tommy456 12 Posted February 24, 2015 Share Posted February 24, 2015 Why is ekrn.exe connecting to this IP 4.34.200.239 ? A IP look up says it belongs to Level 3 in the usa hxxp://www.whatismyip.com/ip-whois-lookup/ Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted February 24, 2015 Administrators Share Posted February 24, 2015 Couldn't it be that you're using Windows XP where ekrn works as a local proxy for http/pop3/imap communication? Link to comment Share on other sites More sharing options...
tommy456 12 Posted February 24, 2015 Author Share Posted February 24, 2015 Yes XP but this connection is TCP and connects to port 80 on the remote side, i don't use Imap for Email but secure POP3 using SSL How can it be related to Email services? the connection remains open when the pc is idle Link to comment Share on other sites More sharing options...
rugk 397 Posted February 24, 2015 Share Posted February 24, 2015 Maybe some kind of DNS resolve?Is your ISP Level 3 Communications? BTW It's quite strange that if you type in the IP into the web browser you will be get to an image...hXXps://motherless.com/images/no_image.jpg Interestingly it's even HTTPS encrypted... Do you have parental control enabled? Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted February 24, 2015 Administrators Share Posted February 24, 2015 Maybe a screen shot of what you're seeing could shed more light. Link to comment Share on other sites More sharing options...
tommy456 12 Posted February 24, 2015 Author Share Posted February 24, 2015 Maybe some kind of DNS resolve? Is your ISP Level 3 Communications? BTW It's quite strange that if you type in the IP into the web browser you will be get to an image... hXXps://motherless.com/images/no_image.jpg Interestingly it's even HTTPS encrypted... Do you have parental control enabled? ISP is not level 3 they are a peering provider to lots of ISP's they also have public DNS services But that IP isnt one of their DNS resolvers No no net nanny controls enabled, The IP would appear to be owned by Level 3 A tracert appears to go to Houston texas If i put that IP in my browser it shows a small JPEG with the word motherless on it, it if it try HTTPS it doesn't load the image for me A google search of motherless throws up a porn site, but this has a different ip, and according to a whois web site the IP isnt on their DNS so i don't know, i have killed the connection to that ip , weird why it was showing as connected in the firewall network connections part of eset Link to comment Share on other sites More sharing options...
rugk 397 Posted February 25, 2015 Share Posted February 25, 2015 Maybe a screen shot of what you're seeing could shed more light. Well... tommy456 already described it. And you can of course also try it out by yourself... Link to comment Share on other sites More sharing options...
Recommended Posts