Strange record under "top clients" (accscdn.taobao.com)

I found this weird record under my “top clients”.
My debug log’s token is 9z9iw6eu9k.
I also find it strange that I have two separate “localhost” as “top clients”.

Thanks for checking!

edit:
Seems to be related to the aliexpress app on my android phone. I’ve uploaded a new log (nqbqgixh4e) after I’ve opened the app. The “alternative” localhost has the same number of requests (4) as “accscdn.taobao.com”. Before I opened the app, they both had 1.

Do you have a screenshot of the Top Clients?

I can’t test this myself as I don’t have an Android device. But it would make sense that that’s where the query came from as https://world.taobao.com is a shopping site and the subdomain accscdn.taobao.com would lead me to believe it’s a content deliver network, hence the accscdn.

Often times you won’t know what the domain is that is being queried and can just make educated guesses. If you don’t want that domain queried, block and see if it breaks anything. If not, no harm done.

My question is: shouldn’t the clients only be the IP addresses of the devices connecting to the internet? I was not expecting a domain.

do you have any ports open to the outside world?

1 Like

Yes, I was also going to ask this.

I have a bunch of upnp stuff under port mapping. Mostly resilio sync. One for Teredo. For one of my devices I have 9305, 9306 and 9308 mapped. There shouldn’t be anything else.

I’m guessing that one is IPv4 (127.0.0.1) and the other is IPv6 (::1).

Makes sense. At least one mistery is cleared. :slight_smile:

When FTL first detects a client, it will do a reverse lookup to see if that IP has a hostname associated with it, and if found it will use it instead of the IP address. Try running dig on that domain to see if it gives an IP address on your network.