I have identical slackware 14.1 installs of my computer and my wife's computer. I have firefox installed locally in the user accounts (not a system wide install).

I was checking my computers running
sudo lsof

And on my wife's computer I got this connection:
TCP 192.168.1.104:40741->ec2-52-88-81-160.us-west-2.compute.amazonaws.com:https (ESTABLISHED)

I went through all the settings and turned off all the options I know that connect to the internet. On my computer I don't get the above connection. There were no extra add-ons that I didn't already know about. Even when I deleted all the add-ons it was still connecting.

When firefox was not running on my wife's comuter - I didn't get the connection. *MY* computer did not have the connection when firefox was running. Just my wife's computer when running firefox.

I deleted the .mozilla directory, then restarted firefox. - still had the connection.

Then I deleted the firefox application directory and unzipped from a new download - That did it - the connection was gone.

Anyone know what that connection was? Searching Google on this is rather inconclusive.

Since all "evidence" is gone and there's no relevant details there's nothing left except to speculate (I won't). Next time run the web browser through a filtering proxy or tcpdump traffic to see what kind of requests are made?..

1 members found this post helpful.

Good tip. Thanks, I'll remember that in the future.

I did a whois and its amazon so it shouldn't be too nefarious.

Domain Name: amazonaws.com
Registry Domain ID: 197784869_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2014-10-28T12:38:28-0700
Creation Date: 2005-08-17T19:10:45-0700
Registrar Registration Expiration Date: 2018-01-15T20:59:59-0800
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Registry Registrant ID:
Registrant Name: Legal Department
Registrant Organization: Amazon.com, Inc.
Registrant Street: PO BOX 81226
Registrant City: Seattle
Registrant State/Province: WA
Registrant Postal Code: 98108-1226
Registrant Country: US


Thanks for your reply!

take from here (including)...
up to and including...
and paste the cert into the box at https://www.sslshopper.com/certificate-decoder.html and we get these results.

Next I did a and I see the 52.88.81.160

Gurgling shavar.services.mozilla.com
I find https://wiki.mozilla.org/Services/Tr...rver_-_Testing

What it means, I have NO IDEA, but there it is.
Hope that helps.

3 members found this post helpful.

Thanks!

You are welcome.
Is it possible that the wife's firefox was a nightly build or something like that?

That's the only reason I could imagine for that connection.

1 members found this post helpful.

Good recon. Shavar is the Mozilla tracking protection-and-more. For what it protects against see here: https://github.com/mozilla-services/shavar-prod-lists and the lists here: https://github.com/mozilla-services/shavar-test-lists

1 members found this post helpful.