The problem : I just noticed yesterday when looking in resource monitor that this IP is listening from port 80 to a port on my machine ( attached image 1.1). You can see that the image name in resource manager is svchost.exe
As a first measure I added this IP to my router IP filtering and set as discard. The connection was closed and then was gone from the list.
Today surprise I open the PC and the IP is back but this time the connection stayed on a port for a minute or so and then went to the next port etc ( attached image 1.3).
I used tcpview and see that the state of the connection is SYN_SENT ( attached image 1.1). I read a bit, does this mean that I was succesfull in blocking this IP from listening to ports on my machine? Or am I wrong in thinking this?
I also added the ip to the Windows Firewall but I could still see the connection in Resource Monitor.
The weird thing is that this is done through svchost. At this point I have no idea what this actually means. There is no running program or service that is doing something on my machine right? Is this the normal behaviour when someone attempts to open a connection to an IP? Will this always appear under svchost?
What can I do at this point? I am actually scared that my pc is compromised. Sometimes when I close it it used to hang a bit with a message : waiting for background process (without mentioning any name). I get some weird behaviour in online games sometimes like a weird lag / input lag not sure this is related though, but this is what prompted me to start looking around if maybe the LAN card is causing this
I scanned today with 2 tools against malware and nothing was found (only some minor stuff in firefox that was dealt with). I am using Nod32 ant- virus. I have a router that I connect to
What do you think of this, is the IP dangerous? If you search for it you can see that there are some complains from users that have the same problem as I do but at this point not sure who exactly is doing this and what they are doing
https://www.abuseipdb.com/check/93.184.220.29?page=5#report
93.184.220.29 was found in our database!
This IP was reported 124 times. Confidence of Abuse is 18%:
ISP EdgeCast NetBlk Usage Type Content Delivery Network Domain Name edgecast.com Country
United States City Ashburn, Virginia
I am actually pretty scared at this point what do you advise me to do how can I overcome this and is my PC compromised already?
Btw captures 1.4 and 1.5 are from the router and windows firewall not sure if it helps do you think I am doing it right in trying to block activity from this IP?
As a first measure I added this IP to my router IP filtering and set as discard. The connection was closed and then was gone from the list.
Today surprise I open the PC and the IP is back but this time the connection stayed on a port for a minute or so and then went to the next port etc ( attached image 1.3).
I used tcpview and see that the state of the connection is SYN_SENT ( attached image 1.1). I read a bit, does this mean that I was succesfull in blocking this IP from listening to ports on my machine? Or am I wrong in thinking this?
I also added the ip to the Windows Firewall but I could still see the connection in Resource Monitor.
The weird thing is that this is done through svchost. At this point I have no idea what this actually means. There is no running program or service that is doing something on my machine right? Is this the normal behaviour when someone attempts to open a connection to an IP? Will this always appear under svchost?
What can I do at this point? I am actually scared that my pc is compromised. Sometimes when I close it it used to hang a bit with a message : waiting for background process (without mentioning any name). I get some weird behaviour in online games sometimes like a weird lag / input lag not sure this is related though, but this is what prompted me to start looking around if maybe the LAN card is causing this
I scanned today with 2 tools against malware and nothing was found (only some minor stuff in firefox that was dealt with). I am using Nod32 ant- virus. I have a router that I connect to
What do you think of this, is the IP dangerous? If you search for it you can see that there are some complains from users that have the same problem as I do but at this point not sure who exactly is doing this and what they are doing
https://www.abuseipdb.com/check/93.184.220.29?page=5#report
93.184.220.29 was found in our database!
This IP was reported 124 times. Confidence of Abuse is 18%:
ISP EdgeCast NetBlk Usage Type Content Delivery Network Domain Name edgecast.com Country
I am actually pretty scared at this point what do you advise me to do how can I overcome this and is my PC compromised already?
Btw captures 1.4 and 1.5 are from the router and windows firewall not sure if it helps do you think I am doing it right in trying to block activity from this IP?
Attachments
Last edited: