I’ve been getting multiple warnings about this IP from avast “172.86.180.122:26678” so i found the app its using to get into my PC and banned it but i closed the warning before i decided to report the IP online at https://www.abuseipdb.com and the website is asking what kind of “thing” was it trying to do. So now i need to remember what avast called the “thing” it was infected with. I think it was called something like botnet blacklist but my memory is atrocious and i don’t trust it. So I’d like to check avast’s records to find the exact name.
Hi,
Please have a look at the WebShield report log in C:\ProgramData\Avast Software\Avast\report
- Avast Real-time Shield Scan Report
- This file is generated automatically
- Started on: Thursday, July 08, 2021 6:22:41 AM
-
Shield stopped: Thursday, July 08, 2021 6:40:02 AM
-
Run-time was 17 minute(s), 21 second(s)
-
Avast Real-time Shield Scan Report
-
This file is generated automatically
-
Started on: Thursday, July 08, 2021 6:40:48 AM
-
Shield stopped: Thursday, July 08, 2021 7:00:45 AM
-
Run-time was 19 minute(s), 57 second(s)
-
Avast Real-time Shield Scan Report
-
This file is generated automatically
-
Started on: Thursday, July 08, 2021 7:01:35 AM
Is that all that’s in the webshield.txt file, it seems very short ?
The newest entries are appended to the bottom of the file.
The file is huge. these are from the bottom. The last warning i got was from 7/12-today
Yes I know. but that entry isn’t on your listing.
I noticed that. In fact the last entry from all the reports seem to be from 7/8
That is definitely strange mind you if you haven’t restarted the system since then, it shows when it was started and also stopped.
Since you haven’t recorded a Stop since the last start on July 08, 2021, then effectively you haven’t had any web shield alerts.
But I can’t think what would have been alerting, taking a screenshot when alerts happen is the best route to gathering information.
I get several when testing in relation to forum topics.
See my attached image of the last entry in my webshield.txt file.
I tried to do a direct connect to that IP, but it failed to connect, but no errors on screen.
Finally I got this -
The connection has timed out
The server at 172.86.180.122 is taking too long to respond.
I checked the IP here - https://www.abuseipdb.com/check/172.86.180.122 - This IP was reported 19 times. Confidence of Abuse is 11%:
And
Also on - https://www.virustotal.com/gui/url/9a74c7b27069ad473b1591ac161e4f3a94f2f95cb2ac879b1398470d17047eab/detection - only two hits there
Well i already banned the IP so i won’t be getting another warning about it. And without knowing what it was trying to do i guess i won’t be the 20th report on it.