Alert Table for 2017-11-21-traffic-analysis-exercise-3-of-6.pcap

Relative Time Packet Source Source Port Destination Dest Port Category Rule Set Signature Severity
25.0 72 172.16.103.77 49158 172.217.0.234 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
26.0 83 172.16.103.77 49159 172.217.0.227 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
30.0 128 172.16.103.77 49160 172.217.0.228 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
52.0 286 172.16.103.77 49162 172.217.0.227 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
52.0 293 172.16.103.77 49163 172.217.0.227 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
60.0 1158 172.16.103.77 63743 172.16.103.1 53 Potentially Bad Traffic ET DNS Query to a .tk domain - Likely Hostile 2
60.0 979 172.16.103.77 53942 172.16.103.1 53 Potentially Bad Traffic ET DNS Query to a .tk domain - Likely Hostile 2
61.0 1160 172.16.103.77 49177 162.244.35.33 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
61.0 1169 172.16.103.77 49178 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
62.0 1221 172.16.103.77 49180 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
62.0 1231 172.16.103.77 49179 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
62.0 1247 172.16.103.77 49181 94.31.29.54 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
62.0 1503 172.16.103.77 49182 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1510 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1512 172.16.103.77 49183 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1521 172.16.103.77 49182 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1526 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1532 172.16.103.77 49183 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1702 172.16.103.77 49182 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
63.0 1703 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
64.0 1707 172.16.103.77 49184 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
71.0 1722 162.244.35.33 80 172.16.103.77 49177 Exploit Kit Activity Detected ET EXPLOIT_KIT Possible Keitaro TDS Redirect 1
85.0 1790 172.16.103.77 49186 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
85.0 1807 172.16.103.77 49187 172.217.0.227 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
85.0 1820 172.16.103.77 49185 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
86.0 1851 172.16.103.77 49186 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
92.0 1857 172.16.103.77 49186 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
92.0 1866 162.244.35.36 80 172.16.103.77 49185 Executable code was detected ET INFO Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a 1
92.0 1879 172.16.103.77 49185 162.244.35.36 80 Potentially Bad Traffic ET POLICY HTTP Request to a *.tk domain 2
102.0 1892 162.244.35.36 80 172.16.103.77 49186 Executable code was detected ET INFO Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a 1
140.0 1930 172.16.103.77 49189 172.217.0.238 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
141.0 1964 172.16.103.77 49190 172.217.0.225 443 Unknown Traffic ET JA3 Hash - [Abuse.ch] Possible Adware 3
Alerts provided by Emerging Threats 2022-04-08
Open in new window Done