outgoing

Hi guys
I’m getting this message by malwarebytes:Successfully blocked access to a potentially malicious website:66.150.14.42
type:outgoing
Port:62408,Process:avastsvc.exe
I don’t have a clue what is this.Any help would be appreciated.
Cheers

hi Panos16,

I’m assuming you are running Malwarebytes Pro version. This block would be a part of the Malwarebytes database, and would not be directly affiliated with the one avast! uses.

Search and analysis below:
http://www.networksolutions.com/whois/results.jsp?ip=66.150.14.42
http://whois.net/ip-address-lookup/
http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=66.150.14.42
http://urlquery.net/report.php?id=2399230
Since the block is an outgoing connection attempt, this likely means that some agent is on your system, and is attempting to connect to this site.

Any outgoing block, either by avast!, Malwarebytes, or other, would be of concern to me, so I suggest the following procedure below:

See: http://forum.avast.com/index.php?topic=53253.0

Download and install the following four programs: AdwCleaner, Malwarebytes, (you already have that), OTL, and aswMBR.exe.

Attach all resutling logs in your next reply. Once this is done, a malware expert will be notified.

Malwarebytes Pro, especially the active real-time agent part of it, is known for false positives.

Did you ever visit pinball.com? urlquery.com indicates a problem at this site.

MBAM malicious website IP Detection reporting avastSvc.exe as process:
No avast isn’t infected. MBAM isn’t blocking avast as such, as the avastSvc.exe is the main avast service and it controls the various shields. The Web Shield routes all http traffic through its localhost proxy, so all MBAM sees is avastSvc.exe as the originating process, which is incorrect.

This is either you trying to connect to this IP via your browser or possibly a link in a site you’re viewing redirecting of getting content from that IP address.

What site were you on when this alert occurred ?

Personally with the avast! and the network shield and web shield, I feel this mbam pro feature is redundant, it also doesn’t do what it says on the tin, it blocks far more categories than just malicious website blocking. Not to mention it causes more grief than reassurance.

Hi,
this site looks rather malicious,see here :
http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=66.150.14.42
https://www.virustotal.com/en/ip-address/66.150.14.42/information/
http://www.projecthoneypot.org/ip_66.150.14.42 (See comment :
J.Hill15 commented…
It appears that I have a trojan on my Windows laptop that is trying to contact 66.150.14.40-42. Malwarebytes is preventing the contact, but it keeps trying. cycles between .40, .41 & .42
January 05 2013 10:46 PM )
http://www.mywot.com/en/scorecard/66.150.14.42
Regards,
Philip
P.S:Γεια σου Ελλάδα

When investigating look at the dates the WOT report is from 2010. By the looks of it pinballcorp.com hosts many sites on its servers, so this isn’t strange. Blocking the IP rather than a domain is going to give many hits on sites that aren’t infected.

Hi David,
the last reports are from 2012,you may want to look here http://www.mywot.com/en/scorecard/pinballcorp.com?utm_source=addon&utm_content=popup-donuts#page-2
Also, http://www.malwareurl.com/ns_listing.php?ns=ns2.pinballcorp.com .
Latest malware:
a.bigmonstertrees.com Adware 2013-01-06
a.autozforlife.com Adware 2013-01-30
a.bam-energy.com Adware 2013-02-03
b.9monthsafter.com Adware 2013-02-25
b.greenpipesky.com Adware 2013-04-06
s.compqueue.com Adware Hotbar 2013-04-06

Yes but they are sketchy to say the least ns2 is a server that is likely to have many hosted domains.

Avast has blocked IP addresses before and that can cause grief also when there are many domains hosted, which has resulted in an adjustment to block by domain name in instances like that. MBAM has no such correction the IP hits every single domain in that IP and currently there is no way of determining what domain this was trying to connect to.

As I have said:

Personally with the avast! and the network shield and web shield, I feel this mbam pro feature is redundant, it also doesn't do what it says on the tin, it blocks far more categories than just malicious website blocking.