comeasyouare-tk.pcap

MD5694e9616f46f6112147ad6110275ecf5
Submission Date2017-12-04 08:40:48
Tagscve-2016-0189
Alert 6
Showing 1-6 of 6 items.
#
TimestampSrc IpDest IpAlert SignatureP
1
2017-11-29T22:04:48.528843-0800192.168.116.67104.27.166.186ET POLICY HTTP Request to a *.tk domain*
2
2017-11-29T22:04:54.736050-0800104.27.166.186192.168.116.67ET WEB_CLIENT Possible Internet Explorer VBscript CVE-2014-6332 multiple redim preserve*
3
2017-11-29T22:04:54.736050-0800104.27.166.186192.168.116.67ET EXPLOIT CVE-2016-0189 Common Construct M1*
4
2017-11-29T22:04:54.736050-0800104.27.166.186192.168.116.67ET EXPLOIT CVE-2016-0189 Common Construct M2*
5
2017-11-29T22:04:54.736050-0800104.27.166.186192.168.116.67ET CURRENT_EVENTS Terror EK CVE-2016-0189 Exploit M2*
6
2017-11-29T22:04:54.736050-0800104.27.166.186192.168.116.67ET CURRENT_EVENTS CVE-2016-0189 Exploit*
DNS 0
#
TimestampSrc IpDest IpDns TypeResource Record NameResource Record TypeResource Data
No results found.
TLS 0
#
TimestampSource IPDestination IPTLS VersionServer Name Indication
No results found.
TFTP 0
#TimestampSrc IpDest IpTftp PacketTftp FileTftp Mode
No results found.
HTTP 1
Showing 1-1 of 1 item.
#
TimestampSourceHostnamePortMethodURLStatus
1
2017-11-29T22:04:48.570069-0800192.168.116.67come-as-you-are.tk80GET/v7/brow/templates/rzex.html200
SMB 0
#
TimestampSrc IpDest IpSMB DialectCommandSessionTree
No results found.
SMTP 0
#
TimestampSourceDestinationEmail FromEmail ToSubject
No results found.
Flow 1
Showing 1-1 of 1 item.
#
TimestampFlow IdEvent TypeSourceSource PortDestinationDestination PortProtocolHost
1
2017-11-29T22:04:54.736430-08002111189555315357flow192.168.116.6758206104.27.166.18680TCPpcapanalyzer
File 1
Showing 1-1 of 1 item.
#
TimestampSourceDestinationFile NameFile MagicFile Size
1
2017-11-29T22:04:48.570069-0800104.27.166.186192.168.116.67/v7/brow/templates/rzex.htmlHTML document, ASCII text, with very long lines3630

Comments

Update Download PCAP Delete