Hi,
I have a QNAP NAS device on my network, and over the last couple of months (possibly since the upgrade to UTM 9.2 although I'm not 100% sure of that correlation) I've been getting intermittent C2/Generic-A notifications from the UTM Advanced Threat Protection service with the QNAP as the source IP. The destination IP associated with this warning is 95.211.192.195, which a reverse lookup shows as lw45.ua-hosting.com.ua (apparently a Ukrainian web hosting company).
For now I'm just ignoring these warnings and letting the UTM drop this traffic, but I was curious if anyone else has seen this since QNAP devices are quite popular, and whether there really is something fishy going on here. I'll also ask QNAP support the same question to see if there's a legitimate purpose for accessing this IP.
Thanks!
Martin.
This thread was automatically locked due to age.
