8e90c2a233049e54b1c6a8ee3d22651e.pcap

MD58e90c2a233049e54b1c6a8ee3d22651e
Submission Date2020-03-25 16:57:50
Tags(not set)
Alert 4
Showing 1-4 of 4 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-02-13T07:33:09.169636-0800192.168.1.10194.158.245.186ET POLICY HTTP traffic on port 443 (POST)*
2
2020-02-13T07:33:09.968184-0800192.168.1.10194.158.245.186ET POLICY HTTP traffic on port 443 (POST)*
3
2020-02-13T07:33:11.549653-0800192.168.1.101185.225.17.227ET INFO HTTP Request to a *.pw domain*
4
2020-02-13T07:33:09.335707-0800192.168.1.10194.158.245.186ET POLICY HTTP traffic on port 443 (POST)*
DNS 14
Showing 1-14 of 14 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-02-13T07:31:15.579212-0800192.168.1.101192.168.1.1querytime.windows.comA(not set)
2
2020-02-13T07:31:16.037973-0800192.168.1.1192.168.1.101answertime.windows.comA(not set)
3
2020-02-13T07:32:47.520113-0800192.168.1.101192.168.1.1queryinsanesocialnetworking.comA(not set)
4
2020-02-13T07:32:47.957695-0800192.168.1.1192.168.1.101answerinsanesocialnetworking.comA(not set)
5
2020-02-13T07:31:17.614104-0800192.168.1.101192.168.1.1queryteredo.ipv6.microsoft.comA(not set)
6
2020-02-13T07:31:18.062098-0800192.168.1.1192.168.1.101answerteredo.ipv6.microsoft.comA(not set)
7
2020-02-13T07:31:19.072167-0800192.168.1.101192.168.1.1querytime.windows.comA(not set)
8
2020-02-13T07:31:19.535928-0800192.168.1.1192.168.1.101answertime.windows.comA(not set)
9
2020-02-13T07:33:08.013280-0800192.168.1.101192.168.1.1querynetworko.orgA(not set)
10
2020-02-13T07:33:08.553955-0800192.168.1.1192.168.1.101answernetworko.orgA(not set)
11
2020-02-13T07:33:08.073231-0800192.168.1.101192.168.1.1querygeo.netsupportsoftware.comA(not set)
12
2020-02-13T07:33:08.735971-0800192.168.1.1192.168.1.101answergeo.netsupportsoftware.comA(not set)
13
2020-02-13T07:33:10.089463-0800192.168.1.101192.168.1.1querysafuuf7774.pwA(not set)
14
2020-02-13T07:33:10.550896-0800192.168.1.1192.168.1.101answersafuuf7774.pwA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 6
Showing 1-6 of 6 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-02-13T07:33:09.169636-0800192.168.1.10194.158.245.186443POSThttp://94.158.245.186/fakeurl.htm200
2
2020-02-13T07:33:09.968184-0800192.168.1.10194.158.245.186443POSThttp://94.158.245.186/fakeurl.htm200
3
2020-02-13T07:33:09.969051-0800192.168.1.101geo.netsupportsoftware.com80GET/location/loca.asp200
4
2020-02-13T07:33:03.539124-0800192.168.1.101insanesocialnetworking.com80GET/wp-direct.php200
5
2020-02-13T07:33:11.549653-0800192.168.1.101safuuf7774.pw80GET/iplog/newg.php?hst=installing_JOHN-PC200
6
2020-02-13T07:33:09.335707-0800192.168.1.10194.158.245.186443POSThttp://94.158.245.186/fakeurl.htm(not set)
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 27
Showing 1-20 of 27 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-02-13T07:32:46.767964-0800563172952284172flow192.168.1.10112313.86.101.172123UDPpcapanalyzer
2
2020-02-13T07:32:46.767964-080018747192708202flow192.168.1.10157333239.255.255.2503702UDPpcapanalyzer
3
2020-02-13T07:32:46.767964-0800877873795986021flow192.168.1.10154100239.255.255.2503702UDPpcapanalyzer
4
2020-02-13T07:32:46.767964-08001725114077145000flow192.168.1.10164828224.0.0.2525355UDPpcapanalyzer
5
2020-02-13T07:32:46.767964-08001303726245927398flow192.168.1.10164831239.255.255.2501900UDPpcapanalyzer
6
2020-02-13T07:32:46.767964-08001449830295770097flow192.168.1.1011900239.255.255.2501900UDPpcapanalyzer
7
2020-02-13T07:32:46.767964-08001457329308794949flow192.168.1.10157556224.0.0.2525355UDPpcapanalyzer
8
2020-02-13T07:32:46.767964-0800894495319749268flow192.168.1.10152965239.255.255.2503702UDPpcapanalyzer
9
2020-02-13T07:32:46.767964-08001188627564650201flow192.168.1.10159690224.0.0.2525355UDPpcapanalyzer
10
2020-02-13T07:32:46.767964-08001330327125882670flow192.168.1.10149195224.0.0.2525355UDPpcapanalyzer
11
2020-02-13T07:32:46.767964-08001798257370213197flow192.168.1.10154099224.0.0.2525355UDPpcapanalyzer
12
2020-02-13T07:32:46.767964-08001678522271921340flow192.168.1.10156887224.0.0.2525355UDPpcapanalyzer
13
2020-02-13T07:33:09.335707-08001832423835148207flow192.168.1.101137192.168.1.255137UDPpcapanalyzer
14
2020-02-13T07:33:09.335707-08001704180412556946flow192.168.1.10149324162.241.219.21580TCPpcapanalyzer
15
2020-02-13T07:33:09.335707-08001716032369007079flow192.168.1.10152964192.168.1.153UDPpcapanalyzer
16
2020-02-13T07:33:09.335707-08001300590919769816flow192.168.1.10158376192.168.1.153UDPpcapanalyzer
17
2020-02-13T07:33:09.335707-0800635180233784453flow192.168.1.10161840224.0.0.2525355UDPpcapanalyzer
18
2020-02-13T07:33:09.335707-08001625215285319308flow192.168.1.10164287192.168.1.153UDPpcapanalyzer
19
2020-02-13T07:33:09.335707-08001346214217129487flow192.168.1.10154400192.168.1.153UDPpcapanalyzer
20
2020-02-13T07:33:09.335707-0800511972653133745flow192.168.1.10157152192.168.1.153UDPpcapanalyzer
File 7
Showing 1-7 of 7 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-02-13T07:33:08.564553-0800192.168.1.10194.158.245.186/fakeurl.htmASCII text22
2
2020-02-13T07:33:09.169636-080094.158.245.186192.168.1.101/fakeurl.htmdata60
3
2020-02-13T07:33:09.169672-0800192.168.1.10194.158.245.186/fakeurl.htmdata234
4
2020-02-13T07:33:09.968184-080094.158.245.186192.168.1.101/fakeurl.htmdata152
5
2020-02-13T07:33:09.968219-0800192.168.1.10194.158.245.186/fakeurl.htmdata76
6
2020-02-13T07:33:09.969051-0800195.171.92.116192.168.1.101/location/loca.aspASCII text, with no line terminators15
7
2020-02-13T07:33:03.539124-0800162.241.219.215192.168.1.101RKB1fQNDz.msiComposite Document File V2 Document, Can't read SAT4378697

Comments(not set)

Update Download PCAP Delete