IP Address 23.185.0.1 - “Website blocked due to Trojan”

[garydylina_at_pantheon]

Hello,

We have received reports of difficulty reaching one of thousands of domains we host on 23.185.0.1.  Information contained in these forums suggests this may result from content on a different customer's site.  Would it be possible to give consideration to the fact that the vast majority of sites on this IP address are not malicious and remove this generic block?  We work diligently to detect and neutralize malicious threats as quickly as they are identified. Our experience has been there is often a significant lag between the time an issue is addressed and when it is removed from databases.  We would be happy to address any malicious activity you detect on the 23.185.0.0/24 network.  Please forward reports of abuse to the Abuse Contact registered here: https://search.arin.net/rdap/?query=23.185.0.0.  

Thank you,

Gary Dylina

Director of Information Security | Pantheon

________________________________________________

Domain: bmisurplus.com
IP Address: 23.185.0.1
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

[TeMerc]

52 minutes ago, garydylina_at_pantheon said:

Hello,

We have received reports of difficulty reaching one of thousands of domains we host on 23.185.0.1.  Information contained in these forums suggests this may result from content on a different customer's site.  Would it be possible to give consideration to the fact that the vast majority of sites on this IP address are not malicious and remove this generic block?  We work diligently to detect and neutralize malicious threats as quickly as they are identified. Our experience has been there is often a significant lag between the time an issue is addressed and when it is removed from databases.  We would be happy to address any malicious activity you detect on the 23.185.0.0/24 network.  Please forward reports of abuse to the Abuse Contact registered here: https://search.arin.net/rdap/?query=23.185.0.0.  

Thank you,

Gary Dylina

Director of Information Security | Pantheon

________________________________________________

Domain: bmisurplus.com
IP Address: 23.185.0.1
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

Hello-

While the path listed below on VT is 404:

VirusTotal

There is abuse as recently as a few days ago on AvuseIPDB:

23.185.0.1 | Pantheon | AbuseIPDB

[garydylina_at_pantheon]

45 minutes ago, TeMerc said:

Hello-

While the path listed below on VT is 404:

VirusTotal

There is abuse as recently as a few days ago on AvuseIPDB:

23.185.0.1 | Pantheon | AbuseIPDB

We run over a hundred thousand websites.  More than 10,000 of them use this IP address.  The vast majority of these sites are not malicious. The data you have supports our contention that we are promptly addressing abuse. The excerpt below is from this INFO for this forum.  Our platform is neither dedicated to malicious content nor is the proportion of malicious content higher than than non-malicious. We are here on behalf of one of your customers urging you to consider whether maintaining false-positives in your system serves your customers well.

Quote

It is also entirely possible that the site in question, shares it's IP address with other malicious domains. IP's and IP ranges are blocked if they are either dedicated to malicious content, or have a higher proportion of malicious content, than non-malicious. So for example, if 1.2.3.4 contains 1000 sites and over 50% are malicious, then 1.2.3.4 will be blocked (and even then, if we can get the hosting company to take down the malicious sites, then even better as we do not like blocking shared IP's or IP ranges if we don't have to).

 

 

[TeMerc]

1 hour ago, garydylina_at_pantheon said:

We run over a hundred thousand websites.  More than 10,000 of them use this IP address.  The vast majority of these sites are not malicious. The data you have supports our contention that we are promptly addressing abuse. The excerpt below is from this INFO for this forum.  Our platform is neither dedicated to malicious content nor is the proportion of malicious content higher than than non-malicious. We are here on behalf of one of your customers urging you to consider whether maintaining false-positives in your system serves your customers well.

 

Hi-

We'll take another look to review and get back to you some time tomorrow, thanks for your patience

[TeMerc]

19 hours ago, garydylina_at_pantheon said:

We run over a hundred thousand websites.  More than 10,000 of them use this IP address.  The vast majority of these sites are not malicious. The data you have supports our contention that we are promptly addressing abuse. The excerpt below is from this INFO for this forum.  Our platform is neither dedicated to malicious content nor is the proportion of malicious content higher than than non-malicious. We are here on behalf of one of your customers urging you to consider whether maintaining false-positives in your system serves your customers well.

 

Thanks for your patience, we've removed the block your domain. This will be reflected in the next update in a few hours or so.