topic Thank you for the information in Endpoint Security

Source Fire Black List

delynn — Fri, 21 Feb 2020 05:02:44 GMT

A customer of mine claims that the IP address of 184.168.221.28 (which is associated with the ipadr.co domain) has made it into the Source Fire black list. I'm wondering if anyone here knows how IP addresses are added to this black list and what I might be able to do to get it removed.

We do not have an account with Cisco, so I am unable to open a ticket with, and the customer has been unwilling to cooperate and start a ticket on their side.

Any assistance anyone might be able to provide would be very much appreciated. Thanks.

DeLynn Berry
Director of Engineering

Hello DeLynn,

kwalcott — Wed, 16 Nov 2016 19:20:41 GMT

Hello DeLynn,

Multiple URLs that resolve to this IP address are hosting Malware which is why the IP address has been blacklisted.

You can review this here: https://www.virustotal.com/en/ip-address/184.168.221.28/information/

You can also use www.brightcloud.com or other IP Reputation services to check the IP address.

As long as the IP is associated with Malware it will be blocked by Cisco and other IP blacklists.

Thank you for the information

delynn — Thu, 17 Nov 2016 15:58:48 GMT

Thank you for the information @kwalcott. I really appreciate it!

You are most welcome Delynn.

kwalcott — Thu, 17 Nov 2016 19:09:29 GMT

You are most welcome Delynn.

Thank you for choosing Cisco.