StudyDaddy Computer Science Need cybersecurity assignment in 2 hrs

Need cybersecurity assignment in 2 hrs

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:06:58.177049 192.168.122.130:49161 -> 204.79.197.200:443

TCP TTL:128 TOS:0x0 ID:1466 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x6E33F2D1 Ack: 0xD1BA3C1B Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:07:40.663170 192.168.122.52:49160 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:197 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x187EBBA7 Ack: 0x4DB304DF Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:07:45.670658 192.168.122.52:49161 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:201 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xE9FF4C72 Ack: 0x18DEE412 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:07:45.671080 192.168.122.52:49162 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:202 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xE3541FAE Ack: 0xBF94A938 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:07:58.625096 204.79.197.200:443 -> 192.168.122.130:49167

TCP TTL:121 TOS:0x0 ID:30881 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xD3D11E42 Ack: 0xFBC1DEDE Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:07:59.478427 204.79.197.200:443 -> 192.168.122.130:49162

TCP TTL:122 TOS:0x0 ID:24399 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x43FD5CD4 Ack: 0xBE8D858D Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:07:59.978988 204.79.197.200:443 -> 192.168.122.130:49166

TCP TTL:122 TOS:0x0 ID:5224 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x70CDE61D Ack: 0xBE525249 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:08:04.879123 204.79.197.200:443 -> 192.168.122.130:49170

TCP TTL:122 TOS:0x0 ID:17684 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xC35A0B20 Ack: 0x1E0F75B9 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:08:10.899041 204.79.197.200:443 -> 192.168.122.130:49169

TCP TTL:122 TOS:0x0 ID:20404 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x2E3F1253 Ack: 0x8C289808 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:08:45.619163 192.168.122.52:49163 -> 119.160.243.163:443

TCP TTL:128 TOS:0x0 ID:269 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xEFE62EB5 Ack: 0x79391C57 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:08:46.207559 192.168.122.130:49192 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:2522 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x9909CE2E Ack: 0x78771FC7 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:08:46.861638 192.168.122.130:49172 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:2527 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x4F707C26 Ack: 0x6CFAA64B Win: 0x0 TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:08:52.331528 119.160.243.163 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:298 IpLen:20 DgmLen:20 DF

[**] [1:32481:1] POLICY-OTHER Remote non-JavaScript file found in script tag src attribute [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:08:59.416063 103.2.116.83:80 -> 192.168.122.52:49178

TCP TTL:128 TOS:0x0 ID:385 IpLen:20 DgmLen:13316 DF

***A**** Seq: 0x53EB4C05 Ack: 0x7543C555 Win: 0xFC80 TcpLen: 20

[Xref => http://technet.microsoft.com/en-us/security/bulletin/MS14-065][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6345]

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:01.064178 192.168.122.52 -> 119.160.254.197

PROTO:254 TTL:50 TOS:0x0 ID:54776 IpLen:20 DgmLen:84 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:07.189219 119.160.254.197 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:511 IpLen:20 DgmLen:84 DF

[**] [1:23621:7] INDICATOR-OBFUSCATION known packer routine with secondary obfuscation [**]

[Classification: Misc activity] [Priority: 3]

01/07-23:09:36.005353 67.225.139.108:80 -> 192.168.122.52:49210

TCP TTL:53 TOS:0x0 ID:53086 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x9E76360 Ack: 0xFC92145B Win: 0x7B TcpLen: 20

[Xref => http://dean.edwards.name/packer/]

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:51.522609 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:952 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:51.967189 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:983 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:52.404510 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1014 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:52.843227 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1036 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:54.155534 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1108 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:09:57.333072 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1244 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:01.882065 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1409 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:02.498965 67.225.139.108 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1430 IpLen:20 DgmLen:84 DF

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:03.056273 192.168.122.132:49177 -> 103.2.116.83:443

TCP TTL:128 TOS:0x0 ID:881 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xDB8136CE Ack: 0x7FFEFB4B Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:03.056660 192.168.122.132:49179 -> 103.2.116.83:443

TCP TTL:128 TOS:0x0 ID:882 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x7F3C327B Ack: 0xADDD76F Win: 0x0 TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:13.091779 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:963 IpLen:20 DgmLen:20 DF

[**] [1:23179:4] INDICATOR-COMPROMISE script before DOCTYPE possible malicious redirect attempt [**]

[Classification: Web Application Attack] [Priority: 1]

01/07-23:10:13.091779 92.51.131.150:80 -> 192.168.122.132:49182

TCP TTL:128 TOS:0x0 ID:963 IpLen:20 DgmLen:16444 DF

***A**** Seq: 0xC29D5B4B Ack: 0xD54A486D Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:17.298829 89.38.144.75:80 -> 192.168.122.132:49195

TCP TTL:55 TOS:0x0 ID:62030 IpLen:20 DgmLen:40 DF

*****R** Seq: 0x7EBB8F17 Ack: 0x0 Win: 0x0 TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:18.875477 89.38.144.75 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:1389 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:18.517346 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:1403 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:19.383344 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:1444 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:19.848943 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:1522 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:19.599983 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:1573 IpLen:20 DgmLen:20 DF

[**] [119:19:1] (http_inspect) LONG HEADER [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:24.389671 192.168.122.132:49205 -> 74.125.204.155:80

TCP TTL:46 TOS:0x0 ID:23079 IpLen:20 DgmLen:1276

***AP*** Seq: 0xFAF8FA3B Ack: 0xA65DD019 Win: 0xB580 TcpLen: 20

[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4873]

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:25.923077 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:1973 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:28.547061 92.51.131.150 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:2178 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:10:29.416406 89.38.144.75 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:2228 IpLen:20 DgmLen:20 DF

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:42.274157 192.168.122.130:49188 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:2663 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x38227177 Ack: 0xA72F35A5 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:42.274305 192.168.122.130:49186 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:2664 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xDD747FA Ack: 0x2F6CAD79 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:42.274454 192.168.122.130:49173 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:2665 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0xB598BEA6 Ack: 0xCE7EE7C7 Win: 0x0 TcpLen: 20

[**] [129:15:1] Reset outside window [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:10:42.274598 192.168.122.130:49187 -> 119.160.254.215:443

TCP TTL:128 TOS:0x0 ID:2666 IpLen:20 DgmLen:40 DF

***A*R** Seq: 0x82C5C2D Ack: 0xE8CBAD93 Win: 0x0 TcpLen: 20

[**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**]

[Classification: A Network Trojan was detected] [Priority: 1]

01/07-23:10:47.545424 192.168.122.132:49218 -> 188.138.101.154:80

TCP TTL:44 TOS:0x28 ID:19969 IpLen:20 DgmLen:536 DF

***A**** Seq: 0xAEEA78BE Ack: 0xCA958CD2 Win: 0x4180 TcpLen: 20

[Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/]

[**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**]

[Classification: A Network Trojan was detected] [Priority: 1]

01/07-23:10:51.876147 192.168.122.132:49219 -> 188.138.101.154:80

TCP TTL:45 TOS:0x28 ID:44361 IpLen:20 DgmLen:514 DF

***A**** Seq: 0x806035EC Ack: 0x54A17F85 Win: 0x3D80 TcpLen: 20

[Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/]

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:11:00.961973 188.138.101.154 -> 192.168.122.132

PROTO:254 TTL:128 TOS:0x0 ID:2804 IpLen:20 DgmLen:20 DF

[**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**]

[Classification: A Network Trojan was detected] [Priority: 1]

01/07-23:11:11.746204 192.168.122.132:49220 -> 188.138.101.154:80

TCP TTL:44 TOS:0x28 ID:47564 IpLen:20 DgmLen:530 DF

***A**** Seq: 0xD8F77F37 Ack: 0xAB6F99A0 Win: 0x3D80 TcpLen: 20

[Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/]

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:11:58.680972 216.158.85.7:80 -> 192.168.122.130:49220

TCP TTL:120 TOS:0x0 ID:24332 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x275AB0D3 Ack: 0x30409808 Win: 0x1FE TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:11:58.680972 216.158.85.7:80 -> 192.168.122.130:49220

TCP TTL:120 TOS:0x0 ID:24332 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x275AB0D3 Ack: 0x30409808 Win: 0x1FE TcpLen: 20

[**] [1:25061:7] FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:11:58.680972 216.158.85.7:80 -> 192.168.122.130:49220

TCP TTL:128 TOS:0x0 ID:2740 IpLen:20 DgmLen:16444 DF

***A**** Seq: 0x275AB0D3 Ack: 0x30409808 Win: 0x0 TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:12:01.391269 216.158.85.7 -> 192.168.122.130

PROTO:254 TTL:128 TOS:0x0 ID:2757 IpLen:20 DgmLen:84 DF

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:04.612428 174.36.186.235:80 -> 192.168.122.130:49223

TCP TTL:116 TOS:0x0 ID:19247 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0xD7C6152D Ack: 0x9957AF5C Win: 0xFE4F TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:04.612428 174.36.186.235:80 -> 192.168.122.130:49223

TCP TTL:116 TOS:0x0 ID:19247 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0xD7C6152D Ack: 0x9957AF5C Win: 0xFE4F TcpLen: 20

[**] [1:25061:7] FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:04.612428 174.36.186.235:80 -> 192.168.122.130:49223

TCP TTL:128 TOS:0x0 ID:2808 IpLen:20 DgmLen:16444 DF

***A**** Seq: 0xD7C6152D Ack: 0x9957AF5C Win: 0x0 TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:12:09.973674 174.36.186.235 -> 192.168.122.130

PROTO:254 TTL:128 TOS:0x0 ID:2830 IpLen:20 DgmLen:84 DF

[**] [1:34318:4] MALWARE-CNC Win.Trojan.CryptoWall variant outbound connection [**]

[Classification: A Network Trojan was detected] [Priority: 1]

01/07-23:12:14.456674 192.168.122.132:49221 -> 50.22.11.55:80

TCP TTL:53 TOS:0x0 ID:11006 IpLen:20 DgmLen:537 DF

***A**** Seq: 0x24766841 Ack: 0x68545EA5 Win: 0x7680 TcpLen: 20

[Xref => http://www.virustotal.com/en/file/d14f1d1e07bd116ed0faf5896438177f36a05adacf5af4f32910e313e9c1fd93/analysis/]

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:22.606965 184.168.173.1:80 -> 192.168.122.130:49224

TCP TTL:52 TOS:0x0 ID:32864 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x85B825AB Ack: 0x2D67669A Win: 0x1F TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:22.606965 184.168.173.1:80 -> 192.168.122.130:49224

TCP TTL:52 TOS:0x0 ID:32864 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x85B825AB Ack: 0x2D67669A Win: 0x1F TcpLen: 20

[**] [1:25061:7] FILE-EXECUTABLE Microsoft Software Installer MSI binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:22.606965 184.168.173.1:80 -> 192.168.122.130:49224

TCP TTL:128 TOS:0x0 ID:2887 IpLen:20 DgmLen:16444 DF

***A**** Seq: 0x85B825AB Ack: 0x2D67669A Win: 0x0 TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:12:24.806822 184.168.173.1 -> 192.168.122.130

PROTO:254 TTL:128 TOS:0x0 ID:2903 IpLen:20 DgmLen:84 DF

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:31.277950 216.158.85.7:80 -> 192.168.122.130:49220

TCP TTL:120 TOS:0x0 ID:24607 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x275EABC2 Ack: 0x304099B6 Win: 0x1FD TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:31.277950 216.158.85.7:80 -> 192.168.122.130:49220

TCP TTL:120 TOS:0x0 ID:24607 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x275EABC2 Ack: 0x304099B6 Win: 0x1FD TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:35.088913 174.36.186.235:80 -> 192.168.122.130:49225

TCP TTL:116 TOS:0x0 ID:22278 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0xB6D360E8 Ack: 0x3B6DC4C1 Win: 0xFE4F TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:35.088913 174.36.186.235:80 -> 192.168.122.130:49225

TCP TTL:116 TOS:0x0 ID:22278 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0xB6D360E8 Ack: 0x3B6DC4C1 Win: 0xFE4F TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:12:39.172789 174.36.186.235 -> 192.168.122.130

PROTO:254 TTL:128 TOS:0x0 ID:3033 IpLen:20 DgmLen:84 DF

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:48.574123 184.168.173.1:80 -> 192.168.122.130:49226

TCP TTL:52 TOS:0x0 ID:45163 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x1240BB08 Ack: 0xC416110B Win: 0x1F TcpLen: 20

[**] [1:15306:22] FILE-EXECUTABLE Portable Executable binary file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:48.574123 184.168.173.1:80 -> 192.168.122.130:49226

TCP TTL:52 TOS:0x0 ID:45163 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x1240BB08 Ack: 0xC416110B Win: 0x1F TcpLen: 20

[**] [1:648:18] INDICATOR-SHELLCODE x86 NOOP [**]

[Classification: Executable code was detected] [Priority: 1]

01/07-23:12:49.222257 184.168.173.1:80 -> 192.168.122.130:49226

TCP TTL:52 TOS:0x0 ID:45167 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x1240D064 Ack: 0xC416110B Win: 0x1F TcpLen: 20

[**] [1:23256:9] FILE-EXECUTABLE Armadillo v1.71 packer file magic detected [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:12:50.027232 184.168.173.1:80 -> 192.168.122.130:49226

TCP TTL:52 TOS:0x0 ID:45188 IpLen:20 DgmLen:1407 DF

***A**** Seq: 0x12414087 Ack: 0xC416110B Win: 0x1F TcpLen: 20

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:12:53.729881 184.168.173.1 -> 192.168.122.130

PROTO:254 TTL:128 TOS:0x0 ID:3144 IpLen:20 DgmLen:84 DF

[**] [1:254:15] PROTOCOL-DNS SPOOF query response with TTL of 1 min. and no authority [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:12:59.999139 8.8.4.4:53 -> 192.168.122.132:60739

UDP TTL:56 TOS:0x0 ID:23850 IpLen:20 DgmLen:78

Len: 50

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:15:26.991324 119.160.254.197 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:1929 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:15:41.610439 54.66.231.10 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:2138 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:15:42.222451 103.2.116.79 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:2162 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:15:44.190215 103.2.116.79 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:2207 IpLen:20 DgmLen:20 DF

[**] [139:1:1] (spp_sdf) SDF Combination Alert [**]

[Classification: Senstive Data] [Priority: 2]

01/07-23:15:42.258593 103.2.116.79 -> 192.168.122.52

PROTO:254 TTL:128 TOS:0x0 ID:2211 IpLen:20 DgmLen:20 DF

[**] [1:3679:16] INDICATOR-OBFUSCATION Multiple Products IFRAME src javascript code execution [**]

[Classification: Attempted User Privilege Gain] [Priority: 1]

01/07-23:15:45.081943 54.66.231.10:80 -> 192.168.122.52:49311

TCP TTL:128 TOS:0x0 ID:2221 IpLen:20 DgmLen:16444 DF

***A**** Seq: 0xF67B8143 Ack: 0xECD97304 Win: 0x50 TcpLen: 20

[Xref => http://cgi.nessus.org/plugins/dump.php3?id=18243][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-2939][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1476][Xref => http://www.securityfocus.com/bid/30560][Xref => http://www.securityfocus.com/bid/13544]

[**] [1:32481:1] POLICY-OTHER Remote non-JavaScript file found in script tag src attribute [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:15:49.350409 173.223.175.15:80 -> 192.168.122.52:49326

TCP TTL:128 TOS:0x0 ID:2252 IpLen:20 DgmLen:661 DF

***A**** Seq: 0x2956AFC9 Ack: 0xC7D23919 Win: 0xFDE0 TcpLen: 20

[Xref => http://technet.microsoft.com/en-us/security/bulletin/MS14-065][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6345]

[**] [119:19:1] (http_inspect) LONG HEADER [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:15:50.023525 192.168.122.52:49321 -> 184.85.81.17:80

TCP TTL:60 TOS:0x0 ID:51381 IpLen:20 DgmLen:1688 DF

***A**** Seq: 0xE515DBAD Ack: 0xB175EA76 Win: 0x89A0 TcpLen: 20

[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4873]

[**] [1:32481:1] POLICY-OTHER Remote non-JavaScript file found in script tag src attribute [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:15:50.500938 173.223.175.15:80 -> 192.168.122.52:49327

TCP TTL:128 TOS:0x0 ID:2272 IpLen:20 DgmLen:659 DF

***A**** Seq: 0xF8333116 Ack: 0x921481A2 Win: 0xFDE4 TcpLen: 20

[Xref => http://technet.microsoft.com/en-us/security/bulletin/MS14-065][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6345]

[**] [1:32481:1] POLICY-OTHER Remote non-JavaScript file found in script tag src attribute [**]

[Classification: Potential Corporate Privacy Violation] [Priority: 1]

01/07-23:15:56.185573 173.223.175.15:80 -> 192.168.122.52:49326

TCP TTL:128 TOS:0x0 ID:2321 IpLen:20 DgmLen:665 DF

***A**** Seq: 0x2956B236 Ack: 0xC7D23ABF Win: 0xFB70 TcpLen: 20

[Xref => http://technet.microsoft.com/en-us/security/bulletin/MS14-065][Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-6345]

[**] [119:19:1] (http_inspect) LONG HEADER [**]

[Classification: Potentially Bad Traffic] [Priority: 2]

01/07-23:15:57.201230 192.168.122.52:49320 -> 184.85.81.17:80

TCP TTL:60 TOS:0x0 ID:33932 IpLen:20 DgmLen:1722 DF

***A**** Seq: 0xF6C296AD Ack: 0x99C3C4C1 Win: 0x8B80 TcpLen: 20

[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-4873]

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!