Jump to content
poluxbgames

strange IP Block.. is it normal?

Recommended Posts

Hello,

i'm a new user and i try the 14 days free full version of your last Anti-Malware :)

i think i will buy it but i've seen a strange thing..

When i go to this website:http://extreme-down.com/ ( not for downloading, a search take me to this website ) the program block an IP, always the same:

18:55:12 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51689, Process: chrome.exe)

18:55:12 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51714, Process: chrome.exe)

18:55:12 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51734, Process: chrome.exe)

18:55:13 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51735, Process: chrome.exe)

18:55:13 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51736, Process: chrome.exe)

18:55:13 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51737, Process: chrome.exe)

18:55:37 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51820, Process: chrome.exe)

18:55:37 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51821, Process: chrome.exe)

18:55:37 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51822, Process: chrome.exe)

is it dangerous? a little search tell me that is:web.ludis-media.ca

a false positive or not? why with different Port each time?

thanks in advance ^^

ps: no malware found after search with MalwareBytes AMalware + i've eset smart security 5 on and no virus after scan...

Share this post


Link to post
Share on other sites

I'm looking into this, thank you.

Share this post


Link to post
Share on other sites

ok ;)

for me, it block it everytime i go on the home page of this site ( both i.e and chrome ).

It's normal the different ports each time??

( sorry i'm a newbie, and a affraid newbie :D )

Share this post


Link to post
Share on other sites

Not normally, normally traffic for HTTP goes through port 80. It's possible Chrome has been told to use a proxy, or is routing it through a cache server (Opera does this too, for its "Turbo" option).

Share this post


Link to post
Share on other sites

nothing on port 80 here.. :(

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52416, Process: chrome.exe)

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52462, Process: chrome.exe)

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52463, Process: chrome.exe)

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52464, Process: chrome.exe)

19:07:58 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52650, Process: chrome.exe)

19:07:58 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52651, Process: chrome.exe)

19:07:58 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52652, Process: chrome.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53081, Process: iexplore.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53080, Process: iexplore.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53083, Process: iexplore.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53082, Process: iexplore.exe)

19:24:51 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53185, Process: iexplore.exe)

19:24:51 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53186, Process: iexplore.exe)

19:24:51 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53187, Process: iexplore.exe)

here same with chrome and ie visiting the website. ( nothing on other websites i think )

i don't understand anything on wireshard & fiddlertool... sorry.. :(

but when you visit the website, it doesn't block the ip for you?

Should I worry??????? :(

Share this post


Link to post
Share on other sites

another thing that worry me is that it block it 4 or five times each time... :( ( same time )..

anyway thanks a lot for your reactivity and your support ^^

Share this post


Link to post
Share on other sites

No problem. I'm not seeing that, no.

If possible, please load both Fiddler and Wireshark, load the site, then save both the Wireshark and Fiddler logs when the block occurs. I'll PM you with the address to e-mail them to.

Share this post


Link to post
Share on other sites

ok done.

tell me what do you think about :)

strange that it don't block anything for you.. But, i've try another time now and no block... after close chrome and restart it and go the website: block again. But the website seems fully fonctionnal, just the block message appear without problem on site.

and the multiple block at same time, it's normal or dangerous?

Share this post


Link to post
Share on other sites

but you think i'm infected???

i've perform a scan with anti-malware ( latest defs:7858 ) and everything seems clean. Scan with ESET Smart security 5 and clean too. I use Bitdefender online quickscan too and nothing...

i've make a scan with GMER Rootkit Scanner and nothing... :(

( i don't have cd emulation drivers )

Share this post


Link to post
Share on other sites

I'd like to rule it out as I've not found the IP referenced anywhere in your log yet (when an IP is blocked, the connection itself obviously wouldn't appear in the log, but there should always be at least a reference to it, even if its just a DNS lookup or some such, so its possible theres a proxy involved).

Share this post


Link to post
Share on other sites

a proxy? but i'm not with a proxy? ( sorry for the newbie.. :) ).. eset perhaps??

i've tried to install malwarebytes AM on another computer with ESET SS 5 too and i've began the 14 days test (so protection is active). When i go to http://extreme-down.com/, same thing happend, IP block 68.168.112.22... and only on this site and this one too: http://forum.downparadise.ws/...

Share this post


Link to post
Share on other sites

It only occurs on those two sites?

Share this post


Link to post
Share on other sites

Oks, I've been able to reproduce this issue with the second site you referenced. The cause is the site trying to load content from affiliation-france.com (URL being loaded installs "Moovida", but only for geo-specific countries (shows "Not for this country" for the UK for example)).

Share this post


Link to post
Share on other sites

Ok!!! So i'm not infected? :)

it's advertising??

The Ip module block the access to the advert, it's that?

just a last question, why the port changing everytime?

A very big thanks for your time!! I will buy the full license for sure ;) and recommand it!

Keep the good work!

Share this post


Link to post
Share on other sites

It is the advertising, and the IP module is blocking it, so unless you've installed it yourself, it's unlikely. You can safely ignore this.

I've no idea why Chrome would be routing it through different ports, unless it's because it's being blocked.

Share this post


Link to post
Share on other sites

No problem at all.

Share this post


Link to post
Share on other sites

Welcome to the family :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.