MBAM IP Block


D

Dennis

IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
 
Ad

Advertisements

D

Dennis

IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
OK. Googling helped me find the problem. Apparently my AdblockPlus FF
Add-on uses the Fanboy filter list. When AdblockPlus attempts to update
the Fanboy filters it generates the IP Blocks. So I guess MBAM doesn't
like the hosting service that Fanboy uses.
 
Ad

Advertisements

V

Virus Guy

Dennis said:
IP-BLOCK 141.101.124.185 (Type: outgoing)
IP-BLOCK 199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly
between 5:30 and 6:30 PM EDT.

Do these IPs appear malicious to any of you experts?
When these happen I have FF running with
http://www.drudgereport.com/
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.
I regularly bring up drudgereport, but I've never seen cloudflare in my
router's out-going logs. And I don't have any cloudflare entries in my
hosts file.

Both IP's you list seem to belong to cloudflare. I would bet they're
connected to weather.com.

From looking at https://www.cloudflare.com/ I would guess that what
they're doing is similar to newrelic.

This video describes what newrelic is all about, and what I think
cloudflare is also doing:


Bottomline -> add cloudflare.com (and any other cloudflare host-names)
to your hosts file.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

MBAM IP-BLOCK 45
MBAM 9
New MBAM 4
MBAM resident function? 3
MBAM 1.34 Released Today. 22
AVG blocking IP addresses? 7
Email Worm Spoofing not stopped by mbam 4
Fraud AV (ThinkPoint) not detected by Mbam 23

Top