My URL filter on my PA2050 is blocking https://188.8.131.52/mrclean as malware-sites. This is Symantec SEP talking to the Symantec cloud. A discussion of the URIs used by Symantec is located here: Clients connecting to an IP. | Symantec Connect Community This specific IP is one of these URIs.
I've checked with Brightcloud, and they have the category as "Symantec". I am running the most current dynamic updates. The URL filter updated last night to 4112.
Where is this malware-sites coming from?
I'm not sure where you're seeing the category "Symantec" with BrightCloud. I just did a category lookup on the BrightCloud website and it comes up as malware:
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!