Relative Time | Packet | Source | Source Port | Destination | Dest Port | Category | Rule Set | Signature | Severity |
---|---|---|---|---|---|---|---|---|---|
6.0 | 310 | 192.168.9.155 | 49676 | 65.52.108.254 | 443 | Unknown Traffic | ET JA3 | Hash - Possible Malware - Fake Firefox Font Update | 3 |
6.0 | 310 | 192.168.9.155 | 49676 | 65.52.108.254 | 443 | Unknown Traffic | ET JA3 | Hash - [Abuse.ch] Possible Tofsee | 3 |
7.0 | 353 | 192.168.9.155 | 49678 | 131.253.34.238 | 443 | Unknown Traffic | ET JA3 | Hash - Possible Malware - Fake Firefox Font Update | 3 |
7.0 | 353 | 192.168.9.155 | 49678 | 131.253.34.238 | 443 | Unknown Traffic | ET JA3 | Hash - [Abuse.ch] Possible Tofsee | 3 |
63.0 | 956 | 192.168.9.155 | 49734 | 131.253.34.230 | 443 | Unknown Traffic | ET JA3 | Hash - Possible Malware - Fake Firefox Font Update | 3 |
63.0 | 956 | 192.168.9.155 | 49734 | 131.253.34.230 | 443 | Unknown Traffic | ET JA3 | Hash - [Abuse.ch] Possible Tofsee | 3 |
63.0 | 983 | 192.168.9.155 | 49735 | 65.52.108.229 | 443 | Unknown Traffic | ET JA3 | Hash - Possible Malware - Fake Firefox Font Update | 3 |
63.0 | 983 | 192.168.9.155 | 49735 | 65.52.108.229 | 443 | Unknown Traffic | ET JA3 | Hash - [Abuse.ch] Possible Tofsee | 3 |
97.0 | 1486 | 116.90.60.136 | 80 | 192.168.9.155 | 49754 | A Network Trojan was detected | ET POLICY | Terse Named Filename EXE Download - Possibly Hostile | 1 |
106.0 | 1963 | 192.168.9.155 | 49759 | 194.88.246.242 | 443 | Potentially Bad Traffic | ET POLICY | HTTP traffic on port 443 (POST) | 2 |
106.0 | 1963 | 192.168.9.155 | 49759 | 194.88.246.242 | 443 | Potentially Bad Traffic | ET HUNTING | GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 | 2 |
656.0 | n/a | 116.90.60.136 | 80 | 192.168.9.155 | 49754 | Potential Corporate Privacy Violation | ET POLICY | PE EXE or DLL Windows file download HTTP | 1 |
656.0 | n/a | 116.90.60.136 | 80 | 192.168.9.155 | 49754 | Potentially Bad Traffic | ET INFO | Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download | 2 |
656.0 | n/a | 116.90.60.136 | 80 | 192.168.9.155 | 49754 | Misc activity | ET INFO | EXE - Served Attached HTTP | 3 |