Howdy,
I’m rather “protective” of my network and watch reasonably carefully for strange or inappropriate behavior from my network nodes.
I’m finding my Mu-So v2 is connecting to Google User Content site, which seems odd to me. Can anyone comment as to the purpose of this traffic. Specifically, I find it odd that this is hard-coded to the ip address which doesn’t seem like a ‘professional’ method.
Here’s my firewall blocking the traffic:
Query Log: Web Filtering
/var/log/http/2024/12/http-2024-12-05.log.gz:2024:12:05-04:00:34 wahine httpproxy[19639]: id=“0002” severity=“info” sys=“SecureWeb” sub=“http” name=“web request blocked” action=“block” method=“CONNECT” srcip=“privée” dstip=“104.154.127.247” user=“” group=“” ad_domain=“” statuscode=“500” cached=“0” profile=“REF_HttProContaInterNetwo8 (Music Streamers)” filteraction=“REF_HttCffDoug (Music Streamers)” size=“160” request=“0x7f36171c3800” url=“https://104.154.127.247/” referer=“” error=“Connection refused” authtime=“0” dnstime=“1” aptptime=“0” cattime=“24507” avscantime=“0” fullreqtime=“68222” device=“0” auth=“0” ua=“” exceptions=“” category=“9998” reputation=“unverified” categoryname=“Uncategorized” country=“United States”
Lookup of this ip:
Network Whois record
Queried whois.arin.net with “n 104.154.127.247”…
canonical names
http://www.247.127.154.104.bc.googleusercontent.com
http://www.googleusercontent.com
NetRange: 104.154.0.0 - 104.155.255.255
CIDR: 104.154.0.0/15
NetName: GOOGLE-CLOUD
NetHandle: NET-104-154-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
Organization: Google LLC (GOOGL-2)
Thanks
