Website categorized as malicious by Untangle firewall is hosted on CloudFlare. How can I make CloudFlare aware of this?

Hello,

I have content filtering enabled for my organization and see malicious entries coming from and going to: webpinp.com.
Running reverse DNS lookups and using WhoIs I can see that webpinp.com is a client of Danesconames.com and wanted to make you aware of this site.
We use an Untangle NG u150 firewall.

IP Addresses reported in content filtering malicious warning email notifications: 172.64.102.7 and 172.64.103.7

Further reports from MYIP.MS elude that CloudFlare is the hoster of this potentially malicious (or mislabeled by ICANN) site:

  • https://www. Myip .ms/info/whois/172.64.89.228/k/1225551316/website/webpinp .com
  • https:// hypestat .com/info/webpinp .com

I cannot simply recategorize this site and do not wish too until I know it has been validated as not malicious. The site itself does resolve from any browser that I have tried.
I have tried reaching it from home so I am not on the network that I have content filtering enabled on (I have SentinelOne NextGen AV on all devices and bitdefender pro on my mobile devices for protection, everything is also backed up incrementally with taper detection via Acronis Cloud Backups.)

Please let me know what further information is needed from me.

Report from Untangle for this site: webpinp.com is below, I have placed X’s where my IP would be visible for security and can only share 2 links in my post as my account is new here:


System: Untangle

Event: WebFilterEvent

Event Time: 2020-10-20 14:52:35.222.

Event Summary:
Web Filter blocked http :// webpinp.com / (Malware Sites)

Event Details:
app name = web_filter
blocked = true
category = Malware Sites
category id = 56
flagged = true
reason = BLOCK_CATEGORY
request line = GET http: // webpinp .com /
rule id = 56
session event
bypassed = false
c client addr = 192.168.x.x
c client port = 60523
c server addr = 172.64.205.3
c server port = 443
client country = XL
client intf = 2
entitled = true
hostname = android-499f05a9767aa486
local addr = 192.168.x.x
policy id = 1
policy rule id = 0
protocol = 6
protocol name = TCP
remote addr = 172.64.205.3
s client addr = x.x.x.x
s client port = 21310
s server addr = 172.64.205.3
s server port = 443
server country = US
server intf = 1
server latitude = 37.751
server longitude = -97.822
session id = 104997771387438
tags string =
time stamp = 2020-10-20 14:52:35.134
time stamp = 2020-10-20 14:52:35.222

Sincerely,

Brandon Haller

IT Systems Administrator l Rolling Plains Construction

Complaints cannot be filed via this forum. To submit an abuse report, go to cloudflare.com/abuse. The Trust and Safety team will then review the details and reply if appropriate.

Thank You sdayman for that information. I thought this forum might be appropriate as I am not complaining about CloudFlare or their services. Just noticing activity I feel is odd and am attempting to be enlightened on what it is that is taking place.

I’ll submit this there now, thanks again!

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.