Am I a possible victim of a DNS poisoning or MIM attack?
Solution 1:
When I do NSLOOKUP for domains i use, i get a response that ALWAYS states "non-authoritative answer" This is extremely concerning. Among other reasons, I don't recall this happening previously.
non-authoritative answer is a perfectly normal response from NSLOOKUP.
Non-authoritative answer simply means the answer is not fetched from the authoritative DNS server for the queried domain name.
Source: DNS - NSLOOKUP what is the meaning of the non-authoritative answer?
When I do tracert or pings to a domain such as Fidelity.com, I see different IP addresses. (104.78.120.120) (69.192.61.249). Sometimes, a site like Shutterstock.com will give me 3 different addresses between tracert, ping and nslookup. I realize alot of sites use CDNS but i'm not sure how that impacts load balancing, IP addresses, etc.
What you describe is normal and expected from those websites. If your browser does not indicate there is a problem with the certificate, for the website in question, you are visiting the legitimate website.
Of course you are running BitDefender, which has the capability, to scan secure HTTP traffic. BitDefender is able to scan secure encrypted HTTP traffic by using it's own certificate.
When i run a tracert, I am seeing 5 ip addresses before the packets even reach my ISP's router! At glance, these absolutely look like computer IP addresses (such as 1.2.3.4) instead of a normal router name. When I trace these IP's it "appears" that they are on the ISP's network-doing what is the question.
This is actually perfectly normal behavior
I called support and they always wanted to point to my equipment and my laptop. But, the fact remains is that the route was good 85% of the time and just dropped in Chicago. A disconnect and reconnect to WiFi seemed to solve the problem. It was almost as those i was being manually dropped from that device in Chicago.
Since you have confirmed you were infected with malware, it seems their conclusion, that the problem was with your laptop was correct. Sounds like you should perform a clean install of Windows and reinstall all your applications.
I recently stated using BitDefender VPN to further security. However, it now appears that I am being forced onto a VPN server based out of Chicago when previously I was able to disconnect and then automatically reconnect to a different US server - such as Miami, or New York. This is brand new software that's only been installed for a few days. The only US server I can now connect to is out of Chicago by a company called "24 Shells".
BitDefender in my opinion make some of the worst software. I would simply use a different VPN application. There are more VPN providers that have better software, or even better support OpenVPN, so it's unnecessary.
Personally, I think this very well could be a targeted attack - and based on current firewall logs, it "appears" that I am still under attack - with attacks coming from cloud based hosting platforms operated by Amazon, MS, etc. These attacks appear to be coming from the same group of networks, consistently. They are scanning across different ports and IPs.
Based on the describes problem, I can guarantee you that this isn't a targeted attack, but just the result of sever system corruption after more than likely partially removing a malware infection. The majority of the problems you describe are not actual problems.