Sample_Traffic (2) (1).pcap

MD54c58c645061d62e63195d3f25b9611f1
Submission Date2018-07-05 08:06:05
Tagsfiesta-ek miuref
Alert 28
Showing 1-20 of 28 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2014-12-08T15:19:02.396437-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
2
2014-12-08T15:18:50.744601-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
3
2014-12-08T15:18:50.744601-0800192.168.204.137205.234.186.111ET POLICY Outdated Flash Version M1*
4
2014-12-08T15:18:50.744601-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta Flash Exploit URI Struct*
5
2014-12-08T15:19:09.779789-0800192.168.204.137209.239.112.229ET TROJAN Miuref/Boaxxe Checkin*
6
2014-12-08T15:19:09.779789-0800192.168.204.137209.239.112.229ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1*
7
2014-12-08T15:19:21.715674-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
8
2014-12-08T15:18:54.673292-0800205.234.186.111192.168.204.137ET CURRENT_EVENTS Fiesta EK Flash Exploit Apr 23 2015*
9
2014-12-08T15:18:55.229241-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
10
2014-12-08T15:18:55.250555-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
11
2014-12-08T15:19:24.107376-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
12
2014-12-08T15:18:57.696333-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
13
2014-12-08T15:19:24.747148-0800192.168.204.137205.234.186.111ET POLICY Vulnerable Java Version 1.6.x Detected*
14
2014-12-08T15:19:24.747148-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Unknown - Java Request - gt 60char hex-ascii*
15
2014-12-08T15:19:04.936491-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
16
2014-12-08T15:19:28.427266-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
17
2014-12-08T15:19:28.427266-0800192.168.204.137205.234.186.111ET POLICY Vulnerable Java Version 1.6.x Detected*
18
2014-12-08T15:19:28.427266-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Unknown - Java Request - gt 60char hex-ascii*
19
2014-12-08T15:19:32.265978-0800192.168.204.137205.234.186.111ET CURRENT_EVENTS Fiesta URI Struct*
20
2014-12-08T15:19:25.000784-0800205.234.186.111192.168.204.137ET INFO JAVA - Java Archive Download By Vulnerable Client*
DNS 32
Showing 1-20 of 32 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2014-12-08T15:18:41.809017-0800192.168.204.137192.168.204.2querywww.excelforum.comA(not set)
2
2014-12-08T15:18:41.965228-0800192.168.204.2192.168.204.137answerwww.excelforum.comA(not set)
3
2014-12-08T15:18:42.065915-0800192.168.204.137192.168.204.2queryisatap.localdomainA(not set)
4
2014-12-08T15:18:42.847675-0800192.168.204.137192.168.204.2querymagggnitia.comA(not set)
5
2014-12-08T15:18:42.864479-0800192.168.204.137192.168.204.2querytime.windows.comA(not set)
6
2014-12-08T15:18:42.985851-0800192.168.204.2192.168.204.137answermagggnitia.comA(not set)
7
2014-12-08T15:18:43.122587-0800192.168.204.2192.168.204.137answertime.windows.comA(not set)
8
2014-12-08T15:18:43.073336-0800192.168.204.137192.168.204.2querypagead2.googlesyndication.comA(not set)
9
2014-12-08T15:18:43.242417-0800192.168.204.2192.168.204.137answerpagead2.googlesyndication.comA(not set)
10
2014-12-08T15:18:44.829290-0800192.168.204.137192.168.204.2querywww.gstatic.comA(not set)
11
2014-12-08T15:18:44.977611-0800192.168.204.2192.168.204.137answerwww.gstatic.comA(not set)
12
2014-12-08T15:18:45.545042-0800192.168.204.137192.168.204.2querycode.jquery.comA(not set)
13
2014-12-08T15:18:45.680610-0800192.168.204.2192.168.204.137answercode.jquery.comA(not set)
14
2014-12-08T15:18:46.323045-0800192.168.204.137192.168.204.2querytracking.formisimo.comA(not set)
15
2014-12-08T15:18:46.473061-0800192.168.204.2192.168.204.137answertracking.formisimo.comA(not set)
16
2014-12-08T15:18:44.829859-0800192.168.204.137192.168.204.2querygoogleads.g.doubleclick.netA(not set)
17
2014-12-08T15:18:47.991996-0800192.168.204.137192.168.204.2querydigiwebname.inA(not set)
18
2014-12-08T15:18:48.138767-0800192.168.204.2192.168.204.137answerdigiwebname.inA(not set)
19
2014-12-08T15:18:44.952773-0800192.168.204.137192.168.204.2querycdn-static.formisimo.comA(not set)
20
2014-12-08T15:18:44.953351-0800192.168.204.137192.168.204.2querywww.google-analytics.comA(not set)
TLS 5
Showing 1-5 of 5 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2014-12-08T15:18:46.866006-0800192.168.204.137173.194.112.17TLSv1(not set)
2
2014-12-08T15:18:47.478946-0800192.168.204.137173.194.112.26TLSv1(not set)
3
2014-12-08T15:18:47.479510-0800192.168.204.137173.194.112.17TLSv1www.google.com
4
2014-12-08T15:18:46.866006-0800192.168.204.137173.194.112.17TLSv1(not set)
5
2014-12-08T15:18:47.519951-0800192.168.204.137173.194.112.26TLSv1(not set)
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 100
Showing 1-20 of 100 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2014-12-08T15:18:41.791185-0800192.168.204.137www.google.de80GET/url?url=http://www.excelforum.com/&rct=j&frm=1&q=&esrc=s&sa=U&ei=yDGGVJmOOMv6UpregYgB&ved=0CCsQFjAD&usg=AFQjCNEaastQ4Jl1-R8Ba_-j6m7GMzl4dg200
2
2014-12-08T15:18:41.791255-0800192.168.204.137www.google.de80GET/favicon.ico(not set)
3
2014-12-08T15:18:41.791255-0800192.168.204.137www.excelforum.com80GET/200
4
2014-12-08T15:18:43.289061-0800192.168.204.137magggnitia.com80GET/?Q2WP=p4VpeSdhe5ba&nw3=9n6MZfU9I_1Ydl8y&9M5to=_8w6t8o4W_abrev&GgiMa=8Hfr8Tlcgkd0sfV&t6Mry=I6n2200
5
2014-12-08T15:18:43.339674-0800192.168.204.137www.excelforum.com80GET/clientscript/vbulletin_read_marker.js?v=418200
6
2014-12-08T15:18:43.341854-0800192.168.204.137www.excelforum.com80GET/clientscript/vbulletin_css/style00014l/additional.css?d=1416658908200
7
2014-12-08T15:18:45.359918-0800192.168.204.137www.gstatic.com80GET/pub-config/ca-pub-8275723683113357.js200
8
2014-12-08T15:18:43.821534-0800192.168.204.137www.excelforum.com80GET/clientscript/vbulletin_css/style00014l/forumhome-rollup.css?d=1416658908(not set)
9
2014-12-08T15:18:43.959788-0800192.168.204.137www.excelforum.com80GET/clientscript/vbulletin1-core.js?v=418200
10
2014-12-08T15:18:44.782697-0800192.168.204.137www.excelforum.com80GET/images/site_icons/password.png(not set)
11
2014-12-08T15:18:43.591392-0800192.168.204.137www.excelforum.com80GET/clientscript/zero-clipboard.js200
12
2014-12-08T15:18:45.439425-0800192.168.204.137cdn-static.formisimo.com80GET/tracking/js/tracking.js200
13
2014-12-08T15:18:45.045537-0800192.168.204.137www.excelforum.com80GET/images/gradients/gradient-grey-down.png200
14
2014-12-08T15:18:43.602871-0800192.168.204.137www.excelforum.com80GET/clientscript/vbulletin_md5.js?v=418200
15
2014-12-08T15:18:43.623766-0800192.168.204.137pagead2.googlesyndication.com80GET/pagead/show_ads.js200
16
2014-12-08T15:18:43.734476-0800192.168.204.137www.excelforum.com80GET/css.php?styleid=14&langid=1&d=1416658908&sheet=MARCO1_CKEditor_CSS.css200
17
2014-12-08T15:18:45.659527-0800192.168.204.137www.google-analytics.com80GET/ga.js200
18
2014-12-08T15:18:45.909514-0800192.168.204.137www.google-analytics.com80GET/r/__utm.gif?utmwv=5.6.1&utms=1&utmn=1299414959&utmhn=www.excelforum.com&utmcs=iso-8859-1&utmsr=1593x900&utmvp=791x382&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.8%20r800&utmdt=Excel%20Help%20Forum&utmhid=690431507&utmr=http%3A%2F%2Fwww.google.de%2Furl%3Furl%3Dhttp%3A%2F%2Fwww.excelforum.com%2F%26rct%3Dj%26frm%3D1%26q%3D%26esrc%3Ds%26sa%3DU%26ei%3DyDGGVJmOOMv6UpregYgB%26ved%3D0CCsQFjAD%26usg%3DAFQjCNEaastQ4Jl1-R8Ba_-j6m7GMzl4dg&utmp=%2F&utmht=1418080725254&utmac=UA-12683290-1&utmcc=__utma%3D247040464.1808524930.1418080725.1418080725.1418080725.1%3B%2B__utmz%3D247040464.1418080725.1.1.utmcsr%3Dgoogle%7Cutmccn%3D(organic)%7Cutmcmd%3Dorganic%7Cutmctr%3D(not%2520provided)%3B&utmjid=182764066&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAQAAAAE~200
19
2014-12-08T15:18:45.045862-0800192.168.204.137www.excelforum.com80GET/images/sidebar/search.png(not set)
20
2014-12-08T15:18:45.302273-0800192.168.204.137www.excelforum.com80GET/images/sidebar/profile.png200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 76
Showing 1-20 of 76 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2014-12-08T15:19:49.718858-08001841276937959045flow192.168.204.13749246173.194.112.24443TCPpcapanalyzer
2
2014-12-08T15:19:49.718858-0800727065784571961flow192.168.204.13758818192.168.204.253UDPpcapanalyzer
3
2014-12-08T15:19:49.718858-0800654891006689659flow192.168.204.13758832192.168.204.253UDPpcapanalyzer
4
2014-12-08T15:19:49.718858-0800430438163296479flow192.168.204.13749795192.168.204.253UDPpcapanalyzer
5
2014-12-08T15:19:49.718858-0800993811173772959flow192.168.204.13749291205.234.186.11180TCPpcapanalyzer
6
2014-12-08T15:19:49.718858-0800714101425998855flow192.168.204.13751383192.168.204.253UDPpcapanalyzer
7
2014-12-08T15:19:49.718858-08001840647725325944flow192.168.204.13763865192.168.204.253UDPpcapanalyzer
8
2014-12-08T15:19:49.718858-08002127291696072873flow192.168.204.13749284205.234.186.11180TCPpcapanalyzer
9
2014-12-08T15:19:49.718858-0800721359921394081flow192.168.204.13749283205.234.186.11180TCPpcapanalyzer
10
2014-12-08T15:19:49.718858-0800866216285545809flow192.168.204.13749293205.234.186.11180TCPpcapanalyzer
11
2014-12-08T15:19:49.718858-08001853874077429172flow192.168.204.13749276173.194.112.26443TCPpcapanalyzer
12
2014-12-08T15:19:49.718858-0800170349978277291flow192.168.204.137137192.168.204.2137UDPpcapanalyzer
13
2014-12-08T15:19:49.718858-08002001584446383471flow192.168.204.13768255.255.255.25567UDPpcapanalyzer
14
2014-12-08T15:19:49.718858-0800877462654647722flow192.168.204.1374926594.31.29.5380TCPpcapanalyzer
15
2014-12-08T15:19:49.718858-08001863003030364924flow192.168.204.13754420192.168.204.253UDPpcapanalyzer
16
2014-12-08T15:19:49.718858-08002004513612549027flow192.168.204.1374925569.167.155.13480TCPpcapanalyzer
17
2014-12-08T15:19:49.718858-08001303843387797794flow192.168.204.13749289205.234.186.11180TCPpcapanalyzer
18
2014-12-08T15:19:49.718858-0800321414713446068flow192.168.204.1374925894.242.216.6980TCPpcapanalyzer
19
2014-12-08T15:19:49.718858-080040289780008810flow192.168.204.13749243173.194.112.24443TCPpcapanalyzer
20
2014-12-08T15:19:49.718858-08001026770752309884flow192.168.204.137137192.168.204.255137UDPpcapanalyzer
File 99
Showing 1-20 of 99 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2014-12-08T15:18:41.791185-0800173.194.112.24192.168.204.137/urlHTML document, ASCII text, with very long lines1055
2
2014-12-08T15:18:41.791255-080069.167.155.134192.168.204.137/HTML document, ASCII text, with CRLF, LF line terminators7548
3
2014-12-08T15:18:42.033162-0800173.194.112.24192.168.204.137/favicon.icoMS Windows icon resource - 2 icons, 16x165430
4
2014-12-08T15:18:43.289061-080094.242.216.69192.168.204.137/ASCII text, with very long lines, with no line terminators1947
5
2014-12-08T15:18:43.339674-080069.167.155.134192.168.204.137/clientscript/vbulletin_read_marker.jsISO-8859 text, with very long lines4446
6
2014-12-08T15:18:43.959788-080069.167.155.134192.168.204.137/clientscript/vbulletin1-core.jsUTF-8 Unicode text, with very long lines51202
7
2014-12-08T15:18:45.359918-0800173.194.112.23192.168.204.137/pub-config/ca-pub-8275723683113357.jsASCII text, with no line terminators107
8
2014-12-08T15:18:44.075821-080069.167.155.134192.168.204.137/clientscript/vbulletin_css/style00014l/forumhome-rollup.cssASCII text, with very long lines, with no line terminators16407
9
2014-12-08T15:18:43.591392-080069.167.155.134192.168.204.137/clientscript/zero-clipboard.jsASCII text, with CRLF line terminators20303
10
2014-12-08T15:18:45.439425-080054.230.44.211192.168.204.137/tracking/js/tracking.jsASCII text, with very long lines, with no line terminators6896
11
2014-12-08T15:18:43.602871-080069.167.155.134192.168.204.137/clientscript/vbulletin_md5.jsASCII text, with very long lines, with no line terminators5464
12
2014-12-08T15:18:43.623766-0800173.194.112.26192.168.204.137f.txtASCII text, with very long lines19470
13
2014-12-08T15:18:45.045537-080069.167.155.134192.168.204.137/images/gradients/gradient-grey-down.pngPNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced182
14
2014-12-08T15:18:43.734476-080069.167.155.134192.168.204.137/css.phpASCII text, with CRLF line terminators72
15
2014-12-08T15:18:45.659527-0800173.194.112.8192.168.204.137/ga.jsASCII text, with very long lines40937
16
2014-12-08T15:18:45.045785-080069.167.155.134192.168.204.137/images/site_icons/password.pngPNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced620
17
2014-12-08T15:18:45.300202-080069.167.155.134192.168.204.137/images/sidebar/search.pngPNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced1666
18
2014-12-08T15:18:45.302273-080069.167.155.134192.168.204.137/images/sidebar/profile.pngPNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced1757
19
2014-12-08T15:18:45.689106-080069.167.155.134192.168.204.137/images/site_icons/homepage.pngPNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced225
20
2014-12-08T15:18:45.909514-0800173.194.112.8192.168.204.137/r/__utm.gifGIF image data, version 89a, 1 x 135

Comments

Update Download PCAP Delete