MBAM IP Block

  • Thread starter Thread starter Dennis
  • Start date Start date
D

Dennis

IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
 
IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
Click to expand...

OK. Googling helped me find the problem. Apparently my AdblockPlus FF
Add-on uses the Fanboy filter list. When AdblockPlus attempts to update
the Fanboy filters it generates the IP Blocks. So I guess MBAM doesn't
like the hosting service that Fanboy uses.
 
Dennis said:
IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly
between 5:30 and 6:30 PM EDT.

Do these IPs appear malicious to any of you experts?
Click to expand...
When these happen I have FF running with
http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
Click to expand...

I regularly bring up drudgereport, but I've never seen cloudflare in my
router's out-going logs. And I don't have any cloudflare entries in my
hosts file.

Both IP's you list seem to belong to cloudflare. I would bet they're
connected to weather.com.

From looking at https://www.cloudflare.com/ I would guess that what
they're doing is similar to newrelic.

This video describes what newrelic is all about, and what I think
cloudflare is also doing:


Bottomline -> add cloudflare.com (and any other cloudflare host-names)
to your hosts file.
 
Back
Top