https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123748#M395642 <P>&nbsp;&nbsp;&nbsp; We have been running the Cisco Botnet fliters for some time now and we are seeing thousands of dropped packets all pointing to backplane1.janrainbackplane.com, port 443 on a wide variety of ip addresses. I can find no information within the other anti-malware vendors that they consider this to be malware. Is this behavior unique to my environment or are you seeing this type of behavior as well?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Tue, 12 Mar 2019 00:22:50 GMT mrrlg 2019-03-12T00:22:50Z https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123748#M395642 <P>&nbsp;&nbsp;&nbsp; We have been running the Cisco Botnet fliters for some time now and we are seeing thousands of dropped packets all pointing to backplane1.janrainbackplane.com, port 443 on a wide variety of ip addresses. I can find no information within the other anti-malware vendors that they consider this to be malware. Is this behavior unique to my environment or are you seeing this type of behavior as well?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P> Tue, 12 Mar 2019 00:22:50 GMT https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123748#M395642 mrrlg 2019-03-12T00:22:50Z https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123749#M395646 <HTML><HEAD></HEAD><BODY><P>Just to chime in. </P><P></P><P>Typically those are good reference pages:</P><P><A class="jive-link-external-small" href="http://www.siteadvisor.com/sites/backplane1.janrainbackplane.com">http://www.siteadvisor.com/sites/backplane1.janrainbackplane.com</A></P><P><SPAN>(ironport ) </SPAN><A class="jive-link-external-small" href="http://www.senderbase.org/senderbase_queries/rep_lookup?search_name=backplane1.janrainbackplane.com&amp;action%3ASearch=Search">http://www.senderbase.org/senderbase_queries/rep_lookup?search_name=backplane1.janrainbackplane.com&amp;action%3ASearch=Search</A></P><P></P><P><A class="jive-link-external-small" href="http://www.mywot.com/en/scorecard/backplane1.janrainbackplane.com">http://www.mywot.com/en/scorecard/backplane1.janrainbackplane.com</A></P><P><A class="jive-link-external-small" href="http://www.google.com/safebrowsing/diagnostic?site=backplane1.janrainbackplane.com">http://www.google.com/safebrowsing/diagnostic?site=backplane1.janrainbackplane.com</A></P></BODY></HTML> Tue, 13 Nov 2012 19:11:19 GMT https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123749#M395646 Marcin Latosiewicz 2012-11-13T19:11:19Z https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123750#M395649 <HTML><HEAD></HEAD><BODY><P> 90% of the blocked IPs on my Botnet filter are from backplane1.janrainbackplane.com, port 443</P><P>None of the hosts, perhaps 50, have complained about problems.</P><P>I have no idea why.&nbsp; </P><P></P><P>-Robert</P></BODY></HTML> Wed, 28 Nov 2012 17:36:06 GMT https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123750#M395649 Robert Zeff 2012-11-28T17:36:06Z https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123751#M395653 <HTML><HEAD></HEAD><BODY><P> I currently have an open ticket with Cisco on this matter. I am seeing this "domain" associated with multiple ips. Their current response is </P><P></P><P>"the domain is mapped to several IPs and due to the command 'dynamic-filter ambiguous-is-black' then it will be blocked. You can create an entry under the White-list in order to access the Website and keep the "ambiguous" command on."</P><P></P><P>The ip addresses I checked that were being associated with this domain are part of Amazon's e-commerce space. I have white-listed it in a couple of ASAs to see if the underlying ip addresses are captured by the botnet filter.</P></BODY></HTML> Wed, 28 Nov 2012 19:57:34 GMT https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123751#M395653 mrrlg 2012-11-28T19:57:34Z https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123752#M395656 <HTML><HEAD></HEAD><BODY><P>I think these are all pop-up ads.&nbsp; I thought about white-listing, but we've been blcking thousands of hits with no complaints.</P><P>We've seen pop up ads that contain malware, so unless someone complains, we'll not white-list.</P><P></P><P>What is ambiguoius, I wonder?&nbsp; There is no forward - reverse lookup matches for all of these IPs?</P></BODY></HTML> Sun, 02 Dec 2012 02:59:05 GMT https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123752#M395656 Robert Zeff 2012-12-02T02:59:05Z https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123753#M395658 <HTML><HEAD></HEAD><BODY><P>Same here. We've been blocking about 300-400k connections per day to this site for weeks. Zero complaints. I did a capture and it seemed related to either ads or analytics for Fox Sports websites. </P></BODY></HTML> Mon, 17 Dec 2012 20:08:10 GMT https://community.cisco.com/t5/network-security/backplane1-janrainbackplane-com/m-p/2123753#M395658 grahamt 2012-12-17T20:08:10Z