06-13-2022 09:31 AM
This host is flagged as suspicious domain and getting resolved to sinkhole.paloaltonetworks.com. This is a legit host name using for Microsoft certificates. Looking for a way to restore correct resolution.
C:\>nslookup cdp1.public-trust.com
Name: sinkhole.paloaltonetworks.com
Address: 72.5.65.111
Aliases: cdp1.public-trust.com
Thanks
06-15-2022 09:01 PM
I found the stray entry in an External Dynamic List (EDL) feed and was able to exclude entry until list provider was able to correct.
06-13-2022 05:46 PM
Is it possible that all that host traffic is being sinkholed due to quarantine actions?
I checked, indeed that site is categorized as low-risk & computer/internet info, so unless you are explicitly sinkhole-ing low-risk sites, this should not be the case.
Low sev TAC threat case?
06-15-2022 09:01 PM
I found the stray entry in an External Dynamic List (EDL) feed and was able to exclude entry until list provider was able to correct.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
