Skynet Which service or process is trying to connect to 87.240.139.194?

[Khadanja]

I see this in skynet logs from time to timer randomly, no pattern. It is the same laptop every time and I have checked my browsing history at the time, websites I visited at the time are not related to this IP or domain vk.com in any way. How can I check which process, service or software or browser is trying to connect to this IP.

10 Most Recent Blocks From 192.168.1.21;
Oct  4 13:56:40 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56003 DF PROTO=TCP SPT=51564 DPT=443 SEQ=20521
Oct  4 13:56:40 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56004 DF PROTO=TCP SPT=57902 DPT=443 SEQ=11325
Oct  4 13:56:41 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56005 DF PROTO=TCP SPT=51564 DPT=443 SEQ=20521
Oct  4 13:56:41 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56006 DF PROTO=TCP SPT=57902 DPT=443 SEQ=11325
Oct  4 13:56:43 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56007 DF PROTO=TCP SPT=51564 DPT=443 SEQ=20521
Oct  4 13:56:43 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56008 DF PROTO=TCP SPT=57902 DPT=443 SEQ=11325
Oct  4 13:56:47 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56009 DF PROTO=TCP SPT=51564 DPT=443 SEQ=20521
Oct  4 13:56:47 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56010 DF PROTO=TCP SPT=57902 DPT=443 SEQ=11325
Oct  4 13:56:55 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56011 DF PROTO=TCP SPT=51564 DPT=443 SEQ=20521
Oct  4 13:56:55 RT-AC68U-20E0 kernel: [BLOCKED - OUTBOUND] IN=br0 OUT= MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=192.168.1.21 DST=87.240.139.194 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=56012 DF PROTO=TCP SPT=57902 DPT=443 SEQ=11325

 

[itpp20]

87.240.139.194 - Find IP Address - Lookup and locate an ip address

Information for 87.240.139.194. This IP Address is located in Russia. Find IP Address information with this free IP lookup and locator.

www.findip-address.com

Locate which process: https://www.nirsoft.net/utils/cports.html

 

[AndreiV]

That is probably social media connect buttons on websites you visit.

I see logs for Pinterest, YouTube , Twitter and many others that I have never used , all of them are social connect icons on web pages calling home.

 

[Khadanja]

Thanks @itpp20 @AndreiV Found the culprit, it was https://whoer.net and I go there often. I have Ru blocked in skynet but inspecting the page source shows a this link <a target="_blank" rel="noopener" href="https://vk.com/whoernet">