Poss. Trojan detected coming from CF's 2ndary DNS Servers!

FYI — this was detected via our IPS system coming from the Cloudflare secondary DNS servers… already sent in a support ticket on this, and just trying to get this looked at ASAP.

cloudflare-network-trojan-from-1.0.0.1-2

1 Like

What’s the ticket number?
cc: @cloonan

1 Like

[Cloudflare Support] 1936360

1 Like

Thank you, @user329 & @floripare, the team is investigating this, thank you for the additional detail on the ticket

2 Likes

@user329, a device on your network is compromised and is sending spoofed DNS packages pretending to be 1.0.0.1 or 8.8.4.4. Background, http://travisgreen.net/2019/08/13/anubis-sinhole.html

5 Likes