http://anonymz.com is opening .bid pages

[CaneRandagio]

Since three days ago when the anonymz page opens to redirect Nod32 blocks these five domains:

*blyppvdjofkqg.bid*
*ydoexgadghunl.bid*
*tcwkemlikooah.bid*
*ppskhydfqas.bid*
*nngqyjabfvq.bid*

 

I wonder if are Ads or something else

[PriSim]

Same with me whenever i open any page from any web browser this things happens

 

This is from today

 

[Picasso]

I'm seeing  *.bid being blocked when I use Chrome. However, I see nothing unusual if I use the Microsoft browsers.

 

Update: I disabled all my extensions and the *.bid behaviour stopped. It restarted when I enabled AdBlock.

[dcs18]

On my systems, all those unwanted connections are blocked by default — for those whose connections aren't, the following rule can be used on their ad. blocker:—

 

||anonymz.com^$script,third-party

[sanjoa]

And I thougt I have a virus on my computer.

[steven36]

13 hours ago, CaneRandagio said:

I wonder if are Ads or something else

umatrix  blocks these 3rd party sites by default  who ever it is there very spamming ..   maybe it's  malvertising or some kind of something collecting data I checked  1 ip 216.21.13.15 from a url  and it has a 120   different domains .

 

Quote

 

IP Information for 216.21.13.15

 Quick Stats

IP Location	United States Skyland Total Uptime Technologies Llc
ASN	AS53334 TUT-AS - Total Uptime Technologies, LLC, US (registered Jun 11, 2014)
Whois Server	whois.arin.net
IP Address	216.21.13.15

NetRange:       216.21.12.0 - 216.21.13.255
CIDR:           216.21.12.0/23
NetName:        TUT-NET-2
NetHandle:      NET-216-21-12-0-1
Parent:         NET216 (NET-216-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS53334
Organization:   Total Uptime Technologies, LLC (TUTL-1)
RegDate:        2015-05-21
Updated:        2017-03-01
Comment:        For abuse inquiries, please visit https://support.totaluptime.com
Comment:        NOC hours are 24x7 at +1 828 490 4290
Ref:            https://whois.arin.net/rest/net/NET-216-21-12-0-1

OrgName:        Total Uptime Technologies, LLC
OrgId:          TUTL-1
Address:        PO Box 2228
City:           Skyland
StateProv:      NC
PostalCode:     28776
Country:        US
RegDate:        2011-09-26
Updated:        2017-01-28
Ref:            https://whois.arin.net/rest/org/TUTL-1

OrgAbuseHandle: ABUSE3164-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-800-584-1514 
OrgAbuseEmail:  
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE3164-ARIN

OrgTechHandle: NETWO4597-ARIN
OrgTechName:   Network Operations
OrgTechPhone:  +1-800-584-1514 
OrgTechEmail:  
OrgTechRef:    https://whois.arin.net/rest/poc/NETWO4597-ARIN

RNOCHandle: NETWO5765-ARIN
RNOCName:   Network Operations
RNOCPhone:  +1-800-584-1514 
RNOCEmail:  
RNOCRef:    https://whois.arin.net/rest/poc/NETWO5765-ARIN

RTechHandle: NETWO5765-ARIN
RTechName:   Network Operations
RTechPhone:  +1-800-584-1514 
RTechEmail:  
RTechRef:    https://whois.arin.net/rest/poc/NETWO5765-ARIN

RAbuseHandle: ABUSE3164-ARIN
RAbuseName:   Abuse
RAbusePhone:  +1-800-584-1514 
RAbuseEmail:  
RAbuseRef:    https://whois.arin.net/rest/poc/ABUSE3164-ARIN

 

 

 

 

Quote

 

VirusTotal

216.21.13.15 IP address information

 Geolocation

Country

 US

 Passive DNS replication

VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.

2017-08-16 atjgtndhvbescp.bid

2017-08-16 qihdhscaydlk.bid

2017-08-16 urptvbryjgs.bid

2017-08-15 cplefwvdqkwjev.bid

2017-08-15 dsdiztki.bid

2017-08-15 eurifsiooyof.bid

2017-08-15 inhtwazkrebui.bid

2017-08-15 nfuqjjlfqjixo.bid

2017-08-15 nngqyjabfvq.bid

2017-08-15 yxtdupqc.bid

More

 

 

 Latest detected URLs

Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.

1/65 2017-08-14 23:20:19 http://gyahidmf.bid/

1/65 2017-08-14 23:20:19 http://gulvkhfah.bid/

1/65 2017-08-14 22:55:21 http://bmxufcsmxcfwao.bid/

1/65 2017-08-14 04:15:22 http://anfjrxbxbar.bid/

1/65 2017-08-13 12:04:18 http://216.21.13.15/i.aspx

1/65 2017-08-13 05:50:23 http://jxnbwgea.bid/

1/65 2017-08-12 19:13:17 http://hvnkfjywxojrwo.bid/

2/65 2017-08-11 09:50:59 http://tmrhtbbhrfbx.bid/

2/65 2017-08-10 17:50:27 http://bkvrdeiqtgan.bid/

1/65 2017-08-10 15:30:02 http://wrjhekhmx.bid/

1/65 2017-08-08 06:10:05 http://qmisgnkw.bid/

1/65 2017-08-07 16:44:17 http://rikazsjaezda.bid/

1/65 2017-08-06 06:10:19 http://pnzaduoelv.bid/

1/65 2017-08-05 19:05:30 http://ttwiehwr.bid/

1/65 2017-08-05 00:58:02 http://rpjgaazsdfa.bid/

1/65 2017-08-04 09:11:05 http://rpjgaazsdfa.bid/p.php?r=1501795729&cmltqkao=3&aalgidjh=1093923&tsxemiyu=&mxdnyncu=&bhnj...

1/65 2017-08-04 09:03:20 http://rpjgaazsdfa.bid/yj.js

1/65 2017-08-03 14:22:37 http://rpjgaazsdfa.bid/asddsf.php&

1/65 2017-08-02 09:49:47 http://216.21.13.15:443/

1/65 2017-07-31 19:15:42 http://fdbyfnpdcqc.bid/

1/65 2017-07-31 17:40:55 http://fdbyfnpdcqc.bid/POsh.htm?r=1501522743

1/65 2017-07-31 17:35:03 http://fdbyfnpdcqc.bid/AwJIsP.php?r=1501522411

1/65 2017-07-31 17:21:41 http://fdbyfnpdcqc.bid/POsh.htm?r=1501521602

1/65 2017-07-31 17:16:15 http://fdbyfnpdcqc.bid/AwJIsP.php?r=1501521266

1/65 2017-07-31 17:02:44 http://fdbyfnpdcqc.bid/POsh.htm?r=1501520461

1/65 2017-07-31 16:47:04 http://fdbyfnpdcqc.bid/AwJIsP.php?r=1501519467

1/65 2017-07-31 16:44:07 http://fdbyfnpdcqc.bid/POsh.htm?r=1501519320

1/65 2017-07-31 16:25:30 http://fdbyfnpdcqc.bid/AwJIsP.php?r=1501518134

1/65 2017-07-31 16:07:20 http://fdbyfnpdcqc.bid/AwJIsP.php?r=1501516984

1/65 2017-07-30 19:09:59 http://ipcouosurtdqc.bid/

1/65 2017-07-29 11:02:01 http://ipcouosurtdqc.bid/ily.js

1/65 2017-07-29 04:38:16 http://gmecesfngrngu.bid/

1/65 2017-07-23 04:11:48 http://gahhlbxdgw.com/

1/65 2017-07-21 04:29:03 http://cbrqndeptsw.com/

1/65 2017-07-19 04:34:23 http://xjjjohojeeozv.com/

1/65 2017-07-18 11:09:16 http://tummiarunzpf.com/

1/65 2017-07-18 00:56:42 http://gxwjkbxubfjd.com/

1/65 2017-07-17 18:26:18 http://216.21.13.15/

1/65 2017-07-15 02:38:48 http://uoarbhxfyygn.com/

2/65 2017-07-14 22:04:57 https://vrewpywootyu.com/rhQg.htm?c=4788706&i=7507963723&a=1500068598&t=2975059171&h=281&n=%21...

1/65 2017-07-14 21:10:39 http://vrewpywootyu.com/JHKI.php?n=00000000000&m=-180&o=wifi&j=2479329257076&q=360%2C640%2C1%2...

1/65 2017-07-14 19:43:57 http://vrewpywootyu.com/

1/65 2017-07-14 14:24:37 http://uoarbhxfyygn.com/N.aspx

1/65 2017-07-14 14:18:03 http://uoarbhxfyygn.com/mu.js

1/65 2017-07-13 07:29:33 http://vrewpywootyu.com/zYMIWQ.aspx

1/65 2017-06-29 18:06:29 http://fddbdlolkxgc.com/

1/65 2017-06-27 04:19:41 http://bvyoekxfjwpa.com/

1/65 2017-06-24 19:16:19 http://lvdtftxgbsiu.com/

1/65 2017-06-23 19:29:55 http://ngnofhussaao.com/

1/65 2017-06-23 19:29:55 http://rczagufykvpw.com/

1/65 2017-06-22 19:15:52 http://imzngbreiiiv.com/

1/65 2017-06-22 18:09:52 http://ikvfgsftmyhn.com/

1/65 2017-06-22 18:08:52 http://ozvzmgvssaou.com/

1/65 2017-06-22 15:24:18 http://vbehjwhcbhtg.com/

1/65 2017-06-21 19:14:05 http://rnhkptivhwhc.com/

1/65 2017-06-21 19:13:46 http://hrdbamvfzipe.com/

2/65 2017-06-21 19:13:45 http://teqceeivmpvv.com/

1/65 2017-06-21 18:07:34 http://jdhnfbmrhwkn.com/

4/65 2017-06-21 11:00:49 http://hopafrmwpckj.com/

1/65 2017-06-20 19:39:57 http://teqceeivmpvv.com/ObwuLJ.aspx?r=1497987422

3/65 2017-06-20 19:15:12 http://klfqffhvdpkd.com/

1/65 2017-06-19 21:29:38 http://soibuuqqhuyo.com/

1/65 2017-06-19 21:29:16 http://ychbtidylyna.com/

1/65 2017-06-19 19:48:23 http://teqceeivmpvv.com/h.aspx?r=1497795339&jgwyrwav=3&kaycicji=1874807&kfneviua=&wqrxemzd=30&...

5/65 2017-06-19 18:38:32 http://teqceeivmpvv.com/809981e5b09d5336c45d72d0869ada2a.swf

3/65 2017-06-19 16:58:14 http://hopafrmwpckj.com/809981e5b09d5336c45d72d0869ada2a.swf?inline=1

2/65 2017-06-19 11:54:44 https://hopafrmwpckj.com/

1/65 2017-06-19 09:20:05 http://spomwstrgood.com/

1/65 2017-06-19 09:11:57 http://qfrhhvbfofbt.com/

1/65 2017-06-19 07:08:47 http://teqceeivmpvv.com/mkj.asp?r=1497798714&gdvlfpwj=3&yutqidno=1668978&fbwvrgox=&yldtquun=&l...

1/65 2017-06-19 06:33:33 http://iihwyqhxajtn.com/

1/65 2017-06-18 21:36:16 http://kesllcmdcsbd.com/

1/65 2017-06-18 21:15:12 http://qawaqcurthru.com/

1/65 2017-06-18 21:14:29 http://bwpqqofejekh.com/

1/65 2017-06-18 19:12:19 http://hnivikwwypcv.com/

1/65 2017-06-18 19:12:13 http://qyzoejyqbqyd.com/

1/65 2017-06-18 01:15:19 http://ychbtidylyna.com/EXfx.html?r=1497748457

1/65 2017-06-18 00:55:23 http://ychbtidylyna.com/EXfx.html?r=1497747257

1/65 2017-06-18 00:45:18 http://ychbtidylyna.com/EXfx.html?r=1497746658

1/65 2017-06-18 00:25:25 http://ychbtidylyna.com/UG.aspx?r=1497745457

1/65 2017-06-18 00:15:26 http://ychbtidylyna.com/UG.aspx?r=1497744857

1/65 2017-06-18 00:05:15 http://ychbtidylyna.com/UG.aspx?r=1497744257

1/65 2017-06-17 23:56:02 http://ychbtidylyna.com/yQ.asp?r=1497743649

1/65 2017-06-17 23:55:15 http://ychbtidylyna.com/UG.aspx?r=1497743621

1/65 2017-06-17 23:54:17 http://ychbtidylyna.com/UG.aspx?r=1497743579

1/65 2017-06-17 23:53:10 http://ychbtidylyna.com/UG.aspx?r=1497743523

1/65 2017-06-17 23:52:07 http://ychbtidylyna.com/UG.aspx?r=1497743449

1/65 2017-06-17 23:51:06 http://ychbtidylyna.com/UG.aspx?r=1497743383

1/65 2017-06-17 23:50:19 http://ychbtidylyna.com/yQ.asp?r=1497743338

1/65 2017-06-17 23:48:04 http://ychbtidylyna.com/UG.aspx?r=1497743217

1/65 2017-06-17 23:40:21 http://ychbtidylyna.com/UG.aspx?r=1497742753

1/65 2017-06-17 23:38:04 http://ychbtidylyna.com/UG.aspx?r=1497742616

1/65 2017-06-17 23:37:31 http://ychbtidylyna.com/yQ.asp?r=1497742574

1/65 2017-06-17 19:23:53 http://ychbtidylyna.com/yr.aspx

2/65 2017-06-17 19:17:11 http://ulwsjpfxwniz.com/

1/65 2017-06-17 18:07:18 http://fxcayktrneld.com/

1/65 2017-06-17 18:07:18 http://bbzwbxchqgph.com/

1/65 2017-06-17 17:00:02 https://qfrhhvbfofbt.com/IWVgpH.htm?p=4691245&t=6246614709&n=1497712794&d=3219042157&x=345&l=%...

1/65 2017-06-17 16:17:17 https://qfrhhvbfofbt.com/IWVgpH.htm?p=4691245&t=6246614709&n=1497712794&d=3219042157&x=345&l=!...

1/65 2017-06-16 19:26:07 http://cpynfeqyqfby.com/

 Latest detected files that were downloaded from this IP address

Latest files that are detected by at least one antivirus solution and were downloaded by VirusTotal from the IP address provided.

28/56 2017-06-19 18:38:33 ad9264b8e777ad84343633d0b972b6fecef9a7e46a151caf84019ef49ff64427

1/55 2017-02-22 00:33:11 7da7df6b2ae25a2b32a494dacea2c51b02b173dcb020c79f4df47a92fb497274

 Latest undetected files that were downloaded from this IP address

Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided.

0/56 2017-08-15 16:22:08 f348bf5fea3d92b987054fad715d4135c8b396022bf18fb2ab5982a1d20a98b5

0/55 2017-08-15 12:22:29 95bd007cef42ed8ad73f3ce1de2f2e0da1ae2965e7a36884a03e58fb22f5b617

0/55 2017-08-04 09:11:09 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5

0/58 2017-08-02 00:20:19 9d04c80599f014cb52b9809e7b98f03878f256e306d1b26b5ae8347f55678c0f

0/55 2017-07-26 12:50:57 6dca358c297e36e0818d12f304af93e986f7e983ac0a01fbb00de15191a54b5b

0/57 2017-05-11 08:11:48 74af4cc050b6ffb656d45cd9f8481ce346a35c1458f49703c18bd935b413a113

0/50 2017-01-31 20:08:55 c7ddc779dacdd3c43a5e91d7856bf3a9dc9b71db400a5ba1fc900a359929667d

0/55 2016-11-12 14:23:52 a059acdd3f1a4c9bfb5d0d7dca25ea7ad6b1fa46dfaed0beed35e669bef92d96

 

 

 

[pc71520]

http://anonymz.com

is O.K.

[steven36]

It suppose too keep you're links  anonymous   from 3 party sites but it has 3rd party sites nested into it .. So it's not OK  and i don't use  it anymore and have a addon were i can right click and copy the the direct link from sites like these without going too the site .

 

[knowledge-Spammer]

blyppvdjofkqg.bid

seems funny no ? is with http://remnantnewspaper.com/web/index.php

http://www.lawntilibjoi.cf/show/extension/bid

 

[Undertaker]

On 8/15/2017 at 7:26 PM, CaneRandagio said:

I wonder if are Ads or something else

It's an ad from popads.net(.bid is just one of it's domain type)

Your filter lists need a review.

[PriSim]

so what is the conclusion about this issue ? how can we over come this ?

 

i am still getting the block notification from many other webpages not only anonymz and on chrome , ff 55.0.2 , epic privacy browser , in short on all my browsers , but on different websites !

[Undertaker]

4 minutes ago, PriSim said:

so what is the conclusion about this issue ? how can we over come this ?

 

i am still getting the block notification from many other webpages not only anonymz and on chrome , ff 55.0.2 , epic privacy browser , in short on all my browsers , but on different websites !

Can you show a screenshot of the notification?

Also what adblocker are you using?

[PriSim]

3 hours ago, Undertaker said:

Can you show a screenshot of the notification?

Also what adblocker are you using?

 

I am using Ublock origin + Adguard !

 

ESET screen !

 

[Undertaker]

1 hour ago, PriSim said:

 

I am using Ublock origin + Adguard !

 

i will post the ESET screen !

Hey, why do you use two adblockers?

First things first, disable uBlock and try with Adguard alone.

If still you receive ads or popups, give the site name and possible screenshots of ads appearing(The filtering log/logger screenshot).

 

@PriSim Just saw your edited post, first try what I said in second line, and then reply back to give feedback.

[PriSim]

28 minutes ago, Undertaker said:

Hey, why do you use two adblockers?

First things first, disable uBlock and try with Adguard alone.

If still you receive ads or popups, give the site name and possible screenshots of ads appearing(The filtering log/logger screenshot).

 

@PriSim Just saw your edited post, first try what I said in second line, and then reply back to give feedback.

 

I am not using ublock in every browser , i am using 3 browsers , only in ff i  am using ublock , for other 2 browsers i am using the only adguard, but having the issue !

[Undertaker]

Just now, PriSim said:

 

I am not using ublock in every browser , i am using 3 browsers , only in ff i  am using ublock , for other 2 browsers i am using the only adguard, but having the issue !

Add the following rule to your adblocker and restart browser cleaning cache, history, cookies etc.:-

://*.bid^$script,third-party

Reply how it is then.

[Undertaker]

3 minutes ago, 0bin said:

This rule is rational, if what they say here is true, Each domain is 2h fox dead,

cannot do a rule for a speicific domain .bid, but has to follow Undertaker approach. Or use a system wise JavaScript Default/Deny approach.

I think Adguard is blocking right in his system, it's just that ESET is able to access the request to .bid domain first and hence the notification.

If even after adding that rule, he is receiving the ESET notification than it will be proven that ESET got the request first and that's why it blocked it first and it never let the request reach Adguard.

[PriSim]

5 minutes ago, Undertaker said:

I think Adguard is blocking right in his system, it's just that ESET is able to access the request to .bid domain first and hence the notification.

If even after adding that rule, he is receiving the ESET notification than it will be proven that ESET got the request first and that's why it blocked it first and it never let the request reach Adguard.

 

This is the right point , eset is monitoring the traffic properly where adblockers are just bypassing them , but on page end that bypassed add or page loaded , so eset block its further access !

[Undertaker]

5 minutes ago, PriSim said:

 

This is the right point , eset is monitoring the traffic properly where adblockers are just bypassing them , but on page end that bypassed add or page loaded , so eset block its further access !

No adblockers are not bypassing them.

If you will stop your ESET protection for a while, you will notice in your adblocker's logger that even they block it fully.

What I wanted to say was in your system maybe eset is at the first level of defence, that's why it blocks it and shows the notification.

And others like Adguard are at later stages of protection, and because ESET didn't allow the request to reach them in the first place, they don't act.

 

I would still suggest you to test the rule I gave in the post above and reply how your system behaves.

If you would like to get rid of those notifications, maybe you can create a whitelist rule in your ESET to allow those request to pass through it and your adblocker will block them silently.

[dcs18]

1 hour ago, PriSim said:

I am not using ublock in every browser , i am using 3 browsers , only in ff i  am using ublock , for other 2 browsers i am using the only adguard, but having the issue !

Isn't that resource-intensive and also a lot of work?

 

 

5 hours ago, PriSim said:

so what is the conclusion about this issue ? how can we over come this ?

 

i am still getting the block notification from many other webpages not only anonymz and on chrome , ff 55.0.2 , epic privacy browser , in short on all my browsers , but on different websites !

If notifications are an issue for you, just right click the icon at the SysTray >> Advanced setup... >> User interface >> Alerts and notifications (on the right hand pane you can customize all your notifications.)

 

The above steps are for EAV — should be something along the same lines, on ESS.