Privacy Concerns

Just updated openwrt router firmware and noticed something suspicous.
I monitor network traffic with portmaster + simplewall on a debloated Windows 10 host and always connect over mullvadvpn.
In openwrt i saw the name of my desktop pc connected to some strange IP.
I looked up the IP and it appears to be googleusercontent.
What the fck?
I don't get why this happening and from where the connection comes.
Is that shit running within ring zero or the bios itself?
It doesn't show up in portmaster at all. (which is a kernel extesion firewall)
Fck me...

Edit: Can i block google within openwrt?

That’s what I’m thinking…

You can use the domain filter to remove a particular domain.

Are there any devices connected to the router? Probably one of those.

I'm totally new here, but saw there is a package pingcheck in OpenWRT which checks if you are online. The default IP address to ping for that check looks like it might be 8.8.8.8 acording to this:

On my router it is enabled by default, but doesn't list the IP address it is using.

Yes, likely the desktop the OP mentions.

How does this relate to the OP's inquiry about connection to another IP 34.107.203.93?

Securing modern windows with respect to privacy concerns is difficult. I doubt it is the UEFI/BIOS, but a way to test this would be to boot a Linux live distro on a USB stick and see if it goes away after a while (it can take a bit for connections to time out in the router, give it a few minutes).

Better choose as simple as possible live Linux distro. And most GUI based Linux distros (as well as Windows) will probably make a couple of connections as part of detecting if the connection is a WiFi with a captive portal. But that should be fairly easy to tell apart.

It doesn't directly, it just happens to be another Google IP address, so may be of interest to them.
I'm a noob with OpenWRT sorry if this is unhelpful.

A bit more background: googleusercontent.com is used for just about anything that you might upload to any Google service and more. It's often used for untrusted content that G itself is not in control of. Also used for situations where they don't want scripts to have access to a user's google.com cookies.

Many websites will access pictures and stuff from that domain.

HTH

Hi.
Have you seen:

Abuseipdb

There are 49 sources of reports on that address.

Because cloud - if using Google DNS, it hit's two things - round-robin DNS and then load balancers...

gstatic.com is similar to the other domain - it's a connectivity check...

And that one resolves to both IPv4 and IPv6 even if Google Public DNS is not used...

bro, Windows 10 is loaded with telemetry, surveillance and surveillance of users, and it was known back in the 15th year.

Yea, you lost me. I guess it's supposed to be relevant because both IPs belong to Goog$e. I appreciate the time taken to reply.

I believe it's just telemetry and port scanning research as others noted.

Thanks for the suggestion, is this integrated to openwrt or is it an addon?
I'll see if i can find it in openwrt right now.

Update to my situation:
Just booted up my new desktop pc and visited the openwrt interface.
What i saw is this:

This is seriously creepy. I don't use ANY google service at all.
Why on earth is this connection there and what data does my personal desktop send to google?! F*ck google!
Anyways there alos appars to be a connection made to akamaitechnologies and fixed.kpn.net. I have no idea why any of these connections are actively established.

TLDR: I'd very much appreciate if people on this forum could help me find a solution to entirely block spyware connections from bitech like google, using openwrt on my asus AX4200 router.

No, the connection is as i said established FROM my personal desktop TO googleusercontent. No other devices involved.

I absolutley get what you mean by securing windows to be compatible with privacy.
It's nearly impossible but i can say this much. I did it.
Check https://privacy.sexy and Safing.io
One script to rule them all^^ I know windows is basically malware but first of im running w10 not 11, and it's extremely deloated. Also portmaster let's me block ALL microsoft and other bigtech connections, i can see the traffic and as deloated as my w10 is, it does still try to connect to ctldl.windowsupdate.com sometimes but that's no concern for my since it's blocked in portmaster. What worries me is the connection to google, it doesn't show up in portmaster. Portmaster is a kernel extension firewwall, so what should i think of this google connection not showing up there? I very much doubt it's a softwarebug on portmasters end. Something isn't right here.

Good idea, i could also just boot into bios and visit the openwrt interface from my other desktop and then monitor connections.

Fun enough, the website you sent connects to googletagmanager.
So what does this tell me? If the IP is involved into malicious activites, does it mean google is abusive (obsiouly they are) or an external actor has access to that ip and content sent to it? I read somewhere that visiting example.com doesn't mean you're actually visiting example.com, isn't this something like DNS poisoning? Probably not. I just ment that a website that looks exactly like the original and uses the same domain could be a phising site if a man in the middle managed to redirect you to their own fake site and make you think you're viewing the original.
Is that a concern here? Don't know where you're going with these abusive reports.

So, how do i block it? I don't want any telemetry on my personal desktop.
Does OpenWRT have capabilites to block domains or entire filterlists by default (ip-ranges) or do i have to install an extension but which one?

I personally block google myself on my network, using dns.

May help for start ^