I am seeing Malwarebytes reporting blocking a compromised web site. Below is what it exports. I have enabled logging "allowed" as well as "blocked" traffic. Yet, I cannot find the listed IP address in the logs.
I remember reading somewhere on MWB website that Malwarebytes only sees traffic that goes thru the Windows Firewall. If so, how is it possible that MWB is reporting blocking traffic that the Firewall logs do not have any records of?
MWB export data:
Protection Event Date: 5/26/21
Protection Event Time: 11:09 AM
Log File: 5422de84-be34-11eb-8157-5404a604de73.json
Components Version: 1.0.1070
Update Package Version: 1.0.40940
OS: Windows Server 2012 R2
File System: NTFS
-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0, ,
IP Address: 188.8.131.52