About a 10 days ago my malwarebytes anti-malware program popped with a message that said, “Successfully blocked access to a potentially malicious website. IP Address: 18.104.22.168 Type: Outgoing”. At first I thought, great, the program is paying for itself and doing its job. But then the message popped up again and again and again. It seemed like every time I opened up a new tab or window or went to a new website, the message would appear.
So I did a few basic things like ignore it, restart my computer, runs a system scan, but nothing seemed to work. That is when I did a little more digging. I typed the IP Address into my phone web browser (I didn’t care if my phone crashed) and I saw a little counter in the top left corner of the page that told how many active connections it had, how many connections it was reading, writing and waiting. I refreshed it a couple of times and it was connecting to about 700 sites every time I refreshed the page. This seemed a little fishy to me.
I then did a Google search for the IP address and found a lot of different results. One said the IP Address was from another country but the one that caught my eye was the image below….
The IP Address belonged to SemRush! Could they have been hacked? I have the SeoQuake toolbar installed on my computer. I immediately removed the extension add-on from my Firefox browser thinking that would do the trick but after I restarted Firefox, I was getting the same popup as before. So I figured I would just ignore it and then the weekend came and I forgot about it.
So now it’s early Monday morning and the SeoQuake is still inactive and I am getting the popup still. I did one more Google search for the IP Address and found that someone made a forum post on the MalwareBytes website explaining that he was getting the same results as I. He has a different seo toolbar installed and he was getting the same malwarebytes message. http://forums.malwarebytes.org/index.php?showtopic=126793
He uninstalled it and it stopped for him. You can read the forum post by clicking the link above. So, I had a problem. I was still getting the message. I have SeoBook Toolbar installed. So I disabled it and restarted Firefox and so far I have not gotten the popup from Malwarebytes.
Could it be that SemRush SeoQuake and the SeoBook Toolbar have been hacked? I don’t know but something is not right. A lot of seo tool bars pull data from SEMRUSH.com so it would make sense that many seo toolbars would cause this problem. Now I have no seo toolbar installed. I am bummed. Maybe someone else has had this issue and fixed it. Please let me know below. Thanks.