Category Archives: Flashpack Exploit Kit

Detailed Analysis of the processes and stages of an Exploit Kit – Java and IE exploited by Flashpack Web Based Kit

Here you can see the webpage that the hackers exploited (arksylhet.com/A67iD4eo/index.html) and inserted within that page an iframe which includes a link to a Javascript Redirect file   2012-09-18 22:41:42.001035 IP 192.168.106.131.1411 > 92.43.108.70.80: Flags [P.], seq 1:395, ack 1, win 64240, length 394 E…*.@…….j.\+lF…P7_Z.X.X.P….?..GET /Lk1SsGQm/js.js HTTP/1.1 Host: web63.server77.publicompserver.de User-Agent: Mozilla/5.0 (Windows; U; Windows NT… Read More »

Share Button

Flashpack Web Based Exploit Kit Exploits Internet Explorer .EOT Font File – Monetizes with Adultfriendfinder and Other Ads

2014-05-18 22:27:26.841394 IP 192.168.204.222.49381 > 89.46.102.34.80: Flags [P.], seq 1:430, ack 1, win 64240, length 429 E…..@….,….Y.f”…P@HD.3.:[P….k..GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://translate.google[.]com/translate_c?depth=1&hl=en&langpair=en%7Cen&rurl=translate.google[.]com&sandbox=0&u=http://hitcric[.]info/&usg=ALkJrhiGLwR0ZHj_UP5Ja9lbM5QmnYvMQg Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Accept-Encoding: gzip, deflate Host: hitcric[.]info Connection: Keep-Alive 2014-05-18 22:27:26.841401 IP 89.46.102.34.80 > 192.168.204.222.49381: Flags [.], ack 430, win… Read More »

Share Button