I have two systems at home, a Linux (Backtrack and CrashBang) and a Windows for work. The situation is as follows.
-In my windows machine my firewall status shows me that any time I open a network related application a few connections open, from 0.0.0.0 and a port between 3000 and 4200, to some external IPs 80 port. Three of these IPs are 220.127.116.11, 18.104.22.168, and 22.214.171.124.
-Reverse DNS and whois show the IPs belong to MarkMonitor, a company whose scope I am unsure about but whose full name is Markmonitor Brand Protection Antifraud Solutions. That sounds scary.
-I have no idea how if the connections start locally, or if they are just trying to hit the ports remotely and get answers from my network applications.
-Blocking the ports triggers the use of other ports.
I am not a newbie, but this falls slightly big for me. I need some guidance and would also like to hear any information about apart from website and strange press releases I have seen around, to try to understand what they might be after.
Just for your info, I don't do attacks from home nor am I involved in any criminal activities. Unless using Bittorrent can already fall into that description.