Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Weird IP Address Question?.


  • Please log in to reply
5 replies to this topic

#1 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 01 January 2011 - 06:33 AM

Even though I am not downloading/uploading anything I noticed today that the lights were flashing on my cable modem as if I was. When I checked in Comodo Firewall I could see that something was connecting through Firefox from my address to a TCP connection at 85.17.125.43 which as you can see is a site in Holland the transfer rate was approx 469 bytes in and 9 bytes out . The only program I had open at the time is to the Comodo Forums which has nothing to do with it as when I open a new web page and exit the Comodo one the traffic continues until I shut down Firefox and open it again in a new page. My PC OS is Win7 64bit and I use Comodo Firewall and Panda Cloud AV all up to date and I did my weekly scan with Panda yesterday which came up clean as did an on demand scan with SAS which found and deleted only one tracking cookie (ia.media) I do not think that I am infected but can anyone tell me what/who the addressee at the Dutch link is and why my PC is contacting it?. The address as seen at the link below belongs to RIPE or something which maybe a more knowledgeable user can tell me what it is?.
http://scriptserver.mainframe8.com/whois.php
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:01 PM

Posted 01 January 2011 - 06:58 AM

Can you download the following:

TCPView and show a screenshot of this activity?

#3 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 01 January 2011 - 07:18 AM

First off, thanks for the reply Cryptodan. I have downloaded the TCPview in your post and will use it and post a screenshot the next time that I see this behaviour. Unfortunately after I posted the thread I exited Firefox and then reopened it and of course the behaviour is now no longer happening.
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:01 PM

Posted 01 January 2011 - 04:00 PM

This is what the above IP translates too: http://www.velhost.net/

#5 bluesjunior

bluesjunior
  • Topic Starter

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:01 PM

Posted 02 January 2011 - 08:38 AM

Thanks for the link Cryptodan, I am none the wiser though. I have never heard of Velnet before. Yesterday I posted a similar thread on the Mozilla Firefox forums and it seems that this type of behaviour is to do with some aspect of Firefox though not being very knowledgeable on this type of stuff i didn't really understand it other than that it is not malware which has eased my worry. There is a link to their replies below. Again I send many thanks for your help on this matter and wish you a happy new year.
http://forums.mozillazine.org/viewtopic.php?f=7&t=2064755
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:01 PM

Posted 02 January 2011 - 04:11 PM

It could very well be that one of your add-ons is beaconing out/checking for updates.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users