Firefox connects to IP address of a website automatically on starting
Not talking about connecting to Amazon cloud and the like, it connects to a website that threw a pop-under once. Not in favorites and FF is set to start to a blank page.
Added the site to my HOSTS file to redirect to localhost, still loads but of course sending a few bytes back and forth to mypc.mydomain.local
Attached is image of what happened before modifying the HOSTS file
This is odd behaviour. Not happening with any other FF used by others in the office.
Let me add, that sporadically it also establish a connection that can't be blocked via HOSTS file as it's an IP address connection that resolves to verisondigitalmedia.com - and we're in Europe, not USA so what the...is Verizon doing showing up?
Note also, no extensions or add-ins other then UBlock Origin. Machine runs Avast and also scanned with Malwarebytes for sanity-check. All clean.
This is odd, yes?
VR
PS - Was unable to upload an image showing the connection. It automatically connects to clicktripz.com
All Replies (13)
https://support.mozilla.org/en-US/kb/how-to-set-the-home-page
Type about:config<enter> in the address bar. If a warning screen comes up, press the I Accept the Risk button. At the top of the screen is a search bar. Type browser.startup.homepage
What is the value? Right-click and select Reset to restore its default value; about:home
Not the issue - homepage is set to about:home.
You can bump this up from 'consumer' level advise. Have tech company, been in IT since the 90s (yes, really).
Thanks VR
It sounds like those sites uses or are connected to the advertiser and link with their site. So doesn't look like you can remove that otherwise you need to talk to Verizon and Amazon about that issue. FF doesn't control what Verizon and Amazon and their associate sites do when you visit their site.
Wow, did you read this? I did not visit Verizon at all, the other was a pop-under months ago.
These IPs are contacted the moment you launch FF with NO websites loaded or displayed. Nothing. Just start it to the blank home page and these connections are started by FF.
Something is triggering FF to connect to websites that are not bookmarked or opened. I know, sounds impossible but there it is.
If there's a security forum or something else that doesn't treat us like idoits as your last response, do let me know.
https://support.mozilla.org/kb/how-stop-firefox-making-automatic-connections
What are the IP addresses? Have you tested in a fresh profile?
Hi Tyler,
Tried a fresh profile - no changes to it. Ran it and got similar results (see attached fresh-profile.PNG.
To be clear, I understand the Amazon stuff is your CDN for whatever - Sync, telemetry, updates, etc.
Checked launching Chrome to "prove" to myself at least this isn't some systemic issue. Chrome, clean.
So points to something FF is doing that's initiating connections to sites never visited (verisondigitalmedia.com), sites that launched as a pop-under (and since blocked via UBlock Origin).
And again, machines where this happens (fresh profile was on another PC that has no software installed on it from OOB except AV - and different AV as mine (we have heterogeneous AV setup - if only one and it misses something that spreads, another may catch it.)
No other app that connects to the internet (checks many using both MS Resource Monitor, and a NirSoft tool that's more customizable) - same results.
Very odd and concerning. This is in a corporate use environment and so not some tinfoil hat black helicopter paranoid user.
Thanks
You may have ad/mal-ware. Further information can be found in this article; https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no
Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.
No the case. Again, do you read this? We use multiple malware products - no two PCs the same. So if one missises something the chances are better than zero that another would. Plus ALL are checked via stand-alone scanners like Malwarebytes or EMISOFT Emergency Toolkit. We are 100% on constant check, double-check.
It can't be malware when Chrome doesn't do it, and no other program that dials home does it. Just FF.
So perhaps as I've said, this needs a bump up from "consumer" support to security,
ONLY FF has this problem - and on multiple PCs with totally dissimilar usage scenarios and users.
For now I have to accept that this is your "solution" or best advice. Hopefully someone will Google this and say "Me too."
Tech needs a #MeToo about how they shirk responsibility for the lack of ability to support the vast markets/users they pursue.
That means "we want numbers, not quality or security."
Same canned answers that do not apply here. These have been addressed.
Seriously, this is becoming like Microsoft support where whatever the issue the answer is sfc /scannow
No. NOTHING in that addresses it and was already sent there.
This is FF problem. There is definitely some hole somewhere that's being exploited.
Hate Chrome, Google - use FF as company policy. This may change that.
Even assuming some DNS pollution here somehow somewhere - vague by design, the fact that ONLY Firefox is affected makes it a Mozilla problem.
So, does that not merit more than "consumer clueless" help advice?
There's a hole - and FF is it whatever else is the case.
If it comes from Firefox then it should be covered in the article. Otherwise external software is responsible, but if it happens on multiple setups then there should be a common factor, either software or something else in the connection that acts as a man-in-the-middle.
Do a malware check with several malware scanning programs on the Windows computer.
Please scan with all programs because each program detects different malware. All these programs have free versions.
Make sure you update each program to get the latest version of their databases before doing a scan.
- Malwarebytes' Anti-Malware:
http://www.malwarebytes.org/mbam.php - AdwCleaner:
http://www.bleepingcomputer.com/download/adwcleaner/
http://www.softpedia.com/get/Antivirus/Removal-Tools/AdwCleaner.shtml - SuperAntispyware:
http://www.superantispyware.com/ - Microsoft Safety Scanner:
https://www.microsoft.com/security/scanner/en-us/default.aspx - Windows Defender:
https://windows.microsoft.com/en-us/windows/using-defender - Spybot Search & Destroy:
http://www.safer-networking.org/en/index.html - Kasperky Free Security Scan:
https://www.kaspersky.com/security-scan
You can also do a check for a rootkit infection with TDSSKiller.
- Anti-rootkit utility TDSSKiller:
https://support.kaspersky.com/viruses/disinfection/5350
https://support.kaspersky.com/viruses/utility
See also:
- "Spyware on Windows": http://kb.mozillazine.org/Popups_not_blocked
Closing this issue.
Every answer is aimed at grandma that has never used a PC. Read the opening question and see we're not. Read the rest and know we're not. Answers are dumb-consumer level answers, which by the way insult the average consumer of FF.
We've been a 100% FF company for years because we trust you more than we'd trust Chrome with our kids.
This is so pathetically poor that guess we'll have to go Chrome since that issue don't happen when using Chrome in the same PCs - so as stated: is a FF problem.
With about 5% market share, you might want to do better.
Chrome sucks, and Google IS evil. But they seem to be more secure, albeit as sharing our lives for their evil AI domination of the planet.
Ooops, sounds tin-hat conspiracy crazy. No. It's not. That's their whole business model.
What is YOUR business model? None.
That's what was good.
But when there's no way to say (scream) "You've got some serious problem that allows connections not requested by the user, that's bad." and there's no "Wow" moment but assumption that grandma has an toolbar, or little-Timmy has surfed poorly, or that you have no good AV...
Pathetic.
Google is evil. Chrome renders pages like s*it. Has NO support.
But at least it doesn't load a bunch of connections that are unrelated to THEM.
Any chance one of you volunteers might think "Huh, maybe there's something here that Dev/security should check out?
Because one more grandma explanation of how to use antivirus or clear cache of whatever...
Have you posted your about:support data for one of the machines here?