OpinionSpy OSSProxy Securestudies.com ADWARE Survey Software PCAP file Download Traffic Sample

OpinionSpy / Marketscore Bundled Survey Adware Software Traffic Sample – not malicious but extremely annoying

 

https://virustotal.com/en/file/3700f0dfb57e2ae0922005bd28bc31af3700bcad4846cd1c5142e81508ec628b/analysis/1477206822/

https://virustotal.com/en/file/1fb9cb60b11165df3298dee55b59517e3ed15957b820b19b4ca0d8f9f2e20173/analysis/1477206881/

 

2016-10-23 01:35:23.217630 IP 192.168.1.102.58962 > 108.61.59.187.80: Flags [P.], seq 0:297, ack 1, win 256, length 297: HTTP: GET /download/gup.exe HTTP/1.1
E..Qc.@…,….fl=;..R.P…..P.lP…….GET /download/gup.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: www.pcfreesoft.com
Connection: Keep-Alive


E..(..@…B….f..N..S.P.}.0s…P………….
2016-10-23 01:35:36.193933 IP 192.168.1.102.58963 > 165.193.78.234.80: Flags [P.], seq 0:106, ack 1, win 256, length 106: HTTP: GET /packages/VR/PackageV.exe HTTP/1.0
E…..@…A….f..N..S.P.}.0s…P…….GET /packages/VR/PackageV.exe HTTP/1.0
Host: post.securestudies.com
User-Agent: InnoTools_Downloader

2016-10-23 01:35:36.224412 IP 192.168.1.102.58963 > 165.193.78.234.80: Flags [.], ack 1461, win 256, options [nop,nop,sack 1 {2921:4381}], length 0
E..4..@…B….f..N..S.P.}..s…….U……
s…s..4
2016-10-23 01:35:36.225321 IP 192.168.1.102.58963 > 165.193.78.234.80: Flags [.], ack 1461, win 256, options [nop,nop,sack 1 {2921:5841}], length 0

E..(.~@…A….f..N..T.P@..;l…P………….
2016-10-23 01:35:36.573203 IP 192.168.1.102.58964 > 165.193.78.234.80: Flags [P.], seq 0:107, ack 1, win 256, length 107: HTTP: GET /packages/IR/PackageI2.exe HTTP/1.0
E…..@…A,…f..N..T.P@..;l…P…l|..GET /packages/IR/PackageI2.exe HTTP/1.0
Host: post.securestudies.com
User-Agent: InnoTools_Downloader

2016-10-23 01:35:36.598502 IP 192.168.1.102.58964 > 165.193.78.234.80: Flags [.], ack 1461, win 256, options [nop,nop,sack 1 {2921:4381}], length 0
E..4..@…A….f..N..T.P@…l..~………..
l..2l…
2016-10-23 01:35:36.598766 IP 192.168.1.102.58964 > 165.193.78.234.80: Flags [.], ack 1461, win 256, options [nop,nop,sack 1 {2921:5841}], length 0

E..(..@…A….f..N..U.P..-M..a.P………….
2016-10-23 01:35:41.588035 IP 192.168.1.102.58965 > 165.193.78.234.80: Flags [P.], seq 0:234, ack 1, win 256, length 234: HTTP: POST /TapAction.aspx?campaign_id=798&tpi=pcfreesoftGlaryUtilitiesProMGE798&action_id=0 HTTP/1.0
E….   @…@#…f..N..U.P..-M..a.P…u…POST /TapAction.aspx?campaign_id=798&tpi=pcfreesoftGlaryUtilitiesProMGE798&action_id=0 HTTP/1.0
Host: post.securestudies.com
User-Agent: InnoTools_Downloader
Content-Type: Application/octet-stream
Content-Length: 11

2016-10-23 01:35:59.927174 IP 192.168.1.102.58969 > 52.84.125.142.80: Flags [P.], seq 0:151, ack 1, win 256, length 151: HTTP: GET /gusetup.exe HTTP/1.1
E…f.@….c…f4T}..Y.Pw..n.@.jP….$..GET /gusetup.exe HTTP/1.1
Accept: */*
User-Agent: ISX Download DLL
Host: download.glarysoft.com
Connection: Keep-Alive
Cache-Control: no-cache

016-10-23 01:41:01.952039 IP 192.168.1.102.59015 > 54.197.240.215.80: Flags [P.], seq 1611:1932, ack 70077, win 251, length 321: HTTP: GET /images/update/updatemoneyback.png HTTP/1.1
E..i0.@….4…f6……P….!..mP….l..GET /images/update/updatemoneyback.png HTTP/1.1
Host: www.glarysoft.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.glarysoft.com/glary-utilities/updatetopro/
Connection: keep-alive


E..(..@…kB…f.:.b…P……..P………….
2016-10-23 01:41:02.027686 IP 192.168.1.102.59029 > 216.58.217.98.80: Flags [P.], seq 0:318, ack 1, win 256, length 318: HTTP: GET /pagead/show_ads.js HTTP/1.1
E..f..@…j….f.:.b…P….x$..P…….GET /pagead/show_ads.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:47.0) Gecko/20100101 Firefox/47.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.glarysoft.com/glary-utilities/updatetopro/
Connection: keep-alive