Tag Archives: Sophos

Sophos Services FQDN and IP Address List

This list includes some of the FQDNs and IP Addresses used by Sophos Services, this may be useful for identifying outgoing traffic and creating web filtering exceptions.

*.cloudfront.net
*.ctr.sophos.com
*.hydra.sophos.com
*.sophos.com
*.sophosupd.com
*.sophosupd.net
*.sophosxl.net
108.128.21.191
108.128.75.57
176.34.202.39
18.200.140.39
18.200.233.166
18.200.76.187
18.201.4.220
23.56.184.93
3.248.161.254
3.248.236.19
3.248.239.225
34.240.132.250
34.240.132.63
34.240.70.198
34.240.87.136
34.241.47.153
34.242.175.229
34.242.189.0
34.242.190.168
34.243.109.72
34.243.155.26
34.243.46.159
34.246.1.161
34.246.93.20
34.247.133.51
34.247.19.150
34.248.0.181
34.249.116.122
34.249.16.38
34.249.213.108
34.249.56.234
34.249.75.71
34.250.177.130
34.250.201.204
34.250.232.147
34.251.0.214
34.251.206.176
34.252.99.77
34.253.34.19
34.254.24.5
4.sophosxl.net
46.137.119.69
46.51.205.49
52.16.156.95
52.16.224.248
52.18.132.38
52.18.142.239
52.18.201.121
52.19.111.54
52.19.130.35
52.19.133.193
52.208.138.248
52.208.151.187
52.208.47.80
52.208.61.137
52.209.113.230
52.209.174.16
52.209.74.179
52.211.118.19
52.211.181.255
52.211.215.132
52.211.33.11
52.211.40.77
52.212.179.152
52.212.19.181
52.212.243.39
52.212.80.79
52.213.185.15
52.213.222.108
52.213.224.21
52.213.227.181
52.213.81.142
52.214.122.237
52.214.193.2
52.215.191.67
52.31.157.236
52.48.158.77
52.48.251.68
52.49.52.52
52.49.55.251
52.51.136.43
52.51.19.238
54.154.78.113
54.155.110.171
54.155.150.168
54.155.54.127
54.171.179.249
54.171.2.113
54.171.211.242
54.171.39.210
54.171.82.87
54.194.136.103
54.194.149.107
54.194.158.193
54.194.23.13
54.194.31.233
54.216.250.187
54.220.121.131
54.228.154.173
54.229.182.239
54.229.193.103
54.229.26.205
54.229.29.253
54.246.206.153
54.246.225.42
54.73.159.85
54.73.59.214
54.75.131.11
54.76.53.13
54.77.101.166
54.77.103.108
54.77.109.237
54.77.183.40
54.77.190.39
54.78.168.73
54.78.85.182
63.32.154.88
63.32.247.92
63.34.49.237
63.35.134.40
99.81.41.145
99.81.95.11
amazonaws.com
api.stn100yul.ctr.sophos.com
api-cloudstation-us-east-2.prod.hydra.sophos.com
az416426.vo.msecnd.net
central.sophos.com
cloud.sophos.com
cloud-assets.sophos.com
d1.sophosupd.com
d1.sophosupd.net
d2.sophosupd.com
d2.sophosupd.net
d3.sophosupd.com
d3.sophosupd.net
dc.services.visualstudio.com
dci.sophosupd.com
dci.sophosupd.net
downloads.sophos.com
dzr-api-amzn-eu-west-1-9af7.api-upe.p.hmr.sophos.com
dzr-mcs-amzn-eu-west-1-9af7.upe.p.hmr.sophos.com
dzr-mcs-amzn-us-west-2-fa88.upe.p.hmr.sophos.com
http.00.a.sophosxl.net
http.00.s.sophosxl.net
id.sophos.com
mcs.stn100hnd.ctr.sophos.com
mcs.stn100syd.ctr.sophos.com
mcs.stn100yul.ctr.sophos.com
mcs2.stn100hnd.ctr.sophos.com
mcs2.stn100syd.ctr.sophos.com
mcs2.stn100yul.ctr.sophos.com
mcs2-cloudstation-eu-central-1.prod.hydra.sophos.com
mcs2-cloudstation-eu-west-1.prod.hydra.sophos.com
mcs2-cloudstation-us-east-2.prod.hydra.sophos.com
mcs2-cloudstation-us-west-2.prod.hydra.sophos.com
mcs-cloudstation-eu-central-1.prod.hydra.sophos.com
mcs-cloudstation-eu-west-1.prod.hydra.sophos.com
mcs-cloudstation-us-east-2.prod.hydra.sophos.com
mcs-cloudstation-us-west-2.prod.hydra.sophos.com
samples.sophosxl.net
sdds3.sophosupd.com
sdds3.sophosupd.net
sdu-feedback.sophos.com
sophos.com
sophosupd.com
sophosxl.net
ssp.feedback.sophos.com
sus.sophosupd.com
sus.sophosupd.net
t1.sophosupd.com

Apple Services FQDN and IP Address List

This list includes some of the FQDNs and IP Addresses used by Apple Services, this may be useful for identifying outgoing traffic and creating web filtering exceptions.

104.106.197.66
104.16.65.50
104.16.66.50
104.86.110.83
17.171.98.3
17.188.182.196
17.188.22.91
17.188.23.49
17.250.80.100
17.250.80.11
17.250.80.141
17.250.80.144
17.250.80.15
17.253.29.199
17.253.29.203
17.253.37.206
17.253.37.209
17.57.146.5
17.57.146.6
17.57.146.86
17.57.146.87
17.57.146.88
17.57.172.11
17.57.172.16
23.215.181.103
23.5.208.22
35.181.25.252
52.18.143.40
54.220.133.225
92.122.149.120
api.smoot.apple.com
api-ausw2b.smoot.apple.com
api-glb-aeuw3c.smoot.apple.com
apple.com
caldav.icloud.com
cdn.apple.com
cl1.apple.com
cl3.apple.com
cl4.apple.com
configuration.ls.apple.com
contacts.icloud.com
courier.push.apple.com
fmfmobile.icloud.com
gateway.icloud.com
gdmf.apple.com
gs-loc.apple.com
gsp10-ssl.apple.com
gsp64-ssl.ls.apple.com
gsp85-ssl.ls.apple.com
gspe19-ssl.ls.apple.com
gspe35-ssl.ls.apple.com
gsp-ssl.ls.apple.com
guzzoni.apple.com
init.itunes.apple.com
init.push.apple.com
init-p01st.push.apple.com
iphone-cdn-api.fitbit.com
iphone-cdn-client.fitbit.com
iphone-ld.apple.com
iphonesubmissions.apple.com
itunes.apple.com
km.support.apple.com
mesu.apple.com
news-edge.apple.com
ocsp2.apple.com
p21-caldav.icloud.com
p72-contacts.icloud.com
p72-fmfmobile.icloud.com
securemetrics.apple.com
setup.icloud.com
smp-device-content.apple.com
support.apple.com
supportmetrics.apple.com
swcatalog.apple.com
swdist.apple.com
weather-data.apple.com
www.apple.com
xp.apple.com
xp-cdn.apple.com

How to Block Brute Force Attacks

IPinfo allows you to reliably identify important information about an abusive IP including City, Region and Country. It also provides abuse information that will allow you to report the abuse to the netblock owner, you will usually need to provide Firewall and/or event logs that detail the attack. In some instances the attack may have been made from an anonymous VPN service, they are unlikely to have any logs of who undertook the attack but may be able to block your IP address or IP Range from their network.

https://ipinfo.io/

It’s very useful to be able to block traffic based on the country its originating from, so many of the Brute Force attacks that we face on a daily basis originate from a small number of countries. Many popular Firewalls provide this feature either as standard or as part of an additional security service subscription.

Watchguard – Geolocation

Fortinet – Geo IP block list

Sophos Firewall – country-based firewall rule

SonicWall – Geo-IP filter

Smoothwall – GeoBlocking

Draytek – Country Object or Geo-Blocking

Untangle NG Firewall – geolocation

pfSense (with pfBlockerNG Package) – geo-blocking

Reporting Malicious or Phishing Sites

A useful list of providers where you can report Malicious or Phishing Sites

Virus Total – https://www.virustotal.com/gui/home/url

SPAM404 – https://www.spam404.com/report.html

BrightCloud – https://www.brightcloud.com/tools/url-ip-lookup.php

ESET – https://phishing.eset.com/en-us/report

Sophos – https://support.sophos.com/support/s/filesubmission?language=en_US

Google – https://safebrowsing.google.com/safebrowsing/report_general/

Microsoft – https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest

Cyren – https://www.cyren.com/security-center/url-category-check-gate

Dr.Web – https://vms.drweb.com/sendvirus/

Fortinet – https://www.fortiguard.com/faq/wfratingsubmit

Forcepoint – https://csi.forcepoint.com/

Bitdefender – https://www.bitdefender.com/consumer/support/answer/29358/#scroll-to-heading-2

SCUMWARE.ORG – https://www.scumware.org/add_url.php