topic DNS queries in Network Security https://community.cisco.com/t5/network-security/dns-queries/m-p/3907395#M925374 <P>Hi<BR />During work , i have noticed a few DNSQuerys from&nbsp; <A title="cisco:firepower" href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">cisco:firepower</A>&nbsp;such as :<BR /><SPAN>\xB8WA\xF1\xCE#024<BR /></SPAN></P><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-5d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691564.2858522#" target="_blank" rel="noopener">\xB8\x87Q2z#024</A></TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">\xF8WA\xF1\xCE#024</A></TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">\xB8WA\xF1\xCE#024</A></TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">\xC8WA\xF1\xCE#024</A></TD></TR></TBODY></TABLE><P><BR />I tried searching this type of DNS Queries and didn't find an explanation<BR />Any chance I could decode it for something readable, I need to know where it resolves.<BR />It was forwarded to&nbsp;upstream DNS&nbsp;8.8.4.4,&nbsp;8.8.8.8<BR />Thanks</P><P><SPAN>&nbsp;</SPAN></P> Fri, 21 Feb 2020 17:23:41 GMT DavidShoshany5376 2020-02-21T17:23:41Z DNS queries https://community.cisco.com/t5/network-security/dns-queries/m-p/3907395#M925374 <P>Hi<BR />During work , i have noticed a few DNSQuerys from&nbsp; <A title="cisco:firepower" href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">cisco:firepower</A>&nbsp;such as :<BR /><SPAN>\xB8WA\xF1\xCE#024<BR /></SPAN></P><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-5d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691564.2858522#" target="_blank" rel="noopener">\xB8\x87Q2z#024</A></TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">\xF8WA\xF1\xCE#024</A></TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">\xB8WA\xF1\xCE#024</A></TD></TR></TBODY></TABLE><TABLE><TBODY><TR><TD><A href="https://10.1.5.90:8000/en-US/app/search/search?q=search%20index%3Dnetwork%20sourcetype%3Dcisco%3Afirepower%20DNSQuery%3D%22*%5C%5C*%22&amp;display.page.search.mode=verbose&amp;dispatch.sample_ratio=1&amp;earliest=-7d&amp;latest=now&amp;display.events.fields=%5B%22host%22%2C%22source%22%2C%22sourcetype%22%2C%22virusFileName%22%2C%22Virus%20Location%22%2C%22vulnerabilityName%22%2C%22blockuri%22%5D&amp;sid=1565691620.2858610#" target="_blank" rel="noopener">\xC8WA\xF1\xCE#024</A></TD></TR></TBODY></TABLE><P><BR />I tried searching this type of DNS Queries and didn't find an explanation<BR />Any chance I could decode it for something readable, I need to know where it resolves.<BR />It was forwarded to&nbsp;upstream DNS&nbsp;8.8.4.4,&nbsp;8.8.8.8<BR />Thanks</P><P><SPAN>&nbsp;</SPAN></P> Fri, 21 Feb 2020 17:23:41 GMT https://community.cisco.com/t5/network-security/dns-queries/m-p/3907395#M925374 DavidShoshany5376 2020-02-21T17:23:41Z