Malicious attacks and activity is a everyday thing.

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
I don't remember the last time I got infected, but knowing how to surf, what to download and so on, isn't enough.

A few minutes ago I was surfing the web as usual when something that I found very extrange happened. My firewall PoP'ed up telling me that "Internet Explorer" was attempting to connect to a remote computer at "93.184.215.200" The issue is I have never been prompt from my Firewall about Internet Explorer attempting to connect to a remote computer when it is not running, "I use Pale Moon". in fact, I don't remember the last time I used it "IE". It was clearly not running in the task manager, but I understand it could be running hiden. The thing is, before allowing or denying this attempt I did a common "Ip Lookup" and I got this:


inetnum: 93.184.212.0 - 93.184.215.255
netname: EDGECAST-NETBLK-03

After googling it I inmediately found this:

http://www.ipillion.com/ip/93.184.215.73

Which is about the same source, EdgeCast Networks.
The thing is I don't believe this is a common and 100% safe and ignorable behavior right here.
This network and it's ip range has recently been reported with nasty "hacking, malware, port scanning, reverse TCP desynchronization." I added myself to the complaints.
The point is, nobody is safe of these massive malicious activities. Imagine if you are running your windows with no firewall at all, and you are not behind a router, you are literally wide open ready to be attacked. Believe it. I'm behind a router, even so this IP and it's people behind were able to make my Internet Explorer respond to their request, bypassing my router, windows firewall, and lucky for me, ESET personal firewall allowed my to Deny this attempt.
All these techniquies they are using are becoming more common and massive. It becomes scary if you think a bit about it. Build your damn wall or get fkd.
 
Last edited:

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
No offense... You're still using IE :eek: or you were using Pale Moon at that time that IP message was flagged?
 

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
No offense... You're still using IE :eek: or you were using Pale Moon at that time that IP message was flagged?

No, I never use IE. Pale Moon is my main browser. At the time of the IP being flagged I even checked task manager and there was no IE.exe running. The issue is, IE preloads by default with windows since it is the default browser Microsoft wants it to load faster, so it's preloaded, that my be a reason. The thing is, is the first time in a long time I get this kind of request lol. The IP source is confirmed to be malicious, so I have nothing to wonder.
 

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
@darko999
I suggested you to visit malware removal assistance subforum.
If was an outgoing connection, you probably have malware/adware on your computer.


What you said is true. Most of the time an outgoing connection may be a sign of malware running in your system, however;
My computer is clean, I have control of every single process and service running on my system. All traffic is logged and I have verified it.
Also, it was a trusted program who started this outgoing connection, I believe it was a port scanning or some kind of TPC flooding that made IE respond to that request. But my computer is clean, I've doble checked it.
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
What you said is true. Most of the time an outgoing connection may be a sign of malware running in your system, however;
My computer is clean, I have control of every single process and service running on my system. All traffic is logged and I have verified it.
Also, it was a trusted program who started this outgoing connection, I believe it was a port scanning or some kind of TPC flooding that made IE respond to that request. But my computer is clean, I've doble checked it.

Sandbox your web browser of choice and you will never have to worry about an internet bound infection touching your system.

Regards Eck:)
 

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
Sandbox your web browser of choice and you will never have to worry about an internet bound infection touching your system.

Regards Eck:)

It was a ping response from a port scanner, which run on a high range of ips. But was nothing to worry anyway, I had NAT disabled in my router, now there is no chance to be visible to port scanners.
 
  • Like
Reactions: Behold Eck

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
Good to know you got it sorted.

Half the battle(or baffle)is knowing where the problem originated from.

Regards Eck:)
 
  • Like
Reactions: darko999

darko999

Level 17
Thread author
Verified
Well-known
Oct 2, 2014
805
Just test it if everything is lock down.

https://www.grc.com/x/ne.dll?rh1dkyd2

You want me to run a port test?

Edit: Looks good to me :Q

rmrasp.png
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top