topic Re: Suspicious DNS Query (generic:contador.hotelarena.top) in General Topics https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-contador-hotelarena-top/m-p/365793#M88601 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163372">@Alisson-Jsl</a> ,</P> <P>&nbsp;</P> <P>I recommend that you enable packet capture on the alert for further analysis.&nbsp; If you suspect a false positive then please collect the PCAP and reach out to support.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 26 Nov 2020 13:43:52 GMT kiwi 2020-11-26T13:43:52Z Suspicious DNS Query (generic:contador.hotelarena.top) https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-contador-hotelarena-top/m-p/364977#M88524 <P>Boa tarde pessoal,&nbsp;</P><P>estou com comportamento estranho em meu Firewall.</P><P>notamos muitas requisições do meu servidor de dns interno para o dns externo com " type spyware "&nbsp;</P><P>Verifiquem o anexo.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Suspicious DNS Query.PNG" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/28776iC3B33971CB388F03/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Suspicious DNS Query.PNG" alt="Suspicious DNS Query.PNG" /></span></P> Mon, 23 Nov 2020 19:48:07 GMT https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-contador-hotelarena-top/m-p/364977#M88524 Alisson-Jsl 2020-11-23T19:48:07Z Re: Suspicious DNS Query (generic:contador.hotelarena.top) https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-contador-hotelarena-top/m-p/365793#M88601 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/163372">@Alisson-Jsl</a> ,</P> <P>&nbsp;</P> <P>I recommend that you enable packet capture on the alert for further analysis.&nbsp; If you suspect a false positive then please collect the PCAP and reach out to support.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Thu, 26 Nov 2020 13:43:52 GMT https://live.paloaltonetworks.com/t5/general-topics/suspicious-dns-query-generic-contador-hotelarena-top/m-p/365793#M88601 kiwi 2020-11-26T13:43:52Z