Malicious traffic investigation


A recent router hardware change is flagging some traffic coming out of my network as potentially being an attempt to reach something malicous and I am unable to identify exactly what these domains are, other than Cloudflare being the DNS register.

Port scans show 80, 443, 2053, 8080, and 8443 open.

Whois is a dead end as it gives Private by Design, LLC.

Abuse IP DB is hit and miss on the IP addresses that DNS resolves those domains too.

Looking for any help and knowledge.

Those ports will be open for any domain using the Cloudflare proxy.

There isn’t a question here that the Community can answer. Perhaps ask your router vendor, if they are flagging the domains as malicious they will be able to give you at least basic reasons they are flagged. (Which might just be that they are relatively recently registered).

That sounds like potentially malicious traffic. You should identify the hosts making the requests and remediation vulnerabilities identified.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.