Extra internet usage

Forums › New Zealand Broadband › Extra internet usage

PhilANZ

356 posts

Ultimate Geek
+1 received by user: 3

#248698 6-Apr-2019 13:10

I have no idea if this is the place to ask - or even what to ask. We've noticed a number of times (weeks apart) a sudden unexplained spike in our data usage. It's usually only 1-2 GB that's our normal daily usage. Yesterday being after 31 March we had a day recovering and hardly touched our computers, and noticed it.

Glasswire tells us it was dl7g9llrghqi1.cloudfront.net - which doesn't mean much to me. I'm guessing someone's using our bandwidth somehow - but we have no idea how.

More importantly, I have no idea what access they have - or how do change it. I think this is the first time since we installed a new router. We used the old password to avoid family having to update their devices, but we'll change that. Any other comments helpful comments much appreciated.

Thanks

1 | 2

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#2211762 6-Apr-2019 14:01

Are any of your devices turned on while you notice this spike? Could be something phoning home / a scheduled backup of something. It is unlikely to be nefarious.

PhilANZ

356 posts

Ultimate Geek
+1 received by user: 3

#2211766 6-Apr-2019 14:18

Our only regular devices are two laptops and two phones. Occasionally my wife's tablet or Kindle is turned on to download and my children's phones are seldom here. But the fact that the link I gave reported over 1Gb of usage (as has happened before but with different sites) suggests something less than healthy is happening. I just checked the site again and it appeared different again (third time).

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2211772 6-Apr-2019 14:35

That URL leads to https://www.drift.com/

Is this something that reminds you of anything?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

PhilANZ

356 posts

Ultimate Geek
+1 received by user: 3

#2211777 6-Apr-2019 14:44

Not in my wildest imagings - I'm a Honda man through and through (first bikes., now cars). There was an ad too long ago for most to recall when the biker image led to "you meet the nicest people on a Honda". I'm closer to that than drifting.

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2211782 6-Apr-2019 14:48

You didn't visit the link, did you? It's not about cars, at all.

Or did I miss a joke?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Spyware

3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

#2211783 6-Apr-2019 14:48

Sounds like you didn't even look at the site.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

Linux

12173 posts

Uber Geek
+1 received by user: 8469

Trusted

Lifetime subscriber

#2211786 6-Apr-2019 14:55

PhilANZ: Not in my wildest imagings - I'm a Honda man through and through (first bikes., now cars). There was an ad too long ago for most to recall when the biker image led to "you meet the nicest people on a Honda". I'm closer to that than drifting.

You clearly did not click on the link

PhilANZ

356 posts

Ultimate Geek
+1 received by user: 3

#2211790 6-Apr-2019 15:16

I looked 3 different times - the first twice it seemed to change but still about drifting. Since I've now been to it three more times without it changing (once after deleting any cookies I couldn't clearly identify - as well as the cache) I'm even more confused than when I started. Just to be clear I didn't click on anything - just viewed it.
Looks like another hits the "too hard" basket. I'll see where the changed router password gets us over the coming .weeks.
Thanks for your time.

Linux

12173 posts

Uber Geek
+1 received by user: 8469

Trusted

Lifetime subscriber

#2211791 6-Apr-2019 15:20

You don't see " Connect Your Sales Teams With Your Future Customers " ?

Spyware

3818 posts

Uber Geek
+1 received by user: 1366

Lifetime subscriber

#2211794 6-Apr-2019 15:32

PhilANZ: I looked 3 different times - the first twice it seemed to change but still about drifting. Since I've now been to it three more times without it changing (once after deleting any cookies I couldn't clearly identify - as well as the cache) I'm even more confused than when I started. Just to be clear I didn't click on anything - just viewed it.

You went to drfting.com rather than drift.com

Rikkitic

Awrrr
19062 posts

Uber Geek
+1 received by user: 16302

Lifetime subscriber

#2211796 6-Apr-2019 15:37

DNS hijack? Rogue Hosts file? Sounds like he's seeing something completely different from the rest of us.

Edit: There is an easier explanation.

Plesse igmore amd axxept applogies in adbance fir anu typos

Dell

Shop now for Dell laptops and other devices (affiliate link).

PhilANZ

356 posts

Ultimate Geek
+1 received by user: 3

#2211797 6-Apr-2019 15:40

I confess I didn't spend much time there at all - bit leery of some of the nasties on the net, and I'd just had over 1Gb of bandwidth chewed up for nothing so didn't want to spend any time there. Mea culpa I just saw the site was drift.com and took off. I didn't stay around to read it. The cloudfront.net didn't produce anything so it seemed like the sort of place I didn't want to stay.

Linux

12173 posts

Uber Geek
+1 received by user: 8469

Trusted

Lifetime subscriber

#2211801 6-Apr-2019 16:01

Rikkitic:

DNS hijack? Rogue Hosts file? Sounds like he's seeing something completely different from the rest of us.

Edit: There is an easier explanation.

They did not actually click on the link

Rikkitic

Awrrr
19062 posts

Uber Geek
+1 received by user: 16302

Lifetime subscriber

#2211819 6-Apr-2019 16:41

Linux:
Rikkitic:

DNS hijack? Rogue Hosts file? Sounds like he's seeing something completely different from the rest of us.

Edit: There is an easier explanation.

They did not actually click on the link

Yeah, I realised that after I posted. I was just tossing out some ideas as they occurred.

Plesse igmore amd axxept applogies in adbance fir anu typos

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41029

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2211872 6-Apr-2019 17:29

Cloudfront is just the Amazon Web Services CDN service. That specific URL is used by the domain I posted.

I am not sure what else we could find without specific tracing all packets in the network.

Obvious question: all devices that could be off were off (laptops, desktops)? Smartphones and tablets, unless you explicitly push the power button for a few seconds and the click the "OFF" on screen are just sleeping and could still be doing things in the background.

All devices were scanned for malware?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

1 | 2