Jump to content
illusionist

Microsoft IP fps - FIXED

Recommended Posts

Malwarebytes blocked an ?Outgoing connection? from C:\Windows\System32\svchost.exe as Phishing.


Category: Nätfiske
Domain: lgin.msa.trafficmanager.net
IP-adress: 40.90.137.124
Port: 443
File: C:\Windows\System32\svchost.exe

Should I be worried?

whatisthis.txt

Edited by Dashke

Share this post


Link to post
Share on other sites

Throwing off blocked malicious website alerts, all for login.live.com with different ports.  Coming from multiple endpoints.

Edited by Dashke

Share this post


Link to post
Share on other sites

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/10/20
Protection Event Time: 5:20 PM
Log File: 3a62cf26-4c21-11ea-b86d-6045cb9c59b9.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
License: Premium

-System Information-
OS: Windows 10 (Build 17763.973)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.137.126
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/10/20
Protection Event Time: 5:16 PM
Log File: aece50f2-4c20-11ea-a991-6045cb9c59b9.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
License: Premium

-System Information-
OS: Windows 10 (Build 17763.973)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.137.120
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

Share this post


Link to post
Share on other sites

Thanks for your help, we have disabled the rule and the update should be out soon!

In the meantime, please try adding these IPs to your exclusions list -

40.90.137.120
40.90.137.124
40.90.137.126
40.90.23.154

 

Edited by Dashke

Share this post


Link to post
Share on other sites
16 minutes ago, illusionist said:

Should I be worried?

Please see this post.

 

Share this post


Link to post
Share on other sites

Malwarebytes has been throwing up multiple Blocked Websites for official Microsoft domains in the past <30minutes this PC has been on;

-Log Details-
Protection Event Date: 10/02/2020
Protection Event Time: 16:02
Log File: abb2de59-4c1e-11ea-b3e0-4ccc6a241764.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
Licence: Premium

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.23.154
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

&

-Log Details-
Protection Event Date: 10/02/2020
Protection Event Time: 16:24
Log File: dded5b5c-4c21-11ea-9367-4ccc6a241764.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
Licence: Premium

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: lgin.msa.trafficmanager.net
IP Address: 40.90.23.154
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

Share this post


Link to post
Share on other sites
Just now, RStops said:

Malwarebytes has been throwing up multiple Blocked Websites for official Microsoft domains in the past <30minutes this PC has been on;

-Log Details-
Protection Event Date: 10/02/2020
Protection Event Time: 16:02
Log File: abb2de59-4c1e-11ea-b3e0-4ccc6a241764.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
Licence: Premium

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.23.154
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

&

-Log Details-
Protection Event Date: 10/02/2020
Protection Event Time: 16:24
Log File: dded5b5c-4c21-11ea-9367-4ccc6a241764.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
Licence: Premium

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: lgin.msa.trafficmanager.net
IP Address: 40.90.23.154
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

Please see this post.

 

Share this post


Link to post
Share on other sites

I went to the site https://answers.microsoft.com/en-us/windows/forum/windows_10-update and got a block on ipv4.login.msa.akadns6.net which as far as I can tell is the logon for the site.

 

image1.jpg.27d52b80913b691709cf61cff5eeb38b.jpg

I did a virus total and it isn't flagged anywhere.

Here is the detection log.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/10/20
Protection Event Time: 8:29 AM
Log File: 865a4bb0-4c22-11ea-a5fa-b88584a6ed27.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18996
License: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files (x86)\Google\Chrome\Application\chrome.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: ipv4.login.msa.akadns6.net
IP Address: 40.90.137.120
Port: 443
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(end)

Thanks,
Bill

Share this post


Link to post
Share on other sites

Hello, first time here. I have Malwarebytes regularly updated (current version 4.0.4). Since today, it started showing repeatedly the following blocking messages:

Blocked website
Domain: ipv4.login.msa.akadns6.net
Category: Phishing
File: C:\Windows32\svchost.exe

I did a thorough scan (including files), and nothing came out of it. It shows as I'm not infected.

Any ideas of how to solve this? Am I infected???

I attached the scan and report files.

 

Report-blocked website.txt Scan report.txt

Share this post


Link to post
Share on other sites

 Thanks for your help, we have disabled the rule and the update should be out soon!

In the meantime, please try adding these IPs to your exclusions list -

40.90.137.120
40.90.137.124
40.90.137.126
40.90.23.154

 

Share this post


Link to post
Share on other sites
3 minutes ago, Dashke said:

 Thanks for your help, we have disabled the rule and the update should be out soon!

In the meantime, please try adding these IPs to your exclusions list -


40.90.137.120
40.90.137.124
40.90.137.126
40.90.23.154

 

So, for us illiterates, is a false positive?

Nothing we should be worried then?

In any case, thanks for the quick reply!

Share this post


Link to post
Share on other sites

Yes, this was a fp, but it will be fixed soon. We are really sorry for the inconvenience and thanks for reporting it!

Share this post


Link to post
Share on other sites

Malware phishing data.txt I've been receiving a popup warning saying website blocked due to phishing about every 10 minutes for the past 40-50 minutes.  Ran a scan and found nothing.  Export text is attached.  Hoping someone can help. Thanks

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes for Windows Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column

    mbst_get_started.jpg
     
  7. Click the Gather Logs button

    mbst_advanced_gather_logs.jpg
     
  8. A progress bar will appear and the program will proceed with getting logs from your computer

    mbst_getting_logs.jpg
     
  9. Upon completion, a file named mbst-grab-results.zip will be found on your Desktop. Click OK

    mbst_log_saved_desktop.jpg
     
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:

     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/hc/en-us/requests/new to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/hc/en-us/articles/360038523934

 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Share this post


Link to post
Share on other sites
5 minutes ago, BadgerBadger said:

Hi

appears to be blocking the above, and preventing sign into Microsoft Mixer is this intended ?

Thanks. 

 

Share this post


Link to post
Share on other sites

I just had three real-time warnings in a row, with this info:

-Website Data-
Category: Phishing
Domain:
IP Address: 40.90.137.124
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

The latest Malwarebytes threat scan shows nothing (it was scheduled, finished just after I got the warnings), currently running a Windows Defender scan. I've attached the logs for the threat scan, FRST, Addition, and the blocked website. Thanks!

latest malwarebytes scan.txt phishing blocked website.txt Addition.txt FRST.txt

Share this post


Link to post
Share on other sites

i started up my computer and had my usual youtube tabs open but nothing else.. then i got a popup saying website blocked. I'm confused as to where it came from.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 10/02/2020
Protection Event Time: 17:02
Log File: 122779fc-4c27-11ea-b8fb-309c2382d314.json

-Software Information-
Version: 4.0.4.49
Components Version: 1.0.810
Update Package Version: 1.0.18998
Licence: Premium

-System Information-
OS: Windows 10 (Build 18362.592)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, C:\Windows\System32\svchost.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Phishing
Domain: fe-bl02p-msa.trafficmanager.net
IP Address: 40.90.23.154
Port: 443
Type: Outbound
File: C:\Windows\System32\svchost.exe

 

(end)

Share this post


Link to post
Share on other sites
1 minute ago, fregus said:

. then i got a popup saying website blocked. I'm confused as to where it came from.

It is a false positive and will be fixed soon no need to worry.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.