1. Predrag Radjenovic

    Apr 16, 2016
    53
    144
    Marketing; Design;
    Belgrade, Serbia
    Windows 10
    Emsisoft
    As much as I can see, no, at least not with the start page set at yandex search... In the attachment are the startup connections that I can see, but perhaps a more thorough analysis is needed. If someone's willing to check in detail, it'd be nice to know.
     

    Attached Files:

    AtlBo and HarborFront like this.
  2. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
    Can you attach the remote address connections? It is from there that you can tell where Yandex on start up connects to
     
    AtlBo likes this.
  3. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
  4. Predrag Radjenovic

    Apr 16, 2016
    53
    144
    Marketing; Design;
    Belgrade, Serbia
    Windows 10
    Emsisoft
    #24 Predrag Radjenovic, Nov 21, 2017
    Last edited: Nov 21, 2017
    Thanks for the read, interesting. I flew over it as I'm at work now, waiting for something to render... I can only conclude (time and time again and again and again) that everyone is corrupt and we can rely only to ourselves to protect, and not on any single entity...

    Anyway, I logged the connections made from starting up Yandex - see if anything stands out:

    Event Time Event Remote Address Remote Host Name
    21.11.2017. 11.24.50 Open 77.88.21.232 sba.search.yandex.net
    21.11.2017. 11.24.50 Open 213.180.193.82 api.browser.yandex.ru
    21.11.2017. 11.24.51 Open 93.158.134.82 api.browser.yandex.ru
    21.11.2017. 11.24.51 Open 93.158.134.82 api.browser.yandex.ru
    21.11.2017. 11.24.51 Open 64.233.162.106 li-in-f106.1e100.net
    21.11.2017. 11.24.51 Open 194.177.22.167 194-177-22-167.flops.ru
    21.11.2017. 11.24.52 Open 213.180.204.194 translate.yandex.net
    21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.247.13 cache-ams05.cdn.yandex.net
    21.11.2017. 11.24.57 Open 5.45.247.11 cache-ams03.cdn.yandex.net
    21.11.2017. 11.24.58 Open 77.88.21.232 sba.search.yandex.net
    21.11.2017. 11.24.59 Open 77.88.21.237 webzen.stable.qloud-b.yandex.net
    21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.25.02 Close 5.45.205.235 cdn.yandex.net
    21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
    21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
    21.11.2017. 11.25.12 Close 5.45.247.13 cache-ams05.cdn.yandex.net
    21.11.2017. 11.25.13 Close 5.45.247.11 cache-ams03.cdn.yandex.net
    21.11.2017. 11.25.19 Open 87.250.250.55 browser-storage-proxy.stable.qloud-b.yandex.net
    21.11.2017. 11.26.02 Close 194.177.22.167 194-177-22-167.flops.ru
    21.11.2017. 11.26.51 Close 213.180.193.82 api.browser.yandex.ru
    21.11.2017. 11.26.51 Close 93.158.134.82 api.browser.yandex.ru
    21.11.2017. 11.26.51 Close 93.158.134.82 api.browser.yandex.ru
    21.11.2017. 11.26.52 Close 213.180.204.194 translate.yandex.net
    21.11.2017. 11.26.59 Close 77.88.21.237 webzen.stable.qloud-b.yandex.net
    21.11.2017. 11.27.19 Close 87.250.250.55 browser-storage-proxy.stable.qloud-b.yandex.net
    21.11.2017. 11.28.51 Close 64.233.162.106 li-in-f106.1e100.net
    21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
    21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
    21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
    21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
    21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru
    21.11.2017. 11.29.49 Open 213.180.204.82 api.browser.yandex.ru

    EDIT: I should mention that I wasn't touching the browser during the logging time...
    EDIT2: Indeed there is a Google connection made, at 64.233... but that was a last closed page from previous session.
     
    AtlBo and HarborFront like this.
  5. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
    Ok, so nothing connects to Google then for I thought it might since it's a Chromium-based browser. Many Chromium-based browsers do connect to Google

    Thanks
     
    AtlBo and TairikuOkami like this.
  6. TairikuOkami

    TairikuOkami Level 8
    Content Creator

    May 13, 2017
    378
    1,599
    Postal Worker
    Slovakia
    Windows 10
    #26 TairikuOkami, Nov 21, 2017
    Last edited: Nov 21, 2017
    Yes, most of those are related to network services, like Opera Turbo, suggestions, etc.
    capture_11212017_163410.jpg capture_11212017_163426.jpg

    I have got those connections with extensions disabled and firewall off. 5222/8 is Yandex sync.
    capture_11212017_164106.jpg
     
    AtlBo and Sunshine-boy like this.
  7. HarborFront

    HarborFront Level 33
    Content Creator

    Oct 9, 2016
    2,295
    5,754
    Far East
    I'm seeing 74.125.206.188 in the middle diagram

    This address belongs to Google

    74.125.206.188 - Google - iphostinfo.com
     
    AtlBo and TairikuOkami like this.
  8. TairikuOkami

    TairikuOkami Level 8
    Content Creator

    May 13, 2017
    378
    1,599
    Postal Worker
    Slovakia
    Windows 10
    #28 TairikuOkami, Nov 21, 2017
    Last edited: Nov 22, 2017
    Wow. All I can say is thank you, I have missed that one. Thus far it looks, it is not required by sync at all. When I was googling for it, I had found mentioned, that it is required by Google Sync and I had sort of ignored the difference. :oops: Yandex mentions only 443/5222. I have removed the port and it is all clean now. ;)
    capture_11212017_180339.jpg

    I have also found this: Chromium is trying to connect to 74.125.133.188 on port 5228 / Networking, Server, and Protection / Arch Linux Forums

    Changed my rules accordingly, allowed 5222 only to Yandex. Thanks again. (y)

    Code:
    netsh advfirewall firewall add rule name="Yandex Sync" dir=out action=allow protocol=TCP remoteip=213.180.193.0-213.180.193.255 remoteport=443,5222 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
    netsh advfirewall firewall add rule name="Yandex TCP" dir=out action=allow protocol=TCP remoteport=80,443 program="%LocalAppData%\Yandex\YandexBrowser\Application\browser.exe"
     
    AtlBo and HarborFront like this.
  9. Proteus

    Proteus New Member

    Nov 28, 2017
    1
    1
    USA
    Windows 10
    Microsoft
    Has no one else noticed that it tries to re-direct to "troviDOTcom" when using the address bar to search? I used this browser for a long while until I noticed this months ago. Even tweeted at them a few times and got nothing. I have no malware on my pc by the way. I thought for sure at least someone would have mentioned this on here. I can't find any one else even talking about this.

    Edit: Of course as I typed this up someone did mention this and noticed it's only when using Bing (which I use) for default browser. The search string is set to go through trovi...what in the hell?
     
    AtlBo likes this.
  10. ar.bahar1378

    ar.bahar1378 New Member

    Feb 14, 2016
    2
    4
    persian
    Windows 8.1
    Avira
    is this browser support from google chrome add-ones ??
     
    AtlBo and Sunshine-boy like this.
  11. TairikuOkami

    TairikuOkami Level 8
    Content Creator

    May 13, 2017
    378
    1,599
    Postal Worker
    Slovakia
    Windows 10
    It looks to be normal for Opera based browsers, this is from Vivaldi.

    Vivaldi.rocks — search partnership • r/vivaldibrowser

    You can add Bing yourself, it can not be used as default, but it works when you use a keyword, like:

    capture_11292017_100314.jpg

    Or us an extensions, like Bing Search


    Most Chrome addons work, but it is better to use Opera version, when possible.
     
    AtlBo, Sunshine-boy and ar.bahar1378 like this.
  12. Sunshine-boy

    Sunshine-boy Level 22

    Apr 1, 2017
    1,169
    5,186
    IRAN
    Windows 10
    ESET
    I asked them to remove this Trovi more than 5 times:D but they will not...any way it doesn't matter! you can set your default search engine to chrome.
    for Bing, we are not using Bing directly, there is another provider and their searching proxy is Trovi. Trovi.com is expected URL for Bing search engine in our browser at this point. No viral activity involved in such case though.

    In case you still want to use Bing directly, please enter browser://settings/searchEngines and set the following parametres:

    1. Search engine: BING
    2. Keyword: bing.com
    3. URL with %s in place of query:http://www.bing.com/search?q=%s
    --
    Best Regards, Alena Suvoroff
     
    AtlBo likes this.
  13. d0ts

    d0ts Level 1

    Nov 9, 2017
    21
    61
    Viet Nam
    Windows 10
    Emsisoft
    hmm about Bing I just went to bing.com, searched for something. Then go to Setting and in Search section there already was Bing.
    browser_2017-12-12_07-48-08.png
     
    AtlBo likes this.
Loading...
Similar Threads Forum Date
Yandex browser discussion (Split Thread) Browsers and Extensions Jan 7, 2018
Update Yandex Browser 17.10.0.1512 Beta Browsers and Extensions Oct 20, 2017
Q&A HMP.A and Yandex Browser HitmanPro (Sophos) Jun 24, 2017