11-16-2016 10:40 AM - edited 02-20-2020 09:02 PM
A customer of mine claims that the IP address of 184.168.221.28 (which is associated with the ipadr.co domain) has made it into the Source Fire black list. I'm wondering if anyone here knows how IP addresses are added to this black list and what I might be able to do to get it removed.
We do not have an account with Cisco, so I am unable to open a ticket with, and the customer has been unwilling to cooperate and start a ticket on their side.
Any assistance anyone might be able to provide would be very much appreciated. Thanks.
DeLynn Berry
Director of Engineering
Solved! Go to Solution.
11-16-2016 11:20 AM
Hello DeLynn,
Multiple URLs that resolve to this IP address are hosting Malware which is why the IP address has been blacklisted.
You can review this here: https://www.virustotal.com/en/ip-address/184.168.221.28/information/
You can also use www.brightcloud.com or other IP Reputation services to check the IP address.
As long as the IP is associated with Malware it will be blocked by Cisco and other IP blacklists.
11-16-2016 11:20 AM
Hello DeLynn,
Multiple URLs that resolve to this IP address are hosting Malware which is why the IP address has been blacklisted.
You can review this here: https://www.virustotal.com/en/ip-address/184.168.221.28/information/
You can also use www.brightcloud.com or other IP Reputation services to check the IP address.
As long as the IP is associated with Malware it will be blocked by Cisco and other IP blacklists.
11-17-2016 07:58 AM
Thank you for the information @kwalcott. I really appreciate it!
11-17-2016 11:09 AM
You are most welcome Delynn.
Thank you for choosing Cisco.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide