Microsoft site 131.107.115.28 blocked as known malware site, why?

  • Thread starter Thread starter raylopez99
  • Start date Start date
R

raylopez99

I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.

Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.

RL

WHOIS Search Results
Your WHOIS Search Results

131.107.115.28
Record Type: IP Address

OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09
 
I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.

Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.

RL

WHOIS Search Results
Your WHOIS Search Results

131.107.115.28
Record Type: IP Address

OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US

NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09
Click to expand...

I believe that site has something to do with the search function in
Windows.
IOW when you do a Find it connects to that site for some reason.

I'd block the pig if I were you....
 
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322

Without more info I can't do much more.
Click to expand...

I would not be surprised if it's some backdoor portal to record "user
experiences" by MSFT for new users of Visual Studio 2008 (which is
what I'm using), of which I own a legal but academic copy.

RL
 
raylopez99 said:
I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.

Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.

RL

WHOIS Search Results
Your WHOIS Search Results

131.107.115.28
Click to expand...

I routinely blocks these as well:

127.0.0.1 genuine.microsoft.com
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 wustat.windows.com
127.0.0.1 sa.windows.com
127.0.0.1 ie.search.msn.com
127.0.0.1 se.windows.com
127.0.0.1 wutrack.windows.com
 
I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft.  Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.
Click to expand...

[snip details]

Think about it. You compiled an application, put it to the site, and
then were able to access and execute it.

If you can do it, so can malware hackers.

You know exactly where your page is supposed to be. But a malware
hacker could generate the bogus page, then send a link which would be
loaded when the e-mail is previewed. You don't even have to open the
e-mail, just preview it.

Because the infecting site would be a Microsoft site, it would be
nearly impossible to trace the perpetrator back to it's source.
 
It happened to me while accessing the help icon under the snipper tool, which
appeared on my XP machine after the SP3 upgrade
 
Back
Top