Computer accessing odd IP's

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: allhalf425 PostPosted: Tue Feb 24, 2015 6:25 am    Post subject: Computer accessing odd IP's
    ----
Recently I started running snort to monitor my computer's network activity while I was away. The results were a bit strange. I see that it's occasionally communicating with 2 odd websites. The IP's vary but seem to resolve to one of two websites:

www.mastcheck.com
www.gulfup.com

Both of these seem to be uploading websites. A quick google search hasn't brought up any relevant information, so I was wondering if anyone was familiar with these two websites and had any ideas as to why my computer would be communicating with them.

Obviously my first suspicion is that I am infected, a quick scan with Panda Cloud AV came up with nothing (a couple cookies and a "potentially unwanted software" - toolbar installer). I'm hoping someone may be able to provide some insight. Thank you!

Author: alt.don PostPosted: Tue Feb 24, 2015 11:42 pm    Post subject:
    ----
Hi,

I would suggest installing winpcap or Wireshark, whichever you prefer. This will allow you to see what is actually being sent. In other words install either one and start logging the traffic on the interface in question.

HTH

Author: allhalf425 PostPosted: Wed Feb 25, 2015 1:27 am    Post subject:
    ----
Thanks for the reply!

So I spent last night and today while at work running Wireshark to see what's going on. I have not since seen any communication to any IPs resolving to those domains, and all communication seems to check out with different services running on the PC. I'll keep looking, thank you!

Author: alt.don PostPosted: Wed Feb 25, 2015 3:57 am    Post subject:
    ----
Hi,

I would suggest you Google "www.mastcheck.com" + "malware". You may be infected with malware.



Networking/Security Forums -> Firewalls // Intrusion Detection - External Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group