Jump to content

http://anonymz.com is opening .bid pages


CaneRandagio

Recommended Posts

CaneRandagio

sensa_titolo.jpg

Since three days ago when the anonymz page opens to redirect Nod32 blocks these five domains:


*blyppvdjofkqg.bid*
*ydoexgadghunl.bid*
*tcwkemlikooah.bid*
*ppskhydfqas.bid*
*nngqyjabfvq.bid*

 

I wonder if are Ads or something else

Link to comment
Share on other sites

  • Replies 19
  • Views 2.5k
  • Created
  • Last Reply

Same with me whenever i open any page from any web browser this things happens :(

 

This is from today

 

Link to comment
Share on other sites

I'm seeing  *.bid being blocked when I use Chrome. However, I see nothing unusual if I use the Microsoft browsers.

 

Update: I disabled all my extensions and the *.bid behaviour stopped. It restarted when I enabled AdBlock.

Link to comment
Share on other sites

On my systems, all those unwanted connections are blocked by default — for those whose connections aren't, the following rule can be used on their ad. blocker:—

 

||anonymz.com^$script,third-party

Link to comment
Share on other sites

13 hours ago, CaneRandagio said:

I wonder if are Ads or something else

umatrix  blocks these 3rd party sites by default  who ever it is there very spamming ..   maybe it's  malvertising or some kind of something collecting data I checked  1 ip 216.21.13.15 from a url  and it has a 120   different domains .

 

Quote

 

IP Information for 216.21.13.15

IP Location United States United States Skyland Total Uptime Technologies Llc
ASN United States AS53334 TUT-AS - Total Uptime Technologies, LLC, US (registered Jun 11, 2014)
Whois Server whois.arin.net
IP Address 216.21.13.15
NetRange:       216.21.12.0 - 216.21.13.255
CIDR:           216.21.12.0/23
NetName:        TUT-NET-2
NetHandle:      NET-216-21-12-0-1
Parent:         NET216 (NET-216-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS53334
Organization:   Total Uptime Technologies, LLC (TUTL-1)
RegDate:        2015-05-21
Updated:        2017-03-01
Comment:        For abuse inquiries, please visit https://support.totaluptime.com
Comment:        NOC hours are 24x7 at +1 828 490 4290
Ref:            https://whois.arin.net/rest/net/NET-216-21-12-0-1

OrgName:        Total Uptime Technologies, LLC
OrgId:          TUTL-1
Address:        PO Box 2228
City:           Skyland
StateProv:      NC
PostalCode:     28776
Country:        US
RegDate:        2011-09-26
Updated:        2017-01-28
Ref:            https://whois.arin.net/rest/org/TUTL-1

OrgAbuseHandle: ABUSE3164-ARIN
OrgAbuseName:   Abuse
OrgAbusePhone:  +1-800-584-1514 
OrgAbuseEmail:  
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE3164-ARIN

OrgTechHandle: NETWO4597-ARIN
OrgTechName:   Network Operations
OrgTechPhone:  +1-800-584-1514 
OrgTechEmail:  
OrgTechRef:    https://whois.arin.net/rest/poc/NETWO4597-ARIN

RNOCHandle: NETWO5765-ARIN
RNOCName:   Network Operations
RNOCPhone:  +1-800-584-1514 
RNOCEmail:  
RNOCRef:    https://whois.arin.net/rest/poc/NETWO5765-ARIN

RTechHandle: NETWO5765-ARIN
RTechName:   Network Operations
RTechPhone:  +1-800-584-1514 
RTechEmail:  
RTechRef:    https://whois.arin.net/rest/poc/NETWO5765-ARIN

RAbuseHandle: ABUSE3164-ARIN
RAbuseName:   Abuse
RAbusePhone:  +1-800-584-1514 
RAbuseEmail:  
RAbuseRef:    https://whois.arin.net/rest/poc/ABUSE3164-ARIN

 

 

 

 
Quote

 

VirusTotal

216.21.13.15 IP address information

 Geolocation
Country
 US
 Passive DNS replication
VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address.
2017-08-16 atjgtndhvbescp.bid
2017-08-16 qihdhscaydlk.bid
2017-08-16 urptvbryjgs.bid
2017-08-15 cplefwvdqkwjev.bid
2017-08-15 dsdiztki.bid
2017-08-15 eurifsiooyof.bid
2017-08-15 inhtwazkrebui.bid
2017-08-15 nfuqjjlfqjixo.bid
2017-08-15 nngqyjabfvq.bid
2017-08-15 yxtdupqc.bid

More

 

 

 Latest detected URLs
Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/65 2017-08-14 23:20:19 http://gyahidmf.bid/
1/65 2017-08-14 23:20:19 http://gulvkhfah.bid/
1/65 2017-08-14 22:55:21 http://bmxufcsmxcfwao.bid/
1/65 2017-08-14 04:15:22 http://anfjrxbxbar.bid/
1/65 2017-08-13 12:04:18 http://216.21.13.15/i.aspx
1/65 2017-08-13 05:50:23 http://jxnbwgea.bid/
1/65 2017-08-12 19:13:17 http://hvnkfjywxojrwo.bid/
2/65 2017-08-11 09:50:59 http://tmrhtbbhrfbx.bid/
2/65 2017-08-10 17:50:27 http://bkvrdeiqtgan.bid/
1/65 2017-08-10 15:30:02 http://wrjhekhmx.bid/
1/65 2017-08-08 06:10:05 http://qmisgnkw.bid/
1/65 2017-08-07 16:44:17 http://rikazsjaezda.bid/
1/65 2017-08-06 06:10:19 http://pnzaduoelv.bid/
1/65 2017-08-05 19:05:30 http://ttwiehwr.bid/
1/65 2017-08-05 00:58:02 http://rpjgaazsdfa.bid/
1/65 2017-08-04 09:03:20 http://rpjgaazsdfa.bid/yj.js
1/65 2017-08-03 14:22:37 http://rpjgaazsdfa.bid/asddsf.php&
1/65 2017-08-02 09:49:47 http://216.21.13.15:443/
1/65 2017-07-31 19:15:42 http://fdbyfnpdcqc.bid/
1/65 2017-07-30 19:09:59 http://ipcouosurtdqc.bid/
1/65 2017-07-29 11:02:01 http://ipcouosurtdqc.bid/ily.js
1/65 2017-07-29 04:38:16 http://gmecesfngrngu.bid/
1/65 2017-07-23 04:11:48 http://gahhlbxdgw.com/
1/65 2017-07-21 04:29:03 http://cbrqndeptsw.com/
1/65 2017-07-19 04:34:23 http://xjjjohojeeozv.com/
1/65 2017-07-18 11:09:16 http://tummiarunzpf.com/
1/65 2017-07-18 00:56:42 http://gxwjkbxubfjd.com/
1/65 2017-07-17 18:26:18 http://216.21.13.15/
1/65 2017-07-15 02:38:48 http://uoarbhxfyygn.com/
1/65 2017-07-14 19:43:57 http://vrewpywootyu.com/
1/65 2017-07-14 14:24:37 http://uoarbhxfyygn.com/N.aspx
1/65 2017-07-14 14:18:03 http://uoarbhxfyygn.com/mu.js
1/65 2017-07-13 07:29:33 http://vrewpywootyu.com/zYMIWQ.aspx
1/65 2017-06-29 18:06:29 http://fddbdlolkxgc.com/
1/65 2017-06-27 04:19:41 http://bvyoekxfjwpa.com/
1/65 2017-06-24 19:16:19 http://lvdtftxgbsiu.com/
1/65 2017-06-23 19:29:55 http://ngnofhussaao.com/
1/65 2017-06-23 19:29:55 http://rczagufykvpw.com/
1/65 2017-06-22 19:15:52 http://imzngbreiiiv.com/
1/65 2017-06-22 18:09:52 http://ikvfgsftmyhn.com/
1/65 2017-06-22 18:08:52 http://ozvzmgvssaou.com/
1/65 2017-06-22 15:24:18 http://vbehjwhcbhtg.com/
1/65 2017-06-21 19:14:05 http://rnhkptivhwhc.com/
1/65 2017-06-21 19:13:46 http://hrdbamvfzipe.com/
2/65 2017-06-21 19:13:45 http://teqceeivmpvv.com/
1/65 2017-06-21 18:07:34 http://jdhnfbmrhwkn.com/
4/65 2017-06-21 11:00:49 http://hopafrmwpckj.com/
3/65 2017-06-20 19:15:12 http://klfqffhvdpkd.com/
1/65 2017-06-19 21:29:38 http://soibuuqqhuyo.com/
1/65 2017-06-19 21:29:16 http://ychbtidylyna.com/
2/65 2017-06-19 11:54:44 https://hopafrmwpckj.com/
1/65 2017-06-19 09:20:05 http://spomwstrgood.com/
1/65 2017-06-19 09:11:57 http://qfrhhvbfofbt.com/
1/65 2017-06-19 06:33:33 http://iihwyqhxajtn.com/
1/65 2017-06-18 21:36:16 http://kesllcmdcsbd.com/
1/65 2017-06-18 21:15:12 http://qawaqcurthru.com/
1/65 2017-06-18 21:14:29 http://bwpqqofejekh.com/
1/65 2017-06-18 19:12:19 http://hnivikwwypcv.com/
1/65 2017-06-18 19:12:13 http://qyzoejyqbqyd.com/
1/65 2017-06-17 23:56:02 http://ychbtidylyna.com/yQ.asp?r=1497743649
1/65 2017-06-17 23:50:19 http://ychbtidylyna.com/yQ.asp?r=1497743338
1/65 2017-06-17 23:37:31 http://ychbtidylyna.com/yQ.asp?r=1497742574
1/65 2017-06-17 19:23:53 http://ychbtidylyna.com/yr.aspx
2/65 2017-06-17 19:17:11 http://ulwsjpfxwniz.com/
1/65 2017-06-17 18:07:18 http://fxcayktrneld.com/
1/65 2017-06-17 18:07:18 http://bbzwbxchqgph.com/
1/65 2017-06-16 19:26:07 http://cpynfeqyqfby.com/
 Latest detected files that were downloaded from this IP address
Latest files that are detected by at least one antivirus solution and were downloaded by VirusTotal from the IP address provided.
 Latest undetected files that were downloaded from this IP address
Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided.


 

 

Link to comment
Share on other sites

It suppose too keep you're links  anonymous   from 3 party sites but it has 3rd party sites nested into it .. So it's not OK  and i don't use  it anymore and have a addon were i can right click and copy the the direct link from sites like these without going too the site . :)

 

9com2mon140f685.png

Link to comment
Share on other sites

On 8/15/2017 at 7:26 PM, CaneRandagio said:

I wonder if are Ads or something else

It's an ad from popads.net(.bid is just one of it's domain type)

Your filter lists need a review.

Link to comment
Share on other sites

so what is the conclusion about this issue ? how can we over come this ?

 

i am still getting the block notification from many other webpages not only anonymz :( and on chrome , ff 55.0.2 , epic privacy browser , in short on all my browsers , but on different websites !

Link to comment
Share on other sites

4 minutes ago, PriSim said:

so what is the conclusion about this issue ? how can we over come this ?

 

i am still getting the block notification from many other webpages not only anonymz :( and on chrome , ff 55.0.2 , epic privacy browser , in short on all my browsers , but on different websites !

Can you show a screenshot of the notification?

Also what adblocker are you using?

Link to comment
Share on other sites

3 hours ago, Undertaker said:

Can you show a screenshot of the notification?

Also what adblocker are you using?

 

I am using Ublock origin + Adguard !

 

ESET screen !

 

E0PIxmu.png

Link to comment
Share on other sites

1 hour ago, PriSim said:

 

I am using Ublock origin + Adguard !

 

i will post the ESET screen !

Hey, why do you use two adblockers?

First things first, disable uBlock and try with Adguard alone.

If still you receive ads or popups, give the site name and possible screenshots of ads appearing(The filtering log/logger screenshot).

 

@PriSim Just saw your edited post, first try what I said in second line, and then reply back to give feedback. :)

Link to comment
Share on other sites

28 minutes ago, Undertaker said:

Hey, why do you use two adblockers?

First things first, disable uBlock and try with Adguard alone.

If still you receive ads or popups, give the site name and possible screenshots of ads appearing(The filtering log/logger screenshot).

 

@PriSim Just saw your edited post, first try what I said in second line, and then reply back to give feedback. :)

 

I am not using ublock in every browser , i am using 3 browsers , only in ff i  am using ublock , for other 2 browsers i am using the only adguard, but having the issue !

Link to comment
Share on other sites

Just now, PriSim said:

 

I am not using ublock in every browser , i am using 3 browsers , only in ff i  am using ublock , for other 2 browsers i am using the only adguard, but having the issue !

Add the following rule to your adblocker and restart browser cleaning cache, history, cookies etc.:-

://*.bid^$script,third-party

Reply how it is then.

Link to comment
Share on other sites

3 minutes ago, 0bin said:

This rule is rational, if what they say here is true, Each domain is 2h fox dead,

cannot do a rule for a speicific domain .bid, but has to follow Undertaker approach. Or use a system wise JavaScript Default/Deny approach.

I think Adguard is blocking right in his system, it's just that ESET is able to access the request to .bid domain first and hence the notification.

If even after adding that rule, he is receiving the ESET notification than it will be proven that ESET got the request first and that's why it blocked it first and it never let the request reach Adguard.

Link to comment
Share on other sites

5 minutes ago, Undertaker said:

I think Adguard is blocking right in his system, it's just that ESET is able to access the request to .bid domain first and hence the notification.

If even after adding that rule, he is receiving the ESET notification than it will be proven that ESET got the request first and that's why it blocked it first and it never let the request reach Adguard.

 

This is the right point , eset is monitoring the traffic properly where adblockers are just bypassing them , but on page end that bypassed add or page loaded , so eset block its further access !

Link to comment
Share on other sites

5 minutes ago, PriSim said:

 

This is the right point , eset is monitoring the traffic properly where adblockers are just bypassing them , but on page end that bypassed add or page loaded , so eset block its further access !

No adblockers are not bypassing them.

If you will stop your ESET protection for a while, you will notice in your adblocker's logger that even they block it fully.

What I wanted to say was in your system maybe eset is at the first level of defence, that's why it blocks it and shows the notification.

And others like Adguard are at later stages of protection, and because ESET didn't allow the request to reach them in the first place, they don't act.

 

I would still suggest you to test the rule I gave in the post above and reply how your system behaves.

If you would like to get rid of those notifications, maybe you can create a whitelist rule in your ESET to allow those request to pass through it and your adblocker will block them silently.

Link to comment
Share on other sites

1 hour ago, PriSim said:

I am not using ublock in every browser , i am using 3 browsers , only in ff i  am using ublock , for other 2 browsers i am using the only adguard, but having the issue !

Isn't that resource-intensive and also a lot of work?

 

 

5 hours ago, PriSim said:

so what is the conclusion about this issue ? how can we over come this ?

 

i am still getting the block notification from many other webpages not only anonymz :( and on chrome , ff 55.0.2 , epic privacy browser , in short on all my browsers , but on different websites !

If notifications are an issue for you, just right click the icon at the SysTray >> Advanced setup... >> User interface >> Alerts and notifications (on the right hand pane you can customize all your notifications.)

 

The above steps are for EAV — should be something along the same lines, on ESS.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...