Text Example

Blackhole Original Exploit Kit EK PCAP File Download Traffic Sample

Download Attachments

  • 1 pcap 17
    Date added: May 24, 2019 12:02 am Added by: admin File size: 1 MB Downloads: 42

2014-03-16 23:05:08.303051 IP 173.194.115.51.80 > 192.168.204.188.49288: Flags [.], ack 524, win 64240, length 0

E..(……x…s3…..P..4.W….+P…)………

2014-03-16 23:05:18.567182 IP 178.33.192.35.80 > 192.168.204.188.49284: Flags [S.], seq 1083900186, ack 987510888, win 64240, options [mss 1460], length 0
E..,.Y….&..!.#…..P..@…:.8h`…’………
2014-03-16 23:05:18.569718 IP 192.168.204.188.49289 > 178.33.192.35.80: Flags [P.], seq 1:322, ack 1, win 64240, length 321: HTTP: GET /SnaorNJ.jar HTTP/1.1
E..i..@……….!.#…P.K”C6.z.P…….GET /SnaorNJ.jar HTTP/1.1
accept-encoding: pack200-gzip, gzip
content-type: application/x-java-archive
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: ga.instylecuts.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Cookie: PHPSESSID=v5cmlvmcemc82chntmg6edfah3

2014-03-16 23:05:18.569874 IP 178.33.192.35.80 > 192.168.204.188.49289: Flags [.], ack 322, win 64240, length 0

2014-03-16 23:05:24.987096 IP 192.168.204.188.49290 > 178.33.192.35.80: Flags [.], ack 1, win 64240, length 0
E..(..@….&…..!.#…P=a.7..TYP…f………
2014-03-16 23:05:24.990170 IP 192.168.204.188.49290 > 178.33.192.35.80: Flags [P.], seq 1:302, ack 1, win 64240, length 301: HTTP: POST / HTTP/1.1
E..U..@……….!.#…P=a.7..TYP….e..POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: ga.instylecuts.net
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Content-Length: 94
Cookie: PHPSESSID=v5cmlvmcemc82chntmg6edfah3

2014-03-16 23:05:24.990331 IP 178.33.192.35.80 > 192.168.204.188.49290: Flags [.], ack 302, win 64240, length 0

2014-03-16 23:05:34.521216 IP 192.168.204.188.49291 > 93.115.88.220.80: Flags [.], ack 1, win 64240, length 0
E..( .@….d….]sX….P……y.P…t………
2014-03-16 23:05:34.521812 IP 192.168.204.188.49291 > 93.115.88.220.80: Flags [P.], seq 1:953, ack 1, win 64240, length 952: HTTP: GET /redir/article/home HTTP/1.1
E… .@………]sX….P……y.P…….GET /redir/article/home HTTP/1.1
Cache-Control: no-cache
Connection: Close
Pragma: no-cache
Accept: /
Cookie: articles-visitor=ft-WpE0bemg9f47XnQR0iKHr1w_ZSuiDJU2YcCpqrH7FygLYKESPhrz4j7Gvx1HFgMwoBx7S2Ww7bH_WKDsmpIbErxGzJOJzmkYPPQFXp52o5tJ_j_iL8kxThQFo0xWNRBNHBQLhl_F7qkVJR3oPKdxtwdTYzyiZc8OYyHy7SDybUMigS2TZOeQ5AzQ_iPqWuVaEcmvurIgOeZLN11B-weBb5bRjeLZ0A4ZR2AUvHe-qN4qCd5M3sftXHaA9bN4F3lPWmtEafTXgkRGku6TOwdB8kgFMYwgVFsYG0hNAkIyIN6KCeBdZOMFhfSnJRmjGpKP01aGJJloQyahKE_M44KydHs11AogBqibckht8paOZEfLd91zjOFtX48CIpIRXJNrMgF9eIZMWOIT9_x7BjJXOjObOsJtQES2eQvL2bSaeNHihBU0CQGDo4GUN528EAsj5a7AMBczEeZ10-iDZgAks6D-6jIOw95-mXhpe0zvG2ir6yBkAiW4YDr1dccsT7ktGy-mt_GzUd5ICzC7U2qyxYv7dGH7u_vENxgNDYZLHxHnl7LjEbH1; m-b=tz=ep2zatqWQv-QwRM45Y167oU1cEAbKW6hlZFsqgR1m3waK
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 93.115.88.220

Leave a Reply