Review Yandex Browser

Joined
Apr 16, 2016
Messages
56
OS
Windows 10
Antivirus
Emsisoft
#21
Can you tell me where does Yandex connects to upon start up? Does it connects to Google?

Thanks
As much as I can see, no, at least not with the start page set at yandex search... In the attachment are the startup connections that I can see, but perhaps a more thorough analysis is needed. If someone's willing to check in detail, it'd be nice to know.
 

Attachments

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#22
As much as I can see, no, at least not with the start page set at yandex search... In the attachment are the startup connections that I can see, but perhaps a more thorough analysis is needed. If someone's willing to check in detail, it'd be nice to know.
Can you attach the remote address connections? It is from there that you can tell where Yandex on start up connects to
 
Likes: AtlBo
Joined
Apr 16, 2016
Messages
56
OS
Windows 10
Antivirus
Emsisoft
#24
Thanks for the read, interesting. I flew over it as I'm at work now, waiting for something to render... I can only conclude (time and time again and again and again) that everyone is corrupt and we can rely only to ourselves to protect, and not on any single entity...

Anyway, I logged the connections made from starting up Yandex - see if anything stands out:

Event Time Event Remote Address Remote Host Name
21.11.2017. 11.24.50 Open 77.88.21.232 sba.search.yandex.net
21.11.2017. 11.24.50 Open 213.180.193.82 api.browser.yandex.ru
21.11.2017. 11.24.51 Open 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.24.51 Open 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.24.51 Open 64.233.162.106 li-in-f106.1e100.net
21.11.2017. 11.24.51 Open 194.177.22.167 194-177-22-167.flops.ru
21.11.2017. 11.24.52 Open 213.180.204.194 translate.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.11 cache-ams03.cdn.yandex.net
21.11.2017. 11.24.58 Open 77.88.21.232 sba.search.yandex.net
21.11.2017. 11.24.59 Open 77.88.21.237 webzen.stable.qloud-b.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.25.13 Close 5.45.247.11 cache-ams03.cdn.yandex.net
21.11.2017. 11.25.19 Open 87.250.250.55 browser-storage-proxy.stable.qloud-b.yandex.net
21.11.2017. 11.26.02 Close 194.177.22.167 194-177-22-167.flops.ru
21.11.2017. 11.26.51 Close 213.180.193.82 api.browser.yandex.ru
21.11.2017. 11.26.51 Close 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.26.51 Close 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.26.52 Close 213.180.204.194 translate.yandex.net
21.11.2017. 11.26.59 Close 77.88.21.237 webzen.stable.qloud-b.yandex.net
21.11.2017. 11.27.19 Close 87.250.250.55 browser-storage-proxy.stable.qloud-b.yandex.net
21.11.2017. 11.28.51 Close 64.233.162.106 li-in-f106.1e100.net
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru

EDIT: I should mention that I wasn't touching the browser during the logging time...
EDIT2: Indeed there is a Google connection made, at 64.233... but that was a last closed page from previous session.
 
Last edited:

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#25
Thanks for the read, interesting. I flew over it as I'm at work now, waiting for something to render... I can only conclude (time and time again and again and again) that everyone is corrupt and we can rely only to ourselves to protect, and not on any single entity...

Anyway, I logged the connections made from starting up Yandex - see if anything stands out:

Event Time Event Remote Address Remote Host Name
21.11.2017. 11.24.50 Open 77.88.21.232 sba.search.yandex.net
21.11.2017. 11.24.50 Open 213.180.193.82 api.browser.yandex.ru
21.11.2017. 11.24.51 Open 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.24.51 Open 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.24.51 Open 64.233.162.106 li-in-f106.1e100.net
21.11.2017. 11.24.51 Open 194.177.22.167 194-177-22-167.flops.ru
21.11.2017. 11.24.52 Open 213.180.204.194 translate.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.24.57 Open 5.45.247.11 cache-ams03.cdn.yandex.net
21.11.2017. 11.24.58 Open 77.88.21.232 sba.search.yandex.net
21.11.2017. 11.24.59 Open 77.88.21.237 webzen.stable.qloud-b.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
21.11.2017. 11.25.13 Close 5.45.247.11 cache-ams03.cdn.yandex.net
21.11.2017. 11.25.19 Open 87.250.250.55 browser-storage-proxy.stable.qloud-b.yandex.net
21.11.2017. 11.26.02 Close 194.177.22.167 194-177-22-167.flops.ru
21.11.2017. 11.26.51 Close 213.180.193.82 api.browser.yandex.ru
21.11.2017. 11.26.51 Close 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.26.51 Close 93.158.134.82 api.browser.yandex.ru
21.11.2017. 11.26.52 Close 213.180.204.194 translate.yandex.net
21.11.2017. 11.26.59 Close 77.88.21.237 webzen.stable.qloud-b.yandex.net
21.11.2017. 11.27.19 Close 87.250.250.55 browser-storage-proxy.stable.qloud-b.yandex.net
21.11.2017. 11.28.51 Close 64.233.162.106 li-in-f106.1e100.net
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru

EDIT: I should mention that I wasn't touching the browser during the logging time...
EDIT2: Indeed there is a Google connection made, at 64.233... but that was a last closed page from previous session.
Ok, so nothing connects to Google then for I thought it might since it's a Chromium-based browser. Many Chromium-based browsers do connect to Google

Thanks
 

HarborFront

Level 38
Content Creator
Joined
Oct 9, 2016
Messages
2,707
#27
Yes, most of those are related to network services, like Opera Turbo, suggestions, etc.
View attachment 174045 View attachment 174046

I have got those connections with extensions disabled and firewall off. 5222/8 is Yandex sync.
View attachment 174044

My rules:
Code:
netsh advfirewall firewall add rule name="Yandex DNS" dir=out action=allow protocol=UDP remoteip=84.200.69.80,84.200.70.40 remoteport=53 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
netsh advfirewall firewall add rule name="Yandex DNSS" dir=out action=allow protocol=TCP remoteip=208.67.220.123,208.67.222.123 remoteport=443 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
netsh advfirewall firewall add rule name="Yandex TCP" dir=out action=allow protocol=TCP remoteport=80,443,5222,5228 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
I'm seeing 74.125.206.188 in the middle diagram

This address belongs to Google

74.125.206.188 - Google - iphostinfo.com
 

TairikuOkami

Level 13
Content Creator
Joined
May 13, 2017
Messages
624
OS
Windows 10
#28
I'm seeing 74.125.206.188 in the middle diagram

This address belongs to Google
Wow. All I can say is thank you, I have missed that one. Thus far it looks, it is not required by sync at all. When I was googling for it, I had found mentioned, that it is required by Google Sync and I had sort of ignored the difference. :oops: Yandex mentions only 443/5222. I have removed the port and it is all clean now. ;)
capture_11212017_180339.jpg

I have also found this: Chromium is trying to connect to 74.125.133.188 on port 5228 / Networking, Server, and Protection / Arch Linux Forums

Changed my rules accordingly, allowed 5222 only to Yandex. Thanks again. (y)

Code:
netsh advfirewall firewall add rule name="Yandex Sync" dir=out action=allow protocol=TCP remoteip=213.180.193.0-213.180.193.255 remoteport=443,5222 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
netsh advfirewall firewall add rule name="Yandex TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
 
Last edited:

Proteus

New Member
Joined
Nov 28, 2017
Messages
1
OS
Windows 10
Antivirus
Microsoft
#29
Has no one else noticed that it tries to re-direct to "troviDOTcom" when using the address bar to search? I used this browser for a long while until I noticed this months ago. Even tweeted at them a few times and got nothing. I have no malware on my pc by the way. I thought for sure at least someone would have mentioned this on here. I can't find any one else even talking about this.

Edit: Of course as I typed this up someone did mention this and noticed it's only when using Bing (which I use) for default browser. The search string is set to go through trovi...what in the hell?
 
Likes: AtlBo

TairikuOkami

Level 13
Content Creator
Joined
May 13, 2017
Messages
624
OS
Windows 10
#31
Has no one else noticed that it tries to re-direct to "troviDOTcom" when using the address bar to search?
It looks to be normal for Opera based browsers, this is from Vivaldi.

Vivaldi.rocks — search partnership • r/vivaldibrowser

You can add Bing yourself, it can not be used as default, but it works when you use a keyword, like:

capture_11292017_100314.jpg

Or us an extensions, like Bing Search


is this browser support from google chrome add-ones ??
Most Chrome addons work, but it is better to use Opera version, when possible.
 
Joined
Apr 1, 2017
Messages
1,425
OS
Windows 10
Antivirus
ESET
#32
I asked them to remove this Trovi more than 5 times:D but they will not...any way it doesn't matter! you can set your default search engine to chrome.
for Bing, we are not using Bing directly, there is another provider and their searching proxy is Trovi. Trovi.com is expected URL for Bing search engine in our browser at this point. No viral activity involved in such case though.

In case you still want to use Bing directly, please enter browser://settings/searchEngines and set the following parametres:

1. Search engine: BING
2. Keyword: bing.com
3. URL with %s in place of query:http://www.bing.com/search?q=%s
--
Best Regards, Alena Suvoroff
 
Likes: AtlBo

d0ts

Level 1
Joined
Nov 9, 2017
Messages
23
OS
Windows 10
Antivirus
Emsisoft
#33
hmm about Bing I just went to bing.com, searched for something. Then go to Setting and in Search section there already was Bing.
browser_2017-12-12_07-48-08.png
 
Likes: AtlBo

ralphkirk

New Member
Joined
Feb 6, 2018
Messages
1
OS
Windows 10
Antivirus
ESET
#34
did anyone noticed how yandex stopped syncing between two desktop/laptops despite having syncing enabled?
 

Spawn

Administrator
Staff member
Joined
Jan 8, 2011
Messages
16,959
OS
Windows 10
Antivirus
Microsoft
#37
Remove Yandex cuz I don't trust it Anymore (high telemetry also the windows try to reach Yandex domains even after I uninstalled it).Not recommended anymore.
BB Yandex LLC.
That was a quick U-turn.

I've been using Chrome since 2010 and have not had a single issue about not trusting Google. Likewise with Microsoft and Apple, these giants have nothing to hide, well mostly nothing.

Watch video: Why Enthusiast Brands will Betray You
-https://www.youtube.com/watch?v=FJgTKx-rg18
 
Joined
Apr 1, 2017
Messages
1,425
OS
Windows 10
Antivirus
ESET
#38
Yandex has a lot of features that I like: DNS spoofing Protection, https scanner, banking mode and more... but I don't like telemetry.
Although I don't like Chrom but installed the Chrome Canary.Has anyone used this before?
 

Slyguy

Level 31
Joined
Jan 27, 2017
Messages
2,094
OS
Other OS
#39
That was a quick U-turn.

I've been using Chrome since 2010 and have not had a single issue about not trusting Google. Likewise with Microsoft and Apple, these giants have nothing to hide, well mostly nothing.

Watch video: Why Enthusiast Brands will Betray You
-https://www.youtube.com/watch?v=FJgTKx-rg18
I've always been cautious about enthusiast brands. It's been confirmed some of those de-googled Chromium builds are backdoored and/or redirectors.

Yandex is clean, fast and exceedingly sexy for a browser but 100% untrustworthy now IMO. Similar to Opera, I do not trust Opera at all anymore either after my last tests with them and it backend pinging phishing domains on a fresh install. But Yandex, still connecting to Yandex domains even without Yandex on the system is hilarious and bordering on malware activity.

I still feel dirty from Yandex and feel like I need to format machines that were tainted by it. But after going over everything they appear to have been removed properly (with some manual work)
 
Joined
Apr 1, 2017
Messages
1,425
OS
Windows 10
Antivirus
ESET
#40
Last edited:
Likes: Prorootect