TROJAN ALERT:A RATHER ODD OCCURRANCE NEVER HAPPEND BEFORE!!!

[protea1]

Malwarebytes

http://www.malwarebytes.com

 

-Log Details-

Protection Event Date: 3/21/19

Protection Event Time: 9:50 AM

Log File: 07def774-4bae-11e9-9826-d43d7e3865f8.json

 

-Software Information-

Version: 3.7.1.2839

Components Version: 1.0.538

Update Package Version: 1.0.9776

License: Premium

 

-System Information-

OS: Windows 8.1

CPU: x64

File System: NTFS

User: System

 

-Blocked Website Details-

Malicious Website: 1

, , Blocked, [-1], [-1],0.0.0

 

-Website Data-

Category: Trojan

Domain:

IP Address: 203.150.19.63

Port: [6881]

Type: Outbound

File: C:\Program Files\Eagle Dynamics\DCS World OpenBeta\bin\DCS_updater.exe

 

AND WHEN CHECKING UP........???????

 

(end)

 

Whois IP 203.150.19.63 Updated 1 second ago

% [whois.apnic.net]

% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

 

% Information related to '203.150.0.0 - 203.150.127.255'

 

% Abuse contact for '203.150.0.0 - 203.150.127.255' is 'email@inet.co.th'

 

inetnum: 203.150.0.0 - 203.150.127.255

netname: INET-TH

descr: Internet Thailand Company

country: TH

org: ORG-ITCL3-AP

admin-c: INR1-AP

tech-c: INR1-AP

mnt-by: APNIC-HM

mnt-lower: MAINT-TH-INET

mnt-irt: IRT-INET-TH

status: ALLOCATED PORTABLE

last-modified: 2018-03-29T12:52:32Z

source: APNIC

 

irt: IRT-INET-TH

address: Internet Thailand Public Company Limited

address: 1768 Thai Summit Tower, 10th -12th Floor and IT Floor

address: New Petchburi Road, Khwaeng Bang Kapi,

address: Khet Huay Khwang, Bangkok 10310 Thailand

e-mail: email@inet.co.th

abuse-mailbox: email@inet.co.th

admin-c: TY1494-AP

tech-c: HN192-AP

auth: # Filtered

mnt-by: MAINT-TH-INET

last-modified: 2017-09-29T06:07:54Z

source: APNIC

 

organisation: ORG-ITCL3-AP

org-name: Internet Thailand Company Ltd.

country: TH

address: 1768 IFCT Tower, 10th-12th FL

address: IT Floor New Petchburi Road

address: Khwaeng Bang Kapi

address: Khet Huay Khwang

phone: +662-257-7000

fax-no: +662-257-7222

e-mail: email@inet.co.th

mnt-ref: APNIC-HM

mnt-by: APNIC-HM

last-modified: 2018-03-28T12:55:03Z

source: APNIC

 

role: INET NOC ROLE

address: 1768 Thai Summit Tower, New Petchburi Road

address: Khet Huay Khwang, Bangkok

address: Thailand 10310

country: TH

phone: +662 02 2577000

fax-no: +662 02 2577275

e-mail: email@inet.co.th

remarks: send spam and abuse reports to email@inet.co.th

admin-c: CN7-AP

tech-c: AP224-AP

tech-c: HN192-AP

tech-c: NL276-AP

nic-hdl: INR1-AP

remarks: http://www.inet.co.th

notify: email@inet.co.th

mnt-by: MAINT-TH-INET

last-modified: 2015-12-15T04:15:05Z

source: APNIC

 

% This query was served by the APNIC Whois Service version 1.88.15-46 (WHOIS-US3)

[protea1]

ANY IDEAS?

[tintifaxl]

The updater uses peer2peer distribution. So all people currently downloading the update upload the already downloaded parts to others.

 

 

You can read about it here: https://en.wikipedia.org/wiki/Peer-to-peer

 

 

As you were uploading to the alerted IP, you should be safe.

[protea1]

Thnks that all i wanted to hear but fyi have NEVER seen that before ever!

b well and cheers!

[Tailhook]

I get Malwarebytes warnings while running torrents all the time, including while updating DCS. While I'm glad the connections are being blocked, it may just be a false positive.

[SkateZilla]

Blocking the connections would make torrent updating sloooow