[SOLVED] Are these foreign IP addresses legit?

Tashogeorgiev · Aug 7, 2021

If i use /netstat to get info on what connections are active on my network, i get a lot of results and i can't tell if they are legit or if there is something suspicious. The only program running is ESET Internet Security, no other programs or browsers where open in the background. I have Docker installed but it is not turned on. I'm mainly concerned about the IP addresses which don't have a name, only numbers. Also - why does it connect to amazon aws? I have never used it. I know it may sound stupid, but is it possible that some malware/spyware is on my PC?(Windows defender and ESET scans show nothing) Here is the screenshot of the results:

https://imgur.com/a/011YQEi

View: https://imgur.com/a/011YQEi

USAFRet · Aug 7, 2021

amazon-aws simply means something you are connecting to has all or part of their site hosted on AWS. Very very common.

Tashogeorgiev · Aug 7, 2021

USAFRet said:
amazon-aws simply means something you are connecting to has all or part of their site hosted on AWS. Very very common.

OK, but what about all the other IP's? As i said i have no programs or browsers open.

USAFRet · Aug 7, 2021

Tashogeorgiev said:
OK, but what about all the other IP's? As i said i have no programs or browsers open.

Even though you may not be running any applications, there are services running in the background.
A lot of these connect to the outside world.
And all benign.

Your PC is doing a lot more than you think it is.

Unless the AV and malware turns up a problem, I see nothing to worry about there.

USAFRet · Aug 7, 2021

For instance, I have Paintshop Pro and VideoStudio from Corel installed.

I'm quite certain that every once in a while, either or both wake up and check with home base to see if there is a new version they wish to sell me.
Many many applications do this.

bill001g · Aug 7, 2021

Things that are in time-wait most times are things that are actually closed but didn't close cleanly.

Since these are all HTTPS it is likely a web browser that opened them. You can see all the current sessions with the network tab of the resource monitor.

Chrome has debugging options that let you see what sites are open.

In many cases this is all the crappy tracking and ad software. This is another reason to run ad blockers it reduces the number different sites your browser talks to a lot.

SamirD · Aug 7, 2021

Yeah, I hate seeing stuff like this too as it can be nefarious. What I'll do is check the whois on each of the IPs to know who owns them...and if I don't like it, I'll create a block in my router for that IP/domain/whole block.

USAFRet · Aug 7, 2021

SamirD said:
Yeah, I hate seeing stuff like this too as it can be nefarious. What I'll do is check the whois on each of the IPs to know who owns them...and if I don't like it, I'll create a block in my router for that IP/domain/whole block.

But often, it is just the 3rd level ad server/CDN of some site you visited.
Benign.

Just coming here to TH...how many different IP addresses is your browser talking to?

SamirD · Aug 7, 2021

USAFRet said:
But often, it is just the 3rd level ad server/CDN of some site you visited.
Benign.

Just coming here to TH...how many different IP addresses is your browser talking to?

True, but when it isn't, it's simple to just block it completely.

Search

[SOLVED] Are these foreign IP addresses legit?

Tashogeorgiev

Reputable

USAFRet

USAFRet

Titan

Tashogeorgiev

Reputable

USAFRet

Titan

USAFRet

Titan

bill001g

Titan

SamirD

Judicious

USAFRet

Titan

SamirD

Judicious

TRENDING THREADS

Latest posts

Moderators online

Share this page