iMac OS 10.13.4 & !MacKeeper

Ok, apologies for dragging this out, but I guess I'm not quite clear . . . if I tell it to notify me of updates, shouldn't it do that in a timely fashion thereby preventing me from having to check? If not, I should go back to Auto as I'm not THAT diligent about doing it myself. I'm just good about responding when notified.

With respect to the router, that was indeed the first part of the URL. Don't know if it allows wildcards. Interesting question. I will give it a try, but on all other websites, it stops it cold if I just put in the first part of the URL.

Thanks so much for all you sage advice Kurt. Sorry again for all the back and forth. (Are we allowed to do this? No one really seems to be commenting on the pop up problem anymore? : ) )

If you leave Flash set on notify, it will popup a box similar to what Java does. Like the Java updates, a fake will close with the browser. A real one will stay on the screen. So, it's no problem to leave it that way. You'll know when an update has been released.

I will give it a try, but on all other websites, it stops it cold if I just put in the first part of the URL.

Sounds like the router treats a partial as a match. That being the case, I'm not sure why it isn't halting any attempt to load the site.

getmackeeper.site actually uses three separate IP addresses. Rather than trying to block the name, put these IP addresses in:

34.193.189.141

34.234.176.200

52.206.13.238

Sorry again for all the back and forth. (Are we allowed to do this? No one really seems to be commenting on the pop up problem anymore? : ) )

Normally, such threadjacking is frowned upon (a completely different question inside of someone else's topic). But this is all closely related, so still helps anyone in the same situation.

we've all been talking about pop ups,

These can be whatever the scammer wants them to be. You are either:

1) On a site that has a malicious code on it

2) Visit a site that redirects you to the scam page

3) For 1 or 2, the scam can be either a popup, or a standard web page

Errr . . . I THINK I understand, but we'd probably have to get into a pretty long discussion in order for me to be sure.

There are some experts on other threads who, when they heard the term "pop ups" have been giving advice about how to deal with malware or adware or ad injectors, or whatever you want to call it.

None of that seems to be doing any good here because, if earthlink is to be believed (and admittedly I never feel all that confident when talking to the offshore support teams at big, faceless technology companies), this isn't some code, installed locally that is hijacking our browsers. It's a problem with THEIR web page being redirected.

I just want to make sure that we're not confusing this sort of an event with that of a pop-up ad. Otherwise we're all going to spend a lot of time pursuing the wrong problem it would seem to me.

Or am I missing something here?

That said, curious to know what you are experiencing at this time bmichna2 and tjsbear.

By the way, does everyone following see all the replies, or does this just ping you when I reply to you Kurt?

Or am I missing something here?

No, it can just be a bit confusing. When this "Your computer is infected" started in earnest a couple of years ago, it was almost all JavaScript popups, designed as I explained earlier to appear as if they couldn't be closed. Initially, Safari really was stuck because a popup had to be dealt with first. All other controls were grayed out. About the only way out was to Force Quit Safari, and then relaunch it with the Shift key held down. That tells Safari not to load any sites from the previous session.

Apple changed Safari so all you have to do is click the X on the tab to close the page, and the popup (if there is one) goes with it. Since the scammers couldn't easily "lock" you to a page anymore with a popup, that method has mostly been abandoned. Now the scam sites simply display the main page with the same virus nonsense instead of putting it in a popup.

By the way, does everyone following see all the replies, or does this just ping you when I reply to you Kurt?

Anyone can see if a topic you're in has had a new post added. Per the image below, the manual method is to click the Content link (seen at the top right) from any page. Then click Participated at the left, and finally, click Discussions. Any topic that has changed since you were last there will jump to the top of the list and the topic title will be in bold text. It isn't in this screen shot because I've since entered the topic again, and there isn't anything else new yet. But it was before I started this reply. It also tells you who the current last post is by. As you can see here, it's you. Once I post this and you look at the same list, my name will be their (assuming no one else posts directly behind me).

bmichna2, are things any better for you?

oops. meant to include . . . here are my Java settings

Great Kurt. Thanks again on all! We'll see where this gets us.

How is this possible if I've blacklisted them on my router? I double checked to be sure and Remote GUI and Remote Telnet are disabled, plus I have a particularly strong password.

Then that's not the problem. I threw it out there as a possibility as we have seen it more than a few times around these forums.

Nothing personal, but I've been strongly warned against running any system profiles except when working directly with Apple.

Understood. Around here, EtreCheck and MalwareBytes for Mac are both written and maintained by long-time users of these forums. You'll find user etresoft posting around here often. They are also the only two such apps that I and many other members will recommend without hesitation. They do what they say they're for, and nothing else. EtreCheck in particular was written specifically for these forums to help others.

Moreover, I got a note from apple saying they'd removed my link because it wasn't relevant to the original question.

The message probably sounded pretty flat. I was the person who reported the link to be removed. Not that it wasn't relevant, but just to keep other users from accidentally sending themselves to the same garbage site. The hosts routinely remove such links for that reason. The screen shot is the same location anyway, and says all anyone needs to know.

I leave Flash on Allow Adobe to install updates (recommended). It's to your own benefit for Adobe to be able to patch Flash as soon as they find and fix intrusion errors and other bugs.

Since a modem issue is highly unlikely, then you have something else installed that is causing the redirects. In lieu of running EtreCheck, I can suggest opening Safari's preferences. Click on the Extensions tab. Disable anything you don't recognize. If the problem goes away, you found at least one source of the problem. Delete the extension.