Alert Table for 2017-11-21-traffic-analysis-exercise-3-of-6.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
60.0 1158 172.16.103.77 63743 172.16.103.1 53 Potentially Bad Traffic ET DNS Query to a .tk domain - Likely Hostile 2
60.0 979 172.16.103.77 53942 172.16.103.1 53 Potentially Bad Traffic ET DNS Query to a .tk domain - Likely Hostile 2
61.0 1160 172.16.103.77 49177 162.244.35.33 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
61.0 1169 172.16.103.77 49178 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
62.0 1221 172.16.103.77 49180 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
62.0 1231 172.16.103.77 49179 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
62.0 1503 172.16.103.77 49182 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1510 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1512 172.16.103.77 49183 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1521 172.16.103.77 49182 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1526 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1532 172.16.103.77 49183 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1702 172.16.103.77 49182 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1703 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
64.0 1707 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
71.0 1722 162.244.35.33 80 172.16.103.77 49177 Exploit Kit Activity Detected ET EXPLOIT_KIT Possible Keitaro TDS Redirect 1
85.0 1790 172.16.103.77 49186 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
85.0 1820 172.16.103.77 49185 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
86.0 1851 172.16.103.77 49186 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
92.0 1857 172.16.103.77 49186 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
92.0 1866 162.244.35.36 80 172.16.103.77 49185 Executable code was detected ET INFO Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a 1
92.0 1866 162.244.35.36 80 172.16.103.77 49185 Misc activity ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 3
92.0 1866 162.244.35.36 80 172.16.103.77 49185 Misc activity ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 3
92.0 1879 172.16.103.77 49185 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
102.0 1892 162.244.35.36 80 172.16.103.77 49186 Executable code was detected ET INFO Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a 1
102.0 1892 162.244.35.36 80 172.16.103.77 49186 Misc activity ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1 3
102.0 1892 162.244.35.36 80 172.16.103.77 49186 Misc activity ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3 3