HANDJOJO 11 Posted June 19, 2018 Share Posted June 19, 2018 Please inform me whether this is the ESET's server address, as I seen again this address in my Home Connection, as per screen shot attached. Awaiting the information from ESET Staff Thanks. Link to comment Share on other sites More sharing options...
galaxy 11 Posted June 19, 2018 Share Posted June 19, 2018 Probably looks like this Link to comment Share on other sites More sharing options...
HANDJOJO 11 Posted June 19, 2018 Author Share Posted June 19, 2018 It's look like Telemetry, and for what this activity concern it? Can anyone inform me. Thanks Link to comment Share on other sites More sharing options...
HANDJOJO 11 Posted June 19, 2018 Author Share Posted June 19, 2018 (edited) I have been reported this similar address and then Marcos has replied my massage that he will ask to the developer, however till now no further information about for what this activity. Thanks. Edited June 19, 2018 by HANDJOJO Link to comment Share on other sites More sharing options...
itman 1,789 Posted June 19, 2018 Share Posted June 19, 2018 My best guess is its associated with LiveGrid. Eset published list of LiveGrid IP addresses include 91.228.166.45 and 91.228.166.46. Possible uses for 91.228.166.47 would be as a backup server for LiveGrid traffic when its main servers are off-line or having communication problems. Hence, the "webredir" as part of the domain name. Link to comment Share on other sites More sharing options...
itman 1,789 Posted June 19, 2018 Share Posted June 19, 2018 (edited) Here's what Robtex says about the IP address: Quote Eset PTR The PTR is skh1-webredir01-v.eset.com. The IP number is in Slovak Republic. It is hosted by ESET NET. We investigated 88 host names that point to 91.228.166.47 . Example: eset-smart-security.eu, esetlivegrid.net, esetendpointantivirus.net and www.eset-smart-security.com. We estimate that it is used as ip number by 103 host names. Based on this, I would say the server IP address acts as a Eset network "router" to direct the connection to its desired Eset destination. -EDIT- For example when I enter skh1-webredir01-v.eset.com in my browser, I am redirected to this Eset U.S. where I reside based web site: https://www.eset.com/us/get-protected/?adobe_mc_ref Edited June 19, 2018 by itman Link to comment Share on other sites More sharing options...
HANDJOJO 11 Posted June 20, 2018 Author Share Posted June 20, 2018 Thanks Itman for your information, my question is why my EIS block this certain activity if this address came from ESET NET hosted, its seems like unwanted activity. Awaiting the clear information. B/regards, Link to comment Share on other sites More sharing options...
itman 1,789 Posted June 20, 2018 Share Posted June 20, 2018 (edited) 9 hours ago, HANDJOJO said: Thanks Itman for your information, my question is why my EIS block this certain activity if this address came from ESET NET hosted, its seems like unwanted activity. OK. I misunderstood what your concern was. The network alert you are receiving is one that is associated with an unstateful network connection; i.e. inbound connection associated with no preceding outbound connection. Verify that that the default Eset firewall for ekrn.exe is enabled and has not been modified; it should allow all inbound and outbound communication for ekrn.exe. This same issue has occurred previously: https://forum.eset.com/topic/7831-ess-log-shows-27-inbound-tcp-packet-blocks-from-ip-belonging-to-eset/so refer to this: Edited June 20, 2018 by itman Link to comment Share on other sites More sharing options...
itman 1,789 Posted June 20, 2018 Share Posted June 20, 2018 (edited) I will state this about the Eset IP address connection. For anyone using a router with a stateful firewall, this inbound traffic would have been automatically blocked by the router. Possibly why I have never seen it. If this inbound traffic bothers you, just create an Eset firewall rule to block any inbound TCP traffic with a remote IP address of 91.228.166.47. Move the rule to the top of the existing rule set and your issue is resolved. Edited June 21, 2018 by itman Link to comment Share on other sites More sharing options...
HANDJOJO 11 Posted June 21, 2018 Author Share Posted June 21, 2018 Thanks Itman for your clear information, I think I don't need to set the rule in ESET Firewall as this activity has appeared since yesterday. B/regards, Link to comment Share on other sites More sharing options...
Recommended Posts