contagio_08.pcap

MD5efa5efa869e20818c93dc4fe220c2b85
Submission Date2020-09-28 05:37:54
Tags
Alert 286
Showing 1-20 of 286 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2012-10-07T07:34:34.639954-0700172.16.253.1298.8.8.8ET INFO DYNAMIC_DNS Query to *.dyndns. Domain*
2
2012-10-07T07:34:34.640077-0700172.16.253.1294.2.2.2ET INFO DYNAMIC_DNS Query to *.dyndns. Domain*
3
2012-10-07T07:34:48.887221-070086.59.21.38172.16.253.129ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 783*
4
2012-10-07T07:34:35.564549-0700128.31.0.39172.16.253.129ET POLICY TLS possible TOR SSL traffic*
5
2012-10-07T07:34:55.520577-0700209.240.71.9172.16.253.129ET POLICY TLS possible TOR SSL traffic*
6
2012-10-07T07:34:55.780544-070086.49.32.49172.16.253.129ET POLICY TLS possible TOR SSL traffic*
7
2012-10-07T07:34:55.650106-07005.39.97.46172.16.253.129ET POLICY TLS possible TOR SSL traffic*
8
2012-10-07T07:34:34.751266-0700172.16.253.129216.146.38.70ET POLICY External IP Lookup - checkip.dyndns.org*
9
2012-10-07T07:34:55.823137-070081.207.101.66172.16.253.129ET POLICY TLS possible TOR SSL traffic*
10
2012-10-07T07:34:34.752289-0700216.146.38.70172.16.253.129ET POLICY DynDNS CheckIp External IP Address Server Response*
11
2012-10-07T07:35:11.310052-0700172.16.253.129216.146.38.70ET POLICY External IP Lookup - checkip.dyndns.org*
12
2012-10-07T07:35:11.310337-0700216.146.38.70172.16.253.129ET POLICY DynDNS CheckIp External IP Address Server Response*
13
2012-10-07T07:35:12.770982-070063.141.201.75172.16.253.129ET POLICY TLS possible TOR SSL traffic*
14
2012-10-07T07:34:55.398016-070077.247.181.164172.16.253.129ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 726*
15
2012-10-07T07:34:55.767902-070085.112.165.75172.16.253.129ET POLICY TLS possible TOR SSL traffic*
16
2012-10-07T07:34:55.772877-0700171.25.193.235172.16.253.129ET POLICY TLS possible TOR SSL traffic*
17
2012-10-07T07:35:12.756737-0700178.27.60.78172.16.253.129ET POLICY TLS possible TOR SSL traffic*
18
2012-10-07T07:35:12.796204-0700193.107.86.236172.16.253.129ET POLICY TLS possible TOR SSL traffic*
19
2012-10-07T07:35:33.436542-070037.247.50.143172.16.253.129ET POLICY TLS possible TOR SSL traffic*
20
2012-10-07T07:35:12.830539-0700213.239.220.43172.16.253.129ET POLICY TLS possible TOR SSL traffic*
DNS 11
Showing 1-11 of 11 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2012-10-07T07:34:34.639954-0700172.16.253.1298.8.8.8querycheckip.dyndns.orgA(not set)
2
2012-10-07T07:34:34.640077-0700172.16.253.1294.2.2.2querycheckip.dyndns.orgA(not set)
3
2012-10-07T07:34:34.654005-07004.2.2.2172.16.253.129answercheckip.dyndns.orgA(not set)
4
2012-10-07T07:34:34.655124-07008.8.8.8172.16.253.129answercheckip.dyndns.orgA(not set)
5
2012-10-07T07:37:05.925589-0700172.16.253.1298.8.8.8querywww.google.comA(not set)
6
2012-10-07T07:37:05.925678-0700172.16.253.1294.2.2.2querywww.google.comA(not set)
7
2012-10-07T07:37:05.941825-07004.2.2.2172.16.253.129answerwww.google.comA(not set)
8
2012-10-07T07:37:05.941849-07008.8.8.8172.16.253.129answerwww.google.comA(not set)
9
2012-10-07T08:37:34.346830-0700172.16.253.1298.8.8.8querywww.google.comA(not set)
10
2012-10-07T08:37:34.346964-0700172.16.253.1294.2.2.2querywww.google.comA(not set)
11
2012-10-07T08:37:34.365083-07008.8.8.8172.16.253.129answerwww.google.comA(not set)
TLS 72
Showing 1-20 of 72 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2012-10-07T07:34:35.564364-0700172.16.253.129128.31.0.39TLSv1www.seu4oxkf6.com
2
2012-10-07T07:34:49.022194-0700172.16.253.12986.59.21.38TLSv1www.fjpv.com
3
2012-10-07T07:34:55.520311-0700172.16.253.129209.240.71.9TLSv1www.pdpqsu.com
4
2012-10-07T07:34:55.541480-0700172.16.253.129173.208.205.244TLSv1www.dbyryztrr7sui3rskjvikes.com
5
2012-10-07T07:34:55.554484-0700172.16.253.12996.44.189.101TLSv1www.rix56ao4hxldum4zbyim.com
6
2012-10-07T07:34:55.575942-0700172.16.253.12931.172.30.1TLSv1www.ebd7caljnsax.com
7
2012-10-07T07:34:55.582862-0700172.16.253.12968.169.35.102TLSv1www.dl2eypxu3.com
8
2012-10-07T07:34:55.588443-0700172.16.253.12987.106.249.118TLSv1www.qnqxclmrk2cqskkb732czjma.com
9
2012-10-07T07:34:55.643553-0700172.16.253.12937.130.227.132TLSv1www.xf3225vc7drvcgborjll3.com
10
2012-10-07T07:34:55.569013-0700172.16.253.12937.130.227.134TLSv1www.uabjbwhkanlomodm5xst.com
11
2012-10-07T07:34:55.631548-0700172.16.253.12987.236.194.158TLSv1www.bxstw.com
12
2012-10-07T07:34:55.637411-0700172.16.253.12984.19.178.7TLSv1www.7dezfrpxuvmtr.com
13
2012-10-07T07:34:55.765366-0700172.16.253.12986.49.32.49TLSv1www.ytedf3vqd4hxjo7rmhe6.com
14
2012-10-07T07:34:55.649879-0700172.16.253.1295.39.97.46TLSv1www.pcnia4i6e6w.com
15
2012-10-07T07:34:55.674704-0700172.16.253.129195.191.16.63TLSv1www.ofbw37.com
16
2012-10-07T07:34:55.736163-0700172.16.253.129188.165.201.112TLSv1www.ecajni2stg3733w4jgi75.com
17
2012-10-07T07:34:55.773058-0700172.16.253.12981.207.101.66TLSv1www.cx7dg5bcn4cy.com
18
2012-10-07T07:35:12.557380-0700172.16.253.12996.44.189.101TLSv1www.4x4fp.com
19
2012-10-07T07:35:12.628798-0700172.16.253.12974.120.13.132TLSv1www.busdvimuibiundyob3e74js.com
20
2012-10-07T07:35:12.682267-0700172.16.253.12986.59.119.82TLSv1www.3lwerxmlqmq2jsjioqgx5kkyc.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 133
Showing 1-20 of 133 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2012-10-07T07:34:34.751266-0700172.16.253.129checkip.dyndns.org80GET/200
2
2012-10-07T07:35:11.310052-0700172.16.253.129checkip.dyndns.org80GET/200
3
2012-10-07T07:40:42.328155-0700172.16.253.129188.173.32.14991GET/test.txt200
4
2012-10-07T07:40:48.124478-0700172.16.253.129188.173.32.14991POST/200
5
2012-10-07T07:42:45.037704-0700172.16.253.129188.173.32.14991POST/200
6
2012-10-07T07:41:49.221400-0700172.16.253.129188.173.32.14991POST/200
7
2012-10-07T07:43:56.830004-0700172.16.253.129188.173.32.14991POST/200
8
2012-10-07T07:44:00.213792-0700172.16.253.129188.173.32.14991POST/200
9
2012-10-07T07:44:00.819698-0700172.16.253.129188.173.32.14991POST/200
10
2012-10-07T07:44:15.209708-0700172.16.253.129188.173.32.14991POST/200
11
2012-10-07T07:48:40.907665-0700172.16.253.129188.173.32.14991POST/200
12
2012-10-07T07:45:18.769430-0700172.16.253.129188.173.32.14991POST/200
13
2012-10-07T07:50:37.301381-0700172.16.253.129188.173.32.14991POST/200
14
2012-10-07T07:48:40.348627-0700172.16.253.129188.173.32.14991POST/200
15
2012-10-07T07:52:34.454243-0700172.16.253.129188.173.32.14991POST/200
16
2012-10-07T07:49:42.846700-0700172.16.253.129188.173.32.14991POST/200
17
2012-10-07T07:50:37.301336-0700172.16.253.129188.173.32.14991POST/200
18
2012-10-07T07:51:38.888933-0700172.16.253.129188.173.32.14991POST/200
19
2012-10-07T07:57:31.531432-0700172.16.253.129188.173.32.14991POST/200
20
2012-10-07T07:40:47.573581-0700172.16.253.129188.173.32.14991POST/200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 216
Showing 1-20 of 216 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2012-10-07T07:34:55.526083-07001960947092299989flow172.16.253.25467172.16.253.12968UDPpcapanalyzer
2
2012-10-07T07:34:55.689599-07001997810796534976flow172.16.253.254(not set)172.16.253.129(not set)ICMPpcapanalyzer
3
2012-10-07T07:34:55.689599-07001960947092303304flow172.16.253.25467172.16.253.12968UDPpcapanalyzer
4
2012-10-07T07:37:06.054628-0700169881307488459flow172.16.253.1291564216.224.124.1149090TCPpcapanalyzer
5
2012-10-07T07:37:06.054628-07001292280815865677flow172.16.253.1291132216.146.38.7080TCPpcapanalyzer
6
2012-10-07T08:59:01.162875-07001126125742363631flow172.16.253.1293226212.117.177.1109001TCPpcapanalyzer
7
2012-10-07T08:59:01.162875-07001408266423320031flow109.105.109.16344945172.16.253.1292245TCPpcapanalyzer
8
2012-10-07T08:59:01.162875-0700283320265382218flow172.16.253.1293363188.173.32.14991TCPpcapanalyzer
9
2012-10-07T08:59:01.162875-07001410311010241057flow172.16.253.1293320188.173.32.14991TCPpcapanalyzer
10
2012-10-07T08:59:01.162875-0700707237863267104flow172.16.253.1293377188.173.32.14991TCPpcapanalyzer
11
2012-10-07T08:59:01.162875-0700988936201329445flow172.16.253.1293391188.173.32.14991TCPpcapanalyzer
12
2012-10-07T08:59:01.162875-07001271351441556464flow172.16.253.129312786.49.32.499001TCPpcapanalyzer
13
2012-10-07T08:59:01.162875-0700287370258689696flow172.16.253.1293280188.173.32.14991TCPpcapanalyzer
14
2012-10-07T08:59:01.162875-0700146645702496820flow172.16.253.1293305173.194.68.9980TCPpcapanalyzer
15
2012-10-07T08:59:01.162875-07001695732865119929flow172.16.253.1293116195.191.16.63443TCPpcapanalyzer
16
2012-10-07T08:59:01.162875-07001977250911085273flow172.16.253.1293278188.173.32.14991TCPpcapanalyzer
17
2012-10-07T08:59:01.162875-0700288714473813657flow172.16.253.129321394.23.215.1859001TCPpcapanalyzer
18
2012-10-07T08:59:01.162875-0700289358710052128flow172.16.253.129318389.105.41.162443TCPpcapanalyzer
19
2012-10-07T08:59:01.162875-07001134582504114727flow172.16.253.1293160176.9.41.347540TCPpcapanalyzer
20
2012-10-07T08:59:01.162875-0700572728085197826flow172.16.253.1293381188.173.32.14991TCPpcapanalyzer
File 254
Showing 1-20 of 254 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2012-10-07T07:34:34.751266-0700216.146.38.70172.16.253.129/HTML document, ASCII text, with CRLF line terminators105
2
2012-10-07T07:35:11.310052-0700216.146.38.70172.16.253.129/HTML document, ASCII text, with CRLF line terminators105
3
2012-10-07T07:40:42.328155-0700188.173.32.149172.16.253.129/test.txtASCII text3
4
2012-10-07T07:40:47.747986-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
5
2012-10-07T07:40:48.124478-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
6
2012-10-07T07:42:44.665010-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
7
2012-10-07T07:41:48.845713-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
8
2012-10-07T07:42:45.037704-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
9
2012-10-07T07:41:49.221400-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
10
2012-10-07T07:43:46.595153-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
11
2012-10-07T07:43:56.830004-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
12
2012-10-07T07:43:56.975950-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
13
2012-10-07T07:43:56.976867-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
14
2012-10-07T07:44:00.447397-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
15
2012-10-07T07:44:00.213792-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
16
2012-10-07T07:44:00.819698-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
17
2012-10-07T07:44:15.209708-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591
18
2012-10-07T07:45:18.395023-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
19
2012-10-07T07:48:40.533374-0700172.16.253.129188.173.32.149/ASCII text, with CRLF line terminators45
20
2012-10-07T07:48:40.907665-0700188.173.32.149172.16.253.129/ASCII text, with very long lines, with no line terminators591

Comments

Update Download PCAP Delete