While doing some programming on a remote site tonight, I discovered that
any time I'd access a URL in my browser, within a few minutes afterwards
another request would go there, but from Amazon and not from me. I thought
maybe it was my virus software from Trend Micro, or my Malwarebytes
software. I tried turning both off though and the behavior continued.
The remote requests to the remote server were coming from 188.8.131.52
184.108.40.206 and maybe some others I didn't note at the time.
On my home computer, if I load a web link like:
which is hosted in Germany I believe and just returns a simple text
response, Wireshark shows there are also instant connections opened to
220.127.116.11 which is also at Amazon.
I've ran Trend and Malwarebytes and Microsoft Safety Scanner and they find nothing.
But it concerns me any time I access the web, data is being sent to the
Amazon data center immediately, and that requests shortly there after will
go from Amazon out to the remote web sites I'm visiting copying my URLs.
For instance, some specific URLs I loaded during my tested were, a while later,
accessed from 18.104.22.168 which is also at the amazon data center. This IP
reverse lookups to nat-service2.aws.kontera.com.
To eliminate Trend Micro Toolbar as the cause I tried Edge, Firefox, and Chome
all with same results. Instant connects to Amazon open up when I load web pages,
and at least for the limited testing I can do, URLs I go to are being downloaded
by the data center as well, within a few minutes.
I ran the FRST tool as directed by the forum instructions. I also saw someone needed
to run DDS so I'm tossing that in as well.
Edited by roy7, 05 December 2017 - 11:40 PM.