Jump to content

Possible FP IP 95.211.81.72


mona7865
 Share

Recommended Posts

I got this pop up about IP 95.211.81.72 (database version 2608) on the HP mini PC when doing a manual update for Windows Defender (using Safari browser). I couldn't reproduce it on the Dell Inspiron so far. Edit: after updating to DB 2608 and restarting, I get this pop up on the Dell Inspiron as well.

This is what I found on Whois:

IP Information for 95.211.81.72

IP Location: Netherlands Netherlands Amsterdam Leaseweb

Resolve Host: hosted-by.leaseweb.com

IP Address: 95.211.81.72 [Whois] [Reverse-Ip] [Ping] [DNS Lookup] [Traceroute]

Blacklist Status: Clear

Whois Record

OrgName: RIPE Network Coordination Centre

OrgID: RIPE

Address: P.O. Box 10096

City: Amsterdam

StateProv:

PostalCode: 1001EB

Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 95.0.0.0 - 95.255.255.255

CIDR: 95.0.0.0/8

NetName: 95-RIPE

NetHandle: NET-95-0-0-0-1

Parent:

NetType: Allocated to RIPE NCC

NameServer: NS-PRI.RIPE.NET

NameServer: SEC1.APNIC.NET

NameServer: SEC3.APNIC.NET

NameServer: TINNIE.ARIN.NET

NameServer: NS2.LACNIC.NET

Comment: These addresses have been further assigned to users in

Comment: the RIPE NCC region. Contact information can be found in

Comment: the RIPE database at http://www.ripe.net/whois

RegDate: 2007-07-30

Updated: 2009-05-18

== Additional Information From whois://whois.ripe.net:43 ==

inetnum: 95.211.0.0 - 95.211.255.255

org: ORG-OB3-RIPE

admin-c: LSW1-RIPE

tech-c: LSW1-RIPE

netname: NL-LEASEWEB-20080724

descr: LeaseWeb B.V.

country: NL

status: ALLOCATED PA

remarks: Please send email to for complaints

remarks: regarding portscans, DoS attacks and spam.

mnt-by: RIPE-NCC-HM-MNT

mnt-lower: LEASEWEB-MNT

mnt-routes: LEASEWEB-MNT

source: RIPE # Filtered

organisation: ORG-OB3-RIPE

org-name: LeaseWeb B.V.

org-type: LIR

address: Ocom B.V.

P.O. Box 93054

1090 BB Amsterdam

Netherlands

phone: +31 30 2369745

fax-no: +31 20 4889458

admin-c: SPW1-RIPE

admin-c: gj907-ripe

admin-c: LSW1-RIPE

mnt-ref: OCOM-MNT

mnt-ref: RIPE-NCC-HM-MNT

mnt-by: RIPE-NCC-HM-MNT

source: RIPE # Filtered

person: RIP Mean

address: P.O. Box 93054

address: 1090BB AMSTERDAM

address: Netherlands

phone: +31 20 3162880

fax-no: +31 20 3162890

abuse-mailbox:

nic-hdl: LSW1-RIPE

mnt-by: OCOM-MNT

source: RIPE # Filtered

route: 95.211.0.0/16

descr: LEASEWEB

origin: AS16265

remarks: LeaseWeb

mnt-by: OCOM-MNT

source: RIPE # Filtered

Thank you very much for looking into this.

Link to post
Share on other sites

The LeaseWeb IP range is blocked because they are housing known criminals and doing nothing about it.

I've checked both of the Kaspersky domains you've referenced, and neither resolve to this IP range.

95.211.85.42 is pointing to Kaspersky Update Server - dnl-04.geo.kaspersky.com.

post-6282-1250081660_thumb.jpg

Link to post
Share on other sites

@secret365: I don' have Kaspersky antivirus installed on both systems.

The odd thing is that this pop up only occured when doing my manual daily updates for Windows Defender and only when using Safari as browser. ;) I'll keep checking it.

Link to post
Share on other sites

@secret365: I don' have Kaspersky antivirus installed on both systems.

The odd thing is that this pop up only occured when doing my manual daily updates for Windows Defender and only when using Safari as browser. ;) I'll keep checking it.

Thanks for letting me know.

Unfortunately, I am not using both Windows Defender & Safari.

Link to post
Share on other sites

They've been unblocked, yes.

If necessary, and you've not already done so, please try re-starting your computer.

Hello Steven,

Thanks for the reply.

The strange thing is I am still unable to reach both IP - 95.211.81.72 & 95.211.85.42 (Yes, I have the latest database version: 2615 & I have restarted my computer a few times). ;)

Wondering what's wrong? :)

Link to post
Share on other sites

Hello Steven,

I did a complete uninstall & reinstall of Malwarebytes' Anti-Malware.

Before updating to the latest database, I tried accessing IP 174.132.233.35 (refer to this link for more information) & IP 95.211.85.42, they were blocked as expected.

http://www.malwarebytes.org/forums/index.php?showtopic=20746

I updated the database to 2634 & reboot my computer.

The strange thing - 174.132.233.35 is no longer blocked but 95.211.85.42 is still blocked.

If there is a known bug running under Windows XP, shouldn't both be blocked?

Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.