939806.dump.1bf0542000afb4b6a3d8d2e0bd8731e5.pcap

MD589ffec4c706e8a8424f1cfea26a2f329
Submission Date2019-08-20 10:10:00
Tags(not set)
Alert 0
#
TimestampSrc IpDest IpAlert SignatureP
No results found.
DNS 56
Showing 1-20 of 56 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-20T09:09:51.812488-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
2
2019-08-20T09:09:54.162512-0700192.168.1.728.8.8.8queryak.pipoffers.apnpartners.comA(not set)
3
2019-08-20T09:09:51.840569-07008.8.8.8192.168.1.72answerctldl.windowsupdate.com(not set)(not set)
4
2019-08-20T09:09:52.828955-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
5
2019-08-20T09:09:54.246932-07008.8.8.8192.168.1.72answerak.pipoffers.apnpartners.com(not set)(not set)
6
2019-08-20T09:09:52.857866-07008.8.8.8192.168.1.72answerctldl.windowsupdate.com(not set)(not set)
7
2019-08-20T09:09:55.663321-0700192.168.1.728.8.8.8querypipoffers.apnpartners.comA(not set)
8
2019-08-20T09:09:55.710834-07008.8.8.8192.168.1.72answerpipoffers.apnpartners.com(not set)(not set)
9
2019-08-20T09:09:56.881946-0700192.168.1.728.8.8.8queryoffers.offercast.comA(not set)
10
2019-08-20T09:09:56.922653-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
11
2019-08-20T09:09:56.951427-07008.8.8.8192.168.1.72answerctldl.windowsupdate.com(not set)(not set)
12
2019-08-20T09:09:56.964769-07008.8.8.8192.168.1.72answeroffers.offercast.com(not set)(not set)
13
2019-08-20T09:10:05.230333-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
14
2019-08-20T09:10:05.271571-07008.8.8.8192.168.1.72answerctldl.windowsupdate.com(not set)(not set)
15
2019-08-20T09:10:06.221221-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
16
2019-08-20T09:10:06.244596-07008.8.8.8192.168.1.72answerctldl.windowsupdate.com(not set)(not set)
17
2019-08-20T09:10:07.234644-0700192.168.1.728.8.8.8queryctldl.windowsupdate.comA(not set)
18
2019-08-20T09:10:07.258767-0700192.168.1.728.8.8.8queryieonlinews.microsoft.comA(not set)
19
2019-08-20T09:10:07.259866-07008.8.8.8192.168.1.72answerctldl.windowsupdate.com(not set)(not set)
20
2019-08-20T09:10:07.287770-07008.8.8.8192.168.1.72answerieonlinews.microsoft.com(not set)(not set)
TLS 1
Showing 1-1 of 1 item.
#
TimestampSource IPDestination IPTLS VersionIssuer
1
2019-08-20T09:10:07.586869-0700192.168.1.7240.70.184.83TLS 1.2C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 12
Showing 1-12 of 12 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-20T09:09:55.965240-0700192.168.1.72pipoffers.apnpartners.com80HEAD/static/partners/generic/images/install.ico200
2
2019-08-20T09:09:54.490543-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/upgrade/ORJ-PO/3.9.0/upgrade.zip200
3
2019-08-20T09:09:56.031155-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/ORJ-PO/apnanalytic.js200
4
2019-08-20T09:09:55.903312-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/orchestrator.htm?partner_id=ORJ-PO&language=en200
5
2019-08-20T09:09:56.720613-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/ORJ-PO/offerlist.js200
6
2019-08-20T09:09:56.742894-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/offer2xtemplate.htm200
7
2019-08-20T09:09:56.683702-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/orchestrator.htm?partner_id=ORJ-PO&language=en200
8
2019-08-20T09:09:57.128846-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=J38zo503
9
2019-08-20T09:09:56.780370-0700192.168.1.72ak.pipoffers.apnpartners.com80GET/static/partners/utility/masterrule.js200
10
2019-08-20T09:09:57.211691-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=tinfT503
11
2019-08-20T09:09:57.046840-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=NvcIc503
12
2019-08-20T09:09:57.382703-0700192.168.1.72offers.offercast.com80POST/PIP/OfferAccept.jhtml?rnd=NM-Jv503
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 36
Showing 1-20 of 36 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-20T09:18:21.746873-07001126119409288125flow192.168.1.72645598.8.8.853UDPpcapanalyzer
2
2019-08-20T09:18:21.746873-07001700442465996091flow192.168.1.7255429203.0.113.1274UDPpcapanalyzer
3
2019-08-20T09:18:21.746873-0700452374331475728flow192.168.1.72497722.16.106.8380TCPpcapanalyzer
4
2019-08-20T09:18:21.746873-070044921522738448flow192.168.1.7257063224.0.0.2525355UDPpcapanalyzer
5
2019-08-20T09:18:21.746873-07001736283939765837flow192.168.1.724976023.37.43.2780TCPpcapanalyzer
6
2019-08-20T09:18:21.746873-07001600524316211920flow192.168.1.72628138.8.8.853UDPpcapanalyzer
7
2019-08-20T09:18:21.746873-0700194081446022107flow192.168.1.72504278.8.8.853UDPpcapanalyzer
8
2019-08-20T09:18:21.746873-07002024819841814970flow192.168.1.7257019224.0.0.2525355UDPpcapanalyzer
9
2019-08-20T09:18:21.746873-0700339073094065945flow192.168.1.72509938.8.8.853UDPpcapanalyzer
10
2019-08-20T09:18:21.746873-07001749961260991637flow192.168.1.72497712.16.106.8380TCPpcapanalyzer
11
2019-08-20T09:18:21.746873-07002034537203721672flow192.168.1.72508758.8.8.853UDPpcapanalyzer
12
2019-08-20T09:18:21.746873-0700775942135153964flow192.168.1.72497702.16.106.8380TCPpcapanalyzer
13
2019-08-20T09:18:21.746873-07002185011385433867flow192.168.1.724976123.37.43.2780TCPpcapanalyzer
14
2019-08-20T09:18:21.746873-07001209390236794780flow192.168.1.724975923.51.123.2780TCPpcapanalyzer
15
2019-08-20T09:18:21.746873-07001640473954666299flow192.168.1.72497692.16.106.8380TCPpcapanalyzer
16
2019-08-20T09:18:21.746873-0700950854678246682flow192.168.1.72585038.8.8.853UDPpcapanalyzer
17
2019-08-20T09:18:21.746873-0700813692750918351flow192.168.1.72594998.8.8.853UDPpcapanalyzer
18
2019-08-20T09:18:21.746873-07001661377561070384flow192.168.1.724976340.70.184.83443TCPpcapanalyzer
19
2019-08-20T09:18:21.746873-0700124687654814874flow192.168.1.72581108.8.8.853UDPpcapanalyzer
20
2019-08-20T09:18:21.746873-07007709925563207flow192.168.1.724977340.70.184.83443TCPpcapanalyzer
File 15
Showing 1-15 of 15 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-20T09:09:54.490543-070023.38.53.120192.168.1.72/static/partners/upgrade/ORJ-PO/3.9.0/upgrade.zipZip archive data, at least v1.0 to extract2939
2
2019-08-20T09:09:55.903312-070023.38.53.120192.168.1.72/static/partners/utility/orchestrator.htmHTML document, UTF-8 Unicode (with BOM) text, with very long lines165054
3
2019-08-20T09:09:56.742894-070023.38.53.120192.168.1.72/static/partners/utility/offer2xtemplate.htmHTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF, LF line terminators116714
4
2019-08-20T09:09:56.031155-070023.38.53.120192.168.1.72/static/partners/ORJ-PO/apnanalytic.jsASCII text, with very long lines19406
5
2019-08-20T09:09:56.720613-070023.38.53.120192.168.1.72/static/partners/ORJ-PO/offerlist.jsASCII text, with CRLF line terminators12207
6
2019-08-20T09:09:56.683702-070023.38.53.120192.168.1.72/static/partners/utility/orchestrator.htmHTML document, UTF-8 Unicode (with BOM) text, with very long lines165054
7
2019-08-20T09:09:57.128644-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators1199
8
2019-08-20T09:09:57.128846-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268
9
2019-08-20T09:09:56.780370-070023.38.53.120192.168.1.72/static/partners/utility/masterrule.jsASCII text, with very long lines141839
10
2019-08-20T09:09:57.210882-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators1237
11
2019-08-20T09:09:57.030756-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators548
12
2019-08-20T09:09:57.211691-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268
13
2019-08-20T09:09:57.046840-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268
14
2019-08-20T09:09:57.381814-0700192.168.1.722.16.106.83/PIP/OfferAccept.jhtmlASCII text, with very long lines, with no line terminators692
15
2019-08-20T09:09:57.382703-07002.16.106.83192.168.1.72/PIP/OfferAccept.jhtmlHTML document, ASCII text268

Comments(not set)

Update Download PCAP Delete