Jump to content

IP block 85.17.184.224 false positive?


Yoda1953

Recommended Posts

I got this IP block in MBAM 85.17.184.224.

Probably a false positive.

IPnetinfo reports this:

% This is the RIPE Database query service.

% The objects are in RPSL format.

%

% The RIPE Database is subject to Terms and Conditions.

% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to '85.17.184.0 - 85.17.184.255'

inetnum: 85.17.184.0 - 85.17.184.255

netname: LEASEWEB

descr: LeaseWeb

descr: P.O. Box 93054

descr: 1090BB AMSTERDAM

descr: Netherlands

descr: www.leaseweb.com

remarks: Please send email to "abuse@leaseweb.com" for complaints

remarks: regarding portscans, DoS attacks and spam.

remarks: INFRA-AW

country: NL

admin-c: LSW1-RIPE

tech-c: LSW1-RIPE

status: ASSIGNED PA

mnt-by: OCOM-MNT

changed: ripe@leaseweb.com 20070730

source: RIPE

person: RIP Mean

address: P.O. Box 93054

address: 1090BB AMSTERDAM

address: Netherlands

phone: +31 20 3162880

fax-no: +31 20 3162890

abuse-mailbox: abuse@leaseweb.com

e-mail: ripe@leaseweb.com

nic-hdl: LSW1-RIPE

notify: ripe@leaseweb.com

mnt-by: OCOM-MNT

changed: ripe@ocom.com 20050607

changed: ripe@ocom.com 20060215

changed: ripe@ocom.com 20060608

changed: ripe@ocom.com 20080603

source: RIPE

% Information related to '85.17.0.0/16AS16265'

route: 85.17.0.0/16

descr: LEASEWEB

origin: AS16265

remarks: LeaseWeb

mnt-by: OCOM-MNT

changed: ripe@ocom.com 20050311

changed: ripe@ocom.com 20070610

source: RIPE

:blink:

Link to post
Share on other sites
Thanks for the info. I'll check IPvoid as you mentioned from now on.

I'd wait for an official reply from AdvancedSetup or MysteryFCM before I went there though. Sometimes MBAM blocks certain IPs because of the servers they're on, the whole IP block of numbers, etc. OR, softarchive.net *might* deal in grey software. :blink:

~Shy

EDIT: Changed typo from .com to .net -

Link to post
Share on other sites
I'd wait for an official reply from AdvancedSetup or MysteryFCM before I went there though. Sometimes MBAM blocks certain IPs because of the servers they're on, the whole IP block of numbers, etc. OR, softarchive.com *might* deal in grey software. :blink:

~Shy

Thanks, but what are those? (AdvancedSetup and MysteryFCM. And true .. softarchive.net has 'grey' software and the like.

Link to post
Share on other sites
Thanks, but what are those? (AdvancedSetup and MysteryFCM. And true .. softarchive.net has 'grey' software and the like.

They can tell you why that IP is blocked by MBAM as they run the lists. :blink:

~Shy

PS: To get the name of the site I went through a bunch of websites that track IPs, domains, email reps, site reps, etc, until I found it. There's probably an easier way but I just stumble along until I find out what I'm looking for. :blink: I have no official standing here and I'm not an expert - IP/DOMAINS are just a hobby of mine. BTW; even tho' MBAM blocked the site, when I did a Google search, Web of Trust, FinJan Secure Browsing and Browser Defender all said the site was OK. Grey software is not exactly a "warez" site but it's not an official distribution either..

Link to post
Share on other sites
Right, and thanx again. By the way softarchive.net IS a warez site :D

This is not a false positive (and I suspect you already knew that, and knew exactly what the IP belonged to before the domain was even mentioned by ShyWriter). Aswell as warez, the site is involved in phishing (via nowdownloadall.com) etc, Leaseweb were already notified when this was first blocked, so as soon as the site is gone, the block will be removed.

Link to post
Share on other sites
This is not a false positive (and I suspect you already knew that, and knew exactly what the IP belonged to before the domain was even mentioned by ShyWriter). Aswell as warez, the site is involved in phishing (via nowdownloadall.com) etc, Leaseweb were already notified when this was first blocked, so as soon as the site is gone, the block will be removed.

I kind of got that I'd been had when we got to the grey/warez portion of the comments. I was surprised tho' that all the sites I ran it through for ID said it was clean. In fact, I think I ran it through your hpHosts site and never got a ding either. I just can't figure out what I'm doing wrong when the sites I check pass the URL/IP-void scans and when I check them on Google, they show good via WOT, FinJan and Browser Defender??

~Shy

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.