My domain www.shifteco.ae has some malware.
When my customer try to reach it through work network, our site is blocked. When investigated I discovered that our site resolves to 23.227.38.65 and this IP is flagged as potential malware.
This IP is listed in the REvil IOC blocked IPs list. Kindly help removing this from our list.
Unfortunately, this is one of the very few downsides to using cloud-hosted services, all Shopify sites share the same pool of IP addresses for Shopify servers. If another Shopify website has genuinely been hacked (for example uploading malicious code to the theme files), the IP of that website can get blocked by spam filtering services which could then affect yours and many other Shopify websites.
This is really something Shopify can only address by either removing that blacklisted IP address out of the IP pool used by their edge servers or getting their Ip ranges whitelisted by these filtering companies.
So how do I approach Shopify with this?
I would contact Shopify and give them as much information as possible.
Thanks! I am unable to reach shopify support. I emailed support@shopify.com , not accepted and cant even reach them through my a/c. Not sure why.
Hi @shifteco
Thank you for reaching out about this. Could you share a screenshot of the error message you are seeing when trying to access the store on this network?
You mentioned this is a “work” network, is this network managed by an IT department? If yes, then the IP address may be manually blocked and I would contact your IT department for help with that.
If the issue is with the internet network provider themselves then our technical support may be able to assist with that and I would encourage reaching out to our live support for the next steps.
I did check the domain using Google’s safe browsing assessment and came back with no issues. Also, the IP address you shared is the IP used by all merchants who have a third party domain connected to their store (hundreds of thousands, if not millions).
You mentioned some issues contacting our live support about this, and I also want to help you with that. To contact our support team you will need to go through the Help Center, sign into your merchant account, and then follow the onscreen prompts to choose a topic and access live support. If you are having any issues with that, please share a screenshot of the last step you are able to get to and I will help you from there.
You can also reply back to your most recent billing email to contact our support through email at any time.
Hi Shay,
This email came from a customer who was going through our site from his place as work. Since he works in the IT space he looked into it in more detail.
Please recheck.
I tried accessing your site from my work network but your site was blocked.
When I investigated I discovered that your site resolves to 23.227.38.65 and this IP is flagged as potential malware.This IP is listed in the REvil IOC blocked IPs list -
Hi Shay,
Here are the details mentioned.
https://www.apivoid.com/tools/ip-reputation-check/
Search for your IP 23.227.38.65 and show them it’s blacklisted 4 times.
You can also tell them that your IP was added to the REvil IOC (indicator of compromise) list which was shared by a major security vendor in the UAE to all their clients with the instruction to block the listed IPs at their network perimeter (this is why I can’t see your site when I’m at work)
https://circleid.com/posts/20220202-revil-ransomware-what-can-we-learn-from-published-iocs-in-2022
To be fair, I have just scanned my office static IP with that tool and it has been found on one list 
Thank you for that additional info and the links to check out.
I can see that the Shopify IP address has been placed on these high risk lists, but this is not something we can control on our end. The IP address being used is the same for all Shopify stores using a third party domain and if a network administrator chooses to block access to that IP, we have no way to change that.
Since these sites are independent we can’t control their decisions on what IP addresses are good or bad. Most likely there was a store that has since been removed that was malicious in nature, which caused the initial flag.