Jump to content

Possible FP Riskware detection: wtsky.net during Speedtest runs


Recommended Posts

Please review this 100% repro of riskware warnings during Speedtest runs. I didn't find any other forum posts with the wtsky.net domain or IP address.


04/09/23    " 12:15:07.500"    119171    0f48    3068    INFO    MwacLib    NetworkRules::IsBadIpAddress    "networkrules.cpp"    478    "Rule matched! IpAddress= NetAddress= SubnetMask= CategoryName=Riskware ThreatName="
04/09/23    " 12:15:07.500"    119171    0f48    3068    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus    "whitelistmanager.cpp"    302    "White list status: IpDomain ' ' E7663A6265C7CB96BF36E472294B7828  => None:Unknown"
04/09/23    " 12:15:07.763"    119437    0f48    3068    INFO    MwacLib    NetworkEventHandler::ProcessDnsMessage    "networkeventhandler.cpp"    791    "Detected malicious A record in DNS response: Name=speedtest.sttl.wa.wtsky.net Address="
04/09/23    " 12:15:07.765"    119437    0f48    2ffc    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus    "whitelistmanager.cpp"    302    "White list status: IpDomain ' speedtest.sttl.wa.wtsky.net' E7663A6265C7CB96BF36E472294B7828 8628CD90C9ACE0AA7F52F3A7313E1712  => None:Unknown"
04/09/23    " 12:15:07.766"    119437    0f48    2ffc    INFO    MwacLib    NetworkEventHandler::connectionRedirected    "networkeventhandler.cpp"    260    "Connection redirected: ProcessId=3640 (C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6\Speedtest.exe) RemoteAddress= LocalAddress= Protocol=TCP"
04/09/23    " 12:15:07.766"    119437    0f48    2ffc    INFO    MwacLib    MwacLibImpl::InvokeBlockCallback    "mwaclibimpl.cpp"    1378    "Connection blocked! ProcessId=3640 ProcessPath=C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6\Speedtest.exe Domain=speedtest.sttl.wa.wtsky.net Address= Port=8080 Category=Riskware Direction=Outbound ReportOnly=0 ListName=ipBlockList"
04/09/23    " 12:15:07.766"    119437    0f48    2a14    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackWorker    "mwaccontrollerimplhelper.cpp"    3056    "Block notification callback: url='speedtest.sttl.wa.wtsky.net', ipAddr='', processPath='C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6\Speedtest.exe', category='Riskware', threatName=''"
04/09/23    " 12:15:07.766"    119437    0f48    2a14    INFO    MwacControllerImpl    mb::mwaccontrollerimpl::MwacControllerImpl::InvokeBlockNotificationCallbackWorker    "mwaccontrollerimplhelper.cpp"    3057    "AppDetectionNotification=F, BlockNotification=T"
04/09/23    " 12:15:07.779"    119453    0f48    2a14    INFO    MWACControllerCOM    CMWACController::WebsiteBlockedNotificationCallback    "mwaccontroller.cpp"    1463    "Malicious Website Protection, ipBlockList,, speedtest.sttl.wa.wtsky.net, 8080, Outbound, C:\Program Files\WindowsApps\Ookla.SpeedtestbyOokla_1.16.165.0_x64__43tkc6nmykmb6\Speedtest.exe"

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.