Jump to content

Outgoing blocks while on website; How to determine which program is is attempting connection?


Guest spc3rd

Recommended Posts

Good evening everyone,

Just after a website page loaded (ripoffreport.com), MBAM blocked an OUTGOING access to IP address 89.149.236.37. I checked the IP on the dnsstuff website and another site. The IP address stated comes back as being located in Hong Kong.

I've visited the ripoffreport.com site many times without incident, but have also managed to pick up a malware infection once in the past (which was the reason I got MBAM Pro in the first place, BTW). I do not use any P2P programs.

My question is: How can I determine which program on my computer is attempting this OUTGOING connection?

Many thanks for your time and any enlightenment! :unsure:

Link to post
Share on other sites

Greetings 1PW and exile360!

I appreciate your getting back with me & your help!

For 1PW: I looked over the information on the Sandboxie site some time back, but frankly...a lot of the stuff is way over my head! It does seem to be popular with quite a few people though.

For exile360: I ran the TCPview program, but do not see the IP address I mentioned in my original post listed. (I made sure to uncheck the "Resolve Addresses" in the Options tab). Perhaps I'm missing something there?

Link to post
Share on other sites

Hi again exile360!

Pasted below is the MBAM log. It would appear that MBAM is not continuing to block the IP address. (I actually left the site after MBAM alerted me). Thanks for the info about the TCPview program too!

2:09:47 Administrator MESSAGE Scheduled update executed successfully

02:09:48 Administrator MESSAGE IP Protection stopped

02:11:10 Administrator MESSAGE Database updated successfully

02:11:15 Administrator MESSAGE IP Protection started successfully

19:14:01 Administrator IP-BLOCK 89.149.236.37 (Type: outgoing)

19:14:04 Administrator IP-BLOCK 89.149.236.37 (Type: outgoing)

19:14:10 Administrator IP-BLOCK 89.149.236.37 (Type: outgoing)

19:14:22 Administrator IP-BLOCK 89.149.236.37 (Type: outgoing)

19:14:25 Administrator IP-BLOCK 89.149.236.37 (Type: outgoing)

19:14:31 Administrator IP-BLOCK 89.149.236.37 (Type: outgoing)

Thanks again!

Link to post
Share on other sites

If the block happened while browsing a website then it's likely just an advertisement on the page or something like that which was blocked (assuming the website itself that you were visiting did load). If that's the case, then it's nothing to be concerned about, it just means the IP blocker was working as it should be, as often ads can be hosted on malicious servers and can sometimes themselves contain infections and exploits.

If you get repeated IP blocks while not browsing the web, then you can use TCPView to track down the source.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.