PayPal Phishing Scam Fake Website PCAP file download Traffic Sample

Download Attachments

  • pcap paypal
    Date added: April 18, 2017 2:55 am Added by: admin File size: 170 KB Downloads: 61

PayPal Phishing landing page:

 

Stealing Credentials Traffic:

 

2017-04-17 22:00:47.498090 IP 192.168.1.100.46042 > 184.154.127.226.80: Flags [P.], seq 1:785, ack 1, win 229, options [nop,nop,TS val 1037083633 ecr 3076619526], length 784: HTTP: POST /inc/login.php HTTP/1.1
E..D..@.@..W…d…….P…2..a]………..
=….a}.POST /inc/login.php HTTP/1.1
Host: www.paypal.com4uswebappsresetaccountrecovery.timeseaways.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:43.0) Gecko/20100101 Firefox/43.0 Iceweasel/43.0.4
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://www.paypal.com4uswebappsresetaccountrecovery.timeseaways.com/
Content-Length: 285
Connection: keep-alive

user=johnny5alive%40gmail.com&pass=johnny5alive&xBrowser=Mozilla+FireFox+v43&xOperatingSystem=Linux&xPlatForm=Desktop+Platform&xTimeZone=Mon+Apr+17+2017+22%3A00%3A35+GMT-0400+(EDT)&xResoLution=Computer%3A+1920×1080%3B+Browser+inner%3A+1920×762%3B+Browser+outer%3A+1920×1027&xLang=en-US
2017-04-17 22:00:47.557561 IP 184.154.127.226.80 > 192.168.1.100.46042: Flags [.], ack 785, win 239, options [nop,nop,TS val 3076619602 ecr 1037083633], length 0
E..4..@.4.0,…….d.P….a]..  B….   ……
.a}R=…
2017-04-17 22:00:48.036469 IP 192.168.1.100.47166 > 52.22.15.101.443: Flags [.], ack 1, win 839, options [nop,nop,TS val 1037083768 ecr 547964563], length 0
E..4C.@.@.. …d4..e.>….zx…Z…G…….
=..x .F.
2017-04-17 22:00:48.052170 IP 52.22.15.101.443 > 192.168.1.100.47166: Flags [.], ack 1, win 422, options [nop,nop,TS val 547967075 ecr 1037066196], length 0
E..4S@@…2.4..e…d…>…Z..zy………..
.Pc=._.
2017-04-17 22:00:48.405903 IP 184.154.127.226.80 > 192.168.1.100.46042: Flags [P.], seq 1:369, ack 785, win 239, options [nop,nop,TS val 3076620452 ecr 1037083633], length 368: HTTP: HTTP/1.1 200 OK
E…..@.4……….d.P….a]..  B….A……
.a..=…HTTP/1.1 200 OK
Date: Tue, 18 Apr 2017 01:59:10 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: PHPSESSID=63752465833b6cd873511e4cdeb8799e; path=/
Vary: User-Agent
Content-Length: 13
Connection: close
Content-Type: text/html

success_no_tl

Leave a Reply