| 0.0 |
n/a |
68.177.32.107 |
80 |
10.21.101.121 |
49587 |
Possible Social Engineering Attempted |
ET WEB_CLIENT |
Fake Virus Phone Scam Audio Oct 30 |
2 |
| 0.0 |
n/a |
68.177.32.107 |
80 |
10.21.101.121 |
49587 |
Possible Social Engineering Attempted |
ET WEB_CLIENT |
Tech Support Phone Scam Landing (msg.mp3) 2016-08-12 |
2 |
| 0.0 |
n/a |
185.49.70.57 |
80 |
10.21.101.121 |
49584 |
Potentially Bad Traffic |
ET WEB_CLIENT |
Obfuscated Javascript // ptth |
2 |
| 0.0 |
n/a |
107.22.230.34 |
80 |
10.21.101.121 |
49396 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 131.0 |
7320 |
23.217.102.15 |
80 |
10.21.101.121 |
49332 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 140.0 |
7898 |
10.21.101.121 |
49441 |
198.154.248.183 |
80 |
Generic Protocol Command Decode |
SURICATA HTTP |
Request abnormal Content-Encoding header |
3 |
| 140.0 |
8086 |
198.154.248.183 |
80 |
10.21.101.121 |
49441 |
Exploit Kit Activity Detected |
ET EXPLOIT_KIT |
EITest Evil Redirect Leading to EK Feb 01 2016 |
1 |
| 146.0 |
9216 |
10.21.101.121 |
50003 |
8.8.8.8 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a .tk domain - Likely Hostile |
2 |
| 146.0 |
9747 |
10.21.101.121 |
49501 |
85.93.0.34 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
| 147.0 |
9915 |
10.21.101.121 |
49502 |
85.93.0.34 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
| 152.0 |
10221 |
10.21.101.121 |
49511 |
185.46.11.245 |
80 |
Potential Corporate Privacy Violation |
ET POLICY |
Outdated Flash Version M1 |
1 |
| 167.0 |
11437 |
184.28.188.193 |
80 |
10.21.101.121 |
49387 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11442 |
2.21.30.22 |
80 |
10.21.101.121 |
49378 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11444 |
184.28.188.195 |
80 |
10.21.101.121 |
49317 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11457 |
173.241.250.143 |
80 |
10.21.101.121 |
49402 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11461 |
184.28.188.184 |
80 |
10.21.101.121 |
49298 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11474 |
184.28.188.187 |
80 |
10.21.101.121 |
49277 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11478 |
184.28.188.194 |
80 |
10.21.101.121 |
49280 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11482 |
184.28.188.216 |
80 |
10.21.101.121 |
49279 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11573 |
72.165.185.9 |
80 |
10.21.101.121 |
49290 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11615 |
72.246.56.130 |
80 |
10.21.101.121 |
49352 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 167.0 |
11631 |
72.246.56.57 |
80 |
10.21.101.121 |
49286 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 171.0 |
11770 |
10.21.101.121 |
49517 |
23.211.235.162 |
80 |
A Network Trojan was detected |
ET MALWARE |
Bedep Connectivity Check M2 |
1 |
| 172.0 |
11865 |
10.21.101.121 |
49518 |
82.141.230.141 |
80 |
Malware Command and Control Activity Detected |
ET MALWARE |
Bedep HTTP POST CnC Beacon |
1 |
| 173.0 |
11897 |
10.21.101.121 |
49519 |
104.193.252.245 |
80 |
Malware Command and Control Activity Detected |
ET MALWARE |
Bedep HTTP POST CnC Beacon |
1 |
| 233.0 |
12006 |
10.21.101.121 |
49520 |
198.154.248.183 |
80 |
Generic Protocol Command Decode |
SURICATA HTTP |
Request abnormal Content-Encoding header |
3 |
| 321.0 |
12327 |
10.21.101.121 |
49534 |
104.193.252.245 |
80 |
Malware Command and Control Activity Detected |
ET MALWARE |
Bedep HTTP POST CnC Beacon |
1 |
| 325.0 |
14195 |
10.21.101.121 |
49534 |
104.193.252.245 |
80 |
Malware Command and Control Activity Detected |
ET MALWARE |
Bedep HTTP POST CnC Beacon |
1 |
| 325.0 |
14206 |
10.21.101.121 |
49535 |
104.193.252.245 |
80 |
Malware Command and Control Activity Detected |
ET MALWARE |
Bedep HTTP POST CnC Beacon |
1 |
| 358.0 |
14235 |
10.21.101.121 |
49538 |
103.234.36.148 |
80 |
Potentially Bad Traffic |
ET INFO |
Executable Download from dotted-quad Host |
2 |
| 359.0 |
14278 |
103.234.36.148 |
80 |
10.21.101.121 |
49538 |
Potential Corporate Privacy Violation |
ET POLICY |
PE EXE or DLL Windows file download HTTP |
1 |
| 359.0 |
14278 |
103.234.36.148 |
80 |
10.21.101.121 |
49538 |
Potentially Bad Traffic |
ET HUNTING |
SUSPICIOUS Dotted Quad Host MZ Response |
2 |
| 408.0 |
14788 |
10.21.101.121 |
49733 |
8.8.8.8 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a *.pw domain - Likely Hostile |
2 |
| 408.0 |
14877 |
10.21.101.121 |
61565 |
8.8.8.8 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a *.pw domain - Likely Hostile |
2 |
| 409.0 |
14915 |
10.21.101.121 |
49571 |
143.95.32.93 |
80 |
Misc activity |
ET INFO |
HTTP Request to a *.pw domain |
3 |
| 409.0 |
14956 |
10.21.101.121 |
49580 |
52.8.93.242 |
80 |
Misc activity |
ET INFO |
HTTP Request to a *.pw domain |
3 |
| 409.0 |
14968 |
10.21.101.121 |
49583 |
52.8.93.242 |
80 |
Misc activity |
ET INFO |
HTTP Request to a *.pw domain |
3 |
| 409.0 |
15007 |
10.21.101.121 |
58524 |
8.8.8.8 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a *.pw domain - Likely Hostile |
2 |
| 409.0 |
15064 |
10.21.101.121 |
49592 |
67.222.29.202 |
80 |
Misc activity |
ET INFO |
HTTP Request to a *.pw domain |
3 |
| 409.0 |
15079 |
10.21.101.121 |
49594 |
67.222.29.202 |
80 |
Misc activity |
ET INFO |
HTTP Request to a *.pw domain |
3 |
| 409.0 |
15093 |
10.21.101.121 |
49593 |
67.222.29.202 |
80 |
Misc activity |
ET INFO |
HTTP Request to a *.pw domain |
3 |