https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221705#M2956 <P>Hi everyone,</P> <P>&nbsp;</P> <P data-unlink="true">I have server (for last 6 months) with ip&nbsp;5.182.39.34 (for internal purposes, no public services at all) partially used as proxy for accessing services with region restrictions, but some of them warns me that my reputation on virustotal is bad (or just denies usage at all), so had to start investigation.</P> <P>&nbsp;</P> <P>for now I have this situation</P> <P><A href="https://www.virustotal.com/gui/ip-address/5.182.39.34" target="_blank">https://www.virustotal.com/gui/ip-address/5.182.39.34</A></P> <P>&nbsp;</P> <P><SPAN><SPAN class="engine hstack"><SPAN class="engine-name" data-tooltip-text="May differ from commercial off-the-shelf product. The company decides the particular settings with which the engine should run in our platform.">SOCRadar</SPAN></SPAN></SPAN> - tried all provided tools at <A href="https://socradar.io" target="_blank">https://socradar.io</A> - looks like this ip is clean and there should not be any issues, but virustotal thinks that ip is flagged by this provider</P> <P>&nbsp;</P> <P><SPAN><SPAN class="engine hstack"><SPAN class="engine-name" data-tooltip-text="May differ from commercial off-the-shelf product. The company decides the particular settings with which the engine should run in our platform.">CyRadar</SPAN></SPAN></SPAN> - is not providing any tools for investigation, contacted them via website contact form without any luck, don't have any facebook account to use "report a false positive" button on cyradar.com =(</P> <P>&nbsp;</P> <P>Can someone from virustotal help me with this?</P> <P>Thanks.</P> <P>&nbsp;</P> Sun, 23 Feb 2025 12:04:51 GMT roma 2025-02-23T12:04:51Z https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221705#M2956 <P>Hi everyone,</P> <P>&nbsp;</P> <P data-unlink="true">I have server (for last 6 months) with ip&nbsp;5.182.39.34 (for internal purposes, no public services at all) partially used as proxy for accessing services with region restrictions, but some of them warns me that my reputation on virustotal is bad (or just denies usage at all), so had to start investigation.</P> <P>&nbsp;</P> <P>for now I have this situation</P> <P><A href="https://www.virustotal.com/gui/ip-address/5.182.39.34" target="_blank">https://www.virustotal.com/gui/ip-address/5.182.39.34</A></P> <P>&nbsp;</P> <P><SPAN><SPAN class="engine hstack"><SPAN class="engine-name" data-tooltip-text="May differ from commercial off-the-shelf product. The company decides the particular settings with which the engine should run in our platform.">SOCRadar</SPAN></SPAN></SPAN> - tried all provided tools at <A href="https://socradar.io" target="_blank">https://socradar.io</A> - looks like this ip is clean and there should not be any issues, but virustotal thinks that ip is flagged by this provider</P> <P>&nbsp;</P> <P><SPAN><SPAN class="engine hstack"><SPAN class="engine-name" data-tooltip-text="May differ from commercial off-the-shelf product. The company decides the particular settings with which the engine should run in our platform.">CyRadar</SPAN></SPAN></SPAN> - is not providing any tools for investigation, contacted them via website contact form without any luck, don't have any facebook account to use "report a false positive" button on cyradar.com =(</P> <P>&nbsp;</P> <P>Can someone from virustotal help me with this?</P> <P>Thanks.</P> <P>&nbsp;</P> Sun, 23 Feb 2025 12:04:51 GMT https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221705#M2956 roma 2025-02-23T12:04:51Z https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221756#M2957 <P>writed letter directly to socradar, looks like they tuned something and now I'm not flagged at virustotal, thanks everyone here)</P> Mon, 24 Feb 2025 12:26:54 GMT https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221756#M2957 roma 2025-02-24T12:26:54Z https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221760#M2958 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/915812055">@roma</a>&nbsp;,</P> <P>&nbsp;</P> <P>Thanks for the heads up !</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Mon, 24 Feb 2025 13:26:48 GMT https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1221760#M2958 kiwi 2025-02-24T13:26:48Z https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1222025#M2963 <P>Have another question regarding about "relations" -&gt; Communicating Files</P> <P>There are some malicious software on virustotal on relations tab that "communicates" with my ip. I can't believe that this files speaking directly to ip address without any outdated domain name resolution.</P> <P>Is it possible to clean this records? Rescanning ony of that file is not helping at all =(</P> Wed, 26 Feb 2025 12:42:40 GMT https://live.paloaltonetworks.com/t5/virustotal/trying-to-understand-what-is-wrong-with-my-servers-ip-5-182-39/m-p/1222025#M2963 roma 2025-02-26T12:42:40Z