ESET NOD32 detecting weird URL

The Kuzin

Member
Joined
Mar 31, 2015
Messages
18
Reaction score
7
Location
Cape Town
Hi Everyone,

First thought this was a false positive, but Avast and NOD32 detecting the URL below. Scans of both products dont seem to clean it and its driving me crazy. Started 2 or 3 days ago and no, no funny sites visited or any strange software run. Detections and pop ups are every few seconds. Trying to Google the exact URL brings up nothing either. The one article did point to Powershell (which is running in the task manager, as well as Cloudflare which seems to have something to do with it as well if I past the IP into a browser. Any help welcome please.

1652901413305.png

:\Users\Benzing>tracert 104.21.56.214

Tracing route to 104.21.56.214 over a maximum of 30 hops

1 2 ms 2 ms 5 ms home [192.168.1.1]
2 7 ms 5 ms 15 ms core01.cpt.ftth.web.africa [102.65.57.1]
3 3 ms 3 ms 3 ms 160.119.142.9
4 252 ms 3 ms 3 ms 100.66.57.44
5 11 ms 3 ms 3 ms port-channel11-100.tercpt-igw2.net.echosp.link [102.67.178.7]
6 21 ms 4 ms 3 ms cloudflare.ixp.capetown [196.60.70.198]
7 4 ms 3 ms 3 ms 104.21.56.214

Trace complete.

C:\Users\Benzing>nslookup 104.21.56.214
Server: home
Address: 192.168.1.1

*** home can't find 104.21.56.214: Non-existent domain

C:\Users\Benzing>ping 104.21.56.214

Pinging 104.21.56.214 with 32 bytes of data:
Reply from 104.21.56.214: bytes=32 time=4ms TTL=58
Reply from 104.21.56.214: bytes=32 time=4ms TTL=58
Reply from 104.21.56.214: bytes=32 time=15ms TTL=58
Reply from 104.21.56.214: bytes=32 time=4ms TTL=58

Ping statistics for 104.21.56.214:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 15ms, Average = 6ms
 
This thread seems to cover it and also links to an additional one


 
Thanks .. I saw this earlier but quite a bit of a read :) but does not remove the issue. It did say it detected some powershell issue, and it was removed, but thats not the case, its still ongoing :-(
 
Thanks .. I saw this earlier but quite a bit of a read :) but does not remove the issue. It did say it detected some powershell issue, and it was removed, but thats not the case, its still ongoing :-(
Did you read the whole thing, and the second thread linked?

Are you using VMWare?
 
Sophos says its associated with malware and spyware.
Its on Akamai's blocklist as well, so if you're connecting through any of their distribution networks it be blocked.

Not much shows up on general threat intelligence sites other than its potentially malicious but without any specific reasons. The Cloudflare is because they are using CF's DNS.
 
Top
Sign up to the MyBroadband newsletter
X