We're seeing a lot of pings coming from the IP range 206.206.85.202-5 on our firewall, and they're being flagged as related to pornography. Initially, we thought it might be a user accessing inappropriate content, but since multiple machines are being flagged, that seems unlikely now. Has anyone else encountered this IP address? Any insights would be appreciated!
**EDIT:** We're running thorough scans on our endpoints to check for malware or viruses, but they all appear to be clean so far.
5 Answers
I found some reports about those IPs suggesting they're linked to a Microsoft CDN, possibly for Windows updates. It might not be anything malicious after all! Check out reports like this one: https://urlquery.net/report/5ea1a8eb-9ea1-480c-868a-5682ab4122b1.
I know that IP! There's some chatter about it being associated with known figures in the news. Still, it could just be noise and not worth getting too worked up about.
Could you clarify what you mean by "pings"? Are you tracking inbound traffic that’s being denied or outbound traffic? The IPs are registered to IPXO, which is just an IP leasing service.
This sounds like a false positive to me. If it’s just pings, it might be worth investigating but you shouldn’t lose sleep over it. Just keep a lookout and move on unless more serious issues arise.
You're missing some key info here. What direction is the traffic coming from? What ports are involved? It's essential to gather those details to really understand what's going on.
Thanks for the info! Just to clarify, certain Windows machines on our network are trying to connect to those IPs but getting blocked by the firewall. It’s not causing any outages yet, but it’s definitely something I’m keeping an eye on.