Jump to content


Photo

where is the Ip that MWM is blocking

Kansas 4.26.235.126

  • This topic is locked This topic is locked
7 replies to this topic

#1 Grumpy68

Grumpy68

    New Member

  • Members
  • Pip
  • 10 posts

Posted 17 February 2013 - 11:06 AM

suddenly MWM iscontinuously blocking outgoing to
4.26.235.126

It doesnt seem to have been mentioned in any forum as a FP or malware. when I try to trace it it shows as being in the depths of rural Kansas n.e of Wichita!

any thoughts because I cant think of any untowards site I have visited that would suddenly cause this outgoing to pop up.

#2 daledoc1

daledoc1

    Forum Deity

  • Spam Hunters
  • PipPipPipPipPipPip
  • 11,954 posts
  • Gender:Not Telling

Posted 17 February 2013 - 11:11 AM

Hi, Grumpy68: :)

According to ip-lookup.net, it's in the US.
You don't mention the process that's trying to make the connection, so it's hard to know for sure what's going on without more info.

IP blocks can indicate a number of things:
  • They could indicate that MBAM is doing its job of blocking bad content on websites.
  • In some cases the blocks are a false positive.
  • However, they can also be a sign of infection, especially if the blocks are outgoing and they occur when no browsers are open.
--> There is more information about the IP blocking module in the Helpdesk topics HERE and HERE, and in the FAQ - Section G.
They also contain instructions on how to determine what process might be trying to make the connections.
You may also research the IP in question at www.ip-lookup.net or a similar site.

On the other hand, if you think the IP blocks might be a false positive, then please read this sticky topic before starting a new topic in the False Positives forum.

>>>Alternatively, if you think you might be infected, based on the IP blocks and/or other suspicious computer behavior, then please read the following for the available options to have a malware expert assist you with cleaning process Available Assistance For Possibly Infected Computers.




Thanks!

daledoc1

Just a home user & forum volunteer
DT1: Win7/Ult/64 SP1; Intel Core i7-3770 @3.4 GHz; 16 GB RAM; NVidia GeForce GT620; IE9; Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner
DT2: Win7 Ult/64 SP1; Intel Core i7-860 @2.8 GHz; 8 GB RAM; ATI Radeon HD 5770; IE 9, Fx; TB; Cable HSI; MBAM PRO 1.75.0.1300; KIS2014; SAS Free; CCleaner.
LT: Win7 Pro/64 SP1; Intel Core i7-3632 cached @3.2 GHz; 16 GB RAM; NVidia GeForce GT640M; IE 10; Fx; TB; WLAN; MBAM PRO 1.75.0.1300; Sophos ES 10.3; SAS Free; CCleaner.


#3 netolia

netolia

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 February 2013 - 02:17 PM

I'm getting this exact same block today and I can tell you that it happens when I try to access www.deezer.com, a legitimate music streamming service. It is preventing me from accessing to my songs.

#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,245 posts
  • Gender:Male
  • Location:US

Posted 17 February 2013 - 02:32 PM

Don't know for sure as that address does not come up as deezer.com


IP address: 4.26.235.126
No host name is associated with this IP address or no reverse lookup is configured.
Error: Host not found
4.26.235.126 is from United States(US) in region North America

Deezer.com comes up with a different IP address

IP address: 64.86.105.145
Host name: deezer.com
Alias: deezer.com
64.86.105.145 is from Canada(CA) in region North America


I would recommend following the advice provided by daledoc1

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 netolia

netolia

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 February 2013 - 02:52 PM

Streaming services like Deezer or Spotify seem to work mith many different providers. When I used Spotify Malwarebytes sometimes blocked half a dozen sites in a couple of days. I'm sure that they were caused by Spotify because I was using its client and no browser was opened at the time.

Right now, as I write, Malwarebytes is blocking 4.26.235.126 every time that a new song plays on the deezer player.

#6 netolia

netolia

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 February 2013 - 02:55 PM

I forgot to add that I have reported this issue to Deezer, let's see what they answer.

#7 netolia

netolia

    New Member

  • Members
  • Pip
  • 7 posts

Posted 17 February 2013 - 05:07 PM

The IP belongs to http://en.wikipedia...._Communications according to Bright Cloud and DShield.

11.000 employees.

0/38 blacklisted at http://www.ipvoid.co...n/4.26.235.126/

#8 OliPicard

OliPicard

    New Member

  • Members
  • Pip
  • 16 posts
  • Gender:Male

Posted 21 April 2013 - 01:47 PM

Just to add to this, its affecting pcgamer.com from loading images (This seems to be an IP used for CDN.) I have gone ahead and created a false postive as many people are reporting the same issue.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users