Jump to content

strange IP Block.. is it normal?


poluxbgames

Recommended Posts

Hello,

i'm a new user and i try the 14 days free full version of your last Anti-Malware :)

i think i will buy it but i've seen a strange thing..

When i go to this website:http://extreme-down.com/ ( not for downloading, a search take me to this website ) the program block an IP, always the same:

18:55:12 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51689, Process: chrome.exe)

18:55:12 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51714, Process: chrome.exe)

18:55:12 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51734, Process: chrome.exe)

18:55:13 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51735, Process: chrome.exe)

18:55:13 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51736, Process: chrome.exe)

18:55:13 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51737, Process: chrome.exe)

18:55:37 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51820, Process: chrome.exe)

18:55:37 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51821, Process: chrome.exe)

18:55:37 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 51822, Process: chrome.exe)

is it dangerous? a little search tell me that is:web.ludis-media.ca

a false positive or not? why with different Port each time?

thanks in advance ^^

ps: no malware found after search with MalwareBytes AMalware + i've eset smart security 5 on and no virus after scan...

Link to post
Share on other sites

nothing on port 80 here.. :(

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52416, Process: chrome.exe)

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52462, Process: chrome.exe)

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52463, Process: chrome.exe)

19:05:34 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52464, Process: chrome.exe)

19:07:58 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52650, Process: chrome.exe)

19:07:58 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52651, Process: chrome.exe)

19:07:58 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 52652, Process: chrome.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53081, Process: iexplore.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53080, Process: iexplore.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53083, Process: iexplore.exe)

19:24:43 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53082, Process: iexplore.exe)

19:24:51 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53185, Process: iexplore.exe)

19:24:51 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53186, Process: iexplore.exe)

19:24:51 IP-BLOCK 68.168.112.22 (Type: outgoing, Port: 53187, Process: iexplore.exe)

here same with chrome and ie visiting the website. ( nothing on other websites i think )

i don't understand anything on wireshard & fiddlertool... sorry.. :(

but when you visit the website, it doesn't block the ip for you?

Should I worry??????? :(

Link to post
Share on other sites

No problem. I'm not seeing that, no.

If possible, please load both Fiddler and Wireshark, load the site, then save both the Wireshark and Fiddler logs when the block occurs. I'll PM you with the address to e-mail them to.

Link to post
Share on other sites

ok done.

tell me what do you think about :)

strange that it don't block anything for you.. But, i've try another time now and no block... after close chrome and restart it and go the website: block again. But the website seems fully fonctionnal, just the block message appear without problem on site.

and the multiple block at same time, it's normal or dangerous?

Link to post
Share on other sites

but you think i'm infected???

i've perform a scan with anti-malware ( latest defs:7858 ) and everything seems clean. Scan with ESET Smart security 5 and clean too. I use Bitdefender online quickscan too and nothing...

i've make a scan with GMER Rootkit Scanner and nothing... :(

( i don't have cd emulation drivers )

Link to post
Share on other sites

I'd like to rule it out as I've not found the IP referenced anywhere in your log yet (when an IP is blocked, the connection itself obviously wouldn't appear in the log, but there should always be at least a reference to it, even if its just a DNS lookup or some such, so its possible theres a proxy involved).

Link to post
Share on other sites

a proxy? but i'm not with a proxy? ( sorry for the newbie.. :) ).. eset perhaps??

i've tried to install malwarebytes AM on another computer with ESET SS 5 too and i've began the 14 days test (so protection is active). When i go to http://extreme-down.com/, same thing happend, IP block 68.168.112.22... and only on this site and this one too: http://forum.downparadise.ws/...

Link to post
Share on other sites

Oks, I've been able to reproduce this issue with the second site you referenced. The cause is the site trying to load content from affiliation-france.com (URL being loaded installs "Moovida", but only for geo-specific countries (shows "Not for this country" for the UK for example)).

Link to post
Share on other sites

It is the advertising, and the IP module is blocking it, so unless you've installed it yourself, it's unlikely. You can safely ignore this.

I've no idea why Chrome would be routing it through different ports, unless it's because it's being blocked.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.