[BUG] Fortinet block page (fortinet-block-page-55.fortinet.com) listed as malicious.
Closed this issue · 2 comments
Describe the bug
Hello, while doing some research I found that Maltrail is flagging 208.91.112.55
(reverse DNS: fortinet-block-page-55.fortinet.com
) as malicious.
https://github.com/stamparm/maltrail/blob/master/trails/static/malware/netsupport.txt#L1265
While it is an indicator of malicious activity it cannot be treated as a specific malware family. It probably should be added to the whitelist or noted as the Fortinet block page which could be malicious activity stopped by Fortigate. e.g. , like for address 208.91.112.52
:
https://github.com/stamparm/maltrail/blob/master/misc/whitelist.txt#L1549
Additional context
Using Maltrail as a source of open-source Intelligence data about malicious activity. Not directly as a sensor.
Great, thanks for the fast response!