Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: A strange IP address appears when loading webpages

  1. #1
    Join Date
    Sep 2011
    Beans
    24

    A strange IP address appears when loading webpages

    Hi guys,

    I need some serious help. This afternoon after a restart for the update, I suddenly discover that at the end of each webpage loading, Chrome always reports "Waiting for 88.190.44.211...". The IP address points to a firm in Amsterdam, which sounds very dodgy. I don't recall changing any network settings recently. What can I do?

    Any clue or hint is much appreciated. Is my machine hacked? Are all my online activities watched by some nasty people?

    Many thanks,

    toon

  2. #2
    Join Date
    Jan 2007
    Location
    Location: Location:
    Beans
    1,246
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: A strange IP address appears when loading webpages

    Hi,

    Maybe theres an unresolved entry in the dns resolver cache.
    Close any open instances of chrome, open a terminal and run this command

    Code:
    sudo /etc/init.d/dns-clean
    Then open chrome and see if the issue persists.
    clear && echo paste url and press enter; read paste; (youtube-dl $paste) | zenity --progress --title="" --text "Downloading, please wait" --auto-close --pulsate && ans=$(zenity --file-selection); gnome-terminal -x mplayer "$ans"

  3. #3
    Join Date
    Sep 2011
    Beans
    24

    Re: A strange IP address appears when loading webpages

    Thanks, Kurse. I will try tomorrow morning. Hope that's the solution.

  4. #4
    Join Date
    Jul 2011
    Location
    Off the grid
    Beans
    119
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: A strange IP address appears when loading webpages

    That IP isn't dutch, it french.

    host: 88-190-44-211.rev.dedibox.fr

    Code:
    inetnum:        88.190.44.0 - 88.190.44.255
    netname:        FR-DEDIBOX
    descr:          Dedibox SAS
    descr:          Hosting Customers
    descr:          Paris, France
    remarks:        trouble: Information: http://www.dedibox.fr/
    remarks:        trouble: Spam/Abuse requests: http://www.dedibox.fr/abuse/
    remarks:        trouble: Spam/Abuse requests: mailto:abuse@support.dedibox.fr
    country:        FR
    admin-c:        ACP23-RIPE
    tech-c:         TCP8-RIPE
    status:         ASSIGNED PA
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    
                                                
    
    
    role:           Administrative Contact for ProXad
    address:        Free SAS / ProXad
    address:        8, rue de la Ville L'Eveque
    address:        75008 Paris
    phone:          +33 1 73 50 20 00
    fax-no:         +33 1 73 92 25 69
    remarks:        trouble:      Information: http://www.proxad.net/
    remarks:        trouble:      Spam/Abuse requests: mailto:abuse@proxad.net
    admin-c:        APfP1-RIPE
    tech-c:         TPfP1-RIPE
    nic-hdl:        ACP23-RIPE
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    abuse-mailbox:  abuse@proxad.net
    
                                                
    
    
    role:           Technical Contact for ProXad
    address:        Free SAS / ProXad
    address:        8, rue de la Ville L'Eveque
    address:        75008 Paris
    phone:          +33 1 73 50 20 00
    fax-no:         +33 1 73 92 25 69
    remarks:        trouble:      Information: http://www.proxad.net/
    remarks:        trouble:      Spam/Abuse requests: mailto:abuse@proxad.net
    admin-c:        APfP1-RIPE
    tech-c:         TPfP1-RIPE
    nic-hdl:        TCP8-RIPE
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    abuse-mailbox:  abuse@proxad.net
    
                                                
    
    
    route:          88.160.0.0/11
    descr:          ProXad network / Free SAS
    descr:          Paris, France
    origin:         AS12322
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered

  5. #5
    Join Date
    Dec 2007
    Location
    Bombay
    Beans
    6,352
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: A strange IP address appears when loading webpages

    Do you see it when you run Chrome without any extensions enabled?
    de gustibus et coloribus non est disputandum -- Wiktionary

  6. #6
    Join Date
    Sep 2011
    Beans
    24

    Re: A strange IP address appears when loading webpages

    Quote Originally Posted by vasa1 View Post
    Do you see it when you run Chrome without any extensions enabled?
    Thanks, vasa1. That solves the problem. I installed ninja fruit from Google Play last week....
    Last edited by toontu; November 20th, 2012 at 11:02 AM.

  7. #7
    Join Date
    Sep 2011
    Beans
    24

    Re: A strange IP address appears when loading webpages

    Quote Originally Posted by MadsRC View Post
    That IP isn't dutch, it french.

    host: 88-190-44-211.rev.dedibox.fr

    Code:
    inetnum:        88.190.44.0 - 88.190.44.255
    netname:        FR-DEDIBOX
    descr:          Dedibox SAS
    descr:          Hosting Customers
    descr:          Paris, France
    remarks:        trouble: Information: http://www.dedibox.fr/
    remarks:        trouble: Spam/Abuse requests: http://www.dedibox.fr/abuse/
    remarks:        trouble: Spam/Abuse requests: mailto:abuse@support.dedibox.fr
    country:        FR
    admin-c:        ACP23-RIPE
    tech-c:         TCP8-RIPE
    status:         ASSIGNED PA
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    
                                                
    
    
    role:           Administrative Contact for ProXad
    address:        Free SAS / ProXad
    address:        8, rue de la Ville L'Eveque
    address:        75008 Paris
    phone:          +33 1 73 50 20 00
    fax-no:         +33 1 73 92 25 69
    remarks:        trouble:      Information: http://www.proxad.net/
    remarks:        trouble:      Spam/Abuse requests: mailto:abuse@proxad.net
    admin-c:        APfP1-RIPE
    tech-c:         TPfP1-RIPE
    nic-hdl:        ACP23-RIPE
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    abuse-mailbox:  abuse@proxad.net
    
                                                
    
    
    role:           Technical Contact for ProXad
    address:        Free SAS / ProXad
    address:        8, rue de la Ville L'Eveque
    address:        75008 Paris
    phone:          +33 1 73 50 20 00
    fax-no:         +33 1 73 92 25 69
    remarks:        trouble:      Information: http://www.proxad.net/
    remarks:        trouble:      Spam/Abuse requests: mailto:abuse@proxad.net
    admin-c:        APfP1-RIPE
    tech-c:         TPfP1-RIPE
    nic-hdl:        TCP8-RIPE
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    abuse-mailbox:  abuse@proxad.net
    
                                                
    
    
    route:          88.160.0.0/11
    descr:          ProXad network / Free SAS
    descr:          Paris, France
    origin:         AS12322
    mnt-by:         PROXAD-MNT
    source:         RIPE #Filtered
    I think you were right. At the time of writing my original post, our system admin told me it was in Amsterdam so I didn't check it myself. Well, it doesn't really matter. Cheers.

  8. #8
    Join Date
    Jul 2011
    Location
    Off the grid
    Beans
    119
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: A strange IP address appears when loading webpages

    Your welcome.

    But, from what I posted you can deduct that IP belongs to either an ISP or Server provider.

    Which means
    A: The IP belongs to some custommer, private or commercial
    B: The IP is used by some software to contact a server at dedibox.fr
    C: The software is either legitimate (Browser extension?) or malign (Rootkit, or some browser exploit).

    Renting a Virtual Private Server in an anonymous name with untraceable payments isn't extremely difficult, so doing that and attacking from said VPS is a possibility.

  9. #9
    Join Date
    Sep 2011
    Beans
    24

    Re: A strange IP address appears when loading webpages

    Quote Originally Posted by MadsRC View Post
    Renting a Virtual Private Server in an anonymous name with untraceable payments isn't extremely difficult, so doing that and attacking from said VPS is a possibility.
    Agreed. The Chrome extension I installed probably isn't malicious and just tried to update its embedded ads. This problem though could be a crack in Chrome's supposedly solid defence.

  10. #10
    Join Date
    Sep 2011
    Beans
    1,531

    Re: A strange IP address appears when loading webpages

    The best course of action would be to research the app, the developer's website, and the address you noted.

    virustotal.com found no suspect files on dedibox.fr, nor did sucuri sitecheck.

    I found the developer's website. Virustotal.com didn't find anything suspicious on that website either.
    If you want to go further you can upload the file that you got when you installed the app to virustotal & see if it contains anything suspicious.

    I would download the file to test it for you but it costs $4.99 and I'm way to cheap for that. But you can also look at the readme or eula that came with the installation of the app to see what it's doing. I guess it could be adware & constantly calling home with updates on your browser activity. Or it could just be unsuccessfully calling home for updates.

    If you have wireshark you could capture the traffic to that IP. If you post the output here I can help you read it.

    But I'm leaning towards this being a boring old app that is not malicious.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •