Jump to content

Suspicious IP


Recommended Posts

Hello there,

I'm a bit new so I'm very sorry if this isn't in the right place, but I've got a problem which I feel is a bit odd.

I am trying the trial of the newest Malware Bytes, and it keeps giving me a warning that it has protected me from a suspicious IP.

What confuses me is that this suspicious IP seems to be linked to CollegeHumor.com, a very legitimate website. When I access the website, MBAM gives me a nice little notice saying that is blocked a website with the IP address 208.73.210.29. The protection log looks like this:

00:01:09 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 56850, Process: firefox.exe)

00:06:48 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57444, Process: firefox.exe)

00:06:48 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57461, Process: firefox.exe)

00:08:17 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57483, Process: firefox.exe)

00:15:01 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57596, Process: firefox.exe)

00:16:54 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57617, Process: firefox.exe)

00:19:19 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57664, Process: firefox.exe)

00:21:29 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57725, Process: firefox.exe)

00:24:51 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57768, Process: firefox.exe)

00:24:59 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57781, Process: firefox.exe)

00:25:56 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57830, Process: firefox.exe)

00:29:18 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57865, Process: firefox.exe)

00:30:47 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57892, Process: firefox.exe)

00:32:16 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57912, Process: firefox.exe)

00:34:26 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 57955, Process: firefox.exe)

00:37:00 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 58005, Process: firefox.exe)

03:39:23 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61321, Process: firefox.exe)

03:39:23 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61322, Process: firefox.exe)

03:41:32 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61445, Process: firefox.exe)

03:41:32 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61450, Process: firefox.exe)

03:42:36 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61561, Process: firefox.exe)

03:42:36 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61566, Process: firefox.exe)

03:42:44 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61590, Process: firefox.exe)

03:42:44 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61592, Process: firefox.exe)

03:48:45 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61728, Process: firefox.exe)

03:48:45 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61729, Process: firefox.exe)

03:49:49 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61773, Process: firefox.exe)

03:49:49 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61777, Process: firefox.exe)

03:49:49 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61779, Process: firefox.exe)

03:50:21 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61790, Process: firefox.exe)

03:50:21 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61791, Process: firefox.exe)

03:51:01 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61836, Process: firefox.exe)

03:51:01 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61839, Process: firefox.exe)

03:51:01 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61840, Process: firefox.exe)

03:51:09 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61854, Process: firefox.exe)

03:51:09 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61859, Process: firefox.exe)

03:51:09 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61860, Process: firefox.exe)

03:52:14 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61896, Process: firefox.exe)

03:52:14 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61899, Process: firefox.exe)

03:52:38 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61954, Process: firefox.exe)

03:52:38 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61958, Process: firefox.exe)

03:52:54 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61987, Process: firefox.exe)

03:52:54 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 61989, Process: firefox.exe)

03:53:18 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62016, Process: firefox.exe)

03:53:34 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62051, Process: firefox.exe)

03:53:42 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62073, Process: firefox.exe)

03:53:50 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62114, Process: firefox.exe)

03:53:50 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62117, Process: firefox.exe)

04:01:11 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62183, Process: firefox.exe)

04:01:11 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62184, Process: firefox.exe)

04:01:27 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62218, Process: firefox.exe)

04:01:27 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62221, Process: firefox.exe)

04:02:07 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62272, Process: firefox.exe)

04:02:07 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62273, Process: firefox.exe)

04:09:28 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62480, Process: firefox.exe)

04:09:28 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62481, Process: firefox.exe)

04:09:28 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62483, Process: firefox.exe)

04:09:36 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62497, Process: firefox.exe)

04:09:36 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62500, Process: firefox.exe)

04:09:36 Owner IP-BLOCK 208.73.210.29 (Type: outgoing, Port: 62502, Process: firefox.exe)

So, naturally I run a scan. Nothing.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6949

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

25/06/2011 3:03:21 PM

mbam-log-2011-06-25 (15-03-21).txt

Scan type: Flash scan

Objects scanned: 130845

Time elapsed: 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I try a flash scan (not knowing exactly what that means but deciding it was worth a try), also gets nothing. A little bit of googling took me the suggestion of using an ESET online scan. I do that, and it removes 4 malicious programs. I unfortunately did not retain the logs (but I can run another scan if necessary).

The next time I access CollegeHumor, I get the warning again.

So two questions:

1) Can I just plain stop this thing from getting on my computer?

2) Seeing as how the website is legitimate, could it actually be that website? (I tried killing scripts from the website, and that did seem to stop the prompts. That's not 100% foolproof though, obviously).

I would appreciate some help here.

Link to post
Share on other sites

Hi Fablezz -

Please read this report below from WOT site security -

This link is from one of the Experts here.

http://www.mywot.com...d/208.73.210.29

This is not the first time that this IP has been reported -

There may be some safe sites here, but there also is some very suspect sites using this IP -

CollegeHumor may not be as safe as you think. ->> a very legitimate website ?? <<- Legal and safe are not always the same thing.

Thank You -

This is from a basic Google of IP 208.73.210.29 and there are several more of the same.

IP Block 208.73.210.29 - Malwarebytes Forum

27 Oct 2010 – Several times a day this IP is blocked (208.73.210.29) when I am not using the internet. How can I discover what application on my computer is attemp...

forums.malwarebytes.org/index.php?showtopic=66032 - Cached

Repeated blocking of IP 208.73.210.29‎ - 22 Jun 2011

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.