Google Chrome automatically connecting to some site on URL Blacklist

Hi,

Been facing this prompt for a few days now

https://imgur.com/5q6yNXr

Google Chrome is randomly trying to connect to this dodgy looking url in the background. Avast Webshield is blocking it.

Been trying to get Chrome to stop this but to no success.

Had already used the antivirus to scan the computer but this still persists.

Anyone has any advice or know what site Chrome is trying to connect in the background? Any help is appreciate to stop this.

Thanks.

Attach your basic diagnostic logs. (MBAM and FRST)
Instructions: https://forum.avast.com/index.php?topic=194892

Adware of sorts on that address, but not being flagged here: https://urlquery.net/report/8fae17a1-841d-4b12-83d1-0801d6dc6b59
nor here: https://www.virustotal.com/gui/url/957a491afb29c796b65fbf2a744b2517189a3b30dbc13eb8863e10010c6534ab/detection

So probably a PUP detection.

But detections in relation to that IP address flagged: https://www.virustotal.com/gui/ip-address/151.101.44.193/relations
and then flagged by CLEAN-MX as being malicious.

So good it was stopped in it’s tracks for you,

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

@Polonus … you are scanning the site where he uploaded screenshot ::slight_smile:

-hxxp://tonstiparro.info/
https://www.virustotal.com/gui/url/38edb7f6c6da0a70c1442343aa22e98b1782fc8693707948e6fe18d3ff0297f8/detection

https://urlquery.net/report/402570af-023c-4ec3-ae94-9fe3384f6853

OK, slip of the link. -home.tonstiparro.info does not resolve…
DNS_PROBE_FINISHED_NXDOMAIN → https://toolbar.netcraft.com/site_report?url=home.tonstiparro.info
https://toolbar.netcraft.com/site_report?url= tonstiparro.info
Re: https://www.virustotal.com/gui/ip-address/104.18.44.58/relations
3 engines detect: https://www.virustotal.com/gui/url/38edb7f6c6da0a70c1442343aa22e98b1782fc8693707948e6fe18d3ff0297f8/detection

polonus