942121.dump-8dbd25179c5c6b6cf831f3247a2b54b1.pcap

MD54df9b4ebea5c591b613f685f65ae2f05
Submission Date2019-08-23 06:30:44
Tags
Alert 3
Showing 1-3 of 3 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2019-08-23T04:15:57.678135-0700192.168.1.7237.48.65.154ET POLICY InstallIQ Updater Software request*
2
2019-08-23T04:16:11.361617-0700192.168.1.728.8.8.8ET INFO Observed DNS Query to .cloud TLD*
3
2019-08-23T04:16:11.400603-0700192.168.1.728.8.8.8ET INFO Observed DNS Query to .cloud TLD*
DNS 122
Showing 1-20 of 122 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2019-08-23T04:15:57.142596-0700192.168.1.728.8.8.8querydl.installiq.comA(not set)
2
2019-08-23T04:15:57.170296-07008.8.8.8192.168.1.72answerdl.installiq.comA(not set)
3
2019-08-23T04:15:57.106260-0700192.168.1.728.8.8.8queryinstaller.freeze.comA(not set)
4
2019-08-23T04:15:57.296413-07008.8.8.8192.168.1.72answerinstaller.freeze.comA(not set)
5
2019-08-23T04:15:57.700669-0700192.168.1.728.8.8.8queryww1.installiq.comA(not set)
6
2019-08-23T04:15:57.746488-07008.8.8.8192.168.1.72answerww1.installiq.comA(not set)
7
2019-08-23T04:15:58.650920-0700192.168.1.728.8.8.8queryiyfsearch.comA(not set)
8
2019-08-23T04:15:58.693727-07008.8.8.8192.168.1.72answeriyfsearch.comA(not set)
9
2019-08-23T04:15:58.509912-0700192.168.1.728.8.8.8queryd1lxhc4jvstzrp.cloudfront.netA(not set)
10
2019-08-23T04:15:58.539291-07008.8.8.8192.168.1.72answerd1lxhc4jvstzrp.cloudfront.netA(not set)
11
2019-08-23T04:16:02.794110-0700192.168.1.728.8.8.8queryaus5.mozilla.orgA(not set)
12
2019-08-23T04:16:02.830920-07008.8.8.8192.168.1.72answeraus5.mozilla.orgA(not set)
13
2019-08-23T04:16:02.842953-0700192.168.1.728.8.8.8querybalrog-cloudfront.prod.mozaws.netA(not set)
14
2019-08-23T04:16:02.888789-07008.8.8.8192.168.1.72answerbalrog-cloudfront.prod.mozaws.netA(not set)
15
2019-08-23T04:16:04.245061-0700192.168.1.728.8.8.8querytiles.services.mozilla.comA(not set)
16
2019-08-23T04:16:04.265586-07008.8.8.8192.168.1.72answertiles.services.mozilla.comA(not set)
17
2019-08-23T04:16:04.406822-0700192.168.1.728.8.8.8querytiles.r53-2.services.mozilla.comAAAA(not set)
18
2019-08-23T04:16:04.426789-07008.8.8.8192.168.1.72answertiles.r53-2.services.mozilla.comAAAA(not set)
19
2019-08-23T04:16:04.796694-0700192.168.1.728.8.8.8querytiles-cloudfront.cdn.mozilla.netA(not set)
20
2019-08-23T04:16:04.875267-07008.8.8.8192.168.1.72answertiles-cloudfront.cdn.mozilla.netA(not set)
TLS 10
Showing 1-10 of 10 items.
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
1
2019-08-23T04:16:04.387717-0700192.168.1.7252.26.8.178TLS 1.2search.services.mozilla.com
2
2019-08-23T04:16:04.425941-0700192.168.1.7254.149.129.221TLS 1.2tiles.services.mozilla.com
3
2019-08-23T04:16:04.978207-0700192.168.1.72172.217.168.4TLS 1.2www.google.com
4
2019-08-23T04:16:06.118369-0700192.168.1.72216.58.215.238TLS 1.2safebrowsing.google.com
5
2019-08-23T04:16:06.607791-0700192.168.1.7234.241.83.106TLS 1.2location.services.mozilla.com
6
2019-08-23T04:16:02.939927-0700192.168.1.7213.35.253.15TLS 1.2aus5.mozilla.org
7
2019-08-23T04:16:04.607379-0700192.168.1.7213.33.246.55TLS 1.2snippets.cdn.mozilla.net
8
2019-08-23T04:16:04.982335-0700192.168.1.7213.35.253.58TLS 1.2tiles-cloudfront.cdn.mozilla.net
9
2019-08-23T04:16:08.143346-0700192.168.1.7234.209.199.162TLS 1.2shavar.services.mozilla.com
10
2019-08-23T04:16:09.268576-0700192.168.1.7213.33.44.146TLS 1.2self-repair.mozilla.org
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 19
Showing 1-19 of 19 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2019-08-23T04:15:57.698561-0700192.168.1.72installer.freeze.com80GET/initialization_screen/index_skinny.html302
2
2019-08-23T04:15:58.133097-0700192.168.1.72ww38.installer.freeze.com80GET/initialization_screen/index_skinny.html200
3
2019-08-23T04:15:59.690610-0700192.168.1.72iyfsearch.com80GET/?dn=freeze.com&pid=9PO755G95200
4
2019-08-23T04:15:58.131111-0700192.168.1.72ww1.installiq.com80GET/200
5
2019-08-23T04:15:58.609213-0700192.168.1.72d1lxhc4jvstzrp.cloudfront.net80GET/themes/assets/style.css200
6
2019-08-23T04:15:57.678135-0700192.168.1.72dl.installiq.com80GET/api/detectionrequest.aspx?keyid=1&shortname=7zipap&langid=0x0409302
7
2019-08-23T04:15:59.946235-0700192.168.1.72pxlgnpgecom-a.akamaihd.net80GET/javascripts/browserfp.min.js?templateId=10200
8
2019-08-23T04:15:58.609266-0700192.168.1.72d1lxhc4jvstzrp.cloudfront.net80GET/themes/assets/skenzo.css200
9
2019-08-23T04:15:59.698492-0700192.168.1.72iyfsearch.com80GET/px.js?ch=1200
10
2019-08-23T04:15:59.642526-0700192.168.1.72i4.cdn-image.com80GET/__media__/js/min.js?v2.2200
11
2019-08-23T04:15:59.714340-0700192.168.1.72iyfsearch.com80GET/px.js?ch=2200
12
2019-08-23T04:16:00.510202-0700192.168.1.72i1.cdn-image.com80GET/__media__/pics/26872/search.png200
13
2019-08-23T04:16:00.524286-0700192.168.1.72i1.cdn-image.com80GET/__media__/fonts/open-sans-semibold/open-sans-semibold.eot200
14
2019-08-23T04:15:59.924959-0700192.168.1.72iyfsearch.com80GET/sk-logabpstatus.php?a=c1g1SHUrR1JacHpmT3Jzc293RGZyMW1sYkZlUGg0R1p1SVFPSFNTYU5GZHcxOHRWNUwwUXFIVnIxR3RsanJId0wvTDIra08wM2dkSUxjc3pTY3EvWFNBdzBFbVBOZkxZWStFK3dUVVcveGM9&b=false200
15
2019-08-23T04:16:04.757133-0700192.168.1.72ocsp.digicert.com80POST/200
16
2019-08-23T04:16:00.440837-0700192.168.1.72i4.cdn-image.com80GET/__media__/pics/26872/bg2.png200
17
2019-08-23T04:16:00.496692-0700192.168.1.72i4.cdn-image.com80GET/__media__/pics/26872/arrow.png200
18
2019-08-23T04:16:00.499455-0700192.168.1.72i1.cdn-image.com80GET/__media__/fonts/open-sans/open-sans.eot200
19
2019-08-23T04:16:04.773415-0700192.168.1.72ocsp.digicert.com80POST/200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 89
Showing 1-20 of 89 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2019-08-23T04:16:13.132423-07001155336722297085flow192.168.1.72554288.8.8.853UDPpcapanalyzer
2
2019-08-23T04:16:13.132423-07002157889463332100flow192.168.1.72547988.8.8.853UDPpcapanalyzer
3
2019-08-23T04:16:13.132423-07002025071894785704flow192.168.1.72628138.8.8.853UDPpcapanalyzer
4
2019-08-23T04:16:13.132423-0700632080856696792flow192.168.1.72508758.8.8.853UDPpcapanalyzer
5
2019-08-23T04:16:13.132423-070091030941438821flow192.168.1.7249754103.224.182.24480TCPpcapanalyzer
6
2019-08-23T04:16:13.132423-07001091281580471590flow192.168.1.72557978.8.8.853UDPpcapanalyzer
7
2019-08-23T04:16:13.132423-07001246076496952108flow192.168.1.72582998.8.8.853UDPpcapanalyzer
8
2019-08-23T04:16:13.132423-07001250818140249876flow192.168.1.72655098.8.8.853UDPpcapanalyzer
9
2019-08-23T04:16:13.132423-07002101509428133189flow192.168.1.72632008.8.8.853UDPpcapanalyzer
10
2019-08-23T04:16:13.132423-07001407829260172484flow192.168.1.72615228.8.8.853UDPpcapanalyzer
11
2019-08-23T04:16:13.132423-07001551508801091963flow192.168.1.724977413.33.246.55443TCPpcapanalyzer
12
2019-08-23T04:16:13.132423-0700989611114650473flow192.168.1.724977254.149.129.221443TCPpcapanalyzer
13
2019-08-23T04:16:13.132423-0700145473946876325flow192.168.1.7249755208.91.196.14580TCPpcapanalyzer
14
2019-08-23T04:16:13.132423-07001693676513546145flow192.168.1.72602328.8.8.853UDPpcapanalyzer
15
2019-08-23T04:16:13.132423-07001415354042470192flow192.168.1.7249759208.91.196.4680TCPpcapanalyzer
16
2019-08-23T04:16:13.132423-0700994305513903541flow192.168.1.72541408.8.8.853UDPpcapanalyzer
17
2019-08-23T04:16:13.132423-0700572324977095774flow192.168.1.72581488.8.8.853UDPpcapanalyzer
18
2019-08-23T04:16:13.132423-0700855878717666318flow192.168.1.72585038.8.8.853UDPpcapanalyzer
19
2019-08-23T04:16:13.132423-07001846637478991778flow192.168.1.72549688.8.8.853UDPpcapanalyzer
20
2019-08-23T04:16:13.132423-0700298572351534520flow192.168.1.72521448.8.8.853UDPpcapanalyzer
File 19
Showing 1-19 of 19 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2019-08-23T04:15:58.133097-0700185.53.179.29192.168.1.72/initialization_screen/index_skinny.htmlHTML document, ASCII text844
2
2019-08-23T04:15:59.690610-0700208.91.196.46192.168.1.72/HTML document, ASCII text, with very long lines, with CRLF, LF line terminators18303
3
2019-08-23T04:15:58.131111-0700208.91.196.145192.168.1.72/HTML document, ASCII text, with very long lines, with CRLF line terminators1852
4
2019-08-23T04:15:59.946235-07002.20.189.195192.168.1.72/javascripts/browserfp.min.jsASCII text, with very long lines100366
5
2019-08-23T04:15:58.609213-070013.35.254.37192.168.1.72/themes/assets/style.cssASCII text829
6
2019-08-23T04:15:57.678135-070037.48.65.154192.168.1.72/api/detectionrequest.aspxASCII text, with no line terminators11
7
2019-08-23T04:15:58.609266-070013.35.254.37192.168.1.72/themes/assets/skenzo.cssASCII text345
8
2019-08-23T04:15:59.698492-0700208.91.196.46192.168.1.72/px.jsASCII text, with very long lines, with no line terminators346
9
2019-08-23T04:15:59.642526-07002.20.189.27192.168.1.72/__media__/js/min.jsASCII text, with very long lines, with CRLF line terminators8477
10
2019-08-23T04:15:59.714340-0700208.91.196.46192.168.1.72/px.jsASCII text, with very long lines, with no line terminators346
11
2019-08-23T04:16:00.510202-07002.20.189.27192.168.1.72/__media__/pics/26872/search.pngPNG image data, 25 x 25, 8-bit/color RGBA, non-interlaced522
12
2019-08-23T04:16:00.524286-07002.20.189.27192.168.1.72/__media__/fonts/open-sans-semibold/open-sans-semibold.eotEmbedded OpenType (EOT)45642
13
2019-08-23T04:16:04.524338-0700192.168.1.7293.184.220.29/data83
14
2019-08-23T04:16:04.757133-070093.184.220.29192.168.1.72/data471
15
2019-08-23T04:16:00.440837-07002.20.189.27192.168.1.72/__media__/pics/26872/bg2.pngPNG image data, 1637 x 881, 4-bit colormap, non-interlaced107520
16
2019-08-23T04:16:00.496692-07002.20.189.27192.168.1.72/__media__/pics/26872/arrow.pngPNG image data, 15 x 23, 8-bit/color RGBA, non-interlaced591
17
2019-08-23T04:16:00.499455-07002.20.189.27192.168.1.72/__media__/fonts/open-sans/open-sans.eotEmbedded OpenType (EOT)19836
18
2019-08-23T04:16:04.544797-0700192.168.1.7293.184.220.29/data83
19
2019-08-23T04:16:04.773415-070093.184.220.29192.168.1.72/data471

Comments

Update Download PCAP Delete