7 replies to this topic

[Grumpy68]

suddenly MWM iscontinuously blocking outgoing to
4.26.235.126

It doesnt seem to have been mentioned in any forum as a FP or malware. when I try to trace it it shows as being in the depths of rural Kansas n.e of Wichita!

any thoughts because I cant think of any untowards site I have visited that would suddenly cause this outgoing to pop up.

[daledoc1]

Hi, Grumpy68:

According to ip-lookup.net, it's in the US.
You don't mention the process that's trying to make the connection, so it's hard to know for sure what's going on without more info.

IP blocks can indicate a number of things:

• They could indicate that MBAM is doing its job of blocking bad content on websites.

• They can also occur when running Skype and certain P2P programs, such as torrents. For example, please see this help desk topic about Skype and this one about P2P.

• In some cases the blocks are a false positive.

• However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.

--> There is more information about the IP blocking module in the Helpdesk topics HERE and HERE, and in the FAQ - Section G.
They also contain instructions on how to determine what process might be trying to make the connections.
You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this sticky topic before starting a new topic in the False Positives forum.

>>>Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with cleaning process Available Assistance For Possibly Infected Computers.




Thanks!

daledoc1

[netolia]

I'm getting this exact same block today and I can tell you that it happens when I try to access www.deezer.com, a legitimate music streamming service. It is preventing me from accessing to my songs.

[AdvancedSetup]

Don't know for sure as that address does not come up as deezer.com


IP address: 4.26.235.126
No host name is associated with this IP address or no reverse lookup is configured.
Error: Host not found
4.26.235.126 is from United States(US) in region North America

Deezer.com comes up with a different IP address

IP address: 64.86.105.145
Host name: deezer.com
Alias: deezer.com
64.86.105.145 is from Canada(CA) in region North America


I would recommend following the advice provided by daledoc1

[netolia]

Streaming services like Deezer or Spotify seem to work mith many different providers. When I used Spotify Malwarebytes sometimes blocked half a dozen sites in a couple of days. I'm sure that they were caused by Spotify because I was using its client and no browser was opened at the time.

Right now, as I write, Malwarebytes is blocking 4.26.235.126 every time that a new song plays on the deezer player.

[netolia]

I forgot to add that I have reported this issue to Deezer, let's see what they answer.

[netolia]

The IP belongs to http://en.wikipedia...._Communications according to Bright Cloud and DShield.

11.000 employees.

0/38 blacklisted at http://www.ipvoid.co...n/4.26.235.126/

[OliPicard]

Just to add to this, its affecting pcgamer.com from loading images (This seems to be an IP used for CDN.) I have gone ahead and created a false postive as many people are reporting the same issue.