ATP reports connection to botnet

A Sophos XG with version SFOS 17.5.15 MR-15 reports a daily communication attempt with a botnet or "command-and-control" server. However, the same happens with Sophos XG and the current version 18.

There are connections to blog.alexmaccaw.com, which originate from Windows servers as well as clients. According to entries on the Internet, this site is from a blogger and is classified as "Normal = Green". A dedicated call of this page by users does not occur, it seems to be an issue in the Microsoft operating system or a specific application.

Does the community know anything about this and is it possible to create a suitable whitelist for the blog.alexmaccaw.com website in the ATP?



Added TAG
[edited by: emmosophos at 11:41 PM (GMT -7) on 20 Apr 2021]