| 0.0 |
n/a |
23.56.3.183 |
80 |
10.0.1.95 |
61252 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
128.177.96.24 |
80 |
10.0.1.95 |
61263 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
104.16.23.35 |
80 |
10.0.1.95 |
61216 |
Generic Protocol Command Decode |
SURICATA HTTP |
invalid response chunk len |
3 |
| 0.0 |
n/a |
173.241.244.11 |
80 |
10.0.1.95 |
61329 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
23.56.3.183 |
80 |
10.0.1.95 |
61294 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
80.239.137.59 |
80 |
10.0.1.95 |
61236 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
23.56.3.183 |
80 |
10.0.1.95 |
61292 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
80.239.137.50 |
80 |
10.0.1.95 |
61258 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
n/a |
173.241.244.212 |
80 |
10.0.1.95 |
61318 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
| 0.0 |
1 |
0.0.0.0 |
68 |
255.255.255.255 |
67 |
Generic Protocol Command Decode |
|
SURICATA UDPv4 invalid checksum |
3 |
| 2.0 |
62 |
10.0.1.95 |
49672 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 3.0 |
117 |
10.0.1.95 |
49674 |
65.52.108.212 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 55.0 |
613 |
107.180.41.148 |
80 |
10.0.1.95 |
49691 |
Potential Corporate Privacy Violation |
ET INFO |
PE EXE or DLL Windows file download HTTP |
1 |
| 55.0 |
613 |
107.180.41.148 |
80 |
10.0.1.95 |
49691 |
Potentially Bad Traffic |
ET INFO |
Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
2 |
| 75.0 |
680 |
0.0.0.0 |
68 |
255.255.255.255 |
67 |
Generic Protocol Command Decode |
|
SURICATA UDPv4 invalid checksum |
3 |
| 77.0 |
722 |
10.0.1.95 |
49671 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 80.0 |
848 |
10.0.1.95 |
49676 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 81.0 |
874 |
10.0.1.95 |
49677 |
40.77.224.255 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 120.0 |
1052 |
10.0.1.95 |
52527 |
130.255.78.223 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 130.0 |
1065 |
10.0.1.95 |
57621 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 137.0 |
1230 |
10.0.1.95 |
57624 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 137.0 |
1267 |
10.0.1.95 |
57625 |
65.52.108.225 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
| 171.0 |
1340 |
10.0.1.95 |
61981 |
144.76.133.38 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 173.0 |
1478 |
10.0.1.95 |
49411 |
62.113.203.99 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 174.0 |
1488 |
10.0.1.95 |
53978 |
93.170.96.235 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 186.0 |
1507 |
10.0.1.95 |
55224 |
31.3.135.232 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 187.0 |
1638 |
10.0.1.95 |
63016 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 190.0 |
1778 |
10.0.1.95 |
54664 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 193.0 |
1797 |
10.0.1.95 |
53279 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 194.0 |
1820 |
10.0.1.95 |
53131 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 195.0 |
1860 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 195.0 |
1863 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 195.0 |
1866 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 195.0 |
1870 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 196.0 |
1876 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 196.0 |
1883 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 196.0 |
1888 |
10.0.1.95 |
60206 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 198.0 |
2221 |
10.0.1.95 |
53917 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 201.0 |
2285 |
10.0.1.95 |
63962 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 203.0 |
2507 |
10.0.1.95 |
51538 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 205.0 |
2541 |
10.0.1.95 |
58179 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 219.0 |
2757 |
10.0.1.95 |
54277 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 221.0 |
2798 |
10.0.1.95 |
59592 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 223.0 |
2829 |
10.0.1.95 |
64717 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 226.0 |
2848 |
10.0.1.95 |
58092 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 228.0 |
3085 |
10.0.1.95 |
49337 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 231.0 |
3148 |
10.0.1.95 |
59989 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 232.0 |
3177 |
10.0.1.95 |
56324 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 233.0 |
3181 |
10.0.1.95 |
54148 |
144.76.133.38 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 235.0 |
3418 |
10.0.1.95 |
56620 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 238.0 |
3651 |
10.0.1.95 |
58353 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 239.0 |
3684 |
10.0.1.95 |
53210 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 242.0 |
3703 |
10.0.1.95 |
58218 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 243.0 |
3722 |
10.0.1.95 |
60887 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 247.0 |
3744 |
10.0.1.95 |
62007 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 251.0 |
3772 |
10.0.1.95 |
60414 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 254.0 |
3793 |
10.0.1.95 |
59627 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 255.0 |
3814 |
10.0.1.95 |
57446 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 256.0 |
3835 |
10.0.1.95 |
51096 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 257.0 |
3864 |
10.0.1.95 |
63717 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 257.0 |
3866 |
10.0.1.95 |
63716 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 258.0 |
3888 |
10.0.1.95 |
57746 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 538.0 |
4443 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4447 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4456 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4458 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4459 |
10.0.1.95 |
57758 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4474 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4475 |
10.0.1.95 |
57758 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4476 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 538.0 |
4478 |
10.0.1.95 |
57759 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4489 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4491 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4493 |
10.0.1.95 |
57759 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4496 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4498 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4516 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4517 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 539.0 |
4549 |
10.0.1.95 |
49510 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 544.0 |
4770 |
10.0.1.95 |
49516 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 544.0 |
4776 |
10.0.1.95 |
49516 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 549.0 |
4863 |
10.0.1.95 |
49520 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 550.0 |
4869 |
10.0.1.95 |
49520 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 554.0 |
4914 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 554.0 |
4933 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 554.0 |
5008 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5041 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5042 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5195 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5196 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5272 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5273 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5297 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5308 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5333 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5334 |
10.0.1.95 |
49529 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 555.0 |
5349 |
10.0.1.95 |
49529 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5373 |
10.0.1.95 |
49532 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5384 |
10.0.1.95 |
49532 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5439 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5446 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5454 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5461 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5466 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 556.0 |
5472 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 562.0 |
5563 |
10.0.1.95 |
49538 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 562.0 |
5567 |
10.0.1.95 |
49538 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 566.0 |
5658 |
10.0.1.95 |
49542 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 566.0 |
5670 |
10.0.1.95 |
49542 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 567.0 |
5672 |
10.0.1.95 |
49543 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 567.0 |
5680 |
10.0.1.95 |
49543 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5748 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5751 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5755 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5756 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5761 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5763 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5767 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5769 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5773 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5774 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5780 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 572.0 |
5781 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 612.0 |
5847 |
10.0.1.95 |
61112 |
188.165.200.156 |
53 |
Potentially Bad Traffic |
ET INFO |
DNS Query Domain .bit |
2 |
| 634.0 |
6491 |
104.16.23.35 |
80 |
10.0.1.95 |
61216 |
Generic Protocol Command Decode |
SURICATA HTTP |
gzip decompression failed |
3 |
| 635.0 |
7322 |
104.18.61.210 |
80 |
10.0.1.95 |
61209 |
Exploit Kit Activity Detected |
ET EXPLOIT_KIT |
EITest Inject July 25 2017 |
1 |
| 635.0 |
7681 |
10.0.1.95 |
61209 |
104.18.61.210 |
80 |
Potential Corporate Privacy Violation |
ET INFO |
Outdated Flash Version M1 |
1 |
| 638.0 |
8852 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 638.0 |
8863 |
198.232.125.32 |
80 |
10.0.1.95 |
61220 |
Generic Protocol Command Decode |
SURICATA HTTP |
gzip decompression failed |
3 |
| 638.0 |
8880 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 638.0 |
8894 |
10.0.1.95 |
61313 |
172.226.84.55 |
443 |
Unknown Traffic |
ET JA3 |
Hash - [Abuse.ch] Possible Adware |
3 |
| 638.0 |
8905 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 638.0 |
8921 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 638.0 |
8945 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 638.0 |
9001 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
| 639.0 |
9222 |
198.232.125.32 |
80 |
10.0.1.95 |
61217 |
Generic Protocol Command Decode |
SURICATA HTTP |
invalid response chunk len |
3 |
| 692.0 |
9518 |
10.0.1.95 |
55963 |
10.0.1.1 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a .tk domain - Likely Hostile |
2 |
| 692.0 |
9519 |
10.0.1.95 |
55963 |
10.0.1.1 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a .tk domain - Likely Hostile |
2 |
| 693.0 |
9534 |
10.0.1.95 |
61356 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET INFO |
HTTP Request to a *.tk domain |
2 |
| 693.0 |
9537 |
162.244.35.36 |
80 |
10.0.1.95 |
61356 |
Possible Social Engineering Attempted |
ET WEB_CLIENT |
Tech Support Phone Scam Landing (err.mp3) 2016-08-12 |
2 |
| 693.0 |
9537 |
162.244.35.36 |
80 |
10.0.1.95 |
61356 |
Possible Social Engineering Attempted |
ET WEB_CLIENT |
Fake AV Phone Scam Landing Feb 12 |
2 |
| 693.0 |
9544 |
10.0.1.95 |
61357 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET INFO |
HTTP Request to a *.tk domain |
2 |
| 693.0 |
9580 |
10.0.1.95 |
61356 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET INFO |
HTTP Request to a *.tk domain |
2 |
| 698.0 |
9653 |
10.0.1.95 |
61356 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET INFO |
HTTP Request to a *.tk domain |
2 |
| 698.0 |
9656 |
10.0.1.95 |
61357 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET INFO |
HTTP Request to a *.tk domain |
2 |
| 702.0 |
9917 |
162.244.35.33 |
80 |
10.0.1.95 |
61354 |
Exploit Kit Activity Detected |
ET EXPLOIT_KIT |
Possible Keitaro TDS Redirect |
1 |
CS Enterprise
//
community.cloudshark.io