Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: nieldm
nieldm Author
User level: Level 1
4 points

Strange network traffic

I just installed a Debookee trial on my MacBook Pro (ML 10.8.2) and notice massive amounts of traffic between my MB and livechatinc.com. For example:


14:29:43 http://secure.livechatinc.com/licence/1723821/tunnel_callback.cgi?gzdbpJjsYaqxlG r0wNoT&callback=_jqjsp&command=IWCS0116C%5ES1357829356.ae463eb01a%5E1723821%5E0% 5E&_1360074583940= GET
14:29:48 http://secure.livechatinc.com/licence/1723821/tunnel_callback.cgi?EzidSRwcSuOItJ 5mUNmL&callback=_jqjsp&command=IWCS0116C%5ES1357829356.ae463eb01a%5E1723821%5E0% 5E&_1360074588932= GET
14:29:53 http://secure.livechatinc.com/licence/1723821/tunnel_callback.cgi?raAhrr7vBwfg4h qtbQe6&callback=_jqjsp&command=IWCS0116C%5ES1357829356.ae463eb01a%5E1723821%5E0% 5E&_1360074593938= GET
14:29:58 http://secure.livechatinc.com/licence/1723821/tunnel_callback.cgi?ZSAocYKLpivk37 Vseqfi&callback=_jqjsp&command=IWCS0116C%5ES1357829356.ae463eb01a%5E1723821%5E0% 5E&_1360074598937= GET
14:30:03 http://secure.livechatinc.com/licence/1723821/tunnel_callback.cgi?Rq7uU6XCufeM7p vnJgUa&callback=_jqjsp&command=IWCS0116C%5ES1357829356.ae463eb01a%5E1723821%5E0% 5E&_1360074603936= GET
14:30:08 http://secure.livechatinc.com/licence/1723821/tunnel_callback.cgi?N10jPW0gQotIcu pfnFo1&callback=_jqjsp&command=IWCS0116C%5ES1357829356.ae463eb01a%5E1723821%5E0% 5E&_1360074608936= GET


and


14:31:39 http://www.livechatinc.com/wp-content/themes/livechat/images/download/mac/mac_lo go_text.png GET
14:31:39 http://www.livechatinc.com/wp-content/themes/livechat/images/download/mac/mac_os _content.png GET
14:31:39 http://www.livechatinc.com/wp-content/themes/livechat/images/download/mac/featur e_canned_response.png GET
14:31:39 http://www.livechatinc.com/wp-content/themes/livechat/images/download/mac/featur e_sneak_peek.png GET
14:31:39 http://www.livechatinc.com/wp-content/themes/livechat/images/common/favicon.png GET
14:31:39 http://www.livechatinc.com/wp-content/themes/livechat/images/download/mac/featur e_multitasking.png GET


Can anyone let me know what is going on here? It certainly doesn't look right to me. Have I inadvertently installed some malware or is some software communicating with their servers? Spotify, Evernote or Dropbox maybe?


Thoughts anyone?

Thanks

Marc



I have never heard of livechatinc (although I see what they do from their website) and don't use chat software.

Mac mini, OS X Mountain Lion (10.8)

Posted on Feb 5, 2013 7:03 AM

Reply
Question marked as Best reply
User profile for user: funkyfonk
funkyfonk
User level: Level 1
24 points

Posted on Feb 9, 2013 4:52 AM

Hi nieldm,


Nathan, one of Debookee's developper, here.


What is possible is that you've got a web page launched which has chat features. LiveChatInc seems to be used by major companies (although it has recently and silently been breached, see: http://seclists.org/fulldisclosure/2012/Oct/191), and can be included in web pages of other websites.


To test it, close all your browsers and see if still any traffic.

If yes, then it comes from an installed 'soft', if not, then go step by step opening websites and you'll identify it easily.


Make me think that it could be a nice feature in Debookee to see from which application the network traffic is originating: Browsers / applications / Mac OS internals ...


Good luck,

Nathan

View in context
4 replies
Question marked as Best reply
User profile for user: funkyfonk
funkyfonk
User level: Level 1
24 points

Feb 9, 2013 4:52 AM in response to nieldm

Hi nieldm,


Nathan, one of Debookee's developper, here.


What is possible is that you've got a web page launched which has chat features. LiveChatInc seems to be used by major companies (although it has recently and silently been breached, see: http://seclists.org/fulldisclosure/2012/Oct/191), and can be included in web pages of other websites.


To test it, close all your browsers and see if still any traffic.

If yes, then it comes from an installed 'soft', if not, then go step by step opening websites and you'll identify it easily.


Make me think that it could be a nice feature in Debookee to see from which application the network traffic is originating: Browsers / applications / Mac OS internals ...


Good luck,

Nathan

Reply
User profile for user: nieldm
nieldm Author
User level: Level 1
4 points

Feb 10, 2013 6:42 AM in response to funkyfonk

Thanks Nathan, I appreciate you responding. You are correct, that is exactly what it was and the "problem" is resolved.


I have to say Debookee is a very promising application indeed, a sort of "Wireshark for non-techheads"! I use LanScan as my goto Network scanner and am now seriously considering buying Debookee to replace it.


It would help were it a few $$ cheaper!


Thanks again

Marc

Reply
User profile for user: livechat
livechat
User level: Level 1
0 points

Feb 12, 2013 4:11 AM in response to nieldm

These logs confirm you are on the website that has LiveChat (http://livechatinc.com) installed on it. It means visitors on the website are given the ability to chat with customer service reps on the website. Sometimes you might be also displayed a chat invitation, offered a chat with the rep.

These logs are simply pings checking if you are still on the website and if you can be offered chat.


LiveChat as a service has not been breached - information that has been provided under the link above is not correct. We've tried reaching out to the owner of the website and ask him about the source of this wrong information that he posted and he never responded. Again, information about LiveChat service being breached is not true.


Best regards,

Szymon Klimczak

LiveChat

www.livechatinc.com

Reply

Strange network traffic

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up