Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Malwarebytes reports Firefox.exe as a trojan attempting to contact a separately reported bad IP address

  • 11 ŋuɖoɖowo
  • 3 masɔmasɔ sia le wosi
  • 10 views
  • Nuɖoɖo mlɔetɔ the-edmeister

more options

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address

167.71.99.170 (https://urlhaus.abuse.ch/url/348428/),

which apparently might be bad?

Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at

Thanks to any and all who might be able to help!

-Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json

-Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium

-System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System

-Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0

-Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe


(end)

Malwarebytes interrupted with a pop-up alert saying Firefox was trying to connect to IP address 167.71.99.170 (https://urlhaus.abuse.ch/url/348428/), which apparently might be bad? Interestingly, the above urlhaus link initially reported the hit on the IP address per a Pascal Geenens (@geenensp on twitter) who writes for a security blog at Thanks to any and all who might be able to help! -Log Details- Protection Event Date: 6/4/20 Protection Event Time: 4:18 PM Log File: 920f76a0-a6a0-11ea-9633-00ffc7e81200.json -Software Information- Version: 4.1.0.56 Components Version: 1.0.920 Update Package Version: 1.0.25022 License: Premium -System Information- OS: Windows 10 (Build 18362.836) CPU: x64 File System: NTFS User: System -Blocked Website Details- Malicious Website: 1 , C:\Program Files (x86)\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: IP Address: 167.71.99.170 Port: 443 Type: Outbound File: C:\Program Files (x86)\Mozilla Firefox\firefox.exe (end)

All Replies (11)

more options

Please ignore   wimhelp201's   post and don't call that number   -   it's a scam !

more options

Thanks! I hadn't planned on it :) I reported the wimhelp201 account.

more options

wimphelp201 is a scammer. Please do not call the number. I've deactivated their account.

more options

Thanks Andrew.

What about firefox and sketchy IP's ? :)

more options

First, let's check your system.

You may have ad/mal-ware. Further information can be found in this article;
https://support.mozilla.org/en-US/kb/troubleshoot-firefox-issues-caused-malware?cache=no

Run most or all of the listed malware scanners. Each works differently. If one program misses something, another may pick it up.

more options

Hi FredMcD Ran both Malwarebytes and Microsoft Security with no results (full scan of all files including rootkit search). No add ons or extensions install.

Is there some way to dig into what firefox was doing at the time the request was made to the IP?

more options

Not that I know of. I called for more help.

more options

Awesome. Thank you.

more options

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

more options

pcendeavorsny, Your screenshot did not shoe FirefoxPC installer.
At any rate, quarantine everything listed and let us know what happens.

more options

pcendeavorsny said

Malwarbytes detects FirefoxPC installer file as malware. Please advise. see attached.

Those 6 PUPOptio...|Conduit lines aren't part of Firefox. Could be related to an Add-on for Firefox, as Conduit has been known for many years as a "bad player" with their Firefox Add-ons. But AFAIK they have been banned from the Mozilla / Firefox Add-ons website, so they may have been installed from some other website; but even that would surprise me, as far as even being "digitally signed" to be allowed to install in Firefox.

Beyond that, it would be nice to see the full "Location" of the Registry Keys and Values. Like maybe a screenshot of the Save Results ... contents or the text of same. Hard to provide advice with the posted screenshot information.