Login to start a new topic

incomprehensible connections, unknown hosts and IPs in fiddler activity

I noticed many incomprehensible connections from fiddler to Internet.

It looks like botnet running, but I can't understand where it coming from.

Sometimes it takes so much connections that freezing my OS.

Could someone help me?

Screenshot attached.

icanhazip.com is operated by Cloudflare (source: https://major.io/icanhazip-com-faq/ )

azenv.net is a prroxy judje (source: https://www.proxynova.com/proxy-articles/list-of-proxy-judges)

You could look in the Process column (in Live Traffic columns of Fiddler Everywhere) and see which process is making those requests. This would be a good starting point for further investigation.

Thanks for reply!

Process column is empty and in Request/Response I can't find anything useful.

URL is random every time.

Here it is a screenshot with last 20 minutes

The cryptostresser.com site is listed as a booter site (a site that offers DDOS attacks as a paid service - source: https://github.com/jjsantanna/booters_ecosystem_analysis ), so it is possible that indeed some kind of malware is responsible for those requests. 

Login to start a new topic