Malware Analysis Possible Suspicious activity ?


Level 1
Thread author
Oct 25, 2018
I was taking a look at this thread , I ran netstats to check to see if there any suspicious network activity. I do not know if I being paranoid about keylogging/rat/ or is it something profoundly troubling based on the report on I do know this has to co relate with program its running or abnormal activities. However, I do not see any sign of it. I would like to make sure though.

is this something to be worried about, since i do not understand where does time wait . come from,

screenshot below, it was in firefox

On, it shows the report on this being related to spam , though it different num on end, however where does verizon come to pic, How do I figure what site or server. I want to be certain if there any any suspicious activity on my laptop.

As myself, I have managed to keep myself updated and secure and clean station. Most important use common sense
Windows 10 ,version 1803
Window firewall
Kaspersky free

Firefox Extension
Ublock | Privacy Badger | Decentraleyes | cookieautodelete
  • Like
Reactions: Jimbo791


Level 1
Thread author
Oct 25, 2018
Thanks for your reply, I appreciate it. I do not know what website it is to pinpoint, since I definitely do not have any malicious website running. What can I do at this point. fyi, I am using sandboxie


  • Screenshot_1.jpg
    171.8 KB · Views: 297
  • Screenshot_2.jpg
    176 KB · Views: 274
  • Screenshot_3.jpg
    167.3 KB · Views: 275
  • Screenshot_4.jpg
    166.2 KB · Views: 291
  • Screenshot_5.jpg
    146.2 KB · Views: 265
Last edited:
  • Like
Reactions: oldschool

Eddie Morra

Can you send me your HOSTS file in a PM?


I was taking a proper look into what you shared and there's recent reports that this IP is being pushed via traffic redirection of the HOSTS file by malware... and that would actually be related to the web-browser (e.g. Firefox) because such will have to pass through the hosts file naturally (Windows handles that).

This doesn't mean you're infected, the reports are unconfirmed allegations.

1. Post above mine which I was replying to has disappeared.
2. Fixed path.
Last edited by a moderator:

Eddie Morra

Sorry, I wrote the wrong path.

It should be: SystemDrive:\Windows\System32\drivers\etc\hosts
  • Like
Reactions: harlan4096

ForgottenSeer 69673

Sorry, I wrote the wrong path.

It should be: SystemDrive:\Windows\System32\drivers\etc\hosts

Yes I found it before reading your new post. I hardly ever check that. Besides the usual 127 IP Add, I have two others.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.