We've been seeing alarms for C&C activity for days now, which is appearing both on Windows laptops and some Android BYOD devices. It involves:
The domain in question is ust-af.com, which our firewall blocks. It's all happening over Port 90 and 443 (SSL).
This must be a false positive. Nobody is clicking anything on phishing emails, people aren't visiting rogue web sites (and aren't all using IE), antivirus turns up nothing, and it involves multiple unrelated platforms. Is anyone else seeing this recently? Was there a bad pulse that flagged legit domains?