Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    13 security vendors flagged this IP address / Active Treat Showing During Windows 11 Updates

    Scheduled Pinned Locked Moved Firewalling
    snortipv4securityfirewall
    1 Posts 1 Posters 352 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee
      last edited by JonathanLee

      Snort IPS/IDS is catching something different today. I thought I would share this flagged invasive actor with the community.

      Has anyone else seen this IP hit your firewalls during Windows 11 updates?

      45.143.9.106
      AS 3999045 (DEDIOUTLET-NETWORKS)

      Screenshot 2023-08-13 at 11.16.27 PM.png
      (This was flagged by 13 different security providers)

      The IP block is out of Lithuania? Maybe this has to do with what is occuring in the former Zaire with what is being broadcast over worldband radio signal the last couple weeks, anyone hear that radio station last week? Maybe it was a replay of old radio signals? Anyway enough of the rabbit hole.

      I don't understand why this is flagged and showing up only during Windows 11 updates that's what throws me off here. Something is off with this IP address

      Anyone else notice anything or maybe run a Wireshark on it?

      Make sure to upvote

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.