• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Computer accessing odd IP's

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
allhalf425
Just Arrived
Just Arrived


Joined: 16 Dec 2007
Posts: 2


Offline

PostPosted: Tue Feb 24, 2015 6:25 am    Post subject: Computer accessing odd IP's Reply with quote

Recently I started running snort to monitor my computer's network activity while I was away. The results were a bit strange. I see that it's occasionally communicating with 2 odd websites. The IP's vary but seem to resolve to one of two websites:

www.mastcheck.com
www.gulfup.com

Both of these seem to be uploading websites. A quick google search hasn't brought up any relevant information, so I was wondering if anyone was familiar with these two websites and had any ideas as to why my computer would be communicating with them.

Obviously my first suspicion is that I am infected, a quick scan with Panda Cloud AV came up with nothing (a couple cookies and a "potentially unwanted software" - toolbar installer). I'm hoping someone may be able to provide some insight. Thank you!
Back to top
View user's profile Send private message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Tue Feb 24, 2015 11:42 pm    Post subject: Reply with quote

Hi,

I would suggest installing winpcap or Wireshark, whichever you prefer. This will allow you to see what is actually being sent. In other words install either one and start logging the traffic on the interface in question.

HTH
Back to top
View user's profile Send private message Visit poster's website
allhalf425
Just Arrived
Just Arrived


Joined: 16 Dec 2007
Posts: 2


Offline

PostPosted: Wed Feb 25, 2015 1:27 am    Post subject: Reply with quote

Thanks for the reply!

So I spent last night and today while at work running Wireshark to see what's going on. I have not since seen any communication to any IPs resolving to those domains, and all communication seems to check out with different services running on the PC. I'll keep looking, thank you!
Back to top
View user's profile Send private message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Wed Feb 25, 2015 3:57 am    Post subject: Reply with quote

Hi,

I would suggest you Google "www.mastcheck.com" + "malware". You may be infected with malware.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter