Jump to content

Multiple "Website blocked due to riskware" notices


Go to solution Solved by tommytn,

Recommended Posts

With no new software installed, 2 days ago, nearly every new tab opened in Firefox starts a "Website blocked due to riskware" notice.

This one bothered me the most, so I monitored it with System Explorer, tab: Connections, and put

garzku5t.de

in FireFox.

The connection was attempted to static.119.138.216.95.clients.your-server.de (see 01-static.119.138.216.95.clients.your-server.de.jpg)

Looking up the IP address showed CHINA (See 01-119.138.216.95 IP Location and Whois.pdf)

The other Domains and IP Addresses listed on the BLOCKED notices vary.  They are:

garzku5t.de 2606:4700:3036::ac43:d719

The IP number is in United States. It is hosted by Cloudflare, Inc..

We investigated five host names that point to 2606:4700:3036::ac43:d719. Example: garzku5t.de, amsigroup.net, vstboi.com and cacaodrinkrecipes.com.

-Website Data-Category: RiskWare
Domain: garzku5t.de
IP Address: 104.21.78.23
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

-Website Data-
Category: Trojan
Domain: ru.ntunhs.net
IP Address: 172.67.130.113
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

-Website Data-
Category: Trojan
Domain: ru.ntunhs.net
IP Address: 2606:4700:3035::6815:876
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

-Website Data-
Category: RiskWare
Domain: garzku5t.de
IP Address: 2606:4700:3036::ac43:d719
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

172.67.215.25 CloudFlareNet, San Francisco, CA

mbst-grab-results.zip

Edited by AdvancedSetup
disabled live hyperlink
Link to post
Share on other sites

  • Solution

Well, AdCleaner, Emisoft, SuperAntispywhere, and all it found were cookies...but

after cleaning these & rebooting, the connection to ip addresses is ok now.

Also, I reset my DNS cache and I think that's where the problem was.  Something got me redirected to sites that were not OK with Malwarebytes.  Thank you, Malwarebyes - you may have saved me from some monster headaches.

 

Please close this case.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.