I'm using the latest Chrome and have a lot of tabs open at all times (same sites). Starting a few days ago, Malwarebytes started blocking an attempt to contact an IP address known for phishing/malware, and the sites I have opened haven't changed. My initial thought is that this is Facebook up to its usual shady crap now collaborating with a shady company for ad reasons cause when I googled the IP it's supposedly a firm in California that does data collection.
For reference, the IP address being contacted is: 209.94.90.1
I would start by looking at your DNS cache to see what resolves to that IP. Due to VPS the same IP could host both legitimate and malicious content. There is also what is know as malvertising. Which is threat actors paying for legitimate ad space to host malware. A couple of other avenues would be malicious or compromised browser add-ons and in general any other malware that could be on the system.
Can't you use process of elimination to find the culprit tab by opening one tab at a time? OR if FB is one of the open tabs, close it to see if MWB still detects there is an attempt to open that ip.
It may not be your tabs at all. It could be a piece of software calling home or malware.
I ended up doing it one tab at a time (which I didn't want to do cause of how long it would take) but I found the site. It was a site I used to download Linux Distros, they had a malicious ad running at the bottom of the screen. I notified them and they claim they will fix it soon.
www.abuseipdb.com
