Advertisement
Guest User

Untitled

a guest
Apr 20th, 2018
1,238
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.25 KB | None | 0 0
  1. Sensor Name: securityonion-eth0
  2. Timestamp: 2018-04-20 12:54:17
  3. Connection ID: CLI
  4. Src IP: <REDACTED> (<REDACTED>)
  5. Dst IP: 52.138.148.89 (Unknown)
  6. Src Port: 51074
  7. Dst Port: 80
  8. OS Fingerprint: <REDACTED>:51074 - Windows XP/2000 (RFC1323+, w+, tstamp-) [GENERIC]
  9. OS Fingerprint: Signature: [S44:128:1:52:M1460,N,W8,N,N,S:.:Windows:?]
  10. OS Fingerprint: -> 52.138.148.89:80 (distance 0, link: ethernet/modem)
  11.  
  12. SRC: POST /dms/metadata.svc HTTP/1.1
  13. SRC: Connection: Keep-Alive
  14. SRC: Content-Type: text/xml; charset="UTF-16LE"
  15. SRC: User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
  16. SRC: SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
  17. SRC: Content-Length: 1242
  18. SRC: Host: dmd.metaservices.microsoft.com
  19. SRC:
  20. SRC:
  21. SRC: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.<.s.:.E.n.v.e.l.o.p.e. .x.m.l.n.s.:.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...x.m.l.s.o.a.p...o.r.g./.s.o.a.p./.e.n.v.e.l.o.p.e./.".>.<.s.:.H.e.a.d.e.r.>.<.h.:.c.d. .x.m.l.n.s.:.h.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.".>.<.h.:.c.v.>.1.0...0...1.6.2.9.9.<./.h.:.c.v.>.<.h.:.c.c.>.B.I.H.<./.h.:.c.c.>.<./.h.:.c.d.>.<./.s.:.H.e.a.d.e.r.>.<.s.:.B.o.d.y.>.<.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.q.u.e.s.t. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.".>.<.L.o.c.L.i.s.t.>.<.l.o.c.>.M.u.l.t.i.L.o.c.<./.l.o.c.>.<.l.o.c.>.e.n.-.U.S.<./.l.o.c.>.<.l.o.c.>.e.n.<./.l.o.c.>.<./.L.o.c.L.i.s.t.>.<.M.I.D.R.e.q.u.e.s.t.s.>.<.g.d.m.d.m.i.d.>.<.r.i.d.>.2.<./.r.i.d.>.<.m.i.d.><REDACTED><./.m.i.d.>.<./.g.d.m.d.m.i.d.>.<./.M.I.D.R.e.q.u.e.s.t.s.>.<.H.W.I.D.R.e.q.u.e.s.t.s.>.<./.H.W.I.D.R.e.q.u.e.s.t.s.>.<./.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.q.u.e.s.t.>.<./.s.:.B.o.d.y.>.<./.s.:.E.n.v.e.l.o.p.e.>.
  22. DST: HTTP/1.1 200 OK
  23. DST: Cache-Control: private
  24. DST: Content-Type: text/xml; charset=utf-16LE
  25. DST: Server: Microsoft-IIS/8.5
  26. DST: X-AspNet-Version: 4.0.30319
  27. DST: X-Powered-By: ASP.NET
  28. DST: Date: Fri, 20 Apr 2018 12:54:16 GMT
  29. DST: Content-Length: 1724
  30. DST:
  31. DST: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.<.s.:.E.n.v.e.l.o.p.e. .x.m.l.n.s.:.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...x.m.l.s.o.a.p...o.r.g./.s.o.a.p./.e.n.v.e.l.o.p.e./.".>.<.s.:.H.e.a.d.e.r.>.<.h.:.c.c. .x.m.l.n.s.:.h.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.". .x.m.l.n.s.:.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e.".>.<.h.:.c.m.d.r.>.8.<./.h.:.c.m.d.r.>.<.h.:.c.m.d.n.r.>.5.<./.h.:.c.m.d.n.r.>.<.h.:.r.b.s.>.1.<./.h.:.r.b.s.>.<.h.:.b.o.i.>.3.0.<./.h.:.b.o.i.>.<.h.:.m.r.l.>.5.<./.h.:.m.r.l.>.<./.h.:.c.c.>.<.h.:.p.h.u.r.i. .x.m.l.n.s.:.h.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.".>.h.t.t.p.:././.p.a.c.k.a.g.e.s...d.m.d...m.e.t.a.s.e.r.v.i.c.e.s...m.i.c.r.o.s.o.f.t...c.o.m./.p.r.o.d./.<./.h.:.p.h.u.r.i.>.<./.s.:.H.e.a.d.e.r.>.<.s.:.B.o.d.y.>.<.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.s.p.o.n.s.e. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s."
  32. DST: .>.<.M.I.D.R.e.s.p.o.n.s.e.s. .x.m.l.n.s.:.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e.".>.<.d.m.d.m.i.d.>.<.r.i.d.>.2.<./.r.i.d.>.<.s.c.>.1.0.0.<./.s.c.>.<./.d.m.d.m.i.d.>.<./.M.I.D.R.e.s.p.o.n.s.e.s.>.<.H.W.I.D.R.e.s.p.o.n.s.e.s. .x.m.l.n.s.:.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e."./.>.<./.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.s.p.o.n.s.e.>.<./.s.:.B.o.d.y.>.<./.s.:.E.n.v.e.l.o.p.e.>.
  33. SRC: POST /dms/metadata.svc HTTP/1.1
  34. SRC: Connection: Keep-Alive
  35. SRC: Content-Type: text/xml; charset="UTF-16LE"
  36. SRC: User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
  37. SRC: SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
  38. SRC: Content-Length: 2048
  39. SRC: Host: dmd.metaservices.microsoft.com
  40. SRC:
  41. SRC:
  42. SRC: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.<.s.:.E.n.v.e.l.o.p.e. .x.m.l.n.s.:.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...x.m.l.s.o.a.p...o.r.g./.s.o.a.p./.e.n.v.e.l.o.p.e./.".>.<.s.:.H.e.a.d.e.r.>.<.h.:.c.d. .x.m.l.n.s.:.h.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.".>.<.h.:.c.v.>.1.0...0...1.6.2.9.9.<./.h.:.c.v.>.<.h.:.c.c.>.B.I.H.<./.h.:.c.c.>.<./.h.:.c.d.>.<./.s.:.H.e.a.d.e.r.>.<.s.:.B.o.d.y.>.<.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.q.u.e.s.t. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.".>.<.L.o.c.L.i.s.t.>.<.l.o.c.>.M.u.l.t.i.L.o.c.<./.l.o.c.>.<.l.o.c.>.e.n.-.U.S.<./.l.o.c.>.<.l.o.c.>.e.n.<./.l.o.c.>.<./.L.o.c.L.i.s.t.>.<.M.I.D.R.e.q.u.e.s.t.s.>.<./.M.I.D.R.e.q.u.e.s.t.s.>.<.H.W.I.D.R.e.q.u.e.s.t.s.>.<.g.d.m.d.h.w.i.d.>.<.r.i.d.>.3.<./.r.i.d.>.<.h.w.i.d.s.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.\.V.I.D._.0.5.8.F.&.a.m.p.;.P.I.D._.6.3.8.7.&.a.m.p.;.R.E.V._.0.1.0.1.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.S.T.O.R.\.D.i.s.k.G.e.n.e.r.i.c._.F.l.a.s.h._.D.i.s.k._._._._._._.8...0.1.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.S.T.O.R.A.G.E.\.V.o.l.u.m.e.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.\.V.I.D._.0.5.8.F.&.a.m.p.;.P.I.D._.6.3.8.7.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.S.T.O.R.\.D.i.s.k.G.e.
  43. SRC: n.e.r.i.c._.F.l.a.s.h._.D.i.s.k._._._._._._.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.S.T.O.R.\.D.i.s.k.G.e.n.e.r.i.c._.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.S.T.O.R.\.G.e.n.e.r.i.c._.F.l.a.s.h._.D.i.s.k._._._._._._.8.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.G.e.n.e.r.i.c._.F.l.a.s.h._.D.i.s.k._._._._._._.8.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.U.S.B.S.T.O.R.\.G.e.n.D.i.s.k.<./.h.w.i.d.>.<.h.w.i.d.>.D.O.I.D.:.G.e.n.D.i.s.k.<./.h.w.i.d.>.<./.h.w.i.d.s.>.<./.g.d.m.d.h.w.i.d.>.<./.H.W.I.D.R.e.q.u.e.s.t.s.>.<./.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.q.u.e.s.t.>.<./.s.:.B.o.d.y.>.<./.s.:.E.n.v.e.l.o.p.e.>.
  44. DST: HTTP/1.1 200 OK
  45. DST: Cache-Control: private
  46. DST: Content-Type: text/xml; charset=utf-16LE
  47. DST: Server: Microsoft-IIS/8.5
  48. DST: X-AspNet-Version: 4.0.30319
  49. DST: X-Powered-By: ASP.NET
  50. DST: Date: Fri, 20 Apr 2018 12:54:16 GMT
  51. DST: Content-Length: 1730
  52. DST:
  53. DST: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".u.t.f.-.1.6.".?.>.<.s.:.E.n.v.e.l.o.p.e. .x.m.l.n.s.:.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...x.m.l.s.o.a.p...o.r.g./.s.o.a.p./.e.n.v.e.l.o.p.e./.".>.<.s.:.H.e.a.d.e.r.>.<.h.:.c.c. .x.m.l.n.s.:.h.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.". .x.m.l.n.s.:.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e.".>.<.h.:.c.m.d.r.>.8.<./.h.:.c.m.d.r.>.<.h.:.c.m.d.n.r.>.5.<./.h.:.c.m.d.n.r.>.<.h.:.r.b.s.>.1.<./.h.:.r.b.s.>.<.h.:.b.o.i.>.3.0.<./.h.:.b.o.i.>.<.h.:.m.r.l.>.5.<./.h.:.m.r.l.>.<./.h.:.c.c.>.<.h.:.p.h.u.r.i. .x.m.l.n.s.:.h.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s.".>.h.t.t.p.:././.p.a.c.k.a.g.e.s...d.m.d...m.e.t.a.s.e.r.v.i.c.e.s...m.i.c.r.o.s.o.f.t...c.o.m./.p.r.o.d./.<./.h.:.p.h.u.r.i.>.<./.s.:.H.e.a.d.e.r.>.<.s.:.B.o.d.y.>.<.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.s.p.o.n.s.e. .x.m.l.n.s.=.".h.t.t.p.:././.s.c.h.e.m.a.s...m.i.c.r.o.s.o.f.t...c.o.m./.w.i.n.d.o.w.s.m.e.t.a.d.a.t.a./.s.e.r.v.i.c.e.s./.2.0.0.7./.0.9./.1.8./.d.m.s."
  54. DST: .>.<.M.I.D.R.e.s.p.o.n.s.e.s. .x.m.l.n.s.:.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e."./.>.<.H.W.I.D.R.e.s.p.o.n.s.e.s. .x.m.l.n.s.:.i.=.".h.t.t.p.:././.w.w.w...w.3...o.r.g./.2.0.0.1./.X.M.L.S.c.h.e.m.a.-.i.n.s.t.a.n.c.e.".>.<.d.m.d.h.w.i.d.>.<.r.i.d.>.3.<./.r.i.d.>.<.s.c.>.1.0.0.<./.s.c.>.<./.d.m.d.h.w.i.d.>.<./.H.W.I.D.R.e.s.p.o.n.s.e.s.>.<./.D.e.v.i.c.e.M.e.t.a.d.a.t.a.B.a.t.c.h.R.e.s.p.o.n.s.e.>.<./.s.:.B.o.d.y.>.<./.s.:.E.n.v.e.l.o.p.e.>.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement