SUC017 : WEB Proxy CONNECT Request

  • Use Case Reference : SUC017
  • Use Case Title : Web Proxy CONNECT Request
  • Use Case Detection : IDS / HTTP logs
  • Attacker Class : Opportunists
  • Attack Sophistication : Unsophisticated
  • Identified tool(s) : No
  • Source IP(s) : Random
  • Source Countries : Random
  • Source Port(s) : Random
  • Destination Port(s) : 80/TCP
Possible(s) correlation(s) :
  • Apache web open proxy scans

Source(s) :

We have detect some increasing Web Proxy CONNECT Request from Russia. Majority of the source IPs are from 95.24.0.0/13 CORBINA-BROADBAND. As you can see in the yearly events graph, we have around 7 more time scans events than previous months. Also the monthly TOP 10 source IPs graph show us that all the IPs are coming from the same range located in Russia.

 

1 month SIG 2001675 IDS Events
1 month SIG 2001675 IDS Events

 

1 year SIG 2001675 IDS Events
1 year SIG 2001675 IDS Events
1 Month TOP 10 source IPs for SIG 2001675
1 Month TOP 10 source IPs for SIG 2001675
TOP 20 source countries for SIG 2001675
TOP 20 source countries for SIG 2001675