This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Detection flagging Akamai

Hi, on 9.707,

e13678.dspb.akamaiedge.net was flagged by the ATP system tonight:

2021:08:28-19:50:28 fw named[5536]: rpz: client 192.168.1.3#57698 (e13678.dscb.akamaiedge.net): view default: rpz QNAME NXDOMAIN rewrite e13678.dscb.akamaiedge.net via e13678.dscb.akamaiedge.net

Since Akamai is normally considered a trustworthy CDN, I need more information. What is the reason the traffic is suspicious?

Thanks,
Barry

(home user and commercial customer)

This thread was automatically locked due to age.

Top Replies

LHerzog over 2 years ago in reply to Omer Fatehur Rahman +1

same here, lots of alerts here for DNS requests to that host. Sophos please fix or post reason for this ATP block. e13678.dscb.akamaiedge.net Virustotal showing only Sophos blocking the host.

Parents

FaFr over 2 years ago

Same here, 9.707-5

18 ATP alerts since about 07:10 AM (UTC+1), all DNS requests to this specific akamai address.

2021:08:29-07:10:16 XXX named[9265]: rpz: client XXX.XXX.XXX.XXX#52321 (e13678.dscb.akamaiedge.net): view default: rpz QNAME NXDOMAIN rewrite e13678.dscb.akamaiedge.net via e13678.dscb.akamaiedge.net

Cheers
Fab
Cancel
Vote Up 0 Vote Down

Cancel

Reply

FaFr over 2 years ago

Same here, 9.707-5

18 ATP alerts since about 07:10 AM (UTC+1), all DNS requests to this specific akamai address.

2021:08:29-07:10:16 XXX named[9265]: rpz: client XXX.XXX.XXX.XXX#52321 (e13678.dscb.akamaiedge.net): view default: rpz QNAME NXDOMAIN rewrite e13678.dscb.akamaiedge.net via e13678.dscb.akamaiedge.net

Cheers
Fab
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data