To Customer Support To Customer Support
Solved

Are these WSA IP's or maybe Saavis?

  • 20 January 2014
  • 6 replies
  • 45 views
garlicwebroot
Rank
Userlevel 3
http://imgur.com/EDgAE1Y
 
 
i am blocking them and it doesn't seem to harm WSA security. Thing is, I-Blocklist has it listed as US Gov IP, which probably means it runs over Saavis. Saavis operates all US Government website, but its private company that also does other hosting for not Government entities. Any info on this would be helpful :)
 
best i  can tell all traffic is from WSA
 
 
this is the IP of most interest to me. The others are the WSA website and I don't mind them being blocked. But, this IP is blocked when i try to "manually update WSA" the ip is 66.35.53.194:443
icon

Best answer by DanP 21 January 2014, 17:00

View original
__________________________________________________________ check out my idea and vote for it if you agree! https://community.webroot.com/t5/Ideas-Exchange/Ability-to-disable-quot-security-disabled-quot-warnings/idi-p/77439

6 replies

DanP
Rank
Userlevel 7
Badge +35
@ wrote:
http://imgur.com/EDgAE1Y
 
 
i am blocking them and it doesn't seem to harm WSA security. Thing is, I-Blocklist has it listed as US Gov IP, which probably means it runs over Saavis. Saavis operates all US Government website, but its private company that also does other hosting for not Government entities. Any info on this would be helpful :)
 
best i  can tell all traffic is from WSA
 
 
this is the OP of most interest to me. The others are the WSA website and I don't mind them being blocked. But, this IP is blocked when i try to "manually update WSA" the ip is 66.35.53.194:443

That is a Webroot IP. The Webroot Community Forums that you're posting this on are hosted on that IP ;)
 
-Dan
Webroot Threat Research
garlicwebroot
Rank
Userlevel 3
the software is dialing 66.35.53.194:443 and 66.35.53.195:50?

 
these ips are blocked when manually updating from the software. not visiting the site
 
what reason would WSA dial those from in app?
__________________________________________________________ check out my idea and vote for it if you agree! https://community.webroot.com/t5/Ideas-Exchange/Ability-to-disable-quot-security-disabled-quot-warnings/idi-p/77439
RetiredTripleHelix
Rank
Userlevel 7
Badge +56
That's strange this what I get?
 

IP: 208.74.205.209

http://webinfo.reformal.ru/favicons/c/community.webroot.com.ico

Webroot Community - Webroot Community
 

garlicwebroot
Rank
Userlevel 3
ya it is weird. I asked the I-Blocklist people and they said it was BOGON, or bogus ip etc...
 
maybe my dhcp?
 
either way, blocking access to that IP doesn't seem to cause any issues with protection, but im still wondering whats going on.
 
http://en.wikipedia.org/wiki/Bogon_filtering
__________________________________________________________ check out my idea and vote for it if you agree! https://community.webroot.com/t5/Ideas-Exchange/Ability-to-disable-quot-security-disabled-quot-warnings/idi-p/77439
garlicwebroot
Rank
Userlevel 3
https://dazzlepod.com/ip/66.35.53.195/
 
according to this site its Webrrots IP/ But why is it calling from software?
__________________________________________________________ check out my idea and vote for it if you agree! https://community.webroot.com/t5/Ideas-Exchange/Ability-to-disable-quot-security-disabled-quot-warnings/idi-p/77439
DanP
Rank
Userlevel 7
Badge +35
Here is a list of URL masks for normal communications:
*.webrootcloudav.com
*.*.webrootcloudav.com 
*.p4.webrootcloudav.com 
*.compute.amazonaws.com
*.webroot.com 
*.webrootanywhere.com 
 
The actual IPs will vary for various reasons, so these are the firewall exclusions that some of our business customers will need to add for propper communication. The communication you are seeing is perfectly normal.
 
Thanks,
 
-Dan
 
Webroot Threat Research

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.