Hi Karol,
I may need a little more detail to help here...
If it is an HTTP request, then capture it and maybe we can make sense of it based on the HTTP header.
If it is an SSL encrypted request, then capture it and maybe we can make sense of it based on the TLS handshake.
Thanks,
------------------------------
Edwin Groothuis
Escalation engineer
Imperva
Tel Aviv NSW
------------------------------
Original Message:
Sent: 06-22-2021 04:25
From: Karol Gruszczynski
Subject: MX DAM - try to connect suspicious IP
Dear All,
Could you tell me why IMPERVA MX (DAM) tries to connect to IP:172.67.214.234?? it is Cloudflare.
A colleague of mine informed me that his systems were being attacked from this address.
regards,
KAROL
#DatabaseActivityMonitoring
------------------------------
Karol Gruszczynski
IT SECURITY EXPERT
Warsaw
------------------------------