tommytn Posted October 28, 2021 ID:1486004 Share Posted October 28, 2021 (edited) With no new software installed, 2 days ago, nearly every new tab opened in Firefox starts a "Website blocked due to riskware" notice. This one bothered me the most, so I monitored it with System Explorer, tab: Connections, and put garzku5t.de in FireFox. The connection was attempted to static.119.138.216.95.clients.your-server.de (see 01-static.119.138.216.95.clients.your-server.de.jpg) Looking up the IP address showed CHINA (See 01-119.138.216.95 IP Location and Whois.pdf) The other Domains and IP Addresses listed on the BLOCKED notices vary. They are: garzku5t.de 2606:4700:3036::ac43:d719 The IP number is in United States. It is hosted by Cloudflare, Inc.. We investigated five host names that point to 2606:4700:3036::ac43:d719. Example: garzku5t.de, amsigroup.net, vstboi.com and cacaodrinkrecipes.com. -Website Data-Category: RiskWare Domain: garzku5t.de IP Address: 104.21.78.23 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe -Website Data- Category: Trojan Domain: ru.ntunhs.net IP Address: 172.67.130.113 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe -Website Data- Category: Trojan Domain: ru.ntunhs.net IP Address: 2606:4700:3035::6815:876 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe -Website Data- Category: RiskWare Domain: garzku5t.de IP Address: 2606:4700:3036::ac43:d719 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe 172.67.215.25 CloudFlareNet, San Francisco, CA mbst-grab-results.zip Edited October 28, 2021 by AdvancedSetup disabled live hyperlink Link to post Share on other sites More sharing options...
tommytn Posted October 28, 2021 Author ID:1486005 Share Posted October 28, 2021 01-119.138.216.95 IP Location and Whois.pdf 104.21.78.23 IP Location and Whois.pdf 20211027-104.21.78.23.txt 20211027-104.67.215.25.txt 20211027-172.67.130.133.txt 20211027-2606.4700.3032..6815.4e17.txt 20211027-2606.4700.3035..6815.876.txt 20211027-2606.4700.3036..ac43.d719.txt 20211128-95.216.138.119.txt MalwarebytesRiskware.pdf Link to post Share on other sites More sharing options...
Solution tommytn Posted October 29, 2021 Author Solution ID:1486132 Share Posted October 29, 2021 Well, AdCleaner, Emisoft, SuperAntispywhere, and all it found were cookies...but after cleaning these & rebooting, the connection to ip addresses is ok now. Also, I reset my DNS cache and I think that's where the problem was. Something got me redirected to sites that were not OK with Malwarebytes. Thank you, Malwarebyes - you may have saved me from some monster headaches. Please close this case. Link to post Share on other sites More sharing options...
kevinf80 Posted October 29, 2021 ID:1486160 Share Posted October 29, 2021 Since this issue is resolved the topic will now be closed to prevent others from posting here. If you need assistance please start your own new topic and someone will be happy to assist you. Thanks Link to post Share on other sites More sharing options...
Recommended Posts