Detection of iPhone Infection

[User2896]

Hi All,

Brand new to this forum, so forgive me if this is the wrong place to post this98. In the report I get from AIProtection Two-Way IPS feature on Asus RT-AX88U it's telling me that my iPhone with IP 192.168.1.148 has an infection. Is this necessarily correct or are there false positives?

Look at first 9 lines of the attached excerpt from this IntrusionSystemPrevention report.

Many thanks for your thoughts on this.

 

[ColinTaylor]

There should be a column on the right that says what it thinks the specific problem is. Do you not have that column?

As far as I can see those three IP addresses are just CDN addresses. None of them have been flagged at www.abuseipdb.com

 

[User2896]

There should be a column on the right that says what it thinks the specific problem is. Do you not have that column?

As far as I can see those three IP addresses are just CDN addresses. None of them have been flagged at www.abuseipdb.com

Sorry, that column is on the second page of PDF. It says WEB Cross-site scripting - 36 in each of 9 rows.

 

[ColinTaylor]

Sorry, that column is on the second page of PDF

Doh!

It says WEB Cross-site scripting - 36 in each of 9 rows.

My guess is that it's a false positive. But I couldn't say 100%. Can you correlate the time to something you were doing on the phone?

 

[drinkingbird]

Sorry, that column is on the second page of PDF. It says WEB Cross-site scripting - 36 in each of 9 rows.

I see similar warnings when guests' phones connect. Usually some game they downloaded, even apple is not immune to crappy apps. Sometimes just bad coding, sometimes it is actually malware.

 

[User2896]

Doh!


My guess is that it's a false positive. But I couldn't say 100%. Can you correlate the time to something you were doing on the phone?

Not really a good way to do that since it's looking back so far. I will keep an eye on it and see if it happens again.

Many thanks for response.

 

[ColinTaylor]

I did find another post here asking about the exact same error message that was also from an iPhone. There's another report here from an unspecified Android phone.

 

[User2896]

I did find another post here asking about the exact same error message that was also from an iPhone. There's another report here from an unspecified Android phone.

Thanks Colin. Looks like I am going to have to monitor this and see whether it is an ongoing problem or an isolated issue.

 

[Morris]

Sorry, that column is on the second page of PDF. It says WEB Cross-site scripting - 36 in each of 9 rows.

Cross site scripting dose not necessary indicate infection. It dose indicate that the host was used to do things that the site forced it to do.

 

[User2896]

Thanks Morris. Just trying to figure out if I should be resetting iPhone to factory settings to get rid of possible malware.

I appreciate your weighing in on this.