@Lilith
I've checked with Liquid Web to see if they see anything on their end about the IPs.
I see neither of those IP's are caught in the firewall. They also do not appear in the apache error log. The only entry in the access log for this domain is:
198.241.162.104 - - [25/Nov/2015:10:22:40 -0600] "POST /checkout/order-placed/ HTTP/1.1" 200 18988 "-" "-"
It looks like the IP address attempted to access both the secure version of your site, and the nonsecure version:
/home/domlogs/gsgelato.com:198.241.162.104 - - [25/Nov/2015:10:22:40 -0600] "POST /checkout/order-placed/ HTTP/1.1" 200 18988 "-" "-"
/home/domlogs/gsgelato.com-ssl_log:198.241.162.104 - - [25/Nov/2015:10:22:40 -0600] "POST /checkout/order-placed/ HTTP/1.1" 200 18988 "-" "-"
Prior to setting the relay response, which was a suggestion of a Auth.net support person on the phone, the test gave a plain text response saying the payment went through. Was this suggestion incorrect? Should I have something else on the relay response page or is a reciept page the way to go instead so payments are processed correctly? Basically, now I'm wondering if it is the change made on my auth.net account instead of on the website itself since that has been the only thing (other than nameservers) that changed.