Is NetworkManager sending HTTP requests to googleusercontent.com?

Question

I am using Ubuntu 17.10 on my desktop PC, I've been monitoring network traffic with Etherape. I noticed HTTP requests from my PC(casa hostname) to googleusercontent.com (104.198.143.177).
So I used lsof and ss to 'identify' process behind these requests.

Using lsof -i:

NetworkMa  778            root   20u  IPv4 546772      0t0  TCP casa:53671->177.143.198.104.bc.googleusercontent.com:http (SYN_SENT)
NetworkMa  778            root   20u  IPv4 546772      0t0  TCP casa:53671->177.143.198.104.bc.googleusercontent.com:http (ESTABLISHED)

Using ss -rep dst 104.198.143.177:

tcp    SYN-SENT   0      1      casa%enp4s0:53671    177.143.198.104.bc.googleusercontent.com:http  users:(("NetworkManager",pid=778,fd=20)) timer:(on,964ms,0) ino:546772 sk:6df <->
tcp    ESTAB      0      87     casa%enp4s0:53671    177.143.198.104.bc.googleusercontent.com:http  users:(("NetworkManager",pid=778,fd=20)) timer:(on,300ms,0) ino:546772 sk:6df <->

It seems NetworkManager (pid 778) is sending requests to googleusercontent, and it happens every 5 minutes exactly.

I have to say, no applications were launched at the moment, no background process, no network activities,no online account and it was a 'Ubuntu fresh install'.
So why NM would sent requests to googleusercontent?

score 4 · Accepted Answer · answered Jan 07 '18 at 15:17

You also need to take into account the 1st bit of that:

bc.googleusercontent.com

bc originates from Google Compute Engine (Google cloud) That does not have to be from Google itself. It is a service anyone can use.

177.143.198.104 is owned by NET Serviços de Comunicação S.A. Is that your ISP perhaps?

Some other services that are from Google:

lh3.googleusercontent.com Used for loading images for Google+.
lh5.googleusercontent.com Used for loading images for Google+.
lh6.googleusercontent.com Used for loading images for Google+.
s3.googleusercontent.com Used for loading favicons for AdWords ads.
static.googleusercontent.com
themes.googleusercontent.com Used for loading font files for Google Fonts. (Generally called within CSS from fonts.googleapis.com)
translate.googleusercontent.com Google Translation Service

score 2 · Answer 2 · answered Jul 17 '18 at 17:31

2

Looking up the IP, I found this:

Hosted Domains  connectivity-check.ubuntu.com
                177.143.198.104.bc.googleusercontent.com

So it's an Ubuntu page hosted by Google.

answered Jul 17 '18 at 17:31

wjandrea

14,504

Is NetworkManager sending HTTP requests to googleusercontent.com?

2 Answers2

Linked

Related