What is neowin.net and why is my computer sending HTTP POST messages to neowin.net/spy?


Recommended Posts

First time I've heard of or been to Netowin.net. (Just registered a few mins ago) Just stumbled upon this looking through syslogs..

 

It may have some bundled with some other software???

 

In any case, i looked and dont have any service/process referred to as minispy and/or neowin. Cant find it on the add/remove window either. How do i stop this traffic (short of a firewall rule)?

Link to comment
Share on other sites

First time I've heard of or been to Netowin.net. (Just registered a few mins ago) Just stumbled upon this looking through syslogs..

 

It may have some bundled with some other software???

 

In any case, i looked and dont have any service/process referred to as minispy and/or neowin. Cant find it on the add/remove window either. How do i stop this traffic (short of a firewall rule)?

 

This is merely a tech news site, it doesn't install anything, doesn't log anything (except for normal type cookies) and is not a malicious in any way. To stop it's traffic, do not visit any more.

It may have some bundled with some other software???

Nope. It's merely the auto-refreshing list of latest posts on the site. Nothing is actually on your computer other than site cookies (same as any normal site).

Relax and enjoy the stay.

Link to comment
Share on other sites

neowin spy is probably not the best chosen name if you are unfamiliar with neowin and don't know what it's doing.

however, as a long term user i can confirm it's safe.

 

if you are worried generally about malware and stuff (yes the internet generally is full of it), might you consider a switch to a safer os, like linux for example?

Link to comment
Share on other sites

neowin spy is probably not the best chosen name if you are unfamiliar with neowin and don't know what it's doing.

however, as a long term user i can confirm it's safe.

 

if you are worried generally about malware and stuff (yes the internet generally is full of it), might you consider a switch to a safer os, like linux for example?

 

:rofl:

Link to comment
Share on other sites

if you are worried generally about malware and stuff (yes the internet generally is full of it), might you consider a switch to a safer os, like linux for example?

 

:rolleyes:

  • Like 2
Link to comment
Share on other sites

Would love to install linux. Using a work PC. If i format this thing they may not be too happy. :)

 

I dont think its malicious anymore based on your feedback and more research.

HOWEVER, i was not on this site when the traffic was being generated. Had a browser window open to googles homepage (and thats it as far as webbrowsers).

The useragent in the HTTP POST header is a browser(but heck, useragents can be spoofed easily enough).

 

I am using Chrome. Here is a list of my installed extensions. Could one of these be the culprit?

 

========================================================

 

AdBlock 2.7.13
The most popular Chrome extension, with over 15 million users! Blocks ads all over the web. 
 
Adblock for Youtube™ 2.17
Popular Adblock for Youtube™ Extension: Removes the video ads from Youtube™. Thanks to all AdBlock supporters! 
 
FreshStart - Cross Browser Session Manager 1.6.1
Need simple session management? Several users on the same Chrome? FreshStart is a simple cross browser session manager. 
 
FVD Downloader 5.9.7
Most Popular Downloader. Downloads most popular media formats. 
 
Hangouts 2014.730.433.1
Hangouts brings conversations to life with photos, emoji, and even group video calls for free. 
 
Honey 3.0.2.2
Automatically save time and money with the Honey shopping assistant. 
 
IE Tab Multi (Enhance) 1.0.2.1
MultiTab type IE inside Chrome. This is the neatest one among other IE extensions. 
 
Logitech Smooth Scrolling 6.65.62
Buttery-smooth scrolling for Logitech mice and touchpads. 
 
MultiLogin 0.1620
Log into multiple accounts on the same site simultaneously. 
 
User-Agent Switcher 1.8.6
User-Agent Switcher is a quick and easy way to switch between user-agents. 
 
User-Agent Switcher for Chrome 1.0.36
Spoofs & Mimics User-Agent strings. 
 
Video Downloader professional 1.97.43
Download videos from web sites or just collect them in your video list without downloading them. 
Link to comment
Share on other sites

If you idle on the forums the Mini Spy gets updated automatically and what you were seeing might be the result of the updated Mini Spy. This can't happen on the main news page, because the community activity feed doesn't update until you refresh it yourself.

Link to comment
Share on other sites

Jeeze Louise, 

 

I.... had... not... heard.... of... or used Minispy before tonight. 

 

Thats like me saying if you are not on the kalamazoo.org forums, then you have the updated WillyWonkaSpy.

 

My computer didnt start making connections to this site on its own. I'm trying to track down the source...

Link to comment
Share on other sites

I.... had... not... heard.... of... or used Minispy before tonight.

So let me understand this correctly, you had never visited Neowin ever before, and your logs showed the Neowin Spy appearing? That can't be right.

Neowin is a website. That's it. There is no software, no add-ons, nothing. The Spy is a part of the site that refreshes every few minutes to show you the latest posting updates on the forums.

If you had never visited Neowin before, there would be no reason for the Spy to be appearing in your logs. Could you maybe provide a screenshot to take a look at?

Link to comment
Share on other sites

Jeeze Louise, 

 

I.... had... not... heard.... of... or used Minispy before tonight. 

 

Thats like me saying if you are not on the kalamazoo.org forums, then you have the updated WillyWonkaSpy.

 

My computer didnt start making connections to this site on its own. I'm trying to track down the source...

 

OK, if you want help you may want to be a bit more mature about it. Several people here have told you it's just a website, the site owner even confirmed which part of the site the "spy" is. 

 

If you have never visited Neowin before then you wouldn't have any references to neowin.net in your logs. Clearly either yourself or someone else that has used the computer, or any computer that Chrome syncs too, has used neowin. Whether that was on purpose or due to browsing articles via Google and not realising it was on this site. 

 

As you said yourself, your computer wouldn't be making the connection on its own, therefore, user issue.

  • Like 2
Link to comment
Share on other sites

Log source is syslog that are being pushed to an external server running debian 3.2.0-4-686-pae. Syslog is generated at my NAT gateway.

 

Log snippet

Sep  2 04:44:58 192.168.25.75 1 0.0 CP urls src=192.168.25.109:58780 dst=74.204.71.246:80 mac=FC:F8:AE:CB:57:73 request: POST https://www.neowin.net/spy/mini?ajax=true&lastRow=row1&time=1409647343
Sep  2 04:45:13 192.168.25.75 1 0.0 CP urls src=192.168.25.109:58780 dst=74.204.71.246:80 mac=FC:F8:AE:CB:57:73 request: POST https://www.neowin.net/spy/mini?ajax=true&lastRow=row1&time=1409647343
Sep  2 04:45:28 192.168.25.75 1 0.0 CP urls src=192.168.25.109:58780 dst=74.204.71.246:80 mac=FC:F8:AE:CB:57:73 request: POST https://www.neowin.net/spy/mini?ajax=true&lastRow=row1&time=1409647343
Sep  2 04:45:43 192.168.25.75 1 0.0 CP urls src=192.168.25.109:58780 dst=74.204.71.246:80 mac=FC:F8:AE:CB:57:73 request: POST https://www.neowin.net/spy/mini?ajax=true&lastRow=row1&time=1409647343
 
 
I may have visited a partner site or something of the soft somewhere in the past. I have NEVER registered with neowin.net until tonight however. I may have a cookie as the culprit. I dont know...
 
I'm not a n00b. Not an idiot.
 
I am maturely :D asking for assistance from a forum since i couldn't figure out the source and was hoping there was a cut/dry answer. Looks like there isnt one - at least not with the audience at this time of night.
 
Will continue to look into it. When/if find the root cause i'll respond back to this thread.
Link to comment
Share on other sites

As you said yourself, your computer wouldn't be making the connection on its own, therefore, user issue.

 

BTW - malware is the source for tons of unsolicited traffic.

 

....

 

User issue non-the-less for allowing the malware to ex plot their PC.... but dont assume I knowingly initiated the traffic. 

Link to comment
Share on other sites

 

I may have visited a partner site or something of the soft somewhere in the past. I have NEVER registered with neowin.net until tonight however. I may have a cookie as the culprit. I dont know...

 
I'm not a n00b. Not an idiot.
 
I am maturely :D asking for assistance from a forum since i couldn't figure out the source and was hoping there was a cut/dry answer. Looks like there isnt one - at least not with the audience at this time of night.
 
Will continue to look into it. When/if find the root cause i'll respond back to this thread.

 

 

Hopefully you don't think i was calling you an idiot, i wasn't and wouldn't.

 

You don't need to be registered for the site to place cookies on your computer or for it to make post requests. At some point in time, somebody using the browser or computer happened to visit Neowin, at which point those events were recorded.

In order to stop that happening again, don't visit Neowin.net again, but if you do, these events are in no way harmful and it's just how the internet works. Of course i'd actually say you should stay and chill out and join in the discussion :)

Link to comment
Share on other sites

Welllll, seems a bit of a silly malware to direct traffic to Neowin... :shifty:

I am a total n00b come browser prefetching, but I wonder whether Chrome's prefetch (and a link from a partner site or even a forum topic that came up in a search) ended up causing your browser to fetch one of our pages?

Link to comment
Share on other sites

neowin spy is probably not the best chosen name if you are unfamiliar with neowin and don't know what it's doing.

however, as a long term user i can confirm it's safe.

 

if you are worried generally about malware and stuff (yes the internet generally is full of it), might you consider a switch to a safer os, like linux for example?

 

So your advice for every software / hardware problem is to switch to Linux?  :laugh:  :rofl:

 

He might as well switch into OSX, Solaris or FreeBSD as well, by your logic.

Link to comment
Share on other sites

From what OP says, that should be IMPOSSIBLE for any traces of neowin.net to show up in any logs, if no one was ever here, using your system before.

 

If this isn't one of the safest places on all of the net, then I'm shuitting off my computer and cancelling my internet! :)

Link to comment
Share on other sites

So your advice for every software / hardware problem is to switch to Linux?  :laugh:  :rofl:

 

He might as well switch into OSX, Solaris or FreeBSD as well, by your logic.

 

as you see in my profile i have also tech issues solved so from my side comes a bit more advice than only the one to switch to linux.

however if the op fears that malware and spyware affects his system, he will be safer with linux it's a fact and was therefore my suggestion.

alternatively, ofc, can also install 1 antivirus, 1 firewall and 1 antispyware program under windows.

Link to comment
Share on other sites

Let's keep OS wars out of this, shall we? If you favour one OS over another then great, but it's not helpful to the situation. Especially this one where it wouldn't make a lick of difference.

Link to comment
Share on other sites

Let's keep OS wars out of this, shall we? If you favour one OS over another then great, but it's not helpful to the situation. Especially this one where it wouldn't make a lick of difference.

We know what OS will rule them all anyways, Chinas new OS coming out.

 

Chrisfarker the Spy feature only spies on publically viewable threads to update us, it can't see private data.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.