Thread Info
  • State Verified Answer
  • +11 person also asked this people also asked this
  • Locked Locked
  • Replies 37 replies
  • Answers 1 answer
  • Subscribers 37 subscribers
  • Views 16375 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP C2/Generic-A Cloudflare 188.114.97.3 ?

Timo Bergmann

Guten Abend,

ist hier etwas dran weshalb Sophos die IP 188.114.97.3 als Malicious einstuft oder wieder ein FalsePositive?

Unser ATP der UTM9 meldet das seit Freitag bei DNS Anfragen ...

 



This thread was automatically locked due to age.

Top Replies

  • in reply to Mathias Dorn +5 verified

    HI all, we can confirm that this is a false positive and are working to publish updates to fix this issue. This is identified under LAB-78247. Thank you for your understanding as we actively work on this issue.

    Jump to answer
Parents
  • 0

    Bei uns das selbe

    unser DNS melde erzeugt bei anfragen an den/die Google-DNS ebenfalls eine Threat Protection

    2022:12:12-00:15:26 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-00:15:28 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:13 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:15 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"

Reply
  • 0

    Bei uns das selbe

    unser DNS melde erzeugt bei anfragen an den/die Google-DNS ebenfalls eine Threat Protection

    2022:12:12-00:15:26 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-00:15:28 fw01 afcd[27143]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:13 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"
2022:12:12-01:30:15 fw01 afcd[6711]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="x.x.x.x" dstip="8.8.4.4" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="188.114.97.3" url="-" action="drop"

Children
No Data