Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Domain's Unknown on Netstat


  • Please log in to reply
4 replies to this topic

#1 longlivetheking

longlivetheking

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:18 PM

Posted 24 September 2016 - 01:04 AM

My Explore.exe and diagn.exe and searchui.exe always show access when i run a netstat -bano .I nslooked all of them up and this what they are maybe someone can tell me if I have anything to worry about with malware.

 

Here's the what it shows

 

Microsoft Windows [Version 10.0.14393]
© 2016 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>netstat -bano

Active Connections

  Proto  Local Address          Foreign Address        State           PID
  TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       832
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:49664          0.0.0.0:0              LISTENING       528
 Can not obtain ownership information
  TCP    0.0.0.0:49665          0.0.0.0:0              LISTENING       944
  EventLog
 [svchost.exe]
  TCP    0.0.0.0:49666          0.0.0.0:0              LISTENING       660
 Can not obtain ownership information
  TCP    0.0.0.0:49667          0.0.0.0:0              LISTENING       668
 [lsass.exe]
  TCP    192.168.1.215:139      0.0.0.0:0              LISTENING       4
 Can not obtain ownership information
  TCP    192.168.1.215:49846    54.243.82.82:443       CLOSE_WAIT      1512
 [mbam.exe]
  TCP    192.168.1.215:49926    23.72.220.117:80       TIME_WAIT       0
  TCP    192.168.1.215:49929    23.72.208.160:80       TIME_WAIT       0
  TCP    192.168.1.215:49933    23.72.181.59:80        ESTABLISHED     2980
 [MSASCui.exe]
  TCP    192.168.1.215:49936    23.72.220.117:80       ESTABLISHED     2980
 [MSASCui.exe]
  TCP    [::]:135               [::]:0                 LISTENING       832
  RpcSs
 [svchost.exe]
  TCP    [::]:49664             [::]:0                 LISTENING       528
 Can not obtain ownership information
  TCP    [::]:49665             [::]:0                 LISTENING       944
  EventLog
 [svchost.exe]
  TCP    [::]:49666             [::]:0                 LISTENING       660
 Can not obtain ownership information
  TCP    [::]:49667             [::]:0                 LISTENING       668
 [lsass.exe]
  TCP    [2602:306:bcdb:f0d0:e459:765:7b84:1455]:49960  [2600:1406:2c:188::b1f]:80  SYN_SENT        2980
 [MSASCui.exe]
  UDP    0.0.0.0:500            *:*                                    80
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:4500           *:*                                    80
  IKEEXT
 [svchost.exe]
  UDP    0.0.0.0:5353           *:*                                    1112
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:5355           *:*                                    1112
  Dnscache
 [svchost.exe]
  UDP    192.168.1.215:137      *:*                                    4
 Can not obtain ownership information
  UDP    192.168.1.215:138      *:*                                    4
 Can not obtain ownership information
  UDP    [::]:500               *:*                                    80
  IKEEXT
 [svchost.exe]
  UDP    [::]:4500              *:*                                    80
  IKEEXT
 [svchost.exe]
  UDP    [::]:5353              *:*                                    1112
  Dnscache
 [svchost.exe]
  UDP    [::]:5355              *:*                                    1112
  Dnscache
 [svchost.exe]

C:\WINDOWS\system32>nslookup  23.72.220.117
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    a23-72-220-117.deploy.static.akamaitechnologies.com
Address:  23.72.220.117


C:\WINDOWS\system32>nslookup  23.72.181.59
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    a23-72-181-59.deploy.static.akamaitechnologies.com
Address:  23.72.181.59


C:\WINDOWS\system32>nslookup  54.243.82.82
Server:  dsldevice.attlocal.net
Address:  192.168.1.254

Name:    ec2-54-243-82-82.compute-1.amazonaws.com
Address:  54.243.82.82


C:\WINDOWS\system32>



BC AdBot (Login to Remove)

 


#2 Trikein

Trikein

  • Members
  • 1,321 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rhode Island, US
  • Local time:05:18 PM

Posted 24 September 2016 - 08:55 AM

Name:    a23-72-220-117.deploy.static.akamaitechnologies.com
Address:  23.72.220.117

 

MS Defender Update can be anything 23.72.0.0 - 23.79.255.255.

 

Name:    ec2-54-243-82-82.compute-1.amazonaws.com

Address:  54.243.82.82

Looks like Malwarebytes update?
 



#3 longlivetheking

longlivetheking
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:18 PM

Posted 26 October 2016 - 05:57 PM

what about deploy.static.akamaitechnologies.com



#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:03:18 PM

Posted 26 October 2016 - 09:58 PM

How about you google that .com?

 

You would find....



#5 longlivetheking

longlivetheking
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:18 PM

Posted 29 October 2016 - 06:07 AM

I know i just wanted to know what someone else comes up with more results Lol






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users