@itman Thanks a lot for the responses! @Marcos Is there a place where we can lookup how exactly ESET detects this indicator Win32/RiskWare.Meterpreter.Q ? Which patterns or signatures does ESET look in traffic?
From what we checked we see no anomalies or suspicious activities on the VM, we also conducted a full scan with ESET. It seems like a false positive, however we cannot pinpoint it.
Our app could in some case send requests like these, however, they surely do not include Meterpreter, shell, etc.