topic Re: Threat Intelligence shows malicious traffic coming from Palo Alto subnets in General Topics https://live.paloaltonetworks.com/t5/general-topics/threat-intelligence-shows-malicious-traffic-coming-from-palo/m-p/555837#M112879 <P>thats a webscanner/crawler subnet employed by&nbsp;palo alto</P> <P>&nbsp;</P> <P>Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: <A href="mailto:scaninfo@paloaltonetworks.com" target="_blank">scaninfo@paloaltonetworks.com</A></P> <P>&nbsp;</P> <P><A href="https://mendelonline.be/ip/" target="_blank">https://mendelonline.be/ip/</A></P> <P>&nbsp;</P> Wed, 30 Aug 2023 11:48:50 GMT reaper 2023-08-30T11:48:50Z Threat Intelligence shows malicious traffic coming from Palo Alto subnets https://live.paloaltonetworks.com/t5/general-topics/threat-intelligence-shows-malicious-traffic-coming-from-palo/m-p/555823#M112874 <P>Hello All,</P> <P>Recently, we started seeing threat events from different Palo Alto IPs (example subnet 198.235.x.x).</P> <P>When we check them in AbuseIPDB, they show up as 100% malicious:</P> <P><A href="https://www.abuseipdb.com/check/198.235.24.146" target="_blank">https://www.abuseipdb.com/check/198.235.24.146</A></P> <P><BR />Microsoft TI also categorizes them as malicious, but not the PA FWs.</P> <P>&nbsp;</P> <P>Does anyone know what these subnets are used for or why they show up as malicious?</P> <P>Attaching one of the logs.</P> <P>&nbsp;</P> <P>Thanks in advance,</P> <P>Pavel</P> Wed, 30 Aug 2023 09:07:00 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-intelligence-shows-malicious-traffic-coming-from-palo/m-p/555823#M112874 Vladimir_S 2023-08-30T09:07:00Z Re: Threat Intelligence shows malicious traffic coming from Palo Alto subnets https://live.paloaltonetworks.com/t5/general-topics/threat-intelligence-shows-malicious-traffic-coming-from-palo/m-p/555837#M112879 <P>thats a webscanner/crawler subnet employed by&nbsp;palo alto</P> <P>&nbsp;</P> <P>Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: <A href="mailto:scaninfo@paloaltonetworks.com" target="_blank">scaninfo@paloaltonetworks.com</A></P> <P>&nbsp;</P> <P><A href="https://mendelonline.be/ip/" target="_blank">https://mendelonline.be/ip/</A></P> <P>&nbsp;</P> Wed, 30 Aug 2023 11:48:50 GMT https://live.paloaltonetworks.com/t5/general-topics/threat-intelligence-shows-malicious-traffic-coming-from-palo/m-p/555837#M112879 reaper 2023-08-30T11:48:50Z