0.0 |
n/a |
23.56.3.183 |
80 |
10.0.1.95 |
61292 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
128.177.96.24 |
80 |
10.0.1.95 |
61263 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
23.56.3.183 |
80 |
10.0.1.95 |
61294 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
173.241.244.212 |
80 |
10.0.1.95 |
61318 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
80.239.137.59 |
80 |
10.0.1.95 |
61236 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
23.56.3.183 |
80 |
10.0.1.95 |
61252 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
173.241.244.11 |
80 |
10.0.1.95 |
61329 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
0.0 |
n/a |
80.239.137.50 |
80 |
10.0.1.95 |
61258 |
Generic Protocol Command Decode |
SURICATA HTTP |
unable to match response to request |
3 |
2.0 |
62 |
10.0.1.95 |
49672 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
3.0 |
117 |
10.0.1.95 |
49674 |
65.52.108.212 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
55.0 |
605 |
107.180.41.148 |
80 |
10.0.1.95 |
49691 |
Potential Corporate Privacy Violation |
ET POLICY |
PE EXE or DLL Windows file download HTTP |
1 |
55.0 |
605 |
107.180.41.148 |
80 |
10.0.1.95 |
49691 |
Potentially Bad Traffic |
ET INFO |
Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download |
2 |
77.0 |
722 |
10.0.1.95 |
49671 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
80.0 |
848 |
10.0.1.95 |
49676 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
81.0 |
874 |
10.0.1.95 |
49677 |
40.77.224.255 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
137.0 |
1230 |
10.0.1.95 |
57624 |
65.52.108.254 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
137.0 |
1267 |
10.0.1.95 |
57625 |
65.52.108.225 |
443 |
Unknown Traffic |
ET JA3 |
Hash - Possible Malware - Fake Firefox Font Update |
3 |
195.0 |
1860 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
195.0 |
1863 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
195.0 |
1866 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
195.0 |
1870 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
196.0 |
1876 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
196.0 |
1883 |
10.0.1.95 |
53133 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
257.0 |
3864 |
10.0.1.95 |
63717 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4443 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4447 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4456 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4458 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4459 |
10.0.1.95 |
57758 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4474 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4475 |
10.0.1.95 |
57758 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4476 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
538.0 |
4478 |
10.0.1.95 |
57759 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4489 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4491 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4493 |
10.0.1.95 |
57759 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4496 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4498 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4516 |
10.0.1.95 |
57756 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
539.0 |
4517 |
10.0.1.95 |
57757 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
544.0 |
4770 |
10.0.1.95 |
49516 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
544.0 |
4776 |
10.0.1.95 |
49516 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
549.0 |
4863 |
10.0.1.95 |
49520 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
550.0 |
4869 |
10.0.1.95 |
49520 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
554.0 |
4914 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
554.0 |
4933 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
554.0 |
5008 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5041 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5042 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5195 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5196 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5272 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5273 |
10.0.1.95 |
49522 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5297 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5308 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5333 |
10.0.1.95 |
49527 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5334 |
10.0.1.95 |
49529 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
555.0 |
5349 |
10.0.1.95 |
49529 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5373 |
10.0.1.95 |
49532 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5384 |
10.0.1.95 |
49532 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5439 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5446 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5454 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5461 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5466 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
556.0 |
5472 |
10.0.1.95 |
49534 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
562.0 |
5563 |
10.0.1.95 |
49538 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
562.0 |
5567 |
10.0.1.95 |
49538 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
566.0 |
5658 |
10.0.1.95 |
49542 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
566.0 |
5670 |
10.0.1.95 |
49542 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
567.0 |
5672 |
10.0.1.95 |
49543 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
567.0 |
5680 |
10.0.1.95 |
49543 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5748 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5751 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5755 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5756 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5761 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5763 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5767 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5769 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5773 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5774 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5780 |
10.0.1.95 |
49547 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
572.0 |
5781 |
10.0.1.95 |
49546 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
634.0 |
6141 |
10.0.1.95 |
61209 |
104.18.61.210 |
80 |
Generic Protocol Command Decode |
SURICATA HTTP |
Request abnormal Content-Encoding header |
3 |
635.0 |
7322 |
104.18.61.210 |
80 |
10.0.1.95 |
61209 |
Exploit Kit Activity Detected |
ET EXPLOIT_KIT |
EITest Inject July 25 2017 |
1 |
635.0 |
7681 |
10.0.1.95 |
61209 |
104.18.61.210 |
80 |
Potential Corporate Privacy Violation |
ET POLICY |
Outdated Flash Version M1 |
1 |
638.0 |
8852 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
638.0 |
8880 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
638.0 |
8894 |
10.0.1.95 |
61313 |
172.226.84.55 |
443 |
Unknown Traffic |
ET JA3 |
Hash - [Abuse.ch] Possible Adware |
3 |
638.0 |
8905 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
638.0 |
8921 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
638.0 |
8945 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
638.0 |
9001 |
10.0.1.95 |
61320 |
13.107.4.52 |
80 |
Misc activity |
ET INFO |
Microsoft Connection Test |
3 |
692.0 |
9518 |
10.0.1.95 |
55963 |
10.0.1.1 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a .tk domain - Likely Hostile |
2 |
692.0 |
9519 |
10.0.1.95 |
55963 |
10.0.1.1 |
53 |
Potentially Bad Traffic |
ET DNS |
Query to a .tk domain - Likely Hostile |
2 |
693.0 |
9534 |
10.0.1.95 |
61356 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
693.0 |
9537 |
162.244.35.36 |
80 |
10.0.1.95 |
61356 |
Possible Social Engineering Attempted |
ET WEB_CLIENT |
Tech Support Phone Scam Landing (err.mp3) 2016-08-12 |
2 |
693.0 |
9537 |
162.244.35.36 |
80 |
10.0.1.95 |
61356 |
Possible Social Engineering Attempted |
ET WEB_CLIENT |
Fake AV Phone Scam Landing Feb 12 |
2 |
693.0 |
9544 |
10.0.1.95 |
61357 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
693.0 |
9580 |
10.0.1.95 |
61356 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
698.0 |
9653 |
10.0.1.95 |
61356 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
698.0 |
9656 |
10.0.1.95 |
61357 |
162.244.35.36 |
80 |
Potentially Bad Traffic |
ET POLICY |
HTTP Request to a *.tk domain |
2 |
702.0 |
9917 |
162.244.35.33 |
80 |
10.0.1.95 |
61354 |
Exploit Kit Activity Detected |
ET EXPLOIT_KIT |
Possible Keitaro TDS Redirect |
1 |