https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455062#M101533 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonWindsor_0-1640199301289.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38325i5C3F836ECAB840DE/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="JasonWindsor_0-1640199301289.png" alt="JasonWindsor_0-1640199301289.png" /></span></P><P>Can anyone tell me if this is legitimate or if it's a false positive? My Cortex XDR hasn't found any behavioral issues to go along with it either.</P> Wed, 22 Dec 2021 18:55:54 GMT JasonWindsor 2021-12-22T18:55:54Z https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455062#M101533 <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="JasonWindsor_0-1640199301289.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/38325i5C3F836ECAB840DE/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="JasonWindsor_0-1640199301289.png" alt="JasonWindsor_0-1640199301289.png" /></span></P><P>Can anyone tell me if this is legitimate or if it's a false positive? My Cortex XDR hasn't found any behavioral issues to go along with it either.</P> Wed, 22 Dec 2021 18:55:54 GMT https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455062#M101533 JasonWindsor 2021-12-22T18:55:54Z https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455093#M101536 <P>Hello,</P> <P>Here are a few sites I use to determine what is and what is not safe.</P> <P>&nbsp;</P> <P>virustotal.com</P> <P>urlscan.io</P> <P><A href="https://dnsdumpster.com/" target="_blank">https://dnsdumpster.com/</A></P> <P>Regards,</P> <P>&nbsp;</P> Wed, 22 Dec 2021 19:13:35 GMT https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455093#M101536 OtakarKlier 2021-12-22T19:13:35Z https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455738#M101611 <P>We have regularly seen this DNS alert as well, on random public Wifi users, though the threat ID seems to have been removed in the last couple weeks. omnatuor.com seems to be associated with adware, using the browser notification subscribe action to push popup ads via the browser. I would remove the subscriptions if found on your PCs as undesirable and a nuisance, but it doesn't seem to be actively hostile.</P> Tue, 28 Dec 2021 18:11:45 GMT https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-omnatour-com/m-p/455738#M101611 Adrian_Jensen 2021-12-28T18:11:45Z