URL:Botnet Connection after new installation

Hey all,

today i have reinstalled my computer with Windows 10 20h2 (October 2020).
After I used the Microsoft Edge Browser the first time, i received an Avast report due to a connection to [URL]Botnet: http://x.ss2.us/x.cer
In this moment only the operating system (incl. actual updates), and the Avast Software (Offline Installer) was installed.
Now i am really insecure about what happened exactly.
But I cannot believe, that this report is really a virus (or similar).

The Windows 10 System was downloaded directly from a Microsoft host and also the AV-Software directly from Avast.

Has somebody more information or similar experiences with a such report ??

Same here. Freshly installed win 10 and the first site i visited (official playstation site) it gave that warning. Reinstalled and gave me the same warning. I use google chrome with ad block plugin. It is really weird.

Okay, that’s curiously, but it is good when i am not the only one who has this problem. :-\

Have you activated the Advertising-ID during the Windows 10 installation process??
I found out, that the server belong to Amazon.
It is possible, that this caused the problem and the report is only a false positive.

Which version of Windows you have installed (20H2 from October 2020)??
Have you reinstalled the whole system again or only Avast??

Hi svnupa,

This is an ongoing discussion, since there have been threat detections since Windows 7 for this.
Re: https://any.run/report/2285a4ffac377f1b447c2ddb0cab9ec2015b219f1925d288aa99d4ad95177390/52c2f87d-28bf-46a7-82c4-ecebc6cbc4c1
& https://otx.alienvault.com/indicator/hostname/x.ss2.us

Sophos has closed that discussion. Wait for a final verdict from avast team, as they are responsible for such threat detections.
Anyway when an issue, it all comes down at abuse at GoDaddy’s.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

I have an older version of win 10, don’t remember which version but it’s an official win 10 dvd. I have formatted the hdd and installed the whole system. My guess is too a false positive, but without visiting amazon site and giving me this warning is a mystery to me. Anyway i’ll wait for the verdict.

I’ve been getting this all the time for the past few days and it’s becoming a real PITA. Smart Scan shows nothing and, even worse, there’s no option to ignore the message.

One alert for a trojan by MBAM for -x dot ss2 dot us/x dot cer. URLHaus defines that bot detection as “emotet”.
Also mentioned here: https://www.threatminer.org/host.php?q=99.84.185.224 and 13.249.138.77 ;
Re: https://www.virustotal.com/gui/url/7e3589d047e6030af0bc23eafee1439d4437f9416743a1f85bec9072897c1274/details
Not sure about the current status of that address, but there has been abuse in the past,
Re: https://otx.alienvault.com/indicator/ip/13.249.138.77

1. A title was not found. Add a title that accurately describes the webpage. 2. A description was not found. Add a description that accurately describes the webpage. The recommended length is between 70 and 160 characters. 3. A viewport was not detected. A viewport instructs the browser to properly scale pages being viewed through a mobile device. 4. A robots meta tag was not detected. The robots meta tag instructs search engines what pages to index.

polonus