Any idea what this is?

[Craig234]

Yesterday, I installed Malwarebytes Pro. It monitors 'hostile websites'.

Now, about every 2 minutes a popup window from it says it blocked an attempt by a website at 95.206.116.255 to access my PC.

No idea what that is, what it's trying to do, if it's harmful, if I should do anything else to prevent it.

 

[unokitty]

Not familiar with Malwarebytes Pro.

But here is some info about that IP address.

Ripe Database Query

RobTex Search

IP Location Finder

Best of luck,
Uno

 

[MrColin]

I may be wrong but I thought x.x.x.255 addresses are broadcast addys aren't they?

Do you have a bittorrent client running? If so does it work very well?

 

[unokitty]

I may be wrong but I thought x.x.x.255 addresses are broadcast addys aren't they?

If this were a Class C address and we were dealing with classfull addressing, you would be correct. However, the address in question has a first octet of 95 and is not a Class C address.

According to RIPE, TELIANET owns the 95.192.0.0/12 block of addresses so a last octet address of 255 wouldn't necessarily be a broadcast address.

If I were the OP, I would probably turn on Wireshark, or TCPDump, and look at the packets that I was getting from 95.206.116.255.

As I said earlier, I'm not familiar with Malwarebytes Pro, but I wouldn't automatically assume that this wasn't a false positive.

Still, I'd be interested in hearing what others think ...

Uno

 

[Craig234]

Thanks for the replies so far. I still have the original questions. I don't think I'd know how to use the 'packets I was getting' to find anything on this.

 

[Craig234]

Same thing, different IP: 83.128.52.110

Edit: I got important more info. Malwarebytes reported the second ip, at least, with the info that it's an outbound connection; port 50076; and that it's from file 'pmb.exe'.

pmb.exe is Pandora Music Box, a downloading utility bundled with a number of programs. I tested before and after killing pmb.exe in task manager, DL went from ~19MB to ~20MB.

Not sure if it's something to be concerned about.

There were people reporting it 'took up over 100MB of memory', and that it 'took all their CPU', but it was using 10MB of memory, I didn't check the CPU.

 

[imagoon]

If this were a Class C address and we were dealing with classfull addressing, you would be correct. However, the address in question has a first octet of 95 and is not a Class C address.

According to RIPE, TELIANET owns the 95.192.0.0/12 block of addresses so a last octet address of 255 wouldn't necessarily be a broadcast address.

If I were the OP, I would probably turn on Wireshark, or TCPDump, and look at the packets that I was getting from 95.206.116.255.

As I said earlier, I'm not familiar with Malwarebytes Pro, but I wouldn't automatically assume that this wasn't a false positive.

Still, I'd be interested in hearing what others think ...

Uno

I generally agree with your comment but since classful has gone the way of the dinosaur, you are making it confusing by saying the range is "not class C". The only exception is if you are referring to class C as "/24" and not 192.0.0.0 - 223.255.255.255. The company could have that range subnetted any million of ways and only posting a summary address to the public internet and the like.

 

[MrColin]

If you aren't using pandora when it does this I would be concerned, if you are its probably just pandora doing its normal snooping on your browser activity or whatever it does.

The packet sniffing idea is a good one if you want to know what is really going on. I've used wireshark for this and it lets you see the packet contents which are sometimes human readable enough to get a clue.

 

[Craig234]

To be clear, this isn't 'Pandora' as in me using a music service, this is 'Pandora' some downloading program that some games install without asking that steals bandwidth.

Web page I found on it:

http://www.lo-ping.org/2011/07/29/the-pando-pandemic-why-you-might-already-be-infected/

 

[unokitty]

To be clear, this isn't 'Pandora' as in me using a music service, this is 'Pandora' some downloading program that some games install without asking that steals bandwidth.

Web page I found on it:

http://www.lo-ping.org/2011/07/29/the-pando-pandemic-why-you-might-already-be-infected/

Craig,

Looks like you have identified it. Though, pmb,exe also seems be described as "Pando Media Booster".

This appears to be a bit torrent client that installs itself when you install other software such as a game.

Reportedly, after you download the game, it continues to use your computer and bandwidth as a BitTorrent client. This means that those alerts you were getting from MalwarebytesPro likely were other people who were also installing that game. (Though, they also could have been advertisements from the ad-supported version of Pando Media Booster as well.)

No idea what that is, what it's trying to do, if it's harmful, if I should do anything else to prevent it.

If it were me, I would remove it from my startup tab in msconfig.exe. Probably, would also uninstall it. There are some instructions here. Though, I would expect you to be able to find more information for it on a forum devoted to whatever game you downloaded...

Removing it should clear up your issues. But please report back if you continue to have an issue.

Best of luck,
Uno

 

[lxskllr]

Sounds like it's a way of companies cheaping out on bandwidth. They offload the distribution to their customers using bittorrent. I'm all for using bittorrent to distribute files, but it should be with the user's consent. If you feel like you're getting value from the service(cheaper prices, supporting indie devs...), you can probably leave it. If you aren't getting value, delete it, and don't patronize companies that use shady business practices.

 

[Craig234]

Thanks. Uno, you're right on the name, I got mixed up. One thing on it is, if you uninstall it, apparently any time the game loads an update it reinstalls it.