Spectre/Meltdown Intel ME; Rooted Firmware; RKHunter, Files checked: 137 Suspect files: 107.... "uh, I think I've been hacked"

LinuxMintyFresh · 02-22-2018, 10:39 AM

I ran into some issues on a clean Linix Mint O/S I haven't touched in years; Not a server, standalone personal machine... all of which happened shortly after hardening the TCPIP stack, disabling IPV6, removing all listening services, installing selinux, Lynis, chkrootkit, rkhunter, among others.

Thou I haven't flipped the hap bit on my ME yet. http://bit.ly/2CcUjKy I believe all of this happened while I was logged into windows on my dual boot setup. The last time I logged into linux (which I barely touched in 2 years or so) I had done so strictly to harden my system, due to hacker activity detected in windows.

Then suddenly I was unable to establish a working connection with my router in Linux Mint; This is the first time this had ever happened to me in the 8-9 years I've been using Linux. Not only that, but I could not establish a working connection even in a live distro; Only windows would connect. I tried 3-4 live distros, none worked. My first thought is compromised firmware; #1 Candidate, intel ME on an ICH10R; 9 year old mobo. SMM malware or harddrive firmware malware possibly. Though in this day and age, it could even be a mouse or keyboard for all I know.

I had found white collar hacking software on my Windows partition, a windows port of "Redis" http://bit.ly/2CcWkGJ which was whitelisted by every AV both online and offline (used ESET, Bitdefender, Avira, and Windows Defender offline scanners) Not even as a PUP; unlike many great apps like Wise Registry cleaner and Auslogics Defrag. I noticed it was running unprotected as a server and people were connecting into it.

I found some strange files here and there, one URL was labelled "US government was here" or something like that. I soon found 329 entries in my persistent route TcpIP parameters all pointing to mostly Microsoft domains, Google, and Facebook servers, Level 3, Akami, and many more; all the more suspicious. I suspect there was a VPN style MITM happening between my computer and these servers. I will post the registry file and entries below. The legit entries added automatically by my own PC were as follows: 0.0.0.0,0.0.0.0,192.168.0.1,-1
IP/Subnet/Gateway. The persistent entries added by "Big Brother" parasite spy apparatus was the other way around with an added 255.255.255.255 and "="; here is an example from it: "104.107.13.214,255.255.255.255,0.0.0.0,1"=""

What does the ordering of these numbers entail they were used for? Was it a reverse connection, like reverse HTTP/HTTPS or something like that? Please elaborate for me.

Sysinternals found that my kernel & system files were infested with the call "ntdll.dll!DbgUiRemoteBreakin+0x50" And this later changed into ntdll.dll!RtlDestroyHandleTable+0x270, (meltdown?) and I'm seeing a tonne of ntdll!Rtluserthreadstart calls as well infesting the Kernel, Dlls, and all kinds of system files. Once I hardened my machine most of these disappeared but now they are back again. I posted my findings here. http://bit.ly/2CfYBkk Others are complaining of the same issue; they suspect malware and given what the latest user has suggested, I believe possibly MBR, mouse, keyboard or harddrive firmware malware. Read this it is fascinating: http://bit.ly/2ELFPmE

He says Quote "(two weeks after a fresh install) 2 days ago there was HDD LED activity happening every second with no programs running. Through ProcMon and ProcExplorer I found an svchost.exe instance (DcomLaunch RegQueryValue 53f56307-b6bf-11d0-94f2-00a0c91efb8b) that had ntdll.dll using several ntdll.dll!DbgUiRemoteBreakin+0x50 thread(s). One of these ntdll.dll!DbgUiRemoteBreakin+0x50 threads in particular was using alot of cycles.

Answer: "I see you already posted into Technet which seems to be the only other place this is discussed. Hopefully you get an answer there. 53f56307-b6bf-11d0-94f2-00a0c91efb8b is a device class GUID for a disk or volume. The hard drive and USB devices (including the card reader) are in that class."

Disabling debugging in windows VIA Group Policy removed most of those entries, as far as I am able to tell without a debugger; Because the kernel was now protected against debuggers, the malware and hackers were causing BSODs; The kernels way of defending itself from unauthorised changes.

I have between 64-80 hooks in my IDT table in windows; They are hooking into each of my 4 cores as you can see pictured below. These disappeared immediately after installing the January spectre/meltdown rollup patch, though that was short lived.

This is what it looked like before the spectre/meltdown Windows update. The update seemed to fix the problem,
so I removed it temporarily to see if this exploit was persistent, and this is what I saw...
https://s13.postimg.org/pblsd5e7b/co...ty_Monthly.jpg
And after the Spectre/Meltdown Rollup Update: https://s13.postimg.org/6j9x9lco7/co..._Monthly_Q.jpg
As you can see the hooks were gone. However they were conveniently replaced with a new Int2e/Sysenter Hook:
https://s13.postimg.org/mhimzprgn/Wi...date_Hooks.png

I'm not sure if the second hook was the result of windows or the result of the exploit, but suggests I may be infected by spectre or meltdown (or both). Unhooking Int2e resulted in a BSOD; and triggered my intel ME onboard lan to power on immediately after post via MINIX. http://bit.ly/2ooadZm Because I was interfering with their spying, they even changed the mac address on my hitron router and changed my routers passwords; they were using my shitty little router as a base to launch attacks. Not long after they were hacking my router, I jumped into linux, ran rkhunter and found many system files had changed size compared to what is stored, I ran it again today and detected twice as many changes, I haven't updated any software since then. This is what I found...

/sbin $ sudo rkhunter --check
[ Rootkit Hunter version 1.4.0 ]

Checking system commands...

Performing 'strings' command checks
Checking 'strings' command [ OK ]

Performing file properties checks
Checking for prerequisites [ Warning ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ Warning ]
/usr/sbin/cron [ Warning ]
/usr/sbin/groupadd [ Warning ]
/usr/sbin/groupdel [ Warning ]
/usr/sbin/groupmod [ Warning ]
/usr/sbin/grpck [ Warning ]
/usr/sbin/nologin [ Warning ]
/usr/sbin/prelink [ Warning ]
/usr/sbin/pwck [ Warning ]
/usr/sbin/rsyslogd [ Warning ]
/usr/sbin/sestatus [ Warning ]
/usr/sbin/tcpd [ Warning ]
/usr/sbin/useradd [ Warning ]
/usr/sbin/userdel [ Warning ]
/usr/sbin/usermod [ Warning ]
/usr/sbin/vipw [ Warning ]
/usr/bin/awk [ OK ]
/usr/bin/basename [ Warning ]
/usr/bin/chattr [ Warning ]
/usr/bin/cut [ Warning ]
/usr/bin/diff [ Warning ]
/usr/bin/dirname [ Warning ]
/usr/bin/dpkg [ Warning ]
/usr/bin/dpkg-query [ Warning ]
/usr/bin/du [ Warning ]
/usr/bin/env [ Warning ]
/usr/bin/file [ Warning ]
/usr/bin/find [ Warning ]
/usr/bin/GET [ OK ]
/usr/bin/groups [ Warning ]
/usr/bin/head [ Warning ]
/usr/bin/id [ Warning ]
/usr/bin/killall [ Warning ]
/usr/bin/last [ Warning ]
/usr/bin/lastlog [ Warning ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ Warning ]
/usr/bin/lsattr [ Warning ]
/usr/bin/lsof [ OK ]
/usr/bin/lynx [ Warning ]
/usr/bin/md5sum [ Warning ]
/usr/bin/mlocate [ Warning ]
/usr/bin/newgrp [ Warning ]
/usr/bin/passwd [ Warning ]
/usr/bin/perl [ Warning ]
/usr/bin/pgrep [ Warning ]
/usr/bin/pkill [ OK ]
/usr/bin/pstree [ Warning ]
/usr/bin/rkhunter [ OK ]
/usr/bin/runcon [ Warning ]
/usr/bin/sha1sum [ Warning ]
/usr/bin/sha224sum [ Warning ]
/usr/bin/sha256sum [ Warning ]
/usr/bin/sha384sum [ Warning ]
/usr/bin/sha512sum [ Warning ]
/usr/bin/size [ Warning ]
/usr/bin/sort [ Warning ]
/usr/bin/stat [ Warning ]
/usr/bin/strace [ Warning ]
/usr/bin/strings [ Warning ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ Warning ]
/usr/bin/test [ Warning ]
/usr/bin/top [ Warning ]
/usr/bin/touch [ OK ]
/usr/bin/tr [ Warning ]
/usr/bin/uniq [ Warning ]
/usr/bin/users [ Warning ]
/usr/bin/vmstat [ Warning ]
/usr/bin/w [ OK ]
/usr/bin/watch [ Warning ]
/usr/bin/wc [ Warning ]
/usr/bin/wget [ Warning ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ Warning ]
/usr/bin/which [ OK ]
/usr/bin/who [ Warning ]
/usr/bin/whoami [ Warning ]
/usr/bin/gawk [ OK ]
/usr/bin/lwp-request [ OK ]
/usr/bin/w.procps [ Warning ]
/sbin/depmod [ OK ]
/sbin/fsck [ Warning ]
/sbin/ifconfig [ Warning ]
/sbin/ifdown [ OK ]
/sbin/ifup [ Warning ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/rmmod [ OK ]
/sbin/route [ Warning ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ Warning ]
/sbin/sysctl [ Warning ]
/bin/bash [ Warning ]
/bin/cat [ Warning ]
/bin/chmod [ Warning ]
/bin/chown [ Warning ]
/bin/cp [ Warning ]
/bin/date [ Warning ]
/bin/df [ Warning ]
/bin/dmesg [ Warning ]
/bin/echo [ Warning ]
/bin/ed [ Warning ]
/bin/egrep [ Warning ]
/bin/fgrep [ Warning ]
/bin/fuser [ Warning ]
/bin/grep [ Warning ]
/bin/ip [ Warning ]
/bin/kill [ Warning ]
/bin/less [ Warning ]
/bin/login [ Warning ]
/bin/ls [ Warning ]
/bin/lsmod [ OK ]
/bin/mktemp [ Warning ]
/bin/more [ Warning ]
/bin/mount [ Warning ]
/bin/mv [ Warning ]
/bin/netstat [ Warning ]
/bin/ping [ Warning ]
/bin/ps [ Warning ]
/bin/pwd [ Warning ]
/bin/readlink [ Warning ]
/bin/sed [ Warning ]
/bin/sh [ OK ]
/bin/su [ Warning ]
/bin/touch [ Warning ]
/bin/uname [ Warning ]
/bin/which [ OK ]
/bin/kmod [ OK ]
/bin/dash [ OK ]

[06:29:53] Info: Starting test name 'filesystem'
[06:29:53] Performing filesystem checks
[06:29:53] Info: SCAN_MODE_DEV set to 'THOROUGH'
[06:29:53] Checking /dev for suspicious file types [ Warning ]
[06:29:53] Warning: Suspicious file types found in /dev:
[06:29:53] /dev/.udev/rules.d/root.rules: ASCII text

SUBSYSTEM=="block", ENV{MAJOR}=="8", ENV{MINOR}=="21", SYMLINK+="root"
ENV{MINOR}=="21" this is supposed to be a hard drive or partition, is it not?

[06:29:53] Checking for hidden files and directories [ Warning ]
[06:29:53] Warning: Hidden directory found: /etc/.java: directory
[06:29:53] Warning: Hidden directory found: /dev/.udev: directory
[06:29:53] Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

[06:30:22] System checks summary
[06:30:22] =====================
[06:30:22]
[06:30:22] File properties checks...
[06:30:22] Required commands check failed
[06:30:22] Files checked: 137
[06:30:22] Suspect files: 107
[06:30:22]
[06:30:22] Rootkit checks...
[06:30:22] Rootkits checked : 292
[06:30:22] Possible rootkits: 0

Chkrootkit: Searching for Suckit rootkit... Warning: /sbin/init INFECTED

I do not believe this was detected initially when I installed Chkrootkit a couple weeks ago. I am running SElinux; in passive mode, enforced will not boot.
Uninstalling SElinux requires 300-500 system files to be removed with it; maybe even more. I think every one of them. Kind of a catch 22. Is this normal?
Makes me wonder if SElinux can be hijacked and turned against the user; What if you have hardware level rootkits?

I've seen people saying "WOW" I'VE NEVER SEEN THAT MANY when only 8 files have changed;

Does RK hunter take in mind the hash of the true original install files in storage, or does it only take snapshots thus updating system files will cause a false alarm?
What are your thoughts?

jsbjsb001 · 02-24-2018, 03:45 PM

Code:

[root@localhost ~]# rkhunter --help

Usage: rkhunter {--check | --unlock | --update | --versioncheck |
                 --propupd [{filename | directory | package name},...] |
                 --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |
                 --config-check | --version | --help} [options]

You have to run rkhunter with the option in bold above, if you have updated your system. Otherwise rkhunter will not know about the updated system commands.

Trihexagonal · 02-26-2018, 04:55 AM

Quote:

Originally Posted by LinuxMintyFresh

I found some strange files here and there, one URL was labelled "US government was here" or something like that.

You have 2 options as I see it from there:

1. Download my CIA Info Ops wallpaper and use it from now on.

2. Reboot and rebuild the whole disk.

I'd go with Option 2 if it were me.

There's really no point reading past that sentence except for the added info. That speaks volumes to me.

Unless there's something you're not telling us about possible affiliations that might interest the Feds...

Habitual · 02-26-2018, 11:36 AM

rkhunter without configuration is like
bringing sand to the beach.
and current is 1.4.4

LinuxMintyFresh · 02-26-2018, 05:15 PM

Quote:

Originally Posted by jsbjsb001

[CODE]
You have to run rkhunter with the option in bold above, if you have updated your system. Otherwise rkhunter will not know about the updated system commands.

Thank you so much jsbjsb001, I really appreciate your help. I did not realize RKhunter was that blind. It would be much nicer if Rkhunter would at least try to take note of the hashes inside the latest cached install files if they are available, if it found a warning sign, so its not so blind and in constant need of attention.

Quote:

Originally Posted by Habitual

rkhunter without configuration is like
bringing sand to the beach.
and current is 1.4.4

Thanks Habitual; I'll give it a look!

Habitual · 02-27-2018, 08:32 AM

Quote:

Originally Posted by LinuxMintyFresh

Thanks Habitual; I'll give it a look!

Your post is quite lucid, and contains a lot of information.
but not much detail...

What binary version/architcture of redis-2 ??
Test any suspect files at https://virustotal.com for analysis ???
"rkhunter 1.4.0" is the most actionable detail you have provided. (besides your excellent reference links)

If it's not an LTS release, nuke it to Orbit.
2 years since you last used Linux OS...? Nuke it.
[Rkhunter-announce] Rootkit Hunter release 1.4.0 - May 2012

LM12 or 13 I'd guess. That's all fine. You can admin an EOL box if you want, once you learn what to expect.

/etc/default/rkhunter may not exist on a manual install in an Ubuntu-based system, which I tend to do as the Ubu repos are usually a version behind.

The additional info that got my attention was the APT_AUTOGEN="yes" reference (this is "new" to me).
and I found some actionable facts on the net.

It is my opinion that there is no need for rkhunter to be used, nor can the results be "dealt with" or mitigated on your Linux Mint O/S

Good luck.

LinuxMintyFresh · 02-28-2018, 01:11 AM

Great idea my friend, I only stick to TLS with spectre/meltdown support. Redis was installed on my windows 7 installation; I remember checking the version on github and it was the latest port of Redis-2 at the time; It had created another User on the computer; was not hardened and not secured, and was being accessed remotely according to the tools I had used. I believe it was "redis-2.4.6-setup-64-bit.exe — Redis 2.4.6 Windows Setup (64-bit) 796KB · Uploaded on 11 Feb 2012 https://github.com/rgl/redis/downloads

I had 329 entries under "persistentroutes" (TCPIP) stack. "Normal" entries by the system appear like "0.0.0.0,0.0.0.0,192.168.0.1,-1" (IP/Subnet/Gateway)

Looks like a little "redirect" going on here? https://www.youtube.com/watch?v=2yL42OnjMcA

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\PersistentRoutes]
"104.107.13.214,255.255.255.255,0.0.0.0,1"=""
"104.210.4.77,255.255.255.255,0.0.0.0,1"=""
"104.210.40.87,255.255.255.255,0.0.0.0,1"=""
"104.214.35.244,255.255.255.255,0.0.0.0,1"=""
"104.41.207.73,255.255.255.255,0.0.0.0,1"=""
"104.43.140.223,255.255.255.255,0.0.0.0,1"=""
"104.45.11.195,255.255.255.255,0.0.0.0,1"=""
"104.45.136.42,255.255.255.255,0.0.0.0,1"=""
"104.45.214.112,255.255.255.255,0.0.0.0,1"=""
"104.46.1.211,255.255.255.255,0.0.0.0,1"=""
"104.46.50.125,255.255.255.255,0.0.0.0,1"=""
"104.69.113.196,255.255.255.255,0.0.0.0,1"=""
"104.69.140.179,255.255.255.255,0.0.0.0,1"=""
"104.69.140.181,255.255.255.255,0.0.0.0,1"=""
"104.70.210.203,255.255.255.255,0.0.0.0,1"=""
"104.73.211.105,255.255.255.255,0.0.0.0,1"=""
"104.73.211.159,255.255.255.255,0.0.0.0,1"=""
"104.73.215.154,255.255.255.255,0.0.0.0,1"=""
"104.73.217.91,255.255.255.255,0.0.0.0,1"=""
"104.73.220.170,255.255.255.255,0.0.0.0,1"=""
"107.20.234.199,255.255.255.255,0.0.0.0,1"=""
"107.21.246.114,255.255.255.255,0.0.0.0,1"=""
"111.221.29.177,255.255.255.255,0.0.0.0,1"=""
"111.221.29.254,255.255.255.255,0.0.0.0,1"=""
"13.107.3.128,255.255.255.255,0.0.0.0,1"=""
"13.107.4.50,255.255.255.255,0.0.0.0,1"=""
"13.107.5.88,255.255.255.255,0.0.0.0,1"=""
"13.76.219.191,255.255.255.255,0.0.0.0,1"=""
"13.76.219.210,255.255.255.255,0.0.0.0,1"=""
"131.107.113.238,255.255.255.255,0.0.0.0,1"=""
"131.253.14.121,255.255.255.255,0.0.0.0,1"=""
"131.253.14.153,255.255.255.255,0.0.0.0,1"=""
"131.253.14.194,255.255.255.255,0.0.0.0,1"=""
"131.253.14.76,255.255.255.255,0.0.0.0,1"=""
"131.253.34.230,255.255.255.255,0.0.0.0,1"=""
"131.253.40.109,255.255.255.255,0.0.0.0,1"=""
"131.253.40.37,255.255.255.255,0.0.0.0,1"=""
"131.253.40.47,255.255.255.255,0.0.0.0,1"=""
"131.253.40.53,255.255.255.255,0.0.0.0,1"=""
"131.253.40.64,255.255.255.255,0.0.0.0,1"=""
"134.170.106.152,255.255.255.255,0.0.0.0,1"=""
"134.170.106.176,255.255.255.255,0.0.0.0,1"=""
"134.170.106.200,255.255.255.255,0.0.0.0,1"=""
"134.170.107.176,255.255.255.255,0.0.0.0,1"=""
"134.170.109.200,255.255.255.255,0.0.0.0,1"=""
"134.170.119.140,255.255.255.255,0.0.0.0,1"=""
"134.170.178.97,255.255.255.255,0.0.0.0,1"=""
"134.170.179.87,255.255.255.255,0.0.0.0,1"=""
"134.170.184.133,255.255.255.255,0.0.0.0,1"=""
"134.170.185.125,255.255.255.255,0.0.0.0,1"=""
"134.170.185.70,255.255.255.255,0.0.0.0,1"=""
"134.170.188.139,255.255.255.255,0.0.0.0,1"=""
"134.170.235.16,255.255.255.255,0.0.0.0,1"=""
"134.170.30.203,255.255.255.255,0.0.0.0,1"=""
"134.170.30.204,255.255.255.255,0.0.0.0,1"=""
"134.170.51.246,255.255.255.255,0.0.0.0,1"=""
"134.170.51.247,255.255.255.255,0.0.0.0,1"=""
"134.170.53.30,255.255.255.255,0.0.0.0,1"=""
"134.170.58.121,255.255.255.255,0.0.0.0,1"=""
"134.170.58.123,255.255.255.255,0.0.0.0,1"=""
"134.170.58.125,255.255.255.255,0.0.0.0,1"=""
"134.170.58.189,255.255.255.255,0.0.0.0,1"=""
"137.116.139.114,255.255.255.255,0.0.0.0,1"=""
"137.116.81.24,255.255.255.255,0.0.0.0,1"=""
"137.117.100.176,255.255.255.255,0.0.0.0,1"=""
"157.56.100.83,255.255.255.255,0.0.0.0,1"=""
"157.56.106.184,255.255.255.255,0.0.0.0,1"=""
"157.56.106.185,255.255.255.255,0.0.0.0,1"=""
"157.56.113.217,255.255.255.255,0.0.0.0,1"=""
"157.56.121.89,255.255.255.255,0.0.0.0,1"=""
"157.56.124.87,255.255.255.255,0.0.0.0,1"=""
"157.56.149.250,255.255.255.255,0.0.0.0,1"=""
"157.56.194.72,255.255.255.255,0.0.0.0,1"=""
"157.56.194.73,255.255.255.255,0.0.0.0,1"=""
"157.56.194.74,255.255.255.255,0.0.0.0,1"=""
"157.56.23.91,255.255.255.255,0.0.0.0,1"=""
"157.56.57.5,255.255.255.255,0.0.0.0,1"=""
"157.56.74.250,255.255.255.255,0.0.0.0,1"=""
"157.56.77.139,255.255.255.255,0.0.0.0,1"=""
"157.56.91.77,255.255.255.255,0.0.0.0,1"=""
"157.56.96.208,255.255.255.255,0.0.0.0,1"=""
"157.56.96.54,255.255.255.255,0.0.0.0,1"=""
"157.56.96.80,255.255.255.255,0.0.0.0,1"=""
"165.254.114.10,255.255.255.255,0.0.0.0,1"=""
"165.254.114.34,255.255.255.255,0.0.0.0,1"=""
"168.61.146.25,255.255.255.255,0.0.0.0,1"=""
"168.61.149.17,255.255.255.255,0.0.0.0,1"=""
"168.61.172.71,255.255.255.255,0.0.0.0,1"=""
"168.62.11.145,255.255.255.255,0.0.0.0,1"=""
"168.62.187.13,255.255.255.255,0.0.0.0,1"=""
"168.62.21.207,255.255.255.255,0.0.0.0,1"=""
"168.63.100.61,255.255.255.255,0.0.0.0,1"=""
"168.63.108.233,255.255.255.255,0.0.0.0,1"=""
"174.129.244.227,255.255.255.255,0.0.0.0,1"=""
"184.28.167.143,255.255.255.255,0.0.0.0,1"=""
"184.29.134.49,255.255.255.255,0.0.0.0,1"=""
"184.29.137.155,255.255.255.255,0.0.0.0,1"=""
"184.30.37.150,255.255.255.255,0.0.0.0,1"=""
"184.31.242.141,255.255.255.255,0.0.0.0,1"=""
"191.232.139.182,255.255.255.255,0.0.0.0,1"=""
"191.232.139.210,255.255.255.255,0.0.0.0,1"=""
"191.232.140.76,255.255.255.255,0.0.0.0,1"=""
"191.236.155.80,255.255.255.255,0.0.0.0,1"=""
"191.236.16.12,255.255.255.255,0.0.0.0,1"=""
"191.238.241.80,255.255.255.255,0.0.0.0,1"=""
"191.239.50.18,255.255.255.255,0.0.0.0,1"=""
"191.239.50.77,255.255.255.255,0.0.0.0,1"=""
"191.239.52.100,255.255.255.255,0.0.0.0,1"=""
"192.229.163.249,255.255.255.255,0.0.0.0,1"=""
"192.243.250.72,255.255.255.255,0.0.0.0,1"=""
"192.243.250.88,255.255.255.255,0.0.0.0,1"=""
"198.78.206.253,255.255.255.255,0.0.0.0,1"=""
"2.21.16.151,255.255.255.255,0.0.0.0,1"=""
"2.21.236.193,255.255.255.255,0.0.0.0,1"=""
"2.22.245.247,255.255.255.255,0.0.0.0,1"=""
"2.22.70.61,255.255.255.255,0.0.0.0,1"=""
"2.22.71.158,255.255.255.255,0.0.0.0,1"=""
"2.22.75.120,255.255.255.255,0.0.0.0,1"=""
"2.22.77.127,255.255.255.255,0.0.0.0,1"=""
"2.22.87.71,255.255.255.255,0.0.0.0,1"=""
"207.46.101.29,255.255.255.255,0.0.0.0,1"=""
"207.46.153.155,255.255.255.255,0.0.0.0,1"=""
"207.46.202.114,255.255.255.255,0.0.0.0,1"=""
"207.46.223.94,255.255.255.255,0.0.0.0,1"=""
"216.38.170.128,255.255.255.255,0.0.0.0,1"=""
"23.102.155.140,255.255.255.255,0.0.0.0,1"=""
"23.102.21.4,255.255.255.255,0.0.0.0,1"=""
"23.102.4.253,255.255.255.255,0.0.0.0,1"=""
"23.103.182.126,255.255.255.255,0.0.0.0,1"=""
"23.2.16.10,255.255.255.255,0.0.0.0,1"=""
"23.2.16.8,255.255.255.255,0.0.0.0,1"=""
"23.202.16.64,255.255.255.255,0.0.0.0,1"=""
"23.202.21.236,255.255.255.255,0.0.0.0,1"=""
"23.202.58.89,255.255.255.255,0.0.0.0,1"=""
"23.202.61.139,255.255.255.255,0.0.0.0,1"=""
"23.3.59.213,255.255.255.255,0.0.0.0,1"=""
"23.3.59.68,255.255.255.255,0.0.0.0,1"=""
"23.33.106.110,255.255.255.255,0.0.0.0,1"=""
"23.33.25.34,255.255.255.255,0.0.0.0,1"=""
"23.33.31.59,255.255.255.255,0.0.0.0,1"=""
"23.46.18.40,255.255.255.255,0.0.0.0,1"=""
"23.46.19.158,255.255.255.255,0.0.0.0,1"=""
"23.73.138.65,255.255.255.255,0.0.0.0,1"=""
"23.96.212.225,255.255.255.255,0.0.0.0,1"=""
"23.97.178.173,255.255.255.255,0.0.0.0,1"=""
"23.97.209.97,255.255.255.255,0.0.0.0,1"=""
"23.99.10.11,255.255.255.255,0.0.0.0,1"=""
"23.99.109.44,255.255.255.255,0.0.0.0,1"=""
"23.99.109.64,255.255.255.255,0.0.0.0,1"=""
"23.99.116.116,255.255.255.255,0.0.0.0,1"=""
"23.99.49.121,255.255.255.255,0.0.0.0,1"=""
"31.13.65.2,255.255.255.255,0.0.0.0,1"=""
"31.13.69.193,255.255.255.255,0.0.0.0,1"=""
"4.27.253.126,255.255.255.255,0.0.0.0,1"=""
"4.27.253.253,255.255.255.255,0.0.0.0,1"=""
"4.27.254.254,255.255.255.255,0.0.0.0,1"=""
"40.113.14.159,255.255.255.255,0.0.0.0,1"=""
"40.113.22.47,255.255.255.255,0.0.0.0,1"=""
"40.113.8.255,255.255.255.255,0.0.0.0,1"=""
"40.114.149.220,255.255.255.255,0.0.0.0,1"=""
"40.114.241.141,255.255.255.255,0.0.0.0,1"=""
"40.114.54.223,255.255.255.255,0.0.0.0,1"=""
"40.117.151.29,255.255.255.255,0.0.0.0,1"=""
"40.117.88.112,255.255.255.255,0.0.0.0,1"=""
"40.118.103.7,255.255.255.255,0.0.0.0,1"=""
"40.121.144.182,255.255.255.255,0.0.0.0,1"=""
"40.69.40.157,255.255.255.255,0.0.0.0,1"=""
"40.76.12.162,255.255.255.255,0.0.0.0,1"=""
"40.76.12.4,255.255.255.255,0.0.0.0,1"=""
"40.77.226.250,255.255.255.255,0.0.0.0,1"=""
"40.83.189.49,255.255.255.255,0.0.0.0,1"=""
"46.33.76.33,255.255.255.255,0.0.0.0,1"=""
"46.33.76.57,255.255.255.255,0.0.0.0,1"=""
"52.164.241.205,255.255.255.255,0.0.0.0,1"=""
"54.243.135.126,255.255.255.255,0.0.0.0,1"=""
"63.148.207.151,255.255.255.255,0.0.0.0,1"=""
"63.148.207.70,255.255.255.255,0.0.0.0,1"=""
"63.148.207.80,255.255.255.255,0.0.0.0,1"=""
"63.148.207.88,255.255.255.255,0.0.0.0,1"=""
"63.148.207.95,255.255.255.255,0.0.0.0,1"=""
"63.148.207.97,255.255.255.255,0.0.0.0,1"=""
"63.241.108.111,255.255.255.255,0.0.0.0,1"=""
"63.241.108.124,255.255.255.255,0.0.0.0,1"=""
"63.243.243.34,255.255.255.255,0.0.0.0,1"=""
"63.243.243.35,255.255.255.255,0.0.0.0,1"=""
"63.243.243.48,255.255.255.255,0.0.0.0,1"=""
"63.243.243.49,255.255.255.255,0.0.0.0,1"=""
"63.243.243.58,255.255.255.255,0.0.0.0,1"=""
"63.243.243.67,255.255.255.255,0.0.0.0,1"=""
"64.233.185.148,255.255.255.255,0.0.0.0,1"=""
"64.233.185.149,255.255.255.255,0.0.0.0,1"=""
"64.4.27.50,255.255.255.255,0.0.0.0,1"=""
"64.4.54.153,255.255.255.255,0.0.0.0,1"=""
"64.4.54.165,255.255.255.255,0.0.0.0,1"=""
"64.4.54.18,255.255.255.255,0.0.0.0,1"=""
"64.4.54.22,255.255.255.255,0.0.0.0,1"=""
"64.4.54.254,255.255.255.255,0.0.0.0,1"=""
"64.4.54.98,255.255.255.255,0.0.0.0,1"=""
"65.39.117.230,255.255.255.255,0.0.0.0,1"=""
"65.52.100.93,255.255.255.255,0.0.0.0,1"=""
"65.52.108.11,255.255.255.255,0.0.0.0,1"=""
"65.52.108.153,255.255.255.255,0.0.0.0,1"=""
"65.52.108.154,255.255.255.255,0.0.0.0,1"=""
"65.52.108.163,255.255.255.255,0.0.0.0,1"=""
"65.52.108.2,255.255.255.255,0.0.0.0,1"=""
"65.52.108.251,255.255.255.255,0.0.0.0,1"=""
"65.52.108.254,255.255.255.255,0.0.0.0,1"=""
"65.52.108.27,255.255.255.255,0.0.0.0,1"=""
"65.52.108.33,255.255.255.255,0.0.0.0,1"=""
"65.52.108.52,255.255.255.255,0.0.0.0,1"=""
"65.52.108.56,255.255.255.255,0.0.0.0,1"=""
"65.52.108.59,255.255.255.255,0.0.0.0,1"=""
"65.52.108.90,255.255.255.255,0.0.0.0,1"=""
"65.52.108.92,255.255.255.255,0.0.0.0,1"=""
"65.54.192.248,255.255.255.255,0.0.0.0,1"=""
"65.54.225.167,255.255.255.255,0.0.0.0,1"=""
"65.54.226.187,255.255.255.255,0.0.0.0,1"=""
"65.55.128.80,255.255.255.255,0.0.0.0,1"=""
"65.55.128.81,255.255.255.255,0.0.0.0,1"=""
"65.55.130.50,255.255.255.255,0.0.0.0,1"=""
"65.55.138.110,255.255.255.255,0.0.0.0,1"=""
"65.55.138.111,255.255.255.255,0.0.0.0,1"=""
"65.55.149.120,255.255.255.255,0.0.0.0,1"=""
"65.55.176.90,255.255.255.255,0.0.0.0,1"=""
"65.55.2.2,255.255.255.255,0.0.0.0,1"=""
"65.55.227.188,255.255.255.255,0.0.0.0,1"=""
"65.55.252.92,255.255.255.255,0.0.0.0,1"=""
"65.55.44.51,255.255.255.255,0.0.0.0,1"=""
"65.55.44.82,255.255.255.255,0.0.0.0,1"=""
"65.55.44.85,255.255.255.255,0.0.0.0,1"=""
"65.55.52.23,255.255.255.255,0.0.0.0,1"=""
"65.55.83.120,255.255.255.255,0.0.0.0,1"=""
"66.119.152.205,255.255.255.255,0.0.0.0,1"=""
"66.235.138.193,255.255.255.255,0.0.0.0,1"=""
"66.235.138.194,255.255.255.255,0.0.0.0,1"=""
"66.235.138.195,255.255.255.255,0.0.0.0,1"=""
"66.235.139.17,255.255.255.255,0.0.0.0,1"=""
"66.235.139.18,255.255.255.255,0.0.0.0,1"=""
"66.235.139.19,255.255.255.255,0.0.0.0,1"=""
"66.235.139.205,255.255.255.255,0.0.0.0,1"=""
"66.235.139.206,255.255.255.255,0.0.0.0,1"=""
"66.235.139.207,255.255.255.255,0.0.0.0,1"=""
"68.67.152.103,255.255.255.255,0.0.0.0,1"=""
"68.67.152.109,255.255.255.255,0.0.0.0,1"=""
"68.67.152.110,255.255.255.255,0.0.0.0,1"=""
"68.67.152.111,255.255.255.255,0.0.0.0,1"=""
"68.67.152.112,255.255.255.255,0.0.0.0,1"=""
"68.67.152.113,255.255.255.255,0.0.0.0,1"=""
"68.67.152.120,255.255.255.255,0.0.0.0,1"=""
"68.67.152.129,255.255.255.255,0.0.0.0,1"=""
"68.67.152.131,255.255.255.255,0.0.0.0,1"=""
"68.67.152.132,255.255.255.255,0.0.0.0,1"=""
"68.67.152.172,255.255.255.255,0.0.0.0,1"=""
"68.67.152.173,255.255.255.255,0.0.0.0,1"=""
"68.67.152.174,255.255.255.255,0.0.0.0,1"=""
"68.67.152.215,255.255.255.255,0.0.0.0,1"=""
"68.67.152.218,255.255.255.255,0.0.0.0,1"=""
"68.67.152.235,255.255.255.255,0.0.0.0,1"=""
"68.67.152.236,255.255.255.255,0.0.0.0,1"=""
"68.67.152.254,255.255.255.255,0.0.0.0,1"=""
"68.67.152.56,255.255.255.255,0.0.0.0,1"=""
"68.67.152.58,255.255.255.255,0.0.0.0,1"=""
"68.67.152.61,255.255.255.255,0.0.0.0,1"=""
"68.67.152.92,255.255.255.255,0.0.0.0,1"=""
"68.67.152.94,255.255.255.255,0.0.0.0,1"=""
"68.67.152.97,255.255.255.255,0.0.0.0,1"=""
"68.67.153.148,255.255.255.255,0.0.0.0,1"=""
"68.67.153.173,255.255.255.255,0.0.0.0,1"=""
"68.67.153.180,255.255.255.255,0.0.0.0,1"=""
"68.67.153.183,255.255.255.255,0.0.0.0,1"=""
"68.67.153.188,255.255.255.255,0.0.0.0,1"=""
"68.67.153.208,255.255.255.255,0.0.0.0,1"=""
"68.67.153.209,255.255.255.255,0.0.0.0,1"=""
"68.67.153.244,255.255.255.255,0.0.0.0,1"=""
"68.67.153.248,255.255.255.255,0.0.0.0,1"=""
"68.67.153.251,255.255.255.255,0.0.0.0,1"=""
"68.67.153.253,255.255.255.255,0.0.0.0,1"=""
"68.67.153.37,255.255.255.255,0.0.0.0,1"=""
"68.67.153.39,255.255.255.255,0.0.0.0,1"=""
"68.67.153.40,255.255.255.255,0.0.0.0,1"=""
"68.67.153.41,255.255.255.255,0.0.0.0,1"=""
"68.67.153.44,255.255.255.255,0.0.0.0,1"=""
"68.67.153.56,255.255.255.255,0.0.0.0,1"=""
"68.67.153.87,255.255.255.255,0.0.0.0,1"=""
"68.67.153.89,255.255.255.255,0.0.0.0,1"=""
"68.67.176.126,255.255.255.255,0.0.0.0,1"=""
"68.67.176.129,255.255.255.255,0.0.0.0,1"=""
"68.67.176.132,255.255.255.255,0.0.0.0,1"=""
"68.67.176.145,255.255.255.255,0.0.0.0,1"=""
"68.67.176.152,255.255.255.255,0.0.0.0,1"=""
"68.67.176.16,255.255.255.255,0.0.0.0,1"=""
"68.67.176.47,255.255.255.255,0.0.0.0,1"=""
"68.67.176.50,255.255.255.255,0.0.0.0,1"=""
"68.67.176.51,255.255.255.255,0.0.0.0,1"=""
"68.67.176.63,255.255.255.255,0.0.0.0,1"=""
"68.67.176.68,255.255.255.255,0.0.0.0,1"=""
"72.246.43.10,255.255.255.255,0.0.0.0,1"=""
"72.246.43.128,255.255.255.255,0.0.0.0,1"=""
"72.246.43.16,255.255.255.255,0.0.0.0,1"=""
"72.246.43.25,255.255.255.255,0.0.0.0,1"=""
"72.246.43.26,255.255.255.255,0.0.0.0,1"=""
"72.246.43.33,255.255.255.255,0.0.0.0,1"=""
"72.246.43.34,255.255.255.255,0.0.0.0,1"=""
"72.246.43.40,255.255.255.255,0.0.0.0,1"=""
"72.246.43.48,255.255.255.255,0.0.0.0,1"=""
"72.246.43.56,255.255.255.255,0.0.0.0,1"=""
"72.246.43.9,255.255.255.255,0.0.0.0,1"=""
"74.125.21.148,255.255.255.255,0.0.0.0,1"=""
"74.125.21.149,255.255.255.255,0.0.0.0,1"=""
"77.67.29.176,255.255.255.255,0.0.0.0,1"=""
"8.12.223.125,255.255.255.255,0.0.0.0,1"=""
"8.12.223.254,255.255.255.255,0.0.0.0,1"=""
"8.254.233.126,255.255.255.255,0.0.0.0,1"=""
"8.254.240.126,255.255.255.255,0.0.0.0,1"=""
"8.254.248.254,255.255.255.255,0.0.0.0,1"=""
"8.254.56.254,255.255.255.255,0.0.0.0,1"=""
"8.26.206.252,255.255.255.255,0.0.0.0,1"=""
"8.26.207.126,255.255.255.255,0.0.0.0,1"=""
"8.26.209.126,255.255.255.255,0.0.0.0,1"=""
"8.26.210.126,255.255.255.255,0.0.0.0,1"=""
"93.184.215.200,255.255.255.255,0.0.0.0,1"=""
"94.245.121.176,255.255.255.255,0.0.0.0,1"=""
"94.245.121.177,255.255.255.255,0.0.0.0,1"=""
"94.245.121.178,255.255.255.255,0.0.0.0,1"=""
"94.245.121.179,255.255.255.255,0.0.0.0,1"=""
"95.101.128.137,255.255.255.255,0.0.0.0,1"=""
"95.101.128.195,255.255.255.255,0.0.0.0,1"=""
"96.17.204.167,255.255.255.255,0.0.0.0,1"=""
"96.17.204.25,255.255.255.255,0.0.0.0,1"=""

Whats this about? Who and what would have added these? How do these entries work with the TCPIP stack? Is this reverse HTTP/TCP/VPN? or something of the like?

LinuxMintyFresh · 02-28-2018, 01:12 AM

Whois

104.107.13.214 a104-107-13-214.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
104.210.4.77 United States flag United States VA Boydton Microsoft Corporation AS8075
104.210.40.87 United States flag United States CA San Jose Microsoft Corporation AS8075
104.214.35.244 United States flag United States TX San Antonio Microsoft Corporation AS8075
104.41.207.73 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
104.43.140.223 United States flag United States IA Des Moines Microsoft Corporation AS8075
104.45.11.195 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
104.45.136.42 United States flag United States VA Washington Microsoft Corporation AS8075
104.45.214.112 United States flag United States CA San Jose Microsoft Corporation AS8075
104.46.1.211 United States flag United States VA Boydton Microsoft Corporation AS8075
104.46.50.125 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
104.69.113.196 a104-69-113-196.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.69.140.179 a104-69-140-179.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.69.140.181 a104-69-140-181.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.70.210.203 a104-70-210-203.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Time Warner Cable Internet LLC AS7843
104.73.211.105 a104-73-211-105.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.211.159 a104-73-211-159.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.215.154 a104-73-215-154.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.217.91 a104-73-217-91.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
104.73.220.170 a104-73-220-170.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
107.20.234.199 ec2-107-20-234-199.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
107.21.246.114 ec2-107-21-246-114.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
111.221.29.177 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
111.221.29.254 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
13.107.3.128 United States flag United States WA Redmond Microsoft Corporation AS8068
13.107.4.50 United States flag United States WA Redmond Microsoft Corporation AS8068
13.107.5.88 United States flag United States WA Redmond Microsoft Corporation AS8068
13.76.219.191 Singapore flag Singapore 00 Singapore Microsoft Corporation AS8075
13.76.219.210 Singapore flag Singapore 00 Singapore Microsoft Corporation AS8075
131.107.113.238 United States flag United States WA Redmond Microsoft Corporation AS3598
131.253.14.121 United States flag United States WA Microsoft Corporation AS8075
131.253.14.153 United States flag United States WA Microsoft Corporation AS8075
131.253.14.194 United States flag United States WA Microsoft Corporation AS8075
131.253.14.76 ch1ldc1.ac3.msn.com United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.34.230 bn2wns1.wns.windows.com United States flag United States VA Boydton Microsoft Corporation AS8075
131.253.40.109 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.37 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.47 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.53 United States flag United States IL Chicago Microsoft Corporation AS8075
131.253.40.64 United States flag United States IL Chicago Microsoft Corporation AS8075
134.170.106.152 United States flag United States Microsoft Corporation AS8075
134.170.106.176 United States flag United States Microsoft Corporation AS8075
134.170.106.200 United States flag United States Microsoft Corporation AS8075
134.170.107.176 bl3302-c.1drv.com United States flag United States Microsoft Corporation AS8075
134.170.109.200 United States flag United States Microsoft Corporation AS8075
134.170.119.140 United States flag United States VA Boydton Microsoft Corporation AS8075
134.170.178.97 United States flag United States Microsoft Corporation AS8075
134.170.179.87 United States flag United States Microsoft Corporation AS8075
134.170.184.133 United States flag United States WA Microsoft Corporation AS8075
134.170.185.125 United States flag United States WA Microsoft Corporation AS8075
134.170.185.70 United States flag United States WA Microsoft Corporation AS8075
134.170.188.139 United States flag United States CA San Jose Microsoft Corporation AS8075
134.170.235.16 United States flag United States Microsoft Corporation AS8075
134.170.30.203 United States flag United States VA Boydton Microsoft Corporation AS8075
134.170.30.204 United States flag United States VA Boydton Microsoft Corporation AS8075
134.170.51.246 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.51.247 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.53.30 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.121 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.123 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.125 United States flag United States IA Des Moines Microsoft Corporation AS8075
134.170.58.189 United States flag United States IA Des Moines Microsoft Corporation AS8075
137.116.139.114 Singapore flag Singapore 00 Singapore Microsoft Corporation AS8075
137.116.81.24 United States flag United States VA Boydton Microsoft Corporation AS8075
137.117.100.176 United States flag United States VA Washington Microsoft Corporation AS8075
157.56.100.83 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.106.184 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.106.185 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.113.217 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.121.89 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.124.87 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.149.250 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.194.72 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.194.73 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.194.74 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
157.56.23.91 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.57.5 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.74.250 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.77.139 United States flag United States WA Redmond Microsoft Corporation AS8075
157.56.91.77 United States flag United States IL Chicago Microsoft Corporation AS8075
157.56.96.208 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.96.54 United States flag United States VA Boydton Microsoft Corporation AS8075
157.56.96.80 United States flag United States VA Boydton Microsoft Corporation AS8075
165.254.114.10 jtc1.org United States flag United States CO Englewood NTT America, Inc. AS2914
165.254.114.34 United States flag United States CO Englewood NTT America, Inc. AS2914
168.61.146.25 United States flag United States IA Des Moines Microsoft Corporation AS8075
168.61.149.17 United States flag United States IA Des Moines Microsoft Corporation AS8075
168.61.172.71 United States flag United States IA Des Moines Microsoft Corporation AS8075
168.62.11.145 United States flag United States CA San Jose Microsoft Corporation AS8075
168.62.187.13 United States flag United States VA Washington Microsoft Corporation AS8075
168.62.21.207 United States flag United States CA San Jose Microsoft Corporation AS8075
168.63.100.61 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
168.63.108.233 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
174.129.244.227 ec2-174-129-244-227.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
184.28.167.143 a184-28-167-143.deploy.static.akamaitechnologies.com United States flag United States FL Akamai Technologies, Inc. AS35994
184.29.134.49 a184-29-134-49.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Bandcon AS26769
184.29.137.155 a184-29-137-155.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Bandcon AS26769
184.30.37.150 a184-30-37-150.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Bandcon AS26769
184.31.242.141 a184-31-242-141.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
191.232.139.182 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
191.232.139.210 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
191.232.140.76 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
191.236.155.80 United States flag United States IL Chicago Microsoft Corporation AS8075
191.236.16.12 waws-prod-blu-015.cloudapp.net United States flag United States VA Washington Microsoft Corporation AS8075
191.238.241.80 United States flag United States TX San Antonio Microsoft Corporation AS8075
191.239.50.18 United States flag United States CA San Jose Microsoft Corporation AS8075
191.239.50.77 United States flag United States CA San Jose Microsoft Corporation AS8075
191.239.52.100 United States flag United States CA San Jose Microsoft Corporation AS8075
192.229.163.249 United States flag United States MCI Communications Services, Inc. d/b/a Verizon Business AS15133
192.243.250.72 United States flag United States UT Lehi Adobe Systems Inc. AS15224
192.243.250.88 United States flag United States UT Lehi Adobe Systems Inc. AS15224
198.78.206.253 United States flag United States Level 3 Communications, Inc. AS3356
2.21.16.151 Germany flag Germany NTT America, Inc. AS2914
2.21.236.193 Europe GTT Communications Inc. AS3257
2.22.245.247 Europe GTT Communications Inc. AS3257
2.22.70.61 Europe GTT Communications Inc. AS3257
2.22.71.158 Europe GTT Communications Inc. AS3257
2.22.75.120 Europe GTT Communications Inc. AS3257
2.22.77.127 Europe GTT Communications Inc. AS3257
2.22.87.71 Europe Akamai International B.V. AS20940
207.46.101.29 United States flag United States CA San Jose Microsoft Corporation AS8075
207.46.153.155 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
207.46.202.114 bcp.adcenterhelp.microsoft.com United States flag United States IL Chicago Microsoft Corporation AS8075
207.46.223.94 tk2.plt.msn.com United States flag United States WA Redmond Microsoft Corporation AS8075
216.38.170.128 United States flag United States MA Tewksbury
23.102.155.140 United States flag United States TX San Antonio Microsoft Corporation AS8075
23.102.21.4 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
23.102.4.253 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
23.103.182.126 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
23.2.16.10 a23-2-16-10.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.2.16.8 a23-2-16-8.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.202.16.64 a23-202-16-64.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.202.21.236 a23-202-21-236.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.202.58.89 a23-202-58-89.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
23.202.61.139 a23-202-61-139.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
23.3.59.213 a23-3-59-213.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.3.59.68 a23-3-59-68.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
23.33.106.110 a23-33-106-110.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.33.25.34 a23-33-25-34.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge MCI Communications Services, Inc. d/b/a Verizon Business AS2828
23.33.31.59 a23-33-31-59.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge MCI Communications Services, Inc. d/b/a Verizon Business AS2828
23.46.18.40 a23-46-18-40.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.46.19.158 a23-46-19-158.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
23.73.138.65 a23-73-138-65.deploy.static.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS16625
23.96.212.225 United States flag United States IL Chicago Microsoft Corporation AS8075
23.97.178.173 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
23.97.209.97 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
23.99.10.11 United States flag United States CA San Jose Microsoft Corporation AS8075
23.99.109.44 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
23.99.109.64 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
23.99.116.116 Hong Kong flag Hong Kong 00 Hong Kong Microsoft Corporation AS8075
23.99.49.121 United States flag United States CA San Jose Microsoft Corporation AS8075
31.13.65.2 edge-atlas-shv-01-atl3.facebook.com Ireland flag Ireland Facebook, Inc. AS32934
31.13.69.193 edge-atlas-shv-01-iad3.facebook.com United States flag United States VA Facebook, Inc. AS32934
4.27.253.126 United States flag United States Level 3 Communications, Inc. AS3356
4.27.253.253 United States flag United States Level 3 Communications, Inc. AS3356
4.27.254.254 United States flag United States Level 3 Communications, Inc. AS3356
40.113.14.159 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.113.22.47 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.113.8.255 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.114.149.220 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
40.114.241.141 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
40.114.54.223 United States flag United States VA Washington Microsoft Corporation AS8075
40.117.151.29 United States flag United States VA Washington Microsoft Corporation AS8075
40.117.88.112 United States flag United States VA Washington Microsoft Corporation AS8075
40.118.103.7 Netherlands flag Netherlands 07 Amsterdam Microsoft Corporation AS8075
40.121.144.182 United States flag United States VA Boydton Microsoft Corporation AS8075
40.69.40.157 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.76.12.162 United States flag United States VA Boydton Microsoft Corporation AS8075
40.76.12.4 United States flag United States VA Boydton Microsoft Corporation AS8075
40.77.226.250 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
40.83.189.49 United States flag United States CA San Jose Microsoft Corporation AS8075
46.33.76.33 Germany flag Germany GTT Communications Inc. AS3257
46.33.76.57 Germany flag Germany GTT Communications Inc. AS3257
52.164.241.205 Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
54.243.135.126 ec2-54-243-135-126.compute-1.amazonaws.com United States flag United States VA Ashburn Amazon.com, Inc. AS14618
63.148.207.151 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.70 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.80 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.88 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.95 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.148.207.97 United States flag United States MA Cambridge Qwest Communications Company, LLC AS209
63.241.108.111 United States flag United States NJ California Education and Research Federation Network AS4269
63.241.108.124 bs.serving-sys.com United States flag United States NJ California Education and Research Federation Network AS4269
63.243.243.34 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.35 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.48 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.49 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.58 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
63.243.243.67 United States flag United States MA Cambridge TATA COMMUNICATIONS (AMERICA) INC AS6453
64.233.185.148 yb-in-f148.1e100.net United States flag United States CA Google LLC AS15169
64.233.185.149 yb-in-f149.1e100.net United States flag United States CA Google LLC AS15169
64.4.27.50 United States flag United States CA San Jose Microsoft Corporation AS8075
64.4.54.153 msnbot-64-4-54-153.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.165 msnbot-64-4-54-165.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.18 msnbot-64-4-54-18.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.22 msnbot-64-4-54-22.search.msn.com United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.254 United States flag United States WY Cheyenne Microsoft Corporation AS8075
64.4.54.98 United States flag United States WY Cheyenne Microsoft Corporation AS8075
65.39.117.230 United States flag United States NE Cambridge Pinpoint Communications, Inc. AS27005
65.52.100.93 wes.df.telemetry.microsoft.com United States flag United States WA Redmond Microsoft Corporation AS8075
65.52.108.11 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.153 msnbot-65-52-108-153.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.154 msnbot-65-52-108-154.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.163 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.2 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.251 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.254 bn2wns1b.wns.windows.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.27 msnbot-65-52-108-27.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.33 msnbot-65-52-108-33.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.52 msnbot-65-52-108-52.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.56 msnbot-65-52-108-56.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.59 United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.90 msnbot-65-52-108-90.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075
65.52.108.92 msnbot-65-52-108-92.search.msn.com United States flag United States VA Boydton Microsoft Corporation AS8075

LinuxMintyFresh · 02-28-2018, 01:12 AM

cont

65.54.192.248 United States flag United States WA Redmond Microsoft Corporation AS8075
65.54.225.167 United States flag United States CA San Jose Microsoft Corporation AS8075
65.54.226.187 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.128.80 United States flag United States IL Chicago Microsoft Corporation AS8075
65.55.128.81 United States flag United States IL Chicago Microsoft Corporation AS8075
65.55.130.50 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.138.110 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.138.111 United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.149.120 digg.analytics.live.com United States flag United States CA San Jose Microsoft Corporation AS8075
65.55.176.90 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.2.2 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.227.188 United States flag United States VA Washington Microsoft Corporation AS8075
65.55.252.92 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.44.51 United States flag United States VA Boydton Microsoft Corporation AS8075
65.55.44.82 United States flag United States VA Boydton Microsoft Corporation AS8075
65.55.44.85 United States flag United States VA Boydton Microsoft Corporation AS8075
65.55.52.23 United States flag United States WA Redmond Microsoft Corporation AS8075
65.55.83.120 United States flag United States TX Microsoft Corporation AS8075
66.119.152.205 United States flag United States IL Chicago Microsoft Corporation AS8075
66.235.138.193 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.138.194 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.138.195 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.17 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.18 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.19 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.205 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.206 United States flag United States UT Lehi Adobe Systems Inc. AS15224
66.235.139.207 United States flag United States UT Lehi Adobe Systems Inc. AS15224
68.67.152.103 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.109 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.110 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.111 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.112 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.113 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.120 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.129 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.131 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.132 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.172 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.173 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.174 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.215 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.218 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.235 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.236 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.254 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.56 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.58 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.61 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.92 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.94 United States flag United States NY New York AppNexus, Inc AS29990
68.67.152.97 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.148 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.173 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.180 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.183 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.188 lbip767182.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.208 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.209 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.244 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.248 United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.251 vlan101.1.slb8b.nym2.appnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.253 vlan101.1.slb7a.nym2.appnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.37 http-fileserver.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.39 cq-auditor.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.40 thorondor-hbapi.prod.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.41 lbip767035.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.44 ast-samples.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.56 securemodernimpact.pxlsrv.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.87 lbip767081.nym2.adnexus.net United States flag United States NY New York AppNexus, Inc AS29990
68.67.153.89 lbip767083.nym2.appnexus.com United States flag United States NY New York AppNexus, Inc AS29990
68.67.176.126 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.129 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.132 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.145 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.152 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.16 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.47 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.50 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.51 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.63 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
68.67.176.68 Singapore flag Singapore 00 Singapore AppNexus, Inc AS29990
72.246.43.10 a72-246-43-10.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.128 a72-246-43-128.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.16 a72-246-43-16.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.25 a72-246-43-25.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.26 a72-246-43-26.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.33 a72-246-43-33.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.34 a72-246-43-34.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.40 a72-246-43-40.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.48 a72-246-43-48.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.56 a72-246-43-56.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
72.246.43.9 a72-246-43-9.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai International B.V. AS20940
74.125.21.148 yv-in-f148.1e100.net United States flag United States CA Mountain View Google LLC AS15169
74.125.21.149 yv-in-f149.1e100.net United States flag United States CA Mountain View Google LLC AS15169
77.67.29.176 United States flag United States GTT Communications Inc. AS3257
8.12.223.125 United States flag United States Level 3 Communications, Inc. AS3356
8.12.223.254 United States flag United States Level 3 Communications, Inc. AS3356
8.254.233.126 United States flag United States Level 3 Communications, Inc. AS3356
8.254.240.126 United States flag United States Level 3 Communications, Inc. AS3356
8.254.248.254 United States flag United States Level 3 Communications, Inc. AS3356
8.254.56.254 United States flag United States Level 3 Communications, Inc. AS3356
8.26.206.252 United States flag United States Level 3 Communications, Inc. AS3356
8.26.207.126 United States flag United States Level 3 Communications, Inc. AS3356
8.26.209.126 United States flag United States Level 3 Communications, Inc. AS3356
8.26.210.126 United States flag United States Level 3 Communications, Inc. AS3356
93.184.215.200 Europe MCI Communications Services, Inc. d/b/a Verizon Business AS15133
94.245.121.176 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
94.245.121.177 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
94.245.121.178 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
94.245.121.179 db3aqu.atdmt.com Ireland flag Ireland 07 Dublin Microsoft Corporation AS8075
95.101.128.137 a95-101-128-137.deploy.akamaitechnologies.com Europe Akamai International B.V. AS20940
95.101.128.195 a95-101-128-195.deploy.akamaitechnologies.com Europe Akamai International B.V. AS20940
96.17.204.167 a96-17-204-167.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994
96.17.204.25 a96-17-204-25.deploy.akamaitechnologies.com United States flag United States MA Cambridge Akamai Technologies, Inc. AS35994

LinuxMintyFresh · 02-28-2018, 01:36 AM

So a very strange thing occurred the other day while I was logged into windows. After disabling a few entries in the registry governing hardware "redirect" (aka remote control and access to the hardware of my PC) Registry entries grew from ~461000, to ~540000. A massive hidden layer of my registry was uncovered that I had never seen or knew about before; I should have made a backup of this, because I can no longer access it anymore; 1/5'th of my registry vanished again. All the entries I had previously searched for and changed, are no longer visible in my registry. For example.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows\DeviceRedirect\Restrictions\]
"AllowRedirect"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]
"AllowRedirect"=dword:00000000

I had changed these from 0, to 1. After which, some of them were persistent on reboot; they would switch back to 1 again. It wasn't much time before I was no longer able to find them anymore; I had not deleted them.

It is as though some remote admin was redirecting a huge chunk of my registry / O/S and hardware. I was shocked to see these hidden registry keys unlocked; In the process of disabling the redirect settings, while searching for "DeviceRedirect" double or more more redirect keys became available to me on the next boot. (Along with 1/5 of my registry which I had never seen before)You can find these keys by searching for "DeviceRedirect" and or "allowredirect".

These six objects also disappeared.

[HKEY_USERS\S-1-5-21-2240875929-447784991-1091042645-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{007A0536-350C-47ED-9868-DF5C42F80CEA}Machine\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]
"AllowRedirect"=dword:00000000

[HKEY_USERS\S-1-5-21-2240875929-447784991-1091042645-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{2228C782-A61F-4964-BF35-039C64C5762A}Machine\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]
"AllowRedirect"=dword:00000000

[HKEY_USERS\S-1-5-21-2240875929-447784991-1091042645-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{971B4056-B53A-4932-85C0-1C67D70BFD18}Machine\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]
"AllowRedirect"=dword:00000000

[HKEY_USERS\S-1-5-21-2240875929-447784991-1091042645-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{AF3CE3F0-520B-435A-A45C-312C2374AB79}Machine\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]
"AllowRedirect"=dword:00000000

[HKEY_USERS\S-1-5-21-2240875929-447784991-1091042645-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{DA63EBEF-85CB-4B8A-AC11-43F92721699F}Machine\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]
"AllowRedirect"=dword:00000000

[HKEY_USERS\S-1-5-21-2240875929-447784991-1091042645-1000\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{E615A4B9-1522-4ED3-82A0-03A4B4BD5848}Machine\Software\Policies\Microsoft\Windows\DeviceRedirect\Restrictions]

I uncovered all of this while finding possible shady group policy entries for Chrome browser.
One of the steps I took that may have uncovered my hidden registry entries was followed here:
https://www.bleepingcomputer.com/vir...-administrator

I ran RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"
gpupdate /force

A chrome extension (GhostVPN) had access to system settings and had injected a group policy to allow access to system Proxy settings;

Registry Group Policy Objects \SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{FC974C88-F4E9-4026-B8E4-839875341946}Machine\Software\Policies\Google\Chrome\ExtensionInstallWhitelist\1 = nhippelchacimnkamngddemhkifekini

LinuxMintyFresh · 02-28-2018, 01:45 AM

Here are some examples of redirect in action: https://www.youtube.com/watch?v=ZL-WlfJaYCk
https://www.youtube.com/watch?v=8vmG6rFd_BM
https://www.youtube.com/watch?v=dqOlgDhqrh0

Habitual · 02-28-2018, 12:19 PM

https://github.com/downloads/rgl/red...tup-64-bit.exe scanned at virustotal is a hit.

good luck

geppy · 03-29-2018, 11:31 AM

Somebody is TOYING with you, not necessary some goverment.

You need to realize what you need from internet for work, and what you need to make your work secure.
Decrypting HTTPS by internet provider and content substitution in search engines is common practice.
Thats the problem - not hacked websites or malware. The attacker will actually guard you from outside hacks to help them in traffic decryption.

Man-in-the-middle will send tons of traffic to legitemate website on your behalf to help him to decrypt traffic. Nothing you can do here.

You need to drop all FIN and RST packets. Suricata in inline mode on separate computer. Snort is pointless.
Or you own OS(i am writing one).
Eventually you need to deal with incoming ACKs from websites you visit.
Man-in-the-middle will send you tons of fake ACKs to figure out encryption password generated by web browser on behalf of legitemate website. They simply change some bits in ACK packets to make decryption faster.

Unfortunatelly modern web browser use same established TLS connection for most traffic. Creating new TLS handshake would help greatly.

LinuxMintyFresh · 04-07-2018, 01:44 AM

Thank you SO much @geppy ... Well i bought a new router that uses Merlin firmware, added dnscrypt and dnssec to help prevent dns spoofing and mitm. I just checked and the Entware repo on the router also has suricata, and its easily installable in seconds. I just need to configure it properly because I see some people are having issues with it. I'm now using a vpn with Diffie-Hellman encryption with 60-second renegotiations, so this will significantly improve online security. However even with all the added security (and 4 months non stop hardening windows) I am still being hacked occasionally.

Other vpns I have noticed used content substitution in search engines; i could tell very clearly.

Thank you so much for your advice, I'm going to look into this and hopefully in no time I'll have Suricata up and running with no issues!

LinuxMintyFresh · 04-07-2018, 01:53 AM

Oh and just to bring some closure here, the entries in the routing table were due to a anti microsoft spy security app called ancile which also inserted the same addresses into the hosts file and the windows firewall; https://bitbucket.org/ancile_develop...Hosts.data.zip
https://bitbucket.org/ancile_develop...uting.data.zip
https://bitbucket.org/ancile_develo....ewall.data.zip

Looks like he pulled the info from the following source; and the comment below it which replaces metric "L" with "1"

Quote:

Question
How can I define null route on Windows Server 2008 R2 Standard
3 Answers

First remove all routes you added previously. Then do route print and in the first part of the output check the interface number of Software Loopback Interface (I guess that in your case it is not number 1)

Then add the following route:

route add x.x.x.x mask 255.255.255.255 g.g.g.g if L
Where:

x.x.x.x is the IP address you want to block
g.g.g.g is the IP address of your current default gateway
L is the interface number of Software Loopback Interface

One user has said quote "I have used this way to block people trying to hack our database server i created an application that checks for IPs that have made so many database connections with wrong credentials and automatically add these IPs to the blocking route. I am not a network expert I'm a programmer basically but this did stop the hacker and he gave up. doing this manually was impossible as he was changing the IP he is using to try to hack the server. I was unable to do this with our firewall"

Source: https://serverfault.com/questions/54...08-r2-standard