Estou usando o Ubuntu 12.04 64bit. Estou usando o proxy HTTP sobre ssh como mencionado aqui . Quando inicio o TinyProxy, posso ver o registro de tráfego.
Editado: Se você olhar para o log, você pode ver que todo o tráfego é de anúncios. Além disso, embora eu não tenha nenhum aplicativo em execução como o firefox, thunderbird ou pidgin etc., há um tráfego enorme. Portanto, deve haver um aplicativo em execução no plano de fundo.
Você conhece alguma maneira de detectar esse aplicativo? Como posso encontrar o aplicativo que causa tráfego de propaganda?
ps ax
PID TTY STAT TIME COMMAND
1 ? Ss 0:01 /sbin/init
2 ? S 0:00 [kthreadd]
3 ? S 0:00 [ksoftirqd/0]
6 ? S 0:00 [migration/0]
7 ? S 0:00 [watchdog/0]
21 ? S< 0:00 [cpuset]
22 ? S< 0:00 [khelper]
23 ? S 0:00 [kdevtmpfs]
24 ? S< 0:00 [netns]
26 ? S 0:00 [sync_supers]
27 ? S 0:00 [bdi-default]
28 ? S< 0:00 [kintegrityd]
29 ? S< 0:00 [kblockd]
30 ? S< 0:00 [ata_sff]
31 ? S 0:00 [khubd]
32 ? S< 0:00 [md]
34 ? S 0:00 [khungtaskd]
35 ? S 0:00 [kswapd0]
36 ? SN 0:00 [ksmd]
37 ? SN 0:00 [khugepaged]
38 ? S 0:00 [fsnotify_mark]
39 ? S 0:00 [ecryptfs-kthrea]
40 ? S< 0:00 [crypto]
48 ? S< 0:00 [kthrotld]
49 ? S 0:00 [scsi_eh_0]
50 ? S 0:00 [scsi_eh_1]
51 ? S 0:00 [scsi_eh_2]
52 ? S 0:00 [scsi_eh_3]
75 ? S< 0:00 [devfreq_wq]
240 ? S< 0:00 [xfs_mru_cache]
241 ? S< 0:00 [xfslogd]
242 ? S< 0:00 [xfsdatad]
243 ? S< 0:00 [xfsconvertd]
245 ? S 0:00 [xfsbufd/sda3]
246 ? S 0:01 [xfsaild/sda3]
330 ? S 0:00 upstart-udev-bridge --daemon
333 ? Ss 0:00 /sbin/udevd --daemon
472 ? S< 0:00 [cfg80211]
479 ? S< 0:00 [kpsmoused]
671 ? S 0:00 upstart-socket-bridge --daemon
779 ? S 0:00 [xfsbufd/sda4]
781 ? S 0:01 [xfsaild/sda4]
785 ? S< 0:00 [ttm_swap]
800 ? S< 0:00 [hd-audio0]
803 ? S< 0:00 [hd-audio1]
857 ? Sl 0:00 rsyslogd -c5
869 ? Ss 0:04 dbus-daemon --system --fork --activation=upstart
881 ? Ss 0:00 /usr/sbin/modem-manager
883 ? Ss 0:00 /usr/sbin/bluetoothd
905 ? Ssl 0:02 NetworkManager
906 ? Ss 0:00 /usr/sbin/cupsd -F
910 ? Sl 0:02 /usr/lib/policykit-1/polkitd --no-debug
918 ? S 0:00 avahi-daemon: running [bunyamin-hp.local]
919 ? S 0:00 avahi-daemon: chroot helper
920 ? S< 0:00 [krfcommd]
956 ? Ss 0:00 /sbin/wpa_supplicant -B -P /run/sendsigs.omit.d/wpasupplicant.pid -u -s -O /var/run/wpa_supplicant
980 tty4 Ss+ 0:00 /sbin/getty -8 38400 tty4
985 tty5 Ss+ 0:00 /sbin/getty -8 38400 tty5
1000 tty2 Ss+ 0:00 /sbin/getty -8 38400 tty2
1006 tty3 Ss+ 0:00 /sbin/getty -8 38400 tty3
1009 tty6 Ss+ 0:00 /sbin/getty -8 38400 tty6
1024 ? Ss 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
1025 ? Ss 0:00 atd
1026 ? Ss 0:00 cron
1029 ? Ss 0:01 /usr/sbin/irqbalance
1034 ? Ssl 0:00 whoopsie
1091 ? Ssl 0:00 lightdm
1216 tty1 Ss+ 0:00 /sbin/getty -8 38400 tty1
1224 ? Sl 0:00 /usr/lib/accountsservice/accounts-daemon
1241 ? Sl 0:00 /usr/sbin/console-kit-daemon --no-daemon
1356 ? Sl 0:00 /usr/lib/upower/upowerd
1447 ? Sl 0:00 /usr/lib/x86_64-linux-gnu/colord/colord
1539 ? SNl 0:00 /usr/lib/rtkit/rtkit-daemon
1723 ? Sl 0:00 /usr/lib/udisks/udisks-daemon
1724 ? S 0:00 udisks-daemon: not polling any devices
2077 ? Z 0:00 [lightdm] <defunct>
2433 ? Z 0:00 [lightdm] <defunct>
3491 ? S 0:00 [flush-8:0]
4023 ? S 0:00 [kworker/u:14]
4034 ? S 0:00 [migration/1]
4035 ? S 0:00 [kworker/1:3]
4036 ? S 0:00 [ksoftirqd/1]
4037 ? S 0:00 [watchdog/1]
4038 ? S 0:00 [migration/2]
4040 ? S 0:00 [ksoftirqd/2]
4041 ? S 0:00 [watchdog/2]
4042 ? S 0:00 [migration/3]
4043 ? S 0:00 [kworker/3:1]
4044 ? S 0:00 [ksoftirqd/3]
4045 ? S 0:00 [watchdog/3]
4047 ? S 0:00 [irq/43-mei]
4070 ? S 0:00 [kworker/3:0]
4072 ? S 0:00 [kworker/1:0]
4164 ? Ss 0:00 anacron -s
4549 tty7 Ss+ 1:13 /usr/bin/X :0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
4683 ? Sl 0:00 lightdm --session-child 12 47
4718 ? Sl 0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
4729 ? Ssl 0:00 gnome-session --session=gnome-fallback
4765 ? Ss 0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session gnome-session --session=gnome-fallback
4768 ? S 0:00 /usr/bin/dbus-launch --exit-with-session gnome-session --session=gnome-fallback
4769 ? Ss 0:00 //bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
4779 ? Sl 0:01 /usr/lib/gnome-settings-daemon/gnome-settings-daemon
4786 ? S 0:00 /usr/lib/gvfs/gvfsd
4788 ? Sl 0:00 /usr/lib/gvfs//gvfs-fuse-daemon -f /home/bunyamin/.gvfs
4797 ? Sl 0:00 /usr/lib/gnome-settings-daemon/gsd-printer
4799 ? Sl 0:03 metacity
4805 ? S 0:00 /usr/lib/x86_64-linux-gnu/gconf/gconfd-2
4811 ? Sl 0:10 gnome-panel
4814 ? S 0:00 syndaemon -i 2.0 -K -R -t
4819 ? S<l 0:00 /usr/bin/pulseaudio --start --log-target=syslog
4821 ? Sl 0:00 /usr/lib/dconf/dconf-service
4826 ? Sl 0:00 /usr/lib/gnome-settings-daemon/gnome-fallback-mount-helper
4828 ? Sl 0:06 nautilus -n
4830 ? Sl 0:02 nm-applet
4832 ? Sl 0:00 /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
4835 ? Sl 0:00 bluetooth-applet
4851 ? S 0:00 /usr/lib/pulseaudio/pulse/gconf-helper
4854 ? Sl 0:04 /usr/lib/indicator-applet/indicator-applet-complete
4859 ? S 0:00 /usr/lib/gvfs/gvfs-gdu-volume-monitor
4863 ? S 0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
4865 ? Sl 0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
4871 ? S 0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.6 /org/gtk/gvfs/exec_spaw/0
4874 ? Sl 0:00 /usr/lib/indicator-application/indicator-application-service
4876 ? Sl 0:00 /usr/lib/indicator-datetime/indicator-datetime-service
4878 ? Sl 0:00 /usr/lib/indicator-messages/indicator-messages-service
4887 ? Sl 0:00 /usr/lib/indicator-printers/indicator-printers-service
4888 ? Sl 0:00 /usr/lib/indicator-session/indicator-session-service
4889 ? Sl 0:00 /usr/lib/indicator-sound/indicator-sound-service
4906 ? S 0:00 /usr/lib/geoclue/geoclue-master
4929 ? S 0:00 /usr/lib/ubuntu-geoip/ubuntu-geoip-provider
4938 ? Sl 0:11 /usr/lib/gnome-applets/multiload-applet-2
4939 ? Sl 0:01 /usr/lib/gnome-applets/cpufreq-applet
4953 ? S 0:00 /usr/lib/gvfs/gvfsd-metadata
4955 ? S 0:00 /usr/lib/gvfs/gvfsd-burn --spawner :1.6 /org/gtk/gvfs/exec_spaw/1
4957 ? Sl 3:22 /usr/lib/firefox/firefox
4973 ? Sl 0:00 /usr/lib/x86_64-linux-gnu/at-spi2-core/at-spi-bus-launcher
4997 ? Sl 0:00 /usr/lib/gnome-disk-utility/gdu-notification-daemon
5000 ? Sl 0:00 telepathy-indicator
5007 ? Sl 0:00 /usr/lib/telepathy/mission-control-5
5012 ? Sl 0:00 /usr/lib/gnome-online-accounts/goa-daemon
5018 ? Sl 0:00 gnome-screensaver
5019 ? Sl 0:01 zeitgeist-datahub
5025 ? Sl 0:00 /usr/bin/zeitgeist-daemon
5033 ? Sl 0:00 /usr/lib/zeitgeist/zeitgeist-fts
5041 ? S 0:00 /bin/cat
5052 ? Sl 0:08 /usr/bin/gnome-terminal -x /bin/sh -c '/home/bunyamin/Desktop/SSH Tunnel'
5058 ? S 0:00 gnome-pty-helper
5067 ? Sl 0:00 update-notifier
5090 ? S 0:00 /usr/bin/python /usr/lib/system-service/system-service-d
5130 ? Sl 0:00 /usr/lib/deja-dup/deja-dup/deja-dup-monitor
5135 ? S 0:00 /bin/sh -c nice run-parts --report /etc/cron.daily
5136 ? SN 0:00 run-parts --report /etc/cron.daily
5358 pts/4 Ss 0:00 bash
5482 ? S 0:00 [kworker/0:1]
5487 ? S 0:01 [kworker/2:0]
5550 ? Sl 1:15 /usr/lib/firefox/plugin-container /usr/lib/flashplugin-installer/libflashplayer.so -greomni /usr/lib/firefox/omni.ja 4957 true plugin
5717 ? S 0:00 /usr/lib/cups/notifier/dbus dbus://
5824 ? SN 0:00 /bin/sh /etc/cron.daily/update-notifier-common
5825 ? SN 0:00 /usr/bin/python /usr/lib/update-notifier/package-data-downloader
5872 ? Sl 0:00 /usr/lib/notify-osd/notify-osd
5888 ? S 0:00 /sbin/udevd --daemon
5889 ? S 0:00 /sbin/udevd --daemon
5909 ? S 0:00 /sbin/dhclient -d -4 -sf /usr/lib/NetworkManager/nm-dhcp-client.action -pf /var/run/sendsigs.omit.d/network-manager.dhclient-eth1.pid -lf /var/lib/dhcp/dhclient-f5f0
5912 ? S 0:00 /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/sendsigs.omit.d/network-manager.dnsmasq.pid --listen-address=127.
5975 pts/1 Ss+ 0:00 /bin/sh -c '/home/bunyamin/Desktop/SSH Tunnel'
5976 pts/1 S+ 0:00 /bin/sh /home/bunyamin/Desktop/SSH Tunnel
5977 pts/1 S+ 0:00 ssh -p443 [email protected] -L 8000:127.0.0.1:8000
5980 ? Sl 0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.6 /org/gtk/gvfs/exec_spaw/2
6034 ? S 0:00 [kworker/u:0]
6054 ? S 0:00 [kworker/2:2]
6070 ? S 0:00 [kworker/0:3]
6094 ? Sl 0:02 gedit /home/bunyamin/Desktop/a.html
6101 ? S 0:00 [kworker/0:2]
6130 pts/4 R+ 0:00 ps ax
TinyProxy LOG
connect to ad.adserverplus.com:80
mx1.u4gf.com - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=160x600&s=2959021&T=3&_salt=1516586745&B=12&m=2&u=http%3A%2F%2Fsunshinefelling.com%2Findex.php%3Fview%3Darticle%26catid%3D45%253Aplus-size-dresses%26id%3D7512%253A2012-01-25-22-42-00%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D101&r=1 HTTP/1.0" - -
bye
bye
bye
connect to ad.adserverplus.com:80
connect to ad.bharatstudent.com:80
connect to ad.yieldmanager.com:80
142.91.199.250.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=0x0&y=29&s=2913320&_salt=2228719469&B=12&m=2&r=1 HTTP/1.0" - -
173.208.94.117 - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=0x0&y=29&s=3187816&_salt=462045326&B=12&m=2&r=1 HTTP/1.0" - -
mx1.a54m.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=300x250&s=2887338&T=3&_salt=2925281520&B=12&m=2&u=http%3A%2F%2Fsecretskirt.com%2Findex.php%3Foption%3Dcom_contact%26view%3Dcontact%26id%3D1%26Itemid%3D95&r=1 HTTP/1.0" - -
108.62.75.54.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=3218437&T=3&_salt=2939054384&B=12&m=2&u=http%3A%2F%2Fwww.vifinances.com%2Ffinance-investing%2Finsurance-investment%2Fis-life-insurance-investment-necessarily-the-way-to-go.html&r=1 HTTP/1.0" - -
connect to ad.yieldmanager.com:80
connect to ad.globe7.com:80
bye
connect to ad.globe7.com:80
connect to ad.globe7.com:80
bye
173.208.94.22 - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=2922824&T=3&_salt=705371051&B=12&m=2&u=%3A%2F%2Fsunshinefelling.com%2Findex.php%3Fview%3Darticle%26catid%3D44%3Amature-womens-fashion%26id%3D6917%3A2012-01-25-22-37-27%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D&r=1 HTTP/1.0" - -
bye
23.19.10.44.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/st?ad_type=iframe&ad_size=160x600§ion=3512129&pub_url=${PUB_URL} HTTP/1.0" - -
connect to ad.yieldmanager.com:80
bye
142.91.189.27.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/imp?Z=0x0&y=29&s=3660215&_salt=2921537966&B=12&m=2&r=1 HTTP/1.0" - -
connect to ad.scanmedios.com:80
bye
142.91.217.158.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globaltakeoff.net/st?ad_type=iframe&ad_size=160x600§ion=2077929&pub_url=${PUB_URL} HTTP/1.0" - -
23.19.76.194.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=3127996&T=3&_salt=1952612979&B=12&m=2&u=http%3A%2F%2Fwww.oseey.com%2Fpure-core-watch%2Fcarbon-fiber-watch%2Fcarbon-monoxide-poisoning-awareness.html&r=1 HTTP/1.0" - -
mx1.e6sb.com - - [17/Oct/2012 07:38:53] "GET http://ad.scanmedios.com/imp?Z=728x90&s=3522638&T=3&_salt=3444993091&B=12&m=2&u=http%3A%2F%2Fsunshinefelling.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D6013%3A2012-01-25-22-25-54%26catid%3D40%3Abig-beautiful-women-fashion%26Itemid%3D96&r=1 HTTP/1.0" - -
connect to ad.tagjunction.com:80
connect to ad.yieldmanager.com:80
bye
connect to ad.yieldmanager.com:80
23.19.76.154.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250§ion=2569393 HTTP/1.0" - -
connect to ads.creafi-online-media.com:80
bye
108.62.109.115.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3315330&_salt=2385926515&B=12&m=2&r=1 HTTP/1.0" - -
142.91.217.214.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3634166&T=3&_salt=1590442300&B=12&m=2&u=http%3A%2F%2Fwealthterritory.com%2Findex.php%3Foption%3Dcom_mailto%26tmpl%3Dcomponent%26link%3DaHR0cDovL3dlYWx0aHRlcnJpdG9yeS5jb20vaW5kZXgucGhwP29wdGlvbj1jb21fY29udGVudCZ2aWV3PWFydGljbGUmaWQ9NDY2NDoyMDExLTA3LTA2LTEzLTI2LTUwJmNhdGlkPTQxOnNlcnZpY2VzJkl0ZW1pZ&r=1 HTTP/1.0" - -
108.62.185.184.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ads.creafi-online-media.com/imp?Z=728x90&s=2885766&T=3&_salt=107120374&B=12&m=2&u=http%3A%2F%2Feconomicccore.com%2Findex.php%3Foption%3Dcom_content%26view%3Dcategory%26layout%3Dblog%26id%3D48%26Itemid%3D98%26limitstart%3D45&r=1 HTTP/1.0" - -
bye
bye
bye
connect to ad.adserverplus.com:80
connect to ad.yieldmanager.com:80
connect to ad.tagjunction.com:80
bye
108.62.75.252.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=728x90§ion=3213387&pub_url=${PUB_URL} HTTP/1.0" - -
bye
connect to ad.tagjunction.com:80
bye
connect to ad.yieldmanager.com:80
173.208.94.29 - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/st?ad_type=iframe&ad_size=728x90§ion=3006024&pub_url=${PUB_URL} HTTP/1.0" - -
23.19.31.84.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=2586703&_salt=2905995697&B=12&m=2&r=1 HTTP/1.0" - -
oxx-ef-Words.ipwagon.net - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=0x0&y=29&s=3630499&_salt=4037530564&B=12&m=2&r=1 HTTP/1.0" - -
142.91.185.53.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=0x0&y=29&s=3512541&_salt=1134875077&B=12&m=2&r=1 HTTP/1.0" - -
connect to ad.globe7.com:80
108.177.187.37.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=3168350&T=3&_salt=548860046&B=12&m=2&u=http%3A%2F%2Flifehealthyliving.com%2Findex.php%3Fview%3Darticle%26catid%3D34%253Ahealthy-food%26id%3D4681%253A2012-05-16-20-40-19%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D%26option%3Dcom_content%26Itemid%3D53&r=1 HTTP/1.0" - -
connect to ad.adserverplus.com:80
bye
connect to ads.creafi-online-media.com:80
108.177.223.180.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=300x250&s=3331290&T=3&_salt=1270334669&B=12&m=2&u=http%3A%2F%2Fwww.vegls.com%2Faccident-attorneys-firms%2Fauto-accident-attorney%2Ffind-the-correct-auto-accident-attorney.html&r=1 HTTP/1.0" - -
bye
142.91.185.38.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/st?ad_type=iframe&ad_size=160x600§ion=818253 HTTP/1.0" - -
connect to ad.yieldmanager.com:80
bye
bye
bye
108.62.75.230.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ads.creafi-online-media.com/st?ad_type=pop&ad_size=0x0§ion=3323456&banned_pop_types=29&pop_times=1&pop_frequency=86400&pub_url=${PUB_URL} HTTP/1.0" - -
connect to ad.adserverplus.com:80
bye
connect to ad.adserverplus.com:80
bye
142.91.217.194.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=300x250&s=3068801&T=3&_salt=1246107431&B=12&m=2&u=http%3A%2F%2Fmoodoffashionandbeauty.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D756%3A2011-07-13-13-13-43%26catid%3D36%3Afashion-clothes%26Itemid%3D55&r=1 HTTP/1.0" - -
connect to ad.smxchange.com:80
108.62.185.235.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250§ion=3307618&pub_url=${PUB_URL} HTTP/1.0" - -
connect to ad.globe7.com:80
bye
connect to ad.yieldmanager.com:80
bye
bye
connect to ad.adserverplus.com:80
connect to ad.yieldmanager.com:80
connect to ad.adserverplus.com:80
connect to ad.yieldmanager.com:80
108.177.168.183.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/imp?Z=300x250&s=3582877&T=3&_salt=3271923155&B=12&m=2&u=http%3A%2F%2Fwomenhealthroad.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D5780%3A2011-12-12-16-56-53%26catid%3D40%3Ahealth-issues%26Itemid%3D96&r=1 HTTP/1.0" - -
23.19.3.100.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=2895969&T=3&_salt=207805714&B=12&m=2&u=http%3A%2F%2Feconomicccore.com%2Findex.php%3Fview%3Darticle%26catid%3D46%253Aeconomic-news%26id%3D6079%253A2011-09-29-07-39-13%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D96&r=1 HTTP/1.0" - -
bye
142.91.199.212.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250§ion=2956039&pub_url=${PUB_URL} HTTP/1.0" - -
bye
142.91.189.169.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=3004691&T=3&_salt=2747591679&B=12&m=2&u=http%3A%2F%2Fwww.qtsfinancial.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D5406%3Afinancial-statement-english-page%26catid%3D43%3Afinancial-analysis%26Itemid%3D99&r=1 HTTP/1.0" - -
connect to ad.adserverplus.com:80
23.19.31.58.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3323560&_salt=3172064457&B=12&m=2&r=1 HTTP/1.0" - -
connect to ad.adserverplus.com:80
iei-ix-Words.ipwagon.net - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=728x90&s=3187813&T=3&_salt=1110944041&B=12&m=2&u=http%3A%2F%2Fwww.workinhouses.com%2Fhtml%2Fwallingford-ct-connecticuts-best-places-for-your-home.html&r=1 HTTP/1.0" - -
connect to cookex.amp.yahoo.com:80
173.208.94.116 - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=300x250§ion=3213592&pub_url=${PUB_URL} HTTP/1.0" - -
bye
bye
connect to ad.yieldmanager.com:80
connect to ads.creafi-online-media.com:80
bye
108.62.75.99.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=160x600&s=2913321&T=3&_salt=333033369&B=12&m=2&u=http%3A%2F%2Ffashionstreetlight.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D28850%3A2011-12-20-12-59-39%26catid%3D45%3Afashion-accessories%26Itemid%3D101&r=1 HTTP/1.0" - -
bye
142.91.217.208.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://cookex.amp.yahoo.com/v2/cexposer/SIG=18kthu27g/*http%3A//ad.yieldmanager.com/imp?Z=300x250&s=2682517&T=3&_salt=1378331643&B=12&m=2&u=http%3A%2F%2Fwww.economicwindows.com%2Findex.php%3Fview%3Darticle%26catid%3D40%253Afinancial-info%26id%3D3854%253A2011-07-06-13-25-37%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D96&r=1 HTTP/1.0" - -
bye
bye
bye
108.62.185.228.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3315448&_salt=4241487555&B=12&m=2&r=1 HTTP/1.0" - -
108.62.185.220.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ads.creafi-online-media.com/st?ad_type=iframe&ad_size=728x90§ion=3269968 HTTP/1.0" - -
connect to ad.tagjunction.com:80
bye
connect to ad.globe7.com:80
bye
142.91.185.47.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/st?ad_type=pop&ad_size=0x0§ion=2958317&banned_pop_types=29&pop_times=1&pop_frequency=0&pub_url=${PUB_URL} HTTP/1.0" - -
bye
108.177.168.183.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/imp?Z=160x600&s=3582877&T=3&_salt=1313872999&B=12&m=2&u=http%3A%2F%2Fwomenhealthroad.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D5753%3A2011-12-12-16-56-46%26catid%3D40%3Ahealth-issues%26Itemid%3D96&r=1 HTTP/1.0" - -
connect to ad.tagjunction.com:80
bye
connect to ad.globe7.com:80
bye
connect to ad.adserverplus.com:80
108.62.75.53.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.tagjunction.com/imp?Z=300x250&s=3127172&T=3&_salt=2152278771&B=12&m=2&u=http%3A%2F%2Fwww.oslims.com%2Ffashion-coffee%2Ffashion-slimming-coffee%2Fso-whats-your-poison-coffee-or-tea.html&r=1 HTTP/1.0" - -
connect to ad.yieldmanager.com:80
bye
bye
108.62.75.170.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/imp?Z=0x0&y=29&s=2909210&_salt=1773835502&B=12&m=2&r=1 HTTP/1.0" - -
23.19.79.3.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.globe7.com/st?ad_type=iframe&ad_size=728x90§ion=3571505&pub_url=${PUB_URL} HTTP/1.0" - -
142.91.217.216.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3630472&T=3&_salt=462936220&B=12&m=2&u=http%3A%2F%2Fwww.economicwindows.com%2Findex.php%3Fview%3Darticle%26catid%3D41%253Afinancial-services%26id%3D4854%253A2011-07-06-13-26-56%26tmpl%3Dcomponent%26print%3D1%26layout%3Ddefault%26page%3D%26option%3Dcom_content%26Itemid%3D97&r=1 HTTP/1.0" - -
connect to ad.yieldmanager.com:80
connect to ad.adserverplus.com:80
connect to ad.yieldmanager.com:80
bye
connect to ad.yieldmanager.com:80
bye
connect to ad.yieldmanager.com:80
142.91.189.176.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3187822&T=3&_salt=325267799&B=12&m=2&u=http%3A%2F%2Feconomysea.com%2Findex.php%3Foption%3Dcom_mailto%26tmpl%3Dcomponent%26link%3DaHR0cDovL2Vjb25vbXlzZWEuY29tL2luZGV4LnBocD9vcHRpb249Y29tX2NvbnRlbnQmdmlldz1hcnRpY2xlJmlkPTYzNDk6MjAxMS0wOS0yOC0yMC0wNC0xOSZjYXRpZD00NzplY29ub21pYy1uZXdzJkl0ZW1pZD05Nw&r=1 HTTP/1.0" - -
connect to ad.adserverplus.com:80
142.91.190.240.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=2956040&T=3&_salt=3354730349&B=12&m=2&u=http%3A%2F%2Fdomarketings.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D279%3AWhy-Contractor-Leads-Are-Best-For-Getting-Ideal-Construction-Prospects%26catid%3D2%3Abusiness&r=1 HTTP/1.0" - -
bye
108.62.75.6.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=3323456&T=3&_salt=1244915826&B=12&m=2&u=http%3A%2F%2Fdomarketings.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D989%3AThe-Basics-of-Failure-Mode-and-Effective-Analysis%26catid%3D2%3Abusiness&r=1 HTTP/1.0" - -
bye
142.91.217.220.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=728x90&s=2921135&T=3&_salt=1337464905&B=12&m=2&u=http%3A%2F%2Financezone.com%2Findex.php%3Foption%3Dcom_content%26view%3Darticle%26id%3D7236%3A2011-09-05-19-56-54%26catid%3D49%3Acareer-banking%26Itemid%3D99&r=1 HTTP/1.0" - -
bye
connect to ad.yieldmanager.com:80
108.62.178.229.rdns.ubiquityservers.com - - [17/Oct/2012 07:38:53] "GET http://ad.adserverplus.com/st?ad_type=iframe&ad_size=160x600§ion=3168350&pub_url=${PUB_URL} HTTP/1.0" - -
connect to ad.yieldmanager.com:80
108.177.168.187.rdns.ubiquity.io - - [17/Oct/2012 07:38:53] "GET http://ad.smxchange.com/st?ad_type=iframe&ad_size=300x250§ion=3285387&pop_nofreqcap=1&pub_url=${PUB_URL} HTTP/1.0" - -
skg-wr-Words.ipwagon.net - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=0x0&y=29&s=3153972&_salt=3512711469&B=12&m=2&r=1 HTTP/1.0" - -
bye
connect to ad.yieldmanager.com:80
bye
connect to ad.yieldmanager.com:80
mx1.u4gf.com - - [17/Oct/2012 07:38:53] "GET http://ad.yieldmanager.com/imp?Z=160x600&s=2959021&T=3&_salt=1516586745&B=12&m=2&u=http%3A%2F%2Fsunshinefelling.com%2Findex.php%3Fview%3Darticle%26catid%3D45%253Aplus-size-dresses%26id%3D7512%253A2012-01-25-22-42-00%26format%3Dpdf%26option%3Dcom_content%26Itemid%3D101&r=1 HTTP/1.0" - -
netstat -p (no linux - deve listar conexões e programas nessa conexão. Você pode então fazer referência cruzada aos seus logs, ou informações whois nos hosts para descobrir quais conexões são suspeitas e quais são os programas que estão causando eles.
Se for uma conexão externa - por exemplo, se você deixar o tinyproxy sem qualquer forma de restrições sobre quem pode acessá-lo, o netstat não será útil. Nesse caso, considere configurar os blocos allow e deny no tinyproxy apropriadamente.
O TinyProxy já está informando que o tráfego está na porta 80, então eu faria isso:
lsof -i tcp:80
que mostrará todos os processos usando a porta 80.
Tags proxy ubuntu http spam-prevention