This thread was archived. Please ask a new question if you need help.
MacOS plugin container trying to connect to blacklisted/proxy IP address
Hi Running FF 99.0.1 on MacOS Big Sur (11.6.4) and my Lulu outbound network monitoring app (https://objective-see.com/products/lulu.html) is flagging an attempt by the FF MacOS plugin container trying to access a high risk site (93/100) according to https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/220.127.116.11.
=======The lulu popup notification shows: Message : plugin-container.app is trying to connect to 18.104.22.168 Process ID: 44441 Process args: -parentBuildID 20220411174855 -prefsLen 6210 -prefMapSize 255244 -sbStartup -sbAppPath /Applications/Firefox.app -appDir /Applications/Firefox.app/Contents/Resources/browser -profile /Users/xxxxx/Library/Application Support/Firefox/Profiles/dps0ori7.default-release 44428 gecko-crash-server-pipe.44428 org.mozilla.machname.1552309677 socket Process Path: /Applications/Firefox.app/Contents/MacOS/plugin-container.app
IP address: 22.214.171.124 port & protocol: 443 (TCP) reverse DNS name: unknown
https://www.abuseipdb.com/whois/126.96.36.199 shows a hostname of aofeisheng.com.
Cannot really tell if this is a false positive or something I should block permanently. Not sure why my plugin container is reaching out when the browser was just updated.
All Replies (1)
It's a Cloudflare server. We sometimes use Cloudflare, for instance as a DoH server.