[Analyzing packages] Kicksecure

I was analyzing traffic in my host OS, looking at the traffic of the kicksecure VM.
I found this by looking at the UDP stream:
analytics.auux.comanalytics.auux.comanalytics.auux.comanalytics.auux.com…,…h…,…C.b…,…h… analytics.auux.com…,…&.G.07…C.b…,…&.G.02…h…,…&.G.00…h…
It seems a marketing agency from ubuntu. I am a little confused.
I am also worried because my gateway VM was having lot of traffic when I was doing nothing at my whonix workstation (it was on, but without tor open, no website open, and no connection; just the wallpaper).
Why is that? And why is there traffic connection to marketing agencies?

Most likely not the case and certainly not built-in.

Do not accidentally substitute Tor for a question related to Tor Browser , as this causes confusion.

system Tor runs in background even if Tor Browser isn’t open.

Use IP address. Not hostname. Then check:

Please see this:

i.e. what commands/programs run to come to that conclusion.

1 Like

You are seeing ad traffic for your Ubuntu host or vm pass through the baremetal’s Network card which you are listening to with wireshark.

We do not and never will add any ad/spyware BS to our code.


I do not have Ubuntu host, that it is why I am a little confused. And also I made sure I was analyzing exactly the specified workstation because when I closed the Whonix-Workstation, Wireshark in host OS stop capturing packages.

Well what host do you have?

In the package manager that I submitted, the whonix-workstation was hosted on a kali linux debian based OS. I know it is not the best software to run whonix because it is designed for OFFSEC and not for OPSEC. But it is not ubuntu.

Please bring this to the attention of the Kali devs as they may have included something that contains marketing/analytics by mistake. I guarantee nothing of the type exists in Debian which is why we are based on them and we definitely aren’t in the business of bundling crapware.