CapitalOne Capital One Bank Auto Loans Phishing Campaign PCAP file download Traffic Analysis

Download Attachments

  • 1 pcap capone
    Date added: April 18, 2017 2:28 am Added by: admin File size: 2 MB Downloads: 49

Landing page:

 

Sample of posting credentials:

 

2017-04-17 21:57:05.598674 IP 192.168.1.100.41236 > 89.46.73.231.80: Flags [P.], seq 1:535, ack 1, win 229, options [nop,nop,TS val 1037028158 ecr 1270481385], length 534: HTTP: POST /CapitaLonE/SignIn/page/booting.php HTTP/1.1
E..J;.@.@……dY.I….P.5..u}>P….g^…..
=..>K…POST /CapitaLonE/SignIn/page/booting.php HTTP/1.1
Host: 89.46.73.231
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://89.46.73.231/CapitaLonE/SignIn/page/
Cookie: PHPSESSID=aepqe8mcrenvcnj1utpej09oi2
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 31

userId=johnny5&userPass=johnny5
2017-04-17 21:57:05.722090 IP 89.46.73.231.80 > 192.168.1.100.41236: Flags [.], ack 535, win 243, options [nop,nop,TS val 1270481511 ecr 1037028158], length 0
E..4<7@.5..kY.I….d.P..u}>P.5………….
K..g=..>
2017-04-17 21:57:06.135295 IP 89.46.73.231.80 > 192.168.1.100.41236: Flags [P.], seq 1:273, ack 535, win 243, options [nop,nop,TS val 1270481924 ecr 1037028158], length 272: HTTP: HTTP/1.1 302 Moved Temporarily
E..D<8@.5..ZY.I….d.P..u}>P.5……l……
K…=..>HTTP/1.1 302 Moved Temporarily
Date: Tue, 18 Apr 2017 01:55:28 GMT
Server: Apache/2.4.25 (Unix)
X-Powered-By: PHP/5.6.30
Location: ../page/index1.php
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Leave a Reply