Ask Your Question
0

what is website 162.125.35.134? My laptop indicates this is not a safe site

asked 2020-09-08 15:11:36 +0000

MOS gravatar image

Greetings,

I just recently started using Wireshark to monitor suspicious traffic on my home network. I have also recently updated my Comcast cable modem/router due to finding a couple of devices I was not familiar with based on my network device map. Yesterday I noticed a lot of traffic between my laptop and an unknown website, which my laptop indicated it was not safe to visit. I only had wireshark running at this time. In addition I found a device on a un-mapped DNS address as well which has made me very concerned. By no means am I a expert, I have a million questions and want to learn. Thank you for your time and I look forward to hearing from you. Take care

Thanks,

Rich

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

answered 2020-09-08 20:21:22 +0000

Kire gravatar image

Hi MOS,

As Chuckc indicated the IP address belongs to dropbox. In my job it is common to need historic data on IP address use and historic DNS use (also known as passive DNS). One of the tools I use is called virustotal, you can find the results for that IP at https://www.virustotal.com/gui/ip-add.... Have a look at the relations section if you want to see the historic overview.

Since you do not indicate if you are using a Windows, Linux or Mac I can't really help you with the exact syntax but I would recommend you to have at the netstat command on your operating system. It is able to tell you which binary is making the connection. You will then be able to tell what the process ID is (PID) which allows you then to look at the processes and identify that process.

I hope the answer makes a bit of sense, give a shout if you get stuck.

edit flag offensive delete link more
0

answered 2020-09-08 15:59:57 +0000

Chuckc gravatar image

updated 2020-09-08 16:00:42 +0000

If it's a Windows laptop, there are tools at Windows Sysinternals to determine which process has a connection open.
You might also try looking for whois <ip address>. In this case it comes back as Dropbox.

edit flag offensive delete link more

Comments

Thank you sir, I really appreciate your help

MOS gravatar imageMOS ( 2020-09-08 17:10:39 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-09-08 15:11:36 +0000

Seen: 96 times

Last updated: Sep 08