WTFBins

  • Sophos Web Protection (sophosxl.net)


    Contributed By: mttaggart

    Sophos Web Protection, for reasons surpassing understanding, performs DNS lookups using b64-encoded data as subdomains to sophosxl.net. This creates a gigantic amount of DNS queries, all of which look like data exfil, because technically they are.