[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Click for more| Home]

What botnets are you connected to RIGHT NOW? No cheating, pl

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 223
Thread images: 38

What botnets are you connected to RIGHT NOW? No cheating, please post the output of this command without redacting things:

lsof -i | grep ESTABLISHED


Here's mine:

$ lsof -i | grep ESTABLISHED                                                                                                ⏎
Firefox 8496 jacks 85u IPv4 0x08b4d338 0t0 TCP 192.168.0.101:54922->do-8.lastpass.com:https (ESTABLISHED)
Firefox 8496 jacks 31u IPv4 0x08aa8338 0t0 TCP 192.168.0.101:54966->190.93.245.6:https (ESTABLISHED)
Firefox 8496 jacks 32u IPv4 0x06662338 0t0 TCP 192.168.0.101:54967->yyz08s11-in-f18.1e100.net:https (ESTABLISHED)
Firefox 8496 jacks 36u IPv4 0x08aae874 0t0 TCP 192.168.0.101:54923->edge-star-shv-01-ord1.facebook.com:https (ESTABLISHED)
Firefox 8496 jacks 39u IPv4 0x0782edb0 0t0 TCP 192.168.0.101:54928->wordpress.com:https (ESTABLISHED)
Firefox 8496 jacks 41u IPv4 0x0782e338 0t0 TCP 192.168.0.101:54970->141.101.115.26:https (ESTABLISHED)
Firefox 8496 jacks 42u IPv4 0x06d39db0 0t0 TCP 192.168.0.101:54971->141.101.115.26:https (ESTABLISHED)
Firefox 8496 jacks 43u IPv4 0x0a806338 0t0 TCP 192.168.0.101:54972->141.101.115.26:https (ESTABLISHED)
Firefox 8496 jacks 44u IPv4 0x097ebdb0 0t0 TCP 192.168.0.101:54973->141.101.115.26:https (ESTABLISHED)
Firefox 8496 jacks 45u IPv4 0x07935db0 0t0 TCP 192.168.0.101:54974->141.101.115.26:https (ESTABLISHED)


So, according to this, I'm connected to Lastpass (I use it for managing paswords... should switch to somethign else but whatever). Facebook... even though I do not have FB tab open and I have uBlock running. Google (1e100.net) even though I don't have Google account. Wordpress (no idea how). Rest is botnets hiding behind Clodflare that I don't even know what they are.
>>
bump?
>>
4Chan and Jewgle
>>
>>47425605
post it. let's see it.
>>
Silly OP.
This isn't about merchandise like mechanical keyboards.
This isn't a picture of your battle station.
This isn't a circle jerk topic.
I think you took a wrong turn somewhere.
Threads don't survive if they happen to be original.
>>
Script started on Wed 08 Apr 2015 04:08:28 PM PDT
[01;[email protected] ~ $ lsof -i | grep ESTABLISHED
firefox 3144 gordon 44u IPv4 44851 0t0 TCP 172.31.192.137:45024->nuq05s02-in-f21.1e100.net:https (ESTABLISHED)
firefox 3144 gordon 58u IPv4 45411 0t0 TCP 172.31.192.137:36863->ec2-54-68-239-254.us-west-2.compute.amazonaws.com:https (ESTABLISHED)
firefox 3144 gordon 63u IPv4 45469 0t0 TCP 172.31.192.137:51193->notification1.adblockplus.org:https (ESTABLISHED)
firefox 3144 gordon 67u IPv4 43770 0t0 TCP 172.31.192.137:55397->190.93.247.5:https (ESTABLISHED)
firefox 3144 gordon 68u IPv4 43874 0t0 TCP 172.31.192.137:33194->NP-13C27L067006:8060 (ESTABLISHED)
firefox 3144 gordon 69u IPv4 43771 0t0 TCP 172.31.192.137:38804->141.101.115.26:https (ESTABLISHED)
firefox 3144 gordon 70u IPv4 38625 0t0 TCP 172.31.192.137:48969->190.93.244.26:https (ESTABLISHED)
firefox 3144 gordon 92u IPv4 43774 0t0 TCP 172.31.192.137:50044->141.101.114.26:https (ESTABLISHED)
[01;[email protected] ~ $ exit
exit

Script done on Wed 08 Apr 2015 04:08:40 PM PDT
>>
>>47425639
>Threads don't survive if they happen to be original.
I guess you're right. Anything even slightly technical is shunned on /g/, /g/ of today is all about shitphones and dressing up your desktops like Barbie dolls. Sad.
>>
Pic related
>>
File: 1417552783001.png (44KB, 1064x514px) Image search: [iqdb] [SauceNao] [Google]
1417552783001.png
44KB, 1064x514px
>>47425639

I'm seeing a lot of these posts lately for some reason, are we finally rising up?

Is it happening?

Is /ct/ finally going to fuck off back to /v/?
>>
>>47425669
interesting. you too are connected to google and 3 diff botnets hiding behind Cloudflare. I wonder what that AWS connection is doing... do you own it?
>>
>>47425669
yup, I have facebook blocked with noscript and requestpolicy, and am running ad block plus, but yet i found "edge-star"shv" and a google search says that's tied to facebook
>>
>>47425688
>No browser running.
nice one
>>
>>47425699
amazonaws has a lot of botnets hiding behind it, i blocked it with my iptables but nope still established, the fug
>>
>>47425605
same
>>
>>47425710
Damn! So many connections to Google... do you run any privacy tools dude?
>>
someone post the ip tables command to add a rule to block an ip so we can all block these botnets [spoiler]im too lazy to google it
>>
firefox 9584 wako   52u  IPv4  30471      0t0  TCP 192.168.1.68:46629->190.93.244.6:https (ESTABLISHED)
firefox 9584 wako 55u IPv4 31268 0t0 TCP 192.168.1.68:54789->190.93.247.25:https (ESTABLISHED)
firefox 9584 wako 56u IPv4 33304 0t0 TCP 192.168.1.68:53801->141.101.115.26:https (ESTABLISHED)
firefox 9584 wako 60u IPv4 31267 0t0 TCP 192.168.1.68:51927->141.101.114.26:https (ESTABLISHED)
firefox 9584 wako 66u IPv4 33305 0t0 TCP 192.168.1.68:51933->141.101.114.26:https (ESTABLISHED)
firefox 9584 wako 67u IPv4 32533 0t0 TCP 192.168.1.68:52988->104.16.2.9:https (ESTABLISHED)
firefox 9584 wako 68u IPv4 31300 0t0 TCP 192.168.1.68:35540->ec2-50-19-106-67.compute-1.amazonaws.com:https (ESTABLISHED)
firefox 9584 wako 74u IPv4 31301 0t0 TCP 192.168.1.68:35541->ec2-50-19-106-67.compute-1.amazonaws.com:https (ESTABLISHED)
xchat 9693 wako 14u IPv4 27683 0t0 TCP 192.168.1.68:43658->kornbluth.freenode.net:8001 (ESTABLISHED)

What the hell is amazonaws?
>>
>>47425738
>im too lazy to google it

Go find some smartphone thread to shit on.
>>
>>47425734
you know it's funny im actually using duckduckgo as my search engine, and firefox as my browser. i don't have any google products installed right now on this pc. it's probably because each 4chan window has a google connection for the verification, plus my gmail is open in a tab
>>
>>47425746
Cloud servers
>>
>>47425748
Yeah, what's interesting that these recptcha connections are "Always ON" and SSL so who knows what they're transmitting all the time. They could be recording keystrokes for all we know.
>>
>>47425747
fug u m80
http://www.cyberciti.biz/faq/linux-iptables-drop/

/sbin/iptables -I INPUT -s {IP-HERE} -j DROP
>>
r8 it
>>
File: NOTFOUND.png (14KB, 669x75px) Image search: [iqdb] [SauceNao] [Google]
NOTFOUND.png
14KB, 669x75px
>>47425714
even if that was my android, thanks to AFWall it stays quiet on the botnet side


Also i just see lsof isn't installed on my Antergos but i know thanks to Iftop i am only connected to youtube and heise
>>
>>47425767
probably. I don't post in l0le threads anymore because of it, kinda sucks

"hey this user posts in lollypop threads every day he's a pedrofyle"
>>
>>47425767
c'mon dude, there's no way that a browser script can record keystrokes, that'd be a massive violation of privacy. No API other than Java has enough privileges and access to your local machine to do that kind of stuff.
>>
>>47424972
When will you guys learn that is impossible to escape from the botnet eye?
>>
>>47425746
WOW! Almost every one of your botnet connections is hiding behind Cloudflare! Two are behind AWS.
>>
i'm kind of retarded but how do I run this? I tried running it in the windows command prompt as administrator with a "unrecognized command" result
>>
>>47425846
for you all hope is lost anyway, they decided to not include this tool for your own sanity in your OS
>>
>>47425846
........lol

Hey everyone, did you all know that something like 90% of /g/ is behind a windows computer? Yeah it's sad
>>
File: WlLa1AM.jpg (316KB, 937x750px) Image search: [iqdb] [SauceNao] [Google]
WlLa1AM.jpg
316KB, 937x750px
[email protected]:~$ sudo lsof -i | grep ESTABLISHED
x-www-bro 2824 user1 62u IPv4 1806950 0t0 TCP compy.local:33545->ord31s21-in-f5.1e100.net:https (ESTABLISHED)
sshd 3467 root 3r IPv4 1914478 0t0 TCP compy.local:40->GATEWAY.local:55359 (ESTABLISHED)
sshd 3472 user1 3u IPv4 1914478 0t0 TCP compy.local:40->GATEWAY.local:55359 (ESTABLISHED)


I SSH'd into my Linux box from my windows box.

I don't know what x-www-bro is. I think I have Firefox running in the other room, I can't be shitted to check.
>>
>>47425846
It's a GNU/Linux command.
Try netstat
>>
>>47425872
It sucks dude there is not really a Windows alternative, the system can lie to you and hide connections from you even if you're on an administrators' account. You have to somehow run whatever is monitoring network usage as NT_SYSTEM_AUTHORITY to prevent that.

Its bullshit but Windows has a level of authority higher than Administrator in the settings, whereas on Linux, nothing surpasses root, nothing at all.
>>
>>47425796
>c'mon dude, there's no way that a browser script can record keystrokes, that'd be a massive violation of privacy.

Like Google hasn’t done shit like this before...

>Google to pay biggest FTC fine ever for tracking Safari users
http://arstechnica.com/tech-policy/2012/08/google-to-pay-biggest-ftc-fine-ever-for-tracking-safari-users/

>Google Ordered to Pay $7 Million to U.S. States for Wi-Fi Snooping Incident
http://www.dailytech.com/Google+Ordered+to+Pay+7+Million+to+US+States+for+WiFi+Snooping+Incident/article30111.htm


>No API other than Java has enough privileges and access to your local machine to do that kind of stuff.
Huh?

http://www.quirksmode.org/js/keys.html

It's trivial.
>>
>>47425811
>>47425841
lol
scared?
>>
>>47425846
/a/
>>
>>47425884
x-www-browser
it is most likely firefox
>>
>>47425899
>http://www.quirksmode.org/js/keys.html

And this is why I have javascript turned off, fuck you idiots telling me that ghostery and noscript aren't needed, this is exactly why.
>>
>>47425846
It only works under OS X, FreeBSD and Linux. Sorry. No idea how to do it under Windows.
>>
>>47425872
oh please fgt
>what is netstat -fatp tcp
>>
>>47425913
just checked it an am glad I have my noscript on

so all you need to do is let javascript be on and any webpage can track every key you enter

and i have no doubt scroogle is tracking everything i write and connecting it to my ip address

fucking gay, this ain't anonymous at all
>>
>>47425884
how many tabs do you have open? only google botnet? damn dude... go browse some moar and record some of the outputs of this command.
>>
>>47425783
no, it's just that you don't have enough privileges to see the full output. to do it properly on Android, you need to proxy your connection to a PC and then you can record the complete connection table.
>>
>>47425946
Gmail and "Learn You Some Haskell"
>>
>>47425894
>>47425872
thanks guys, now all I feel is cold and alone
>>
>>47425935
I'm seriously considering a 4chan pass
I would rather give money to 4chan than anything I type on here to google
>>
File: Untitled.png (33KB, 677x342px) Image search: [iqdb] [SauceNao] [Google]
Untitled.png
33KB, 677x342px
>>47424972
>>
>>47424972
Lots of shit I can't show.

red is muh session name
green is muh skype friends
blue is muh vps + private proxy

Didn't hide muh ponyshit, feel free to call me a faggot.
>>
>>47425976
>2 tabs

well, that's why. go on one of the news sites or something and watch as that output list up like a fucking christmas tree.
>>
>>47425946
install linux and do it yourself, using windows is bad
>>
>>47424972
>tfw never made an account on faceshit
>tfw move away and happy my classmates and ex-gf from HS will never find me again
>mfw some bitch that likes me looked me up on faceshit and found me tagged shit some of them and my ex-gf said about me

I fucking hate Jewckerberg
>>
>>47425995
>frenchy ponyfucker
damn dude... that's a lot of shit. everyone's spying on you.
>>
>>47425989
I gotta wonder if buying the fortune pass actually really removes google completely from your fortune browsing experience. it'd be gay to pay $20 just to find google still listening on the page
>>
>>47425995
How the fuck did you get Skype running on Linux
>>
>>47425992
i just got shamed for the same thing, windows doesn't let you look at that info apparently
>>
>>47425992
Sorry kid, only real OS'es need apply... OS X, Linux etc.
>>
>>47425992
>>47426029
netstat -b
>>
>>47424972
Its : # rm -R /*
Idiots
>>
>>47426051
>*
fucking pleb
>>
>>47426047
>real OS
>OS X
pick one
>>
>>47425972
or i just type "su" ... which is no problem on either of my three devices. also my router can show me all connections too (good ol' wrt54gl)
>>
>>47425796
It can take your keystrokes and your clipboard contents.

But the captcha is transmitting your mouse movement to see if you're a bot.
>>
>>47426068
it's real Unix. now go fume some moar.
>>
>>47426083
can be a flying fucking unicorn, I couldn't care less
>>
>>47426050
Alternatively
Get-NetTCPConnection -State established
in PowerShell
>>
File: Untitled.png (106KB, 666x1030px) Image search: [iqdb] [SauceNao] [Google]
Untitled.png
106KB, 666x1030px
>>47426050
thanks bro for having the perseverance get through my thick skull

I dont understand what I'm looking at
>>
>>47426059
Last time. Your mom says to call me daddy faggit
>>
Reminder of a news from few days ago...

>Report: Facebook tracks all visitors, even if you’re not a user and opted out

http://arstechnica.com/tech-policy/2015/03/report-facebook-tracks-all-visitors-even-if-youre-not-a-user-and-opted-out/
>>
>>47425995
hoofbump, you sorry sack of shit...
>>
>>47426015
that's fucking terrible
fucking dumbass bitch
and fucking invading-your-privacy facebook
>>
>>47424972
I need to do more to get away from the botnet.
>>
>>47426120
That's news every few months.
>>
>>47426109
damn son! go install some privacy tools.
>>
>>47426025
It's not hard, the skype website has links to install it on loonicks
>>
>>47426025
It used to be tricky but now skype has released 64bit packages pour debian/ubuntu:
www.skype.com/go/getskype-linux-beta-ubuntu-64
>>
>>47425894
>implying this isn't a good Windows feature that freetards wish they have.

The only thing saving Linux from viruses is that nobody cares to make one, the moment some malicious developer releases Linux malware targeting the average user, you will hear an uproar about how much power the Linux OS gives root. If your machine is rooted you are fucked, the root can do anything on Linux, even overheat your CPU and GPU, (setting fan speed to 0%) melting them and frying the computer, or erasing all your data.

Windows is at least protected somewhat by how the "standard administrator account" doesn't have the highest permissions actually, stuff via Task Scheduler (NT_SYSTEM_AUTHORITY) etc is one step above it.
>>
>>47425927
doesn't seem very informative
Active Connections

Proto Local Address Foreign Address State Offload State

TCP 0.0.0.0:135 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:445 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:2869 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:3580 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49152 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49153 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49154 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49158 ss-HP:0 LISTENING InHost
TCP 0.0.0.0:49159 ss-HP:0 LISTENING InHost
TCP 10.109.49.19:139 ss-HP:0 LISTENING InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59919 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59930 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59937 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59948 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59955 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59964 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59972 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59981 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59987 TIME_WAIT InHost
TCP 10.109.49.19:2869 BEHERAKI-PC:59994 TIME_WAIT InHost
>>
>>47426099
with brew from developer packages you can even install most linux packages

>>47426109
Each of the middle column, foreign address, is the ip address of a server you're connected to. every time you go to w ebsite you connect to a server so it's normal to see many entires if you've got a lot of tabs open
>>
File: Connections.png (31KB, 1068x493px) Image search: [iqdb] [SauceNao] [Google]
Connections.png
31KB, 1068x493px
Who the fuck needs command from the 90s when you got JEE YOU EYE
>>
>>47426120
that's news from years ago
they have thousand page long "shadow profiles" of every use they can get

you know those facebook like buttons on websites? whenever you see that, facebook knows YOU were there, and records it.
>>
Nothing. It's a server tho.
>>
>>47426025
>ubuntu
install synaptics (sudo apt-get install synaptic)
run synaptic
Open somewhere in the menus "package Sources"
enable 3rd party sources aka canonical partner
press on update
install skype
>>
[my:ip:address]:33112->[2400:cb00:2048:1::be5d:f719]:https (ESTABLISHED)
[my:ip:address]:40542->[2400:cb00:2048:1::8d65:7997]:https (ESTABLISHED)
[my:ip:address]:56119->dfw06s46-in-x04.1e100.net:https (ESTABLISHED)
[my:ip:address]:53785->[2400:cb00:2048:1::be5d:f51a]:https (ESTABLISHED)
(some url from the domain I connect with)->190.93.247.5:https (ESTABLISHED)
>>
File: ye olde cmd.png (12KB, 615x293px) Image search: [iqdb] [SauceNao] [Google]
ye olde cmd.png
12KB, 615x293px
>>47425846
Top kek

>>47424972
Best thing I can give you from this shitty PC OP
>>
>>47426169
where's the "Foreign" addresses?
>>
>>47426167
>even overheat your CPU and GPU, (setting fan speed to 0%)

So can adminstrator tier software in Windows. They can also change the voltages.
>>
>>
>>47425995
Also, emacs/python couples are listed because I have a webkit-browser in emacs using python.

Yes, that's bloated and useless.
>>
>>47426173
>Each of the middle column, foreign address, is the ip address of a server you're connected to. every time you go to w ebsite you connect to a server so it's normal to see many entires if you've got a lot of tabs open
No, most websites close the connection every time they deliver you data. Only AJAX/Comet JS stuff keeps connections open so they stream data to and from the client. 99% of those are trackers, advertisers and other scum of the internet.
>>
>>47426180
Leenux fags are stuck in the 80s
>>
>>47426180
>svchost.exe

I always wondered, what does this program do on Windows? I looked at a friend's PC once and he had like 8 instances of these running, is it literally just an all-purpose botnet client?
>>
>>47426230
I don't know
that's what came in the output

those foreign address names look like the computer names that come in samba sharing
I have to use a proxy to connect to the internet btw.
>>
>>47426241
recaptcha is the fucking devil yet 4chins uses this shit.
>>
>>47426167
>implying this isn't a good Linux feature that wintards wish they have.

The only thing saving Windows from viruses is that nobody cares to make one, the moment some malicious developer releases Windows malware targeting the average user, you will hear an uproar about how much power the Windows OS gives NT_System_Authority. If your machine is running you are fucked, the NT can do anything on Windows, even overheat your CPU and GPU, (setting fan speed to 0%) melting them and frying the computer, or erasing all your data.

Linux is at least protected somewhat by how the SELinux Standard, Apparmor, Being higher security by default ect works. But why should i know what i talk about? i just spew OS Hate and feel myself superior for paying a hundred shekels to microsoft.


fits.

Also every OS has security risks. If one has root or NT_Authority you are fucked. an Adminuser can do as much damage on windows and by another breach become NT_authority. so what?

Fact is: linux' code gets reviewed and fixed by thousands (or worsened sometimes). who reads trough Internet Explorer's Source to make sure there isn't an easy way around the sandboxing?

altough large aprts of open source never will be reviewed the linux kernel itself i bet on is more secure, stable and fast than NT ever was
>>
>>47426262
Afaik some Internet services comes as svchost
>>
>>47426262
It hosts the svcs
Duh
>>
>>47426262
It's one of those shitty Windows features where they have a single thing do many things and you can never know what they are. I think it's for services that are initiated at startup or something.
>>
>>47426262
Usually a virus.
>>
>>47426262
it is the host process for windows services
I guess the ones in services tab in task manager
>>
>>47426278
with moot gone who will protect us now?
>>
>>47426289
>and you can never know what they are
Yes you can, you guys just don't know how to use task manager
>>
>>47426293

>Usually a virus.

usually an idiot that says that. https://en.wikipedia.org/wiki/Svchost.exe
>>
>>47426309
no one. now we're in the hands of anonymous people who are not publicly responsible to the community. at least when you know who's on the top, you know that they bear some responsibility to what's going on.
>>
>>47426128
I was sitting in a uni class at first hour and the girl comes and sits down right next to me:

>Anon i looked you up on FB cause i wanted to talk to you about some calculus stuff
>I couldn't find you, but you were tagged to some stuff some people from another country posted
>W-what kind of stuff?
>Shows me on her phone
>faggots and ex-gf talking shit about me behind my back cause i left

Worst shit ever anon, i don't wish death on anyone but i hope some autist shoots up the facebook headquarters with jewckerberg and his board of directors inside.
>>
>>47426324
Please illuminate me.
>>
>>47426279
10/10
>>
>>47426293
Fuck you man, when I read this post I tried to kill all my svchost.exe instances and a lot of programs stopped working and then eventually I had to reboot my computer.

I guess some are essential to the OS? fuck this is confusing, I don't know how to tell which ones are viruses or botnets
>>
>>47426341
gay dude, gay
>>
>>47426342
In task manager:
Method 1: Right click on an instance of svchost.exe in the processes tab and choose "go to services". This brings you to the services tab with the services being managed by that instance of svchost highlighted

Method 2: Add the PID (aka process ID) column to the processes tab. Cross-reference with the PID column in the services tab
>>
File: 1405741150827.png (13KB, 555x407px) Image search: [iqdb] [SauceNao] [Google]
1405741150827.png
13KB, 555x407px
>>47426350
>I tried to kill all my svchost.exe instances and a lot of programs stopped working and then eventually I had to reboot my computer.

Do you really think you can just try and kill a virus without consequences?
>>
>>47426369
To add:
Method 3: Go to resource monitor instead, go the CPU tab, and check on of the svchost processes. The services box will automatically filter itself to the services that are running under the process(es) you checked
>>
>>47426387
>>47426350
you need to delete winlogon.exe with it. and while you are at it the viruses probably got themselves stuck deep inside system32. But worry not! just delete that pesky folder with admin rights and all your viruses should be gone
>>
>>47426427
Does windows even let you do that anymore?
>>
>>47426436
if not there is that unlocker app that deletes them upon reboot when they are not used
>>
File: much information.png (3KB, 1069x15px) Image search: [iqdb] [SauceNao] [Google]
much information.png
3KB, 1069x15px
>>47426369
>>47426402
Either my windows is too old or you're full of shit.
>>
>>47426496
maybe you are just retarded
what he told works on windows 7
>>
[email protected] ~ $ lsof -i | grep -i established
chromium 6880 pieman 76u IPv4 96960 0t0 TCP nix64d:34843->141.101.114.26:http (ESTABLISHED)
chromium 6880 pieman 113u IPv4 97448 0t0 TCP nix64d:34848->141.101.114.26:http (ESTABLISHED)
chromium 6880 pieman 190u IPv4 91073 0t0 TCP nix64d:50906->stackoverflow.com:https (ESTABLISHED)
[email protected] ~ $


chromium with adblock with 7 filters and https switchboard with adblock filters enabled.
>>
For windows run 'netstat' in command prompt
>>
>>47426496
If you run 14 year old software you don't get to bitch about missing features
>>
How is it that my only botnet connection is to Cloudflare? I have a large amount of Google pages open.
>>
File: a.jpg (16KB, 529x146px) Image search: [iqdb] [SauceNao] [Google]
a.jpg
16KB, 529x146px
>>47424972
So 4chan and 4chan cdn. Win7/Firefox/NoScript.
What bugs me is that I don't see the torrent connections, why is that ?
>>
>>47426577
Is torrent using UDP?
>>
>>47426515
Get your eyes checked
>>47426536
This is /g/ I can complain about anything I want
>>
>>47424972
firefox  5024 anon   35u  IPv4 7494572      0t0  TCP localhost:38114->localhost:3128 (ESTABLISHED)
firefox 5024 anon 47u IPv4 7516915 0t0 TCP localhost:38119->localhost:3128 (ESTABLISHED)
firefox 5024 anon 67u IPv4 6571390 0t0 TCP localhost:37695->localhost:3128 (ESTABLISHED)
ncmpcpp 11727 anon 4u IPv4 1584333 0t0 TCP localhost:55796->localhost:6600 (ESTABLISHED)


what botnets?
>>
>>47426586
Most likely.
>>
>>47426180
>needs gui to read text
k
>>
fyi, for windows users you want to run netstat -b -f as admin
>>
>>47426702
thank you for telling this to everyone after 120 replies and not even trying to Ctrl+F
>>
>>47426746
none of the replies included -b -f

Also, what the fuck is nephoscale? Shows up whenever I start firefox
>>
>>47426523
>cloudflare

is Cloudflare NSA operation?
>>
>>47426611
>no tabs open
nice one
>>
>>47425639
Thread sure didn't survive, did it.
>>
File: 1.png (15KB, 553x321px) Image search: [iqdb] [SauceNao] [Google]
1.png
15KB, 553x321px
>>47426823
>nephoscale
>>
>>47426881
What I'm wondering is what the fuck is connecting to that if all I have open is google.com. Time to start disabling add-ons...
>>
>>47426860
>not knowing cloudflare
you connecting to cloudflare yourself
>>
>>47426823
>nephoscale
>>
>>47426874
A thread about text editors was just deleted for no reason.

https://rbt.asia/g/thread/47423394
>>
>connected to google
>leave 4chan for google-free 001000chan, wait a minute
>still connected to google
>>
>>47424972
That's what you get for using Firefox®.
>>
File: Captur111e.png (68KB, 833x784px) Image search: [iqdb] [SauceNao] [Google]
Captur111e.png
68KB, 833x784px
>>
>>47424972
'lsof' is not recognized as an internal or external command,operable program or batch file.
>>
>>47426871
kek anon, just use a fucking noscript+request policy + good host file
>http://someonewhocares.org/hosts/

stop projecting your incompetence
>>
'lsof' is not recognized as an internal or external command,
operable program or batch file.
>>
>>47426942
>001000
that's 8 dude
oh
ooooooooohhhhhhhhhhhhhhhhhhh
>>
>>47426946
why ant it show full domain name of the foreign address?

try -f option?
>>
>>47426983
More... How do i do that?
>>
>>47426942
it has no tracking. and it doesn't connect to google. some other site in your tab or some add-on is connecting to google.
>>
File: Untitled.png (30KB, 594x478px) Image search: [iqdb] [SauceNao] [Google]
Untitled.png
30KB, 594x478px
>>
>>47426983
>http://someonewhocares.org/hosts/
thanks ill use it.
>>
>>47427063
do what?
as I said I am using only cookie monster, self destructing cookies, noscript, request policy and that host file
>>
>>47427079
stop playing world of warcraft
>>
File: Capture11111.png (47KB, 779x466px) Image search: [iqdb] [SauceNao] [Google]
Capture11111.png
47KB, 779x466px
>>47427047
>>
Am I safe from the NSA, /g/
>>
>>47426983
Thanks dude I'm going to use that. But first I might write a bash script using curl to make the hosts file for me, that way i can just run the bash script to update the hosts file
>>
File: beautifulliar.gif (990KB, 500x207px) Image search: [iqdb] [SauceNao] [Google]
beautifulliar.gif
990KB, 500x207px
>>47424972
Are you actively making the connection? Or is it happening without any input from you? If you're doing it yourself shut the fuck up retard.
>>
>>47427108
>google talk
>telegram
nope.
>>
>>47427047
try : netstat -an
>>
>>47427108
not really. it seems that google and a bunch of other botnets on AWS are collecting it all.
>>
>>47427120
np anon, dont forget to make gui in visual basic to track the killer
>>
>>47426881
>>47426911
>>47427072
For those wondering, ghostery was the add-on leaving a persistent connection to services hosted by nephoscale
>>
>>47427150
and people were arguing with me that ghostery is not a placebo botnet
>>
>>47427150
Hmmmm...interesting.
>>
>>47424972
actually a nice and usefull thread, you are a cool guy OP
>>
>>47427150
Disable Ghostrank. Then it won't send anything.

I am running it. I don't see any connections to nephoscale.
>>
'lsof' is not recognized as an internal or external command, operable program or batch file.
>>
>>47427206
Ghostrank is disabled. Do you have autoupdate enabled?
>>
>>47427148
it's a bash script it doesn't need a gui
>>
>>47427220
>Ghostrank is disabled. Do you have autoupdate enabled?
Yes I do. Something else is connecting to nephoscale...

Also, when you click update, it connects to:

https://cdn.ghostery.com/

not nephoscale.
>>
File: mybotnets.png (49KB, 501x1032px) Image search: [iqdb] [SauceNao] [Google]
mybotnets.png
49KB, 501x1032px
Heres mine and screw you, im using Windows
>>
>>47427236
oh you...
>>
>>47424972
4chan, fuckbook, and google chrome. The botnet if anally raping me r/n
>>
>>47427216
try: tcpdump -tulpn
>>
>>47427272
<-- my options
>>
>>47427282
can't see shit son. you didn't even show the actual domains it's connected to... just a bunch of subdomains.

also, google botnet is constantly serving me pictures of beer. if I was alcoholic, I'd be pissed. All I see are beer & sushi captchas.
>>
>>47427272
You were correct - looks like I didn't give the connection enough time to establish while clicking through add-ons
It's not ghostery - ghostery does not open any new connections.
Privacy badger from the fucking EFF on the other hand....
>>
>>47427384
>It's not ghostery - ghostery does not open any new connections.
Yep! It doesn't leave any connections open. It connects to update and immediately closes the socket. You can see it in console.

>Privacy badger from the fucking EFF on the other hand....

I do not trust EFF anymore. have you read what Assange wrote about them? Scary.
>>
I ran this in android
no output
>>
>>47427437
You do not have enough privileges on Android to get any meaningful output. It just shows you what the current shell is doing. It's useless.
>>
>>47427435
Yeah, dropping that add-in. Don't know if it was ever really helping or not anyway.
>>
>>47427435
>I do not trust EFF anymore. have you read what Assange wrote about them? Scary.
Whud he say?
>>
>>47427435
>Assange
>>
>>47427482
Apparently google is paying at least half of their costs
>>
>>47427511
“The EFF is a great group, and they’ve done good things for us, but nonetheless it is significantly funded by Google, or people who work at Google,” says Assange.

http://www.theregister.co.uk/2014/10/14/assange_bollocks_google_eff/
>>
>>47427602
isnt https everywhere from EFF too?
Something about them always looked shady to me, maybye its just how they removed https everywhere from firefox addon page
>>
>>47427602
>>47427511
Interesting fact... Assange used to be a huge here over at HN... until he started exposing Google's connections to State Department/NSA/CIA ... since then, he's been a pariah there.

HN is crawling with google employees.
>>
>>47425846
You don't want to see what's running ESTABLISHED in Windows. Trust me.
.
Don't get me started on the darm, service host.
>>
>>47427646
>isn't https everywhere from EFF too?

Yep

>Something about them always looked shady to me, maybe its just how they removed https everywhere from firefox addon page

I don't have it installed either. I don't trust them one bit.
>>
File: 1426259006229.jpg (69KB, 960x501px) Image search: [iqdb] [SauceNao] [Google]
1426259006229.jpg
69KB, 960x501px
>>47427657
>>
What is the metacharacter sequence to make a bash script act as if i hit enter?
I recorded a script and the output had ^M for every time I hit enter, but when I put that into my bash script I didn't get it to carriagereturn/newline/enter, it just echo'd "^M"
>>
>>47427657
HN?
>>
>>47427709
hacker news... aka censorship heaven... shithole of a site.
>>
>>47427646
oh no, NOW I remember why I stopped trusting them
>the EFF produced a "score card" of how well Silicon Valley giants protect individual privacy called Who's Watching Your Back? – the EFF gave Google and Facebook top marks.
>>
>>47427726
>the EFF gave Google and Facebook top marks.
I remember that!!!

hahahahaha...

EFF... not even once.
>>
>>47427699
why would you need that in a script?
>>
>>47427743
someone should update 4chan wiki about all this shit from this thread (like EFF, ghostery, host files etc...)
>>
>>47427754
to write a message to every user online simultaneously
>>
>>47424972
>live in australia
whole country is 1984 now
>>
>>47427770
agreed.

btw, my main ad blocking is done through hosts file. seems like a lot more efficient than running all kinds of plugins/addons.
>>
>>47427794
are you using some other entries than in here? >>47426983
I really have to go to sleep, hope this thread will still be up tomorrow
>>
>>47427822
this is also a good list:

http://winhelp2002.mvps.org/hosts.htm

I periodically add my own to it.... shit I come across that bothers me.

It's so damn faster than and easier on the browser than using add ons.
>>
>>47427787
wtf happened to Straya? why did it go full-on commie?
>>
File: Capture.png (140KB, 711x367px) Image search: [iqdb] [SauceNao] [Google]
Capture.png
140KB, 711x367px
>>
android shell
>>
>>47427925
Daaamn. That's a lot! So much spyware in Android... to seems that every free app in Play Store makes money by spying on users.
>>
>>47425688
that space
nice Ctrl+C m8
>>
wow

I tried to read this thread, but the tinfoil autism is too strong in you kids
>>
File: 1400881007543.png (38KB, 620x790px) Image search: [iqdb] [SauceNao] [Google]
1400881007543.png
38KB, 620x790px
firefox 2491 Connic   45u  IPv4  79286      0t0  TCP kunt:53021->190.93.247.25:https (ESTABLISHED)
firefox 2491 Connic 47u IPv4 79397 0t0 TCP kunt:pmcd->141.101.115.26:https (ESTABLISHED)
firefox 2491 Connic 55u IPv4 79580 0t0 TCP kunt:57839->lax17s04-in-f4.1e100.net:https (ESTABLISHED)
firefox 2491 Connic 63u IPv4 80601 0t0 TCP kunt:55139->lax17s04-in-f3.1e100.net:https (ESTABLISHED)
firefox 2491 Connic 64u IPv4 84373 0t0 TCP kunt:41520->lax02s21-in-f14.1e100.net:https (ESTABLISHED)
>>
>>47429949
looks like Google + stuff behind Cloudflare for you. I wonder wtf are they sending...

>>47429810
Go to bed grandpa.
>>
>>47429810
yeah you're really uninformed, we're not being paranoid here
>>
>>47425796
>massive violation of privacy
>privacy
>>
'lsof' is not recognized as an internal or external command,
operable program or batch file.
>>
File: durr.png (271KB, 960x531px) Image search: [iqdb] [SauceNao] [Google]
durr.png
271KB, 960x531px
Not a whole lot.
>>
>>47425746
Firefox uses it for crash reporting or something.
>>
>>47424972
Just Jewgle.
>>
>>47424972
Nice try, MPAA.
>>
File: 1352191521770.png (30KB, 275x200px) Image search: [iqdb] [SauceNao] [Google]
1352191521770.png
30KB, 275x200px
>>47425789
>"hey this user posts in lollypop threads every day he's a pedrofyle"

I don't see the problem, if they can remove pedo scum from the streets to stop them from raping our children it's a good thing.
>>
>>47425748
>2014
>using cuckcuckgo
>>
Chrome * 15. I've got two tabs open
>>
mono 847 5u IPv4 18586 0t0 TCP localhost.localdomain:59330->localhost.localdomain:33580 (ESTABLISHED)
mono 847 6u IPv4 18587 0t0 TCP localhost.localdomain:33580->localhost.localdomain:59330 (ESTABLISHED)
mono 847 15u IPv4 251465 0t0 TCP localhost.localdomain:12546->localhost.localdomain:44525 (ESTABLISHED)
g15aiosta 933 4u IPv4 16363 0t0 TCP localhost.localdomain:45298->localhost.localdomain:15550 (ESTABLISHED)
konversat 941 17u IPv4 699301 0t0 TCP :54920->srsfckn.biz:simbaservices (ESTABLISHED)
konversat 941 18u IPv4 699240 0t0 TCP :54919->srsfckn.biz:simbaservices (ESTABLISHED)
akonadi_i 4416 13u IPv4 695634 0t0 TCP :50123->pd-in-f16.1e100.net:imaps (ESTABLISHED)
akonadi_i 4416 14u IPv4 279230 0t0 TCP :49598->pa-in-f16.1e100.net:imaps (ESTABLISHED)
akonadi_i 4417 12u IPv4 227219 0t0 TCP :34496->srsfckn.biz:imap (ESTABLISHED)
akonadi_i 4417 14u IPv4 696520 0t0 TCP :36778->srsfckn.biz:imap (ESTABLISHED)
firefox 4776 57u IPv4 255297 0t0 TCP localhost.localdomain:44525->localhost.localdomain:12546 (ESTABLISHED)
firefox 4776 59u IPv4 697789 0t0 TCP :48084->190.93.244.26:https (ESTABLISHED)
firefox 4776 61u IPv4 1098367 0t0 TCP :53026->141.101.115.6:https (ESTABLISHED)
firefox 4776 62u IPv4 1108147 0t0 TCP :60276->nuq04s29-in-f4.1e100.net:https (ESTABLISHED)
firefox 4776 64u IPv4 1101942 0t0 TCP :42502->190.93.247.25:https (ESTABLISHED)
firefox 4776 70u IPv4 1108154 0t0 TCP :57464->lax02s20-in-f15.1e100.net:https (ESTABLISHED)

>1e100 in firefox and akonadi
Fuck off google
>>
File: nonetbots.jpg (59KB, 687x383px) Image search: [iqdb] [SauceNao] [Google]
nonetbots.jpg
59KB, 687x383px
zilch
>>
>1e100.net
anyone tried dropping that domain in iptables? would everything from google stop working including YT?
>>
>>47425879
fuck off non-gaming fag
Thread posts: 223
Thread images: 38


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.