nangeek

False positive: 158.255.96.200

6 posts in this topic

Hello,

I am the hosting company concerned by this false positive, I launch a clamav antivirus on the server concerned by this IP. Result: We have no infected files.

thanks per advance to unban our IP address.

Mickaël.

Share this post


Link to post
Share on other sites

This is not an F/P. Multiple malicious domains and files have turned up on this IP over the last few weeks, including;


dofusbook.fr/Adobe-Flash-Setup.exe
trip.le-net.biz/dl/53.exe
trip.le-net.biz/dl/etr.exe
trip.le-net.biz/dl/host.exe
trip.le-net.biz/dl/index.php
trip.le-net.biz/dl/lol.exe
trip.le-net.biz/dl/lol2.exe
trip.le-net.biz/dl/oo.exe
trip.le-net.biz/dl/shc.deb
trip.le-net.biz/dl/udp.c
trip.le-net.biz/dl/udp.sh
trip.le-net.biz/dl/yt.exe
gameshack.fr/dl/logs.exe
xoiit.eu/WinDefender.exe
devil-est-le-king-du.net
boss-devil.us

Share this post


Link to post
Share on other sites

MysteryFCM,

I think that you are making a confusion between "Filter an IP" and "Filter a domain/URL"

158.255.96.200 is refering to our frontweb backend. On this IP, we have 6000 domains, do you really think that we are abble to prevent files uploaded by our customers ?

each day, we are closing several vhosts following to reports or abuses received by email, and scan results on ours servers.

Malwarebytes is the only software to block our IP address completely.

I suspended all sites that you have reported (as every day) so thanks to unban our IP address.

If you have an URL to subscribe, in order to receive daily reports from malwarebytes, don't hesitate to share it.

Mickael.

Share this post


Link to post
Share on other sites

There's no confusion, the IP was blocked instead of just the domains because;

1. Malwarebytes AntiMalware does not currently support blocking of domains/URLs

2. There were a significant amount of major malware on the IP and there was no response from the ASN.

I've unblocked the IP, and if you send me your e-mail address, I'll send reports for the IP to yourself as well as the ASN in future.

Share this post


Link to post
Share on other sites
I've unblocked the IP, and if you send me your e-mail address, I'll send reports for the IP to yourself as well as the ASN in future.

Great news, I'm sending you an email address by PM for future reports ;)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.