Sign in
Follow

ET MALWARE Suspicious User Agent (Autoupdate)

 

 IP AddressPort Hostname
Source (local) 61143    
Destination 205.234.175.175 (United States) http (80)   vip1.g5.cachefly.net

 

Description:

  • This matches 'Autoupdate' in the User-Agent for an HTTP request.Description:

 

False Positive:

  • YES
  • In this particular instance, we see the Host: pointing to get.acclivitysoftware.com.
  • This is legitimate business software which just happens to use the User-Agent AutoUpdatePlusAgent as part of their automated update process.

Action:

  • none

Comments

Powered by Zendesk