Microsoft site 131.107.115.28 blocked as known malware site, why?

**Moshe Goldfarb.** · Aug 26 '08, 02:45 PM

Re: Microsoft site 131.107.115.28 blocked as known malware site, why?

On Tue, 26 Aug 2008 03:32:29 -0700 (PDT), raylopez99 wrote:

I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.
>
Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.
>
RL
>
WHOIS Search Results
Your WHOIS Search Results
>
131.107.115.28
Record Type: IP Address
>
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
>
NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09

I believe that site has something to do with the search function in
Windows.
IOW when you do a Find it connects to that site for some reason.

I'd block the pig if I were you....

--
Moshe Goldfarb
Collector of soaps from around the globe.
Please visit The Hall of Linux Idiots:

Linux liars and "advocates" to avoid

http://linuxidiots.blogspot.com/

There are many Advocates who make incredible claims about linux. But can you trust them? In many cases the answer is NO so this blog is here to help readers distinguish between the few honest users and the dozens of liars, hypocrites and morons.

**The Ghost In The Machine** · Aug 26 '08, 06:35 PM

Re: Microsoft site 131.107.115.28 blocked as known malware site, why?

In comp.os.linux.a dvocacy, raylopez99
<raylopez99@yah oo.com>
wrote
on Tue, 26 Aug 2008 03:32:29 -0700 (PDT)
<5e7bb118-899a-49a1-a2a9-74f37e61c996@r6 6g2000hsg.googl egroups.com>:

I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.
>
Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.
>
RL
>
WHOIS Search Results
Your WHOIS Search Results
>
131.107.115.28
Record Type: IP Address
>
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
>
NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09
>

[1] Someone got cute and submitted this address to Webroot.
Talk to Webroot.

[2] Someone got *real* cute and infected crl.microsoft.c om.
Talk to Microsoft.

--
#191, ewill3@earthlin k.net
Linux makes one use one's mind.
Windows just messes with one's head.
** Posted from http://www.teranews.com **

**The Ghost In The Machine** · Aug 26 '08, 06:35 PM

Re: Microsoft site 131.107.115.28 blocked as known malware site, why?

In comp.os.linux.a dvocacy, Moshe Goldfarb.
<brick_n_straw@ gmail.com>
wrote
on Tue, 26 Aug 2008 10:39:07 -0400
<u5yn0m6vvxli.1 3d739fm1h5ef$.d lg@40tude.net>:

On Tue, 26 Aug 2008 03:32:29 -0700 (PDT), raylopez99 wrote:
>

>I was building a "hello world" application in ASP.NET and during the
>construction of the same it attempted to access the above site, owned
>by Microsoft. Webroot Spy Sweeper, which resides on my system,
>blocked the connection and lists the site as a known malware site.
>>
>Why is this and has anybody else had this happen? Ordinarily Webroot
>is very reliable.
>>
>RL
>>
>WHOIS Search Results
>Your WHOIS Search Results
>>
>131.107.115. 28
>Record Type: IP Address
>>
>OrgName: Microsoft Corp
>OrgID: MSFT
>Address: One Microsoft Way
>City: Redmond
>StateProv: WA
>PostalCode: 98052
>Country: US
>>
>NetRange: 131.107.0.0 - 131.107.255.255
>CIDR: 131.107.0.0/16
>NetName: MICROSOFT
>NetHandle: NET-131-107-0-0-1
>Parent: NET-131-0-0-0-0
>NetType: Direct Assignment
>NameServer: NS1.MSFT.NET
>NameServer: NS5.MSFT.NET
>NameServer: NS2.MSFT.NET
>NameServer: NS3.MSFT.NET
>NameServer: NS4.MSFT.NET
>Comment:
>RegDate: 1988-11-11
>Updated: 2004-12-09

>
I believe that site has something to do with the search function in
Windows.
IOW when you do a Find it connects to that site for some reason.
>
I'd block the pig if I were you....
>

The given address backresolves to crl.microsoft.c om.
The web server is active, though directory listing access
is denied, and none of index.html nor index.htm
nor index.asp exist. index.aspx generates a server error;
interestingly, the error page is different.

wget returns

Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322

Without more info I can't do much more.

--
#191, ewill3@earthlin k.net
Linux makes one use one's mind.
Windows just messes with one's head.
** Posted from http://www.teranews.com **

**raylopez99** · Aug 26 '08, 09:35 PM

Re: Microsoft site 131.107.115.28 blocked as known malware site, why?

On Aug 26, 11:22 am, The Ghost In The Machine
<ew...@sirius.t g00suus7038.net wrote:

Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
>
Without more info I can't do much more.
>

I would not be surprised if it's some backdoor portal to record "user
experiences" by MSFT for new users of Visual Studio 2008 (which is
what I'm using), of which I own a legal but academic copy.

RL

**Jerry McBride** · Aug 26 '08, 11:05 PM

Re: Microsoft site 131.107.115.28 blocked as known malware site, why?

raylopez99 wrote:

I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.
>
Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.
>
RL
>
WHOIS Search Results
Your WHOIS Search Results
>
131.107.115.28

I routinely blocks these as well:

127.0.0.1 genuine.microso ft.com
127.0.0.1 mpa.one.microso ft.com
127.0.0.1 wustat.windows. com
127.0.0.1 sa.windows.com
127.0.0.1 ie.search.msn.c om
127.0.0.1 se.windows.com
127.0.0.1 wutrack.windows .com

--

Jerry McBride (jmcbride@mail-on.us)

**Rex Ballard** · Aug 27 '08, 01:55 AM

Re: Microsoft site 131.107.115.28 blocked as known malware site, why?

On Aug 26, 6:32 am, raylopez99 <raylope...@yah oo.comwrote:

I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.

[snip details]

Think about it. You compiled an application, put it to the site, and
then were able to access and execute it.

If you can do it, so can malware hackers.

You know exactly where your page is supposed to be. But a malware
hacker could generate the bogus page, then send a link which would be
loaded when the e-mail is previewed. You don't even have to open the
e-mail, just preview it.

Because the infecting site would be a Microsoft site, it would be
nearly impossible to trace the perpetrator back to it's source.

**=?Utf-8?B?VGhvcm5oaWxs?=** · Aug 27 '08, 05:55 AM

Re: Microsoft site 131.107.115.28 blocked as known malware site, w

It happened to me while accessing the help icon under the snipper tool, which
appeared on my XP machine after the SP3 upgrade

"The Ghost In The Machine" wrote:

In comp.os.linux.a dvocacy, Moshe Goldfarb.
<brick_n_straw@ gmail.com>
wrote
on Tue, 26 Aug 2008 10:39:07 -0400
<u5yn0m6vvxli.1 3d739fm1h5ef$.d lg@40tude.net>:

On Tue, 26 Aug 2008 03:32:29 -0700 (PDT), raylopez99 wrote:

I was building a "hello world" application in ASP.NET and during the
construction of the same it attempted to access the above site, owned
by Microsoft. Webroot Spy Sweeper, which resides on my system,
blocked the connection and lists the site as a known malware site.
>
Why is this and has anybody else had this happen? Ordinarily Webroot
is very reliable.
>
RL
>
WHOIS Search Results
Your WHOIS Search Results
>
131.107.115.28
Record Type: IP Address
>
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
>
NetRange: 131.107.0.0 - 131.107.255.255
CIDR: 131.107.0.0/16
NetName: MICROSOFT
NetHandle: NET-131-107-0-0-1
Parent: NET-131-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.MSFT.NET
NameServer: NS5.MSFT.NET
NameServer: NS2.MSFT.NET
NameServer: NS3.MSFT.NET
NameServer: NS4.MSFT.NET
Comment:
RegDate: 1988-11-11
Updated: 2004-12-09

I believe that site has something to do with the search function in
Windows.
IOW when you do a Find it connects to that site for some reason.

I'd block the pig if I were you....

>
The given address backresolves to crl.microsoft.c om.
The web server is active, though directory listing access
is denied, and none of index.html nor index.htm
nor index.asp exist. index.aspx generates a server error;
interestingly, the error page is different.
>
wget returns
>
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
>
Without more info I can't do much more.
>
--
#191, ewill3@earthlin k.net
Linux makes one use one's mind.
Windows just messes with one's head.
** Posted from http://www.teranews.com **
>