Hi.

I have two systems at home, a Linux (Backtrack and CrashBang) and a Windows for work. The situation is as follows.

-In my windows machine my firewall status shows me that any time I open a network related application a few connections open, from 0.0.0.0 and a port between 3000 and 4200, to some external IPs 80 port. Three of these IPs are 209.85.135.103, 74.125.39.139, and 64.124.14.70.

-Reverse DNS and whois show the IPs belong to MarkMonitor, a company whose scope I am unsure about but whose full name is Markmonitor Brand Protection Antifraud Solutions. That sounds scary.

-I have no idea how if the connections start locally, or if they are just trying to hit the ports remotely and get answers from my network applications.

-Blocking the ports triggers the use of other ports.

I am not a newbie, but this falls slightly big for me. I need some guidance and would also like to hear any information about apart from website and strange press releases I have seen around, to try to understand what they might be after.

Just for your info, I don't do attacks from home nor am I involved in any criminal activities. Unless using Bittorrent can already fall into that description.