IP Address | Port | Hostname | ||
---|---|---|---|---|
Source | (local) | 63683 | ||
Destination |
|
http (80) | reclusery.aggrelek.org |
Description:
- User hit a Neutrino exploit kit.
- See the following for an example of a successful attack:
False Positive:
- NO
- This isn't a false positive. It correctly detects that a user has stumbled into an exploit kit.
- It is a low probability indicator of compromise by itself.
- Checked and verified that the user clearly has the latest flash version.
- Second hit was same as a above.
Action:
- Alarming on a single EK hit is questionable.
- This was a single hit with no additional suspicious or new alarms.
- Second hit, same as above.
- No action.
Comments