User accessing excessive website with no HTTP access ?

Hi All,

Due to excessive usage of a certain website, I've got some warning from my Security Team regarding the below website:

yqflpa.bay.livefilestore.com 354.96 GB  
yqflpa.by3301.livefilestore.com 104.39 GB  
yqflpa.by3302.livefilestore.com 96.04 GB  
secure.transfer.redsourceinteractive.com 55.16 GB  
lym3uw.bay.livefilestore.com  32.4 GB  

In total since last week, I've been consuming 642.95 GB of web traffic from the top website above ?

As per my understanding, my OneDrive is only 15 GB but how come I was using that much of a bandwidth in the past 7 days.
This one website secure.transfer.redsourceinteractive.com is also a mystery to me as I do not know what it is used for.

I must admit that I never closed my Google Chrome Browsers and shutdown my PC so it is always on 24 hours.
LVL 12
Senior IT System EngineerSenior Systems EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Member_2_276102Commented:
The livefilestore.com addresses are related to Windows Live file sharing. There have been cases of account abuse, but there's no way that members here can determine how any of it relates to you or your devices. You might need to have your PC scrubbed clean. (Personally, I'd load up a decent Linux distro, probably Linux Mint Cinnamon for a start; but many seem chained to Windows for some reason.)

The redsourceinteractive.com site is discussed in your related question.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
Redsource seems like a proxy site to many other site as you can see the number of IP associated with it and clicking any one of it, you will find the other hosted sites. Find it rather suspicious esp when the company description - "We create communities to help connect people with the knowledge they need". It looks like hosting other websites... hence my guess on the "proxy" ... it is sort of masking out the anonymous source (that may be the intent of the "source"...)
https://www.virustotal.com/en-gb/domain/secure.transfer.redsourceinteractive.com/information/
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Hm.. if that's the case shall I report it to Symantec or Microsoft to be blocked ?
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

btanExec ConsultantCommented:
can alert for them to investigate if they think supposed to and as long as you can block those access from your perimeter then it minimally not impacting your asset. But do scan your file to make sure they are clean and if possible check their last access to see if that is expected time of access
Member_2_276102Commented:
It's a valid site that provides a service that you use, so it'll only cause trouble to block it. Quite possibly EE itself won't work for anyone that blocks it. You use the service by displaying web pages that rely on it, e.g., the page that you are reading this comment on.
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Ah I see,

But howcome it is consuming more than 58 GB weekly under my own username ?

I'm under investigation this week by my Security Manager and HR team :-| for possible information breach.
btanExec ConsultantCommented:
Better and safer to check files. Not surprise for this service to be allowing other to be crawling the huge information.

 But on its purpose of such " download" I suspect it is a aggregrated pool of other site source attemot to access common file shares. I am thinking there should be any access allow for public reachable source, restrixt tjose files on invite basis or private to reduce exposure of files.
Member_2_276102Commented:
My apologies. You have two closely related questions and my previous comment was more specifically related to your 'redsourceinteractive.com' question. I didn't recognize that I was commenting in your question that included the 'livefilestore.com' addresses.

It's reasonable that your Security Manager should investigate. All security managers should follow up all of these sites to determine how they should be controlled.

And Microsoft in particular should be involved. It's their technologies and methods that define how data transfers happen and what circumstances get them going.

BTW, your Security Manager should have no difficulty in determining that it has nothing to do with you intentionally pulling data.
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
ok, after closing the browser which opens up this website (EE) and stopping OneDrive usage, I can see that the traffic is no more :-)

However, I can see new problem arise:

0.client-channel.google.com  18.32 GB

It is now Google syphoning my data in the background.
Member_2_276102Commented:
Not sure of everything the "client-channel" names at Google do, though they're definitely related to Google Hangouts at the least. I suppose they're somewhat similar to the redsourceinteractive site. Google nowadays has so many services that they almost certainly redirect traffic to MANY different servers in their huge network.
btanExec ConsultantCommented:
It may represent the various micro service that google bots are assigned to manage or act on  the traffic going to a certain services.
Senior IT System EngineerSenior Systems EngineerAuthor Commented:
Thanks !
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.