Why does Firefox try to access SEVERAL unknown IP addresses on startup, though configured to dump ALL history on shut down and start with a blank page?
WHOIS on 72.21.(203.148, 214.199, 214.159, and 211.170), 74.125.255.(100, 101, and 142), 199.7.(54.72, 59.72, and 51.72), 207.171.163.(141 and 131), and others I've seen come up with no owner registered, making them suspicious, yet Firefox, (version 12.0.0 and 13.0.1) tries to open connections with them on startup. The more I block with firewall rules, the bigger the list grows. Since blocking these addresses I can not access Google or Youtube.
All Replies (7)
Do either of these articles help in tracking it down?
How to stop Firefox from making automatic connections
Connections established on startup - Firefox - MozillaZine Knowledge Base
Also, try starting Firefox with add-ons disabled, using its Use Troubleshoot Mode in Firefox. Simply hold the shift key when starting Firefox, and click Continue in Safe Mode in the dialog (don't check any boxes). Do you get fewer or different connections?
You might also want to run some supplemental security scans. These two tools are highly regarded:
Malwarebytes Anti-malware : http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware : http://www.superantispyware.com/
Turning off everything did not help. I now have all add-ons disabled, and, when I remove the firewall rule, the outbound connections jump right in. Starting Firefox in "safe mode" was a wonderful suggestion, and the connections do not appear just from starting Firefox. I didn't continue to use Firefox in that mode, though. I now know where a few of these unsolicited connections go to, and I am dumbfounded. The 72.21.X.X address range, along with the 207.171.163.X range, and 205.251.242.132 is Amazon.com. I was amazed that Verisign is listening through the 199.7.X.72 ranges. The 74.125.225.X range is Google, (and probably why my firewall rule also blocks YouTube). However, my firewall rules are extreme, as they block out huge subnets using X.X.0.1/16 , and most certainly blocking more than I need to for this issue. The only thing I can figure is the "Live Bookmarks" thing. The links in your sage suggestion says to delete all Live Bookmarks. I just don't know what bookmarks are "Live Bookmarks", and I don't want to delete all my bookmarks. Us humans make bookmarks for a reason ... we can't remember everything. The thing is, I have NO bookmarks to Amazon.com ... the most prevalent offender. I do have a bookmark to Google, and one for YouTube, but they do nothing while my firewall rule is in place. Any suggestions on how too tell which of the bookmarks are "live" would be helpful. Today Firefox came up with a new offender ... 184.85(.84.43 and .95.139) which are for AKAMAI Technologies ... a company I was already suspicious of, and had a firewall rule from years ago to block them from using port 4122 from any address. They seem to be associated with KPN Internet Solutions, which is equally lacking in company information. All I can tell is they might be an ISP in Holland. As for the IP information above, I found that it seems InterNIC and IANA are somewhat lacking in information, as they could not provide any of the above info, though IP-Adress.com had the goods on these guys. MalwareBytes only found three downloaded files that have been unused on my computer for years, and allowing it to quarantine them and delete them did not solve anything. MalwareBytes also pointed out that I have modified my registry so the Windows Security Center does not nag me for using a "third party" firewall instead of theirs. Nothing having to do with the issue. The issue continues.
A "Live" bookmark is an RSS feed. I don't know whether the screen shot in this article is current or obsolete, but they generally should have an RSS icon rather than the usual favicon: Live Bookmarks - Subscribe to a web page for news and updates. You might not have any live bookmarks.
Why not try disabling all your add-ons and then selectively reenabling the most critical ones? This may streamline the process of tracking down the source of the connections.
To disable all add-ons in one step, you can return to the Safe Mode dialog, check the box to disable add-ons, and then click the Restart button. Alternately, you can disable them more selectively here:
orange Firefox button or classic Tools menu > Add-ons
Check at least the Extensions and Plugins categories.
By the way, Akamai offers high traffic websites a network of distribution servers spread around the world designed to speed access to static content. In other words, any content that isn't constantly updated can be stored closer to end-users, and the main site only has to serve the dynamic content. In itself, it's not suspicious to use the Akamai network, but that's not to say that junky sites don't use it.
One other thought: you could try Firefox 13's Reset feature. This copies certain key settings such as bookmarks to a fresh settings folder, effectively removing most of your add-ons from your Firefox setup. You can revert back to your earlier settings after trying the Reset if you prefer. See Refresh Firefox - reset add-ons and settings.
live bookmarks were changed to only load on demand in firefox 13, so if the same problem's occurring in version 12 as well as 13, they probably won't be the issue here...