Page 1 of 3 123 LastLast
Results 1 to 10 of 22

Thread: Connections when loading AO?

  1. #1
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133

    Connections when loading AO?

    Hey guys, I have noticed this and it has been bothering me for a little while so maybe some of you vets can shed some light on the situation. I have looked into this situation so know that I am not just flying off the handle and posting wildly. =P Whenever I go to AO (just AO nothing else open no other connections), my browser initiates over 200 connections! I know many browsers will spawn multiple TCP connections(puh like at most 20) to sites in order to speed up loading the page, but over 200? Anyway, it is always to 3 servers. Their IPs are 63.146.109.212 (DNS says this is AO so I am alright with that), 96.16.83.172 (some virtual server on akamaitertechnologies.com which is also understandable if AO is using their services to speed up traffic), and 63.236.73.147 (DNS does not resolve o.O what the f!?). The last one I am the most worried about, any ideas on who that is? The fact that I open over 200 connections is also of concern, but I was wondering if anyone else can post their browser's network stats when they log into AO so I can quell(or justify) some paranoia >.< I would be worried about spyware if the connections were that high upon start up of the browser because it would be very clear that something is piggy backing on my browser (and is very elusive), but no this is just visiting AO. It just gets curiouser and curiouser too. I am relatively concerned since this PC is my work's PC (which friggen makes me run windows mumble mumble mumble grumble mumble grumble mumble) but I have ran some boot time scans, looked through popular areas where viruses and spyware hide/leave their tracks and found nothing very conclusive (the suspicions I have I mostly just figure was windows being the overly complex operating system it is) with the exception of upon visiting AO, I find that I have downloaded a file to a weird location, as in NOT the default download location (the file has something to deal with the DB sqllite the file is called download.sqllite and is saved within some hidden directories) and also multple IE temp files (This is VERY weird since I don't USE IE) two of which are labeled as APIs >.> Can anyone else show me what goes on when they connect to AO? Better yet, can anyone offer any sage wisdom that would quell my fears and suspicions or maybe validate them? Is AO running aggressive scripts? It wouldn't make much sense since I have scripts disabled, but there could be some kind of exploit that changes that though >.< I don't know, what do you guys think?

    EDIT: Another connection just started! o.O 172.194.33.104 resolves to ipt.aol.com.... I haven't traversed any other pages either
    Last edited by SnugglesTheBear; July 14th, 2010 at 11:32 PM.

  2. #2
    HYBR|D
    Guest
    There normal.

    AO is owned by Quinn St, whom own Internet.com those connections are perfectly normal, the 1 that is timing out and not giving up any info is the IP that has the "anticode.com" data on it.

    the other ones are fore advertisement purposes, ie down the bottom of the page there is a search feature, that is calling to that aol domain.

  3. #3
    HYBR|D
    Guest
    forgot, that API's and sqllite are from the various advertisements, and .js around the site, like i mentioned AO is owned by Quinn St, whom primary objective is "Marketing" ie "Advertisements" so there is bound to be plenty of tracking cookie goodness appering

    QuinStreet

    A full-service online marketing services and technology company, specializing in direct marketing and sales and retail network services.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    General IP Information

    Hostname:63.236.73.147
    ISP:Qwest Communications
    Organization:Jupitermedia Corp.
    Proxy:None detected
    Type:Corporate
    Assignment:Static IP
    Blacklist:Services:
    Web Server (1 or more domains)

    Jupitermedia are the previous owners of AO.

    If you click on either of the links it will take you to the lookup site that I used.
    Last edited by nihil; July 15th, 2010 at 10:15 AM.

  5. #5
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Thanks guys. My fears are slightly calmed =P

    EDIT: heh, so I kinda flipped out over this stuff and just started locking everything down, reformatted, etc. etc. When I got my browser up and running, I locked it down and now and every IP address that comes from this site that isn't AO mains is now blocked >.< Pretty cool though, Completely advertisement free!
    Last edited by SnugglesTheBear; July 15th, 2010 at 07:59 PM.

  6. #6
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by SnugglesTheBear View Post
    Thanks guys. My fears are slightly calmed =P

    EDIT: heh, so I kinda flipped out over this stuff and just started locking everything down, reformatted, etc. etc. When I got my browser up and running, I locked it down and now and every IP address that comes from this site that isn't AO mains is now blocked >.< Pretty cool though, Completely advertisement free!
    Umm, you like, formatted a machine, from that? =o

    Paranoid much?

  7. #7
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    You have no idea gore >.<

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I've seen people on LSD more rational than that man lol.

  9. #9
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Well, in my defense, there were also a lot of other things going screwy with my computer. My comp was sending way too many DNS requests to be kosher, figured it might be a DNS rebinding attack or something, and it was resolving web pages I wasn't requesting and my browser of all things were also issuing DNS queries, which was a very bad sign. Along with that, a lot of my network interfaces were being disconnected. I don't know, I am not usually that paranoid with systems I am more comfortable with, linux/bsd, but I find windows to be such a mess, it is hard for me to ascertain whether it is proper or malicious behavior >.<

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hmmmmmmmmmmmm...................

    and it was resolving web pages I wasn't requesting
    We will accept that, provided you give us the URLs of the quality pr0n sites


Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 02:51 PM
  2. Connections In/Out From PC
    By mikester2 in forum Firewall & Honeypot Discussions
    Replies: 10
    Last Post: January 14th, 2005, 01:24 PM
  3. Debian xserver problem....any expert??
    By avols143 in forum Operating Systems
    Replies: 2
    Last Post: July 5th, 2004, 02:55 AM
  4. Strange Connections Part II
    By newinnash in forum Newbie Security Questions
    Replies: 7
    Last Post: February 18th, 2004, 09:09 PM
  5. Understanding DoS
    By NullDevice in forum The Security Tutorials Forum
    Replies: 21
    Last Post: December 17th, 2003, 10:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •