cancel
Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic

Disney+ domain being sinkholed as DNS tunneling domain

L2 Linker

This morning I starting noticing that my threat logs are filling up with

sinkhole actions for the following

Suspicious DNS Query (search-api-disney.svcs.dssott.co)

Suspicious DNS Query (dssott.com)

 

 

Threat Type
spyware
Threat Name
DNS Tunneling Domain
ID
Category
dns-security
Content Version
AppThreat-0-0
Severity
high
Repeat Count
1
File Name
 
URL
Suspicious DNS Query (search-api-disney.svcs.dssott.co)

 

To get the site working again I have added a DNS signature exception for thread-id 109001001

 

Is it possible to except certain domains rather than the entire threat-id?  I fear that I am excepting more than just the domains I'm interested in.

 

 

PCNSC, PCNSE, Cyber Force Defender
Who Me Too'd this topic