ATP from Localhost

I would say some internal host used the XG as name resolver and the response the XG got contained this IP 87.106.18.136

https://www.abuseipdb.com/check/87.106.18.136

check the firewall logs for DNS towards internal XG IP or do a tcp dump on udp 53.

surely malware related www.virustotal.com/.../relations

I would say some internal host used the XG as name resolver and the response the XG got contained this IP 87.106.18.136

https://www.abuseipdb.com/check/87.106.18.136

check the firewall logs for DNS towards internal XG IP or do a tcp dump on udp 53.

surely malware related www.virustotal.com/.../relations