A host was flagged by Advanced Threat Protection for C2/Generic-A a couple days ago and I ran a in-depth ESET NOD32 scan on the 192.168.1.214 host and the scan didn't find anything. The log is showing:
2014:08:11-19:28:56 utm named[4331]: rpz: client 192.168.1.214#50130 (static.getforecastfox.com): view default: rpz IP NXDOMAIN rewrite static.getforecastfox.com via 32.219.40.99.209.rpz-ip.rpz
I'm not sure how to interpret that. ForecastFox is a weather plugin for Firefox. ForecastFox has been on this computer since I installed the Sophos UTM (probably almost a year now) and this is the first time anything has shown up in the ATP logs. What does this log entry mean? Maybe ForecastFox's servers have been hijacked?
Thank you!
This thread was automatically locked due to age.