Jump to content
mona7865

Possible FP IP 95.211.81.72

Recommended Posts

I got this pop up about IP 95.211.81.72 (database version 2608) on the HP mini PC when doing a manual update for Windows Defender (using Safari browser). I couldn't reproduce it on the Dell Inspiron so far. Edit: after updating to DB 2608 and restarting, I get this pop up on the Dell Inspiron as well.

This is what I found on Whois:

IP Information for 95.211.81.72

IP Location: Netherlands Netherlands Amsterdam Leaseweb

Resolve Host: hosted-by.leaseweb.com

IP Address: 95.211.81.72 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]

Blacklist Status: Clear

Whois Record

OrgName: RIPE Network Coordination Centre

OrgID: RIPE

Address: P.O. Box 10096

City: Amsterdam

StateProv:

PostalCode: 1001EB

Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 95.0.0.0 - 95.255.255.255

CIDR: 95.0.0.0/8

NetName: 95-RIPE

NetHandle: NET-95-0-0-0-1

Parent:

NetType: Allocated to RIPE NCC

NameServer: NS-PRI.RIPE.NET

NameServer: SEC1.APNIC.NET

NameServer: SEC3.APNIC.NET

NameServer: TINNIE.ARIN.NET

NameServer: NS2.LACNIC.NET

Comment: These addresses have been further assigned to users in

Comment: the RIPE NCC region. Contact information can be found in

Comment: the RIPE database at http://www.ripe.net/whois

RegDate: 2007-07-30

Updated: 2009-05-18

== Additional Information From whois://whois.ripe.net:43 ==

inetnum: 95.211.0.0 - 95.211.255.255

org: ORG-OB3-RIPE

admin-c: LSW1-RIPE

tech-c: LSW1-RIPE

netname: NL-LEASEWEB-20080724

descr: LeaseWeb B.V.

country: NL

status: ALLOCATED PA

remarks: Please send email to for complaints

remarks: regarding portscans, DoS attacks and spam.

mnt-by: RIPE-NCC-HM-MNT

mnt-lower: LEASEWEB-MNT

mnt-routes: LEASEWEB-MNT

source: RIPE # Filtered

organisation: ORG-OB3-RIPE

org-name: LeaseWeb B.V.

org-type: LIR

address: Ocom B.V.

P.O. Box 93054

1090 BB Amsterdam

Netherlands

phone: +31 30 2369745

fax-no: +31 20 4889458

admin-c: SPW1-RIPE

admin-c: gj907-ripe

admin-c: LSW1-RIPE

mnt-ref: OCOM-MNT

mnt-ref: RIPE-NCC-HM-MNT

mnt-by: RIPE-NCC-HM-MNT

source: RIPE # Filtered

person: RIP Mean

address: P.O. Box 93054

address: 1090BB AMSTERDAM

address: Netherlands

phone: +31 20 3162880

fax-no: +31 20 3162890

abuse-mailbox:

nic-hdl: LSW1-RIPE

mnt-by: OCOM-MNT

source: RIPE # Filtered

route: 95.211.0.0/16

descr: LEASEWEB

origin: AS16265

remarks: LeaseWeb

mnt-by: OCOM-MNT

source: RIPE # Filtered

Thank you very much for looking into this.

Share this post


Link to post
Share on other sites

I also encountered this but a different IP - 95.211.85.42.

By any chance, you are also a Kaspersky Anti-Virus user like me?

95.211.85.42 seems related to kaspersky.com or kaspersky-labs.com.

Share this post


Link to post
Share on other sites

The LeaseWeb IP range is blocked because they are housing known criminals and doing nothing about it.

I've checked both of the Kaspersky domains you've referenced, and neither resolve to this IP range.

Share this post


Link to post
Share on other sites
The LeaseWeb IP range is blocked because they are housing known criminals and doing nothing about it.

I've checked both of the Kaspersky domains you've referenced, and neither resolve to this IP range.

95.211.85.42 is pointing to Kaspersky Update Server - dnl-04.geo.kaspersky.com.

post-6282-1250081660_thumb.jpg

Share this post


Link to post
Share on other sites

Thanks for letting me know, I'll get an exception made for this one.

Share this post


Link to post
Share on other sites

@secret365: I don' have Kaspersky antivirus installed on both systems.

The odd thing is that this pop up only occured when doing my manual daily updates for Windows Defender and only when using Safari as browser. ;) I'll keep checking it.

Share this post


Link to post
Share on other sites

Both IP's will be unblocked as of the next update.

Share this post


Link to post
Share on other sites
@secret365: I don' have Kaspersky antivirus installed on both systems.

The odd thing is that this pop up only occured when doing my manual daily updates for Windows Defender and only when using Safari as browser. ;) I'll keep checking it.

Thanks for letting me know.

Unfortunately, I am not using both Windows Defender & Safari.

Share this post


Link to post
Share on other sites

Thank you very much (it was the very first pop up since version 1.40 was released - I kept checking whether the IP protection was enabled) ;)

Share this post


Link to post
Share on other sites

No problem ;)

Share this post


Link to post
Share on other sites
Thank you very much (it was the very first pop up since version 1.40 was released - I kept checking whether the IP protection was enabled) ;)

The easy way to test is trying to access those IPs listed in the "False Positives" section. :)

Share this post


Link to post
Share on other sites

Or being a bit more adventurous when browsing the web. ;) (instead of always visiting the same, familiar, websites).

Share this post


Link to post
Share on other sites
Both IP's will be unblocked as of the next update.

Hello Steven,

Just want to find out have you unblocked these IP?

I am using Data Version: 2615 & IP 95.211.85.42 is still blocked.

Thanks.

Share this post


Link to post
Share on other sites

They've been unblocked, yes.

If necessary, and you've not already done so, please try re-starting your computer.

Share this post


Link to post
Share on other sites
They've been unblocked, yes.

If necessary, and you've not already done so, please try re-starting your computer.

Hello Steven,

Thanks for the reply.

The strange thing is I am still unable to reach both IP - 95.211.81.72 & 95.211.85.42 (Yes, I have the latest database version: 2615 & I have restarted my computer a few times). ;)

Wondering what's wrong? :)

Share this post


Link to post
Share on other sites

Are you running XP by any chance? (there's a known bug that could be causing this aswell)

Share this post


Link to post
Share on other sites
Are you running XP by any chance? (there's a known bug that could be causing this aswell)

Yes, I am using XP Pro SP3.

Share this post


Link to post
Share on other sites

Hello Steven,

I did a complete uninstall & reinstall of Malwarebytes' Anti-Malware.

Before updating to the latest database, I tried accessing IP 174.132.233.35 (refer to this link for more information) & IP 95.211.85.42, they were blocked as expected.

http://www.malwarebytes.org/forums/index.php?showtopic=20746

I updated the database to 2634 & reboot my computer.

The strange thing - 174.132.233.35 is no longer blocked but 95.211.85.42 is still blocked.

If there is a known bug running under Windows XP, shouldn't both be blocked?

Thanks.

Share this post


Link to post
Share on other sites

This is a known bug with XP and should be fixed with the next release :rolleyes:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.