First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

what is website 162.125.35.134? My laptop indicates this is not a safe site

  • retag add tags

Greetings,

I just recently started using Wireshark to monitor suspicious traffic on my home network. I have also recently updated my Comcast cable modem/router due to finding a couple of devices I was not familiar with based on my network device map. Yesterday I noticed a lot of traffic between my laptop and an unknown website, which my laptop indicated it was not safe to visit. I only had wireshark running at this time. In addition I found a device on a un-mapped DNS address as well which has made me very concerned. By no means am I a expert, I have a million questions and want to learn. Thank you for your time and I look forward to hearing from you. Take care

Thanks,

Rich

MOS's avatar
1
MOS
asked 2020-09-08 15:11:36 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

If it's a Windows laptop, there are tools at Windows Sysinternals to determine which process has a connection open.
You might also try looking for whois <ip address>. In this case it comes back as Dropbox.

Chuckc's avatar
3k
Chuckc
answered 2020-09-08 15:59:57 +0000, updated 2020-09-08 16:00:42 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you sir, I really appreciate your help

MOS's avatar MOS (2020-09-08 17:10:39 +0000) edit
more
  • delete
add a comment see more comments
0

Hi MOS,

As Chuckc indicated the IP address belongs to dropbox. In my job it is common to need historic data on IP address use and historic DNS use (also known as passive DNS). One of the tools I use is called virustotal, you can find the results for that IP at https://www.virustotal.com/gui/ip-add.... Have a look at the relations section if you want to see the historic overview.

Since you do not indicate if you are using a Windows, Linux or Mac I can't really help you with the exact syntax but I would recommend you to have at the netstat command on your operating system. It is able to tell you which binary is making the connection. You will then be able to tell what the process ID is (PID) which allows you then to look at the processes and identify that process.

I hope the answer makes a bit of sense, give a shout if you get stuck.

Kire's avatar
1
Kire
answered 2020-09-08 20:21:22 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer