Malwarebytes detected malicious website - Skype?

[i7-6700K]

So i just got this notification from malwarebytes that a malicious website has been blocked:

 

IP: 91.88.56.86

Port: 11922

Type: Inbound

Process: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

What does this mean? AM I INFECTED

 

[RedWulf]

1) false positive

2)virus piggybacking on the skype data

3)Microsoft spyware

either way it shouldn't hurt anything to let it be removed

 

 

[Mornincupofhate]

Most malware creators will just create their executables with legit application names and other data from it, so it might not be a false positive.

Your best bet would to be just remove any detections and then reinstall the legit apps.

[dark_xzyph3r]

4 minutes ago, i7-6700K said:

So i just got this notification from malwarebytes that a malicious website has been blocked:

 

IP: 91.88.56.86

Port: 11922

Type: Inbound

Process: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

What does this mean? AM I INFECTED

 

Do you live in France by any chance? That is where the IP originates from..

[i7-6700K]

1 minute ago, dark_xzyph3r said:

Do you live in France by any chance? That is where the IP originates from..

lol no i live in the u.s of a

[Mornincupofhate]

I remember there being something with wireshark where you could type in your DNS information, then if a connection called No-IP or something came up, you were being ratted, try and search the internet for it.

 

If you don't download random executables from the internet, or open random email documents, then you should be fine. 

[dark_xzyph3r]

Just now, i7-6700K said:

lol no i live in the u.s of a

Lol k..

 

General IP Information

IP:91.88.56.86

Decimal:1532508246

Hostname:86.56.88.91.rev.sfr.net

ASN:41334

ISP:Sfr Collectivites SA

Organization:Manche Telecom

Services:None detected

Type:Broadband

Assignment:Static IP

 

Geolocation Information

Continent:Europe

Country:France 

State/Region:Manche

City:Argouges

Latitude:48.5023  (48° 30′ 8.28″ N)

Longitude:-1.3968  (1° 23′ 48.48″ W)

Postal Code:50240

 

This is where the IP is located  Dunno why it would be contacting your IP..

[i7-6700K]

4 minutes ago, Mornincupofhate said:

Most malware creators will just create their executables with legit application names and other data from it, so it might not be a false positive.

Your best bet would to be just remove any detections and then reinstall the legit apps.

Well i scanned and there was no detections. Malwarebytes  just said that it blocked a malicious website.

[i7-6700K]

2 minutes ago, dark_xzyph3r said:

snippppppppppppppppppppppppppppppppppppp

Thats odd. Do you think it was just a false positive?>

[Mornincupofhate]

2 minutes ago, dark_xzyph3r said:

Lol k..

 

General IP Information

IP:91.88.56.86

Decimal:1532508246

Hostname:86.56.88.91.rev.sfr.net

ASN:41334

ISP:Sfr Collectivites SA

Organization:Manche Telecom

Services:None detected

Type:Broadband

Assignment:Static IP

 

Geolocation Information

Continent:Europe

Country:France 

State/Region:Manche

City:Argouges

Latitude:48.5023  (48° 30′ 8.28″ N)

Longitude:-1.3968  (1° 23′ 48.48″ W)

Postal Code:50240

 

This is where the IP is located  Dunno why it would be contacting your IP..

This is a French IP not owned by Skype.

I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets)

 

Chances are OP, you're being ratted.

[dark_xzyph3r]

3 minutes ago, i7-6700K said:

lol no i live in the u.s of a

Also is port 11922 open on your router? That port isn't standard so I still have no reason why it would attempt to contact that port.. Also why would it block a website when website ports are "80, 8080, 443"

[Moonzy]

skype is baaad, it runs at your background sucking up resources and is like an overly attached girlfriend

 

-le clicks quit skype- "are you sure you wanna close skype? you wont receive message blablablabla" -close it and never opened it again-

[Mornincupofhate]

Just now, dark_xzyph3r said:

Also is port 11922 open on your router? That port isn't standard so I still have no reason why it would attempt to contact that port.. Also why would it block a website when website ports are "80, 8080, 443"

^

You're being ratted.

[dark_xzyph3r]

1 minute ago, Mornincupofhate said:

This is a French IP not owned by Skype.

I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets)

 

Chances are OP, you're being ratted.

The hosting company is in Paris. https://en.wikipedia.org/wiki/SFR I cant find any info about them..

[i7-6700K]

9 minutes ago, Mornincupofhate said:

18 minutes ago, Mornincupofhate said:

This is a French IP not owned by Skype.

I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets)

 

Chances are OP, you're being ratted.

This is a French IP not owned by Skype.

I don't speak French and their website is too cancerous to read, but I'm fairly certain they're an offshore hosting company. (which people use to host malware and botnets)

 

Chances are OP, you're being ratted.

I just searched up similar problems that people had like this. This was one answer:

 

Malwarebytes has IP blocklists grabbed from a variety of sources.   Any IP in the world can be on a blocklist for a variety of reasons.  That IP is in an IP address range hosting at least one open-ended outgoing e-mail server.  Open ended SMTP servers are generally used to send spam, so it can end up on a spam blacklist even if no spam is ever sent.

 

Skype interacts with a lot of IPs.   So when Malwarebytes set's off its rather ridiculous alarms, all it's informing you is that Skype is interacting with an IP of a possible email server that "might" send out spam.  It doesn't mean you're infected or being attacked by anything.  It's not like you're interacting over e-mail (port 25) in the first place.  

[CyberMist]

8 hours ago, i7-6700K said:

So i just got this notification from malwarebytes that a malicious website has been blocked:

 

IP: 91.88.56.86

Port: 11922

Type: Inbound

Process: C:\Program Files (x86)\Skype\Phone\Skype.exe

 

What does this mean? AM I INFECTED

 

Fake alert.  However via skype have been done lot of virus/malwares infections and even hacking in to victims pc. Not mentioned its popular among heaters to trace victims IP and then ddos him during CS, CoD, LOL, or other game match..