IP Address | Port | Hostname | |
---|---|---|---|
Source | (local) | 61511 | |
Destination | 8.8.8.8 (United States) | domain (53) |
Description:
- This rule is triggered when an HTTP GET request is observed on port 53.
- Port 53 is sometimes used as an egress port as firewalls commonly allow DNS traffic without alarming.
False Positive:
- YES
- This appears to be a misdirected advertising request. There are multiple event instances for the same request.
- None of the associated domains (original company (www.nationalbusinessfurniture.com) show any evidence of malicious hosting.
- Best guess is someone accidentally hard coded a link to 8.8.8.8:53 in the above site's advertising framework.
- As would be expected, 8.8.8.8 (google's public name servers) are listening on tcp port 53 as they are DNS servers, and immediately close the connection upon receiving HTTP traffic.
Action:
- None
Comments