Alert Table for 2017-11-21-traffic-analysis-exercise-3-of-6.pcap

Relative Time	Packet	Source	Source Port	Destination	Dest Port	Category	Rule Set	Signature	Severity
60.0	1158	172.16.103.77	63743	172.16.103.1	53	Potentially Bad Traffic	ET DNS	Query to a .tk domain - Likely Hostile	2
60.0	979	172.16.103.77	53942	172.16.103.1	53	Potentially Bad Traffic	ET DNS	Query to a .tk domain - Likely Hostile	2
61.0	1160	172.16.103.77	49177	162.244.35.33	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
61.0	1169	172.16.103.77	49178	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
62.0	1221	172.16.103.77	49180	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
62.0	1231	172.16.103.77	49179	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
62.0	1503	172.16.103.77	49182	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1510	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1512	172.16.103.77	49183	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1521	172.16.103.77	49182	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1526	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1532	172.16.103.77	49183	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1702	172.16.103.77	49182	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
63.0	1703	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
64.0	1707	172.16.103.77	49184	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
71.0	1722	162.244.35.33	80	172.16.103.77	49177	Exploit Kit Activity Detected	ET EXPLOIT_KIT	Possible Keitaro TDS Redirect	1
85.0	1790	172.16.103.77	49186	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
85.0	1820	172.16.103.77	49185	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
86.0	1851	172.16.103.77	49186	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
92.0	1857	172.16.103.77	49186	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
92.0	1866	162.244.35.36	80	172.16.103.77	49185	Executable code was detected	ET INFO	Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a	1
92.0	1866	162.244.35.36	80	172.16.103.77	49185	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M1	3
92.0	1866	162.244.35.36	80	172.16.103.77	49185	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M3	3
92.0	1879	172.16.103.77	49185	162.244.35.36	80	Potentially Bad Traffic	ET POLICY	HTTP Request to a *.tk domain	2
102.0	1892	162.244.35.36	80	172.16.103.77	49186	Executable code was detected	ET INFO	Possible Hex Obfuscated JavaScript Heap Spray 0a0a0a0a	1
102.0	1892	162.244.35.36	80	172.16.103.77	49186	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M1	3
102.0	1892	162.244.35.36	80	172.16.103.77	49186	Misc activity	ET HUNTING	[TW] Likely Javascript-Obfuscator Usage Observed M3	3

Open in new window Done