How to know what is behind blocked connections?

Johnny5 · 2024-12-28T18:46:12+00:00

There was an error rendering this rich post.

Hello everyone. 


I can see in notifications that bitdefender is blocking connections. 

I can make exceptions or leave them blocked. But to confirm this decision, it would be 
good to get access to informations where I could know what these connections actually 

are and judge whether they are legitimate to me or not.


I tried Whois or Google but nothing conclusive. Any ideas? Thanks!

Find more posts tagged with

Accepted answers

All comments

Gjoksi

Hello.

Check out this article:

https://www.bitdefender.com/consumer/support/answer/2471/

Regards.

Johnny5

Thanks Gjoksi. What i exactly ment was : Is there a way to copy the suspicious url, then get on BitDefender or somewhere on the web to paste it, and finaly get what in the world is this url?

By example, with a notification of the blocked url "thisurl.anything.io";

- Is there a way for me to get owners-company details about it? Something like; "This site is owned by "Hear everything inc" and is based on Ontario. Among other things, they sell ear plugs and other hearing aids."

…allowing me to judge, for example, that the URL that is about to be blocked is a connection that my hearing aid need to work properly. And thus be able to decide to allow the connection...

Thanks a lot.

Alexandru_BD

Hello,

If thisurl.anything.io attempts to make a connection and it's being blocked, this could suggest that there's a browser redirect or a browser extension that's doing this. Most likely adware.

Gjoksi

@Alexandru_BD

Hello.

I think that "thisurl.anything.io" was just an example web address and i believe that it's not an actual

web address.

Regards.

Alexandru_BD

Yeah, it could be, but this is how these redirects usually look like. 😄

Alexandru_BD

As for the decision to block or allow, well this is really up to the user, but I think it's important to analyze the context and any information displayed in the notification, more specifically what is the reason behind the blocking, is there a problem with the page's certificate, is there any suspicion of phishing, etc. And I think the first step is to find out if the notification is really for suspicious connection blocked, or threat detected. Judging by the available information, it really seems to be a case of suspicious connection, in which case the article above explains exactly how to proceed.

Johnny5

Thanks Alexandru_BD. Well i think we're both right here. I'm perfectly agree with all your affirmations. That's why it would have been interesting, in order to complete this decision, to get the possibility to identify if available somewhere out there, the source of the connection itself. By example, "(…) managed by XYZ inc".

This would have told me, for example, if I can still allow (or not) the connection asked by a simple device for my son's games or my wife's connected electronic bathroom scale.

Thanks for your answer. Have a good day.

Micmover

You can try using tools like VirusTotal to analyze the URLs or IPs being blocked. It gives detailed reports on whether they're safe or malicious. Also, checking your Bitdefender logs might provide more info about the blocked connections.

sk8r5

Is there a way to find which IOS app is generating the blocked connection? Every day, my I-phone attempts to connect to nenmail.com about 4 times. Virustotal says 9 out of 96 think it is a phishing issue. Can't find any useful information about nenmail.com in a google search.