Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

MacOS plugin container trying to connect to blacklisted/proxy IP address

  • 1 reply
  • 1 has this problem
  • 11 views
  • Last reply by TyDraniu

more options

Hi Running FF 99.0.1 on MacOS Big Sur (11.6.4) and my Lulu outbound network monitoring app (https://objective-see.com/products/lulu.html) is flagging an attempt by the FF MacOS plugin container trying to access a high risk site (93/100) according to https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/104.16.248.249.

=======The lulu popup notification shows: Message : plugin-container.app is trying to connect to 104.16.248.249 Process ID: 44441 Process args: -parentBuildID 20220411174855 -prefsLen 6210 -prefMapSize 255244 -sbStartup -sbAppPath /Applications/Firefox.app -appDir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/xxxxx/Library/Application Support/Firefox/Profiles/dps0ori7.default-release 44428 gecko-crash-server-pipe.44428 org.mozilla.machname.1552309677 socket Process Path: /Applications/Firefox.app/Contents/MacOS/plugin-container.app

IP address: 104.16.248.249 port & protocol: 443 (TCP) reverse DNS name: unknown

==

https://www.abuseipdb.com/whois/104.16.248.249 shows a hostname of aofeisheng.com.

Cannot really tell if this is a false positive or something I should block permanently. Not sure why my plugin container is reaching out when the browser was just updated.

Thanks

Hi Running FF 99.0.1 on MacOS Big Sur (11.6.4) and my Lulu outbound network monitoring app (https://objective-see.com/products/lulu.html) is flagging an attempt by the FF MacOS plugin container trying to access a high risk site (93/100) according to https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/104.16.248.249. =======The lulu popup notification shows: Message : plugin-container.app is trying to connect to 104.16.248.249 Process ID: 44441 Process args: -parentBuildID 20220411174855 -prefsLen 6210 -prefMapSize 255244 -sbStartup -sbAppPath /Applications/Firefox.app -appDir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/xxxxx/Library/Application Support/Firefox/Profiles/dps0ori7.default-release 44428 gecko-crash-server-pipe.44428 org.mozilla.machname.1552309677 socket Process Path: /Applications/Firefox.app/Contents/MacOS/plugin-container.app IP address: 104.16.248.249 port & protocol: 443 (TCP) reverse DNS name: unknown ====== https://www.abuseipdb.com/whois/104.16.248.249 shows a hostname of aofeisheng.com. Cannot really tell if this is a false positive or something I should block permanently. Not sure why my plugin container is reaching out when the browser was just updated. Thanks
Attached screenshots

All Replies (1)

more options

It's a Cloudflare server. We sometimes use Cloudflare, for instance as a DoH server.