Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Software and Privacy Related Help [Network-VPN-Mozilla-Others]

  • Please log in to reply
1 reply to this topic

#1 bokbok


  • Members
  • 1 posts
  • Local time:07:24 PM

Posted 28 September 2016 - 04:10 PM

Oi oi,

I need help with these; you can just answer the ones you know about.

I use IVPN.
It has an option not to allow any traffic outside of VPN tunnel.
It's firewall starts very early when windows starts and doesn't allow other programs to connect to anything.
After using the web a little I check my 2 adapters in Network and Sharing Center.
(There is 1 normal and 1 TAP adapter for the VPN to use)
First (Normal adapter) shows higher Sent/Recieved Bytes than the Second (TAP) Adapter.

1st adapter:
2nd adapter:

Does it mean that I leak some data with my real IP adress?


When I start Firefox, it makes hidden connection to some places (like checking for addon updates etc.)
I disabled all of FF's update checks, but one connection I can't stop.

dcky6u1m8u6el.cloudfront.net (
Very strange thing is I blocked it's domain and IP in hosts file, but it still can connect.

Glasswire Screenshot:

How does it bypass even hosts?


I installed Ubuntu and Linux Mint before(Couldn't get used to them, rolled back). While I was using Linux I must have deleted something from my External Hard Drive. Now there is a ".Trash-100" folder that CAN'T be deleted. Removing "Read Only" option from properties does not help.



When I start my PC, I see an external connection made by broadcasthost and also , and glasswire says they are external connections. I know broadcasthost makes connections for Windows services (which I'm also against).
After a little tampering I found broadcasthost ( made by PID 984 which includes 4 services:
- Security center
- TCP/IP NetBIOS Helper
- Windows Event Log
- DHCP Client

I still don't know what connects to

Pic: https://postimg.org/image/8ki7w1tyh/

I'd like to know what connections carry across and where are they going to.

Glasswire also shows "System" connection to many different countries, USA, China, Japan, Arab Emirates(When PC is idle too), always only sending data(exactly 150 Bytes). What do you think those connections are?

Screenshot: https://postimg.org/image/qd8wnuzef/

BC AdBot (Login to Remove)


#2 technonymous


  • Members
  • 2,516 posts
  • Gender:Male
  • Local time:10:24 AM

Posted 28 September 2016 - 08:47 PM

Question 1:

No that does not mean you're leaking data. The TAP is a virtual adapter for the VPN connection that is apart of the physical adapter. So you're going to see traffic on both. If you're worried about VPN leakage do a online VPN leaktest.



Question 2:

It is apart of your VPN services. Cloudfront.net is a apart of Amazon AWS servers in which many VPN's run off of.


CloudFront is a web service that speeds up distribution of your static and dynamic web content, for example, .html, .css, .php, and image files, to end users. CloudFront delivers your content through a worldwide network of data centers called edge locations.


Source:  whois.arin.net
IP Address: (United States)
Name:  AT-88-Z
Handle:  NET-52-84-0-0-1
Registration Date:  12/19/91
Org:  Amazon Technologies Inc.
Org Handle:  AT-88-Z
Address:  410 Terry Ave N.
City:  Seattle
State/Province:  WA
Postal Code:  98109
Question 3:
If you delete files from off a USB stick you will get trash bin files. Instead use Shift-Del. They are user specific. If you are logged in as another user you won't be able to delete that file as it was deleted by another user. However, under root you can still chmod, chown, force delete.
Question 4:
This IP is normal to see in both Windows and Linux. It is the Link Local Multicast Name Resolution protocol. It allows you to see other network devices on the local network. You shouldn't be messing with it.
Question 5:
Those are likely the Ip's or domains you're blocking via the HOSTS file.
For windows c:\windows\system32\drivers\ect\hosts
For linux /etc/hosts
To block IP's or Domain Names you add an entry something like... yahoo.com

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users