 2011 Ah my apologies, forgot to expand on that part.Oversee is a company that runs (among many other things), parking servers. Domains are effectively "parked" when either newly created, suspended, or the owner decides to do such. All that's typically needed to park a domain, is a change of either A records, or name servers (i.e. ns1.oversee.net). A record changes speak for themselves (the domain points directly to the parking server IP, or uses a frame, redirect header, meta refresh etc, to redirect the visitor to the parking server, instead of the site that used to be there), this can also be done (though is not typically) using CNAME records.Name server changes, where the name server is a parking server/registrar, are done in cases where a domain has just been created, or has expired/been suspended (in the case of the latter, the domain owner is typically also no longer able to change DNS records). Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445698 Share Posted June 26, 2011 That's alright, no worries Thank you for clarifying for me, that makes sense. Hopefully Hulu resolves this soon and will change their advertisements so that this does not happen... do you happen to have any contact(s) with them?I use the site quite a bit and this is my first time having an issue brought to my attention from my security software. Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445700 Share Posted June 26, 2011 I don't have contacts at Hulu, no. Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445701 Share Posted June 26, 2011 (edited) I'll see if I can find a way to contact them about this, also I have another show I watch on Hulu so I'll see if it happens during that show to and if so then I should definitely contact them.I am not sure if I got the IP block from an advertisement or from the streaming of the show itself. But before/during/right after the IP block, the show just kinda froze and/or wouldn't really play very well and I could not watch it in fullscreen. I ended up just watching it on the ABC Family website which is the company that produces the show.http://www.hulu.com/support/support_form << That's about the best I can find in terms of how to contact them. Edited June 26, 2011 by mountaintree16 Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445704 Share Posted June 26, 2011 If possible, please run Wireshark the next time you use Hulu, as this will allow you to determine the traffic and domain(s) involved, aswell as whether or not its advertisements to blame for it. Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445706 Share Posted June 26, 2011 Sure, I'll do that Would you mind linking me again? I am not sure if I still have the Wireshark link. Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445716 Share Posted June 26, 2011 http://wireshark.org Link to post Share on other sites More sharing options...
DarkSnakeKobra Posted June 26, 2011 ID:445717 Share Posted June 26, 2011 Sure, I'll do that Would you mind linking me again? I am not sure if I still have the Wireshark link.Here ya go. http://www.wireshark.orgAlso need to install the packet capture library WinPcap. It is included, but often outdated. http://www.winpcap.org Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445727 Share Posted June 26, 2011 Thank you very much Steven Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445729 Share Posted June 26, 2011 Always a pleasure Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445730 Share Posted June 26, 2011 Probably a silly question, but once installed is it pretty self-explanatory how to use it? I can't really seem to find any how-tos on the website. Link to post Share on other sites More sharing options...
MysteryFCM Posted June 26, 2011 ID:445731 Share Posted June 26, 2011 Pretty much Link to post Share on other sites More sharing options...
mountaintree16 Posted June 26, 2011 Author ID:445732 Share Posted June 26, 2011 Awesome I'll report back to you once I have done this, most likely via PM. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now