Fortigate Security Analysis

Report Date: September 2, 2018 11:40

Data Range: 2018-08-26 00:00 2018-09-01 23:59 COT (FAZ local)

Fortinet Inc. All rights reserved. Created on: September 2, 2018 11:40
 Table of Contents

Bandwidth and Applications 3

Traffic Bandwidth 3
Number of Sessions 3
Top Applications by Bandwidth 3
Top Applications by Sessions 4
Top Users by Bandwidth 4
Top Users by Sessions 4
Top Destination by Bandwidth 5
Top Destination by Sessions 5
Traffic History by Number of Active Users 5

Web Usage 6
Top 20 Most Active Users 6
Top 20 Most Visited Categories 7
Top 50 Most Visited Sites 7
Top 10 Online Users 9
Top 10 Categories 9
Top 50 Sites By Browsing Time 9
Top 20 Bandwidth Users 11
Top 20 Categories By Bandwidth 11
Top 50 Sites (and Category) by Bandwidth 12
Top 20 Most Blocked Users 13
Top 20 Most Blocked Categories 14
Top 50 Most Blocked Sites 14

Emails 16
Top Senders by Number of Emails 16
Top Recipients by Number of Emails 16
Top Senders by Combined Email Size 16
Top Recipients by Combined Email Size 17

Threats 18
Malware Detected 18
Malware Victims 18
Malware Source 18
Botnet Detected 18
Botnet Victims 18
Botnet C&C 18
Intrusions Detected 19
Intrusion Victims 19
Intrusion Sources 19

VPN Usage 20
VPN Traffic Usage Trend 20
VPN User Logins 20
Authenticated Logins 20
Failed Login Attempts 20
Top Dial-up VPN Users 20
Top Sources of SSL VPN Tunnels by Bandwidth 21
Top SSL VPN Tunnel Users by Bandwidth 21
Top SSL VPN Web Mode Users by Bandwidth 21
Top SSL VPN Users by Duration 21
Top Users of IPsec VPN Dial-up Tunnel by Bandwidth 21

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 1 of 23

 Top Site-to-Site IPsec Tunnels by Bandwidth 21
Top Dial-up IPsec Tunnels by Bandwidth 21
Top Dial-up IPsec Users by Bandwidth 21
Top Dial-up IPsec Users by Duration 21

Appendix A 23
Devices 23

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 2 of 23

Bandwidth and Applications
Traffic Bandwidth
Sent

6 GB
4 GB
2 GB
0
2 GB
Received

4 GB
6 GB
0

0
:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0
00

12

00

12

00

12

00

12

00

12

00

12

00

12
6

1
-2

-2

-2

-2

-2

-2

-2

-2

-3

-3

-3

-3

-0

-0
08

08

08

08

08

08

08

08

08

08

08

08

09

09
Number of Sessions

60 K
Number of Sessions

45 K

30 K

15 K

0
0

0
:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0
00

12

00

12

00

12

00

12

00

12

00

12

00

12
6

1
-2

-2

-2

-2

-2

-2

-2

-2

-3

-3

-3

-3

-0

-0
08

08

08

08

08

08

08

08

08

08

08

08

09

09

Top Applications by Bandwidth

# Application Bandwidth Sent Received
1 MS.Windows.Update 36.35 GB
2 HTTPS.BROWSER 21.54 GB
3 Gmail 18.50 GB
4 Facebook 9.95 GB
5 Google.Accounts 5.91 GB
6 HTTP.BROWSER 5.61 GB
7 YouTube 5.38 GB
8 Google.Services 4.38 GB
9 QUIC 3.63 GB
10 HTTP 3.50 GB

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 3 of 23

Top Applications by Sessions
# Application Sessions
1 DNS 1,107,552
2 HTTP.BROWSER 405,124
3 HTTPS.BROWSER 370,216
4 SIP 217,667
5 QUIC 174,856
6 HTTP 106,317
7 MYSQL 103,651
8 Google.Services 76,605
9 HTTPS 70,879
10 SSH 61,273

Top Users by Bandwidth

# User(or IP) Bandwidth Sent Received
1 192.168.50.88 8.70 GB
2 192.168.50.65 7.64 GB
3 192.168.50.166 7.61 GB
4 192.168.50.63 7.35 GB
5 192.168.50.86 6.42 GB
6 192.168.50.103 6.06 GB
7 192.168.50.108 5.01 GB
8 192.168.50.167 4.84 GB
9 192.168.50.186 4.41 GB
10 192.168.50.121 3.92 GB

Top Users by Sessions

# User (or IP) Sessions
1 192.168.50.250 568,583
2 192.168.60.100 215,320
3 192.168.50.254 103,443
4 52.26.118.44 98,729
5 192.168.50.234 81,789
6 192.168.50.64 69,785
7 192.168.50.166 61,445
8 192.168.50.128 61,064
9 192.168.50.65 58,135
10 192.168.50.115 48,985

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 4 of 23

Top Destination by Bandwidth
# Hostname(or IP) Bandwidth Sent Received
1 microsoft.com 13.48 GB
2 google.com 12.79 GB
3 windowsupdate.com 12.52 GB
4 fbcdn.net 7.89 GB
5 googlevideo.com 4.21 GB
6 whatsapp.net 3.19 GB
7 205.185.216.10 2.91 GB
8 190.95.226.56 2.85 GB
9 205.185.216.42 2.59 GB
10 cloudfront.net 2.53 GB

Top Destination by Sessions

# Hostname(or IP) Sessions
1 208.67.222.222 486,387
2 sysaidit.com 251,318
3 4.2.2.3 251,175
4 190.155.220.98 214,769
5 4.2.2.4 140,942
6 190.95.226.53 137,621
7 8.8.8.8 123,946
8 google.com 88,398
9 4.2.2.2 86,641
10 kobramymtravel.com 70,609

Traffic History by Number of Active Users

Active Users

400

300

200

100

0
0

0
:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0
00

12

00

12

00

12

00

12

00

12

00

12

00

12
6

1
-2

-2

-2

-2

-2

-2

-2

-2

-3

-3

-3

-3

-0

-0
08

08

08

08

08

08

08

08

08

08

08

08

09

09

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 5 of 23

Web Usage
Top 20 Most Active Users
# User (or IP) Requests
1 192.168.50.84 57,146
2 192.168.50.64 44,274
3 192.168.50.88 39,995
4 192.168.50.166 38,419
5 192.168.50.128 35,469
6 192.168.50.115 27,482
7 192.168.50.189 24,817
8 192.168.50.173 23,540
9 192.168.50.121 21,428
10 192.168.50.111 21,004
11 192.168.50.116 20,791
12 192.168.50.114 20,657
13 192.168.50.182 20,203
14 192.168.50.186 20,174
15 192.168.50.167 19,207
16 192.168.50.122 18,911
17 192.168.50.126 17,984
18 192.168.50.180 17,656
19 192.168.50.164 17,324
20 192.168.50.172 17,100

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 6 of 23

Top 20 Most Visited Categories
# Category Requests
1 Information Technology 453,449
2 Unrated 72,194
3 Search Engines and Portals 70,336
4 Web Hosting 52,219
5 Advertising 49,753
6 Content Servers 34,980
7 Business 28,280
8 Web-based Email 25,262
9 Travel 24,965
10 Government and Legal Organizations 18,293
11 Social Networking 14,661
12 Information and Computer Security 14,632
13 Internet Telephony 9,717
14 Instant Messaging 6,076
15 Freeware and Software Downloads 5,472
16 News and Media 5,334
17 File Sharing and Storage 5,324
18 Finance and Banking 5,014
19 Streaming Media and Download 4,191
20 Meaningless Content 3,804

Top 50 Most Visited Sites

# Website Category Requests
1 mym2013.sysaidit.com Information Technology 230,181
2 tlu.dl.delivery.mp.microsoft.com Information Technology, Web Hosting 82,030
3 kobramymtravel.com Unrated 70,749
4 mail.google.com Web-based Email 17,792
5 *.sysaidit.com Information Technology 16,274
6 download.windowsupdate.com Information Technology, Web Hosting 12,710
7 otf.msn.com Search Engines and Portals 12,413
8 nym1-ib.adnxs.com Advertising 7,849
9 cel.sri.gob.ec Government and Legal Organizations 7,540
10 www.am1.sellingplatformconnect.amad Travel 6,686
eus.com
11 clients3.google.com Information Technology, Search Engines 6,069
and Portals, Web Hosting
12 sut.trabajo.gob.ec Government and Legal Organizations 5,911
13 185.172.110.39 Web Hosting 5,692
14 img-s-msn-com.akamaized.net Content Servers 5,672
15 chatenabled.mail.google.com Web-based Email 4,959
16 ib.adnxs.com Advertising, Information Technology 4,896
17 static-global-s-msn-com.akamaized.net Content Servers 4,895
18 ocsp.digicert.com Information Technology, Information 4,791
and Computer Security
19 play.google.com Freeware and Software Downloads 4,391

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 7 of 23

# Website Category Requests
20 www.google.com Business, Search Engines and Portals 4,377

21 d2dn7ylrd9r3ds.cloudfront.net Content Servers 4,211

22 static.asm.skype.com Internet Telephony 3,820
23 au.download.windowsupdate.com Information Technology, Web Hosting 3,402
24 static-asm.secure.skypeassets.com Content Servers 3,393
25 ping.chartbeat.net Information Technology 3,367
26 www.googleapis.com Information Technology, Search Engines 3,097
and Portals
27 mobile.pipe.aria.microsoft.com Information Technology 3,044
28 clients6.google.com Search Engines and Portals 2,819
29 crl.microsoft.com Information and Computer Security, 2,773
Shopping
30 www.mymtravel.com Travel 2,576
31 m.adnxs.com Advertising 2,473
32 browser.pipe.aria.microsoft.com Information Technology 2,378
33 ssl.gstatic.com Information Technology, Search Engines 2,377
and Portals
34 storage.googleapis.com Content Servers 2,335
35 mediasolutions.amadeus.net Travel 2,221
36 landing.chekeando.com Information Technology 2,126
37 safebrowsing.googleapis.com Information Technology, Search Engines 2,041
and Portals
38 ads.virtuallythere.com Information Technology, Travel 1,995
39 c.msn.com Search Engines and Portals 1,940
40 settings-win.data.microsoft.com Information Technology 1,925
41 traffic.new-access.net Information Technology 1,815
42 www.facebook.com Other Adult Materials, Social 1,804
Networking
43 dyn.web.whatsapp.com Web Chat 1,786
44 nmstelco2.telconet.net Information Technology 1,785
45 clients4.google.com Search Engines and Portals, Web 1,779
Hosting
46 login.live.com Search Engines and Portals 1,757
47 www.msn.com Search Engines and Portals 1,753
48 pcdlnv-key.s3.amazonaws.com Information Technology 1,702
49 eusbn1-client-s.gateway.messenger.live Instant Messaging 1,701
.com
50 nexusrules.officeapps.live.com Information Technology 1,618

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 8 of 23

Top 10 Online Users
# User (or IP) Browsing Time(hh:mm:ss)
1 192.168.50.64 54:38:57
2 192.168.50.92 53:29:02
3 192.168.50.166 44:08:30
4 192.168.50.121 37:12:38
5 192.168.50.65 36:03:55
6 192.168.50.180 33:44:26
7 192.168.50.189 33:41:34
8 192.168.50.173 32:16:06
9 192.168.50.84 31:53:29
10 192.168.50.182 31:15:49

Top 10 Categories
# Category Browsing Time(hh:mm:ss)
1 Information Technology 103:33:09
2 Web-based Email 101:03:35
3 Search Engines and Portals 56:23:58
4 Business 43:27:12
5 Information and Computer Security 43:09:17
6 Instant Messaging 42:49:43
7 Social Networking 41:22:22
8 Travel 37:48:54
9 Web Hosting 32:54:40
10 Web-based Applications 25:48:15

Top 50 Sites By Browsing Time

# Sites Category Browsing Time(hh:mm:ss)
1 mail.google.com Web-based Email 90:45:24
2 chatenabled.mail.google.com Web-based Email 60:03:39
3 mym2013.sysaidit.com Information Technology 53:17:47
4 safebrowsing.googleapis.com Information Technology, Search 44:22:59
Engines and Portals
5 www.google.com Business, Search Engines and 40:42:31
Portals
6 www.googleapis.com Information Technology, Search 39:18:52
Engines and Portals
7 mobile.pipe.aria.microsoft.com Information Technology 38:01:42
8 clients6.google.com Search Engines and Portals 37:52:15
9 www.am1.sellingplatformconnect.ama Travel 37:03:24
deus.com
10 browser.pipe.aria.microsoft.com Information Technology 33:58:14
11 ssl.gstatic.com Information Technology, Search 32:06:36
Engines and Portals
12 people-pa.clients6.google.com Search Engines and Portals 31:09:15
13 clients4.google.com Search Engines and Portals, Web 31:02:25
Hosting

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 9 of 23

# Sites Category Browsing Time(hh:mm:ss)
14 www.vtc-online.ec Business 30:10:25

15 crl.microsoft.com Information and Computer Security, 29:53:42

Shopping
16 eusbn1-client-s.gateway.messenger.live Instant Messaging 28:55:16
.com
17 notifications.google.com Search Engines and Portals, Web 28:39:25
Hosting
18 play.google.com 27:12:00
19 nexusrules.officeapps.live.com Information Technology 26:36:42
20 static-asm.secure.skypeassets.com 25:40:50
21 www.facebook.com Other Adult Materials, Social 25:21:24
Networking
22 crl.globalsign.net Information Technology, 25:03:29
Information and Computer Security
23 clientservices.googleapis.com Information Technology, Search 24:17:36
Engines and Portals
24 static.asm.skype.com 23:46:18
25 scvpn.havail.sabre.com Information Technology 23:19:12
26 www.google.com.ec Search Engines and Portals 23:16:07
27 ping.chartbeat.net Information Technology 23:05:20
28 beacons.gcp.gvt2.com Search Engines and Portals 23:05:10
29 ocsp.digicert.com Information Technology, 22:46:01
Information and Computer Security
30 gm1.ggpht.com Search Engines and Portals 22:11:48
31 www.gstatic.com Search Engines and Portals 22:07:50
32 ogs.google.com Search Engines and Portals, Web 22:01:43
Hosting
33 v10.vortex-win.data.microsoft.com Information Technology 22:00:26
34 login.live.com Search Engines and Portals 21:56:37
35 sb.scorecardresearch.com Information Technology 21:11:18
36 client-s.gateway.messenger.live.com Instant Messaging 20:36:44
37 client-office365-tas.msedge.net Information Technology 20:32:49
38 apis.google.com Search Engines and Portals, Web 19:29:32
Hosting
39 www.bing.com Search Engines and Portals 19:27:34
40 csi.gstatic.com Search Engines and Portals 19:12:13
41 settings-win.data.microsoft.com Information Technology 19:06:40
42 secure.livechatinc.com Information Technology 18:23:30
43 adservice.google.com Search Engines and Portals 18:21:06
44 graph.facebook.com Social Networking 18:18:33
45 spclient.wg.spotify.com Internet Radio and TV 18:05:11
46 adservice.google.com.ec Search Engines and Portals 17:47:25
47 *.sysaidit.com Information Technology 17:42:31
48 outlook.live.com Web-based Email 17:29:42
49 accounts.google.com Search Engines and Portals 17:25:57
50 otf.msn.com Search Engines and Portals 16:56:11

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 10 of 23

Top 20 Bandwidth Users
# User (or IP) Bandwidth
1 192.168.50.88 8.62 GB
2 192.168.50.166 6.87 GB
3 192.168.50.86 6.42 GB
4 192.168.50.65 4.45 GB
5 192.168.50.167 4.14 GB
6 192.168.50.186 3.31 GB
7 192.168.50.115 2.72 GB
8 192.168.50.111 2.53 GB
9 192.168.50.69 2.13 GB
10 192.168.50.61 2.03 GB
11 192.168.50.64 1.92 GB
12 192.168.50.109 1.87 GB
13 192.168.50.114 1.73 GB
14 192.168.50.63 1.67 GB
15 192.168.50.168 1.46 GB
16 192.168.50.84 1.42 GB
17 192.168.50.137 1.38 GB
18 192.168.50.123 1.24 GB
19 192.168.50.127 1.17 GB
20 192.168.50.182 1.14 GB

Top 20 Categories By Bandwidth

# Category Bandwidth
1 Information Technology 25.66 GB
2 Social Networking 8.38 GB
3 Web Hosting 8.32 GB
4 Web-based Email 6.42 GB
5 Content Servers 5.67 GB
6 Streaming Media and Download 3.22 GB
7 Search Engines and Portals 2.61 GB
8 Instant Messaging 2.20 GB
9 Business 1.70 GB
10 Unrated 1.23 GB
11 File Sharing and Storage 1.21 GB
12 Travel 954.34 MB
13 Advertising 839.04 MB
14 Internet Radio and TV 502.31 MB
15 Other Adult Materials 462.02 MB
16 News and Media 428.60 MB
17 Government and Legal Organizations 382.78 MB
18 Shopping 373.39 MB
19 Internet Telephony 313.43 MB
20 Sports 292.02 MB

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 11 of 23

Top 50 Sites (and Category) by Bandwidth
# Site Category Bandwidth
1 tlu.dl.delivery.mp.microsoft.com Information Technology 7.44 GB
2 fg.ds.b1.download.windowsupdate.com Information Technology 6.85 GB
3 mail.google.com Web-based Email 6.11 GB
4 tlu.dl.delivery.mp.microsoft.com Web Hosting 4.65 GB
5 mail.google.com 4.31 GB
6 download.windowsupdate.com Information Technology 2.68 GB
7 download.windowsupdate.com Web Hosting 2.18 GB
8 d2dn7ylrd9r3ds.cloudfront.net Content Servers 2.16 GB
9 video.fuio9-1.fna.fbcdn.net Social Networking 2.09 GB
10 video.fgye1-1.fna.fbcdn.net Social Networking 1.89 GB
11 mmg-fna.whatsapp.net Instant Messaging 1.28 GB
12 kobramymtravel.com Unrated 1.21 GB
13 mmg-fna.whatsapp.net Social Networking 847.51 MB
14 download.microsoft.com Information Technology 824.41 MB
15 pbs.twimg.com Content Servers 822.21 MB
16 wetransfer-us-prod-outgoing.s3.amazo 771.63 MB
naws.com
17 video.twimg.com Social Networking 762.08 MB
18 liveidtvla-a.akamaihd.net Content Servers 669.85 MB
19 185.172.110.39 Web Hosting 640.33 MB
20 iosapps.itunes.apple.com Streaming Media and Download 633.50 MB
21 scontent.fgye1-1.fna.fbcdn.net Social Networking 556.82 MB
22 clients6.google.com Search Engines and Portals 552.80 MB
23 www.am1.sellingplatformconnect.amad 549.16 MB
eus.com
24 download1.operacdn.com Business 512.54 MB
25 scontent.fuio9-1.fna.fbcdn.net Social Networking 490.75 MB
26 instagram.fgye1-1.fna.fbcdn.net Social Networking 467.98 MB
27 au.download.windowsupdate.com Web Hosting 421.10 MB
28 r1---sn-cvb7ln7e.googlevideo.com 410.33 MB
29 mym2013.sysaidit.com Information Technology 404.10 MB
30 au.download.windowsupdate.com Information Technology 396.47 MB
31 wetransfer-us-prod-outgoing.s3.amazo Information Technology 387.78 MB
naws.com
32 instagram.fuio9-1.fna.fbcdn.net Social Networking 383.46 MB
33 static.xx.fbcdn.net 349.29 MB
34 mirror.cedia.org.ec Information Technology 348.74 MB
35 clientupdates.dropboxstatic.com File Sharing and Storage 347.02 MB
36 www.facebook.com Other Adult Materials 336.56 MB
37 media.video-cdn.espn.com Streaming Media and Download 329.46 MB
38 eplayer2sp-vh.akamaihd.net Content Servers 327.35 MB
39 dl.pstmn.io Information Technology 326.64 MB
40 173.194.55.91 312.54 MB
41 200.110.121.18 298.44 MB
42 instagram.fuio9-1.fna.fbcdn.net 295.78 MB

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 12 of 23

# Site Category Bandwidth
43 video.fgye1-1.fna.fbcdn.net 295.34 MB

44 static.xx.fbcdn.net Social Networking 292.88 MB

45 i.pinimg.com 291.08 MB
46 drive.google.com File Sharing and Storage 284.14 MB
47 proxy-11.nyc.dailymotion.com Streaming Media and Download 276.90 MB
48 r5---sn-uxajvoxu-0pve.googlevideo.com 248.45 MB
49 endpoint920510.azureedge.net Web Hosting 247.94 MB
50 audio-fac.spotify.com Internet Radio and TV 247.50 MB

Top 20 Most Blocked Users

# User (or IP) Requests
1 192.168.50.119 234
2 192.168.50.166 75
3 192.168.50.121 67
4 192.168.50.114 62
5 192.168.50.186 60
6 192.168.50.159 31
7 192.168.50.189 14
8 192.168.50.176 14
9 192.168.50.107 14
10 192.168.50.105 12
11 192.168.50.128 12
12 192.168.50.112 9
13 192.168.50.174 9
14 192.168.50.158 8
15 192.168.50.118 7
16 192.168.50.167 5
17 192.168.50.169 5
18 192.168.50.70 5
19 192.168.50.131 4
20 192.168.50.178 4

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 13 of 23

Top 20 Most Blocked Categories
# Category Requests
1 Malicious Websites 390
2 Phishing 118
3 Pornography 59
4 Spam URLs 53
5 Illegal or Unethical 29
6 Other Adult Materials 23
7 Proxy Avoidance 13
8 Unrated 10
9 Dating 7
10 Drug Abuse 3
11 Nudity and Risque 1
12 Explicit Violence 1
13 Hacking 1

Top 50 Most Blocked Sites

# Website Category Requests
1 its.tradelab.fr Malicious Websites 233
2 xml.ppc.buzz Phishing 70
3 zukxd6fkxqn.com Malicious Websites 37
4 ads.avocet.io Malicious Websites 19
5 www.facebook.com Other Adult Materials 16
6 cc.adingo.jp Spam URLs 15
7 marketing.rfgrepresentaciones.com Spam URLs 14
8 api.retargetly.com Malicious Websites 13
9 cobalten.com Malicious Websites 13
10 c.adsco.re Malicious Websites 13
11 onclicksuper.com Illegal or Unethical 12
12 hqmedia.net Phishing 12
13 api.hsselite.com Proxy Avoidance 12
14 static3planetadelibroscom.cdnstatics.co Pornography 11
m
15 onclickmega.com Malicious Websites 11
16 nexdn.com Malicious Websites 11
17 link.navent.com Spam URLs 10
18 www.inkapelis.com Illegal or Unethical 9
19 static.inter1ads.com Pornography 8
20 segurosparaviaje.com Phishing 8
21 static1planetadelibroscom.cdnstatics.co Pornography 7
m
22 badoo.com Dating 7
23 kq6.famoussafeads.com Phishing 7
24 static2planetadelibroscom.cdnstatics.co Pornography 7
m
25 kobramymtravel.com Unrated 6

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 14 of 23

# Website Category Requests
26 www.adexchangeguru.com Spam URLs 6

27 go.mobisla.com Malicious Websites 6

28 nop.cloudz.pw Phishing 6
29 prm.europacash.com Pornography 5
30 www.bmurilloabogada.com Malicious Websites 5
31 biopichincha44.webcindario.com Phishing 4
32 www.spotify.com Other Adult Materials 4
33 www.madurasecuador.com Pornography 4
34 www.sjamaan.com Drug Abuse 3
35 static6planetadelibroscom.cdnstatics.co Pornography 3
m
36 mt.rtmark.net Malicious Websites 3
37 pcache-us1.tetoo.net Pornography 3
38 www.eurolatina.com.ec Malicious Websites 3
39 px.adhigh.net Malicious Websites 3
40 service.bandoobe.com Malicious Websites 3
41 social-api.toonblast.net Malicious Websites 3
42 www.maxim.com Other Adult Materials 2
43 www.estempore.com Malicious Websites 2
44 ver-pelis.me Illegal or Unethical 2
45 www-105.clickintext.net Illegal or Unethical 2
46 www.awin1.com Spam URLs 2
47 panel.followcampaign.com Phishing 2
48 mobpushup.com Malicious Websites 2
49 bolivariano.bumeran.com.ec Phishing 2
50 www.mlstat.com Phishing 2

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 15 of 23

Emails
Top Senders by Number of Emails
# Sender Number of Emails
1 192.168.50.162 447
2 192.168.90.54 217
3 192.168.50.180 169
4 192.168.50.107 145
5 89.163.142.60 125
6 37.49.224.206 118
7 192.168.50.189 115
8 81.30.158.205 90
9 192.168.50.103 39
10 192.168.50.182 32

Top Recipients by Number of Emails

# Recipient Number of Emails
1 [email protected] 844
2 192.168.50.166 264
3 192.168.50.103 199
4 122.228.10.50 28
5 115.236.61.205 24
6 192.168.50.122 21
7 192.168.50.190 14
8 37.49.224.75 12
9 172.104.105.194 9
10 172.104.89.98 9

Top Senders by Combined Email Size

# Sender Combined Email Size
1 192.168.50.162 119.15 MB
2 192.168.50.180 36.49 MB
3 192.168.50.189 30.79 MB
4 192.168.90.54 6.82 MB
5 [email protected] 6.33 MB
6 192.168.50.107 2.56 MB
7 192.168.50.103 592.87 KB
8 192.168.50.128 273.84 KB
9 192.168.50.182 257.74 KB
10 192.168.50.101 74.79 KB

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 16 of 23

Top Recipients by Combined Email Size
# Recipient Combined Email Size
1 [email protected] 30.09 MB
2 192.168.50.103 1.42 MB
3 192.168.50.166 1.27 MB
4 192.168.50.122 276.66 KB
5 10.252.98.70 17.88 KB
6 10.252.98.211 12.83 KB
7 192.168.50.190 3.55 KB

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 17 of 23

Threats
Malware Detected

No matching log data for this report

Malware Victims

No matching log data for this report

Malware Source

No matching log data for this report

Botnet Detected

No matching log data for this report

Botnet Victims

No matching log data for this report

Botnet C&C

No matching log data for this report

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 18 of 23

Intrusions Detected
# Attack Name Severity CVE-ID Counts
1 D-Link.DSL-2750B.CLI.OS.Co Critical 249
mmand.Injection
2 MS.IIS.WebDAV.PROPFIND.Sc Critical CVE-2017-7269 25
StoragePathFromUrl.Buffer.Over
flow
3 Bash.Function.Definitions.Re Critical CVE-2014-6271,CVE-2014- 12
mote.Code.Execution 6277,CVE-2014-6278,CVE-
2014-7169,CVE-2014-7186
,CVE-2014-7187
4 MS.IE.Scroll.Event.Remote.Co Critical CVE-2011-1993 11
de.Execution
5 Oracle.WebLogic.Server.wls- Critical CVE-2017-3506,CVE-2017- 2
wsat.Component.Code.Injection 10271
6 Zyxel.Router.nslookup.Comm Critical CVE-2017-6884 1
and.Injection
7 Dasan.GPON.Remote.Code.E Critical CVE-2018-10561,CVE-2018 1
xecution -10562
8 Joomla.Core.Session.Remote. Critical CVE-2015-8562 1
Code.Execution
9 MySQL.Login.Brute.Force high CVE-2012-2122 17
10 JAWS.DVR.CCTV.Shell.Unauth high 5
enticated.Command.Execution

Intrusion Victims
# Attack Victim Counts
1 192.168.90.53 91
2 192.168.90.54 79
3 192.168.90.51 76
4 192.168.90.52 67
5 192.168.50.180 11

Intrusion Sources
# Attack Source Counts
1 46.4.24.9 12
2 190.152.44.135 11
3 1.56.79.115 6
4 91.122.77.239 5
5 41.46.65.58 4
6 85.93.20.38 3
7 188.19.180.221 3
8 198.55.103.47 3
9 197.156.75.252 3
10 188.16.39.88 2

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 19 of 23

VPN Usage
VPN Traffic Usage Trend

SSL
50 MB
IPSEC
40 MB

30 MB

20 MB

10 MB

0
0

0
:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0
00

12

00

12

00

12

00

12

00

12

00

12

00

12
6

1
-2

-2

-2

-2

-2

-2

-2

-2

-3

-3

-3

-3

-0

-0
08

08

08

08

08

08

08

08

08

08

08

08

09

09
VPN User Logins
2
Users

0
0

0
:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0

:0
00

12

00

12

00

12

00

12

00

12

00

12

00

12
6

1
-2

-2

-2

-2

-2

-2

-2

-2

-3

-3

-3

-3

-0

-0
08

08

08

08

08

08

08

08

08

08

08

08

09

09

Authenticated Logins
Total Duration
# User Type First Used Total Number of Connections
Connected(HH:MM:SS)
1 mymtics9 ssl-tunnel 2018-08-31 16:02:09 4
02:17:47
2 mymtics ssl-tunnel 2018-08-31 07:47:10 1 00:16:30

Failed Login Attempts

No matching log data for this report

Top Dial-up VPN Users

Aggregated Dialed
# User Type First Used Aggregated Bytes
Time(hh:mm:ss)
1 mymtics9 ssl-tunnel 2018-08-31 16:02:09
02:17:47 59.08 MB
2 mymtics ssl-tunnel 2018-08-31 07:47:10 00:16:30 22.66 MB

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 20 of 23

Top Sources of SSL VPN Tunnels by Bandwidth
# Remote Host Bandwidth
1 181.199.43.237 59.06 MB
2 190.108.65.54 22.66 MB
3 190.11.247.146 18.18 KB
4 192.168.50.63 5.29 KB

Top SSL VPN Tunnel Users by Bandwidth

# User IP First Used Bandwidth Sent Received
1 mymtics9 181.199.43.237 2018-08-31 21:48:18 59.06 MB
2 mymtics 190.108.65.54 2018-08-31 07:47:10 22.66 MB
3 mymtics9 190.11.247.146 2018-08-31 16:04:10 18.18 KB
4 mymtics9 192.168.50.63 2018-08-31 16:02:09 5.29 KB

Top SSL VPN Web Mode Users by Bandwidth

No matching log data for this report

Top SSL VPN Users by Duration

# User Type Aggregated Dialed Time(HH:MM:SS) Aggregated Bytes
1 mymtics9 ssl-tunnel 02:17:47 59.08 MB
2 mymtics ssl-tunnel 00:16:30 22.66 MB

Top Users of IPsec VPN Dial-up Tunnel by Bandwidth

No matching log data for this report

Top Site-to-Site IPsec Tunnels by Bandwidth

No matching log data for this report

Top Dial-up IPsec Tunnels by Bandwidth

No matching log data for this report

Top Dial-up IPsec Users by Bandwidth

No matching log data for this report

Top Dial-up IPsec Users by Duration

No matching log data for this report

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 21 of 23

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 22 of 23
Appendix A
Devices
FGT100E-UIO-MYMTRAVEL

Fortigate Security Analysis - FortiAnalyzer Host Name: FAZ2kE-SG page 23 of 23