Bad reputation IP address tied to Xstore, pulling data from PC

This topic has 6 replies, 2 voices, and was last updated 1 months ago ago by Andrew Mitchell

  • Avatar: Bas_Kling
    Bas Kling
    Participant
    August 8, 2024 at 07:51

    84.17.46.49 and 84.17.46.53 are both IP addresses that seem to facilitate a downloader, trying to collect data from our network/PCs.

    Our threat analysis software indicates: “The connection from [SYSTEM-XYZ to 84.17.46[.]49 has been blocked for security reasons(Malicious).”

    Funny thing is, after manually blocking these particular IPs in our firewall, the website https://xstore.8theme.com/ becomes unreachable. When deactivating the block, your website pops up again, looking normal.
    For some reason, your contents are linked to these IP addresses.
    Are you using CDN from Datacamp? (https://ipinfo.io/AS60068/84.17.46.0/23)

    5 Answers
    Avatar: Andrew Mitchell
    Andrew Mitchell
    Support staff
    August 8, 2024 at 16:56

    Hello, Bas Kling,

    Thank you for providing the information. We will verify the connection with the addresses mentioned.

    Best Regards,
    8Theme’s Team

    Avatar: Bas_Kling
    Bas Kling
    Participant
    August 12, 2024 at 23:53

    Any news?

    Avatar: Andrew Mitchell
    Andrew Mitchell
    Support staff
    August 13, 2024 at 16:06

    Hello, Bas Kling,

    I hope this message finds you well.

    We would like to inform you that we currently have no requests concerning these resources. It is possible that there may be a browser extension installed on your end that is generating them.

    Should you require any further assistance or have any questions, please do not hesitate to contact us.

    Best Regards,

    8Theme’s Team

    Avatar: Bas_Kling
    Bas Kling
    Participant
    August 13, 2024 at 19:04

    You tell me then, how blocking this particular IP address is messing up the Xstore website, and that website ONLY.
    It seems to originate from your end. I can think of no browser extension that would cause this particular issue.
    Even more, all of our devices, protected under the same threat analysis software in our network, show the same issue with your website when blocking 84.17.46.49 so it’s DEFINATELY not a browser extension issue.

    Avatar: Andrew Mitchell
    Andrew Mitchell
    Support staff
    August 14, 2024 at 11:17

    Hello, Bas Kling,

    We hope this message finds you well.

    We have reviewed the access to https://xstore.8theme.com/ after blocking the IP addresses you specified, and confirm that the site is operational from our end.

    Please could you use the DevTools and check the Network tab to see which resources might still be blocked, as everything appears to be functioning correctly despite the blocked IPs.

    Additionally, could you verify which IP address https://xstore.8theme.com/ resolves to on your system?

    Thank you for your cooperation.

    Best Regards,
    The 8Theme Team

  • Viewing 6 results - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.Log in/Sign up

8theme customization service
We're using our own and third-party cookies to improve your experience and our website. Keep on browsing to accept our cookie policy.