Thread Info
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 925 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

erawppa.com

piddae

High everybody,

since yesterday i receive ATP Events blocking DNS for "erawppa.com". Is this dangerous or harmless? There is a relation to microsoft forms.

192.168.160.148 C2/Generic-A erawppa.com 19 DNS

450 4.1.2 <groupbuyforms-info5@erawppa.com>: Recipient address rejected: Domain not found; from=<> to=<groupbuyforms-info5@erawppa.com>

Any Idea ?

Greetings



This thread was automatically locked due to age.
Parents

  • Hallo,

    Please show a picture of the message you received about the block.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • in reply to BAlfson

    High BAlfson,

    here it is

    Advanced Threat Protection

     

    A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company.

     

    Details about the alert:

     

    Threat name....: C2/Generic-A

    Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx

    Time...........: 2021-06-11 03:58:54

    Traffic blocked: yes

     

    Source IP address or host: 192.168.160.148

    The Problem does not longer exist. First i thought okay a PC was highjacked. But after a while we received spam and suspicous mails. An Email-Account has been hacked.

    Without the Sophos we wouldn`t have recognized this in this early state. I have identified the account and it was closed. The mailqueues are now  empty.

    Greetings Peter

Reply
  • in reply to BAlfson

    High BAlfson,

    here it is

    Advanced Threat Protection

     

    A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company.

     

    Details about the alert:

     

    Threat name....: C2/Generic-A

    Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx

    Time...........: 2021-06-11 03:58:54

    Traffic blocked: yes

     

    Source IP address or host: 192.168.160.148

    The Problem does not longer exist. First i thought okay a PC was highjacked. But after a while we received spam and suspicous mails. An Email-Account has been hacked.

    Without the Sophos we wouldn`t have recognized this in this early state. I have identified the account and it was closed. The mailqueues are now  empty.

    Greetings Peter

Children
No Data
Unfiltered HTML