Forum Discussion
Thanks for the further info but you're not telling me anything I don't already know and nothing you're telling me is the slightest bit applicable to this situation. No Chrome tabs ever show videos or ads. With the exception of the outlook site, they're all strictly business and financial/banking related sites that I may not even log into for lengthy periods of time. There's nothing that refreshes automatically in my google ads or google merchant center tabs. None of the google sheets I keep open refresh automatically. The financial spreadsheet doesn't fetch security price updates until I refresh the page. The Outlook site may want to show some ads but they're blocked by my Adblock Plus. M$ assures me that works. Every site is working properly throughout this episode, just as they have for a very long time. There's simply nothing to find in here.
Regardless, It's over now. The drain lasted two days and stopped on its own with no intervention from me. As it turns out, it was done when I found it. No tabs in Chrome have been opened or closed before, during or after. Here's a screenshot of Glasswire the day before it started. Please note the Chrome section showing typical low usage. Another screenshot from today. The offending IP is nowhere to be found in the Glasswire data for either day. By the way, I have Glasswire installed and always open on all four computers so I have records of what goes on when I want to know. I look at three of them every day watching the size of the Bitdefender manual updates done every morning over wifi. These sometimes log highly abnormal sizes compared to the ethernet updates done on my main computer. My bad for not checking anything on my main connected computer while this was going on. Now I want to know why.
Since you're a network guy, please tell me this. Why is it the offending page still can only be seen when using any of my Hughes connected devices while it's still unavailable when connected to the internet through Verizon? This includes four windows computers and an android 13 phone.
I'm on HughesNet also (obviously) and just tried it in Firefox and Chrome. Neither could find it to DNS into an IP address. That tells me there's something particular to your computer (applications, configuration, etc.) and/or local DNS/network, not HughesNet or their DNS in general.
Another clue is that 2a03:2880:f082:112:face:b00c:0:1823 traces back to Meta Platforms Ireland Limited, which is registered under facebook.com as a "Search Engine Spider", which is kind of weird. The actual server seems to be in Chicago, however. Not saying this is what happened, but it's a scary thought if Meta/Facebook just reached in and indexed your entire computer for you.
If it happens again, in addition to looking at Glasswire, I would right click on your taskbar, bring up a task list, and look for any processes using a lot of computer time and network access. If it looks suspicious I'd kill it immediately.
Related Content
- 8 years ago
- 7 years ago
- 7 years ago