hamanokaito Posted June 14, 2017 Share Posted June 14, 2017 Traceroute and DNS records domain internetdownloadmanager.com. Infor Traceroute: Address lookup canonical name internetdownloadmanager.com. aliases addresses 169.55.40.5 Traceroute Tracing route to internetdownloadmanager.com [169.55.40.5]... hop rtt rtt rtt ip address fully qualified domain name 1 0 0 0 208.101.16.73 49.10.65d0.ip4.static.sl-reverse.com 2 0 0 0 66.228.118.157 ae11.dar02.sr01.dal01.networklayer.com 3 0 0 0 173.192.18.212 ae6.bbr02.eq01.dal03.networklayer.com 4 1 * 1 50.97.17.58 ae6.cbs02.eq01.dal03.networklayer.com 5 1 1 1 50.97.17.223 df.11.6132.ip4.static.sl-reverse.com 6 1 1 1 198.23.118.155 9b.76.17c6.ip4.static.sl-reverse.com 7 1 1 1 169.55.40.5 star.tonec.com Trace complete And Infor DNS records Address lookup canonical name internetdownloadmanager.com. aliases addresses 169.55.40.5 DNS records name class type data time to live internetdownloadmanager.com IN A 169.55.40.5 86400s (1.00:00:00) internetdownloadmanager.com IN SOA server: ns1.tonec.com email: [email protected] serial: 2017060901 refresh: 900 retry: 900 expire: 1209600 minimum ttl: 86400 86400s (1.00:00:00) internetdownloadmanager.com IN NS ns1.tonec.com 86400s (1.00:00:00) internetdownloadmanager.com IN NS ns2.tonec.com 86400s (1.00:00:00) internetdownloadmanager.com IN MX preference: 5 exchange: mail1.internetdownloadmanager.com 86400s (1.00:00:00) internetdownloadmanager.com IN MX preference: 10 exchange: mail2.internetdownloadmanager.com 86400s (1.00:00:00) internetdownloadmanager.com IN TXT v=spf1 mx ip4:50.97.41.98 ip4:50.22.103.114 ip4:169.55.0.225 ptr:star.tonec.com ptr:gate.cmul.net mx:mail1.internetdownloadmanager.com mx:mail2.internetdownloadmanager.com ip4:169.55.0.225 ip4:69.41.163.149 a:star.tonec.com a:gate.cmul.net ~all 86400s (1.00:00:00) 5.40.55.169.in-addr.arpa IN PTR star.tonec.com 86400s (1.00:00:00) 40.55.169.in-addr.arpa IN SOA server: ns1.arpa.networklayer.com email: [email protected] serial: 2017011000 refresh: 3600 retry: 300 expire: 604800 minimum ttl: 3600 86400s (1.00:00:00) 40.55.169.in-addr.arpa IN NS ns1.arpa.global-datacenter.com 86400s (1.00:00:00) 40.55.169.in-addr.arpa IN NS ns2.arpa.global-datacenter.com 86400s (1.00:00:00) -- end -- Link to comment Share on other sites More sharing options...
coua Posted June 14, 2017 Share Posted June 14, 2017 10 minutes ago, hamanokaito said: Spoiler Traceroute and DNS records domain internetdownloadmanager.com. Infor Traceroute: Address lookup canonical name internetdownloadmanager.com. aliases addresses 169.55.40.5 Traceroute Tracing route to internetdownloadmanager.com [169.55.40.5]... hop rtt rtt rtt ip address fully qualified domain name 1 0 0 0 208.101.16.73 49.10.65d0.ip4.static.sl-reverse.com 2 0 0 0 66.228.118.157 ae11.dar02.sr01.dal01.networklayer.com 3 0 0 0 173.192.18.212 ae6.bbr02.eq01.dal03.networklayer.com 4 1 * 1 50.97.17.58 ae6.cbs02.eq01.dal03.networklayer.com 5 1 1 1 50.97.17.223 df.11.6132.ip4.static.sl-reverse.com 6 1 1 1 198.23.118.155 9b.76.17c6.ip4.static.sl-reverse.com 7 1 1 1 169.55.40.5 star.tonec.com Trace complete And Infor DNS records Address lookup canonical name internetdownloadmanager.com. aliases addresses 169.55.40.5 DNS records name class type data time to live internetdownloadmanager.com IN A 169.55.40.5 86400s (1.00:00:00) internetdownloadmanager.com IN SOA server: ns1.tonec.com email: [email protected] serial: 2017060901 refresh: 900 retry: 900 expire: 1209600 minimum ttl: 86400 86400s (1.00:00:00) internetdownloadmanager.com IN NS ns1.tonec.com 86400s (1.00:00:00) internetdownloadmanager.com IN NS ns2.tonec.com 86400s (1.00:00:00) internetdownloadmanager.com IN MX preference: 5 exchange: mail1.internetdownloadmanager.com 86400s (1.00:00:00) internetdownloadmanager.com IN MX preference: 10 exchange: mail2.internetdownloadmanager.com 86400s (1.00:00:00) internetdownloadmanager.com IN TXT v=spf1 mx ip4:50.97.41.98 ip4:50.22.103.114 ip4:169.55.0.225 ptr:star.tonec.com ptr:gate.cmul.net mx:mail1.internetdownloadmanager.com mx:mail2.internetdownloadmanager.com ip4:169.55.0.225 ip4:69.41.163.149 a:star.tonec.com a:gate.cmul.net ~all 86400s (1.00:00:00) 5.40.55.169.in-addr.arpa IN PTR star.tonec.com 86400s (1.00:00:00) 40.55.169.in-addr.arpa IN SOA server: ns1.arpa.networklayer.com email: [email protected] serial: 2017011000 refresh: 3600 retry: 300 expire: 604800 minimum ttl: 3600 86400s (1.00:00:00) 40.55.169.in-addr.arpa IN NS ns1.arpa.global-datacenter.com 86400s (1.00:00:00) 40.55.169.in-addr.arpa IN NS ns2.arpa.global-datacenter.com 86400s (1.00:00:00) -- end -- how can you figure out it hamiko ? Link to comment Share on other sites More sharing options...
dcs18 Posted June 14, 2017 Author Share Posted June 14, 2017 Two more IDM IPs (to be blocked) added to the OP — thanks to NokiAlpha:— 50.22.103.114 169.55.0.225 Link to comment Share on other sites More sharing options...
Ecarion Posted June 14, 2017 Share Posted June 14, 2017 5 hours ago, dcs18 said: The Kaspersky firewall should also possess this capability [...] It's just an idea but I start to think I will replace WFC by something like Kaspersky (even the last time, it was a very long time ago...). Then I'm wonder any feedback about the Kaspersky 2017 or Kaspersky 2018 or Kaspersky 2019 ? I rather to avoid any Beta programs but sometimes, I can change my mind (like with 7-zip (very very stable)). Which one has a full offline installer with the latest update (like Patch E for Kaspersky 2017, etc) ? I will need to download several files instead of just one ? https://support.kaspersky.com/kis2018 (404 error (doesn't exist for now)) https://support.kaspersky.com/kis2017 (none error) http://products.kaspersky-labs.com/english/homeuser/ (Kaspersky 2018 is absent) According to these pages, I can assume the Kaspersky 2018 isn't ready yet (like RTM) ? Link to comment Share on other sites More sharing options...
A.lemane Posted June 14, 2017 Share Posted June 14, 2017 5 hours ago, dcs18 said: Windows Firewall (as most other popular firewalls) has a bug which cannot possibly block the present Tonec implementation of DNS cache poisoning, riding piggyback on svchost.exe packets — the bad news, Tonec has even been successful in bypassing the reverse DNS protection. To my knowledge only the COMODO firewall overcomes this new implementation and if I remember correctly, the Kaspersky firewall should also possess this capability (not sure though, it's been more than I year since I had the opportunity to work with the Kaspersky firewall.) Unfortunately, bitter but true developing news — most firewalls have this bug and it's gonna be challenging to convince the Publishers (they need to be reminded that COMODO had this capability right from their best old version — the V3.) COMODO is at V10, now — they've spammed that awesome version with bloatware just to appease the masses. this one https://www.privacyware.com/personal_firewall.html dos & tested ^^ its an old rival of comodo Link to comment Share on other sites More sharing options...
dcs18 Posted June 14, 2017 Author Share Posted June 14, 2017 Ecarion, I'm hoping, Users of the Kaspersky firewall can come forth and clarify whether it's working (as I assume) — you might want to have a word with IamBidyuT. A.lemane, That's really good news — sounds promising (need to have choices.) Link to comment Share on other sites More sharing options...
nOkialpha Posted June 14, 2017 Share Posted June 14, 2017 22 hours ago, A.lemane said: extract it same error whether i double click on it or try to open it using any 3rd part application like 7-zip,winrar 16 hours ago, Undertaker said: Did you try to run the file while retaining its original name "IDMFIXALL.exe"? yes i tried it this also same error 17 hours ago, hamanokaito said: I use winrar compress file .exe If you have use winrar or 7zip you can extract the file into the same directory after run NapLaiDangKyIDM.exe P/s: Update test on win 32b ltbs working good. I think your win problem. no luck already tried 7zip,winrar before restoring windows health 15 hours ago, hamanokaito said: Hi guys. i have infor for my fix. My fix just use for win 7,8,10 versions Pro. The remaining versions will be updated later. <== You can use fix but you will got fake key. Update : English for my code and add windows 10 32b LTSB. Site: https://mega.nz Sharecode[?]: /#!YUd2kbYb!a92Krk3mc2P32sAdbD1J7t5GPnIYSLxT8PG2BUhcVPQ Password: hamanokaito P/s: I will collaborate with sledge101 to create a fix full for guys. So you can use temporary fix with cmd command. My english not good. Sorry for that ! this updated setup working fine whether i double click on it or i use 7zip, winrar thanks for quick update IDM valid key URL https://secure.internetdownloadmanager.com/get.html?xxxx-xxxx-xxxx-xxxxx Anyone getting this Hijacking popup after download completion with w10fc? Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 13 hours ago, NokiAlpha said: Anyone getting this Hijacking popup after download completion with w10fc? As per my testing it was doing it at the start of the download(checked yesterday). BTW what is it trying to do? To what domain it wants to connect to? Edit: Just checked it right now, nothing at the end of the download, it's only at the start of download that it connects to 185.80.221.18 Link to comment Share on other sites More sharing options...
dcs18 Posted June 15, 2017 Author Share Posted June 15, 2017 13 hours ago, NokiAlpha said: This sounds like good news and I could be wrong here — but, there's a probability that (like COMODO and a select few other firewalls,) Windows 10 Firewall Control Plus, too . . . . . could possess the capability of retaining IDM activation (would like Users to confirm this whether the' re able to block 169.55.0.224 consistently, on a blacklisted key without a de-installation or cleaning the registry contamination.) It wouldn't come as a surprise because Windows 10 Firewall Control Plus (WRT to the template part) is actually based on COMODO to a certain extent. Link to comment Share on other sites More sharing options...
sledge101 Posted June 15, 2017 Share Posted June 15, 2017 Some update, you can use the Simple DNSCRypt (Freeware) in IDM using blocklisted keys to block etiher domain/ip or both. Some screenshots I will post instructions later testing using *.internetdownloadmanager.com, *.registeridm.com, *.tonec.com Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 5 minutes ago, sledge101 said: Some update, you can use the Simple DNSCRypt (Freeware) in IDM using blocklisted keys to block etiher domain/ip or both. From your screenshots, it looks like it is blocking for whole system Or is it just IDM? Link to comment Share on other sites More sharing options...
sledge101 Posted June 15, 2017 Share Posted June 15, 2017 15 minutes ago, Undertaker said: From your screenshots, it looks like it is blocking for whole system Or is it just IDM? Chrome extensions enabled and downloading module catching url is ok. when clicking update IDM check button you will encounter that idm updates is block... Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 15 minutes ago, sledge101 said: Ok, I see you added the screenshot, so it's for the whole system then. Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 2 minutes ago, sledge101 said: IDM only, chrome extensions enabled and downloading module catching url is ok. when clicking update IDM check button you will encounter that idm updates is block... It's for the whole system dear and not just IDM, powershell screenshots proved that. By whole system, I meant that it even affects your browser just like it blocks powershell from accessing that domain (IDM site is inaccessible). Link to comment Share on other sites More sharing options...
sledge101 Posted June 15, 2017 Share Posted June 15, 2017 35 minutes ago, Undertaker said: It's for the whole system dear and not just IDM, powershell screenshots proved that. By whole system, I meant that it even affects your browser just like it blocks powershell from accessing that domain (IDM site is inaccessible). True that the IDM site is inaccessible just like the result you get when you do host blocking on idm domains as psshell cannot find it even in cmd however pinging other sites are fine. I did specifically block only the necessary ip/domain list of IDM( removing the *.idm sites as it is not necessary anymore).. Furthermore, what made you say that it affects your browser? Do you mean specifically to other programs and browsing sites? As far as accessing other sites using the IE/Chrome browser , improtantly pinging it with ps and cmd command currently , i can still access other sites ( youtube.com, etc), download, and do my usual stuff. Please help me understand deeply what you mean by this ? Thank you in advance. Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 " Preventing IDM From Dialing Home " (By routing IDM traffic through Adguard) Caution Note:— If you're receiving fake serial, check out this post first. The Procedure:— 1) Install Internet Download Manager but do not register it just yet. 2) Install latest beta version of Adguard For Windows.3) In the 'Filtered Apps' section, choose 'Add Application' and from there select Internet Download Manager (IDM or IDMan.exe). Alternatively, you can also 'Browse for the executable'(C:\Program Files (x86)\Internet Download Manager\IDMan.exe for 64-bit or C:\Program Files\Internet Download Manager\IDMan.exe for 32-bit). Spoiler 4) Go to 'Adblocker' section and click on 'Open Filter Editor'. Now in your User Filter add the following rules to it. You can add either one of Domain-Style(experimental) or IP-Style Filter Rules(experimental) or make it even secure by using both(recommended). Domain Style Filter Rules:- ! Recommended Domain rules are listed below this line ://*internetdownloadmanager.com^$important,app=IDMan.exe ://*registeridm.com^$important,app=IDMan.exe ://*tonec.com^$important,app=IDMan.exe @@||*$app=IDMan.exe ! Experimental Domain rules are listed below this line /idman*.exe^$important,app=IDMan.exe /data/*/register*.cgi^$important,app=IDMan.exe /data/update*.txt?v=*^$important,app=IDMan.exe Spoiler OR IP-Style Filter Rules:- 108.161.189.32^$network,app=IDMan.exe,important 169.55.0.224^$network,app=IDMan.exe,important 169.55.0.225^$network,app=IDMan.exe,important 169.55.0.227^$network,app=IDMan.exe,important 169.55.40.5^$network,app=IDMan.exe,important 173.255.134.84^$network,app=IDMan.exe,important 173.255.137.80^$network,app=IDMan.exe,important 174.127.73.80^$network,app=IDMan.exe,important 174.127.73.85^$network,app=IDMan.exe,important 174.133.70.101^$network,app=IDMan.exe,important 174.133.70.98^$network,app=IDMan.exe,important 184.173.149.184^$network,app=IDMan.exe,important 184.173.188.104^$network,app=IDMan.exe,important 184.173.188.106^$network,app=IDMan.exe,important 184.173.188.107^$network,app=IDMan.exe,important 185.80.220.22^$network,app=IDMan.exe,important 185.80.221.18^$network,app=IDMan.exe,important 185.80.221.19^$network,app=IDMan.exe,important 202.134.64.74^$network,app=IDMan.exe,important 202.134.93.17^$network,app=IDMan.exe,important 207.44.199.159^$network,app=IDMan.exe,important 207.44.199.16^$network,app=IDMan.exe,important 207.44.199.165^$network,app=IDMan.exe,important 50.22.103.114^$network,app=IDMan.exe,important 50.22.78.28^$network,app=IDMan.exe,important 50.22.78.29^$network,app=IDMan.exe,important 50.22.78.31^$network,app=IDMan.exe,important 50.97.41.98^$network,app=IDMan.exe,important 50.97.82.44^$network,app=IDMan.exe,important 69.41.163.149^$network,app=IDMan.exe,important 69.41.163.49^$network,app=IDMan.exe,important 75.125.34.148^$network,app=IDMan.exe,important 75.125.34.157^$network,app=IDMan.exe,important @@||*$app=IDMan.exe 5) Register IDM with your details. Tip to download IDM setup from official site:- Spoiler On 6/17/2014 at 2:09 PM, dcs18 said: Just add the following entry to your IDM — Options >> File types >> Don't start downloading automatically from the following sites:— *.internetdownloadmanager.com Adding the above entry causes downloads to be grabbed by your default browser — instead of, by IDM (without having to press any customized special key/s.) Proof Of Concept:— Spoiler Domain-Style Filter Rules in Action:- Spoiler IP-Style Filter Rules in Action:- Spoiler Update Check In IDM:— Spoiler Update Check when using Domain-Style Filter Rules:- Spoiler Update Check when using IP-Style Filter Rules:- Spoiler Changelog:- Spoiler 15th June - Initial posting made. 19th June - IP-Style Filter Rules added. 20th June - Tip to download IDM setup from official site added. 20th June - Experimental User Filters added for Domain-Style Filter Users. 2nd July - An exception filter added to allow for seamless download through IDM. Credits: @dcs18 Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 3 minutes ago, sledge101 said: Furthermore, what made you say that it affects your browser? Do you mean specifically to other programs and browsing sites? As far as accessing other sites using the IE/Chrome browser , improtantly pinging it with ps and cmd command currently , i can still access other sites ( youtube.com, etc), download, and do my usual stuff. Please help me understand deeply what you mean by this ? What I meant was you can't access IDM site through your browser, all other sites would ofcourse continue to function like they were. I was not talking about accessing IDM download panel or download bar on other sites. This was also the problem with the hosts method. Link to comment Share on other sites More sharing options...
sledge101 Posted June 15, 2017 Share Posted June 15, 2017 19 minutes ago, Undertaker said: What I meant was you can't access IDM site through your browser, all other sites would ofcourse continue to function like they were. I was not talking about accessing IDM download panel or download bar on other sites. This was also the problem with the hosts method. true, Link to comment Share on other sites More sharing options...
dcs18 Posted June 15, 2017 Author Share Posted June 15, 2017 1 hour ago, sledge101 said: I will post instructions later testing using *.internetdownloadmanager.com, *.registeridm.com, *.tonec.com Whenever your tutorial is ready, do let me know — would be more than pleased to promote it on the OP. 21 minutes ago, Undertaker said: " Preventing IDM From Dialing Home " (By routing IDM traffic through Adguard)@dcs18 The OP and credits duly updated (your creative concept has been promoted to the very top of the first post — right on the Notice.) Link to comment Share on other sites More sharing options...
Recruit Posted June 15, 2017 Share Posted June 15, 2017 Hello guys, I see good things here, how my friend @knowledge would say. What I want to tell you is that I would like to join you concerning routing idm traffic through adguard : I will install these days a new fresh copy of Windows and I will try it. I will keep you in touch if bad things gonna happen..... Congrats @Undertaker for the new innovative method that you have discovered : always is a pleasure to greeting old friends..... Regards, Link to comment Share on other sites More sharing options...
Recruit Posted June 15, 2017 Share Posted June 15, 2017 14 minutes ago, 0bin said: Recruit, if you have time in future could you post a video how you realized the kms server, I'm interested. No video is required for such a simple job. Just install the kms server service from Ratiborus , and it will be installed a new service. Take a look below : the ip of the kms server is actually the ip of the vm in which has been installed, and do not worry, it is lan...... Spoiler Greetings, Link to comment Share on other sites More sharing options...
dcs18 Posted June 15, 2017 Author Share Posted June 15, 2017 Undertaker, You might also want to include a little sentence on your tutorial stating that, "Adguard is one of the superior ad. blockers." Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 6 minutes ago, dcs18 said: Undertaker, You might also want to include a little sentence on your tutorial stating that, "Adguard is one of the superior ad. blockers." Don't want to get a war started out lol Besides I already said:- On 6/3/2017 at 0:51 PM, Undertaker said: @Staff I'm not looking for any trouble. Adblocker discussion is always trouble for me. Besides, no need to state the obvious, I guess. Link to comment Share on other sites More sharing options...
dcs18 Posted June 15, 2017 Author Share Posted June 15, 2017 BTW, why don't you file a bug report with Alex mentioning that Windows Firewall Control (WFC) fails to block the IDM IP, 169.55.0.224 and 185.80.221.18 consistently. Link to comment Share on other sites More sharing options...
Undertaker Posted June 15, 2017 Share Posted June 15, 2017 uBlock has also come a long way since then but even now it's not to my taste. If (that's a big if)for the extensions/addons, I would prefer ABP(with EHH) for FF and uBlock for Chrome. Somewhere here, I made a post about the style modifier tag. uBlock supports it fully, Adguard(even the full program) only partially supports it. By using this tag, you can basically modify the elements of a page like changing square avatars into circular ones, apply different background colors to nsane themes, change the pixel size for a frame and much more. For e.g nsaneforums.com###ipsLayout_header header:style(background-color:#323232 !important) The above rules provide a dark color to nsane header. @Ice Frog Has been using these types of rules but I quit uBlock(was testing something) in between and he only has half the rules Now this rule is also possible to execute with Adguard(since it deals with only a single element). But if there are more than one element, that's where Adguard takes a step back. uBlock though successfully creates a rule with even multiple elements within a single rule. There are other things that are peculiar to each of the adblockers but it would take more of discussion and posts. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.