No Online Support Available. Says my internet connection is down

Hello Avast,

After purchasing you protection upgrade to remove a DNS hijack, I found out 2 things.

  1. Your software detected the DNS hijack when you wanted me to pay you, but after paying and upgrading, it says there’s nothing wrong.
  2. Your support is offline. On a Tuesday afternoon in the Eastern US.

I know i have a DNS on this computer because other computers on my network can get to the website I’d really like to get to (so I can do my job) and if I use the IP address found through an NSLOOKUP it comes back as a european pharmacy.

185.94.192.216 is the ip address… you can check for yourself.

I get this when I try to get to sprout.letsplantseeds.com which works from my phone while I’m connected to WIFI.

Please help me so this or tell me how to get my money back.

Please help me so this or tell me how to get my money back.
There is free malware removal help here in the forum, you should have tried that first

If you want help, read and follow instructions here https://forum.avast.com/index.php?topic=194892.0

if you want refund https://support.avast.com/en-ww/article/Order-Renew-Refund-FAQ

I get this when I try to get to [b]sprout.letsplantseeds.com[/b] which works from my phone while I'm connected to WIFI.
Problem may be the website?

This website does not load here on my computer and i get redirected to easyapotheke.de wich also does not load

see attached screenshot

See here: https://urlscan.io/result/199f0c7b-4997-4272-b367-7c3d419de97b

See: https://urlscan.io/result/199f0c7b-4997-4272-b367-7c3d419de97b/content/

See supertool outcome: https://mxtoolbox.com/SuperTool.aspx?action=mx%3A ip-92-222-83.eu&run=toolpage#

The redirect is intentional: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=c3B9XXV0Lmx7dHNwbHxudHN7eyNzLl5dbQ%3D%3D~enc
Redirect takes us here: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Lnt8c3l8cF10aHtrey4jew%3D%3D~enc
https://censys.io/ipv4/54.37.201.0https://censys.io/ipv4/54.37.201.0/raw#http

Indicators of compromise (IoCs) This is a term in the security industry to describe indicators around an attack. This includes IPs, hashes, domains, etc.

-sprout.letsplantseeds.com
-www.easyapotheke.de

-185.94.192.216
-54.37.201.0

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Also consider the findings here: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fwww.easyapotheke.de+
see: https://www.virustotal.com/gui/ip-address/54.37.201.0/relations

Also see: DOM-XSS issue results from scanning URL: -https://js.kctag.net/kias-easyapotheke.js
Number of sources found: 19
Number of sinks found: 15

See: Results from scanning URL: -http://sprout.letsplantseeds.com
Number of sources found: 14
Number of sinks found: 279

Opening up to: -https://js.kctag.net/kias-easyapotheke.js
Number of sources found: 33
Number of sinks found: 8
&
-https://js.kctag.net/kias-easyapotheke.js
Number of sources found: 19
Number of sinks found: 15
&
-https://js.kctag.net/kias-easyapotheke.js
Number of sources found: 14
Number of sinks found: 279
&
Results from scanning URL: -https://js.kctag.net/kias-easyapotheke.js
Number of sources found: 14
Number of sinks found: 279

That is all we know,

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

In this thread I give this just as I stumbled upon this,

More info from an older cloud dump file, just one report given:
https://intelx.io/?s=https://www.easyapotheke.de
"dehashed info via Расшифровка DFB.de"as they say there.
Also consider: https://intelx.io/?s=kctag.net (with tags like tucows, advertising, onion.hosts)

So that redirect may not be completely “kasher”,
to put it mildly.

polonus

Follow the advice already offered.
https://forum.avast.com/index.php?topic=229725.msg1521130#msg1521130