Firewall notifs : RarSFX0\installer.exe to 93.184.220.29/0 Port : HTTP

Vincent63

Hello,

I have this strange notification from Bitdefender Firewall

Chemin : C:\Users\...\AppData\Local\Temp\RarSFX0\installer.exe

Destination : 93.184.220.29/0

Protocole : TCP

Port : HTTP

What worries me, is the bad reputation of the Ip adresse and it's http and not https ...

I did analysis and an other with adwCleaner, and nothing ...

Sometime i had this kind of firewall notifications too (but never the same IP adress)

Chemin : C:\Users\...\AppData\Local\Temp\uqsgtqqb.fyz\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe

Destination : 13.107.5.88/0

Protocole : TCP

Port : HTTPS

Someone can help me and help me if it's a malware , or i'm just paranoid ^^ ?

Thanks

Flexx

https://community.bitdefender.com/en/discussion/89329/firewall-notifs-rarsfx0-installer-exe-to-93-184-220-29-0-port-http

You can check the IP address on virustotal (https://www.virustotal.com/gui/url/) where it will get scanned by multiple vendors, if there is no detection, you can assure that you are safe.

Additionally you can also check if these IP are blacklisted or not(https://www.whatismyip.com/blacklist-check/) and if everything comes normal again then you should assume that everything is safe and there is nothing to worry.

Additionally go to the source directory which you mentioned (C:\Users\...\AppData\Local\Temp\RarSFX0\installer.exe, C:\Users\...\AppData\Local\Temp\uqsgtqqb.fyz\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe) and upload the last .exe file on virustotal.com to check with different vendors if the files are malicious or not.

If you find the files as malicious and not detected by bitdefender, you can always share the undetected file with the bitdefender malware researchers via filling up online forum (https://www.bitdefender.com/consumer/support/answer/40673/) and if the file is indeed malicious, detection will be created in maximum of 72 hours.

Hope this helps.

Regards

Flex

(Bitdefender beta tester 2019/ 2020)

Vincent63

Thanks you vers much for your answer, it helps a lot :)

After checking for 13.107.5.88 on virustotal.com i think it's malware even if it's not 100 % ( 6 on 88)