Text Example

@getBootstrapCDN TWITTER Malware Trojan Downloader Click Fraud PCAP File Download Traffic Sample batdongsantaynambo.com.vn

Download Attachments

  • 1 pcap as
    Date added: May 30, 2019 6:39 am Added by: admin File size: 417 KB Downloads: 48

2019-05-29 22:03:15.716964 IP 10.1.10.162.49185 > 103.221.223.17.80: Flags [P.], seq 319437355:319437820, ack 122938386, win 16425, length 465: HTTP: GET /wp-content/themes/willgroup/inc/acf/as HTTP/1.1
E…..@…..
.
.g….!.P.
:+.S..P.@)4…GET /wp-content/themes/willgroup/inc/acf/as HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, /
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: batdongsantaynambo.com.vn
Connection: Keep-Alive

2019-05-29 22:03:16.670058 IP 103.221.223.17.80 > 10.1.10.162.49185: Flags [P.], seq 7301:8643, ack 465, win 22, length 1342: HTTP
E .fQc..)..}g…
2019-05-29 22:03:16.765568 IP 10.1.10.162.49197 > 204.237.142.161.80: Flags [P.], seq 3885137682:3885138158, ack 3673702138, win 16425, length 476: HTTP: GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare HTTP/1.1
E…..@…..
.
……-.P……>.P.@)~j..GET /button/st_insights.js?publisher=4d48b7c5-0ae3-43d4-bfbe-3ff8c17a8ae6&product=simpleshare HTTP/1.1
Accept: /
Referer: http://batdongsantaynambo.com.vn/wp-content/themes/willgroup/inc/acf/as
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: w.sharethis.com
Connection: Keep-Alive

2019-05-29 22:03:16.791424 IP 209.197.3.15.80 > 10.1.10.162.49196: Flags [P.], seq 4828:5890, ack 449, win 60, length 1062: HTTP
E .N.(@.6…….
.
..P.,..E..d3&P..<….r…….c…ZW.1}.K=Yrnx..{….@..#.s.b.(g.#.$…]..X…/u.876,.W…Y..3j…..>g.j./.”-.w..d…>V..].|……..>x.R…….?…./#0.H..N.g.R’.Xp.H…-.a…..B…..i..N./t..Y….f..L@……..Z…d$..{HZ.PH.H@6.pRT..V…J{.T…&..e…n]……….5…|..WX.#W.:..)…B!.#%Y+……..0…..4….&..Y.Fa…f……e. ..~..>…>b…….]……f…Pi.HL6..#.
..F……v…bL.e………t&U.3MJ2.=bR…V..)<8d1E.p..P…..t..a…..I.v.%..I..v..8..!!X.7.^..:…….O.@..x………..#…..L..’…q.M..H.(…sw….<.9…_.1….( J.&….~>.R.@.yB…..R ..|….GBj/B![…+.1O?..5.. %……..;!…G…zHH…k..$^.Y<..L.,..Kd.;..T ^7..ZFr7….Ibs..x.Y.”3..30.9…9.#&l.A..U).t.R|…. -!u..w…..]..n.V.iW..RB..VVMyq.5.Q..t..r.b&1..I….@…d..”.+…N…,.r$!.X/.mE..9..^…….6.\m.j..”P.!!.X..e…(!……’….. ..{bu..K..’..vp. l………..L..vS..`….H.Acv…. ……$.. ..>.r…..’$……Yf… i…a eIn.b…7.3n……V=.c{.DV=(..l ….Mo
.. …%………(….x…OZs….i……….
2019-05-29 22:03:16.793379 IP 209.197.3.15.80 > 10.1.10.162.49196: Flags [P.], seq 1:448, ack 449, win 60, length 447: HTTP: HTTP/1.1 200 OK
E …$@.6..U….
.
..P.,..2..d3&P..<.I..HTTP/1.1 200 OK
Date: Thu, 30 May 2019 02:03:16 GMT
Connection: Keep-Alive
Accept-Ranges: bytes
ETag: “1544639719”
Content-Encoding: gzip
Content-Length: 5442
Content-Type: text/css; charset=utf-8
Last-Modified: Wed, 12 Dec 2018 18:35:19 GMT
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter

2019-05-29 22:03:17.300171 IP 10.1.10.162.49186 > 103.221.223.17.80: Flags [P.], seq 456:903, ack 5552, win 16425, length 447: HTTP: GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1
E…..@….x
.
.g….”.PXQ?.Zb..P.@)….GET /wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4 HTTP/1.1
Accept: /
Referer: http://batdongsantaynambo.com.vn/wp-content/themes/willgroup/inc/acf/as
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: batdongsantaynambo.com.vn
Connection: Keep-Alive

2019-05-29 22:03:17.305502 IP 10.1.10.162.49196 > 209.197.3.15.80: Flags [P.], seq 449:894, ack 5890, win 16425, length 445: HTTP: GET /font-awesome/4.3.0/fonts/fontawesome-webfont.eot? HTTP/1.1
E…..@…..
.
……,.P.d3&..I.P.@).W..GET /font-awesome/4.3.0/fonts/fontawesome-webfont.eot? HTTP/1.1
Accept: /
Referer: http://batdongsantaynambo.com.vn/wp-content/themes/willgroup/inc/acf/as
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: maxcdn.bootstrapcdn.com
Connection: Keep-Alive

2019-05-29 22:03:20.996939 IP 10.1.10.162.49227 > 103.221.223.17.443: Flags [P.], seq 469823780:469823918, ack 3162838577, win 16425, length 138
E….|@….8
.
.g….K…..$…1P.@)…………….5.~.&..-“a[….. …uB.@g.?E:G…./.5…
….. .
.2.8…….@…………..batdongsantaynambo.com.vn……….
…………..
2019-05-29 22:03:21.000153 IP 10.1.10.162.49226 > 103.221.223.17.443: Flags [P.], seq 1306475388:1306475526, ack 1356580027, win 16425, length 138
E….~@….6
.
.g….J..M.;|P…P.@)…………….5…{..P..+.K3……k-I…..G…../.5…
….. .
.2.8…….@…………..batdongsantaynambo.com.vn……….
…………..
2019-05-29 22:03:21.267277 IP 10.1.10.162.49239 > 104.76.198.161.443: Flags [P.], seq 1456137481:1456137622, ack 2445346460, win 16425, length 141
E…..@…./
.
.hL…W..V.. ….P.@)…………….5.x.[}..o.V;.|.@ ..L….6i……/.5… ….. . .2.8…….C……..!…..c.sharethis.mgr.consensu.org………. ………….. 2019-05-29 22:03:21.286768 IP 104.76.198.161.443 > 10.1.10.162.49239: Flags [P.], seq 2921:3746, ack 141, win 237, length 825 E .a..@.8.(.hL.. . ….W….V…P…,…………0… ……0…. +…..0……0…0……..a..1a./(..F8.,……20190529032056Z0s0q0I0 ..+……….z….’.5…C………a..1a./(..F8.,………Pr…j.:….3….20190529032056Z….20190605023556Z0.. .H………….i.n9.P.|..@…R..>..i…J….4.)K..jn.BTJ…………../.\I.%k..\/x<0.{…C.w..X.’..n!nA….X..)….z.O.7qW.E…W…….:.QG.}S……....yb.u.,.G.. …K*pv.”…….G.6.-.[…’B.K……6.C…
.b..hO……..0=T…..=…Y….7.e./…e..(v.qB…~6..+.k:….K…G…A…….”.l……...mq..[.^..j{..}Wo..a.}....Q......h#e8.l.b...{I..o....A...G......3.......3.....sl.@..67.....W.. ...bz9a.C.I.....E.ksx.i...v5.....v....).../.VT....5.##.bB.”.?……]0…^’l.!…(d….q….{%.>……. .^..E..B.k.H./D…3.p?……h…|m..!.6…w<.tOJ.?~.y.U……..2?…^…..WK\wL…..pqh.9…e.K.…_K ……… 2019-05-29 22:03:21.305611 IP 10.1.10.162.49239 > 104.76.198.161.443: Flags [P.], seq 141:275, ack 3746, win 16425, length 134 E…..@….4 . .hL…W..V……=P.@)……..F…BA…b.(&7e.-d.i…v..”f……^wF3.L….&r..B…=.8.CP.b$.:.ur;………..0.h…….M.Y,.iP.j.3…hze….z…..I.8.K….}.W 2019-05-29 22:03:21.321761 IP 104.76.198.161.443 > 10.1.10.162.49239: Flags [P.], seq 3746:3805, ack 275, win 245, length 59 E .c..@.8.+.hL.. . ….W…=V…P……………..0.y.l..g[..Z………d…..”…3u`Y; …u(..L..B
2019-05-29 22:03:21.329715 IP 103.221.223.17.443 > 10.1.10.162.49225: Flags [P.], seq 8:430, ack 138, win 22, length 422
E ..Y]..
…g…
.
….I^
t…..P…….400 Bad Request

HTTPS is required

This is an SSL protected page, please use the HTTPS scheme instead of the plain HTTP scheme to access this URL.

Hint: The URL should starts with https://


Powered By LiteSpeed Web Server

http://www.litespeedtech.com

2019-05-29 22:04:14.347717 IP 10.1.10.162.49279 > 198.27.80.143.80: Flags [P.], seq 2027903908:2027904329, ack 3692538470, win 16425, length 421: HTTP: GET /stats/e.php?4214393&@Ab&@R95733&@w HTTP/1.1
E…..@…..
.
…P….Px.[….fP.@)….GET /stats/e.php?4214393&@Ab&@R95733&@w HTTP/1.1
Accept: /
Referer: http://batdongsantaynambo.com.vn/wp-content/themes/willgroup/inc/acf/as
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: s4.histats.com
Connection: Keep-Alive

Leave a Reply