Jump to content

IP Reputation Attack & Possible Malicious Website


Go to solution Solved by thisisu,

Recommended Posts

So I have to separate issues

1st Issue:

  I recently got a notification from the Xfinity App about a "IP reputation attack" and that it blocked a IP address from the United Kingdom. What is a IP reputation Attack and should I be worried and is the IP really Malicious?

 

2nd Issue: (Not related to 1st issue)

    When I went to lookup this IP address on the site "whatismyipaddress", I went on my phone and I accidently misspelled the domain and I got redirected to a different site and I noticed there was a popup (most likely malicious) and then I got redirected to another different site but I couldn't view the contents of both sites as I had screen time restrictions on my phone. When I scanned the sites on Virustotal the first site was deemed malicious by "Heimdal security" and one user commented stating that the site loads an exploit kit or if not then just redirects to a pornography site which I feel like was the case. The 2nd site I scanned was marked clean. And just note that these sites were opened on my Iphone. Should I be worried?, are other devices in my network at risk? How Should I act?

 

Should I also leave the IP address and the websites for my response?

Thank you.

 

 - Mayoud

Link to post
Share on other sites

Hi @Mahmoud054

16 hours ago, Mahmoud054 said:

1st Issue:

  I recently got a notification from the Xfinity App about a "IP reputation attack" and that it blocked a IP address from the United Kingdom. What is a IP reputation Attack and should I be worried and is the IP really Malicious?

 

I would contact Xfinity about this issue.

16 hours ago, Mahmoud054 said:

2nd Issue: (Not related to 1st issue)

    When I went to lookup this IP address on the site "whatismyipaddress", I went on my phone and I accidently misspelled the domain and I got redirected to a different site and I noticed there was a popup (most likely malicious) and then I got redirected to another different site but I couldn't view the contents of both sites as I had screen time restrictions on my phone. When I scanned the sites on Virustotal the first site was deemed malicious by "Heimdal security" and one user commented stating that the site loads an exploit kit or if not then just redirects to a pornography site which I feel like was the case. The 2nd site I scanned was marked clean. And just note that these sites were opened on my Iphone. Should I be worried?, are other devices in my network at risk? How Should I act?

I wouldn't worry too much about this.  Looks like they got what they wanted by redirecting you in a pay-per-click scheme.  No other action required.

 

Link to post
Share on other sites

Very well then. Thank for your help! 
 

But for the 2nd Issue, would you like me to send the links for these 2 websites just for further analysis? 
 

Here is a VT Analysis for the 1st site I scanned:  https://www.virustotal.com/gui/domain/oopatet.com


 2nd Site (Redirected Site) VT analysis: 

 https://www.virustotal.com/gui/domain/macso-supp-action.com/summary


The only Thing I am just rather considered about however is the “exploit kit” from the 1st site.
 

 one user on Virustotal stated that,

“Fingerprints. If oke loads exploitkit (swf and this oldie

https://www.kb.cert.org/vuls/id/585137/)

otherwise redirect to porn site.” 
 

And gave the site a -45 score

Edited by AdvancedSetup
Disabled hyperlink
  • Thanks 1
Link to post
Share on other sites

I also forgot to add, For the 1st site when I opened it up on my phone, I couldn’t view the entire contents as I had screen time restrictions but for a split second I did notice a pop up, 

 

 I couldn’t read the entire message but I believe it was one of those, “your computer has a virus” pop up and from there I was redirected to site #2 (Which I did not bother checking the contents off)

Link to post
Share on other sites

Hi @Mahmoud054,

I get what you're saying.  However, even if there was an “exploitkit”, it would be targeted at a different operating system, like Windows, and not able to run on iOS.  Apple's locked down systems is both a plus and a minus depending on what the circumstances are.  In this case, a plus since it's hard to infect an iOS device.

 

Edited by AdvancedSetup
Corrected font issue
  • Thanks 1
Link to post
Share on other sites

Hello @mbam_mtbr

Very well then, and once again many thanks! 

Just For the sake of Windows users, should I Submit these 2 websites to someone in PC Malware Forums to analyze? 
 

While these sites may not be malicious, they seem sketchy, Perhaps an Adware, scareware, or some sort of pay per click scheme as you mentioned earlier. I did have a URL scanner look into these sites. 
 

But regardless, Thank you for your assistance and I wish you a wonderful day! 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.