Jump to content

IP Address 23.185.0.1 - “Website blocked due to Trojan”


Recommended Posts

Hello,

We have received reports of difficulty reaching one of thousands of domains we host on 23.185.0.1.  Information contained in these forums suggests this may result from content on a different customer's site.  Would it be possible to give consideration to the fact that the vast majority of sites on this IP address are not malicious and remove this generic block?  We work diligently to detect and neutralize malicious threats as quickly as they are identified. Our experience has been there is often a significant lag between the time an issue is addressed and when it is removed from databases.  We would be happy to address any malicious activity you detect on the 23.185.0.0/24 network.  Please forward reports of abuse to the Abuse Contact registered here: https://search.arin.net/rdap/?query=23.185.0.0.  

Thank you,

Gary Dylina

Director of Information Security | Pantheon

________________________________________________

Domain: bmisurplus.com
IP Address: 23.185.0.1
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

malwarebytes-screenshot.png

Link to post
Share on other sites
  • Staff
52 minutes ago, garydylina_at_pantheon said:

Hello,

We have received reports of difficulty reaching one of thousands of domains we host on 23.185.0.1.  Information contained in these forums suggests this may result from content on a different customer's site.  Would it be possible to give consideration to the fact that the vast majority of sites on this IP address are not malicious and remove this generic block?  We work diligently to detect and neutralize malicious threats as quickly as they are identified. Our experience has been there is often a significant lag between the time an issue is addressed and when it is removed from databases.  We would be happy to address any malicious activity you detect on the 23.185.0.0/24 network.  Please forward reports of abuse to the Abuse Contact registered here: https://search.arin.net/rdap/?query=23.185.0.0.  

Thank you,

Gary Dylina

Director of Information Security | Pantheon

________________________________________________


Domain: bmisurplus.com
IP Address: 23.185.0.1
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

malwarebytes-screenshot.png

Hello-

While the path listed below on VT is 404:

VirusTotal

There is abuse as recently as a few days ago on AvuseIPDB:

23.185.0.1 | Pantheon | AbuseIPDB

Link to post
Share on other sites
45 minutes ago, TeMerc said:

Hello-

While the path listed below on VT is 404:

VirusTotal

There is abuse as recently as a few days ago on AvuseIPDB:

23.185.0.1 | Pantheon | AbuseIPDB

We run over a hundred thousand websites.  More than 10,000 of them use this IP address.  The vast majority of these sites are not malicious. The data you have supports our contention that we are promptly addressing abuse. The excerpt below is from this INFO for this forum.  Our platform is neither dedicated to malicious content nor is the proportion of malicious content higher than than non-malicious. We are here on behalf of one of your customers urging you to consider whether maintaining false-positives in your system serves your customers well.

Quote

It is also entirely possible that the site in question, shares it's IP address with other malicious domains. IP's and IP ranges are blocked if they are either dedicated to malicious content, or have a higher proportion of malicious content, than non-malicious. So for example, if 1.2.3.4 contains 1000 sites and over 50% are malicious, then 1.2.3.4 will be blocked (and even then, if we can get the hosting company to take down the malicious sites, then even better as we do not like blocking shared IP's or IP ranges if we don't have to).

 

 

Link to post
Share on other sites
  • Staff
1 hour ago, garydylina_at_pantheon said:

We run over a hundred thousand websites.  More than 10,000 of them use this IP address.  The vast majority of these sites are not malicious. The data you have supports our contention that we are promptly addressing abuse. The excerpt below is from this INFO for this forum.  Our platform is neither dedicated to malicious content nor is the proportion of malicious content higher than than non-malicious. We are here on behalf of one of your customers urging you to consider whether maintaining false-positives in your system serves your customers well.

 

Hi-

We'll take another look to review and get back to you some time tomorrow, thanks for your patience

Link to post
Share on other sites
  • Staff
19 hours ago, garydylina_at_pantheon said:

We run over a hundred thousand websites.  More than 10,000 of them use this IP address.  The vast majority of these sites are not malicious. The data you have supports our contention that we are promptly addressing abuse. The excerpt below is from this INFO for this forum.  Our platform is neither dedicated to malicious content nor is the proportion of malicious content higher than than non-malicious. We are here on behalf of one of your customers urging you to consider whether maintaining false-positives in your system serves your customers well.

 

Thanks for your patience, we've removed the block your domain. This will be reflected in the next update in a few hours or so.

Link to post
Share on other sites
  • TeMerc locked this topic
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.