Malware Analysis Possible Suspicious activity ?

mkaz

Level 1
Thread author
Oct 25, 2018
6
I was taking a look at this thread , I ran netstats to check to see if there any suspicious network activity. I do not know if I being paranoid about keylogging/rat/ or is it something profoundly troubling based on the report on abuseipdb.com. I do know this has to co relate with program its running or abnormal activities. However, I do not see any sign of it. I would like to make sure though.



is this something to be worried about, since i do not understand where does 72.21.91.200 time wait . come from,

screenshot below, it was in firefox
Screenshot_2.jpg

On abuseipdb.com, it shows the report on this being related to spam , though it different num on end, however where does verizon come to pic, How do I figure what site or server. I want to be certain if there any any suspicious activity on my laptop.
Also,this


As myself, I have managed to keep myself updated and secure and clean station. Most important use common sense
Windows 10 ,version 1803
Security
Window firewall
Kaspersky free
Malwarebyte
Spyshelter

Sandboxie
VPN
Firefox Extension
Ublock | Privacy Badger | Decentraleyes | cookieautodelete
 
  • Like
Reactions: Jimbo791

mkaz

Level 1
Thread author
Oct 25, 2018
6
Thanks for your reply, I appreciate it. I do not know what website it is to pinpoint, since I definitely do not have any malicious website running. What can I do at this point. fyi, I am using sandboxie
 

Attachments

  • Screenshot_1.jpg
    Screenshot_1.jpg
    171.8 KB · Views: 316
  • Screenshot_2.jpg
    Screenshot_2.jpg
    176 KB · Views: 294
  • Screenshot_3.jpg
    Screenshot_3.jpg
    167.3 KB · Views: 298
  • Screenshot_4.jpg
    Screenshot_4.jpg
    166.2 KB · Views: 317
  • Screenshot_5.jpg
    Screenshot_5.jpg
    146.2 KB · Views: 288
Last edited:
  • Like
Reactions: oldschool
E

Eddie Morra

Can you send me your HOSTS file in a PM?

SystemDrive:\Windows\System32\drivers\etc\hosts

I was taking a proper look into what you shared and there's recent reports that this IP is being pushed via traffic redirection of the HOSTS file by malware... and that would actually be related to the web-browser (e.g. Firefox) because such will have to pass through the hosts file naturally (Windows handles that).

This doesn't mean you're infected, the reports are unconfirmed allegations.

EDIT:
1. Post above mine which I was replying to has disappeared.
2. Fixed path.
 
Last edited by a moderator:
E

Eddie Morra

Sorry, I wrote the wrong path.

It should be: SystemDrive:\Windows\System32\drivers\etc\hosts
 
  • Like
Reactions: harlan4096
F

ForgottenSeer 69673

Sorry, I wrote the wrong path.

It should be: SystemDrive:\Windows\System32\drivers\etc\hosts

Yes I found it before reading your new post. I hardly ever check that. Besides the usual 127 IP Add, I have two others.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top