# Malware Suspicious Site



## flydonna (Nov 20, 2007)

I keep getting pops from MalwareBytes that they have blocked a malicious site. The weird thing is - it's OUTBOUND!! I have no idea why this is happening or how to stop it. The pop up window says the site is "stats.traffiliate.com" - IP 54.235.200.161 - and a port number that keeps changing. Today the first port was 61276, then it was 61681, then 61866 - then I stopped recording the port. It also shows what program is trying to do this, but I can't get the whole path - this is all I can see: 

C:/Program Files (X86)/Goo....ome/Application/Chrome.exe 

So I'm sure it's something with Chrome, but how do I stop it. I'm happy it's blocking malicious stuff, but this is starting to drive me crazy. I've never had anything like this before. It's only been happening the last 10-12 days. I've run all the clean up programs I can have including, Ccleaner, Disk Cleanup, TFC, and defragged, but nothing has stopped it. 

I think there have been times when it showed other sites it was blocking, but this one is the most consistent and I figure if I can learn how to stop it, I can get rid of any others that might pop up. 

As always - thanks for all your help.


----------



## Canceled 01/11/16 (Oct 17, 2015)

Hi, I am not a techie, but seeing that no one has offered any solutions yet, how about uninstalling chrome and malwareBytes, restart and install both fresh? (uninstall and delete all files...you know what I mean) (^__^) See if that helps. I am sure I would be worried as well if it happened to me.


----------



## flydonna (Nov 20, 2007)

Thanks for the idea, but I'll wait a little bit longer and see if I get any other responses. I HATE uninstalling and reinstalling things because I believe the system needs to be cleaned up and defragged in between and I don't have that much time today. But - thanks!!


----------



## Canceled 01/11/16 (Oct 17, 2015)

no worries. C: and good luck!


----------



## MPR (Aug 28, 2010)

stats.traffiliate.com, 54.235.200.161 is Amazon Web Services.

https://db-ip.com/54.235.200.161


----------



## spelingchampeon (Dec 29, 2011)

I've been getting the same thing for the last 24 hours, and it would pop up about every 5 minutes. The only difference in my notification was that it's Firefox, and not Chrome. 

I went to my programs/apps list and opened the Amazon MP3 Downloader program -> Preferences, and unchecked "Automatically check for program updates".

That was 3 hours ago, and I haven't seen it since. I'll post back, if anything changes.


----------



## flydonna (Nov 20, 2007)

I didn't have anything listed for Amazon in the apps list. I did remove a bookmark my husband had and will do a search through the registry to see if anything "Amazon" pops ups. Thanks.


----------



## MPR (Aug 28, 2010)

Don't know if this helps but Amazon web Services (a business unit of amazon.com) provides cloud computing and data storage services. It is a pay service with a 12-month trial period.

https://aws.amazon.com/

Check to see if someone in your household signed up for an account. The task manager should show if something amazon-related is running. Disabling the task and clearing cookies might solve the problem. If not, you might consider posting in the anti-malware section and having the analysts look at your system.

Also, legitimate sites may be flagged by some anti-virus programs as malware distributors if they were once infected.

This has happened before to an AWS customer: https://forums.aws.amazon.com/thread.jspa?messageID=351770


----------



## sunnysky50m (Mar 31, 2008)

Some malware sites say it is safe and MalwareBytes admin has indicated it is not a false positive and it was blocked by loopback.

3rd party ad aggregators often give permissions for collecting cookie info. IN ANY CASE it is a nuicance.

For some people they dont want to know about this, unless something on the page doesn't work as expected.

I prefer to block these embedded link fetches from ads in browsers to 3rd party domains using this.
https://chrome.google.com/webstore/detail/ublock-origin/cjpalhdlnbpafiamejdnhcphjbkeiagm?hl=en rather than use any protection like MalwareBytes.

This tool is like a firewall for webcontent.... and requires your attention to allow more than the the basic content from that domain. THese days ads are managed by aggregators from 3rd party domains and statistic tracking domains. Get used to this or ignore it or disable it.

Then I disable from toolbar, if I choose to trust part of page, page only or entire domain if any significant features dont work as expected. (eg play a video)


----------



## niknettech (Oct 23, 2015)

If malwarebytes is reporting the problem coming from chrome.exe, there could be a problem with an extension. Try going into settings, then extensions and disable anything from amazon and others if you want. Give it a test run. If this solves the problem, make sure to leave it disabled as opposed to removing it. If it's removed it could potentially be re-installed. If it's disabled it will stay disabled. If that does not work, then check your programs and features under control panel. Just above the list of software, click on publisher to sort by publisher. Remove software made by amazon, then try again.


----------

