Web Design

Your content goes here. Edit or remove this text inline.

Logo Design

Your content goes here. Edit or remove this text inline.

Web Development

Your content goes here. Edit or remove this text inline.

White Labeling

Your content goes here. Edit or remove this text inline.

VIEW ALL SERVICES 

Discussion – 

3

Discussion – 

3

Kies Tray Agent . Unknown connections

Today while checking the network connections I found something strange. The KeisTrayAgent running on my PC is connecting to some IP Address in the internet. It seemed something strange and I am thinking that there is something wrong with the connections, so did a bit more analysis. Here are my findings

Kies Tray Agent (KiesTrayAgent.exe) is part of the Samsung Keis application suite. Samsung uses the Keis application suite for managing the Samsung Galaxy application suits. I have installed this sometime back for managing the Samsung Galaxy S phone.

image

The KiesTrayAgent in my PC is connecting to the IP address 82.148.102.3. Why should an agent connect to an external IP address, especially something which manages the Mobile phone? Now I thought the IP address would be located in the Samsung network.

image

image

To my surprise, the IP Address 82.148.102.3 is located in the Qatar Doha Qatar Telecom (qtel) Q.s.c network. It is also identified to be part of the ADSL pool

inetnum:         82.148.102.0 – 82.148.102.255
netname:         Mobile-Broadband-Pool-No-6
descr:           ADSLPOOL
country:         qa

So why is the KeisAgentTray.exe connects to an HTTP service at 82.148.102.3? I have checked up the webpage at this IP address. The access is redirected to a login page http://82.148.102.3/login/ 

image

It just give me the above screen. Wrong password; enter password.

My current guess is that either the KeisAgentTray on my PC is compromised. But on a larger scale, it could be that the above file is compromised and unnoticed. What do you say?

Binoy KL

3 Comments

  1. Elmakrt2010

    thanks

  2. Daniel-marschall

    I have EXACTLY the same problem. Have you found a solution? The AuthentiCode signature of my KiesTrayAgent.exe is valid.

  3. Blog Ciso In

    These addresses that show up are off-load servers. Usually nothing to worry about. They help distribute content from one countries servers to a server that is local to your connecting ip.

You May Also Like