test1.pcap

MD5b4db01f13317ba2f94e1ba60f981404b
Submission Date2019-10-02 11:11:59
Tags(not set)
Alert 176
Showing 1-20 of 176 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2016-10-26T13:40:30.528388-0700192.168.10.20185.82.200.52ET CURRENT_EVENTS RIG Landing URI Struct March 20 2015*
2
2016-10-26T13:40:30.528388-0700192.168.10.20185.82.200.52ET INFO HTTP Request to a *.top domain*
3
2016-10-26T13:40:30.677725-0700185.82.200.52192.168.10.20ET CURRENT_EVENTS RIG EK Landing Sep 13 2016 (b641)*
4
2016-10-26T13:40:30.677725-0700185.82.200.52192.168.10.20ET CURRENT_EVENTS RIG EK Landing Sep 13 2016 (b642)*
5
2016-10-26T13:40:31.134750-0700192.168.10.20185.82.200.52ET CURRENT_EVENTS RIG Exploit URI Struct March 20 2015*
6
2016-10-26T13:40:24.845220-070054.200.153.243192.168.10.20ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016*
7
2016-10-26T13:40:24.845220-070054.200.153.243192.168.10.20ET CURRENT_EVENTS Evil Redirector Leading to EK EITest Inject Oct 17 2016 M2*
8
2016-10-26T13:40:37.006092-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
9
2016-10-26T13:40:34.171903-0700192.168.10.20185.82.200.52ET CURRENT_EVENTS RIG Payload URI Struct March 20 2015*
10
2016-10-26T13:40:40.885336-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
11
2016-10-26T13:40:41.272509-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
12
2016-10-26T13:40:37.395376-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
13
2016-10-26T13:40:42.230503-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
14
2016-10-26T13:40:42.747057-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
15
2016-10-26T13:40:44.676250-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
16
2016-10-26T13:40:46.291622-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
17
2016-10-26T13:40:45.186546-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
18
2016-10-26T13:40:45.971518-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
19
2016-10-26T13:40:49.569350-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
20
2016-10-26T13:40:47.868811-0700192.168.10.20148.251.255.108ET INFO Dotted Quad Host ZIP Request*
DNS 0
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
No results found.
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 180
Showing 1-20 of 180 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2016-10-26T13:40:24.604471-0700192.168.10.20gadistrictkiwanis.org80GET/200
2
2016-10-26T13:40:30.528656-0700192.168.10.20pevn5.l6jmgq.top80GET/?wn-BcbCUKxnGDYA=l3SKfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWkpSG-BPeZ19C_JaSQbBt3w7xm7dHdJ0nxheF4DRXxewYQFFd200
3
2016-10-26T13:40:31.380704-0700192.168.10.20pevn5.l6jmgq.top80GET/index.php?wn-BcbCUKxnGDYA=l3SMfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWkpSG-BPeZ19C_JaSQbBt3w7xm7dHdJ0nxheF4DRXxewYQFFT6wkZjuyeV7PC7kpzXlBxFlvbJN0sohfQDmK1JDEqi_WySTl-1g200
4
2016-10-26T13:40:34.760152-0700192.168.10.20pevn5.l6jmgq.top80GET/index.php?wn-BcbCUKxnGDYA=l3SMfPrfJxzFGMSUb-nJDa9GP0XCRQLPh4SGhKrXCJ-ofSih17OIFxzsqAycFUKCqrF4Qu4Fah2h1QWScEZrmYRPFgVIove8hQLfyhSWkpSG-BPeZ19C_JaSQbBt3w7xm7dHdJ0nxheF4DRXxewYQFFT6wkZjuyeV7PC7kpzXlBvEQ7bJN0sohfQDmK1JDEqi_O7QDNykKM&dfgsdf=204200
5
2016-10-26T13:40:38.570037-0700192.168.10.20148.251.255.10880GET/200
6
2016-10-26T13:40:39.113147-0700192.168.10.20148.251.255.10880GET/eaWeNPTjXq3WKG4GjyhgXSmR5KwEzJn2kmHAyVVovFrFUzPHw2FuCDYHicz3ggnqGCW+PqKsZSBAGjtl2hN=lpOAoQQD1QI+4g0zJXCBwtK2RKYZLxYCNd1tWGlkcoSNccsVob=G7L2zIpisxJM0DyK6hNv5RsVuTYSl6obydIBTTXkUkrbZmPCjHKykkhCX2PFg+p=Tsq6QtegGar4DMskwi1DSbiFd3t0qtZQQ9T31GvQb8F6pqwsdvhgGVgbkxI2JzP1nnQvc4EqkAb08zgwNNCNSDnjZHuX8E1g0hBxRp4MZrQ4E3oz9VfjEDCMubZupO0Mkj4eZPimzvK+g+q200
7
2016-10-26T13:40:36.318062-0700192.168.10.20148.251.255.10880GET/200
8
2016-10-26T13:40:36.595003-0700192.168.10.20148.251.255.10880GET/QWRsN2srdjlxUUdDYVp0aTBMUzl2cStzYzF0ek1hZ2VLSWJvRGlpb0dFdTBUOHZ1M21LSTJGVFBRenlxbWNSV2FDbDV1S1Axa2FlUFE3dGZGWEVPVGdhTGZwOURhWmh3dFdHSG5laWxOdGRB200
9
2016-10-26T13:40:42.096085-0700192.168.10.20148.251.255.10880GET/i30pRl1/41561423731219408887.zip200
10
2016-10-26T13:40:40.261323-0700192.168.10.20148.251.255.10880GET/Ako6zmLFZT1tGMQIpPDG9oxx5VdolNGFtAo7S7OSfwtJ9WF7mB+vSyIsX=gJPGwGeCkiNJtD2MRcdz4w3EV2tOm5kCswI9MonP05BXTU3iOBKnCljQ=TTdTirwbt3yn9sW5vvt=qEEy=wbkH+q8AbQAfWG=w8SXPF2B88FJIIlqj2MR915OBQ5lDx9zNblfV6v6hHSqdXG0I=337ZJYNBOf9VVkuHidtsxm0=qMkLO5ZMtn8RolVx1CfMcxv4Zlyq1rVGFI4wzjtrW083ZKHFsuRUxARA5VxmBNXtj0Hgo=18suVX6jIZY9V0v4+srld=UdjCAT0smWikUYcGCbi+q200
11
2016-10-26T13:40:38.217798-0700192.168.10.20148.251.255.10880GET/i30pRl1/17311674278927773327459.zip200
12
2016-10-26T13:40:44.474386-0700192.168.10.20148.251.255.10880GET/i30pRl1/26651312199382219919337741378854.zip200
13
2016-10-26T13:40:45.823627-0700192.168.10.20148.251.255.10880GET/i30pRl1/166898663488891365391255303285738.zip200
14
2016-10-26T13:40:47.660313-0700192.168.10.20148.251.255.10880GET/i30pRl1/3447647190923826123201658256398654.zip200
15
2016-10-26T13:40:50.674770-0700192.168.10.20148.251.255.10880GET/i30pRl1/4485141994019910541382410484054.zip200
16
2016-10-26T13:40:48.986568-0700192.168.10.20148.251.255.10880GET/i30pRl1/102566761309044280261986133853334.zip200
17
2016-10-26T13:40:51.063480-0700192.168.10.20148.251.255.108443POST/$windows?ACTION=HELLO200
18
2016-10-26T13:40:51.193631-0700192.168.10.20148.251.255.108443POST/$windows?ACTION=START&ID=66BF1670FEF345A0B1C166218F0112DD200
19
2016-10-26T13:45:43.864028-0700192.168.10.20148.251.255.10880PUT/UPLOAD?file=CLIENT_UPLOAD%5CUS-70-817323560616%5CZo5mfV1v71c1Rjc.tmp.kl&type=4200
20
2016-10-26T13:40:51.319379-0700192.168.10.20148.251.255.108443POST/$windows?ID=66BF1670FEF345A0B1C166218F0112DD200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 46
Showing 1-20 of 46 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2016-10-26T13:41:52.177402-07001135643389089736flow192.168.10.2049711148.251.255.10880TCPpcapanalyzer
2
2016-10-26T13:41:52.177402-07002142007914064209flow192.168.10.2049715148.251.255.108443TCPpcapanalyzer
3
2016-10-26T13:41:52.177402-07001724852772751539flow192.168.10.2049713148.251.255.10880TCPpcapanalyzer
4
2016-10-26T13:41:52.177402-0700180300928637382flow192.168.10.2049712148.251.255.10880TCPpcapanalyzer
5
2016-10-26T13:41:52.177402-07001312823675774382flow192.168.10.2049718148.251.255.10880TCPpcapanalyzer
6
2016-10-26T13:41:52.177402-0700476535561120978flow192.168.10.2049717148.251.255.1081080TCPpcapanalyzer
7
2016-10-26T13:41:52.177402-07002170036869814097flow192.168.10.2049706148.251.255.10880TCPpcapanalyzer
8
2016-10-26T13:41:52.177402-07001048975243701463flow192.168.10.2049707148.251.255.10880TCPpcapanalyzer
9
2016-10-26T13:41:52.177402-0700627432806049482flow192.168.10.2049728148.251.255.10880TCPpcapanalyzer
10
2016-10-26T13:41:52.177402-0700909023735112949flow192.168.10.20(not set)148.251.255.108(not set)ICMPpcapanalyzer
11
2016-10-26T13:41:52.177402-070065326801389915flow192.168.10.2049710148.251.255.10880TCPpcapanalyzer
12
2016-10-26T13:41:52.177402-07001901448941434487flow192.168.10.204962554.200.153.24380TCPpcapanalyzer
13
2016-10-26T13:41:52.177402-07001479483462488046flow192.168.10.2049749148.251.255.10880TCPpcapanalyzer
14
2016-10-26T13:41:52.177402-07001903063849608734flow192.168.10.2049681185.82.200.5280TCPpcapanalyzer
15
2016-10-26T13:41:52.177402-07001480967349357087flow192.168.10.2049708148.251.255.10880TCPpcapanalyzer
16
2016-10-26T13:41:52.177402-0700800182820412363flow192.168.10.2049702148.251.255.10880TCPpcapanalyzer
17
2016-10-26T13:41:52.177402-07001224577129718173flow192.168.10.2049714148.251.255.10880TCPpcapanalyzer
18
2016-10-26T13:41:52.177402-0700249537948245314flow192.168.10.2049701148.251.255.10880TCPpcapanalyzer
19
2016-10-26T13:41:52.177402-07001094542719140348flow192.168.10.2049730148.251.255.10880TCPpcapanalyzer
20
2016-10-26T13:41:52.177402-0700823895334430330flow192.168.10.2049682185.82.200.5280TCPpcapanalyzer
File 300
Showing 1-20 of 300 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2016-10-26T13:40:24.604471-070054.200.153.243192.168.10.20/HTML document, ASCII text12842
2
2016-10-26T13:40:30.528656-0700185.82.200.52192.168.10.20/HTML document, ASCII text, with very long lines, with no line terminators3273
3
2016-10-26T13:40:31.380704-0700185.82.200.52192.168.10.20/index.phpMacromedia Flash data (compressed), version 1052575
4
2016-10-26T13:40:34.760152-0700185.82.200.52192.168.10.20/index.phpdata303104
5
2016-10-26T13:40:39.113147-0700148.251.255.108192.168.10.20/eaWeNPTjXq3WKG4GjyhgXSmR5KwEzJn2kmHAyVVovFrFUzPHw2FuCDYHicz3ggnqGCW+PqKsZSBAGjtl2hN=lpOAoQQD1QI+4g0zJXCBwtK2RKYZLxYCNd1tWGlkcoSNccsVob=G7L2zIpisxJM0DyK6hNv5RsVuTYSl6obydIBTTXkUkrbZmPCjHKykkhCX2PFg+p=Tsq6QtegGar4DMskwi1DSbiFd3t0qtZQQ9T31GvQb8F6pqwsdvhgGVgbkxI2JzP1nnQvc4EqkAb08zgwNNCNSDnjZHuX8E1g0hBxRp4MZrQ4E3oz9VfjEDCMubZupO0Mkj4eZPimzvK+g+qASCII text, with very long lines, with no line terminators854
6
2016-10-26T13:40:36.595003-0700148.251.255.108192.168.10.20/QWRsN2srdjlxUUdDYVp0aTBMUzl2cStzYzF0ek1hZ2VLSWJvRGlpb0dFdTBUOHZ1M21LSTJGVFBRenlxbWNSV2FDbDV1S1Axa2FlUFE3dGZGWEVPVGdhTGZwOURhWmh3dFdHSG5laWxOdGRBASCII text, with no line terminators216
7
2016-10-26T13:40:42.096085-0700148.251.255.108192.168.10.20/i30pRl1/41561423731219408887.zipdata127414
8
2016-10-26T13:40:40.261323-0700148.251.255.108192.168.10.20/Ako6zmLFZT1tGMQIpPDG9oxx5VdolNGFtAo7S7OSfwtJ9WF7mB+vSyIsX=gJPGwGeCkiNJtD2MRcdz4w3EV2tOm5kCswI9MonP05BXTU3iOBKnCljQ=TTdTirwbt3yn9sW5vvt=qEEy=wbkH+q8AbQAfWG=w8SXPF2B88FJIIlqj2MR915OBQ5lDx9zNblfV6v6hHSqdXG0I=337ZJYNBOf9VVkuHidtsxm0=qMkLO5ZMtn8RolVx1CfMcxv4Zlyq1rVGFI4wzjtrW083ZKHFsuRUxARA5VxmBNXtj0Hgo=18suVX6jIZY9V0v4+srld=UdjCAT0smWikUYcGCbi+qASCII text, with very long lines, with no line terminators1535
9
2016-10-26T13:40:38.217798-0700148.251.255.108192.168.10.20/i30pRl1/17311674278927773327459.zipdata128984
10
2016-10-26T13:40:44.474386-0700148.251.255.108192.168.10.20/i30pRl1/26651312199382219919337741378854.zipdata655135
11
2016-10-26T13:40:45.823627-0700148.251.255.108192.168.10.20/i30pRl1/166898663488891365391255303285738.zipdata52232
12
2016-10-26T13:40:47.660313-0700148.251.255.108192.168.10.20/i30pRl1/3447647190923826123201658256398654.zipdata449377
13
2016-10-26T13:40:50.674770-0700148.251.255.108192.168.10.20/i30pRl1/4485141994019910541382410484054.zipdata261434
14
2016-10-26T13:40:51.063078-0700192.168.10.20148.251.255.108/$windowsdata15
15
2016-10-26T13:40:48.986568-0700148.251.255.108192.168.10.20/i30pRl1/102566761309044280261986133853334.zipdata46698
16
2016-10-26T13:40:51.063480-0700148.251.255.108192.168.10.20/$windowsdata29
17
2016-10-26T13:40:51.187574-0700192.168.10.20148.251.255.108/$windowsNon-ISO extended-ASCII text, with no line terminators14
18
2016-10-26T13:40:51.193631-0700148.251.255.108192.168.10.20/$windowsdata28
19
2016-10-26T13:45:43.626681-0700192.168.10.20148.251.255.108/UPLOADMicrosoft Cabinet archive data, 252 bytes, 1 file252
20
2016-10-26T13:40:51.319117-0700192.168.10.20148.251.255.108/$windowsdata606

Comments(not set)

Update Download PCAP Delete