Forum Discussion

wrmiles's avatar
wrmiles
New Contributor
5 years ago

Malwarebytes blocking Cox website

I have been getting repeated warnings of Malwarebytes blocking an outbound connection to cox.rs.oxcs.net fpr phishing

I have not attempted to go to this website.

I am on Windows 10, browser is MSN Explorer, with daily scans by Malwarebytes and Windows Defender

Any idea of what may be going on?

  • Bruce's avatar
    Bruce
    Honored Contributor III

    It could be 3 things affecting you.

    First, from a gist of the replies to your post, it could be 1 of 2 things.  Either Cox (outsourced Cox) has an issue with certificates (authentication)...or MalwareBytes flagged a False-Positive with cox.rs.oxcs.net (looks bad but is harmless).  Troubleshooting certificate errors could be quite involved but removing a False-Positive is quite easy.  Either way, MalwareBytes was blocking your connection.

    Second, although you're not using Cox email, something on your computer is instructing cox.rs.oxcs.net.  This could be just an effect of your traffic originating from the Cox domain (DNS, routing, stored cookies).  However, this instruction has always been happening on your computer but you only became aware of it via MalwareBytes.  As Kevin recommended, you should clear your cookies.  Furthermore, you should clear your cookies every time you close your browser.  This is how and follow any step "...to clear automatically..."

    http://www.clearallhistory.com/help/Using/Clear-MSN-Explorer-History.html#cookies

    Third, inactive for lack of use.  Cox has a new policy to reduce email accounts:  "As of August 15, 2019, Cox no longer offers the ability for new and existing Cox Internet customers to create new Cox Email accounts."  If you had an account but never used it, Cox may have just deleted it.

    www.cox.com/.../cox-email-creation-policy.html

  • ChrisL's avatar
    ChrisL
    Former Moderator
    Based on the host you've indicated it sounds like access to our email service is being attempted. If you're not initiating this activity or don't have an email client setup it's possible you have malware attempting to send spam via our email platform.

    -Chris
    • wrmiles's avatar
      wrmiles
      New Contributor

      OP here:

      Thank you for the responses, but I am still quite confused.

      If the offending website is Cox -mail, I have never configured any browsers to use it and my Cox e-mail is now inactive for lack of use. I cannot find any record of attempted contacts in browser history.So why would my browser be attempting to contact it?

      I suppose it could be a malware problem, but neither Malwarebytes nor Windows defender can find anything. In addition, it would appear that the contacting of the Cox website would have to built into the malware, since the website is not stored in my computer that I can tell.

      Any other thoughts? I may try asking about this on the Malwarebytes forum.

      • Bruce's avatar
        Bruce
        Honored Contributor III

        What are you using for Cox mail?  Do you use an email notification tool?

  • biscuits's avatar
    biscuits
    New Contributor

    I'm getting the same warning every time I try to access my Cox email. How to I connect with my email?

    • ChrisL's avatar
      ChrisL
      Former Moderator
      It seems that MalwareBytes has listed our mail server hosts as potential phishing sites. We're engaging with their support to see what can be done to get this corrected.

      -Chris
  • polarman's avatar
    polarman
    New Contributor

    I can't get into email either...getting Error code: SSL_ERROR_RX_RECORD_TOO_LONG    also, Malwarebytes blocking due to possible phishing. Anyone having any luck with this?

  • JFoosh5652's avatar
    JFoosh5652
    New Contributor

    I'll add to this discussion. Trying to access email on account and getting this "

    Can’t connect securely to this page

    This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner.?  

    • Bruce's avatar
      Bruce
      Honored Contributor III

      What OS, browser or client are you using?

  • Bruce's avatar
    Bruce
    Honored Contributor III

    Is MSN Explorer different from Microsoft Edge?  MSN products have always been very intrusive.  If you configured the Win10 email notification app with Cox, I'd presume the app is sharing data with MSN Explorer to harvest data.

    I'd either use a different browser...not use the Win10 app (I use Esumsoft's POPPeeper)...or edit your host file for cox.rs.oxcs.net.

    • polarman's avatar
      polarman
      New Contributor

      I had a chat with a Cox rep. and he said the email server is under maintenance ......I never saw an alert to this fact. I have tried multiple  browsers with the same error message. This is getting old real fast!

      • Bruce's avatar
        Bruce
        Honored Contributor III

        Any properly scheduled and executed maintenance would have gone completely unnoticed to us.  If a rep says maintenance...during peak hours across all time-zones...it means something else.  They're probably troubleshooting a problem.