NF – Punycode domain lookup to COM,DK domains
This alert is triggered when a client initiates an SSL/TLS connection (typically on port 443) to an external server, and the certificate contains a domain name using Punycode that translates to .com or .dk. Punycode encoding is used in internationalized domain names, but it can also be exploited in phishing attacks by creating visually similar domains
NF – Punycode COM ore DK domain used in certicifate
This alert is triggered when a DNS query from the internal network attempts to resolve a Punycode domain ending in .com or .dk. Punycode encoding is used in internationalized domain names, but it can also be exploited in phishing attacks by creating visually similar domains
NF – Bad TLD domain – site DNS query – Check domains
This alert is triggered when a DNS query is made from the home network to an external network for a domain ending with ".site"
NF – TLD domain – .cn DNS query
This alert is triggered when a DNS query is made from the home network to an external network for a domain ending with ".cn" (indicating a Chinese top-level domain)
NF – Web search engine – Yandex
This alert is triggered by traffic from the Yandex search engine.