I have a couple machines whose security logs are showing a large amount of outgoing traffic to various IP addresses (e.g. 31.13.71.96, 199.96.57.6). Looks like mostly facebook and akamai servers and Intrusion Prevention is blocking it but I'd like to know what's causing it. Logs show whatever default browser is the application and it mostly occurs on bootup although there's some sporadic traffic generated when browser is opened. Here's a log file entry...
9:43:01 AM Prohibited Website
3527 1/5/2015 9:44:33 AM Intrusion Prevention Critical Outgoing TCP 31.13.71.96 443 6C-62-6D-94-64-A8 192.168.100.92 53807 00-A0-C8-8E-4B-AC chrome.exe jamie DOMAINNAME Default 38 1/5/2015 9:42:13 AM 1/5/2015 9:43:30 AM Prohibited Website
I've cleared all temporary internet files, tried browser no-addons, checked startup processes, and created new user profile. All to no avail.
Has anyone seen this? Is it normal? How can I stop it or how do I find what's causing it?
Thanks.