This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Continuous Threat Logs Showing Management Server IP as Source

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Continuous Threat Logs Showing Management Server IP as Source

Satyak
L3 Networker

‎03-19-2026 12:43 PM

Hi Friends,

 

I am facing an issue with my PA-440 firewall after the recent update to 11.1.13 i have been encountring an continous threat logs generation for the threat id : 765344918 with the threat type as : spyware and the threat id name as : generic:vikingindustries.in and the destinations as : 8.8.8.8 / 4.2.2.2 respectively

 

The service route is configured as use management interface only. so be default all the services in the firewall will use management interface. 

These threat logs are coming under dns-base category and these are getting generated every minute even though the action is set to drop but i  want to understand why these are specifically getting generated from the firewalls management ip is it an exepected behaviour or do i need to make any changes.

 

Looking forward for your suggestions.

 

Regards

Satya Kalyan

 

 

0 Likes Likes
3 REPLIES 3

Raido_Rattameister
Cyber Elite

‎03-20-2026 06:42 AM

Something in your network is trying to resolve vikingindustries.in to IP.

Are you using DNS Proxy feature in the firewall?

Set up DNS sinkhole and see what internal machines try to access sinkhole IP. 

This allows you to identify which internal machine is responsible for connections to vikingindustries.in

Principal Architect @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes

Satyak
L3 Networker
In response to Raido_Rattameister

‎03-23-2026 05:35 AM

Hi Raido 

 

The domain vikingindustries.in is an intenal know domain and additionally i will try to setup the dns sinkhole and look into this. Additionally why only these logs are coming ony after the PAN OS upgrade because the domian vikingindustries.in in the internal networks for more than 1 year and the domain is also got categoriezed as malware in the paloalto.

 

Regards

Satya Kalyan 

0 Likes Likes

Raido_Rattameister
Cyber Elite

‎03-30-2026 07:01 AM - edited ‎03-30-2026 07:02 AM

Maybe your firewall upgrade happened to be around same time when threat id 765344918 was created and that is why suddenly started seeing it.

 

Raido_Rattameister_0-1774879108605.png

 

If it is internally used domain and you are not responsible for public one, then you can add exception.

Objects / Security Profiles / Anti-Spyware / <Anti-Spyware Profile> / DNS Exceptions

Principal Architect @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
0 Likes Likes
  • 1428 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks