Solved Mystery Blocker

[JT Strickland]

I am getting outbound blocks to a site 196.53.113.254 (courtland.sardistel.com) that appears to be harmless, some kind of data center which is maybe 100 miles or less distant. Unless it has been spoofed or something. I have saw it for the last couple of months and almost never had any outbound blocks prior to that. Skynet is showing several hundred currently. It is apparently coming from my router, or my public IP, so it isn't client specific to me.

How can I find out what is going on with this site? Should I whitelist it and forget it? I have never whitelisted any site in Skynet, so it may be about time, but I don't want to open a door that will be difficult to close. I don't know what is triggering it, or how to find out. This thing is a thorn in my side that gouges me every time I check my router.

Anyone have any advice?

Screenshot from Alienvault:

 

[Audionut]

If that site being blocked is not causing issue, I would leave it blocked.

 

[dave14305]

The guy in this other thread had the same issue:

Skynet - OUTBOUND SOURCE?

I am getting a lot of outbound blocks lately. This is the first time that I've had that many, and I can't tell which client it's coming from. The log shows my real WAN IP instead of the local network IP like it has in the past, no MAC or anything else that I can see. Can anyone tell me how...

www.snbforums.com

 

[JT Strickland]

The guy in this other thread had the same issue:

Skynet - OUTBOUND SOURCE?

I am getting a lot of outbound blocks lately. This is the first time that I've had that many, and I can't tell which client it's coming from. The log shows my real WAN IP instead of the local network IP like it has in the past, no MAC or anything else that I can see. Can anyone tell me how...

www.snbforums.com

Yea, that was me, same IP address. It hasn't stopped. I don't know if blocking it is causing it any harm or not since I can't nail down where it's coming from on my network. Maybe I can look up their phone number and call down there, but if it is a hacker spoofing their site it wouldn't help. It just bothers me every time I see it, and there should be a way to find out why but I'm not linux skilled enough I reckon. Thanks to the help you gave me in that other thread, I learned a little about it.
thanks again,
jts

 

[dave14305]

It was pretty clear it was from the spdMerlin speedtest.

 

[JT Strickland]

It was pretty clear it was from the spdMerlin speedtest.

So don't you think it would be OK to whitelist it? Or no? It didn't start until about a couple months ago, and I've been using spdmerlin for over a year.
Far as that goes, if that's what it is, it won't hurt to leave it along either I reckon. Only thing, sometimes I dont' have a reading for a test period. I've saw it in my log file. I bet that's why. It got blocked.
I guess I didnt' think it was spdmerlin before or that should have settled it.
thanks again,
jts

 

[EmeraldDeer]

I am guessing it is not in Skynet-BlockedRanges by accident.

 

[JT Strickland]

I am guessing it is not in Skynet-BlockedRanges by accident.

Probably not, that is why I have hesitated this long. There is nothing in Alienvault that I could find that was really negative. But I will leave it alone, maybe look into seeing if I can blacklist it in spdMerlin or something. It may be in the underlying speedtest and therefore out of reach.

edit: I changed to a preferred server instead of random and see it that will do it. Can't find anything on Oogla Speedtest to help.

 

[JT Strickland]

Well It seems that was it. No more outbound blocks after setting a preferred server. It is apparently on Oogla's end, if I pronounced that right.
I an surprised that many hits came from spdMerlin. I bet I don't have any empty entries anymore for the speedtest either.
Thanks for the help, put this one to bed "SOLVED".