grahamperrin

https://www.y2mate.com/youtube/IHmVXfKdFgM click mp3 click Download click Download .mp3 in addition to the download, I found a new tab for http://167.71.138.189/btc/btc_revo/?uclick=bznta8x98n 167.71.138.189 is blocked by Malwarebytes proceeding to the blocked page reveals fakery as described at https://www.mirror.co.uk/news/uk-news/stories-claiming-ronaldo-backing-bitcoin-16259713 Screenshot below. If y2mate.com sometimes methodically directs users to fraudulent sites, please consider blocking y2mate.com – thank you. Contexts: https://forums.malwarebytes.com/topic/253536-removevideo-trojan/?tab=comments#comment-1345797 https://web.archive.org/web/20191118041138/https://addons.mozilla.org/en-GB/firefox/addon/youtube-downloader-new-layout/reviews/1448266/

Perfect. Thanks, ottersea.

https://addons.mozilla.org/addon/youtube-downloader-new-layout/reviews/1448266/

That's ideal, thanks. Most interested in the list of extensions. The ID of your YouTube Downloader – youtube.downlaoder.update.2019@addons.mozilla.org – matches the ID of what's currently at https://addons.mozilla.org/addon/youtube-downloader-new-layout/ The mis-spelt downlaoder part of the ID is reminiscent of a YouTube Download Helper extension that's no longer at AMO. The developer's page is also missing. Too soon to tell whether the extension was withdrawn by the developer, or actively removed by Mozilla.

Menu ▶ Help ▶ Troubleshooting information I'd like to know what extensions you use. Text (not raw data) from the Troubleshooting information page is the neatest way of gathering this type of information.

Can you let us have troubleshooting information? Use the Copy text to clipboard button at: about:support

@marcgarc322 please, can you share troubleshooting information? Use the Copy text to clipboard button at: about:support Hint: if you paste the text here, paste as code (for legibility). The <> button above. Thanks

Hi Thank you for identifying the script. I am not the affected user, the first link in the opening post should help to put things in context. In the Reddit discussion, the affected user lists three extensions. For two of the three, the IDs are not immediately suspicious. For the third (see my previous post here) I hope that the user can tell us the origin.

Thanks, by coincidence a seconds before your reply I revisited and found it blocked for both http and https

Spun off from https://redd.it/dtx5ez Shared by /u/17_4PH_SS Domain: remove.video IP Address: 104.18.53.237 Port: 6912 Type: Outbound File: C:\Program Files\Waterfox\Waterfox.exe Around the same time, I found blocks on web browser connections to remove.video A frame from a recent screen recording (2019-11-10 05:22:05 UK time): It seems to me that blocks on http and https traffic were lifted around the time of the recording. Now: remove.video — Coming Soon - https://remove.video/ – comprises just two visible lines. The address of the site, plus: Powered by VESTA - https://vestacp.com/ – and the foot of the VESTA Control Panel page includes a link to https://github.com/serghey-rodin/vesta where I find nothing obviously relevant to remove.video or remove video. According to https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=102 port range 6902-6934 is unassigned. Please, can someone at Malwarebytes advise re: the origins, and apparent lifting, of this block? I might add a cross-referencing issue in the GitHub area for Vesta Control Panel. Thank you

https://redd.it/6kdr6s refers to: http://fasezero.com/lastnotice.html In the Wayback Machine, from when the site was popular and reputable: https://web.archive.org/web/20171011021748/http://fasezero.com/lastnotice.html The site changed hands. Now, lastnotice.html appears to be a 95.4 MB application. grahamperrin@momh167-gjp4-8570p:/tmp % date ; uname Sun Oct 27 10:11:02 GMT 2019 FreeBSD grahamperrin@momh167-gjp4-8570p:/tmp % pwd /tmp grahamperrin@momh167-gjp4-8570p:/tmp % wget --tries=5 http://fasezero.com/lastnotice.html --2019-10-27 10:11:08-- http://fasezero.com/lastnotice.html Resolving fasezero.com (fasezero.com)... 104.24.106.86, 104.24.107.86, 2606:4700:30::6818:6b56, ... Connecting to fasezero.com (fasezero.com)|104.24.106.86|:80... connected. HTTP request sent, awaiting response... 301 Moved Permanently Location: https://fasezero.com/lastnotice.html [following] --2019-10-27 10:11:08-- https://fasezero.com/lastnotice.html Connecting to fasezero.com (fasezero.com)|104.24.106.86|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: 'lastnotice.html.3' lastnotice.html.3 0%[ ] 24 --.-KB/s in 4.8s 2019-10-27 10:11:14 (4.98 B/s) - Connection closed at byte 24. Retrying. --2019-10-27 10:11:15-- (try: 2) https://fasezero.com/lastnotice.html Connecting to fasezero.com (fasezero.com)|104.24.106.86|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: 'lastnotice.html.3' lastnotice.html.3 0%[ ] 24 --.-KB/s in 4.8s 2019-10-27 10:11:20 (5.00 B/s) - Connection closed at byte 24. Retrying. --2019-10-27 10:11:22-- (try: 3) https://fasezero.com/lastnotice.html Connecting to fasezero.com (fasezero.com)|104.24.106.86|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: 'lastnotice.html.3' lastnotice.html.3 0%[ ] 24 --.-KB/s in 4.8s 2019-10-27 10:11:27 (5.01 B/s) - Connection closed at byte 24. Retrying. --2019-10-27 10:11:30-- (try: 4) https://fasezero.com/lastnotice.html Connecting to fasezero.com (fasezero.com)|104.24.106.86|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: 'lastnotice.html.3' lastnotice.html.3 0%[ ] 24 --.-KB/s in 4.8s 2019-10-27 10:11:35 (5.01 B/s) - Connection closed at byte 24. Retrying. --2019-10-27 10:11:39-- (try: 5) https://fasezero.com/lastnotice.html Connecting to fasezero.com (fasezero.com)|104.24.106.86|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 100000000 (95M) [application/octet-stream] Saving to: 'lastnotice.html.3' lastnotice.html.3 0%[ ] 24 --.-KB/s in 4.8s 2019-10-27 10:11:44 (5.03 B/s) - Connection closed at byte 24. Giving up. grahamperrin@momh167-gjp4-8570p:/tmp % $ drill -V 5 fasezero.com ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; fasezero.com. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Sun Oct 27 10:15:43 2019 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 48511 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; fasezero.com. IN A ;; ANSWER SECTION: fasezero.com. 280 IN A 104.24.106.86 fasezero.com. 280 IN A 104.24.107.86 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 4 msec ;; SERVER: 192.168.1.1 ;; WHEN: Sun Oct 27 10:15:43 2019 ;; MSG SIZE rcvd: 62 $ drill -V 5 104.24.106.86 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 104.24.106.86. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Sun Oct 27 10:16:03 2019 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 11746 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 104.24.106.86. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: . 6109 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019102700 1800 900 604800 86400 ;; ADDITIONAL SECTION: ;; Query time: 15 msec ;; SERVER: 192.168.1.1 ;; WHEN: Sun Oct 27 10:16:03 2019 ;; MSG SIZE rcvd: 106 $ drill -V 5 104.24.107.86 ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 ;; flags: rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 104.24.107.86. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 0 msec ;; WHEN: Sun Oct 27 10:16:12 2019 ;; MSG SIZE rcvd: 0 ;; ->>HEADER<<- opcode: QUERY, rcode: NXDOMAIN, id: 11062 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;; 104.24.107.86. IN A ;; ANSWER SECTION: ;; AUTHORITY SECTION: . 6100 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019102700 1800 900 604800 86400 ;; ADDITIONAL SECTION: ;; Query time: 15 msec ;; SERVER: 192.168.1.1 ;; WHEN: Sun Oct 27 10:16:12 2019 ;; MSG SIZE rcvd: 106 $

Two cosmetic issues. Branding app/assets/mbg.svg appears to be cropped, to its right, so most of the 'd' is invisible. In the context of app/eventpages/welcome.html: Terminology – should be: It's a browser action, not a page action. Toolbar button - Mozilla | MDN

Thanks. Updates applied manually. I have used 2.1.0 for around eleven days now. As far as I can tell: no compatibility issue with any 2.* version of the extension. A comment from a developer will be appreciated, no rush. If compatibility can be confirmed, then the strictness might be stepped down from 57.0 to 56.0 – this will be enough to enable automated updates for end users.

It seems that the block has been lifted again. Thanks to whoever made the change.