Mu-So attempts to connect to 247.127.154.104.bc.googleusercontent.com

Howdy,
I’m rather “protective” of my network and watch reasonably carefully for strange or inappropriate behavior from my network nodes.

I’m finding my Mu-So v2 is connecting to Google User Content site, which seems odd to me. Can anyone comment as to the purpose of this traffic. Specifically, I find it odd that this is hard-coded to the ip address which doesn’t seem like a ‘professional’ method.

Here’s my firewall blocking the traffic:

Query Log: Web Filtering
/var/log/http/2024/12/http-2024-12-05.log.gz:2024:12:05-04:00:34 wahine httpproxy[19639]: id=“0002” severity=“info” sys=“SecureWeb” sub=“http” name=“web request blocked” action=“block” method=“CONNECT” srcip=“privée” dstip=“104.154.127.247” user=“” group=“” ad_domain=“” statuscode=“500” cached=“0” profile=“REF_HttProContaInterNetwo8 (Music Streamers)” filteraction=“REF_HttCffDoug (Music Streamers)” size=“160” request=“0x7f36171c3800” url=“https://104.154.127.247/” referer=“” error=“Connection refused” authtime=“0” dnstime=“1” aptptime=“0” cattime=“24507” avscantime=“0” fullreqtime=“68222” device=“0” auth=“0” ua=“” exceptions=“” category=“9998” reputation=“unverified” categoryname=“Uncategorized” country=“United States”

Lookup of this ip:

Network Whois record

Queried whois.arin.net with “n 104.154.127.247”…
canonical names
http://www.247.127.154.104.bc.googleusercontent.com
http://www.googleusercontent.com
NetRange: 104.154.0.0 - 104.155.255.255
CIDR: 104.154.0.0/15
NetName: GOOGLE-CLOUD
NetHandle: NET-104-154-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
Organization: Google LLC (GOOGL-2)

Thanks

This is what Steve said a while ago.

Ahhh thanks.

I just realized, I’m moving too quickly. The log indicates the connection was refused by google.

Oh!

Any further news?
I’m tempted to dig out my old passive tap, just for fun!

I also looked into this and it is google Chromecast authentication.
You can block the traffic, I found additional addresses as detailed below for the NDX2:

it will authenticate successfully next time you allow traffic, should you wish to use Chromecast again.

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.