I just randomly found out that running xpdf instances are connecting via
https to unknown internet hosts:
-----
$ lsof -i:https
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
xpdf 4548 ndr 60u IPv4 3240798 0t0 TCP myhost:60178->151.101.1.140:https (CLOSE_WAIT)
xpdf 4548 ndr 62u IPv4 3241136 0t0 TCP myhost:54798->151.101.193.140:https (CLOSE_WAIT)
xpdf 4548 ndr 64u IPv4 3241163 0t0 TCP myhost:59904->151.101.65.140:https (CLOSE_WAIT)
xpdf 4548 ndr 66u IPv4 3241168 0t0 TCP myhost:58196->151.101.114.49:https (CLOSE_WAIT)
xpdf 4548 ndr 67u IPv4 3242068 0t0 TCP myhost:37120->151.101.0.95:https (CLOSE_WAIT)
xpdf 4548 ndr 68u IPv4 3241177 0t0 TCP myhost:44826->151.101.66.49:https (CLOSE_WAIT)
xpdf 4548 ndr 69u IPv4 3242069 0t0 TCP myhost:60520->104.16.149.64:https (CLOSE_WAIT)
xpdf 4548 ndr 78u IPv4 3241196 0t0 TCP myhost:58432->104.16.19.94:https (CLOSE_WAIT)
xpdf 4548 ndr 80u IPv4 3241189 0t0 TCP myhost:60516->104.16.149.64:https (CLOSE_WAIT)
[...]
-----
I can't think of a good, non-malicious explanation to this...
What does everyone think?
--
Dario Niedermann -:- finger my email address for PGP key, etc.
Also on the Internet at: <gopher://
darioniedermann.it/>
<
https://www.darioniedermann.it/>