c96d086468b9b0f442a84ce5309144bb.pcap

MD5c96d086468b9b0f442a84ce5309144bb
Submission Date2020-03-25 16:57:54
Tags(not set)
Alert 2
Showing 1-2 of 2 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2020-02-25T07:34:43.881464-0800192.168.1.101208.95.112.1ET POLICY External IP Lookup ip-api.com*
2
2020-02-25T07:34:46.918363-0800192.168.1.1018.208.78.244ET TROJAN Suspicious Zipped Filename in Outbound POST Request (Mozilla_Firefox_Cookies) M2*
DNS 10
Showing 1-10 of 10 items.
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
1
2020-02-25T07:34:42.702941-0800192.168.1.101192.168.1.1queryip-api.comA(not set)
2
2020-02-25T07:34:43.047004-0800192.168.1.1192.168.1.101answerip-api.comA(not set)
3
2020-02-25T07:34:44.940210-0800192.168.1.101192.168.1.1querynife02.infoA(not set)
4
2020-02-25T07:34:45.750038-0800192.168.1.1192.168.1.101answernife02.infoA(not set)
5
2020-02-25T07:34:39.980885-0800192.168.1.101192.168.1.1querytime.windows.comA(not set)
6
2020-02-25T07:34:40.266893-0800192.168.1.1192.168.1.101answertime.windows.comA(not set)
7
2020-02-25T07:34:41.880200-0800192.168.1.101192.168.1.1querytime.windows.comA(not set)
8
2020-02-25T07:34:42.267961-0800192.168.1.1192.168.1.101answertime.windows.comA(not set)
9
2020-02-25T07:34:41.976891-0800192.168.1.101192.168.1.1queryteredo.ipv6.microsoft.comA(not set)
10
2020-02-25T07:34:42.267995-0800192.168.1.1192.168.1.101answerteredo.ipv6.microsoft.comA(not set)
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 2
Showing 1-2 of 2 items.
#
TimestampSourceHostnamePortMethodURLStatus
1
2020-02-25T07:34:43.881464-0800192.168.1.101ip-api.com80GET/line200
2
2020-02-25T07:34:46.918363-0800192.168.1.101nife02.info80POST/index.php200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 22
Showing 1-20 of 22 items.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2020-02-25T07:34:46.974664-0800563279568091687flow192.168.1.10112351.145.123.29123UDPpcapanalyzer
2
2020-02-25T07:34:46.974664-08001274517562505693flow192.168.1.10163983192.168.1.153UDPpcapanalyzer
3
2020-02-25T07:34:46.974664-0800585306307938236flow192.168.1.10163719224.0.0.2525355UDPpcapanalyzer
4
2020-02-25T07:34:46.974664-0800165415272925066flow192.168.1.10154325239.255.255.2503702UDPpcapanalyzer
5
2020-02-25T07:34:46.974664-08001443470838358607flow192.168.1.10161853224.0.0.2525355UDPpcapanalyzer
6
2020-02-25T07:34:46.974664-08001586665048339339flow192.168.1.101492978.208.78.24480TCPpcapanalyzer
7
2020-02-25T07:34:46.974664-08001027913425108846flow192.168.1.10157333239.255.255.2503702UDPpcapanalyzer
8
2020-02-25T07:34:46.974664-0800608245728159088flow192.168.1.10163252224.0.0.2525355UDPpcapanalyzer
9
2020-02-25T07:34:46.974664-0800327436471341480flow192.168.1.10152827224.0.0.2525355UDPpcapanalyzer
10
2020-02-25T07:34:46.974664-08002157818389063675flow192.168.1.10156509192.168.1.153UDPpcapanalyzer
11
2020-02-25T07:34:46.974664-08001314948237036894flow192.168.1.10152171224.0.0.2525355UDPpcapanalyzer
12
2020-02-25T07:34:46.974664-0800193345444998728flow192.168.1.10157129192.168.1.153UDPpcapanalyzer
13
2020-02-25T07:34:46.974664-0800194084179277717flow192.168.1.10155959192.168.1.153UDPpcapanalyzer
14
2020-02-25T07:34:46.974664-08001747923890362546flow192.168.1.10154324192.168.1.153UDPpcapanalyzer
15
2020-02-25T07:34:46.974664-08001198868156304682flow192.168.1.10154327239.255.255.2503702UDPpcapanalyzer
16
2020-02-25T07:34:46.974664-08001910168427287833flow192.168.1.101137192.168.1.255137UDPpcapanalyzer
17
2020-02-25T07:34:46.974664-08001207805983047434flow192.168.1.10149293208.95.112.180TCPpcapanalyzer
18
2020-02-25T07:34:46.974664-08001660139053562505flow192.168.1.1011900239.255.255.2501900UDPpcapanalyzer
19
2020-02-25T07:34:46.974664-08001103902134491301flow192.168.1.101138192.168.1.255138UDPpcapanalyzer
20
2020-02-25T07:34:46.974664-08002236738413125444flow192.168.1.10161854239.255.255.2503702UDPpcapanalyzer
File 3
Showing 1-3 of 3 items.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2020-02-25T07:34:43.881464-0800208.95.112.1192.168.1.101/lineASCII text167
2
2020-02-25T07:34:45.751176-0800192.168.1.1018.208.78.244C:\ProgramData\AbGbbSKl\oSkeUW7Lq6jg.zipZip archive data, at least v2.0 to extract9638
3
2020-02-25T07:34:46.918363-08008.208.78.244192.168.1.101/index.phpASCII text, with no line terminators3

Comments(not set)

Update Download PCAP Delete