Svchost.exe connections blocked by Avast

Hello, I have a question about an issue that, so far, I was not able to solve.
On my PC, Avast interrupted the connection of the process C:\Windows\System32\svchost.exe with the IP address 151.139.87.59 on Feb 24th, and again with the IP address 151.139.87.97 on March 6th because they are “affected” by “URL:Blacklist”.

The URL is precisely http://151.139.87.59/filestreamingservice/files/.../pieceshash?cacheHostOrigin=dl.delivery.mp.microsoft.com

I have then run the complete antivirus scan both with Avast and MS Defender, including the in-depth scan at PC booth, and nothing malicious was found.
These IP addresses seem to be located near where I live in Frankfurt (Germany). See https://whois.domaintools.com/151.139.87.97 and https://whois.domaintools.com/151.139.87.5 for example. Both IPs are also reported clean on https://www.virustotal.com/.

Is anyone able to explain why these addresses are in the Avast blacklist? And is there anything else to check what’s the root cause of Avast Premium Security blocking the connection of C:\Windows\System32\svchost.exe , if nothing malicious can be found on my PC neither by Avast nor MS Defender?

Thank you for your help!

If you think these detections are a false positive you may report such to Avast here: https://www.avast.com/false-positive-file-form.php#pc

You should get a reply in a few days or so.

As reported before elsewhere on these forums abuse has been reported on 151.139.87.97 for Stack Path:
https://www.abuseipdb.com/check/151.139.87.97
Potentially Bad Traffic, Potential Corporate Privacy Violation

Wait for a final verdict from avast’s,

polonus

Thank you, it looks like 151.139.87.97 is reported clean on https://www.virustotal.com/ , but as you say it’s been reported recently on https://www.abuseipdb.com/check/151.139.87.97

At this point, I am not sure if it’s a good idea to report is as a false positive - any idea about this?

In any case, I’ll keep an eye on it.

Hi Onky10,

Better wait for a final verdict from avast’s. About possible SSH attacks (https://www.shodan.io/host/151.139.87.97),
see the discussion here at information security: https://security.stackexchange.com/questions/256579/any-known-ssh-attacks-vulnerabilities-other-than-brute-force-dictionary-attacks
Also in this case: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

There must have been something that must have triggered this, and it was not only you reporting.

polonus