[GH-ISSUE #2128] Brightcloud IP Reputation Violations #1528

New issue

Closed

opened 2026-02-26 07:31:26 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 07:31:26 +03:00

Owner

Originally created by @mrjlturner on GitHub (Jun 23, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2128

Discussed in https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/2127

^{Originally posted by mrjlturner June 22, 2022}
Gang,

Can anyone else confirm the hidden interface for npm on /aaa9? My installation had this, and was constantly being found by Brightcloud as a risk. Here's the verbiage:
"Our scanners detected proxy activities from this IP address. These threats have been detected by our own sensors. Because of this, we are not able to provide the destination IP addresses or additional details about the detection. However, I can provide a sample of some URLs hosted the IP address which may have contributed to the listing: /aaa9"

This was happening every few weeks. So, I ran a test today, and sure enough when I put that directory in, I was redirected to the administrative console interface. No bueno! So, I've added a "dead link" location for that URI and now it's closed. How disturbing though!

If anyone else can confirm, I'd appreciate it! I've confirmed this on two of my installs.

Thanks,
mrjlturner

Originally created by @mrjlturner on GitHub (Jun 23, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2128 ### Discussed in https://github.com/NginxProxyManager/nginx-proxy-manager/discussions/2127 <div type='discussions-op-text'> <sup>Originally posted by **mrjlturner** June 22, 2022</sup> Gang, Can anyone else confirm the hidden interface for npm on /aaa9? My installation had this, and was constantly being found by Brightcloud as a risk. Here's the verbiage: "Our scanners detected proxy activities from this IP address. These threats have been detected by our own sensors. Because of this, we are not able to provide the destination IP addresses or additional details about the detection. However, I can provide a sample of some URLs hosted the IP address which may have contributed to the listing: <DNS Hostname Removed>/aaa9" This was happening every few weeks. So, I ran a test today, and sure enough when I put that directory in, I was redirected to the administrative console interface. No bueno! So, I've added a "dead link" location for that URI and now it's closed. How disturbing though! If anyone else can confirm, I'd appreciate it! I've confirmed this on two of my installs. Thanks, mrjlturner</div>

kerem closed this issue

2026-02-26 07:31:26 +03:00

kerem commented

2026-02-26 07:31:26 +03:00

Author

Owner

@jc21 commented on GitHub (Jun 23, 2022):

Please refer to the discussion and avoid duplicating issues.

@jc21 commented on GitHub (Jun 23, 2022): Please refer to the discussion and avoid duplicating issues.

kerem referenced this issue

2026-02-26 08:30:42 +03:00

[PR #1528] [MERGED] v2.9.11 #3450

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1528

No description provided.

Rows
Columns