since yesterday i receive ATP Events blocking DNS for "erawppa.com". Is this dangerous or harmless? There is a relation to microsoft forms.
450 4.1.2 <firstname.lastname@example.org>: Recipient address rejected: Domain not found; from=<> to=<email@example.com>
Any Idea ?
here it is
Advanced Threat Protection
A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company…
Please show a picture of the message you received about the block.
Cheers - Bob
A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:
Threat name....: C2/Generic-A
Time...........: 2021-06-11 03:58:54
Traffic blocked: yes
Source IP address or host: 192.168.160.148
The Problem does not longer exist. First i thought okay a PC was highjacked. But after a while we received spam and suspicous mails. An Email-Account has been hacked.
Without the Sophos we wouldn`t have recognized this in this early state. I have identified the account and it was closed. The mailqueues are now empty.