Ban Appeal (Maybe?)
- HindD
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 7
- Thank you received: 1
6 years 1 month ago #16717
by HindD
Replied by HindD on topic Ban Appeal (Maybe?)
Thank you for understanding! I appreciate that!
If it's going to be anything, it's going to be the fact that my ISP uses a gateway to login, so that one can actually connect to the internet as opposed to taking advantage of a free ethernet connection. However, that 'gateway' is entirely internal and more or less resembles a VPN as opposed to actually being one.
If it's going to be anything, it's going to be the fact that my ISP uses a gateway to login, so that one can actually connect to the internet as opposed to taking advantage of a free ethernet connection. However, that 'gateway' is entirely internal and more or less resembles a VPN as opposed to actually being one.
- =HOG=Haley11thACR
-
- Offline
- Administrator
-
Less
More
- Posts: 3118
- Thank you received: 496
6 years 1 month ago - 6 years 1 month ago #16718
by =HOG=Haley11thACR
Replied by =HOG=Haley11thACR on topic Ban Appeal (Maybe?)
The vpn detector kicked u because of malware on your PC. We added u to the whitelist so u can join...but we recommend to get rid of the malware.
More details: www.abuseat.org/lookup.cgi?ip=5.151.28.96
This IP address was detected and listed 3 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Sun Feb 25 14:45:00 2018 UTC +/- 5 minutes
This IP address is infected with, or is NATting for a machine infected with a botnet, usually associated with the Avalanche malware network. This infection will probably be of the Dofoil or Gamarue malware (or one of the other Anti-Virus vendor aliases, such as: Andromeda, Smoke Loader, Win3/Dofoil, W32/Zurgop.BK!tr.dldr, Gamarue and many others
This is one of the most dangerous bot networks ever to be discovered, every node is fully capable of participating in identity theft, keystroke logging, disk erasure, camera capture, or encrypting files and holding them for ransom (for example the recent Wannacry debacle).
More details: www.abuseat.org/lookup.cgi?ip=5.151.28.96
This IP address was detected and listed 3 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Sun Feb 25 14:45:00 2018 UTC +/- 5 minutes
This IP address is infected with, or is NATting for a machine infected with a botnet, usually associated with the Avalanche malware network. This infection will probably be of the Dofoil or Gamarue malware (or one of the other Anti-Virus vendor aliases, such as: Andromeda, Smoke Loader, Win3/Dofoil, W32/Zurgop.BK!tr.dldr, Gamarue and many others
This is one of the most dangerous bot networks ever to be discovered, every node is fully capable of participating in identity theft, keystroke logging, disk erasure, camera capture, or encrypting files and holding them for ransom (for example the recent Wannacry debacle).
Last edit: 6 years 1 month ago by =HOG=Haley11thACR.
- HindD
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 7
- Thank you received: 1
6 years 1 month ago #16719
by HindD
Replied by HindD on topic Ban Appeal (Maybe?)
Understood!
Funnily enough, my IP is always IPv6 so i'm a little confused about all this. I appreciate you making a concession for me and I will look into this situation, it could be an issue on behalf of the ISP as opposed to myself. But thank you for making me aware.
Funnily enough, my IP is always IPv6 so i'm a little confused about all this. I appreciate you making a concession for me and I will look into this situation, it could be an issue on behalf of the ISP as opposed to myself. But thank you for making me aware.
- =HOG=Haley11thACR
-
- Offline
- Administrator
-
Less
More
- Posts: 3118
- Thank you received: 496
6 years 1 month ago #16721
by =HOG=Haley11thACR
Replied by =HOG=Haley11thACR on topic Ban Appeal (Maybe?)
The vpn detector did not flag u for a vpn, we were mistaken. We assumed that since the vpn blocker blocked u it was for a vpn, we did not realize that an IP would be blocked for malware. It flagged u/your IP for the malware. U r the 1st one we have seen this happen to. There is no doubt that your PC is infected.
- HindD
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 7
- Thank you received: 1
6 years 1 month ago - 6 years 1 month ago #16722
by HindD
Replied by HindD on topic Ban Appeal (Maybe?)
Just a quick update.
The IP listed is an external IP and not the IP listed to my particular device.
I have raised this issue with the ISP (CableCom) and they have acknowledged that this IP is distributed to multiple people at one time (because this ISP uses a gateway system, akin to a VPN). After doing diagnostics, there doesn't seem to be any malware on my particular machine but the IP address listed to this company appears to have been used in malware attacks before. The company are looking into this.
If anything, I should thank you for notifying me of this; you've probably saved a company a significant amount of money and helped bolster their security. Thanks for being so indepth with your logging! I appreciate it!
Again, my actual IP is in the 100.x.x.x range; the 5.x.x.x range is just for this company alone and not for actual users.
But anyway, that's besides the point, thanks for letting me know so promptly!
The IP listed is an external IP and not the IP listed to my particular device.
I have raised this issue with the ISP (CableCom) and they have acknowledged that this IP is distributed to multiple people at one time (because this ISP uses a gateway system, akin to a VPN). After doing diagnostics, there doesn't seem to be any malware on my particular machine but the IP address listed to this company appears to have been used in malware attacks before. The company are looking into this.
If anything, I should thank you for notifying me of this; you've probably saved a company a significant amount of money and helped bolster their security. Thanks for being so indepth with your logging! I appreciate it!
Again, my actual IP is in the 100.x.x.x range; the 5.x.x.x range is just for this company alone and not for actual users.
But anyway, that's besides the point, thanks for letting me know so promptly!
Last edit: 6 years 1 month ago by HindD.
The following user(s) said Thank You: =HOG=Haley11thACR
- HindD
- Topic Author
- Offline
- New Member
-
Less
More
- Posts: 7
- Thank you received: 1
6 years 1 month ago - 6 years 1 month ago #16723
by HindD
Replied by HindD on topic Ban Appeal (Maybe?)
Furthermore;
In a way, you were right about me being part of a VPN. It's basically how my ISP works. Because there's multiple people potentially using the same ethernet/wifi port/connection (it's for Universities) there's a login gateway that works almost identically to a VPN.
This gateway uses a bunch of external IP addresses to tunnel data connections to the internet itself. It seems that lots of IPs in this range have been previously found to have malicious traits (as is pretty normal with VPN/Proxy servers). My personal IP has not been listed as problematic as it's not part of this range.
I appreciate that you're only doing your job and your system worked as intended. Because my ISP is pretty peculiar, i'm not surprised that this is your first case. It seems for now, that my actual computer has zero malware attributed to a botnet on it (though thanks for prompting me to double check!). If you need any further information about this so we can prevent these things from happening again, don't be afraid to ask! I appreciate that you whitelisted me though, with or without the malware; I probably would've been autokicked for essentially being part of a VPN that I have to be in. You don't get a choice not to log-in to this gateway unfortunately, you need to log-in to connect to the internet with this ISP.
In a way, you were right about me being part of a VPN. It's basically how my ISP works. Because there's multiple people potentially using the same ethernet/wifi port/connection (it's for Universities) there's a login gateway that works almost identically to a VPN.
This gateway uses a bunch of external IP addresses to tunnel data connections to the internet itself. It seems that lots of IPs in this range have been previously found to have malicious traits (as is pretty normal with VPN/Proxy servers). My personal IP has not been listed as problematic as it's not part of this range.
I appreciate that you're only doing your job and your system worked as intended. Because my ISP is pretty peculiar, i'm not surprised that this is your first case. It seems for now, that my actual computer has zero malware attributed to a botnet on it (though thanks for prompting me to double check!). If you need any further information about this so we can prevent these things from happening again, don't be afraid to ask! I appreciate that you whitelisted me though, with or without the malware; I probably would've been autokicked for essentially being part of a VPN that I have to be in. You don't get a choice not to log-in to this gateway unfortunately, you need to log-in to connect to the internet with this ISP.
Last edit: 6 years 1 month ago by HindD.
Time to create page: 0.151 seconds