das attorney 857 Posted October 15, 2017 Hi, I'm setting up a server and when I activate Battleye, my Malwarebytes flags an incoming packet as malicious every so often coming from 95.79.251.124. The IP address isn't my IP (server is in my home). Also I thought it might be the battleye master server but this page lists it as 81.0.236.111 Not sure what to do here - is this normal, or something fishy going on? Here's the report: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 10/15/17 Protection Event Time: 9:33 PM Log File: 13df41ca-b1e8-11e7-96b9-6cf049510d2c.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.212 Update Package Version: 1.0.3017 License: Trial -System Information- OS: Windows 10 (Build 15063.674) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Domain: IP Address: 95.79.251.124 Port: [2303] Type: Inbound File: C:\Games\Arma3\SteamApps\common\Arma 3\arma3server_x64.exe Share this post Link to post Share on other sites
tRiKy_ch 26 Posted October 17, 2017 it is a russian ip http://whois.domaintools.com/95.79.251.124 if you don't live in russia that's not so encouraging Share this post Link to post Share on other sites
austin_medic 109 Posted October 18, 2017 I'd say you possibly got some malware infecting programs on your box. I'd probably run some scans with Malwarebytes and probably get another tool to check for rootkits if your server is running a 32 bit OS. If it happens more than a few times there is no way its a one off "oops I sent the packet to the wrong IP". By all the info on the whois registry it looks like a datacenter, although it could be fake. Only other thing i can really recommend is uninstall battleye completely then reinstall with fresh files from the official website. Share this post Link to post Share on other sites
das attorney 857 Posted October 23, 2017 On 10/18/2017 at 9:19 AM, austin_medic said: I'd say you possibly got some malware infecting programs on your box. I'd probably run some scans with Malwarebytes and probably get another tool to check for rootkits if your server is running a 32 bit OS. If it happens more than a few times there is no way its a one off "oops I sent the packet to the wrong IP". By all the info on the whois registry it looks like a datacenter, although it could be fake. Only other thing i can really recommend is uninstall battleye completely then reinstall with fresh files from the official website. Thanks for the reply. I've checked with Roguekiller, GMER, Malwarebytes and Bitdefender and all looks clean. I've also deleted all copies of Battleye dlls from my server profile and game folder and let Steam rebuild them, then copied them over. I'm still getting these weird incoming packets though (only when Battleye is active). One of them is from what looks like a French server: 149.202.64.23 ??? Anyway, I've blocked them via Firewall. Here's the rules if it's helpful for anyone. 5.158.0.0/16 5.159.0.0/16 194.44.0.0/16 149.202.0.0/16 95.79.0.0/16 Share this post Link to post Share on other sites
das attorney 857 Posted October 23, 2017 I've just realised I was being silly. I checked my firewall logs and it's just players around the world looking in their server browser. My server is obv discoverable so they ping to get the details for it to come up in the list. Share this post Link to post Share on other sites