ATP dropping several C2/Generic threats for two of my devices

Hi shred : The destination IP is classified as in Malware/Malicious and due to that ATP is triggering alert and drop on same.

https://www.virustotal.com/gui/url/bebbcfb5ef3c3ecfdc69fc11aa69c5066e76a5071a5f991f9b4ebf3d3f6a03af/detection

On your Ubuntu Laptop, you may start TCPDUMP on this destination and once any packets getting observed you may dig further with netstat command or other Linux system relevant command to see or to confirm which app on system or socket or browser plugin or any script or anything knowingly or unknowingly is generating traffic on this destination server.

Thanks for the info. It only seemed to happen the past two previous days but nothing today. If I'm understanding that website you linked to correctly, only 5/82 scanning engines consider that IP as Malware/Malicious/Suspicious and the rest of them consider it Clean. I'm assuming that this is likely a false positive then?

I'd just find it hard to believe either my iPad or Dell XPS laptop has malware, considering the Dell XPS laptop was just setup about a week ago with Ubuntu and it's hardly been used (almost no web browsing and only some package installs using the official Ubuntu package manager).

Regardless, I'd still like to figure out what it is at some point if it starts happening again.

After doing some more research, it looks like this is the Private Internet Access (PIA) VPN app that's pinging this IP address. You can read about it here on this reddit thread. It appears Malwarebytes was also incorrectly classifying this IP address as malicious but they have since fixed it. Hopefully Sophos provides an update as well.