66.221.53.1 why does Microsoft media player 10 phone home?

66.221.53.1 why does Microsoft media player 10 phone home?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
66.221.53.1 why does Microsoft media player 10 phone home? John Dolinka 06-22-2005
Posted by John Dolinka on June 22, 2005, 1:32 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
MMP phones home through this address 66.221.53.1. Why is it phoning home?
What is it phoning home? Reverse DNS says it's
1-53-221-66.cust.propagation.net. When I link to ip in browser
http://66.221.53.1 and the media player is running local content it causes
it to disconnect, which is odd behaviour.

Just curious,

John Dolinka



Posted by Galen on June 22, 2005, 2:38 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

My reply is at the bottom of your sent message:

> MMP phones home through this address 66.221.53.1. Why is it phoning
> home? What is it phoning home? Reverse DNS says it's
> 1-53-221-66.cust.propagation.net. When I link to ip in browser
> http://66.221.53.1 and the media player is running local content it
> causes it to disconnect, which is odd behaviour.
>
> Just curious,
>
> John Dolinka

I have no idea, I'm hoping it's benign but to get the ball rolling I grabbed
a copy of the page as best as I could using this:

http://www.iqauto.com/cgi-bin/ripper.pl

It turns out it's an ASF file at the other end.

So, I took a look at propagation.net and found an abuse address as well as
an acceptable use policy. So, back to Google I went... There are some
subdomain.propagation.net addresses interestingly enough.

This made me think...

I opened WMP 10....
I dug into my logs from my firewall:

2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:44 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:44 PM wmplayer.exe OUT UDP localhost 1657 Allow LocalHost UDP
Connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection

All of those were accounted for as ads and none of which was your address...

So, without futher ado, I suggest:

Malware Cleaning :
http://www.kgiii.info/windows/all/general/malwarefix.html

Galen
--

"And that recommendation, with the exaggerated estimate of my ability
with which he prefaced it, was, if you will believe me, Watson, the
very first thing which ever made me feel that a profession might be
made out of what had up to that time been the merest hobby."

Sherlock Holmes



Similar ThreadsPosted
Microsoft Help staff asking for home address, phone, etc. by email March 9, 2006, 2:05 pm
Re: media player August 27, 2005, 9:57 pm
windows media player 9 June 16, 2005, 2:05 pm
Media Player DRM Update HELP!! March 31, 2006, 8:04 am
Is Viewpoint dangerous (Windows Media Player) October 29, 2005, 2:11 pm
Re: Security Alert Windows Media Player May 26, 2005, 4:01 pm
Re: Security Alert Windows Media Player May 26, 2005, 10:16 pm
Re: Security Alert Windows Media Player May 26, 2005, 11:04 pm
Windows Media Player 10 not working over HTTPS May 31, 2006, 12:55 pm
Flash Player 923789 - not installing - have current Flash Player December 13, 2006, 3:20 pm

The site map in XML format XML site map

Contact Us | Privacy Policy