1476976839.xiazaidown.com down10.zol.com.cn Unknown PUP PUA Adware Malware PCAP file Download

Download Attachments

  • 1 pcap 42
    Date added: October 26, 2016 5:31 am Added by: admin File size: 699 KB Downloads: 67

2016-10-23 01:06:22.123126 IP 192.168.1.102.58823 > 61.160.210.226.80: Flags [P.], seq 0:314, ack 1, win 256, length 314: HTTP: GET /cx/160624/6/@19_424481.exe HTTP/1.1
E..bb.@….`…f=……P……..P…G…GET /cx/160624/6/@19_424481.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 1476976839.xiazaidown.com
Connection: Keep-Alive

2016-10-23 01:06:35.377330 IP 192.168.1.102.58827 > 123.103.57.66.80: Flags [P.], seq 0:157, ack 1, win 64240, length 157: HTTP: GET /corp/test/soft.php?id=424481 HTTP/1.1
E…]$@…&W…f{g9B…P.&9.d.7.P….”..GET /corp/test/soft.php?id=424481 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: installer.zol.com.cn
Connection: Keep-Alive
Cache-Control: no-cache

2016-10-23 01:06:35.635663 IP 192.168.1.102.58827 > 123.103.57.66.80: Flags [.], ack 2491, win 64240, length 0
E..(]%@…&….f{g9B…P.&:.d.A.P………….
2016-10-23 01:06:35.845879 IP 192.168.1.102.58826 > 121.41.10.159.80: Flags [P.], seq 178:366, ack 456, win 254, length 188: HTTP: GET /cfg.php?id=424481[1]&qid=19&rand=52229065361&title=&t=0&flag=1024 HTTP/1.1
E…E.@…nw…fy)
….P(…..}aP…….GET /cfg.php?id=424481[1]&qid=19&rand=52229065361&title=&t=0&flag=1024 HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: down.xiald.com
Connection: Keep-Alive
Cache-Control: no-cache

2016-10-23 01:06:36.167633 IP 192.168.1.102.58826 > 121.41.10.159.80: Flags [.], ack 3376, win 256, length 0
E..(E.@…o2…fy)
….P(…….P………….
2016-10-23 01:06:36.439835 IP 192.168.1.102.58826 > 121.41.10.159.80: Flags [.], ack 4836, win 256, options [nop,nop,sack 1 {6296:7756}], length 0

E..(5.@…8X…f…….P..e..v.?P…>5……..
2016-10-23 01:06:37.561673 IP 192.168.1.102.58828 > 220.243.237.154.80: Flags [P.], seq 0:116, ack 1, win 256, length 116: HTTP: GET /shichangbu/ico/haitao1hao.ico HTTP/1.0
E…5.@…7….f…….P..e..v.?P…….GET /shichangbu/ico/haitao1hao.ico HTTP/1.0
Host: down.shg20.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*

016-10-23 01:06:40.477407 IP 192.168.1.102.58830 > 112.124.60.81.80: Flags [P.], seq 0:148, ack 1, win 256, length 148: HTTP: GET /xml/LinkConfig1.php HTTP/1.1
E…w.@……..fp|<Q…P#..:..W.P…K…GET /xml/LinkConfig1.php HTTP/1.1
User-Agent: NSIS_Inetc (Mozilla)
Host: confignew.3lsoft.com
Connection: Keep-Alive
Cache-Control: no-cache

2016-10-23 01:06:40.791753 IP 192.168.1.102.58830 > 112.124.60.81.80: Flags [.], ack 702, win 253, length 0
E..(w.@….5…fp|<Q…P#…..ZuP…1………
2016-10-23 01:06:41.101849 IP 192.168.1.102.58831 > 121.40.152.197.6100: Flags [S], seq 14993108, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4!.@……..fy(……………. ……………..

E..(x.@….c…f…….P..t…..P….r……..
2016-10-23 01:07:40.663531 IP 192.168.1.102.58838 > 220.243.235.201.80: Flags [P.], seq 0:230, ack 1, win 256, length 230: HTTP: GET /sc/xiazaiqi.html HTTP/1.1
E…x.@….|…f…….P..t…..P…`g..GET /sc/xiazaiqi.html HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0)
Host: xiazai.xiazai2.net
Connection: Keep-Alive

2016-10-23 01:07:40.722265 IP 192.168.1.102.58838 > 220.243.235.201.80: Flags [.], ack 949, win 252, options [nop,nop,sack 1 {1:949}], length 0
E..4x.@….U…f…….P..u……….-…..

E..(@.@……..f..PE…P=…….P………….
2016-10-23 01:07:40.883641 IP 192.168.1.102.58837 > 222.163.80.69.80: Flags [P.], seq 0:166, ack 1, win 256, length 166: HTTP: GET /cad/bjbwxwkqd_zolAB.zip HTTP/1.1
E…@.@….\…f..PE…P=…….P….4..GET /cad/bjbwxwkqd_zolAB.zip HTTP/1.1
User-Agent: LXdl_plug-in v15.06.10 (compatible; MSIE 9.0; Windows NT 6.0)
Host: down10.zol.com.cn
Cache-Control: no-cache

Leave a Reply