Advanced Threat Protection triggering on alpha.isp-platform.com?

Question

Devices in use: sg105, sg135, sg430 
 Firmware v9.505-4 
 Late yesterday all my UTMs started sending notification of attempts to contact a known malware C&C server. The advanced threat protection alert describes the attempted domain name as alpha.isp-platform.com. That DNS name translates to IP 192.81.134.54. Can anyone else corroborate this? I can not find any indication via web search that this is a malicious server. Is this a legitimate problem or a false positive by Sophos? 
 Thanks, 
 D

jak · Accepted Answer

I get the same alerts in my Advanced Threat Protection log when attempting to access the site/just performing a DNS lookup for it. isp-platform.com drop 21:31:35 DNS C2/Generic-A 192.168.0.41 &rarr; alpha.isp-platform.com drop 21:32:06 DNS C2/Generic-A 192.168.0.41 &rarr; alpha.isp-platform.com drop 21:32:09 DNS C2/Generic-A 192.168.0.41 &rarr; alpha.isp-platform.com drop 21:32:09 DNS C2/Generic-A 192.168.0.41 &rarr; alpha.isp-platform.com drop 21:32:09 DNS C2/Generic-A 192.168.0.41 &rarr; alpha.isp-platform.com drop 21:32:09 DNS C2/Generic-A 192.168.0.41 &rarr; alpha.isp-platform.com drop 21:32:14 DNS C2/Generic-A 192.168.0.41 &rarr; I assume it is or has been dodgy in the past. From the Support page: https://secure2.sophos.com/en-us/support/contact-support.aspx 
 Submit a sample -> Web address and then enter the details. The Labs can then provide more details. 
 Regards, 
 Jak