cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1502
Views
0
Helpful
6
Replies

Firepower URL Malware Block for *.moatads.com sites

dotran
Level 1
Level 1

I'm seeing numerous block to various moatads.com sites  in Cisco Firepower starting around 8A CDT today.   Anybody else experiencing this?  

6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

Looks like Talos added block list :

 

https://talosintelligence.com/reputation_center/lookup?search=moatads.com

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Moatads.com is a big advertising service. Was the block intentional or by mistake?

talos is the security feed for all the cisco security device. they do their home work before they get in to block, this was blocked from 2018, not sure how big, what is the content here.

 

if you think this is valid then you can request Talos (i do not have any idea about the domain you listed as adviertising services ?)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

TALOS has been known to be wrong before. Further, it has not been blocked since 2018, I can guarantee you that. Umbrella's Investigate shows this to be a low risk domain created back in 2011.

dotran
Level 1
Level 1

I submitted a ticket with TALOS last Friday,  their response below:  


RESOLVED_CLOSED : FIXED_FP - Talos has concluded that the submission is safe to access at this time; the submission’s reputation has been improved. This update will be publicly visible in the next 24 hours. If your device or endpoint client is not reflecting this disposition, please open a TAC case.

 

Nice lets wait for 24hours see what is will be the web reputation.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card