Jump to content
Not connected, Your IP: 216.73.216.2
AirVPN
Sign in to follow this  
Followers 0
Zack

ANSWERED Malwarebytes blocks ip 213.152.187.210

By Zack, ... in Troubleshooting and Problems

Recommended Posts

Zack    0

Zack
Posted ...

Hello :)
Sometimes I get message from malwarebytes that app X has tried to connect to ip 213.152.187.210 on port Y

The only info I can find about about this IP is that it seems to be on the same range as the AirVPN servers in Netherlands uses  and that this IP is blocked due to its related to an trojan:
https://www.malwarebytes.com/blog/detections/213-152-187-210

Anyone here has more info about this?

Share this post

Link to post

Staff    10470

Staff
Posted ...
@Zack

Hello!

The IP address you mention is assigned to AirVPN server Asellus in the Netherlands. Please mention explicitly port Y, we want and must verify what your app (mention the app too if possible) will find on that port, it's important.

Kind regards
 
Zack reacted to this

Share this post

Link to post

Zack    0

Zack
Posted ...
5 hours ago, Staff said:
@Zack

Hello!

The IP address you mention is assigned to AirVPN server Asellus in the Netherlands. Please mention explicitly port Y, we want and must verify what your app (mention the app too if possible) will find on that port, it's important.

Kind regards
 
The program is tailscale and the port is 54037 in this case 🙂

I do have an Netherlands AirVpn server setup as an tailscale exit node, but this pc does not use any exit nodes.

Share this post

Link to post

Staff    10470

Staff
Posted ...
11 minutes ago, Zack said:
The program is tailscale and the port is 54037 in this case 🙂

I do have an Netherlands AirVpn server setup as an tailscale exit node, but this pc does not use any exit nodes.

Hello!

There's nothing listening to port 54037 on any AirVPN server. We can't see why Tailscale seeks a connection to it, anyway we are sure now that there's no malware there as there's nothing. Probably Malwarebytes behavior comes from some past event or it's yet another over-blocking case.

Kind regards
 
Zack reacted to this

Share this post

Link to post

Zack    0

Zack
Posted ...
13 minutes ago, Staff said:

Hello!

There's nothing listening to port 54037 on any AirVPN server. We can't see why Tailscale seeks a connection to it, anyway we are sure now that there's no malware there as there's nothing. Probably Malwarebytes behavior comes from some past event or it's yet another over-blocking case.

Kind regards
 
According to the link in my first post, the entire range is flagged at Malwarebytes due to some adresses has been related to troians at one point.

But nice to know nothing listens on that port, makes little sense to me 

Share this post

Link to post

Staff    10470

Staff
Posted ...
4 minutes ago, Zack said:

the entire range is flagged at Malwarebytes


Hello!

The "range" is specified by mask /32, so it's this single unique address. Yes, it's plausible that some past event flagged the IP address.
 
5 minutes ago, Zack said:

nice to know nothing listens on that port, makes little sense to me 


We don't know the internals of Tailscale but definitely this behavior should be investigated. Why an attempted connection to this specific IP address and why this port?

Kind regards
 
Zack reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...