Network

[usereset22 0]

Hello, after reinstalling windows ( I did not have a virus or anything ) I just wanted to reinstall to go from Windows 11 to Windows 10

 

And I downloaded ESET and scanned my pc and all was fine no detections or anything

then I decided to download TCPVIEW from Microsoft but I see there a lot of strange connections to Random IPS of some other ISPS in other countreis and other companies and services I dont even know about like what is this?

Is it a virus? I will send  pictures

 

IP Details For: 185.84.60.20

Decimal:3109305364

Hostname:185.84.60.20

ASN:198622

ISP:ADForm A/S

Services:Datacenter

Assignment:Likely Static IP

Country:Hong Kong

State/Region:Hong Kong

City:Hong Kong

IP Details For: 78.140.185.32

Decimal:1317845280

Hostname:ap8.adplayer.pro

ASN:35415

ISP:Webzilla B.V.

Services:Datacenter

Assignment:Likely Static IP

Country:Netherlands

State/Region:Noord-Holland

City:Amsterdam

IP Details For: 207.65.33.76

Decimal:3477152076

Hostname:207.65.33.76

ASN:62713

ISP:Pubmatic Inc.

Services:Datacenter

Assignment:Likely Static IP

IP Details For: 74.118.186.107

Decimal:1249294955

Hostname:74.118.186.107

ASN:6336

ISP:Rhythmone LLC

Services:Datacenter

Assignment:Likely Static IP

Country:United States

IP Details For: 38.32.1.236

Decimal:639631852

Hostname:38.32.1.236

ASN:174

ISP:Cogent Communications Inc.

Services:Datacenter

Assignment:Likely Static IP

Country:United States

IP Details For: 42.0.20.80

Decimal:704648272

Hostname:42.0.20.80

ISP:ChinaNet Guangdong Province Network

Services:None detected

Assignment:Likely Static IP

Country:China

State/Region:Guangdong

City:Guangzhou

Latitude:23.1274 (23° 7′ 38.50″ N)

Longitude:113.2646 (113° 15′ 52.46″ E)

[usereset22 0]

There's way more more and more like so many Idk how they keep appearing like I got no apps or anything I just got my windows fresh and this happens even though on my windows 11 was the same

 

Like I can send more pics and more IPs of these Idk how I keep getting these. Even though I scanned with ESET and my PC Is full clean, and I have all my settings in ESET at most aggressive settings

[Marcos 4,841]

It is up to you to find more information about the IP addresses or hosts contacted by your machine. I assume it's not a vanilla OS, for instance Rhythmone LLC  seems to be connected with advertising so I would not expect such connections on a freshly installed legitimate OS from Microsoft. The same goes for the Chinese software.

[usereset22 0]

I have the OS that is from Microsoft.com and when I installed my windows, I have disabled all these personalized ads options and everything else that collects data, and when I installed it, I made sure I go with offline Windows

[usereset22 0]

So is it a virus that I need to worry about or not really?

[Nightowl 197]

What are you surfing to in Edge? or what Extensions are you using in Edge?

[usereset22 0]

Nothing really, like nothing I opened on it than just youtube, like as I said i reinstalled again on purpose to see if it just comes freshly, and I did and I reinstalled my windows, and connected to the internet, downloaded eset, then downloaded TCPView and I see the same behaviour so idk..

IP Details For: 192.229.221.95

Decimal:3236289887

Hostname:192.229.221.95

ASN:15133

ISP:Edgecast Inc.

Services:Datacenter

Assignment:Likely Static IP

Country:United Kingdom of Great Britain and Northern Ireland

State/Region:England 

Decimal:1138549963

Hostname:67.220.228.203

ASN:16509

ISP:Amazon.com Inc.

Services:Datacenter

Assignment:Likely Static IP

Country:Ireland

State/Region:Dublin

Decimal:1169006172

Hostname:69.173.158.92

ASN:26667

ISP:The Rubicon Project Inc.

Services:Datacenter

Assignment:Likely Dynamic IP

Country:Singapore

State/Region:Singapore

City:Singapore

IP Details For: 185.86.139.93

Decimal:3109456733

Hostname:185.86.139.93

ASN:201081

ISP:SmartAdServer SAS

Services:Datacenter

Assignment:Likely Static IP

Country:France

IP Details For: 207.65.33.78

Decimal:3477152078

Hostname:207.65.33.78

ASN:62713

ISP:Pubmatic Inc.

Services:Datacenter

Assignment:Likely Static IP

Country:United States

State/Region:California

City:Redwood City

 

[usereset22 0]

It shows me all of that and I can't even close these connections It doesn't let me...

[usereset22 0]

Can someone help please

[Marcos 4,841]

I'd suggest to do not look at network connections since it's a relatively fresh system, ie. unlikely to be compromised.

[usereset22 0]

Well what is this bro? Like Is it a virus? I even had edge browser closed and restarted and removed it off startup then I checked on tcpview and got this

 

IP Details For: 184.114.39.1

Decimal:3094488833

Hostname:184.114.39.1

ASN:7922

ISP:Comcast Cable Communications LLC

Services:None detected

Assignment:Likely Static IP

Country:United States

State/Region:Illinois

City:Chicago

IP Details For: 42.0.24.216

Decimal:704649432

Hostname:42.0.24.216

ISP:ChinaNet Fujian Province Network

Services:None detected

Assignment:Likely Static IP

Country:China

State/Region:Fujian

City:Fuzhou

IP Details For: 38.32.1.236

Decimal:639631852

Hostname:38.32.1.236

ASN:174

ISP:Cogent Communications Inc.

Services:Datacenter

Assignment:Likely Static IP

Country:United States

State/Region:District of Columbia

City:Washington

IP Details For: 112.45.41.1

Decimal:1882007809

Hostname:112.45.41.1

ASN:139080

ISP:China Mobile Communications Corporation

Services:None detected

Assignment:Likely Static IP

Country:China

State/Region:Sichuan

[usereset22 0]

Can eset by any chance to block these connections/close them like Idk how to get rid of them, It's like an uncountable of connections keeps appearing left and right.. so please help, I can give give you an access to my pc through anydesk or anything so you can look up into it if you want

[usereset22 0]

Help please

[Nightowl 197]

Just sit your detections to Aggressive in ESET and HIPS in Smart Mode

And if you want to control what goes out and in , you can go with Interactive Mode in Firewall , but will give you lot of alerts for the first time till everything get configured , you can use the Learning Mode before going Interactive Mode.

In TCPView you will see lot of attempts and connections by Windows itself because it communicates with other things and with microsoft etc , but if you obtained iso from Microsoft and formatted and installed it , I doubt it would be tampered with iso , but anyway , you can run a deep scan with ESET after you set everything to aggressive detection and reporting and if you still don't trust the result of ESET , you can check another free scanner like Sophos Hitman or any free scanner that won't run as real-time so it doesn't conflict with ESET real-time protections.

[usereset22 0]

I did that and I will try now and still same thing but It's blocking a lot of things. but less than before but the issue is still there. my question is, is it like something i need to worry about that my PC is hacked? or this is just normal? like can someone explain to me please.

[Nightowl 197]

16 minutes ago, usereset22 said:

I did that and I will try now and still same thing but It's blocking a lot of things. but less than before but the issue is still there. my question is, is it like something i need to worry about that my PC is hacked? or this is just normal? like can someone explain to me please.

It's normal , if you got your ISO from here https://www.microsoft.com/en-us/software-download/windows10ISO

It's safe because it's Microsoft, other than that like what you posted about SearchApp.exe , it's the search which built into Windows , it communicates with the internet probably with Bing

[itman 1,595]

If you start to monitor IP addresses out of context to their source process, you could suffer a malware paranoid breakdown.

Microsoft maintains IPv4/IPv6 backbone networks all over the world. This is the network traffic you are observing. As far as attempting to block all Windows telemetry network traffic, it is an effort in futility.