Jump to content

False positives on www.LinkedIn.com


RichardUK

Recommended Posts

Every time I go to the www.LinkedIn.com or www.LinkedIn.co.uk websites (ip's 64.74.98.80 and 64.74.98.86 respectively), Malwarebytes reports suspicious packet blocked on ip's 93.188.128.15 and 93.188.128.44 respectively (i.e. Panther Express Corp.). Also the web pages are not being display in their full glory, but instead in a much simplified form.

Since the Malwarebytes application first reported this, I placed a block on all traffic in my separate hardware firewall PC (which is configured as a dedicated BSD o/s network security device) on the address range 93.188.128.0 - 93.188.135.255 (or 93.188.128.0/21 for short) i.e. Panther Express Corp.

The important things to note are that when I now try to go to the above websites using my Linux/Ubuntu laptop, the same thing happens as above. Also removing the blocked range of IP address ranges as quoted above causes the LinkedIn website to behave normally.

I suspect that the LinkedIn websites are using some weird configuration/redirection which is causing the Malwarebytes application to create false positives.

Link to post
Share on other sites

Sadly this is not a false positive. Aside from ad servers, this range houses everything from exploits to malware to phishing scams, and is also one of many homes used by the UKRTelegroup group (well known as a criminal entity, based in the Ukraine, with ties to the RBN (Russian Business Network))

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.