https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250717#M6786 <P>Hi&nbsp;Raido&nbsp;</P> <P>&nbsp;</P> <P>The domain vikingindustries.in is an intenal know domain and additionally i will try to setup the dns sinkhole and look into this. Additionally why only these logs are coming ony after the PAN OS upgrade because the domian vikingindustries.in in the internal networks for more than 1 year and the domain is also got categoriezed as malware in the paloalto.</P> <P>&nbsp;</P> <P>Regards</P> <P>Satya Kalyan&nbsp;</P> Mon, 23 Mar 2026 12:35:57 GMT Satyak 2026-03-23T12:35:57Z https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250582#M6779 <P>Hi Friends,</P> <P>&nbsp;</P> <P>I am facing an issue with my PA-440 firewall after the recent update to 11.1.13 i have been encountring an continous threat logs generation for the threat id :&nbsp;765344918 with the threat type as :&nbsp;spyware and the threat id name as :&nbsp;generic:vikingindustries.in and the destinations as : 8.8.8.8 / 4.2.2.2 respectively</P> <P>&nbsp;</P> <P>The service route is configured as use management interface only. so be default all the services in the firewall will use management interface.&nbsp;</P> <P>These threat logs are coming under dns-base category and these are getting generated every minute even though the action is set to drop but i&nbsp; want to understand why these are specifically getting generated from the firewalls management ip is it an exepected behaviour or do i need to make any changes.</P> <P>&nbsp;</P> <P>Looking forward for your suggestions.</P> <P>&nbsp;</P> <P>Regards</P> <P>Satya Kalyan</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 19 Mar 2026 19:43:15 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250582#M6779 Satyak 2026-03-19T19:43:15Z https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250628#M6782 <P>Something in your network is trying to resolve&nbsp;<SPAN>vikingindustries.in to IP.</SPAN></P> <P><SPAN>Are you using DNS Proxy feature in the firewall?</SPAN></P> <P><SPAN>Set up DNS sinkhole and see what internal machines try to access sinkhole IP.&nbsp;</SPAN></P> <P><SPAN>This allows you to identify which internal machine is responsible for connections to&nbsp;vikingindustries.in</SPAN></P> Fri, 20 Mar 2026 13:42:40 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250628#M6782 Raido_Rattameister 2026-03-20T13:42:40Z https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250717#M6786 <P>Hi&nbsp;Raido&nbsp;</P> <P>&nbsp;</P> <P>The domain vikingindustries.in is an intenal know domain and additionally i will try to setup the dns sinkhole and look into this. Additionally why only these logs are coming ony after the PAN OS upgrade because the domian vikingindustries.in in the internal networks for more than 1 year and the domain is also got categoriezed as malware in the paloalto.</P> <P>&nbsp;</P> <P>Regards</P> <P>Satya Kalyan&nbsp;</P> Mon, 23 Mar 2026 12:35:57 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1250717#M6786 Satyak 2026-03-23T12:35:57Z https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1251183#M6805 <P>Maybe your firewall upgrade happened to be around same time when threat id&nbsp;765344918 was created and that is why suddenly started seeing it.</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Raido_Rattameister_0-1774879108605.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/71069iBA52347E20535002/image-size/medium?v=v2&amp;px=400" role="button" title="Raido_Rattameister_0-1774879108605.png" alt="Raido_Rattameister_0-1774879108605.png" /></span></P> <P>&nbsp;</P> <P>If it is internally used domain and you are not responsible for public one, then you can add exception.</P> <P>Objects / Security Profiles / Anti-Spyware / &lt;Anti-Spyware Profile&gt; / DNS Exceptions</P> Mon, 30 Mar 2026 14:02:06 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/continuous-threat-logs-showing-management-server-ip-as-source/m-p/1251183#M6805 Raido_Rattameister 2026-03-30T14:02:06Z