Join GitHub today
Why does Prey connect to an IP owned by "Air Force Systems Networking"? #414
Curious about the following.
user:~ user$ netstat -anv | grep 155
user:~ user$ ps aux | grep -v grep | grep 56604
Via ARIN WHOIS (https://whois.arin.net/rest/net/NET-155-244-0-0-1/pft?s=188.8.131.52):
Would be grateful for a reaction.
I might have figured this out.
"184.108.40.206.." from the first netstat is probably truncated from "220.127.116.11.bc.googleusercontent.com". We could conclude the story here since it's a FQDN and not an IP. But it's still curious to see the Air Force Systems Networking IP.
As per the Google Group for Google App Engine (https://groups.google.com/forum/#!topic/google-appengine/7a4VapNerGg):
"Traffic from 'bc.googleusercontent.com' is originating from Compute Engine. The 'bc' subdomain of 'googleusercontent.com' is used for public hostnames of Compute Engine instances which have an external IP address. For example, if an instance has IP of 18.104.22.168, the public hostname would be '22.214.171.124.bc.googleusercontent.com'."
Therefore via inversion "126.96.36.199.." is "188.8.131.52". This makes sense, as via ARIN WHOIS (https://whois.arin.net/rest/net/NET-107-178-192-0-1/pft?s=184.108.40.206): Google LLC (GOOGL-2)