66.221.53.1 why does Microsoft media player 10 phone home?

TheMSsForum.com: The Microsoft Software Forum

MMP phones home through this address 66.221.53.1. Why is it phoning home?
What is it phoning home? Reverse DNS says it's
1-53-221-66.cust.propagation.net. When I link to ip in browser
http://66.221.53.1 and the media player is running local content it causes
it to disconnect, which is odd behaviour.

Just curious,

John Dolinka
Top

Re: 66.221.53.1 why does Microsoft media player 10 phone home? by Galen

Galen
Wed Jun 22 13:38:38 CDT 2005

In news:uL2uoB1dFHA.1136@TK2MSFTNGP12.phx.gbl,
John Dolinka <jrd7_nospam@cdc.gov> had this to say:

My reply is at the bottom of your sent message:

> MMP phones home through this address 66.221.53.1. Why is it phoning
> home? What is it phoning home? Reverse DNS says it's
> 1-53-221-66.cust.propagation.net. When I link to ip in browser
> http://66.221.53.1 and the media player is running local content it
> causes it to disconnect, which is odd behaviour.
>
> Just curious,
>
> John Dolinka

I have no idea, I'm hoping it's benign but to get the ball rolling I grabbed
a copy of the page as best as I could using this:

http://www.iqauto.com/cgi-bin/ripper.pl

It turns out it's an ASF file at the other end.

So, I took a look at propagation.net and found an abuse address as well as
an acceptable use policy. So, back to Google I went... There are some
subdomain.propagation.net addresses interestingly enough.

This made me think...

I opened WMP 10....
I dug into my logs from my firewall:

2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:44 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:44 PM wmplayer.exe OUT UDP localhost 1657 Allow LocalHost UDP
Connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection
2:34:47 PM wmplayer.exe OUT TCP localhost PROXY:8080 Windows Media Player
HTTP connection

All of those were accounted for as ads and none of which was your address...

So, without futher ado, I suggest:

Malware Cleaning :
http://www.kgiii.info/windows/all/general/malwarefix.html

Galen
--

"And that recommendation, with the exaggerated estimate of my ability
with which he prefaced it, was, if you will believe me, Watson, the
very first thing which ever made me feel that a profession might be
made out of what had up to that time been the merest hobby."

Sherlock Holmes


Top