MBAM IP Block

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
IP-BLOCK    141.101.124.185 (Type: outgoing)
IP-BLOCK    199.27.135.184 (Type: outgoing)

For the past 3 or 4 days MBAM catches these attempts roughly between
5:30 and 6:30 PM EDT. It first sees 3 of one followed by 3 of the other.
The total burst (6 attempts) lasts about 30 seconds.

Do these IPs appear malicious to any of you experts?

MBAM and Avira scans don't find anything.

When these happen I have FF running with http://www.drudgereport.com /
and http://www.weather.com/ in tabs.

One of the IPs seems to resolve to a cloudflare.com host.

--

Dennis

Re: MBAM IP Block

opined:

Quoted text here. Click to load it

OK. Googling helped me find the problem. Apparently my AdblockPlus FF
Add-on uses the Fanboy filter list. When AdblockPlus attempts to update
the Fanboy filters it generates the IP Blocks. So I guess MBAM doesn't
like the hosting service that Fanboy uses.

--

Dennis

Re: MBAM IP Block

Dennis wrote:
 
Quoted text here. Click to load it


I regularly bring up drudgereport, but I've never seen cloudflare in my
router's out-going logs.  And I don't have any cloudflare entries in my
hosts file.

Both IP's you list seem to belong to cloudflare.  I would bet they're
connected to weather.com.

From looking at https://www.cloudflare.com/ I would guess that what
they're doing is similar to newrelic.

This video describes what newrelic is all about, and what I think
cloudflare is also doing:


http://www.youtube.com/watch?v=7Mg0UtzYql4


Bottomline -> add cloudflare.com (and any other cloudflare host-names)
to your hosts file.

Site Timeline