Should car be sending CURL messages?

[mtiede]

My router threat prevention gave this message:

curl User-Agent Outbound

being sent to:

23.55.200.211

And the sending text was:

HEAD./.HTTP/1.1.
00000010 0a 48 6f 73 74 3a 20 32 33 2e 35 35 2e 32 30 30 .Host:.23.55.200
00000020 2e 32 31 31 0d 0a 55 73 65 72 2d 41 67 65 6e 74 .211..User-Agent
00000030 3a 20 63 75 72 6c 2f 38 2e 32 2e 31 0d 0a 41 63 :.curl/8.2.1..Ac
00000040 63 65 70 74 3a 20 2a 2f 2a 0d 0a 0d 0a cept:.*/*....

Is this a normal thing?

 

[DOCAL]

Yes, curl is just a command line utility for downloading things over http/https. Pretty common to use it in scripts to pull things from web servers.

In this case it’s connecting to Akamai which is probably where Tesla store firmware updates and other things they need to distribute widely.

 

[mtiede]

Yes, curl is just a command line utility for downloading things over http/https. Pretty common to use it in scripts to pull things from web servers.

In this case it’s connecting to Akamai which is probably where Tesla store firmware updates and other things they need to distribute widely.

Thanks, Docal. I'm a long time programmer (first program written in 1966) and so I knew what curl was and how it is used and that it was going to an Akamai address. What I wasn't sure of was whether that is normal for the Tesla to send it. I was hoping someone could say something like, "Yes, I see that traffic also". Otherwise, it could be that the Tesla computer got hacked when attached to my network and was doing something to distribute malware or some other hack.

Do you know if it is a normal thing that the Tesla does?

 

[DerbyDave]

I'd agree that the likelihood of this being malicious is very low.

 

[mtiede]

I'd agree that the likelihood of this being malicious is very low.

I agree also. But a low chance is still a chance, so I was hoping someone else had actually observed this curl traffic from the Tesla. I had some possible hacking of an attached storage device through a new router and so I am trying to be extra cautious. If anyone has watched and verified that this traffic is normal, then I would feel better about it. Currently, I'm suspicious of anything that I don't know about going on on the network.

 

[DOCAL]

I was hoping someone could say something like, "Yes, I see that traffic also".

I also see that traffic, user agent is "curl/8.2.1" and the destination is Akamai.
I don't see the exact IP you do, but since you're east coast and I'm west coast that makes sense.

I took a look further, and for the IP I'm seeing with the curl user-agent (23.221.76.66) I see...

www.tesla.com (CNAME) -> www.tesla.com.edgekey.net (CNAME) -> e1792.dscx.akamaiedge.net (A) -> 23.221.76.66

 

[mtiede]

Thanks, just the information I was hoping for