ISA49092 - Reporte Semanal - PC LINK S.A.C.-2023-10-02-0145 - 6513

ISA49092 - Reporte Semanal - PC LINK S.A.C.
Report Date: October 2, 2023 01:46

Data Range: 2023-09-25 00:00:00 2023-10-01 23:59:59COT (FAZ local)
Table of Contents
Bandwidth and Applications 2

Traffic Bandwidth 2
Number of Sessions 2
Top 20 Applications by Bandwidth 2
Top 20 Users by Bandwidth 2
Top 20 Destination by Bandwidth 3
Traffic History by Number of Active Users 3
Web Usage 4
Top 20 Most Active Users 4
Top 20 Most Visited Categories 4
Top 50 Most Visited Sites 5
Top 10 Online Users 5
Top 10 Categories 5
Top 50 Sites By Browsing Time 6
Top 20 Bandwidth Users 6
Top 20 Categories By Bandwidth 7
Top 50 Sites (and Category) by Bandwidth 7
Top 20 Most Blocked Users 8
Top 20 Most Blocked Categories 8
Top 50 Most Blocked Sites 8
Threats 9
Malware Detected 9
Malware Victims 9
Malware Source 9
Botnet Detected 9
Botnet Victims 9
Botnet C&C 9
Intrusions Detected 9
Intrusion Victims 10
Intrusion Sources 10
VPN Usage 11
VPN Traffic Usage Trend 11
Top SSL VPN Tunnel Users by Bandwidth 11
Top Site-to-Site IPsec Tunnels by Bandwidth 11
Top Dial-up IPsec Users by Bandwidth 11
Admin Login and System Events 12

Login Summary 12
Events by Severity 12
Events by Date 12
Critical Severity Events 12
High Severity Events 12
Appendix A 13
Devices (1) 13
ISA49092 - Reporte Semanal - PC LINK S.A.C. (by cgutierrez) - FortiAnalyzer Host Name: FAZ-2000E-IS-KRUMDIECK page 1 of 13
Bandwidth and Applications
Traffic Bandwidth
6GB
Sent
5GB
4GB
3GB
2GB
1GB
0
1GB
Received
2GB
3GB
4GB
5GB
6GB
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
5
1
-2
-2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
09
09
09
09
09
09
09
09
09
09
09
09
10
10
Number of Sessions
50K
Number of Sessions
40K
30K
20K
10K
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
5
1
-2
-2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
09
09
09
09
09
09
09
09
09
09
09
09
10
10
Top 20 Applications by Bandwidth
# Application Bandwidth Sent Received
1 HTTPS 26.40 GB
2 Akamai-CDN 12.17 GB
3 Edgio-CDN 9.35 GB
4 Microsoft-Web 7.57 GB
5 Google-Web 5.60 GB
6 Amazon-AWS 5.42 GB
7 Meta-Web 4.97 GB
8 POP3 4.96 GB
9 HTTP 4.29 GB
10 IMAPS 3.90 GB
11 Fastly-CDN 2.77 GB
12 Apple-Web 2.56 GB
13 POP3S 2.47 GB
14 Netflix-Web 2.11 GB
15 Amazon-Web 1.44 GB
16 Frontline-Frontline 1.27 GB
17 Cloudflare-CDN 1.20 GB
18 IMAP 623.84 MB
19 Microsoft-Outlook 439.55 MB
20 Zoom.us-Zoom.Meeting 439.33 MB
Top 20 Users by Bandwidth

# User (or IP) Source IP Bytes Sent Received
1 192.168.1.85 192.168.1.85 6.60 GB
2 192.168.1.100 192.168.1.100 5.92 GB
3 192.168.1.54 192.168.1.54 5.89 GB
4 192.168.1.56 192.168.1.56 5.04 GB
5 192.168.1.67 192.168.1.67 4.96 GB
6 192.168.1.106 192.168.1.106 4.91 GB
7 192.168.1.60 192.168.1.60 4.25 GB
8 192.168.1.88 192.168.1.88 4.15 GB
9 192.168.1.234 192.168.1.234 3.42 GB
10 192.168.1.66 192.168.1.66 3.09 GB
11 192.168.1.131 192.168.1.131 3.04 GB
12 192.168.1.82 192.168.1.82 2.98 GB
13 192.168.1.91 192.168.1.91 2.87 GB
14 192.168.1.103 192.168.1.103 2.58 GB
15 192.168.1.59 192.168.1.59 2.54 GB
16 192.168.1.70 192.168.1.70 2.54 GB
17 192.168.1.71 192.168.1.71 2.53 GB
18 192.168.1.109 192.168.1.109 2.51 GB
19 192.168.1.32 192.168.1.32 2.42 GB
20 192.168.1.104 192.168.1.104 2.34 GB
Top 20 Destination by Bandwidth
# Hostname(or IP) Bytes Sent Received
1 microsoft.com 20.65 GB
2 216.70.64.249 15.28 GB
3 starott.com 5.82 GB
4 138.255.98.135 5.18 GB
5 tiktokcdn.com 4.41 GB
6 mdstrm.com 4.14 GB
7 whatsapp.net 3.52 GB
8 aiv-cdn.net 3.35 GB
9 nflxvideo.net 2.89 GB
10 138.255.98.137 2.53 GB
11 138.255.98.134 2.17 GB
12 sfx.ms 1.96 GB
13 cloudfront.net 1.55 GB
14 gvt1.com 1.54 GB
15 fbcdn.net 1.50 GB
16 186.233.185.53 1.49 GB
17 apple.com 1.45 GB
18 akamaized.net 1.44 GB
19 191.98.131.208 1.42 GB
20 googleapis.com 1.37 GB
Traffic History by Number of Active Users
60
Active Users
45
30
15
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
5
1
-2
-2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
09
09
09
09
09
09
09
09
09
09
09
09
10
10
Web Usage
Top 20 Most Active Users
# User (or IP) Hostname Requests
1 192.168.1.96 192.168.1.96 249,599
2 192.168.1.109 192.168.1.109 31,492
3 192.168.1.71 192.168.1.71 20,822
4 192.168.1.73 192.168.1.73 18,813
5 192.168.1.234 192.168.1.234 17,623
6 192.168.1.67 192.168.1.67 16,249
7 192.168.1.85 192.168.1.85 14,069
8 192.168.1.173 192.168.1.173 13,561
9 192.168.1.63 192.168.1.63 13,426
10 192.168.1.56 192.168.1.56 13,205
11 192.168.1.106 192.168.1.106 13,121
12 192.168.1.54 192.168.1.54 12,438
13 192.168.1.99 192.168.1.99 11,550
14 192.168.1.153 192.168.1.153 11,541
15 192.168.1.66 192.168.1.66 11,463
16 192.168.1.8 192.168.1.8 11,441
17 192.168.1.83 192.168.1.83 11,438
18 192.168.1.72 192.168.1.72 11,405
19 192.168.1.82 192.168.1.82 11,180
20 192.168.1.101 192.168.1.101 11,089
Top 20 Most Visited Categories

# Category Requests
1 Information Technology 547,404
2 Search Engines and Portals 51,102
3 Social Networking 35,240
4 Advertising 28,018
5 Business 23,432
6 Instant Messaging 21,929
7 Content Servers 16,829
8 Information and Computer Security 14,134
9 Web Analytics 12,778
10 Streaming Media and Download 10,972
11 Web-based Applications 9,294
12 Finance and Banking 8,922
13 Meaningless Content 5,935
14 Freeware and Software Downloads 5,316
15 Shopping 5,294
16 Government and Legal Organizations 4,506
17 Online Meeting 4,188
18 Travel 3,860
19 File Sharing and Storage 3,479
20 Internet Telephony 3,184
Top 50 Most Visited Sites
# Website Category Requests
1 client.wns.windows.com Information Technology 250,948
2 4.tlu.dl.delivery.mp.microsoft.com Information Technology 19,969

4 download.windowsupdate.com Information Technology 13,639
5 analytics.apis.mcafee.com Information Technology 12,903
6 threat.api.mcafee.com Information Technology 7,946
7 self.events.data.microsoft.com Information Technology 7,523
8 v10.events.data.microsoft.com Information Technology 7,007
9 www.google.com Search Engines and Portals 5,616
10 1d.tlu.dl.delivery.mp.microsoft.com Information Technology 5,430
11 ctldl.windowsupdate.com Information Technology 5,194
12 graph.facebook.com Social Networking 5,035
13 dc1.ksn.kaspersky-labs.com Information Technology 5,016
14 array807.prod.do.dsp.mp.microsoft.c Information Technology 4,494
om
15 msedge.b.tlu.dl.delivery.mp.microsoft Information Technology 4,491
.com
16 audio-ak-spotify-com.akamaized.net Content Servers 4,336
17 assets.msn.com Search Engines and Portals 4,219
18 officeclient.microsoft.com Information Technology 4,010
19 dit.whatsapp.net Instant Messaging 3,780
20 edge.microsoft.com Information Technology 3,716
21 settings-win.data.microsoft.com Information Technology 3,608
22 ocsp.digicert.com Information and Computer Security 3,476
23 ds.kaspersky.com Information Technology 3,423
24 login.live.com Search Engines and Portals 3,246
25 edgedl.me.gvt1.com Information Technology 2,986
26 media.flim26-1.fna.whatsapp.net Instant Messaging 2,871
27 connectivitycheck.gstatic.com Information Technology 2,654
28 bam.nr-data.net Web Analytics 2,620
29 c.whatsapp.net Instant Messaging 2,604
30 roaming.officeapps.live.com Web-based Applications 2,531
31 dc1-file.ksn.kaspersky-labs.com Information Technology 2,523
32 dl.acronis.com Information Technology 2,344
33 web.whatsapp.com Web Chat 2,215
34 www.bing.com Search Engines and Portals 2,188
35 metrics.mdstrm.com Streaming Media and Download 2,182
36 ecs.office.com Information Technology 2,077
37 beacons.gcp.gvt2.com Search Engines and Portals 2,068
38 d.la5-c1-ia5.salesforceliveagent.com Information Technology 2,063
39 media-lim1-1.cdn.whatsapp.net Instant Messaging 1,927
40 teams.events.data.microsoft.com Information Technology 1,910
41 www.gstatic.com Search Engines and Portals 1,904
42 sadownload.mcafee.com Information and Computer Security 1,856
43 play.google.com Freeware and Software Downloads 1,852
44 vod-ftc-sa-west-2.media.starott.com Travel 1,840
45 v16m.tiktokcdn.com Social Networking 1,829
46 www.msftconnecttest.com Information Technology 1,746
48 mail.google.com Web-based Email 1,644
49 dc1-st.ksn.kaspersky-labs.com Information Technology 1,629
50 getgreenshot.org Freeware and Software Downloads 1,590
Top 10 Online Users

# User (or IP) Hostname Browsing Time(hh:mm:ss)
1 192.168.1.103 192.168.1.103 105:23:06
2 192.168.1.85 192.168.1.85 84:03:39
3 192.168.1.8 192.168.1.8 83:50:45
4 192.168.1.96 192.168.1.96 77:51:16
5 192.168.1.218 192.168.1.218 71:43:19
6 192.168.1.6 192.168.1.6 70:40:10
7 192.168.1.14 192.168.1.14 69:15:51
8 192.168.1.106 192.168.1.106 66:19:12
9 192.168.1.5 192.168.1.5 47:34:47
10 192.168.1.178 192.168.1.178 43:52:33
Top 10 Categories
# Category Browsing Time(hh:mm:ss)
1 Information Technology 151:18:49
2 Information and Computer Security 65:23:57
3 Search Engines and Portals 63:58:35
4 Web-based Email 57:44:41
5 Instant Messaging 50:50:19
6 Social Networking 42:34:03
7 Web-based Applications 36:49:52
8 Business 35:55:56
9 Web Analytics 33:33:13
10 Web Chat 28:48:42
Top 50 Sites By Browsing Time
# Sites Category Browsing Time(hh:mm:ss)
1 dc1.ksn.kaspersky-labs.com Information Technology 116:47:23
2 threat.api.mcafee.com Information Technology 107:28:39
3 dc1-st.ksn.kaspersky-labs.com Information Technology 84:29:48
4 client.wns.windows.com Information Technology 78:13:12
5 dc1-file.ksn.kaspersky-labs.com Information Technology 72:00:47
6 mail.google.com Web-based Email 56:44:50
7 self.events.data.microsoft.com Information Technology 55:06:17
8 array807.prod.do.dsp.mp.microsoft.c Information Technology 53:04:32
om
9 teams.events.data.microsoft.com Information Technology 38:50:44
10 edge.microsoft.com Information Technology 38:45:19
11 officeclient.microsoft.com Information Technology 38:20:30
12 ctldl.windowsupdate.com Information Technology 35:36:03
13 analytics.apis.mcafee.com Information Technology 35:11:45
14 kv801.prod.do.dsp.mp.microsoft.com Information Technology 32:42:03
15 nexusrules.officeapps.live.com Web-based Applications 29:07:32
16 web.whatsapp.com Web Chat 28:37:10
17 sadownload.mcafee.com Information and Computer 28:27:03
Security
18 ocsp.digicert.com Information and Computer 27:31:34
Security
19 dit.whatsapp.net Instant Messaging 26:13:34
20 assets.msn.com Search Engines and Portals 25:07:06
21 disc801.prod.do.dsp.mp.microsoft.co Information Technology 25:07:03
m
22 mmg.whatsapp.net Instant Messaging 24:45:02

23 media-lim1-1.cdn.whatsapp.net Instant Messaging 24:06:49
24 beacons.gcp.gvt2.com Search Engines and Portals 24:06:43
25 www.bing.com Search Engines and Portals 24:05:03
26 gateway.facebook.com Social Networking 23:59:19
27 fd.api.iris.microsoft.com Information Technology 20:51:04
28 ocsp.verisign.com Information and Computer 20:45:38
Security
29 www.gstatic.com Information Technology, Search 20:30:20
Engines and Portals
30 www.google.com Search Engines and Portals 20:24:13
31 graph.facebook.com Social Networking 20:06:29
32 telemetry-in.battle.net Games 19:48:49
33 browser.pipe.aria.microsoft.com Information Technology 18:51:43
34 functional.events.data.microsoft.com Information Technology 18:16:19
35 media.flim20-1.fna.whatsapp.net Instant Messaging 18:06:59
36 content-autofill.googleapis.com Information Technology 17:46:58
37 play.googleapis.com Information Technology 17:06:23
38 c.whatsapp.net Instant Messaging 17:01:57
39 x1.c.lencr.org Information and Computer 17:01:41
Security
40 www.googleapis.com Information Technology 16:51:08
41 bam.nr-data.net Web Analytics 16:48:08
42 ecs.office.com Information Technology 16:35:54
43 edge-mqtt.facebook.com Social Networking 16:33:52
44 fonts.gstatic.com Information Technology 16:21:46
45 safebrowsing.googleapis.com Information Technology 15:41:07
46 es-es.appex-rf.msn.com Search Engines and Portals 15:31:16
47 accounts.google.com Search Engines and Portals 15:19:50
48 finance.services.appex.bing.com Search Engines and Portals 15:15:27
49 webchat.keepcon.com Business 15:04:16
50 www.google-analytics.com Information Technology 15:02:29
Top 20 Bandwidth Users

# User (or IP) Hostname Bytes
1 192.168.1.100 192.168.1.100 5.78 GB
2 192.168.1.54 192.168.1.54 5.44 GB
3 192.168.1.67 192.168.1.67 4.70 GB
4 192.168.1.56 192.168.1.56 4.70 GB
5 192.168.1.106 192.168.1.106 3.56 GB
6 192.168.1.66 192.168.1.66 2.93 GB
7 192.168.1.91 192.168.1.91 2.76 GB
8 192.168.1.71 192.168.1.71 2.39 GB
9 192.168.1.70 192.168.1.70 2.38 GB
10 192.168.1.82 192.168.1.82 2.37 GB
11 192.168.1.109 192.168.1.109 2.22 GB
12 192.168.1.88 192.168.1.88 2.19 GB
13 192.168.1.60 192.168.1.60 2.02 GB
14 192.168.1.96 192.168.1.96 1.92 GB
15 192.168.1.153 192.168.1.153 1.85 GB
16 192.168.1.74 192.168.1.74 1.73 GB
17 192.168.1.73 192.168.1.73 1.52 GB
18 192.168.1.102 192.168.1.102 1.48 GB
19 192.168.1.108 192.168.1.108 1.47 GB
20 192.168.1.234 192.168.1.234 1.32 GB
Top 20 Categories By Bandwidth
# Category Bytes
1 Information Technology 33.18 GB
2 Streaming Media and Download 9.89 GB
3 Content Servers 7.31 GB
4 Social Networking 6.99 GB
5 Travel 5.94 GB
6 Instant Messaging 3.64 GB
7 File Sharing and Storage 3.00 GB
8 Finance and Banking 1.84 GB
9 Search Engines and Portals 1.50 GB
10 Business 1.09 GB
11 Games 710.15 MB
12 Shopping 669.92 MB
13 Online Meeting 643.58 MB
14 Advertising 599.09 MB
15 Government and Legal Organizations 371.67 MB
16 Information and Computer Security 366.43 MB
17 Entertainment 248.74 MB
18 Web-based Email 242.42 MB
19 Education 233.37 MB
20 Web-based Applications 233.02 MB
Top 50 Sites (and Category) by Bandwidth

# Site Category Bytes
1 4.tlu.dl.delivery.mp.microsoft.com Information Technology 7.63 GB
2 1d.tlu.dl.delivery.mp.microsoft.com Information Technology 5.15 GB
4 vod-ftc-sa-west-2.media.starott.com Travel 3.41 GB
5 s3-gru-ww.cf.dash.row.aiv-cdn.net Content Servers 2.97 GB
6 v16m.tiktokcdn.com Social Networking 2.72 GB
7 mmg.whatsapp.net Instant Messaging 2.04 GB
8 oneclient.sfx.ms File Sharing and Storage 1.98 GB
9 ipv4-c003-lim001-optical-pe-isp.1.oca. Streaming Media and Download 1.98 GB
nflxvideo.net
10 edgedl.me.gvt1.com Information Technology 1.44 GB
11 iosapps.itunes.apple.com Streaming Media and Download 1.37 GB
12 audio-ak-spotify-com.akamaized.net Content Servers 1.31 GB
13 scontent.flim26-1.fna.fbcdn.net Social Networking 1.28 GB
14 190.98.161.90 1.24 GB
15 us-b5-p-e-wo1.cdn.mdstrm.com Streaming Media and Download 1.22 GB
16 client.wns.windows.com Information Technology 1.22 GB
18 us-b4-p-e-cg11.cdn.mdstrm.com Streaming Media and Download 1.17 GB
20 live-ftc-sa-west-2.media.starott.com Travel 1.07 GB
21 edge-126.usmia1.icloud-content.com Information Technology 1.07 GB
22 msedge.b.tlu.dl.delivery.mp.microsoft Information Technology 1.06 GB
.com
23 duu3u24s46ipa.cloudfront.net Content Servers 1.06 GB
24 v77.tiktokcdn.com Social Networking 1.02 GB
25 ipv4-c002-lim001-optical-pe-isp.1.oca. Streaming Media and Download 916.08 MB
nflxvideo.net
26 us-b4-p-e-zs14.cdn.mdstrm.com Streaming Media and Download 884.54 MB
27 gcs-us-00003.content-storage-upload. File Sharing and Storage 806.37 MB
googleapis.com
28 www.tlcbcp.com Finance and Banking 794.53 MB
29 live-akc-sa-west-2.media.starott.com Travel 778.27 MB
30 media.flim26-1.fna.whatsapp.net Instant Messaging 730.40 MB
31 download.mcafee.com Information Technology 637.02 MB
32 us-b4-p-e-mg17.cdn.mdstrm.com Streaming Media and Download 621.47 MB
33 vod-akc-sa-west-2.media.starott.com Travel 590.87 MB
34 loginunico.viabcp.com Finance and Banking 588.12 MB
35 b.c2r.ts.cdn.office.net Information Technology 520.69 MB
36 agsupdate.adobe.com Information Technology 485.65 MB
37 190.98.161.115 467.07 MB
38 191.98.136.147 425.61 MB
39 rr3---sn-v2upj5aoxu-aphs.googlevide Streaming Media and Download 424.79 MB
o.com
40 sf16-geckocdn.tiktokcdn.com Social Networking 406.84 MB
41 rr1---sn-v2upj5aoxu-aphl.googlevideo Streaming Media and Download 405.31 MB
.com
42 157.240.197.60 350.67 MB
43 18.64.171.221 317.87 MB
44 d3krdjs7is1y42.cloudfront.net Content Servers 317.18 MB
45 media-gru1-1.cdn.whatsapp.net Instant Messaging 311.05 MB
46 assets.msn.com Search Engines and Portals 303.03 MB
47 client-update.akamai.steamstatic.co Games 299.31 MB
m
48 hpconnect.hpcloud.hp.com Information Technology 294.72 MB
49 media-lim1-1.cdn.whatsapp.net Instant Messaging 263.28 MB
50 zoomiadlx187mmr.iad.zoom.us Online Meeting 240.31 MB
Top 20 Most Blocked Users
# User (or IP) Hostname Requests
1 192.168.1.77 192.168.1.77 906
2 192.168.1.109 192.168.1.109 295
3 192.168.1.108 192.168.1.108 269
4 192.168.1.61 192.168.1.61 258
5 192.168.1.99 192.168.1.99 256
6 192.168.1.96 192.168.1.96 219
7 192.168.1.105 192.168.1.105 167
8 192.168.1.56 192.168.1.56 161
9 192.168.1.91 192.168.1.91 152
10 192.168.1.163 192.168.1.163 146
11 192.168.1.82 192.168.1.82 109
12 192.168.1.101 192.168.1.101 102
13 192.168.1.107 192.168.1.107 80
14 192.168.1.102 192.168.1.102 70
15 192.168.1.57 192.168.1.57 62
16 192.168.1.173 192.168.1.173 50
17 192.168.1.75 192.168.1.75 50
18 192.168.1.90 192.168.1.90 38
19 192.168.1.110 192.168.1.110 36
20 192.168.1.97 192.168.1.97 34
Top 20 Most Blocked Categories

# Category Requests
1 Unrated 2,166
2 Dating 1,148
3 Hacking 1,015
4 Proxy Avoidance 300
5 Gambling 81
6 Phishing 68
7 Malicious Websites 52
8 Other Adult Materials 48
9 Advocacy Organizations 23
10 Alcohol 22
11 Pornography 17
12 Newly Registered Domain 15
13 Spam URLs 6
14 Newly Observed Domain 3
Top 50 Most Blocked Sites

# Website Category Requests
1 eu1[dot]badoo[dot]com Dating 440
2 supapush[dot]net Hacking 203
3 image[dot]mail[dot]promart-agora[d Unrated 135
ot]pe
4 *[dot]badoo[dot]app Dating 134
5 p[dot]rfihub[dot]com Hacking 131
6 omnatuor[dot]com Hacking 123
7 pepepush[dot]net Hacking 105
8 us1[dot]badoocdn[dot]com Dating 86
9 148[dot]153[dot]17[dot]80 Unrated 81
12 api[dot]gotinder[dot]com Dating 39
16 clientapi[dot]appamx[dot]com Unrated 27
17 mask-h2[dot]icloud[dot]com Proxy Avoidance 22
18 www[dot]pilsencallao[dot]com[dot]p Alcohol 20
e
19 imgmedia[dot]elpopular[dot]pe Other Adult Materials 20
21 www[dot]manhwas[dot]net Pornography 17
22 fedapush[dot]net Hacking 16
Threats
Malware Detected
No matching log data for this report
Malware Victims
Malware Source
Botnet Detected
# Botnet Name Counts
1 Mirai.Botnet 4
2 SystemBC.Botnet 3
3 Gh0st.Rat.Botnet 2
4 Bladabindi.Botnet 1
Botnet Victims
# Victim Name (or IP) Counts
1 1.23.114.2 3
2 66.240.205.34 2
3 159.203.80.159 1
4 164.52.36.213 1
5 206.189.228.37 1
6 159.65.15.219 1
7 103.83.144.161 1
Botnet C&C
# C&C IP Hostname Counts
1 192.168.1.7 4
2 192.168.1.7 127[dot]0[dot]0[dot]1 3
3 192.168.1.7 190[dot]12[dot]86[dot]20 3
Intrusions Detected
# Attack Name Severity CVE-ID Counts
1 Backdoor.DoublePulsar Critical 130
2 PHPUnit.Eval-stdin.PHP.Re Critical CVE-2017-9841 13
mote.Code.Execution
3 Apache.Log4j.Error.Log.Re Critical CVE-2021-4104,CVE-2021 6
mote.Code.Execution -44228,CVE-2021-45046
4 MS.Windows.HTTP.sys.Req Critical CVE-2015-1635 3
uest.Handling.Remote.Code.Ex
ecution
5 Gh0st.Rat.Botnet Critical 2
6 Bladabindi.Botnet Critical 1
7 D-Link.DSL-2750B.CLI.OS.C Critical CVE-2016-20017 1
ommand.Injection
8 MS.Windows.HTTP.sys.UlpP Critical CVE-2021-31166 1
arseAcceptEncoding.Use.After.
Free
9 Multiple.Routers.GPON.for High 36
mLogin.Remote.Command.Inje
ction
10 Generic.XXE.Detection High CVE-2012-3363,CVE-2013 6
-4295,CVE-2013-5015,CV
E-2014-3490,CVE-2016-9
563,CVE-2018-8527,CVE-
2018-8532,CVE-2018-853
3,CVE-2019-0537,CVE-20
19-0948,CVE-2019-2647,
CVE-2019-2648,CVE-2019
-2649,CVE-2019-2650,CV
E-2020-0765,CVE-2021-2
400,CVE-2022-1018,CVE-
2018-13415,CVE-2018-13
416,CVE-2018-13417,CVE
-2018-15444,CVE-2018-1
8471,CVE-2019-17554,CV
E-2019-18227,CVE-2019-
18227,CVE-2020-15418,C
VE-2020-15419,CVE-2020
-26981,CVE-2021-21658,
CVE-2021-21659,CVE-202
1-21672,CVE-2021-29447
,CVE-2021-31207,CVE-20
22-24463,CVE-2022-2821
9,CVE-2022-43473,CVE-2
022-45468,CVE-2022-462
86,CVE-2022-46300
Intrusion Victims
# Attack Victim Counts
1 192.168.1.7 46
Intrusion Sources
# Attack Source Counts
1 192.168.1.17 279
2 83.97.73.87 24
3 95.214.55.115 8
4 193.35.18.31 7
5 95.214.55.244 6
6 45.88.90.113 6
7 45.88.90.116 5
8 45.88.90.111 5
9 192.168.1.131 4
10 103.127.78.55 4
VPN Usage
VPN Traffic Usage Trend
1B
SSL
IPSEC
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
5
1
-2
-2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
09
09
09
09
09
09
09
09
09
09
09
09
10
10
Top SSL VPN Tunnel Users by Bandwidth
# User IP First Used Bytes Sent Received
1 soporteds 190.107.183.174 2023-09-28 15:03:44 13.93 MB
2 soporteds 38.25.15.115 2023-09-28 10:45:59 2.42 MB
Top Site-to-Site IPsec Tunnels by Bandwidth
Top Dial-up IPsec Users by Bandwidth
Admin Login and System Events
Login Summary
Events by Severity
93.33% Info (14)

6.67% Low (1)
Events by Date
1
Critical
High
Medium
0
0
0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
:0
00
12
00
12
00
12
00
12
00
12
00
12
00
12
5
1
-2
-2
-2
-2
-2
-2
-2
-2
-2
-2
-3
-3
-0
-0
09
09
09
09
09
09
09
09
09
09
09
09
10
10
Critical Severity Events
High Severity Events
Appendix A
Devices (1)
K-IS-BLADE10[ISA49092]

ISA49092 - Reporte Semanal - PC LINK S.A.C.-2023-10-02-0145 - 6513

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ISA49092 - Reporte Semanal - PC LINK S.A.C.-2023-10-02-0145 - 6513

Uploaded by

Copyright:

Available Formats

ISA49092 - Reporte Semanal - PC LINK S.A.C.

Report Date: October 2, 2023 01:46

Bandwidth and Applications 2

Admin Login and System Events 12

Top 20 Users by Bandwidth

Traffic History by Number of Active Users

Top 20 Most Visited Categories

3 3.tlu.dl.delivery.mp.microsoft.com Information Technology 13,891

Top 10 Online Users

22 mmg.whatsapp.net Instant Messaging 24:45:02

Top 20 Bandwidth Users

Top 50 Sites (and Category) by Bandwidth

Top 20 Most Blocked Categories

Top 50 Most Blocked Sites

No matching log data for this report

No matching log data for this report

No matching log data for this report

Top Site-to-Site IPsec Tunnels by Bandwidth

No matching log data for this report

Top Dial-up IPsec Users by Bandwidth

No matching log data for this report

No matching log data for this report

93.33% Info (14)

No matching log data for this report

High Severity Events

No matching log data for this report

You might also like