User accessing excessive website with no HTTP access ?

Senior IT System Engineer
Senior IT System Engineer used Ask the Experts™
on
Hi All,

Due to excessive usage of a certain website, I've got some warning from my Security Team regarding the below website:

yqflpa.bay.livefilestore.com 354.96 GB  
yqflpa.by3301.livefilestore.com 104.39 GB  
yqflpa.by3302.livefilestore.com 96.04 GB  
secure.transfer.redsourceinteractive.com 55.16 GB  
lym3uw.bay.livefilestore.com  32.4 GB  

In total since last week, I've been consuming 642.95 GB of web traffic from the top website above ?

As per my understanding, my OneDrive is only 15 GB but how come I was using that much of a bandwidth in the past 7 days.
This one website secure.transfer.redsourceinteractive.com is also a mystery to me as I do not know what it is used for.

I must admit that I never closed my Google Chrome Browsers and shutdown my PC so it is always on 24 hours.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
The livefilestore.com addresses are related to Windows Live file sharing. There have been cases of account abuse, but there's no way that members here can determine how any of it relates to you or your devices. You might need to have your PC scrubbed clean. (Personally, I'd load up a decent Linux distro, probably Linux Mint Cinnamon for a start; but many seem chained to Windows for some reason.)

The redsourceinteractive.com site is discussed in your related question.
btanExec Consultant
Distinguished Expert 2018
Commented:
Redsource seems like a proxy site to many other site as you can see the number of IP associated with it and clicking any one of it, you will find the other hosted sites. Find it rather suspicious esp when the company description - "We create communities to help connect people with the knowledge they need". It looks like hosting other websites... hence my guess on the "proxy" ... it is sort of masking out the anonymous source (that may be the intent of the "source"...)
https://www.virustotal.com/en-gb/domain/secure.transfer.redsourceinteractive.com/information/

Author

Commented:
Hm.. if that's the case shall I report it to Symantec or Microsoft to be blocked ?
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

btanExec Consultant
Distinguished Expert 2018
Commented:
can alert for them to investigate if they think supposed to and as long as you can block those access from your perimeter then it minimally not impacting your asset. But do scan your file to make sure they are clean and if possible check their last access to see if that is expected time of access
It's a valid site that provides a service that you use, so it'll only cause trouble to block it. Quite possibly EE itself won't work for anyone that blocks it. You use the service by displaying web pages that rely on it, e.g., the page that you are reading this comment on.

Author

Commented:
Ah I see,

But howcome it is consuming more than 58 GB weekly under my own username ?

I'm under investigation this week by my Security Manager and HR team :-| for possible information breach.
btanExec Consultant
Distinguished Expert 2018
Commented:
Better and safer to check files. Not surprise for this service to be allowing other to be crawling the huge information.

 But on its purpose of such " download" I suspect it is a aggregrated pool of other site source attemot to access common file shares. I am thinking there should be any access allow for public reachable source, restrixt tjose files on invite basis or private to reduce exposure of files.
My apologies. You have two closely related questions and my previous comment was more specifically related to your 'redsourceinteractive.com' question. I didn't recognize that I was commenting in your question that included the 'livefilestore.com' addresses.

It's reasonable that your Security Manager should investigate. All security managers should follow up all of these sites to determine how they should be controlled.

And Microsoft in particular should be involved. It's their technologies and methods that define how data transfers happen and what circumstances get them going.

BTW, your Security Manager should have no difficulty in determining that it has nothing to do with you intentionally pulling data.

Author

Commented:
ok, after closing the browser which opens up this website (EE) and stopping OneDrive usage, I can see that the traffic is no more :-)

However, I can see new problem arise:

0.client-channel.google.com  18.32 GB

It is now Google syphoning my data in the background.
Not sure of everything the "client-channel" names at Google do, though they're definitely related to Google Hangouts at the least. I suppose they're somewhat similar to the redsourceinteractive site. Google nowadays has so many services that they almost certainly redirect traffic to MANY different servers in their huge network.
btanExec Consultant
Distinguished Expert 2018
Commented:
It may represent the various micro service that google bots are assigned to manage or act on  the traffic going to a certain services.

Author

Commented:
Thanks !

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial