MBAM IP Block

D

Dennis

IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
 
D

Dennis

IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
Click to expand...

OK. Googling helped me find the problem. Apparently my AdblockPlus FF
Add-on uses the Fanboy filter list. When AdblockPlus attempts to update
the Fanboy filters it generates the IP Blocks. So I guess MBAM doesn't
like the hosting service that Fanboy uses.
 
V

Virus Guy

Dennis said:
IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly
between 5:30 and 6:30 PM EDT.

Do these IPs appear malicious to any of you experts?
Click to expand...
When these happen I have FF running with
http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
Click to expand...

I regularly bring up drudgereport, but I've never seen cloudflare in my
router's out-going logs. And I don't have any cloudflare entries in my
hosts file.

Both IP's you list seem to belong to cloudflare. I would bet they're
connected to weather.com.

From looking at https://www.cloudflare.com/ I would guess that what
they're doing is similar to newrelic.

This video describes what newrelic is all about, and what I think
cloudflare is also doing:


Bottomline -> add cloudflare.com (and any other cloudflare host-names)
to your hosts file.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MBAM IP-BLOCK 45
Analysis of a Malware Compromise - my first malware 3
IP Config issues - Slow Internet as a result and possible hijack o 5
Event ID 576/538 - Guest Logon 3
Applications take about 3 minutes to start up in XP 6
DNS problem 5
DVD writing error 1
Software Report [10-Step Security - 10/19/2005] 3

Top