I am getting log entries in the web report when I filter by users that point to a source of a public IP and destination of a public IP. Not sure how this is happening... below is an example of one of the log entries. So the source is 178.32.144.166 and destination is 208.93.105.173. So its like that IP (178.32.144.166) which is located in france is trying to do a yellow page lookup (208.93.105.173). Furthermore the source IP resolves to Darknetwiki.com. I am part of a botnet? wth is going on here?
Note - My internal network is 192.168.0.0/24
2017:06:04-19:13:50 sophosutm httpproxy[5560]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="178.32.144.166" dstip="208.93.105.173" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="131063" request="0x8aa8400" url="https://www.yellowpages.com/" referer="" error="" authtime="0" dnstime="24578" cattime="133" avscantime="0" fullreqtime="2745288" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36" exceptions="" category="108" reputation="trusted" categoryname="Public Information"
This thread was automatically locked due to age.
