Identify why I get a connection to ransomware server
I received some waring that my 'PC' might be infected because it supposedly tried to connect to two ransomware server:
http://45.33.9.234/
http://79.170.40.167/
In practice I have a MBP with MacOS 10.12.6 Malwarebytes cannot find anything. I am on a network but to print I need to switch to a different one, and I get these warning only when I switch to the printing network. I am at loss why
- I get the warning to start with
- I get warnings only when I am on a specific network and not in the other
So, how do I check what is going on? Get little snitch and keep an eye on what is doing what? any other way to scan the system that is better than Malwarebytes? Any log I can look into?
You receive this message when switching to only this network because it is likely your IT dept have a monitoring tool set upon it, which is using an API with this IP blacklisted for ransomware activity
The problem is this IP is shared across thousands of URLs and only a select few may be associated with ransomware