Jump to content


Photo

False positive: 158.255.96.200


  • Please log in to reply
5 replies to this topic

#1 nangeek

nangeek

    Staff

  • Moderators
  • PipPip
  • 54 posts
  • Gender:Female
  • Location:USA

Posted 03 July 2012 - 11:02 AM

.
Nan Coley
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#2 Inulogic

Inulogic

    New Member

  • Members
  • Pip
  • 3 posts

Posted 07 July 2012 - 05:40 PM

Hello,

I am the hosting company concerned by this false positive, I launch a clamav antivirus on the server concerned by this IP. Result: We have no infected files.

thanks per advance to unban our IP address.

Mickaƫl.

#3 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,398 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 14 July 2012 - 04:38 PM

This is not an F/P. Multiple malicious domains and files have turned up on this IP over the last few weeks, including;

dofusbook.fr/Adobe-Flash-Setup.exe
trip.le-net.biz/dl/53.exe
trip.le-net.biz/dl/etr.exe
trip.le-net.biz/dl/host.exe
trip.le-net.biz/dl/index.php
trip.le-net.biz/dl/lol.exe
trip.le-net.biz/dl/lol2.exe
trip.le-net.biz/dl/oo.exe
trip.le-net.biz/dl/shc.deb
trip.le-net.biz/dl/udp.c
trip.le-net.biz/dl/udp.sh
trip.le-net.biz/dl/yt.exe
gameshack.fr/dl/logs.exe
xoiit.eu/WinDefender.exe
devil-est-le-king-du.net
boss-devil.us

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#4 Inulogic

Inulogic

    New Member

  • Members
  • Pip
  • 3 posts

Posted 14 July 2012 - 05:10 PM

MysteryFCM,

I think that you are making a confusion between "Filter an IP" and "Filter a domain/URL"

158.255.96.200 is refering to our frontweb backend. On this IP, we have 6000 domains, do you really think that we are abble to prevent files uploaded by our customers ?
each day, we are closing several vhosts following to reports or abuses received by email, and scan results on ours servers.

Malwarebytes is the only software to block our IP address completely.
I suspended all sites that you have reported (as every day) so thanks to unban our IP address.

If you have an URL to subscribe, in order to receive daily reports from malwarebytes, don't hesitate to share it.

Mickael.

#5 MysteryFCM

MysteryFCM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 5,398 posts
  • Gender:Male
  • Location:Tyneside, UK

Posted 14 July 2012 - 08:53 PM

There's no confusion, the IP was blocked instead of just the domains because;

1. Malwarebytes AntiMalware does not currently support blocking of domains/URLs
2. There were a significant amount of major malware on the IP and there was no response from the ASN.

I've unblocked the IP, and if you send me your e-mail address, I'll send reports for the IP to yourself as well as the ASN in future.

Steven Burn

Malware Intelligence Analyst


staff.png

Follow us: Twitter, Become a fan: Facebook


#6 Inulogic

Inulogic

    New Member

  • Members
  • Pip
  • 3 posts

Posted 15 July 2012 - 12:23 PM

I've unblocked the IP, and if you send me your e-mail address, I'll send reports for the IP to yourself as well as the ASN in future.

Great news, I'm sending you an email address by PM for future reports ;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users