candylovergirl Posted June 11, 2018 ID:1249524 Share Posted June 11, 2018 Hello, Firefox latest version with With Adblock Plus I was checking my mail @ hotmail, and checking the features of a product @ Corel International, but not tracking any DHL package when I got this: And I wonder why I get it Thanks Came Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 6/11/18 Protection Event Time: 3:53 PM Log File: 82beb44f-6db9-11e8-b761-6cf049562b12.json Administrator: Yes -Software Information- Version: 3.5.1.2522 Components Version: 1.0.374 Update Package Version: 1.0.5440 License: Premium -System Information- OS: Windows 10 (Build 17134.81) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , , Blocked, [-1], [-1],0.0.0 -Website Data- Category: RiskWare Domain: dhl-news.com IP Address: 104.16.209.86 Port: [50659] Type: Outbound File: C:\Program Files\Mozilla Firefox\firefox.exe (end) Link to post Share on other sites More sharing options...
Staff Malwarebytes Posted June 11, 2018 Staff ID:1249525 Share Posted June 11, 2018 ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: Spoiler If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply: NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. Download Malwarebytes Support Tool Once the file is downloaded, open your Downloads folder/location of the downloaded file Double-click mb-support-X.X.X.XXXX.exe to run the program You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent. Place a checkmark next to Accept License Agreement and click Next You will be presented with a page stating, "Welcome to the Malwarebytes Support Tool!" Click the Advanced Options link Click the Gather Logs button A progress bar will appear and the program will proceed to gather troubleshooting information from your computer Upon completion, click OK A file named mbst-grab-results.zip will be saved to your Desktop Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: Click "Reveal Hidden Contents" below for details on how to attach a file: Spoiler To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button. One of our experts will be able to assist you shortly. If you are having licensing issues, please do the following: Spoiler For any of these issues: Renewals Refunds (including double billing) Cancellations Update Billing Info Multiple Transactions Consumer Purchases Transaction Receipt Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 Thanks in advance for your patience. -The Malwarebytes Forum Team Link to post Share on other sites More sharing options...
exile360 Posted June 11, 2018 ID:1249528 Share Posted June 11, 2018 It doesn't appear that dhl-news.com actually belongs to DHL. It seems it's just some sort of price comparison service for shipping, so what was blocked was most likely an advertisement on the page you were visiting. Link to post Share on other sites More sharing options...
candylovergirl Posted June 11, 2018 Author ID:1249532 Share Posted June 11, 2018 (edited) Mhhh, But not advertisement @ https://www.coreldraw.com/la/product/home-student/ and hotmail opens with Adblock Plus so NO advertisement also and I don't have any mail about that domain in my inbox Please help, because IF this message appears again, I can always block it by firewall, I just need to have more information Thanks Came Edited June 11, 2018 by candylovergirl Link to post Share on other sites More sharing options...
exile360 Posted June 11, 2018 ID:1249536 Share Posted June 11, 2018 I'm not sure then. I guess it could be some kind of tracker they're using, but there's no way to determine that without asking Corel most likely. Also, while Adblock Plus does block ads, it doesn't necessarily block connections to ad servers since it resides in the browser as a plugin. The Web Protection in Malwarebytes operates in the network stack in the same layer as the Windows Firewall and actually uses the same filtering technology as the Windows Firewall itself (WFP, i.e. the Windows Filtering Platform) so it would see any connection attempt to/from the site going through your internet connection. Link to post Share on other sites More sharing options...
candylovergirl Posted June 12, 2018 Author ID:1249554 Share Posted June 12, 2018 2 hours ago, exile360 said: I'm not sure then. I guess it could be some kind of tracker they're using, but there's no way to determine that without asking Corel most likely. Also, while Adblock Plus does block ads, it doesn't necessarily block connections to ad servers since it resides in the browser as a plugin. The Web Protection in Malwarebytes operates in the network stack in the same layer as the Windows Firewall and actually uses the same filtering technology as the Windows Firewall itself (WFP, i.e. the Windows Filtering Platform) so it would see any connection attempt to/from the site going through your internet connection. How do I block dhl-news.com via hosts file? Will it work? 127.0.0.1 dhl-news.com Thanks Camelia Link to post Share on other sites More sharing options...
exile360 Posted June 12, 2018 ID:1249556 Share Posted June 12, 2018 Yes, you could most likely block it by adding each of the following to your HOSTS file: 127.0.0.1 dhl-news.com 127.0.0.1 www.dhl-news.com Alternatively you could use 0.0.0.0 instead of 127.0.0.1 and in theory it might improve performance since it's a null address instead of redirecting to your local machine address (Windows DNS resolver still attempts to connect to the site when 127.0.0.1 is used but just instantly blocks the connection when 0.0.0.0 is used so it can make browsing faster when using a HOSTS file; that's one of the tricks I picked up over the years having used a large HOSTS file myself for a long time now (currently over 1 million blocked sites in my HOSTS file)). Link to post Share on other sites More sharing options...
candylovergirl Posted June 12, 2018 Author ID:1249605 Share Posted June 12, 2018 7 hours ago, exile360 said: Yes, you could most likely block it by adding each of the following to your HOSTS file: 127.0.0.1 dhl-news.com127.0.0.1 www.dhl-news.com Alternatively you could use 0.0.0.0 instead of 127.0.0.1 and in theory it might improve performance since it's a null address instead of redirecting to your local machine address (Windows DNS resolver still attempts to connect to the site when 127.0.0.1 is used but just instantly blocks the connection when 0.0.0.0 is used so it can make browsing faster when using a HOSTS file; that's one of the tricks I picked up over the years having used a large HOSTS file myself for a long time now (currently over 1 million blocked sites in my HOSTS file)). Wow your HOSTS File is very large!! ? So I added to my HOSTS File 0.0.0.0 dhl-news.com 0.0.0.0 www.dhl-news.com Is this ok? Thanks Camelia Link to post Share on other sites More sharing options...
exile360 Posted June 12, 2018 ID:1249655 Share Posted June 12, 2018 Yep, perfect Link to post Share on other sites More sharing options...
candylovergirl Posted June 13, 2018 Author ID:1249773 Share Posted June 13, 2018 11 hours ago, exile360 said: Yep, perfect Thanks :) Link to post Share on other sites More sharing options...
candylovergirl Posted June 15, 2018 Author ID:1250373 Share Posted June 15, 2018 (edited) @exile360 Hi, Adding to my HOSTS File, didn't work ? 0.0.0.0 dhl-news.com 0.0.0.0 www.dhl-news.com Also I am sure Ccleaner Free is attempting to connect to some of their sites ? Maybe https://www.ccleaner.com/ Piriform or Avast? Do you know what do I have to add to my HOSTS File to block these possible connections? Oh! if you think I am trying to block these connections because the CCleaner paid version I always avoid PUP software And I never paid for a Cleaner when there is great free software such as PrivaZer or Wise Disk Cleaner ? The version I had installed is the CCleaner - Slim Free version download from https://www.ccleaner.com/ccleaner/builds Finally is there a program that shows all the attempting connections of the software installed or from Windows OS, because EIS 2018 Or AIS 2018 sometimes don't show it, a software like Little Snitch for Mac? (Of course Little Snitch is a firewall but I am asking for a software for Windows)https://www.obdev.at/products/littlesnitch/index.html Thanks Came Edited June 15, 2018 by candylovergirl typo Link to post Share on other sites More sharing options...
David H. Lipman Posted June 15, 2018 ID:1250374 Share Posted June 15, 2018 Don't use 0.0.0.0 use 127.0.0.1 as Samuel provided in Post #7 127.0.0.1 is the IP4 diagnostic responder IP address and points to your PC. 0.0.0.0 means there is NO IP address and is only used in BootP and DHCP to indicate the PC has no IP and needs an IP assignment. Note also the address may be cached in a Browser or in the OS. You have to close the Browser and flush the name resolution cache. ipconfig /flushdns Link to post Share on other sites More sharing options...
candylovergirl Posted June 15, 2018 Author ID:1250376 Share Posted June 15, 2018 3 minutes ago, David H. Lipman said: Don't use 0.0.0.0 use 127.0.0.1 as Samuel provided in Post #7 127.0.0.1 is the IP4 diagnostic responder IP address and points to your PC. 0.0.0.0 means there is NO IP address and is only used in BootP and DHCP to indicate the PC has no IP and needs an IP assignment. Note also the address may be cached in a Browser or in the OS. You have to close the Browser and flush the name resolution cache. ipconfig /flushdns Thanks I will change them to 127.0.0.1 Any help about CCleaner? Thanks Came Link to post Share on other sites More sharing options...
David H. Lipman Posted June 15, 2018 ID:1250396 Share Posted June 15, 2018 1 hour ago, candylovergirl said: Any help about CCleaner? No, sorry. I don't use it. Link to post Share on other sites More sharing options...
digmorcrusher Posted June 15, 2018 ID:1250426 Share Posted June 15, 2018 Candylover girl, some programs you could try to check outbound connections are NoVirusThanks Connection Viewer, just started trying this one out, I really like it, and Currports or AppNetworkCounter, both from NIrsoft. As far as Ccleaner goes, I use the regular free version and it is not phoning home. If you go to Options-Privacy there is a box that says " Allow data usage to be shared with 3rd parties for analytics purposes" unchecking that may stop it from phoning home. However, not sure if that option is included in the Slim version. Link to post Share on other sites More sharing options...
exile360 Posted June 15, 2018 ID:1250447 Share Posted June 15, 2018 TCPView by Microsoft Sysinternals might also be useful as might Wireshark. They should both be capable of showing what sites/IPs each process is connecting to on your system. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now