11-07-2019 12:42 PM
Hello,
I've noticed an increase in IOC's being triggered due to hosts attempting to access hxxps://gogo.thepowerrangers.com.
End users are obviously not trying to get to a power rangers site. It seems to be a URL redirect. Has anyone else found their FirePower SI blocking this site? It's happening multiple times a day and I'm unsure what's triggering this. Google is not my friend here.
I had the same issue a few weeks ago with hxxps://mv-s2s-dev.ngrok.io. That URL has subsided for the time being.
Thank you
Solved! Go to Solution.
11-13-2019 10:51 AM
11-09-2019 01:44 PM
To check the URL health go to https://www.brightcloud.com/tools/url-ip-lookup.php check firepower url engine use the statistics from this engine.
now coming back to your point. if you think this url is malicious and you need to block the rule here
11-13-2019 10:51 AM
11-13-2019 11:14 AM
Yes, you can always utilize the white/blacklist in such situations. Also, just to mention, you can always submit a dispute directly to TALOS through the following link:
https://talosintelligence.com/reputation_center/support
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide