Threat blocked, how to find out what program or browser is trying to access web

[polonus]

L.S.,

One of the oldest tricks in the book, DNS manipulation and therefore abuse is blacklisted:
https://github.com/NethServer/dns-community-blacklist/blob/master/adguarddns.dns
and failed to load the resource, getting a 403 from cloudflarenet.us ->https://urlscan.io/ip/2606:4700:3034::6815:2feb

Address only resolves from Jacksonville, USA, as 104.21.47.235 and 172.67.174.123 and servers from Berlin, Madrid in Spain, Stockholm Sweden, Copenhagen, Kuala Lumpur, Bangkok, Buenes Aires, Lagos Nigeria. That is all we know, wait for a final verdict from Avast Team, they command their detections and flag and blacklist.

polonus (volunteer third party cold reconnaissance website security analyst and website error-hunter)

[joesampson69]

There have been 8 new threats blocked all from a new url koocoofydotcom url:phishing. Thats a total of 18 so far in about 24 hours.
sitecheck.sucuri.net/results/koocoofy.com/boajdtd.json


At the bottom of the threat warnings there is an Alert ID. That says the support team can use to these to better understand my alerts. Is this just for Avasts internal use or can they use to help pinpoint my issues?

These are the alert id's for some of these new threats
4fec997ce794/2022-07-16T21:30:41.921Z
6a5462f7a18d/2022-07-16T21:30:42.309Z
6d803819c401/2022-07-16T21:30:42.467Z
3b391982963c/2022-07-16T21:30:43.078Z


Thank you to everyone who has helped!!!

[DavidR]

To those who have responded in this topic these id's are of no help, it may be of help to members of the Virus Labs Team, but their activity in the forums is limited.  As Avast Users we are limited in what we can do.

However, something is using your browser to connect to these malicious (or so avast thinks) sites.  Which is why I suggest you check your extensions/add-ons or a browser reset. 

I can only guess you haven't tried either ?
- another option would to run the browsers extensions/add-ons disabled.
See - https://www.google.co.uk/search?q=how+to+run+chrome+with+extensions+disabled

[polonus]

That IP was also blocked by Sophos as given here: https://www.abuseipdb.com/check/139.45.197.151
Re: https://www.shodan.io/host/139.45.197.151

7 av-vendors to detect: https://www.virustotal.com/gui/url/58dac947fe476c6ca252992fe16b2399d350a2d4e2796a65a28f26f1acd90ce1?nocache=1

Quite some domain range to check and eventually block;
see: : https://api.hackertarget.com/reverseiplookup/?q=139.45.197.151

Another malicious one: https://www.virustotal.com/gui/domain/watchmytopapp.top (flagged by Heimdahl).
Not scanned: https://sitecheck.sucuri.net/results/watchmytopapp.top

RETN Limited should watch their domains and accordingly should be watched by security solutions for abuse.

polonus