This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Lloyd_Braun
Advisor
‎2025-07-21 08:21 AM

Check the firewall logs for connection attempts to 62.0.58.94. This is the default DNS trap IP that the firewall will modfiy the DNS response to. As the logs say: "DNS response was replaced with a DNS trap bogus IP. See sk74060 for more information" 

 

As mentioned, you are only seeing the DNS query flagged at the firewall from the DNS servers, without DNS logging, your best bet is to look for the subsequent connection from the actual client to the DNS trap IP, probably HTTP/HTTPS but could be something else from the client to the DNS trap IP. 

(1)
Who rated this post