Malicious Website Blocked, no process (Malwarebytes)

lightingft

Estimable
Apr 2, 2015
7
0
4,510
Hey guys,
So today I was just doing the usual tasks, surfing the net, etc. Then I was on Steam and listening to music, just browsing my game library when a 'Malicious Website Blocked' appeared, but in Process: it was blank. The IP was 41.204.187.12, 137, and this, what seemed like an attack, occurred 3 times at the same time (12:53). What should I do now? I've did virus scans with Malwarebytes and Bitdefender but nothing came up.
By the way, the connection is outbound.
 

techgeek

Distinguished
Apr 11, 2004
175
0
18,710
Well some program on your computer tried to connect to that site. A quick check of it's IP address shows that it's in Kenya (Kenyan Educational Network), sounds sort of ominous.

I would try another scanner, like Kaspersky online scanner. Since the connection was attempted from your end, then you have a running process that is trying to connect to this IP address.
 

lightingft

Estimable
Apr 2, 2015
7
0
4,510


The only thing I can think of is a P2P Client, but if I have it excluded, wouldn't no URLs pop up at all?

Edit: Ran a scan with the Kaspersky Security Scan software. Clean.
 

techgeek

Distinguished
Apr 11, 2004
175
0
18,710
I assume you mean you have your P2P client excluded in MalwareBytes firewall. However this seems to have blocked the IP address on the NetBIOS port (137) which shouldn't have been being used by your P2P client. I would guess that MalwareBytes blocked it because it flagged the IP address or the port number. I would guess that MalwareBytes firewall defaults to blocking any attempts to use NetBIOS.
 

lightingft

Estimable
Apr 2, 2015
7
0
4,510


But where could the IP come from initially? I didn't have anything open to probably produce this IP, because I've done everything possible to reproduce the pop-up but nothing occurred, it was completely random.
 

techgeek

Distinguished
Apr 11, 2004
175
0
18,710
I can't tell you what process attempted to open a connection to that IP address on that port. Maybe MalwareBytes logged it (not familiar with MalwareBytes firewall, I only use the free version), open up it's logfiles. It should keep logs of all events, maybe it'll tell you what process attempted the connection, and / or why it blocked it.
 

lightingft

Estimable
Apr 2, 2015
7
0
4,510


The log doesn't seem to say anything.