Time: 2023-11-07T23:14:11Z Interface Direction: outbound Interface Name: eth1-02 Id: cd81ac1f-70e5-50c9-654a-c4c300030002 Sequencenum: 40 Client Type: Chrome Threat Prevention Policy: OEFA Threat Prevention Policy Date:2023-11-07T23:14:07Z Source: 172.17.18.112 Source Port: 5081 Destination Country: Brazil Destination: 89.116.213.208 Destination Port: 443 IP Protocol: 6 Session Identification Number:0x654ac4c3,0x30002,0x1fac81cd,0xc950e570 Protection Name: dga-VaEe8.TC.c152LYQZ Confidence Level: High Severity: Medium Malware Action: Communication with C&C site Protection Type: URL Reputation Threat Prevention Rule ID: 1483A53D-5A32-344D-94E2-3AC92E996DBA Protection ID: 0041424AB Vendor List: Check Point ThreatCloud Action Details: exception Log ID: 2 Proxied Source IP: 172.17.18.112 Scope: 172.17.18.112 User: Frank Bravo (fbravo) Source User Name: Frank Bravo (fbravo) Source Machine Name: lim-w0005@oefa.gob.pe Src User Dn: CN=Frank Bravo,OU=Infra,OU=OTI,OU=OE,DC=oe,DC=gob,DC=pe Session ID: 0 Method: GET Http Host: www.deamoefa.com User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Action: Detect Type: Log Policy Name: OE Policy Management: MGMT1 Db Tag: {87092066-13C7-024D-93DC-114412C2AE16} Policy Date: 2023-11-07T23:06:31Z Blade: Anti-Bot Origin: FW01 Service: TCP/443 Product Family: Threat Action: Inspect Resource: http://www.deamoefa.com/login Marker: @A@@B@1699398033@C@446212 Log Server Origin: 10.3.1.15 Origin Log Server IP: 10.3.1.15 Index Time: 2023-11-07T23:15:11Z Lastupdatetime: 1699398912000 Lastupdateseqnum: 40 Stored: true Suppressed Logs: 14 Sent Bytes: 78117 Received Bytes: 218953 Rounded Sent Bytes: 78080 Rounded Received Bytes: 218880 Interface: eth1-02 Description: 172.17.18.112 performed communication with c&c site that was detected Threat Profile: Optimized Bytes (sent\received): 76.3 KB \ 213.8 KB