BETONLINE.AG poker betonline.ag PCAP file download Traffic Analysis Sample

Betonline.ag poker site pcap traffic sample

 

2017-09-25 15:49:10.187283 IP 192.168.1.102.57820 > 75.75.75.75.53: 27634+ A? poker.betonline.ag. (36)
E..@.-………fKKKK…5.,[‘k…………poker betonline.ag…..
2017-09-25 15:49:12.457700 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 1454268158:1454268182, ack 2127766518, win 32458, length 24
E..@T.@…)….f2..h…2V.^.~.#.P.~..F…0………………….
2017-09-25 15:49:12.589103 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 25, win 32452, length 0
E..(T.@…)….f2..h…2V._.~.$.P.~………..
2017-09-25 15:49:47.366759 IP 192.168.1.102.49487 > 75.75.75.75.53: 8606+ A? www.google-analytics.com. (42)
E..F………..fKKKK.O.5.2.;!…………www.google-analytics.com…..
2017-09-25 15:49:49.584408 IP 192.168.1.102.52369 > 75.75.75.75.53: 10203+ A? poker.tigergaming.com. (39)
E..C./………fKKKK…5./D.’…………poker.tigergaming.com…..
2017-09-25 15:49:49.615175 IP 192.168.1.102.52369 > 75.75.76.76.53: 10203+ A? poker.tigergaming.com. (39)
E..C<……….fKKLL…5./C.’…………poker.tigergaming.com…..
2017-09-25 15:50:07.611927 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 24:48, ack 25, win 32452, length 24
E..@T.@…)….f2..h…2V._.~.$.P.~……0………………….
2017-09-25 15:50:07.728399 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 49, win 32446, length 0
E..(T.@…)….f2..h…2V._.~.$&P.~..b……..
2017-09-25 15:50:08.575969 IP 192.168.1.102.55489 > 75.75.75.75.53: 11174+ A? client-cf.dropbox.com. (39)
E..C.1………fKKKK…5./ .+……….. client-cf.dropbox.com…..
2017-09-25 15:51:02.698632 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 48:72, ack 49, win 32446, length 24
E..@T.@…)….f2..h…2V._.~.$&P.~……0………………….
2017-09-25 15:51:02.814051 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 73, win 32440, length 0
E..(T.@…)….f2..h…2V._F~.$>P.~..8……..
2017-09-25 15:51:17.250346 IP 192.168.1.102.50604 > 75.75.75.75.53: 7567+ A? ipcast1.dynupdate.noip.com. (44)
E..H.2………fKKKK…5.4……………ipcast1 dynupdate.noip.com…..
2017-09-25 15:51:57.784824 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 72:96, ack 73, win 32440, length 24
E..@T.@…)….f2..h…2V._F~.$>P.~……0………………….
2017-09-25 15:51:57.899186 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 97, win 32434, length 0
E..(T.@…)….f2..h…2V._^~.$VP.~………..
2017-09-25 15:52:52.873056 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 96:120, ack 97, win 32434, length 24
E..@T.@…)….f2..h…2V._^~.$VP.~……0………………….
2017-09-25 15:52:52.988402 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 121, win 32428, length 0
E..(T.@…)….f2..h…2V._v~.$nP.~………..
2017-09-25 15:53:47.959655 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 120:144, ack 121, win 32428, length 24
E..@T.@…)….f2..h…2V._v~.$nP.~..t…0………………….
2017-09-25 15:53:48.074117 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 145, win 32422, length 0
E..(T.@…)….f2..h…2V._.~.$.P.~………..
2017-09-25 15:54:43.048410 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 144:168, ack 145, win 32422, length 24
E..@T.@…)….f2..h…2V._.~.$.P.~..J…0………………….
2017-09-25 15:54:43.164776 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 169, win 32416, length 0
E..(T.@…)….f2..h…2V._.~.$.P.~………..
~
~
~
~

Malware Trojan Downloader Dropper cubeupload.com PCAP file download traffic analysis

 

 

43 engines detected this file
SHA-256 b069e7d29889bcdcc61e7936ad4800d2563c8618135f40c50e4dbcdc9314f505
File name gfD4vo.jpg
File size 522.61 KB
Last analysis 2017-09-25 22:14:16 UTC

 

FILE 2 – Dropper

 

23 engines detected this file
SHA-256 214325a508b6354286f0ba47afdf998ea8c5b87012d6fac08ec0e7a996ac1999
File name 2602033098198832.exe
File size 266.49 KB
Last analysis 2017-09-25 22:34:21 UTC
Community score -11

 

2017-09-25 16:39:29.774994 IP 192.168.1.102.61160 > 75.75.75.75.53: 16676+ A? i.cubeupload.com. (34)
E..>…….2…fKKKK…5.*z.A$………..i
cubeupload.com…..
2017-09-25 16:39:29.812702 IP 192.168.1.102.56856 > 46.4.115.108.80: Flags [S], seq 1274466961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@….|…f..sl…PK……… ……………..
2017-09-25 16:39:29.934339 IP 192.168.1.102.56856 > 46.4.115.108.80: Flags [.], ack 217614345, win 256, length 0
E..(..@……..f..sl…PK…… P….b……..
2017-09-25 16:39:30.010343 IP 192.168.1.102.56856 > 46.4.115.108.80: Flags [P.], seq 0:489, ack 1, win 256, length 489: HTTP: GET /gfD4vo.jpg HTTP/1.1
E…..@…}….f..sl…PK…… P…….GET /gfD4vo.jpg HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: i.cubeupload.com
Connection: Keep-Alive

2017-09-25 16:39:30.748418 IP 192.168.1.102.56858 > 192.35.177.64.80: Flags [P.], seq 0:139, ack 1, win 256, length 139: HTTP: GET /roots/dstrootcax3.p7c HTTP/1.1
E…T+@…r….f.#.@…P..i|.\.wP…D^..GET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com

 

2017-09-25 16:39:30.893843 IP 192.168.1.102.56858 > 192.35.177.64.80: Flags [.], ack 1219, win 251, length 0
E..(T,@…s1…f.#.@…P..j..\.9P………….
2017-09-25 16:39:30.924425 IP 192.168.1.102.61163 > 75.75.75.75.53: 19539+ A? isrg.trustid.ocsp.identrust.com. (49)
E..M……. …fKKKK…5.9.ZLS………..isrg.trustid.ocsp identrust.com…..
2017-09-25 16:39:30.942900 IP 192.168.1.102.56859 > 192.35.177.195.80: Flags [S], seq 1854319918, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4u.@…Q5…f.#…..Pn……… . ……………
2017-09-25 16:39:31.041398 IP 192.168.1.102.56859 > 192.35.177.195.80: Flags [.], ack 2211464567, win 256, length 0
E..(u.@…Q@…f.#…..Pn../..EwP….u……..
2017-09-25 16:39:31.042271 IP 192.168.1.102.56859 > 192.35.177.195.80: Flags [P.], seq 0:247, ack 1, win 256, length 247: HTTP: GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D HTTP/1.1
E…u.@…PH…f.#…..Pn../..EwP…….GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: isrg.trustid.ocsp.identrust.com

2017-09-25 16:39:31.187180 IP 192.168.1.102.61164 > 75.75.75.75.53: 10447+ A? ocsp.int-x3.letsencrypt.org. (45)
E..I…….#…fKKKK…5.5..(…………ocsp.int-x3.letsencrypt.org…..
2017-09-25 16:39:31.277686 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [P.], seq 295:812, ack 3052, win 256, length 517
E..-..@…}x…f..sl…..(….dJP….&………..c]..c!.=.AW….cb?.c.R.a…..&..(J$.k.q>?….N!D….w#…X.z.Hy.G..0.AH..”T$~9^..t…[.2…u)”…………U…h…..{.+.d……G.Z{..I\…….8…..{..+%g..).I…O..’…+*.5N.[C>..#…0c….I.y.T~!xy*….p7..1….*
._.X#…..t.o…a…-.i…a..).G…j…zm….4..9…..6…G<s.wX….EOx.x.h.G.{…..>.#q..K…..[.y…D….X…U….K*.’+..D…4…..r=L…..fw..y$i] ..7X….]..\.!.o..<..-fXW…~2..\….&…F..B.$_…\Q.]…..`+..#.:S*..g.5*..>…V…Q{…..S.{|.O…s..6]……].h…….G..%[3..8.+.6r~C.>|.v
2017-09-25 16:39:31.393111 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 5972, win 256, length 0
E..(..@….|…f..sl…..(….o.P………….
2017-09-25 16:39:31.394922 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 8892, win 256, length 0
E..(..@….{…f..sl…..(….{.P….Q……..
2017-09-25 16:39:31.395511 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 11812, win 256, length 0
E..(..@….z…f..sl…..(……P………….
2017-09-25 16:39:31.396583 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 14732, win 256, length 0
E..(..@….y…f..sl…..(……P………….
2017-09-25 16:39:31.397200 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 17652, win 256, length 0
E..(..@….x…f..sl…..(…..RP………….
2017-09-25 16:39:31.508500 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 20572, win 256, length 0
E..(..@….w…f..sl…..(……P…|………
2017-09-25 16:39:31.509234 IP 192.168.1.102.56857 > 46.4.115.108.443: Flags [.], ack 23492, win 256, length 0
E..(..@….v…f..sl…..(…..”P…qI……..

2017-09-25 16:39:48.032574 IP 192.168.1.102.61165 > 75.75.75.75.53: 52627+ A? drazalier.net. (31)
E..;…….0…fKKKK…5.’.^………… drazalier.net…..
2017-09-25 16:39:48.181862 IP 192.168.1.102.56861 > 62.210.101.38.80: Flags [S], seq 436295889, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..45.@…^….f>.e&…P..X……. ……………..
2017-09-25 16:39:48.293504 IP 192.168.1.102.56861 > 62.210.101.38.80: Flags [.], ack 3080210756, win 256, length 0
E..(5.@…_ …f>.e&…P..X…IDP………….
2017-09-25 16:39:48.300187 IP 192.168.1.102.56861 > 62.210.101.38.80: Flags [P.], seq 0:499, ack 1, win 256, length 499: HTTP: GET /PO/2602033098198832.exe HTTP/1.1
E…5.@…]….f>.e&…P..X…IDP…….GET /PO/2602033098198832.exe HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: drazalier.net
Connection: Keep-Alive

 

Bor.uz Locky Ransomware Malware NO C2 Traffic Analysis PCAP file download

24 engines detected this file
SHA-256 8feb981439774342fbe7c7a25c21d9cbae58f4cc13feb0ebf3657a85f2142158
File name YTkjdJH7w1.exe
File size 591 KB
Last analysis 2017-09-25 15:50:03 UTC

AegisLab

Ransom.Cerber.Smaly0!c

Avast

FileRepMalware

AVG

FileRepMalware

Baidu

Win32.Trojan.WisdomEyes.16070401.9500.9999

CrowdStrike Falcon

malicious_confidence_100% (W)

Cylance

Unsafe

2017-09-25 16:50:29.002420 IP 192.168.1.102.57680 > 75.75.75.75.53: 45408+ A? bor.uz. (24)
E..4…….”…fKKKK.P.5. #..`………..bor.uz…..
2017-09-25 16:50:29.529203 IP 192.168.1.102.56893 > 62.209.133.18.80: Flags [S], seq 2670765003, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4\.@….I…f>….=.P.0…….. ……………..
2017-09-25 16:50:29.719862 IP 192.168.1.102.56893 > 62.209.133.18.80: Flags [.], ack 1966844122, win 256, length 0
E..(\.@….T…f>….=.P.0..u;..P….A……..
2017-09-25 16:50:29.731330 IP 192.168.1.102.56893 > 62.209.133.18.80: Flags [P.], seq 0:479, ack 1, win 256, length 479: HTTP: GET /YTkjdJH7w1 HTTP/1.1
E…\.@….t…f>….=.P.0..u;..P…d~..GET /YTkjdJH7w1 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: bor.uz
Connection: Keep-Alive

2017-09-25 16:50:32.505137 IP 192.168.1.102.56894 > 62.209.133.18.80: Flags [P.], seq 0:268, ack 1, win 256, length 268: HTTP: GET /favicon.ico HTTP/1.1
E..4]Y@….y…f>….>.P.E..j^e’P…….GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Host: bor.uz
Connection: Keep-Alive

 

 

======================================

BINARY STRINGS

++++++++++++++++++++++++++++++++++++++

 

This program cannot be run in DOS mode.
.text
`.rdata
@.data
.rsrc
=o)A
GGWPP
Proc
essMh@)A
hVirt
hvQ3r_Q
DSDS
CreateDesktopW
IsDialogMessageW
IsCharUpperA
LoadIconA
LoadMenuW
PostMessageA
LoadStringW
LoadCursorA
DrawStateW
MessageBoxA
GetClassLongA
DispatchMessageW
GetPropA
user32.dll
LeaveCriticalSection
GetModuleHandleW
GetFileAttributesW
FindNextFileA
GetConsoleAliasW
GetCurrentThread
SearchPathW
GetStringTypeA
GetProcAddress
GetExpandedNameW
GetLogicalDriveStringsA
GetProfileSectionA
GetCurrentProcess
LoadLibraryA
WaitNamedPipeA
GetTempPathW
WaitForSingleObject
GetModuleFileNameA
IsBadReadPtr
kernel32.dll

NEW LOCKY RANSOMWARE VARIANT g46mbrrzpfszonuk.onion NO C2 PCAP file download traffic analysis

49 engines detected this file
SHA-256 ce48b278f8b823c25b222a33027248299bff3cdc2a6bdb0fdceecb0922dd790a
File name jhdsgvc74
File size 653 KB
Last analysis 2017-09-25 08:23:44 UTC
Community score -78

ESET-NOD32

Win32/Filecoder.Locky.L

F-Secure

Trojan.RanSerKD.12397146

Fortinet

W32/Locky.FWSD!tr.ransom

GData

Trojan.RanSerKD.12397146

Ikarus

Trojan.Win32.Filecoder

K7AntiVirus

Trojan ( 0051497b1 )

K7GW

Trojan ( 0051497b1 )

Kaspersky

Trojan-Ransom.Win32.Locky.ztt

2017-09-25 17:50:32.217002 IP 192.168.1.102.58790 > 75.75.75.75.53: 46557+ A? ar-inversiones.com. (36)
E..@…….:…fKKKK…5.,……………ar-inversiones.com…..
2017-09-25 17:50:32.397644 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [S], seq 2979498304, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4M5@…KU…f%.z4.’.P…@…… ……………..
2017-09-25 17:50:32.546454 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [.], ack 2169675136, win 256, length 0
E..(M6@…K`…f%.z4.’.P…A.R..P….w……..
2017-09-25 17:50:32.556435 IP 192.168.1.102.57127 > 37.247.122.52.80: Flags [P.], seq 0:490, ack 1, win 256, length 490: HTTP: GET /jhdsgvc74 HTTP/1.1
E…M7@…Iu…f%.z4.’.P…A.R..P…0C..GET /jhdsgvc74 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: ar-inversiones.com/jhdsgvc74
Connection: Keep-Alive

 

2017-09-25 17:52:34.606370 IP 192.168.1.102.50739 > 75.75.75.75.53: 28660+ A? lordmartins.com. (33)
E..=…….;…fKKKK.3.5.).-o…………lordmartins.com…..

 

2017-09-25 17:53:19.760276 IP 192.168.1.102.64353 > 75.75.75.75.53: 11634+ A? g46mbrrzpfszonuk.onion. (40)
E..D…….’…fKKKK.a.5.0..-r………..g46mbrrzpfszonuk.onion…..

NEW Locky Ransomware PCAP file download traffic analysis gokeenakte.top NO C2 Used

51 engines detected this file
SHA-256 8514a2eca4090f400a43c4af915eb3ef6e9c15dabe69716189e7c68c72cfa285
File name 1
File size 617 KB
Last analysis 2017-09-25 04:21:44 UTC
Community score -50

2017-09-25 17:31:45.176820 IP 192.168.1.102.57004 > 47.89.249.183.80: Flags [P.], seq 0:482, ack 1, win 256, length 482: HTTP: GET /url/1 HTTP/1.1
E..
p @……..f/Y…..P!Ke.`…P…….GET /url/1 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; InfoPath.2)
Accept-Encoding: gzip, deflate
Host: gokeenakte.top
Connection: Keep-Alive

2017-09-25 17:33:25.458134 IP 192.168.1.102.57009 > 91.203.5.162.80: Flags [S], seq 1347326132, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4H%@….#…f[……PPN…….. .k……………
2017-09-25 17:33:31.173039 IP 192.168.1.102.57005 > 40.70.221.249.443: Flags [F.], seq 2336, ack 4383, win 258, length 0
E..(M.@……..f(F……’Q-..P..P………….
2017-09-25 17:33:31.213749 IP 192.168.1.102.57005 > 40.70.221.249.443: Flags [.], ack 4384, win 258, length 0
E..(M.@……..f(F……’Q-..P..P………….
2017-09-25 17:33:31.459273 IP 192.168.1.102.57009 > 91.203.5.162.80: Flags [S], seq 1347326132, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0H&@….&…f[……PPN……p. ………….
2017-09-25 17:33:36.338616 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [P.], seq 48:72, ack 49, win 32762, length 24
E..@Us@…(….f2..h…2V.kC~.0.P….7…0……#…$………..
2017-09-25 17:33:36.457114 IP 192.168.1.102.49694 > 50.22.136.104.5938: Flags [.], ack 73, win 32756, length 0
E..(Ut@…(….f2..h…2V.k[~.0.P…h~……..
2017-09-25 17:33:43.473893 IP 192.168.1.102.57010 > 149.154.68.190.80: Flags [S], seq 1790950938, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4@N@……..f..D….Pj……… ……………..
2017-09-25 17:33:46.474293 IP 192.168.1.102.57010 > 149.154.68.190.80: Flags [S], seq 1790950938, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4@O@……..f..D….Pj……… ……………..
2017-09-25 17:33:52.477158 IP 192.168.1.102.57010 > 149.154.68.190.80: Flags [S], seq 1790950938, win 8192, options [mss 1460,nop,nop,sackOK], length 0
E..0@P@……..f..D….Pj…….p. ………….
2017-09-25 17:34:04.495275 IP 192.168.1.102.57011 > 91.203.5.162.80: Flags [S], seq 2489365195, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4H’@….!…f[……P.`…….. ..e…………..
2017-09-25 17:34:07.498299 IP 192.168.1.102.57011 > 91.203.5.162.80: Flags [S], seq 2489365195, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4H(@…. …f[……P.`…….. ..e…………..
2017-09-25 17:34:13.513209 IP 192.168.1.102.57011 > 91.203.5.162.80: Flags [S], seq 2489365195, win 8192, options [mss 1460,nop,nop,sackOK], length 0