CS Enterprise on cloudshark.org

Alert Table for 2017-11-21-traffic-analysis-exercise-3-of-6.pcap

Relative Time	Packet	Source	Source Port	Destination	Dest Port	Category	Rule Set	Signature	Severity
25.0	72	172.16.103.77	49158	172.217.0.234	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
26.0	83	172.16.103.77	49159	172.217.0.227	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
30.0	128	172.16.103.77	49160	172.217.0.228	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
52.0	286	172.16.103.77	49162	172.217.0.227	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
52.0	293	172.16.103.77	49163	172.217.0.227	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
60.0	1158	172.16.103.77	63743	172.16.103.1	53	Potentially Bad Traffic	ET DNS	Query to a .tk domain - Likely Hostile	2
60.0	979	172.16.103.77	53942	172.16.103.1	53	Potentially Bad Traffic	ET DNS	Query to a .tk domain - Likely Hostile	2
61.0	1160	172.16.103.77	49177	162.244.35.33	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
61.0	1169	172.16.103.77	49178	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
62.0	1221	172.16.103.77	49180	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
62.0	1231	172.16.103.77	49179	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
62.0	1247	172.16.103.77	49181	94.31.29.54	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
62.0	1503	172.16.103.77	49182	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1510	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1512	172.16.103.77	49183	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1521	172.16.103.77	49182	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1526	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1532	172.16.103.77	49183	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1702	172.16.103.77	49182	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1703	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
64.0	1707	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
71.0	1722	162.244.35.33	80	172.16.103.77	49177	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Possible Keitaro TDS Redirect	1
85.0	1790	172.16.103.77	49186	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
85.0	1807	172.16.103.77	49187	172.217.0.227	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
85.0	1820	172.16.103.77	49185	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
86.0	1851	172.16.103.77	49186	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
92.0	1857	172.16.103.77	49186	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
92.0	1866	162.244.35.36	80	172.16.103.77	49185	Executable code was detected	ET INFO	Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a	1
92.0	1866	162.244.35.36	80	172.16.103.77	49185	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M1	3
92.0	1866	162.244.35.36	80	172.16.103.77	49185	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M3	3
92.0	1879	172.16.103.77	49185	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
102.0	1892	162.244.35.36	80	172.16.103.77	49186	Executable code was detected	ET INFO	Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a	1
102.0	1892	162.244.35.36	80	172.16.103.77	49186	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M1	3
102.0	1892	162.244.35.36	80	172.16.103.77	49186	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M3	3
140.0	1930	172.16.103.77	49189	172.217.0.238	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3
141.0	1964	172.16.103.77	49190	172.217.0.225	443	Unknown Traffic	ET JA3	Hash - [Abuse.ch] Possible Adware	3