1

First of all sorry my bad english. It's very difficult to find anything about this in the brazilian forums.

I am always monitoring my internet usage on QoS so I can play online without my family messing around my ping. : D

But since today I've seen a very strange IP using my connection: 40.4.4.49 In the Connected Devices Map only shows my PC. My PC is on cable, so I deactivated the wifi but this IP continues to use the network.

My IP distribution: 192.168.1.30 - 192.168.1.80

And there are also numbers and letters that have never been on IPv6

Networks driver up to date.

My IP on modem is: 192.168.1.30

With only my PC connected on the Net, when I'm browsing I have data usage on both IPs: 192.168.1.30 and 40.4.4.49

If I use all my band, that is 8Mbps (800kbp/s) making a download in the Windows Store, the use of data divides between the two IPs, always reaching the maximum, sometimes more in one than in the other. Task Manager shows maximum network usage: 7.9 mbps (790kbps)

If I watch a video on YT, download some torrent on full speed, or even do a speed test on speedtest.net all the data usage stays with 192.168.1.30

In Idle is the same use it was before. If my brother (192.168.1.31) is using Wifi, this 40.4.4.49 uses data along with his IP.

One more thing, this morning my Windows 10 install some updates, I don't know if this is the consequence of this update.

What can it be?

P.S. Sorry my bad english

Renan Rossi
  • 11
  • 1

1 Answers1

0

Since today I've seen a very strange IP using my connection: 40.4.4.49

40.4.4.49 belongs to Eli Lilly And Company. 

NetRange:       40.0.0.0 - 40.63.255.255
CIDR:           40.0.0.0/10
NetName:        LILLY-NET
NetHandle:      NET-40-0-0-0-1
Parent:         NET40 (NET-40-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       
Organization:   Eli Lilly and Company (ELILIL)
RegDate:        1991-04-23
Updated:        2015-02-23
Ref:            https://whois.arin.net/rest/net/NET-40-0-0-0-1

OrgName:        Eli Lilly and Company
OrgId:          ELILIL
Address:        Lilly Corporate Center
City:           Indianapolis
StateProv:      IN
PostalCode:     46285
Country:        US
RegDate:        1988-09-12
Updated:        2017-02-27
Ref:            https://whois.arin.net/rest/org/ELILIL

OrgTechHandle: BERSH1-ARIN
OrgTechName:   Bershevits, Denis 
OrgTechPhone:  +1-317-651-0071 
OrgTechEmail:  
OrgTechRef:    https://whois.arin.net/rest/poc/BERSH1-ARIN

OrgAbuseHandle: BERSH1-ARIN
OrgAbuseName:   Bershevits, Denis 
OrgAbusePhone:  +1-317-651-0071 
OrgAbuseEmail:  
OrgAbuseRef:    https://whois.arin.net/rest/poc/BERSH1-ARIN

Source IP Information for 40.4.4.49

Eli Lilly and Company is an American global pharmaceutical company with headquarters located in Indianapolis, Indiana, in the United States. The company also has offices in Puerto Rico and 17 other countries. Its products are sold in approximately 125 countries.

Source Eli Lilly and Company

I've no idea why your network should be communicating with this particular company.

DavidPostill
  • 153,128
  • 77
  • 353
  • 394
  • Can this be an Sniffers thing? – Renan Rossi Jun 15 '17 at 18:34
  • @RenanRossi I don't know. It would probably be a good idea to [check for malware](http://superuser.com/questions/100360/how-can-i-remove-malicious-spyware-malware-adware-viruses-trojans-or-rootkit?). – DavidPostill Jun 15 '17 at 19:27
  • I use Desktop connected via cable, I tested here I realized that IP 40.4.4.49 uses bandwidth only when the modem's Wifi is enabled and my mother's notebook is connected to the network through it. Is it possible that her PC has malware or viruses? – Renan Rossi Jun 15 '17 at 20:29
  • @RenanRossi Yes, it is possible. That is the first thing I would check for on all devices connected to your network. – DavidPostill Jun 15 '17 at 20:30
  • I discovered that if I disable the IPv6 protocol on my PC (cable), IP 40.4.4.49 is no longer used. But it is still used when I browse with the notebook (wifi), and if I disable IPv6 in the notebook I have no connection with it. P.S. The Ipv6 protocol was recently added by my internet provider, I think it started this week. – Renan Rossi Jun 16 '17 at 00:57
  • @RenanRossi You should ask your ISP why they are using an IP address belonging to someone else when IPv6 is enabled. – DavidPostill Jun 16 '17 at 08:03