Fort I Cloud Report 1070

Device: PROPARTES (FG100D3G15814343), VDom: root
2019-02-19 00:00 - 2019-02-20 00:00
Summary Report
Threat Analysis
Top Threats
Threat Category Level Score %
play.google.com Freeware and Software Downloads High 42330 25.1%
Failed Connection Attempt Firewall Control Low 33490 19.9%
edge-mqtt.facebook.com Social Networking High 9660 5.7%
data.mob.com Meaningless Content High 9570 5.7%
graph.facebook.com Social Networking High 8130 4.8%
facebook.com Social Networking High 7110 4.2%
lh3.googleusercontent.com Content Servers High 6870 4.1%
mqtt-mini.facebook.com Social Networking High 6810 4.0%
connect.facebook.net Social Networking High 6690 4.0%
cdnjs.cloudflare.com Content Servers High 5130 3.0%
secure.skypeassets.com Content Servers High 4140 2.5%
www.facebook.com Social Networking High 3750 2.2%
fna.fbcdn.net Social Networking High 3690 2.2%
graph.instagram.com Social Networking High 3330 2.0%
wg.spotify.com Internet Radio and TV High 3180 1.9%
csi.gstatic.com Content Servers High 3000 1.8%
musicimage.xboxlive.com Games High 3000 1.8%
157.240.14.15 Social Networking High 2850 1.7%
settings-ssl.xboxlive.com Games High 2820 1.7%
lithium.facebook.com Social Networking High 2790 1.7%
Total: 168340
Top Viruses
Virus Incidents %
W32/GenKryptik.CZCX!tr 1 100.0%
Total: 1
Top Virus Victims

Source Incidents %
37.139.22.95 1 100.0%
Total: 1
Top Attacks
No Data
Top Attack Victims
Page 1
2019-02-19 00:00 - 2019-02-20 00:00
No Data
Top Spam by Source IP

Source Incidents %
185.234.218.173 9185 48.4%
66.37.2.3 4013 21.2%
66.96.216.100 1202 6.3%
157.230.170.141 540 2.8%
167.99.110.151 466 2.5%
66.37.2.6 222 1.2%
108.170.49.54 144 0.8%
108.170.49.44 144 0.8%
108.170.49.40 144 0.8%
108.170.49.36 143 0.8%
108.170.49.53 141 0.7%
5.39.115.109 138 0.7%
79.161.255.146 132 0.7%
46.8.209.184 105 0.6%
88.98.8.185 101 0.5%
167.114.150.11 100 0.5%
142.54.182.53 96 0.5%
159.89.27.45 95 0.5%
5.39.115.237 94 0.5%
46.8.209.194 86 0.5%
Other 1677 8.8%
Total: 18968
Top Data Leak by Rules

No Data
Top Data Leak by Source

No Data
Page 2
2019-02-19 00:00 - 2019-02-20 00:00
Traffic Analysis
Traffic Trend
20,000,000
18,000,000
16,000,000
14,000,000
Traffic (MB)
12,000,000
10,000,000
8,000,000
6,000,000
4,000,000
2,000,000
0
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
2019-02-19 00:00 -- 2019-02-20 00:00
Top Application Categories
100%
unscanned = 415.1 TB(100%)
unknown = 48.5 GB(0%)
update = 1 GB(0%)
web.client = 236.7 MB(0%)
collaboration = 165.4 MB(0%)
Other = 19.2 MB(0%)
Top Applications
Application Traffic(Sent/Received) % Session %
nfs 403.5 TB / 9.3 TB 99.4% 689 0.1%
tcp 57.3 GB / 2.2 TB 0.5% 49877 8.7%
https 7.8 GB / 49.9 GB 0.0% 311438 54.4%
rdp 4.7 GB / 13.1 GB 0.0% 57038 10.0%
dns 428.3 MB / 5.3 GB 0.0% 80791 14.1%
ssh 2.8 GB / 39.3 MB 0.0% 21 0.0%
http 644.5 MB / 1.3 GB 0.0% 15821 2.8%
udp 579.9 MB / 814 MB 0.0% 6459 1.1%
ms.windows.update 19 MB / 843.1 MB 0.0% 364 0.1%
smtp 464 MB / 19.7 MB 0.0% 21738 3.8%
imaps 300 MB / 138.8 MB 0.0% 619 0.1%
http.browser_chrome 11.1 MB / 189.9 MB 0.0% 2533 0.4%
microsoft.office.update 3.1 MB / 144.1 MB 0.0% 119 0.0%
siesacrm-produccion 9 MB / 100.9 MB 0.0% 1558 0.3%
microsoft.office.365.portal 1.8 MB / 93.2 MB 0.0% 101 0.0%
Page 3
2019-02-19 00:00 - 2019-02-20 00:00
prpxmox 28.9 MB / 49 MB 0.0% 1353 0.2%

microsoft.portal 12.5 MB / 47.4 MB 0.0% 2482 0.4%
http.browser 1.5 MB / 28.6 MB 0.0% 1735 0.3%
kaspersky.update 2.8 MB / 26.3 MB 0.0% 4075 0.7%
pop3s 398 KB / 6.9 MB 0.0% 71 0.0%
Other 4.3 MB / 16.8 MB 0.0% 13177 2.3%
Total: 403.6 TB / 11.6 TB Total: 572059
Sent Received
Top Applications Categories and Applications

Application Category % Application % Traffic
unscanned 100 nfs 99.4
% % 403.5 TB/9.3 TB
tcp 0.5% 52.9 GB/2.2 TB
https 0.0% 4.8 GB/17.6 GB
rdp 0.0% 4.7 GB/13.1 GB
ssh 0.0% 2.8 GB/39.3 MB
Other 0.0% 1.3 GB/1.8 GB
unknown 0.0 https 72.9
% % 2.9 GB/32.4 GB
tcp 12.6
% 4.5 GB/1.6 GB
dns 11.7
% 419.7 MB/5.3 GB
udp 1.5% 533 MB/215.1 MB
http 1.2% 177.5 MB/429.6 MB
Other 0.1% 3.1 MB/40.6 MB
update 0.0 ms.windows.update 83.0
% % 19 MB/843.1 MB
microsoft.office.update 14.2
% 3.1 MB/144.1 MB
kaspersky.update 2.8% 2.8 MB/26.3 MB
web.client 0.0 http.browser_chrome 84.9
% % 11.1 MB/189.9 MB
http.browser 12.7
% 1.5 MB/28.6 MB
http.browser_ie 1.2% 121 KB/2.7 MB
http.browser_firefox 1.1% 1 MB/1.6 MB
collaboration 0.0 microsoft.office.365.portal 57.5
% % 1.8 MB/93.2 MB
microsoft.portal 36.2
% 12.5 MB/47.4 MB
microsoft.sharepoint 3.6% 266 KB/5.7 MB
microsoft.authentication 1.4% 909 KB/1.5 MB
microsoft.office.online 1.1% 579 KB/1.3 MB
Other 0.2% 36 KB/244 KB
network.service 0.0 dns 98.9
% % 3.6 MB/13.4 MB
quic 1.1% 191 KB/1 KB
cloud.it 0.0 microsoft.azure 100%
% 31 KB/1.4 MB
general.interest 0.0 microsoft.store 100%
% 66 KB/361 KB
proxy 0.0 psiphon 100%
% 78 KB/118 KB
social.media 0.0 facebook 79.3
% % 1 KB/44 KB
linkedin 5.2% 0 KB/3 KB
Page 4
2019-02-19 00:00 - 2019-02-20 00:00
instagram 5.2% 0 KB/3 KB

pinterest 5.2% 0 KB/3 KB
tumblr 5.2% 0 KB/3 KB
Other 0.0 100%
% 1 KB/22 KB
Total: 403.6 TB/11.6 TB
Sent Received
Top Source
Source Traffic(Sent/Received) % Session %
192.168.99.11 403.5 TB / 9.3 TB 99.4% 18268 3.2%
190.147.82.105 52.6 GB / 2.2 TB 0.5% 6650 1.2%
192.168.0.121 2.1 GB / 33.1 GB 0.0% 2094 0.4%
192.168.0.241-Administrador 2.9 GB / 6.2 GB 0.0% 3230 0.6%
192.168.40.5 4.2 GB / 1.4 GB 0.0% 1092 0.2%
186.147.44.166 153.6 MB / 4.1 GB 0.0% 78 0.0%
181.56.252.125 1.1 GB / 2.1 GB 0.0% 495 0.1%
192.168.0.155 690.2 MB / 2.1 GB 0.0% 4574 0.8%
192.168.0.139-jefe.compras 196.7 MB / 2.4 GB 0.0% 3204 0.6%
192.168.40.19-jefe.logistica 738.7 MB / 1.5 GB 0.0% 7695 1.4%
192.168.0.135-asistente.comercial 1.2 GB / 997.9 MB 0.0% 1319 0.2%
186.81.116.236 798.2 MB / 1.4 GB 0.0% 382 0.1%
192.168.0.239 605.4 MB / 1.5 GB 0.0% 5187 0.9%
192.168.35.2-suc.pradov 554.4 MB / 1.3 GB 0.0% 2736 0.5%
192.168.0.173-jefe.comercial 420.1 MB / 653.5 MB 0.0% 1941 0.3%
192.168.40.23 328.6 MB / 540.5 MB 0.0% 3467 0.6%
192.168.0.187 68.5 MB / 763.4 MB 0.0% 7267 1.3%
192.168.0.109 24.5 MB / 804.5 MB 0.0% 1406 0.2%
192.168.0.191-jefe.tesoreria 221.2 MB / 589.7 MB 0.0% 2833 0.5%
192.168.0.160-jefe.sistemas 393.1 MB / 408.5 MB 0.0% 6304 1.1%
Other 5.8 GB / 12.9 GB 0.0% 484333 85.8%
Total: 403.6 TB / 11.6 TB Total: 564555
Sent Received
Top Sources and Applications

Source % Application % Traffic
192.168.99.11 99.4 nfs 100%
% 403.5 TB/9.3 TB
tcp 0.0% 3.3 MB/2.3 MB
http 0.0% 102 KB/5.3 MB
onc-rpc 0.0% 717 KB/478 KB
https 0.0% 8 KB/41 KB
Other 0.0% 8 KB/11 KB
190.147.82.105 0.5% tcp 100% 52.6 GB/2.2 TB
rdp 0.0% 1.3 MB/4.2 MB
https 0.0% 227 KB/1 MB
siesacrm-produccion 0.0% 62 KB/791 KB
192.168.0.121 0.0% https 83.9
% 1.7 GB/27.9 GB
dns 16.1
% 419.7 MB/5.3 GB
tcp 0.0%
263 KB/230 KB
Page 5
2019-02-19 00:00 - 2019-02-20 00:00
http 0.0% 119 KB/213 KB

http.browser 0.0% 118 KB/115 KB
Other 0.0% 122 KB/160 KB
192.168.0.241-Administrador 0.0% https 67.6
% 94.7 MB/6.1 GB
ssh 31.3
% 2.8 GB/39.3 MB
prpxmox 0.8% 28.9 MB/49 MB
http 0.2% 2.4 MB/17.7 MB
udp 0.0% 539 KB/3.7 MB
192.168.40.5 0.0% tcp 100% 4.2 GB/1.4 GB
udp 0.0% 1.5 MB/302 KB
x-windows 0.0% 61 KB/32 KB
186.147.44.166 0.0% rdp 100% 153.6 MB/4.1 GB
181.56.252.125 0.0% rdp 99.9
% 1.1 GB/2.1 GB
https 0.1% 793 KB/2.8 MB
192.168.0.155 0.0% rdp 65.6
% 596.5 MB/1.2 GB
https 17.0
% 80.9 MB/401 MB
ms.windows.update 16.9
% 8.5 MB/472.7 MB
tcp 0.2% 1.4 MB/2.9 MB
http.browser_chrome 0.1% 196 KB/3.9 MB
Other 0.2% 2.7 MB/1.8 MB
192.168.0.139-jefe.compras 0.0% https 83.9
% 45.1 MB/2.2 GB
rdp 15.2
% 148.4 MB/261.2 MB
http 0.6% 1 MB/15.8 MB
udp 0.1% 938 KB/2.4 MB
tcp 0.1% 1.3 MB/2 MB
Other 0.0% 0 KB
192.168.40.19-jefe.logistica 0.0% https 50.9
% 445.3 MB/717.7 MB
rdp 39.7
% 284.2 MB/621.7 MB
http.browser_chrome 4.4% 3.5 MB/96 MB
ms.windows.update 4.3% 2.4 MB/96.4 MB
microsoft.sharepoint 0.3% 266 KB/5.7 MB
Other 0.5% 3.1 MB/8.2 MB
Other 0.0% 100% 10.4 GB/21.7 GB
Total: 403.6 TB/11.6 TB
Sent Received
Top Destination
Destination Traffic(Sent/Received) % Session %
192.168.0.3 403.5 TB / 9.3 TB 99.4% 18244 4.0%
186.154.234.245 52.6 GB / 2.2 TB 0.5% 6503 1.4%
95.174.67.98 1.4 GB / 21.5 GB 0.0% 102 0.0%
186.154.234.242 4.7 GB / 13.3 GB 0.0% 73151 16.2%
13.249.87.129 90.8 MB / 6 GB 0.0% 27 0.0%
192.168.99.8 2.7 GB / 3.2 GB 0.0% 19343 4.3%
159.203.36.50 419.2 MB / 5.3 GB 0.0% 65 0.0%
178.79.173.113 272.2 MB / 5.4 GB 0.0% 53 0.0%
Page 6
2019-02-19 00:00 - 2019-02-20 00:00
54.94.249.1 4.2 GB / 1.4 GB 0.0% 672 0.1%

192.168.99.11(www.baidu.com) 2.9 GB / 88.3 MB 0.0% 1361 0.3%
13.35.115.121 37.3 MB / 2.4 GB 0.0% 21 0.0%
13.249.87.34 20.1 MB / 1.3 GB 0.0% 11 0.0%
186.31.253.96(fna.fbcdn.net) 28 MB / 1 GB 0.0% 780 0.2%
213.108.105.142 51.3 MB / 1 GB 0.0% 22 0.0%
186.154.234.243 378.2 MB / 608 MB 0.0% 31167 6.9%
34.192.72.116 728 MB / 183.6 MB 0.0% 696 0.2%
13.107.42.11 380.7 MB / 364.3 MB 0.0% 463 0.1%
216.219.115.44 460.7 MB / 198.4 MB 0.0% 966 0.2%
186.31.253.81(fna.fbcdn.net) 13.3 MB / 508.4 MB 0.0% 363 0.1%
209.58.139.32(net.anydesk.com) 96.4 MB / 413 MB 0.0% 244 0.1%
Other 3.4 GB / 9.9 GB 0.0% 296881 65.8%
Total: 403.6 TB / 11.6 TB Total: 451135
Sent Received
Traffic by To Country
99.4%
Internal Network = 412.9 TB(99.4%)
Colombia = 2.3 TB(0.6%)
United States = 4.9 GB(0%)
Brazil = 4.2 GB(0%)
Netherlands Antilles = 1.5 GB(0%)
Other = 1.3 GB(0%)
Page 7
2019-02-19 00:00 - 2019-02-20 00:00
Web Activities
Most Visited Web Categories
Social Networking = 2331(34.1%)
Content Servers = 1713(25.1%)

25.1% Freeware and Software Downloads = 1470(21.5%)
21.5%
Meaningless Content = 607(8.9%)
Streaming Media and Download = 263(3.8%)
Games = 231(3.4%)
8.9% Internet Radio and TV = 172(2.5%)
Proxy Avoidance = 27(0.4%)
34.1% Entertainment = 13(0.2%)
Job Search = 5(0.1%)
Other = 1(0%)
Most Visited Websites

Web Site Visits % Estimated Browsing Time %
play.google.com 1411 20.6% 00h 00m 00s N/A
edge-mqtt.facebook.com 322 4.7% 00h 00m 00s N/A
data.mob.com 319 4.7% 00h 00m 00s N/A
graph.facebook.com 271 4.0% 00h 00m 00s N/A
facebook.com 237 3.5% 00h 00m 00s N/A
lh3.googleusercontent.com 229 3.4% 00h 00m 00s N/A
mqtt-mini.facebook.com 227 3.3% 00h 00m 00s N/A
connect.facebook.net 223 3.3% 00h 00m 00s N/A
cdnjs.cloudflare.com 171 2.5% 00h 00m 00s N/A
secure.skypeassets.com 138 2.0% 00h 00m 00s N/A
www.facebook.com 125 1.8% 00h 00m 00s N/A
fna.fbcdn.net 123 1.8% 00h 00m 00s N/A
graph.instagram.com 111 1.6% 00h 00m 00s N/A
wg.spotify.com 106 1.6% 00h 00m 00s N/A
csi.gstatic.com 100 1.5% 00h 00m 00s N/A
musicimage.xboxlive.com 100 1.5% 00h 00m 00s N/A
157.240.14.15 95 1.4% 00h 00m 00s N/A
settings-ssl.xboxlive.com 94 1.4% 00h 00m 00s N/A
lithium.facebook.com 93 1.4% 00h 00m 00s N/A
s0.2mdn.net 88 1.3% 00h 00m 00s N/A
Other 2250 32.9% 00h 00m 00s N/A
Total: 6833 Total: 00h 00m 00s
Most Active Web Users

User Visits % Estimated Browsing Time %
4028 58.9% 00h 00m 00s N/A
auxiliar3.cartera 1042 15.2% 00h 00m 00s N/A
administrador.prado 368 5.4% 00h 00m 00s N/A
jefe.bicicletas 278 4.1% 00h 00m 00s N/A
coordinador.recibo 258 3.8% 00h 00m 00s N/A
jefe.contabilidad 241 3.5% 00h 00m 00s N/A
Page 8
2019-02-19 00:00 - 2019-02-20 00:00
administrador.servit 193 2.8% 00h 00m 00s N/A

asistente2.publicida 182 2.7% 00h 00m 00s N/A
jefe.logistica 117 1.7% 00h 00m 00s N/A
suc.pradov 74 1.1% 00h 00m 00s N/A
jefe.importaciones 12 0.2% 00h 00m 00s N/A
asis.gestionhumana 12 0.2% 00h 00m 00s N/A
asistente.publicidad 11 0.2% 00h 00m 00s N/A
jefe.comercial 9 0.1% 00h 00m 00s N/A
Administrador 3 0.0% 00h 00m 00s N/A
auxiliar2.cartera 3 0.0% 00h 00m 00s N/A
auxiliar.contabilida 2 0.0% 00h 00m 00s N/A
Total: 6833 Total: 00h 00m 00s
Most Visited Web Sites by Most Active Users

User % Web Site % Visits
58.9% play.google.com 9.4% 377
edge-mqtt.facebook.com 8.0% 322
data.mob.com 7.9% 319
graph.facebook.com 6.7% 269
facebook.com 5.9% 237
Other 62.2% 2504
auxiliar3.cartera 15.2% play.google.com 88.2% 919
lh3.googleusercontent.com 6.0% 63
connect.facebook.net 0.8% 8
maxcdn.bootstrapcdn.com 0.7% 7
Other 3.0% 31
administrador.prado 5.4% connect.facebook.net 22.3% 82
ced-ns.sascdn.com 16.8% 62
s.ytimg.com 12.8% 47
widget.spreaker.com 7.6% 28
ec-ns.sascdn.com 6.8% 25
Other 33.7% 124
jefe.bicicletas 4.1% secure.skypeassets.com 46.0% 128
play.google.com 17.6% 49
cdnjs.cloudflare.com 6.5% 18
www.facebook.com 3.2% 9
Other 15.1% 42
coordinador.recibo 3.8% musicimage.xboxlive.com 38.8% 100
settings-ssl.xboxlive.com 31.4% 81
img-s-msn-com.akamaized.net 3.9% 10
musicmatch-ssl.xboxlive.com 3.1% 8
beacons4.gvt2.com 2.7% 7
Other 20.2% 52
jefe.contabilidad 3.5% cdnjs.cloudflare.com 30.7% 74
www.facebook.com 19.5% 47
cdn.jsdelivr.net 12.0% 29
s0.2mdn.net 4.1% 10
www.youtube.com 3.7% 9
Other 29.9% 72
administrador.servit 2.8% www.facebook.com 11.9% 23
tg.socdm.com 11.9% 23
Page 9
2019-02-19 00:00 - 2019-02-20 00:00
aep.mxptint.net 10.4% 20
c.amazon-adsystem.com 8.3% 16
csi.gstatic.com 8.3% 16
Other 49.2% 95
asistente2.publicida 2.7% play.google.com 28.6% 52
t4.ftcdn.net 9.9% 18
t3.ftcdn.net 4.9% 9
Other 27.5% 50
jefe.logistica 1.7% maxcdn.bootstrapcdn.com 19.7% 23
cdnjs.cloudflare.com 8.5% 10
platform.twitter.com 6.0% 7
doc-0k-a4-docs.googleusercontent.com 4.3% 5
Other 45.3% 53
suc.pradov 1.1% connect.facebook.net 16.2% 12
s.ytimg.com 12.2% 9
s0.2mdn.net 10.8% 8
dsp.theadtech.com 8.1% 6
Other 39.2% 29
Other 0.8% 100% 52
Total: 6833
Visits
Page 10
2019-02-19 00:00 - 2019-02-20 00:00
VPN Analysis
VPN Bandwidth Usage Trend
100
90
80
70
Traffic (MB)
60
50
40
30
20
10
0
00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23
2019-02-19 00:00 -- 2019-02-20 00:00
Top Site to Site Tunnels by Bandwidth Usage

No Data
Top SSL and Dialup Users by Bandwidth Usage

No Data
Page 11
2019-02-19 00:00 - 2019-02-20 00:00
System Activity
Admin Session Summary
# User Login Interface Total # of Admin Total # of Config Total Duration
Sessions Changes
1 admin https(186.147.44.166) 2 2 1h 09m 58s
2 admin https(192.168.0.148) 1 0 20m 14s
Failed Admin Login Summary

# User Login Interface Total # of Failed Logins
1 Amayiya2016* https(192.168.0.148) 1
Page 12

Fort I Cloud Report 1070

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Fort I Cloud Report 1070

Uploaded by

Copyright:

Available Formats

Device: PROPARTES (FG100D3G15814343), VDom: root

2019-02-19 00:00 - 2019-02-20 00:00

Top Virus Victims

Top Attack Victims

Top Spam by Source IP

Top Data Leak by Rules

Top Data Leak by Source

Top Application Categories

unscanned = 415.1 TB(100%)

unknown = 48.5 GB(0%)

web.client = 236.7 MB(0%)

collaboration = 165.4 MB(0%)

Other = 19.2 MB(0%)

prpxmox 28.9 MB / 49 MB 0.0% 1353 0.2%

Top Applications Categories and Applications

instagram 5.2% 0 KB/3 KB

Top Sources and Applications

http 0.0% 119 KB/213 KB

54.94.249.1 4.2 GB / 1.4 GB 0.0% 672 0.1%

Internal Network = 412.9 TB(99.4%)

Colombia = 2.3 TB(0.6%)

United States = 4.9 GB(0%)

Brazil = 4.2 GB(0%)

Netherlands Antilles = 1.5 GB(0%)

Other = 1.3 GB(0%)

Social Networking = 2331(34.1%)

Content Servers = 1713(25.1%)

Streaming Media and Download = 263(3.8%)

8.9% Internet Radio and TV = 172(2.5%)

Proxy Avoidance = 27(0.4%)

34.1% Entertainment = 13(0.2%)

Job Search = 5(0.1%)

Most Visited Websites

Most Active Web Users

administrador.servit 193 2.8% 00h 00m 00s N/A

Most Visited Web Sites by Most Active Users

Top Site to Site Tunnels by Bandwidth Usage

Top SSL and Dialup Users by Bandwidth Usage

Failed Admin Login Summary

You might also like