[BUG] Fortinet block page (fortinet-block-page-55.fortinet.com) listed as malicious.

Question

[BUG] Fortinet block page (fortinet-block-page-55.fortinet.com) listed as malicious.

Closed this issue 4 months ago · 2 comments

Describe the bug
Hello, while doing some research I found that Maltrail is flagging 208.91.112.55 (reverse DNS: fortinet-block-page-55.fortinet.com) as malicious.

https://github.com/stamparm/maltrail/blob/master/trails/static/malware/netsupport.txt#L1265

While it is an indicator of malicious activity it cannot be treated as a specific malware family. It probably should be added to the whitelist or noted as the Fortinet block page which could be malicious activity stopped by Fortigate. e.g. , like for address 208.91.112.52:
https://github.com/stamparm/maltrail/blob/master/misc/whitelist.txt#L1549

Additional context
Using Maltrail as a source of open-source Intelligence data about malicious activity. Not directly as a sensor.

Answer 1 · 2024-05-28T13:00:30.000Z

Hello!

You are right!

Fix: 7dbabd3
Whitelist: 3205fda

Thank you for alerting!

Answer 2 · 2024-05-28T15:23:26.000Z

Great, thanks for the fast response!