This is probably a false positive since the source port is 80 (your webserver) and the destination port is a randomly generated one.
This means that suricata alerted on the response packet, the malicious ip is probably scanning the internet and hit your webserver.