This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP C2/Generic-A Cloudflare 188.114.97.3 ?

Timo Bergmann over 1 year ago

Guten Abend,

ist hier etwas dran weshalb Sophos die IP 188.114.97.3 als Malicious einstuft oder wieder ein FalsePositive?

Unser ATP der UTM9 meldet das seit Freitag bei DNS Anfragen ...

This thread was automatically locked due to age.

Top Replies

Karlos over 1 year ago in reply to Mathias Dorn +5 verified

HI all, we can confirm that this is a false positive and are working to publish updates to fix this issue. This is identified under LAB-78247. Thank you for your understanding as we actively work on this…

Parents

0 da bäda over 1 year ago

Bei uns das selbe

unser DNS melde erzeugt bei anfragen an den/die Google-DNS ebenfalls eine Threat Protection

2022:12:12-00:15:26 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-00:15:28 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:13 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:15 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"

Reply

0 da bäda over 1 year ago

Bei uns das selbe

unser DNS melde erzeugt bei anfragen an den/die Google-DNS ebenfalls eine Threat Protection

2022:12:12-00:15:26 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-00:15:28 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:13 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:15 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"

Children

No Data