Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Targetted by MarkMoniter?


  • Please log in to reply
1 reply to this topic

#1 spenca57

spenca57

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 16 February 2018 - 02:29 AM

I recently have had a significant amount of difficulty setting up a Linux system on my computer. After a while I settled with Ubuntu and ParrotOS on VirtualBox, however while working on writing a bash script that takes a list of domains and does a whois query, then extracts the admin/abuse teams email address, the output on my terminal seems as though the VM is somehow sending the whois query to MarkMonitors whois database. I have on multiple occasions seen unusual IPs and hostnames in netstat -a queries that have a "1e100.com" at the end of them, which is a domain registered to MarkMonitor. One of these was on my girlfriends Macbook Air and it was a "1e100.jabber" domain. I am not sure why a brand protection company would be producing such unusual and clearly malicious network traffic. Did I just piss off the wrong people in some big corporation? I don't understand how that is possible. I have accused Akamai Technologies of being in cahoots with private intelligence firms to establish NSA style networks of mass surveillance with their CDN on my blog, yet I am not a popular blogger and don't understand why anyone would go to the trouble of hiring a company like MarkMonitor to hack me. Is that even possible? Their website makes them seem like a legitmate company but this is just very bizarre. I would appreciate any thoughts or opinions on this. I have attached screenshots of the event described above.


Edited by spenca57, 16 February 2018 - 02:29 AM.


BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,638 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:44 PM

Posted 16 February 2018 - 04:02 PM

Are you sure it was 1e100.com, and not 1e100.net?

 

1e100.net is owned by Google and managed by MarkMonitor. A lot of large companies use MarkMonitor to manage their domains.

If you see 1e100.net in your netstat reports, it's absolutely normal, since surfing the Internet will get you connected to several Google owned servers.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users