X
Tap here to go to the mobile version of the site.

Support Forum

Random redirects to unknown IP with fresh OS

Posted

When i try to open new tab in Mozilla i got an avast alarm saying that Mozilla is trying to acess URL:MAL with this IP https://54.200.231.121 . The problem that this is a clean install of OS (got this problem before and than reinstalled win7). And no strange addons included. I disabled mozilla updates and any kind of reports (may be it's them, but still no luck) This problem occurs RANDOMLY, so not the all time i open a new tab this avast error opens. I'll contact avast support too, but there are no problems with Chrome.

When i try to open new tab in Mozilla i got an avast alarm saying that Mozilla is trying to acess URL:MAL with this IP https://54.200.231.121 . The problem that this is a clean install of OS (got this problem before and than reinstalled win7). And no strange addons included. I disabled mozilla updates and any kind of reports (may be it's them, but still no luck) This problem occurs RANDOMLY, so not the all time i open a new tab this avast error opens. I'll contact avast support too, but there are no problems with Chrome.

Chosen solution

Ok, I've finally got a response from avast's support. The answer is "Now this IP is not bloking, update your virus databases and the program using the update button" So this was false positive, and now it's OK.

Read this answer in context 0

Additional System Details

Installed Plug-ins

  • Google Update
  • NVIDIA 3D Vision plugin for Mozilla browsers
  • NVIDIA 3D Vision Streaming plugin for Mozilla browsers
  • Intel web components updater - Installs and updates the Intel web components
  • Intel web components for Intel® Identity Protection Technology

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0

More Information

You 10 solutions 135 answers

Helpful Reply

You're right...no malware add-ons. Tell you what: check your homepage (How to Check Your Homepage) and tell me what it is. Also, when you open up a New Tab, does the normal New Tab page appear, is it a website, is it blank, or is it blank with a cog icon in the top right? Do you get the same alert from Avast when you're doing something other than using Firefox? And what programs are installed on your computer?

You're right...no malware add-ons. Tell you what: check your homepage ([[How to set the home page|How to Check Your Homepage]]) and tell me what it is. Also, when you open up a New Tab, does the normal New Tab page appear, is it a website, is it blank, or is it blank with a cog icon in the top right? Do you get the same alert from Avast when you're doing something other than using Firefox? And what programs are installed on your computer?
FredMcD
  • Top 10 Contributor
4267 solutions 59839 answers

Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.

You can try these free programs to scan for malware, which work with your existing antivirus software:

Microsoft Security Essentials is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.

Further information can be found in the Troubleshoot Firefox issues caused by malware article.

Did this fix your problems? Please report back to us!

Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of. You can try these free programs to scan for malware, which work with your existing antivirus software: * [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner] * [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware] * [http://support.kaspersky.com/viruses/disinfection/5350 Anti-Rootkit Utility - TDSSKiller] * [http://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner AdwCleaner] (for more info, see this [http://www.bleepingcomputer.com/download/adwcleaner/ alternate AdwCleaner download page]) * [http://www.surfright.nl/en/hitmanpro/ Hitman Pro] * [http://www.eset.com/us/online-scanner/ ESET Online Scanner] [http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one. Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article. Did this fix your problems? Please report back to us!

Question owner

I have the default new-Tiles page. You suggest that mozilla connects to some IP, that in this Tiles? I used virustotal to scan this ip - that's what i got - https://www.virustotal.com/ru/url/93e0241f05ec4b666d2b2441d0c3d5cf93f68f05d16f7775fec750a370dde1e0/analysis/1415820773/ And already 3 "bad" opinions.. Never tried with "blank new tab page" The problem with experimenting is that I can't force this error... I don't get the same alert, while using mozilla. This is a clean install. Only drivers and skype. +Telegram. Even no flashplayer, no steam, no games or anything.

I have the default new-Tiles page. You suggest that mozilla connects to some IP, that in this Tiles? I used virustotal to scan this ip - that's what i got - https://www.virustotal.com/ru/url/93e0241f05ec4b666d2b2441d0c3d5cf93f68f05d16f7775fec750a370dde1e0/analysis/1415820773/ And already 3 "bad" opinions.. Never tried with "blank new tab page" The problem with experimenting is that I can't force this error... I don't get the same alert, while using mozilla. This is a clean install. Only drivers and skype. +Telegram. Even no flashplayer, no steam, no games or anything.

Question owner

Well i used MalwareBytes' Anti-Malware Anti-Rootkit Utility - TDSSKiller And nothing found. I think that's not the malware, or it is greatly hidden... And I wrote to avast support as a probable false-alarm/compitability issue

Well i used MalwareBytes' Anti-Malware Anti-Rootkit Utility - TDSSKiller And nothing found. I think that's not the malware, or it is greatly hidden... And I wrote to avast support as a probable false-alarm/compitability issue

Modified by sbdd

You 10 solutions 135 answers

Oh. I was asking about what the new tab page and homepage were like because sometimes malware changes them, and malware may have changed them to a malicious website which Avast kept blocking. And it IS possible that Firefox connects to some I.P. when you use the New Tab page because they have some new Enhanced feature which connects to Firefox servers to gather info about websites. Now, what's your homepage and programs, please?

Oh. I was asking about what the new tab page and homepage were like because sometimes malware changes them, and malware may have changed them to a malicious website which Avast kept blocking. And it IS possible that Firefox connects to some I.P. when you use the New Tab page because they have some new Enhanced feature which connects to Firefox servers to gather info about websites. Now, what's your homepage and programs, please?

Question owner

I got the default mozilla's homepage. Double checked that. You mean to list all installed programs? The blocking is only the avast message, i have no problems with accessing new tab, and it displayed correctly.

I got the default mozilla's homepage. Double checked that. You mean to list all installed programs? The blocking is only the avast message, i have no problems with accessing new tab, and it displayed correctly.
philipp
  • Top 25 Contributor
  • Moderator
5320 solutions 23502 answers

please open the command line prompt by pressing windows-key + R and opening "cmd". in the window that opens, type:

tiles.services.mozilla.com see below

...and see if the resolved IP resembles the one in the warning message that you have received. if so, this is likely a false positive & since it is hosted on amazons cdn it might have been used for other purposes in the past.

please open the command line prompt by pressing windows-key + R and opening "cmd". in the window that opens, type: <s>tiles.services.mozilla.com</s> [https://support.mozilla.org/questions/1030642#answer-652409 see below] ...and see if the resolved IP resembles the one in the warning message that you have received. if so, this is likely a false positive & since it is hosted on amazons cdn it might have been used for other purposes in the past.

Modified by philipp

Question owner

I followed your instructions, but i got nothing, seems this is not a win-command. May this command should be used in some mozilla's console?

I followed your instructions, but i got nothing, seems this is not a win-command. May this command should be used in some mozilla's console?

Modified by sbdd

philipp
  • Top 25 Contributor
  • Moderator
5320 solutions 23502 answers

i'm very sorry, the proper command should have been:

ping tiles.services.mozilla.com
i'm very sorry, the proper command should have been: ping tiles.services.mozilla.com

Question owner

Didn't know about that trick. Kinda cool. That's what i get. Ip adress is different, but it's changing from time to time (different Ip's in screenshot, while ping'in the same adress). May be sometimes this ip can match (when the error will occur) But the first numbers are the same : 54.

p.s Sorry for my English, but i trying my best)

Didn't know about that trick. Kinda cool. That's what i get. Ip adress is different, but it's changing from time to time (different Ip's in screenshot, while ping'in the same adress). May be sometimes this ip can match (when the error will occur) But the first numbers are the same : 54. p.s Sorry for my English, but i trying my best)

Modified by sbdd

philipp
  • Top 25 Contributor
  • Moderator
5320 solutions 23502 answers

Helpful Reply

i now got the exact ip you've referenced, so i think we can be rather sure that this is a false positive generated by your av software. the tiles server is a legitimate part of mozilla and won't serve malicious content.

i now got the exact ip you've referenced, so i think we can be rather sure that this is a false positive generated by your av software. the tiles server is a legitimate part of mozilla and won't serve malicious content.
You 10 solutions 135 answers

Yeah. It's Mozilla servers. (Probably the "Enhanced" New Tab page change.)

Yeah. It's Mozilla servers. (Probably the "Enhanced" New Tab page change.)

Modified by You

You 10 solutions 135 answers

Glad your problem is kind of solved, though! I guess we'll have to report it to Avast!.

Glad your problem is kind of solved, though! I guess we'll have to report it to Avast!.

Modified by You

Question owner

Thanks all for help. I've posted this problem to avast, and as soon as i get a response from them i'll post it here.

Thanks all for help. I've posted this problem to avast, and as soon as i get a response from them i'll post it here.

Chosen Solution

Ok, I've finally got a response from avast's support. The answer is "Now this IP is not bloking, update your virus databases and the program using the update button" So this was false positive, and now it's OK.

Ok, I've finally got a response from avast's support. The answer is "Now this IP is not bloking, update your virus databases and the program using the update button" So this was false positive, and now it's OK.
FredMcD
  • Top 10 Contributor
4267 solutions 59839 answers

This is good to hear.

Please flag your last post as Solved Problem so other will know.

But first; A post was flagged as Solved Problem. Please remove that flag.

This is good to hear. Please flag your last post as '''Solved Problem''' so other will know. But first; A post was flagged as '''Solved Problem.''' Please remove that flag.