06330LT.939084.4194c5f47fe738f2d6ce898c2e3ec11e.pcap

MD5815b0000c4441bac742a13cd89260a47
Submission Date2019-08-19 12:05:24
Tags(not set)
Alert 14
Showing 1-14 of 14 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-19T10:04:33.684534-0700192.168.1.8023.10.249.49ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))*
2
2019-08-19T10:04:33.816618-0700192.168.1.8023.10.249.49ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))*
3
2019-08-19T10:04:47.084592-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
4
2019-08-19T10:04:48.300408-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
5
2019-08-19T10:04:49.284751-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
6
2019-08-19T10:04:49.636341-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
7
2019-08-19T10:04:49.916606-0700192.168.1.8082.80.204.5ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
8
2019-08-19T10:04:50.944430-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
9
2019-08-19T10:04:51.024764-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
10
2019-08-19T10:04:51.556199-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
11
2019-08-19T10:04:40.492394-070023.10.249.49192.168.1.80ET POLICY PE EXE or DLL Windows file download HTTP*
12
2019-08-19T10:04:51.620934-0700192.168.1.80216.58.213.206ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
13
2019-08-19T10:04:51.556199-0700192.168.1.8082.80.204.14ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
14
2019-08-19T10:04:51.556199-0700192.168.1.8082.80.204.14ET MALWARE Misspelled Mozilla User-Agent (Mozila)*
DNS 32
Showing 1-20 of 32 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-19T10:04:23.382263-0700192.168.1.808.8.8.8queryctldl.windowsupdate.comA(not set)
2
2019-08-19T10:04:23.408706-07008.8.8.8192.168.1.80answerctldl.windowsupdate.comA(not set)
3
2019-08-19T10:04:33.455027-0700192.168.1.808.8.8.8querywww5l.incredimail.comA(not set)
4
2019-08-19T10:04:33.492887-07008.8.8.8192.168.1.80answerwww5l.incredimail.comA(not set)
5
2019-08-19T10:04:35.671126-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
6
2019-08-19T10:04:35.696272-07008.8.8.8192.168.1.80answerdownload.mozilla.orgA(not set)
7
2019-08-19T10:04:36.663895-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
8
2019-08-19T10:04:36.679193-07008.8.8.8192.168.1.80answerdownload.mozilla.orgA(not set)
9
2019-08-19T10:04:37.407695-0700192.168.1.808.8.8.8querywww.mozilla.orgA(not set)
10
2019-08-19T10:04:37.430314-07008.8.8.8192.168.1.80answerwww.mozilla.orgA(not set)
11
2019-08-19T10:04:37.464970-0700192.168.1.808.8.8.8querywww.google.comA(not set)
12
2019-08-19T10:04:37.494094-07008.8.8.8192.168.1.80answerwww.google.comA(not set)
13
2019-08-19T10:04:37.663318-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
14
2019-08-19T10:04:37.678052-07008.8.8.8192.168.1.80answerdownload.mozilla.orgA(not set)
15
2019-08-19T10:04:36.056375-0700192.168.1.808.8.8.8querytiles.services.mozilla.comA(not set)
16
2019-08-19T10:04:36.078037-07008.8.8.8192.168.1.80answertiles.services.mozilla.comA(not set)
17
2019-08-19T10:04:37.942842-0700192.168.1.808.8.8.8querysnippets.cdn.mozilla.netA(not set)
18
2019-08-19T10:04:37.958338-07008.8.8.8192.168.1.80answersnippets.cdn.mozilla.netA(not set)
19
2019-08-19T10:04:39.663705-0700192.168.1.808.8.8.8querydownload.mozilla.orgA(not set)
20
2019-08-19T10:04:39.686867-07008.8.8.8192.168.1.80answerdownload.mozilla.orgA(not set)
TLS 5
Showing 1-5 of 5 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-08-19T10:04:36.577582-0700192.168.1.8034.252.111.173TLS 1.2location.services.mozilla.com
2
2019-08-19T10:04:36.800661-0700192.168.1.8052.33.147.163TLS 1.2tiles.services.mozilla.com
3
2019-08-19T10:04:37.628598-0700192.168.1.80216.58.213.196TLS 1.2www.google.com
4
2019-08-19T10:04:38.349206-0700192.168.1.8099.86.240.58TLS 1.2snippets.cdn.mozilla.net
5
2019-08-19T10:04:42.988116-0700192.168.1.80172.217.16.78TLS 1.2safebrowsing.google.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 13
Showing 1-13 of 13 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-19T10:04:33.684534-0700192.168.1.80www5l.incredimail.com80GET/incredibar/skywalker/update_tail/Config_File/5086/Config.bin404
2
2019-08-19T10:04:47.156398-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={481D24FD-EDA2-4DFC-905F-8DC9AEF9FE74}&productId=41500
3
2019-08-19T10:04:48.300408-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={5B37629F-234D-4FD6-8939-58559DCA817E}&productId=41500
4
2019-08-19T10:04:49.284751-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={C16B18D9-A948-4687-AA91-A239EB8E3505}&productId=41500
5
2019-08-19T10:04:49.636341-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={02FE90EF-69D2-4203-9D40-CF3B06455426}&productId=41500
6
2019-08-19T10:04:49.916606-0700192.168.1.80cen.incredimail.com80GET/h/upn.aspx?r={118A134D-7FDF-4FDB-99DE-0E001D2E9675}&productId=41500
7
2019-08-19T10:04:50.944430-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SW*SW_5086_Active)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
8
2019-08-19T10:04:51.024764-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SkyWalker*SkyWalker_0_InActive)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
9
2019-08-19T10:04:51.556199-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SW*SW_5086_Active)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
10
2019-08-19T10:04:51.620934-0700192.168.1.80www.google-analytics.com80GET/__utm.gif?utmwv=5.3.8&utmn=62222440&utms=9&utmt=event&utme=5(Activation_Status*SkyWalker*SkyWalker_0_InActive)&utmcs=UTF-8&utmsr=-&utmsc=-&utmul=-&utmje=1&utmfl=-&utmdt=-&utmhn=www.incredibar.com&utmr=res://C:/Windows/system32/dmwu.exe/11111&utmp=stats&utmac=UA-25323614-30&utmcc=__utma%3D48424598.1287518980.1566259200000.1566259200000.1566259200000.2%3B%2B__utmb%3D48424598%3B%2B__utmc%3D48424598%3B%2B__utmz%3D48424598.1566259200000.2.2.utmccn%3D(referral)%7Cutmcsr%3DC:/Windows/system32/dmwu.exe%7Cutmcct%3D/11111%7Cutmcmd%3Dreferral%3B%2B__utmv%3D48424598.-%3B200
11
2019-08-19T10:04:52.556538-0700192.168.1.80www5l.incredimail.com80GET/incredibar/skywalker/update_tail/Unified/5086/SkywalkerSetup.exe200
12
2019-08-19T10:04:51.556199-0700192.168.1.80s4.perion.com80POST/AppServer/ceb.aspx(not set)
13
2019-08-19T10:04:51.556199-0700192.168.1.80s4.perion.com80POST/AppServer/ceb.aspx(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 25
Showing 1-20 of 25 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-19T10:04:51.556199-0700427155278584887flow192.168.1.80543978.8.8.853UDPpcapanalyzer
2
2019-08-19T10:04:51.556199-0700857399332303219flow192.168.1.80555268.8.8.853UDPpcapanalyzer
3
2019-08-19T10:04:51.556199-0700585630982271248flow192.168.1.8049169172.217.16.78443TCPpcapanalyzer
4
2019-08-19T10:04:51.556199-07002148264638571560flow192.168.1.80609548.8.8.853UDPpcapanalyzer
5
2019-08-19T10:04:51.556199-07001588162249054406flow192.168.1.8049174216.58.213.20680TCPpcapanalyzer
6
2019-08-19T10:04:51.556199-0700747495413503287flow192.168.1.80515718.8.8.853UDPpcapanalyzer
7
2019-08-19T10:04:51.556199-0700468717677098096flow192.168.1.804916552.33.147.163443TCPpcapanalyzer
8
2019-08-19T10:04:51.556199-07001174475293170654flow192.168.1.801900239.255.255.2501900UDPpcapanalyzer
9
2019-08-19T10:04:51.556199-0700614798104825975flow192.168.1.8049167216.58.213.196443TCPpcapanalyzer
10
2019-08-19T10:04:51.556199-0700757811926658960flow192.168.1.804917282.80.204.1480TCPpcapanalyzer
11
2019-08-19T10:04:51.556199-07001334132113027780flow192.168.1.80579678.8.8.853UDPpcapanalyzer
12
2019-08-19T10:04:51.556199-0700208416889172791flow192.168.1.80505468.8.8.853UDPpcapanalyzer
13
2019-08-19T10:04:51.556199-07001056290678959803flow192.168.1.8049173216.58.213.20680TCPpcapanalyzer
14
2019-08-19T10:04:51.556199-07001906054252412310flow192.168.1.80513658.8.8.853UDPpcapanalyzer
15
2019-08-19T10:04:51.556199-07001626408931983287flow192.168.1.804916899.86.240.58443TCPpcapanalyzer
16
2019-08-19T10:04:51.556199-07001632928692198031flow192.168.1.804916634.252.111.173443TCPpcapanalyzer
17
2019-08-19T10:04:51.556199-07002201951730275554flow192.168.1.80561678.8.8.853UDPpcapanalyzer
18
2019-08-19T10:04:51.556199-0700384789720930566flow192.168.1.804916223.10.249.4980TCPpcapanalyzer
19
2019-08-19T10:04:51.556199-07002219917578461754flow192.168.1.804917182.80.204.1480TCPpcapanalyzer
20
2019-08-19T10:04:51.556199-07001940465531627074flow23.37.43.2780192.168.1.8049161TCPpcapanalyzer
File 13
Showing 1-13 of 13 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-19T10:04:33.684534-070023.10.249.49192.168.1.80/incredibar/skywalker/update_tail/Config_File/5086/Config.binHTML document, ASCII text, with CRLF line terminators169
2
2019-08-19T10:04:47.156398-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
3
2019-08-19T10:04:49.818257-0700192.168.1.8082.80.204.14/AppServer/ceb.aspxASCII text, with no line terminators262
4
2019-08-19T10:04:48.300408-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
5
2019-08-19T10:04:49.284751-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
6
2019-08-19T10:04:49.636341-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
7
2019-08-19T10:04:49.916606-070082.80.204.5192.168.1.80/h/upn.aspxHTML document, ASCII text, with CRLF line terminators4723
8
2019-08-19T10:04:50.944430-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
9
2019-08-19T10:04:51.024764-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
10
2019-08-19T10:04:51.556199-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
11
2019-08-19T10:04:49.602111-0700192.168.1.8082.80.204.14/AppServer/ceb.aspxASCII text, with very long lines, with no line terminators354
12
2019-08-19T10:04:51.620934-0700216.58.213.206192.168.1.80/__utm.gifGIF image data, version 89a, 1 x 135
13
2019-08-19T10:04:52.556538-070023.10.249.49192.168.1.80/incredibar/skywalker/update_tail/Unified/5086/SkywalkerSetup.exePE32 executable (GUI) Intel 80386, for MS Windows3610400

Comments(not set)

Update Download PCAP Delete