Nodejs.org: Nodejs.org ip address flagged by Cisco for serving up malware

Created on 16 Oct 2020  路  12Comments  路  Source: nodejs/nodejs.org

Currently the node JS website is served by 2 cloudflare IP addresses, these being

  • 104.20.22.46
  • 104.20.23.46

Cisco have currently flagged the 104.20.22.46 address as serving up malware and therefore the ip addresses has been added to global block lists. you can find more information here https://talosintelligence.com/reputation_center/lookup?search=104.20.22.46

In our organisation we use Azure DevOps which has a CI/CD task to install node from https://nodejs.org/dist/. A lot of these requests fail as the companies Cisco firewalls blocks all of the requests. As you ip provider is cloudflare i assume you would need to speak with them but this is cuaisng multiple issues

Most helpful comment

https://talosintelligence.com/reputation_center/lookup?search=104.20.22.46 says "Questionable | Neutral" now -- should be fine.

All 12 comments

Not sure if there is anything to do here, but I had to chuckle at hitting the Talos page and seeing that is also running on CloudFlare

We are seeing the same issue. Who can resolve? :)

Since the only way to "dispute" a rating requires a login via a Cisco account, I think it needs to be someone that is using their services.

I don't think it's really for us to dispute as we don't own the IP. I believe a Cisco login is free to create in order to create a dispute or this should be something you can contact cloudflare about as they are providing an IP to you that has been blacklisted for whatever reason

/cc @nodejs/build

I've pinged some internal GitHub folks to get a message to the Azure team to make sure they are aware of this issue.

I'm also going through my network of folks right now to see if I can find a contact at Cisco to escalate this to. Also pinging some folks I know at cloudflare.

Hi -- Head of Trust & Safety at Cloudflare here. I've reached out to folks at Cisco to get additional information about this listing.

UPDATE: spoke with a friend at Talos. They are reviewing now.

TYVM @xxdesmus

Sounds like we've got @xxdesmus investigating at Cloudflare. If we need to do anything else like open a ticket through the Node.js Cloudflare account just let me know and I'll take a look.

I'm seeing that it's flagged as neutral now, instead of malicious.Though looks like this change is still propagating.

https://talosintelligence.com/reputation_center/lookup?search=104.20.22.46 says "Questionable | Neutral" now -- should be fine.

Just checked now and can ping the ip again. great work guys! 馃憤

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Fishrock123 picture Fishrock123  路  4Comments

loriF picture loriF  路  3Comments

JungMinu picture JungMinu  路  8Comments

julianduque picture julianduque  路  4Comments

XhmikosR picture XhmikosR  路  7Comments