Jump to content
Yoda1953

IP block 85.17.184.224 false positive?

Recommended Posts

I got this IP block in MBAM 85.17.184.224.

Probably a false positive.

IPnetinfo reports this:

% This is the RIPE Database query service.

% The objects are in RPSL format.

%

% The RIPE Database is subject to Terms and Conditions.

% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to '85.17.184.0 - 85.17.184.255'

inetnum: 85.17.184.0 - 85.17.184.255

netname: LEASEWEB

descr: LeaseWeb

descr: P.O. Box 93054

descr: 1090BB AMSTERDAM

descr: Netherlands

descr: www.leaseweb.com

remarks: Please send email to "abuse@leaseweb.com" for complaints

remarks: regarding portscans, DoS attacks and spam.

remarks: INFRA-AW

country: NL

admin-c: LSW1-RIPE

tech-c: LSW1-RIPE

status: ASSIGNED PA

mnt-by: OCOM-MNT

changed: ripe@leaseweb.com 20070730

source: RIPE

person: RIP Mean

address: P.O. Box 93054

address: 1090BB AMSTERDAM

address: Netherlands

phone: +31 20 3162880

fax-no: +31 20 3162890

abuse-mailbox: abuse@leaseweb.com

e-mail: ripe@leaseweb.com

nic-hdl: LSW1-RIPE

notify: ripe@leaseweb.com

mnt-by: OCOM-MNT

changed: ripe@ocom.com 20050607

changed: ripe@ocom.com 20060215

changed: ripe@ocom.com 20060608

changed: ripe@ocom.com 20080603

source: RIPE

% Information related to '85.17.0.0/16AS16265'

route: 85.17.0.0/16

descr: LEASEWEB

origin: AS16265

remarks: LeaseWeb

mnt-by: OCOM-MNT

changed: ripe@ocom.com 20050311

changed: ripe@ocom.com 20070610

source: RIPE

:blink:

Share this post


Link to post
Share on other sites

It's not on hpHosts or MalwareDomain lists so it might be clean. The IP resolves out to softarchive.net and mail.softarchive.net

It passed IPVoid as clean and a few others as well.

~Shy

Share this post


Link to post
Share on other sites
Thanks for the info. I'll check IPvoid as you mentioned from now on.

I'd wait for an official reply from AdvancedSetup or MysteryFCM before I went there though. Sometimes MBAM blocks certain IPs because of the servers they're on, the whole IP block of numbers, etc. OR, softarchive.net *might* deal in grey software. :blink:

~Shy

EDIT: Changed typo from .com to .net -

Share this post


Link to post
Share on other sites

Oh, I just found it. Just copy the IPaddress in firefox or other browser and presto ....

Share this post


Link to post
Share on other sites
I'd wait for an official reply from AdvancedSetup or MysteryFCM before I went there though. Sometimes MBAM blocks certain IPs because of the servers they're on, the whole IP block of numbers, etc. OR, softarchive.com *might* deal in grey software. :blink:

~Shy

Thanks, but what are those? (AdvancedSetup and MysteryFCM. And true .. softarchive.net has 'grey' software and the like.

Share this post


Link to post
Share on other sites
Thanks, but what are those? (AdvancedSetup and MysteryFCM. And true .. softarchive.net has 'grey' software and the like.

They can tell you why that IP is blocked by MBAM as they run the lists. :blink:

~Shy

PS: To get the name of the site I went through a bunch of websites that track IPs, domains, email reps, site reps, etc, until I found it. There's probably an easier way but I just stumble along until I find out what I'm looking for. :blink: I have no official standing here and I'm not an expert - IP/DOMAINS are just a hobby of mine. BTW; even tho' MBAM blocked the site, when I did a Google search, Web of Trust, FinJan Secure Browsing and Browser Defender all said the site was OK. Grey software is not exactly a "warez" site but it's not an official distribution either..

Share this post


Link to post
Share on other sites

Use this site for one-stop shopping on IP/DOMAIN things.. Doesn't tell you if there's malware there but tells you everything else.

http://www.robtex.com/

Enter the IP or DOMAIN in the top left text box and click on SEARCH.

~Shy

Share this post


Link to post
Share on other sites
Right, and thanx again. By the way softarchive.net IS a warez site :blink:

*laugh* Ok then.. NOW you know why it's being blocked by MBAM...

~Shy

Share this post


Link to post
Share on other sites

OK then but it doesn't block Nsanedown (site loaded with warez) and the like. I just bought a full lisence and I'm trying things out.

Nice proggie hardly know its there (light on resources).

Share this post


Link to post
Share on other sites

Our IP/website researcher will comment on this thread later today, he is the one that maintains the list and does most of the research involved with it.

Share this post


Link to post
Share on other sites
Right, and thanx again. By the way softarchive.net IS a warez site :D

This is not a false positive (and I suspect you already knew that, and knew exactly what the IP belonged to before the domain was even mentioned by ShyWriter). Aswell as warez, the site is involved in phishing (via nowdownloadall.com) etc, Leaseweb were already notified when this was first blocked, so as soon as the site is gone, the block will be removed.

Share this post


Link to post
Share on other sites
This is not a false positive (and I suspect you already knew that, and knew exactly what the IP belonged to before the domain was even mentioned by ShyWriter). Aswell as warez, the site is involved in phishing (via nowdownloadall.com) etc, Leaseweb were already notified when this was first blocked, so as soon as the site is gone, the block will be removed.

I kind of got that I'd been had when we got to the grey/warez portion of the comments. I was surprised tho' that all the sites I ran it through for ID said it was clean. In fact, I think I ran it through your hpHosts site and never got a ding either. I just can't figure out what I'm doing wrong when the sites I check pass the URL/IP-void scans and when I check them on Google, they show good via WOT, FinJan and Browser Defender??

~Shy

Share this post


Link to post
Share on other sites

That's already been handled :) (I wasn't aware of it, which is why it wasn't listed in hpHosts, and wasn't blocked by MBAM).

Share this post


Link to post
Share on other sites

nsanedown.com IS listed in hphosts.

I got a another one for you :) , which is listed in hphosts but not blocked by MBAM, empornium.us. A dangerous torrent porn website.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.