Strange traffic to Neotel IP

[Bern]

So just found 500MB running from a new Win 7 install (VM) on port 80 to 41.168.9.226 which is owned by Neotel.

Trying to figure out what the hell this is, I was too late to get a capture running, just saw it on our IP/port traffic monitoring tool. thought it might be updates, but I stopped them and the box still wants to do a full download.

 

[Nuro]

So just found 500MB running from a new Win 7 install (VM) on port 80 to 41.168.9.226 which is owned by Neotel.

Trying to figure out what the hell this is, I was too late to get a capture running, just saw it on our IP/port traffic monitoring tool. thought it might be updates, but I stopped them and the box still wants to do a full download.

Looks like an akamai server, so probably some form of update.

 

[Bern]

Looks like an akamai server, so probably some form of update.

The fact that there is no Akamai agent/service to initiate the update and I have no control over however this update started on a blank Win 7 box is kind of worrying!

Hoping Neotel give me an answer soon.

 

[Nuro]

The fact that there is no Akamai agent/service to initiate the update and I have no control over however this update started on a blank Win 7 box is kind of worrying!

Hoping Neotel give me an answer soon.

Microsoft uses akamai for windows update, which will start all on it's own by default. Are you sure it's not that?

 

[Bern]

Microsoft uses akamai for windows update, which will start all on it's own by default. Are you sure it's not that?

I first set it not to update, then added WSUS settings to use our internal Win update box and it is also set to run at 3AM. A bit confused that it would then jump to online updates without manual intervention.

 

[Bern]

I received a confirmation - it is an Akamai server.