For the last few weeks I've been getting dozens of IP attempts to access my computer. Fortunately, the Netguard on my McAfee suite is blocking the attempts (deeming them "risky connections"), but obviously I've very concerned. All of the attempts have been coming from some variation of s3.amazonaws.com. Research I've done indicates that although the ISP may say amazon.com, these may very well be some sort of DOS attack, virus, malware, etc.
I've done numerous scans, whether that is anti-virus, malware, spyware, you name it. But the IP attempts continue.
Does anyone have any recommendations that I can perform to stop these attempts once and for all? Here are the IP's in question:
Thanks in advance,
If you mean Netguard has been putting up warnings about these IP addresses, that means one or more of your programs is attempting to contact them. Netguard blocks outgoing connections.
Net Guard ... actively reviews each website you try to visit. Net Guard scans the website address and compares it to McAfee's current list of trusted and untrusted websites to determine a safety level. If Net Guard sees the website as risky, it blocks your connection attempt and prompts you with a warning.
You can see a log of failed inbound connection attempts in the History and Logs section of Security Center.
There is another thread where the Amazon server IP addresses are being discussed - see
People talk in awe about The Cloud but all it boils down to is some organisation like Amazon with a whole load of servers subletting space on some of them. If suspect material gets uploaded to a server then that IP address becomes suspect. Amazon servers host third-party content with relatively little oversight on Amazon's part so it's little wonder if Amazon servers are beginning to be blocked by Netguard.
Edit - There's also another thread from earlier this year about Netguard blocking connections to Amazon IP addresses -
Message was edited by: Hayton on 06/10/12 06:28:14 IST
Yeah, they say they're originating from Google Chrome.
I ran the ESET Online Scanner and it picked up four viruses that my other AV program didn't pick up (McAfee). It doesn't appear that they're directly related to Chrome, but I've deleted both the files and programs themselves to be on the safe side. Here is the .txt file of the viruses found:
C:\Users\Tony\Downloads\cnet2_WeatherBugSetup_msi.exe a variant of Win32/InstallCore.D application
C:\Users\Tony\Downloads\light_image_resizer4_setup_188.8.131.52_linkular.exe Win32/Adware.Linkular.AC application
C:\Users\Tony\Downloads\WinZip165 (1).exe a variant of Win32/OpenInstall application
C:\Users\Tony\Downloads\WinZip165.exe a variant of Win32/OpenInstall application
Well, those four aren't exactly dangerous. I checked them out and they're all Adware. McAfee puts that into the "Maybe unwanted but leave it alone" category.
The relevent info is that it's Google making the connections that Netguard blocks. That's presumably "Google" as in "Chrome". Something on downloaded web pages will be trying to connect to site on those servers that NetGuard is blocking. The block is almost certainly because there's something somewhere on each server that's cuased the IP address to be rated unsafe. There's no way of knowing (without some deep investigation) whether allowing the connection to be made would actually be risky. Most probably the web pages are only calling up the server to display advertising ...
If you want to cut down the number of these blocked connections there's a program from Abine (DoNotTrack+) which might help. In Firefox I would advise NoScript. And AdBlock in both browsers.
The server problems may be related to the sending of spam, in which case this is not a new problem at all. I've found posts in other forums going back to 2009 where an Amazon AWS server gets blcklisted for that reason. Amazon don't seem to have any way of monitoring their servers for this sort of thing, and don't seem to be very fast when it comes to de-blacklisting their servers.
See any one of these Amazon/spam/blacklisting site pages -
I am having the same issue now with Amazon Cloud Player. This never happened to me the last time I used it about 1 month ago, so this is something new that has popped up. Now everytime I log into Amazon Cloud Player via my PC (Using IE or Firefox), Net Guard pops up as being blocked as a risky connection. IP Range always will be some where between 184.108.40.206 to 220.127.116.11 With these being blocked it will not allow me to stream my music. If I go into Net Guard and allow the IP, then Amazon Cloud Player works perfect. However if I close my browser and log back in again to the Amazon Cloud Player, a different IP begiing with 72.21.xxx.xxx appears and then I have to allow this one in order to use the Cloud Player.
This is very frustrating as I use to never have this problem. I noticed some other blogs where apple services is having the same issue with the same IP range as well. I have posted a support ticket with McAfee. Their Tier 1 support could not resolve it, so they have turned it over to Tier 2 support. They told me they would contect me in 24 to 48 hours to continue trouble shooting. Will keep you updated