Stranger ip adresses after using jtbrains product

General Help
,
1

Hello :smiley: after I test jetbrains product(pycharm,intelJ idea and CLion) where...was a lot telemetry - I return my system to security backup, scan intelj idea using clamav, and I...show tcpdump in console and...i don't understand what my computer is connected xD when I using disck in my system - i see adress 146.190.225.48 - I search in virustotal and is one signature in criminal IP(this is digital ocean LLC) before them before actualisation headers linux I reutnr backub again and before actualisaion linux connect with 72.66.147.148, and I see this,i shut down system,i return home, turn on computer and i see than boot not loading(today mornign was the same situacion - just I go to bios and click F10(save and exit and after this-running) but i see then in comand "last" my accoutn is log in in 02:12pm when I don't log in - and i see somethign sftp-ssh_ftp.local
etc and I don't know what this doing x)
Zrzut ekranu z 2026-04-20 17-13-35
Zrzut ekranu z 2026-04-20 17-13-52
what is RIPE database?

Zrzut ekranu z 2026-04-20 16-45-31
Zrzut ekranu z 2026-04-20 16-45-31751×626 86.2 KB

and why this is?
Zrzut ekranu z 2026-04-20 17-16-22

2

ok I see than andress 146.190.225.48 for first time have malicious but after and after this was normal(but which out details which this adress is AS 14061 digital ocean LLC)

but what is AS 14061?

3

Zrzut ekranu z 2026-04-20 17-43-46
Zrzut ekranu z 2026-04-20 17-43-461798×586 167 KB

I see this stranger situation - in this log I run physical computer but...I don't this in this hour xD

4

Nothing I'm seeing out of your logs suggests anything malicious going on in my eyes. While there may have been a malicious IP that was registered with Digital Ocean, it could have been a false report by a user, or even a previously used IP that is no longer used in that capacity (as Digital Ocean provides these addresses to users, to do with that which they please).

All your other logs appear to be standard system logging, and enabling and disabling of services that may occur over the standard boot / login sequence of a system. SSH for example would be started, but that doesn't mean it's in use. It just means that it's another service the system has decided will start with the machine.

In all honesty, looking through logs without knowing what you're trying to find, will lead to a lot of events that may LOOK scary, but are actually perfectly normal and harmless. It's just that, the system logs as much as possible, so in the event you DO need to find something, you will be able to find it (albeit going through a LOT of logs).

2 Likes
5

I Understood thank you :smiley: I remebrer than from ip 127.***(from ngix on ubuntu) and from 142 something was sending wave 4-5 times to this andress after upgrade sysyems but i don't have a screen this and I shut down computer(this was after upgrading headers) and after return-i don't see this x)

6

Sooo, there aftps local etc is the normal?