Jump to content

Recommended Posts

The domain csj-to.ca is currently being blocked by your product.

There was a false positive report of our IP on a public blacklist that resulted in you blocking our IP but after that was resolved and the IP became accessible again the domain remained blocked.  Please unblock.

Thank you.

 

CSJ

Link to post
Share on other sites

Is this what you need?

 

12/17/21    " 16:15:16.795"    177195484    1d70    4054    INFO    MwacLib    NetworkRules::IsBadIpAddress    "networkrules.cpp"    473    "Rule matched! IpAddress=207.164.206.234 NetAddress=207.164.206.234 SubnetMask=255.255.255.255 CategoryName=Compromised ThreatName="
12/17/21    " 16:15:16.797"    177195500    1d70    4054    INFO    CleanControllerImpl    mb::cleanctlrimpl::whitelist::WhiteListManager::LogWhiteListStatus    "whitelistmanager.cpp"    302    "White list status: IpDomain '207.164.206.234 ' E531001530192ADE97E6D10762FE1044  => None:Unknown"
12/17/21    " 16:15:17.051"    177195750    1d70    4054    INFO    MwacLib    NetworkEventHandler::ProcessDnsMessage    "networkeventhandler.cpp"    791    "Detected malicious A record in DNS response: Name=webmail.csj-to.ca Address=207.164.206.234"
 

Link to post
Share on other sites

I see the following blocked.

webmail.csj-to.ca

 

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Mozilla Firefox\firefox.exe, Blocked, -1, -1, 0.0.0, ,

-Website Data-
Category: Compromised
Domain: webmail.csj-to.ca
IP Address: 207.164.206.234
Port: 80
Type: Outbound
File: C:\Program Files\Mozilla Firefox\firefox.exe

 

 

Link to post
Share on other sites

15 hours ago, Zynthesist said:

Ok. That is a sub-domain of the one you originally posted but yeah we are blocking the IP 207.164.206.234 as it is associated with recent port scanning attacks. 

Can you confirm if it's only recently associated (and how long it takes to be removed if this is the case) or currently associated?  As I noted, we had to pull ourselves off a public blacklist after internal checks and they noted it a false positive.  We've been off that list for almost two weeks now with no reoccurrences.

Thanks.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.