I would investigate that machine to see what it was connecting to and determine if real or false positive.
The source Ip is my pfsense firewall WAN and that’s why I’m scared. I shodan and greynoise the destination Ip and don’t know what the results mean. I’m trying to figure this out but I’m at my skill levels end.
Run some scans on local machines.
What should I use and do you have instructions for the scan tool?
In pfsense go to “Diagnostics” then “pfTop” and in the filter expressions put in
host 195.22.26.248
to see what systems are connecting to that IP address. Also you can go to 'Diagnostics" and Packet Capture filtering for that IP to dig further into what data is going out.
Ok got it, thank Tom and all.
@hpspar05, check out this site… https://talosintelligence.com/reputation_center/lookup?search=195.22.26.248
I would create a specific firewall rule to block outbound traffic to that IP on your inside interface and log it.