I have content filtering enabled for my organization and see malicious entries coming from and going to: webpinp.com.
Running reverse DNS lookups and using WhoIs I can see that webpinp.com is a client of Danesconames.com and wanted to make you aware of this site.
We use an Untangle NG u150 firewall.
IP Addresses reported in content filtering malicious warning email notifications: 18.104.22.168 and 22.214.171.124
Further reports from MYIP.MS elude that CloudFlare is the hoster of this potentially malicious (or mislabeled by ICANN) site:
- https://www. Myip .ms/info/whois/126.96.36.199/k/1225551316/website/webpinp .com
- https:// hypestat .com/info/webpinp .com
I cannot simply recategorize this site and do not wish too until I know it has been validated as not malicious. The site itself does resolve from any browser that I have tried.
I have tried reaching it from home so I am not on the network that I have content filtering enabled on (I have SentinelOne NextGen AV on all devices and bitdefender pro on my mobile devices for protection, everything is also backed up incrementally with taper detection via Acronis Cloud Backups.)
Please let me know what further information is needed from me.
Report from Untangle for this site: webpinp.com is below, I have placed X’s where my IP would be visible for security and can only share 2 links in my post as my account is new here:
Event Time: 2020-10-20 14:52:35.222.
Web Filter blocked http :// webpinp.com / (Malware Sites)
app name = web_filter
blocked = true
category = Malware Sites
category id = 56
flagged = true
reason = BLOCK_CATEGORY
request line = GET http: // webpinp .com /
rule id = 56
bypassed = false
c client addr = 192.168.x.x
c client port = 60523
c server addr = 188.8.131.52
c server port = 443
client country = XL
client intf = 2
entitled = true
hostname = android-499f05a9767aa486
local addr = 192.168.x.x
policy id = 1
policy rule id = 0
protocol = 6
protocol name = TCP
remote addr = 184.108.40.206
s client addr = x.x.x.x
s client port = 21310
s server addr = 220.127.116.11
s server port = 443
server country = US
server intf = 1
server latitude = 37.751
server longitude = -97.822
session id = 104997771387438
tags string =
time stamp = 2020-10-20 14:52:35.134
time stamp = 2020-10-20 14:52:35.222
IT Systems Administrator l Rolling Plains Construction