users.conduit.com Adware Conduit Toolbar PCAP file download traffic analysis Dont_Tread_On_Me.exe

Download Attachments

  • 1 pcap dont_tread
    Date added: November 16, 2016 3:26 am Added by: admin File size: 41 KB Downloads: 92
SHA256: abb930035034aa9550ca2b16673592b8a0605907084997e869f4f61f6cc9d9f9
File name: Dont_Tread_On_Me.exe
Detection ratio: 20 / 57
Analysis date: 2016-11-16 03:13:42 UTC ( 0 minutes ago )
AegisLab W32.Adware.Conduit!c 20161116
Antiy-AVL RiskWare[WebToolbar]/Win32.Conduit.b 20161116
Arcabit PUP.Adware.WebToolbar.Conduit 20161116
Bkav W32.HfsAdware.C534 20161112
CAT-QuickHeal PUA.Conduitltd1.Gen 20161115
Cyren W32/Conduit.A.gen!Eldorado 20161116
DrWeb Adware.Conduit.37 20161116
ESET-NOD32 a variant of Win32/Toolbar.Conduit.AR potentially unwanted 20161116
F-Prot W32/Conduit.A.gen!Eldorado 20161116
Fortinet Riskware/Conduit 20161116
GData Win32.Adware.Conduit.B 20161116
Invincea virus.win32.sality.at 20161018
McAfee Artemis!C96E1F758391 20161116
McAfee-GW-Edition Artemis 20161116
NANO-Antivirus Riskware.Win32.Conduit.duufey 20161115
Panda PUP/Conduit.A 20161115
SUPERAntiSpyware PUP.ConduitToolbar/Variant 20161116
VIPRE Conduit (fs) 20161116
Yandex PUA.Toolbar.Conduit! 20161115
ALYac

2016-11-15 19:06:24.283075 IP 192.168.1.102.53369 > 67.195.61.46.80: Flags [P.], seq 0:334, ack 1, win 256, length 334: HTTP: GET /toolbar/Dont_Tread_On_Me.exe HTTP/1.1
E..v..@……..fC.=..y.P..^j….P…….GET /toolbar/Dont_Tread_On_Me.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: dtom.com
Connection: Keep-Alive
Cookie: BX=bvfel3lc2n4h6&b=3&s=t4

2016-11-15 19:06:24.396794 IP 192.168.1.102.53369 > 67.195.61.46.80: Flags [.], ack 2921, win 256, length 0

E..({^@……..f.4…z.P.;.:.r..P….^……..
2016-11-15 19:06:29.801659 IP 192.168.1.102.53370 > 23.52.149.163.80: Flags [P.], seq 0:194, ack 1, win 256, length 194: HTTP: GET /CSC3-2004.crl HTTP/1.1
E…{_@……..f.4…z.P.;.:.r..P…3…GET /CSC3-2004.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: CSC3-2004-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache

2016-11-15 19:06:29.835350 IP 192.168.1.102.53370 > 23.52.149.163.80: Flags [.], ack 2921, win 256, length 0
E..({`@……..f.4…z.P.;…r.DP….4……..

{9…FP…}………
2016-11-15 19:07:00.260034 IP 192.168.1.102.53371 > 195.78.120.93.80: Flags [P.], seq 0:235, ack 1, win 64240, length 235: HTTP: GET /SetupFinish HTTP/1.1
E…l`@……..f.Nx].{.P.
{9…FP….R..GET /SetupFinish HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: donttreadonme.ourtoolbar.com
Connection: Keep-Alive

2016-11-15 19:07:00.269287 IP 192.168.1.102.53372 > 199.101.115.202.80: Flags [.], ack 693226368, win 64240, length 0
E..(ZA@….P…f.es..|.P.R..)Q..P…n………
2016-11-15 19:07:00.270030 IP 192.168.1.102.53372 > 199.101.115.202.80: Flags [P.], seq 0:341, ack 1, win 64240, length 341: HTTP: POST /iis2ebs.asp HTTP/1.1
E..}ZB@……..f.es..|.P.R..)Q..P…….POST /iis2ebs.asp HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; CT1621844_4.5.185.3)
Accept: */*
Accept-Encoding: gzip, deflate
Host: users.conduit.com
Content-Length: 319
Connection: Keep-Alive
Cache-Control: no-cache

 

 

Leave a Reply