@Marcos
hi sir thanks for your reply
ok I know that IP is valid and the owner of that is ESET, but the policy was set to receive update from our mirror server in LAN (Like Update, product update,....) and I even turn off the anti phishing and ssl/tls, but the client systems want to connect to 91.228.167.21 directly. I don't want when I have lan and mirror servers and infrastructure clients systems try to connect directly outside of the LAN