Jump to content

Strange NTOPNG flows to China


biob

Recommended Posts

Hi

Im running NTOPNG on my home network. In the last day I’ve noticed flows from my iPad to China (IP:49.234.241.239). I have no apps open on the iPad. Any ideas what/why this is happening?

byte size is 546 and is using TLS over TCP and numerous ports.

Link to comment
Share on other sites

You don't need to have apps open for them to be running in the background.

If you hit that IP over HTTPS then it gives you the domain name WWW.BOEIOT.NET.CN. Browse to that and it looks like a home automation/IOT company.

  • Like 1
Link to comment
Share on other sites

🤔 Interesting I don’t use home automation.

The AS is Tencent. Bit of reading I found that if based in China iOS uses tencent to check for fraudulent sites and google elsewhere. 
 

When I checked the ip early(e.g browsed to it), I got a warning saying suspected site.... certificate didn’t match.

might try toggling check for fraudulent sites when I get home tonight, see if it changes.

the iPad makes no attempt to resolve the ip either (nothing on purpose hole). 

Link to comment
Share on other sites

Toggled website fraud detection in safari and issue resolved. 
Not sure why it started to think it was based in China 🤔

Hats off to the creators of ntopng... learning so much more about the traffic on my home network. Runs great on a Raspberry pi 4.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...