939806.dump.1bf0542000afb4b6a3d8d2e0bd8731e5.pcap

MD589ffec4c706e8a8424f1cfea26a2f329
Submission Date2019-08-20 10:10:00
Tags(not set)
Alert 0
#
TimestampSrc IpDest IpAlert SignatureP
No results found.
DNS 56
Showing 1-20 of 56 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-20T09:09:54.162512-0700192.168.1.728.8.8.8queryak.pipoffers.apnpartners.comA(not set)
2
2019-08-20T09:09:54.246932-07008.8.8.8192.168.1.72answerak.pipoffers.apnpartners.comA(not set)
3
2019-08-20T09:09:51.812488-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
4
2019-08-20T09:09:51.840569-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
5
2019-08-20T09:09:52.828955-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
6
2019-08-20T09:09:52.857866-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
7
2019-08-20T09:09:55.663321-0700192.168.1.728.8.8.8querypipoffers.apnpartners.comA(not set)
8
2019-08-20T09:09:55.710834-07008.8.8.8192.168.1.72answerpipoffers.apnpartners.comA(not set)
9
2019-08-20T09:09:56.881946-0700192.168.1.728.8.8.8queryoffers.offercast.comA(not set)
10
2019-08-20T09:09:56.922653-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
11
2019-08-20T09:09:56.951427-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
12
2019-08-20T09:09:56.964769-07008.8.8.8192.168.1.72answeroffers.offercast.comA(not set)
13
2019-08-20T09:10:00.937208-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
14
2019-08-20T09:10:00.966340-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
15
2019-08-20T09:10:07.820378-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
16
2019-08-20T09:10:07.853769-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
17
2019-08-20T09:10:08.831286-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
18
2019-08-20T09:10:08.863474-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
19
2019-08-20T09:10:09.844756-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
20
2019-08-20T09:10:09.877699-07008.8.8.8192.168.1.72answerctldl.windowsupdate.comA(not set)
TLS 1
Showing 1-1 of 1 item.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-08-20T09:10:07.586869-0700192.168.1.7240.70.184.83TLS 1.2ieonlinews.microsoft.com
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 12
Showing 1-12 of 12 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-20T09:09:54.490543-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/upgrade/ORJ-PO/3.9.0/upgrade.zip200
2
2019-08-20T09:09:56.720613-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/ORJ-PO/offerlist.js200
3
2019-08-20T09:09:55.903312-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/orchestrator.htm?partner_id=ORJ-PO&language=en200
4
2019-08-20T09:09:55.965240-0700192.168.1.72pipoffers.apnpartners.com80HEAD/static/partners/generic/images/install.ico200
5
2019-08-20T09:09:56.031155-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/ORJ-PO/apnanalytic.js200
6
2019-08-20T09:09:57.382703-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=NM-Jv503
7
2019-08-20T09:09:56.683702-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/orchestrator.htm?partner_id=ORJ-PO&language=en200
8
2019-08-20T09:09:56.742894-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/offer2xtemplate.htm200
9
2019-08-20T09:09:56.780370-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/masterrule.js200
10
2019-08-20T09:09:57.046840-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=NvcIc503
11
2019-08-20T09:09:57.128846-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=J38zo503
12
2019-08-20T09:09:57.211691-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=tinfT503
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 36
Showing 1-20 of 36 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-20T09:18:33.009560-07001691770897138621flow192.168.1.72645598.8.8.853UDPpcapanalyzer
2
2019-08-20T09:18:33.009560-0700857634562735883flow192.168.1.724976123.37.43.2780TCPpcapanalyzer
3
2019-08-20T09:18:33.009560-0700155366605522069flow192.168.1.72497712.16.106.8380TCPpcapanalyzer
4
2019-08-20T09:18:33.009560-07001845285913201456flow192.168.1.724976340.70.184.83443TCPpcapanalyzer
5
2019-08-20T09:18:33.009560-07001288202885780752flow192.168.1.7257063224.0.0.2525355UDPpcapanalyzer
6
2019-08-20T09:18:33.009560-0700589596389099280flow192.168.1.72497722.16.106.8380TCPpcapanalyzer
7
2019-08-20T09:18:33.009560-07001153190587229640flow192.168.1.72508758.8.8.853UDPpcapanalyzer
8
2019-08-20T09:18:33.009560-0700738498615561179flow192.168.1.72504278.8.8.853UDPpcapanalyzer
9
2019-08-20T09:18:33.009560-0700320368512848314flow192.168.1.7257019224.0.0.2525355UDPpcapanalyzer
10
2019-08-20T09:18:33.009560-0700602492029076634flow192.168.1.72581108.8.8.853UDPpcapanalyzer
11
2019-08-20T09:18:33.009560-07001168003931930524flow192.168.1.724975923.51.123.2780TCPpcapanalyzer
12
2019-08-20T09:18:33.009560-07001594801302900027flow192.168.1.7255429203.0.113.1274UDPpcapanalyzer
13
2019-08-20T09:18:33.009560-0700489976770851535flow192.168.1.72594998.8.8.853UDPpcapanalyzer
14
2019-08-20T09:18:33.009560-0700350278663865644flow192.168.1.72497702.16.106.8380TCPpcapanalyzer
15
2019-08-20T09:18:33.009560-0700217420295142989flow192.168.1.724976023.37.43.2780TCPpcapanalyzer
16
2019-08-20T09:18:33.009560-0700803092770749136flow192.168.1.72628138.8.8.853UDPpcapanalyzer
17
2019-08-20T09:18:33.009560-0700254689871710011flow192.168.1.72497692.16.106.8380TCPpcapanalyzer
18
2019-08-20T09:18:33.009560-07001109143550457114flow192.168.1.72585038.8.8.853UDPpcapanalyzer
19
2019-08-20T09:18:33.009560-0700132201699286809flow192.168.1.72509938.8.8.853UDPpcapanalyzer
20
2019-08-20T09:18:33.009560-07001713492726363015flow192.168.1.7249668224.0.0.2525355UDPpcapanalyzer
File 15
Showing 1-15 of 15 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-20T09:09:54.490543-070023.38.53.120192.168.1.72/static/partners/upgrade/ORJ-PO/3.9.0/upgrade.zipZip archive data, at least v1.0 to extract2939
2
2019-08-20T09:09:55.903312-070023.38.53.120192.168.1.72/static/partners/utility/orchestrator.htmHTML document, UTF-8 Unicode (with BOM) text, with very long lines165054
3
2019-08-20T09:09:56.720613-070023.38.53.120192.168.1.72/static/partners/ORJ-PO/offerlist.jsASCII text, with CRLF line terminators12207
4
2019-08-20T09:09:56.031155-070023.38.53.120192.168.1.72/static/partners/ORJ-PO/apnanalytic.jsASCII text, with very long lines19406
5
2019-08-20T09:09:57.381814-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators692
6
2019-08-20T09:09:57.382703-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268
7
2019-08-20T09:09:56.683702-070023.38.53.120192.168.1.72/static/partners/utility/orchestrator.htmHTML document, UTF-8 Unicode (with BOM) text, with very long lines165054
8
2019-08-20T09:09:56.742894-070023.38.53.120192.168.1.72/static/partners/utility/offer2xtemplate.htmHTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators116714
9
2019-08-20T09:09:56.780370-070023.38.53.120192.168.1.72/static/partners/utility/masterrule.jsASCII text, with very long lines141839
10
2019-08-20T09:09:57.030756-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators548
11
2019-08-20T09:09:57.046840-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268
12
2019-08-20T09:09:57.128644-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators1199
13
2019-08-20T09:09:57.128846-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268
14
2019-08-20T09:09:57.210882-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators1237
15
2019-08-20T09:09:57.211691-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268

Comments(not set)

Update Download PCAP Delete