How to know what is behind blocked connections?

Johnny5
Johnny5
edited December 2024 in Protection - Malware/ Firmware/etc. 

Hello everyone. 


I can see in notifications that bitdefender is blocking connections. 

I can make exceptions or leave them blocked. But to confirm this decision, it would be 
good to get access to informations where I could know what these connections actually 

are and judge whether they are legitimate to me or not.


I tried Whois or Google but nothing conclusive. Any ideas? Thanks!

Answers

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Check out this article:

    https://www.bitdefender.com/consumer/support/answer/2471/

    Regards.

  • Johnny5
    Johnny5

    Thanks Gjoksi. What i exactly ment was : Is there a way to copy the suspicious url, then get on BitDefender or somewhere on the web to paste it, and finaly get what in the world is this url?

    By example, with a notification of the blocked url "thisurl.anything.io";

    - Is there a way for me to get owners-company details about it? Something like; "This site is owned by "Hear everything inc" and is based on Ontario. Among other things, they sell ear plugs and other hearing aids."

    …allowing me to judge, for example, that the URL that is about to be blocked is a connection that my hearing aid need to work properly. And thus be able to decide to allow the connection...

    Thanks a lot.

  • Alexandru_BD
    Alexandru_BD admin

    Hello,

    If thisurl.anything.io attempts to make a connection and it's being blocked, this could suggest that there's a browser redirect or a browser extension that's doing this. Most likely adware.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Gjoksi
    Gjoksi Defender of the month mod

    @Alexandru_BD

    Hello.

    I think that "thisurl.anything.io" was just an example web address and i believe that it's not an actual

    web address.

    Regards.

  • Alexandru_BD
    Alexandru_BD admin

    Yeah, it could be, but this is how these redirects usually look like. 😄

    Premium Security & Bitdefender Endpoint Security Tools user

  • Alexandru_BD
    Alexandru_BD admin

    As for the decision to block or allow, well this is really up to the user, but I think it's important to analyze the context and any information displayed in the notification, more specifically what is the reason behind the blocking, is there a problem with the page's certificate, is there any suspicion of phishing, etc. And I think the first step is to find out if the notification is really for suspicious connection blocked, or threat detected. Judging by the available information, it really seems to be a case of suspicious connection, in which case the article above explains exactly how to proceed.

    Premium Security & Bitdefender Endpoint Security Tools user

  • Johnny5
    Johnny5
    edited December 2024

    Thanks Alexandru_BD. Well i think we're both right here. I'm perfectly agree with all your affirmations. That's why it would have been interesting, in order to complete this decision, to get the possibility to identify if available somewhere out there, the source of the connection itself. By example, "(…) managed by XYZ inc".

    This would have told me, for example, if I can still allow (or not) the connection asked by a simple device for my son's games or my wife's connected electronic bathroom scale.


    Thanks for your answer. Have a good day.

  • Micmover
    Micmover

    You can try using tools like VirusTotal to analyze the URLs or IPs being blocked. It gives detailed reports on whether they're safe or malicious. Also, checking your Bitdefender logs might provide more info about the blocked connections.

All Time Leaders

Categories

Defenders of the month