Popads Web Based Exploit Kit Tries SWF JAVA Flash – EPIC FAIL!

By | June 19, 2015

2013-08-12 07:53:51.389683 IP 1.2.3.5.42265 > 109.236.80.170.80: Flags [P.], seq 1:806, ack 1, win 64512, length 805
E..M..@.{..o….m.P….P…!5.*~P…….GET /?7d456d68729292e9843cb9dde2d2f7b4=34 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://creditforums[.]com/discover-card/2648-why-so-hard-get-approved-discover-card.html
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MDDR; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: xrp.8taglik[.]info
Connection: Keep-Alive

2013-08-12 07:53:51.483356 IP 109.236.80.170.80 > 1.2.3.5.42265: Flags [.], ack 806, win 16100, length 0
E..(+.@.8.T.m.P……P..5.*~…FP.>.1………
2013-08-12 07:53:51.486463 IP 109.236.80.170.80 > 1.2.3.5.42265: Flags [P.], seq 1:1322, ack 806, win 16100, length 1321
E..Q+.@.8.Opm.P……P..5.*~…FP.>..#..HTTP/1.1 200 OK
Date: Mon, 12 Aug 2013 11:51:16 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

468





2013-08-12 07:53:53.493282 IP 1.2.3.5.63987 > 109.236.80.170.80: Flags [P.], seq 1:579, ack 1, win 64512, length 578
E..j..@.{..c….m.P….PM.N.P. .P…:…GET /0414d028f782d11ce899cea7ab39f065/23c7dc0ce07124b9b977dc404a76743a.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://xrp.8taglik[.]info/?7d456d68729292e9843cb9dde2d2f7b4=34
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MDDR; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Host: xrp.8taglik[.]info
Connection: Keep-Alive

2013-08-12 07:53:53.582132 IP 109.236.80.170.80 > 1.2.3.5.63987: Flags [.], ack 579, win 15606, length 0
E..(*.@.7.V.m.P……P..P. .M.P.P.<........... 2013-08-12 07:53:53.583434 IP 109.236.80.170.80 > 1.2.3.5.63987: Flags [P.], seq 1:462, ack 579, win 15606, length 461
E…*.@.7.T.m.P……P..P. .M.P.P.<.$Y..HTTP/1.1 404 Not Found Date: Mon, 12 Aug 2013 11:51:19 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Connection: close Transfer-Encoding: chunked Content-Type: text/html 105

404 Not Found

Not Found

The requested URL was not found on this server.


Apache/2.2.19 (CentOS) Server at Port 80


2013-08-12 07:53:54.586308 IP 1.2.3.5.32969 > 109.236.80.170.80: Flags [P.], seq 1:400, ack 1, win 64512, length 399
E…..@.{…….m.P….P=+wW….P…,u..GET /0414d028f782d11ce899cea7ab39f065/07d5aaff3c7aa4ff78c2eb55a2baf2f2.jnlp HTTP/1.1
accept-encoding: gzip
User-Agent: JNLP/6.0 javaws/1.6.0_13 (b03) Java/1.6.0_13
UA-Java-Version: 1.6.0_13
Host: xrp.8taglik[.]info
Cache-Control: no-cache
Pragma: no-cache
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
If-Modified-Since: Wed, 31 Dec 1969 23:59:59 GMT

2013-08-12 07:53:54.670827 IP 109.236.80.170.80 > 1.2.3.5.32969: Flags [.], ack 400, win 15544, length 0
E..(..@.8…m.P……P……=+x.P.<........... 2013-08-12 07:53:54.672720 IP 109.236.80.170.80 > 1.2.3.5.32969: Flags [P.], seq 1:821, ack 400, win 15544, length 820
E..\..@.8..ym.P……P……=+x.P.<.S...HTTP/1.1 200 OK Date: Mon, 12 Aug 2013 11:51:20 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Connection: close Transfer-Encoding: chunked Content-Type: text/html 273


Applet
Applet
Applet








2013-08-12 09:41:42.251874 IP 1.2.3.5.57456 > 109.236.80.170.80: Flags [P.], seq 1:674, ack 1, win 64512, length 673
E…..@.{.2…..m.P..p.PI..f.v(.P….Q..GET /?c480cfaa684e1dc0db1b2e1f891d814a=a15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive

2013-08-12 09:41:42.341199 IP 109.236.80.170.80 > 1.2.3.5.57456: Flags [.], ack 674, win 15479, length 0
E..(..@.7..ym.P……P.p.v(.I…P. 1.2.3.5.57456: Flags [P.], seq 1:1334, ack 674, win 15479, length 1333
E..]..@.7..Cm.P……P.p.v(.I…P. 109.236.80.170.80: Flags [P.], seq 1:546, ack 1, win 64512, length 545
E..I..@.{.38….m.P….PU.${“\.9P….)..GET /69ed8232de17755886028b5018213f94/88247052e3a5f56f3d5207303dec15de.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://tqhsy.8taglik[.]info/?c480cfaa684e1dc0db1b2e1f891d814a=a15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive

2013-08-12 09:41:42.626506 IP 109.236.80.170.80 > 1.2.3.5.59094: Flags [.], ack 546, win 15260, length 0
E..(..@.8..um.P……P..”\.9U.&.P.;.*………
2013-08-12 09:41:42.627481 IP 109.236.80.170.80 > 1.2.3.5.59094: Flags [P.], seq 1:462, ack 546, win 15260, length 461
E…..@.8…m.P……P..”\.9U.&.P.;.._..HTTP/1.1 404 Not Found
Date: Mon, 12 Aug 2013 13:39:07 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
2013-08-12 09:41:46.313912 IP 1.2.3.5.62375 > 109.236.80.170.80: Flags [P.], seq 1:674, ack 1, win 64512, length 673
E….9@.{.2Y….m.P….P~0f..2~.P….<..GET /?c480cfaa684e1dc0db1b2e1f891d814a=m15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in HTTP/1.1 Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */* Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: tqhsy.8taglik[.]info Connection: Keep-Alive 2013-08-12 09:41:46.402660 IP 109.236.80.170.80 > 1.2.3.5.62375: Flags [.], ack 674, win 15479, length 0
E..(.U@.7…m.P……P…2~.~0iCP. 1.2.3.5.62375: Flags [P.], seq 1:1334, ack 674, win 15479, length 1333
E..].V@.7…m.P……P…2~.~0iCP. 109.236.80.170.80: Flags [P.], seq 1:546, ack 1, win 64512, length 545
E..I.P@.{.2…..m.P….P&.R…..P…….GET /69ed8232de17755886028b5018213f94/88247052e3a5f56f3d5207303dec15de.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://tqhsy.8taglik[.]info/?c480cfaa684e1dc0db1b2e1f891d814a=m15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive

2013-08-12 09:41:46.642656 IP 109.236.80.170.80 > 1.2.3.5.58765: Flags [.], ack 546, win 15260, length 0
E..(B%@.7.?.m.P……P……&.T.P.;.+B……..
2013-08-12 09:41:46.643828 IP 109.236.80.170.80 > 1.2.3.5.58765: Flags [P.], seq 1:462, ack 546, win 15260, length 461
E…B&@.7.=@m.P……P……&.T.P.;…..HTTP/1.1 404 Not Found
Date: Mon, 12 Aug 2013 13:39:11 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

105


404 Not Found

Not Found

The requested URL was not found on this server.


Apache/2.2.19 (CentOS) Server at Port 80

2013-08-12 09:41:46.643831 IP 109.236.80.170.80 > 1.2.3.5.58765: Flags [P.], seq 462:467, ack 546, win 15260, length 5
E..-B’@.7.?.m.P……P……&.T.P.;..M..0

.
2013-08-12 09:41:46.643833 IP 109.236.80.170.80 > 1.2.3.5.58765: Flags [F.], seq 467, ack 546, win 15260, length 0
E..(B(@.7.?.m.P……P……&.T.P.;.)o……..
2013-08-12 09:41:46.645876 IP 1.2.3.5.58765 > 109.236.80.170.80: Flags [.], ack 468, win 64046, length 0
E..(.Q@.{.4…..m.P….P&.T…..P…j………
2013-08-12 09:41:46.646005 IP 1.2.3.5.58765 > 109.236.80.170.80: Flags [F.], seq 546, ack 468, win 64046, length 0
E..(.Y@.{.4…..m.P….P&.T…..P…j………
2013-08-12 09:41:46.744618 IP 109.236.80.170.80 > 1.2.3.5.58765: Flags [.], ack 547, win 15260, length 0
E..(B)@.7.?
m.P……P……&.T.P.;.)n……..
2013-08-12 09:41:50.183403 IP 1.2.3.5.37690 > 109.236.80.170.80: Flags [S], seq 733354944, win 64512, options [mss 1350,nop,nop,sackOK], length 0
E..0.,@.{.1…..m.P..:.P+…….p……….F….
2013-08-12 09:41:50.272147 IP 109.236.80.170.80 > 1.2.3.5.37690: Flags [S.], seq 399248415, ack 733354945, win 14600, options [mss 1460], length 0
E..,..@.7../m.P……P.:….+…`.9………..
2013-08-12 09:41:50.273241 IP 1.2.3.5.37690 > 109.236.80.170.80: Flags [.], ack 1, win 64512, length 0
E..(.-@.{.2…..m.P..:.P+…… P….H……..
2013-08-12 09:41:50.330565 IP 1.2.3.5.37690 > 109.236.80.170.80: Flags [P.], seq 1:674, ack 1, win 64512, length 673
E….2@.{./`….m.P..:.P+…… P…}\..GET /?c480cfaa684e1dc0db1b2e1f891d814a=y15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive
2013-08-12 09:41:50.562393 IP 1.2.3.5.59222 > 109.236.80.170.80: Flags [P.], seq 1:546, ack 1, win 64512, length 545
E..I.J@.{./…..m.P..V.P{..\.wD.P…P…GET /69ed8232de17755886028b5018213f94/88247052e3a5f56f3d5207303dec15de.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://tqhsy.8taglik[.]info/?c480cfaa684e1dc0db1b2e1f891d814a=y15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive

2013-08-12 09:41:50.651236 IP 109.236.80.170.80 > 1.2.3.5.59222: Flags [.], ack 546, win 15260, length 0
E..(.U@.7…m.P……P.V.wD.{..}P.;………..
2013-08-12 09:41:50.653558 IP 109.236.80.170.80 > 1.2.3.5.59222: Flags [P.], seq 1:462, ack 546, win 15260, length 461
E….V@.7…m.P……P.V.wD.{..}P.;.Xa..HTTP/1.1 404 Not Found
Date: Mon, 12 Aug 2013 13:39:15 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
2013-08-12 09:41:56.205044 IP 1.2.3.5.49202 > 109.236.80.170.80: Flags [P.], seq 1:674, ack 1, win 64512, length 673
E…..@.{…….m.P..2.P…#}
f.P…c…GET /?c480cfaa684e1dc0db1b2e1f891d814a=g15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive

2013-08-12 09:41:56.293923 IP 109.236.80.170.80 > 1.2.3.5.49202: Flags [.], ack 674, win 15479, length 0
E..(..@.7…m.P……P.2}
f…..P. 1.2.3.5.49202: Flags [P.], seq 1:1334, ack 674, win 15479, length 1333
E..]..@.7…m.P……P.2}
f…..P. 109.236.80.170.80: Flags [P.], seq 1:546, ack 1, win 64512, length 545
E..I..@.{./?….m.P….P?.)b..q.P…….GET /69ed8232de17755886028b5018213f94/88247052e3a5f56f3d5207303dec15de.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://tqhsy.8taglik[.]info/?c480cfaa684e1dc0db1b2e1f891d814a=g15&8524421677ca0f8c20fd1cd2c1c6e0a7=sansit.in
x-flash-version: 11,8,800,94
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E)
Host: tqhsy.8taglik[.]info
Connection: Keep-Alive

2013-08-12 09:41:56.556021 IP 109.236.80.170.80 > 1.2.3.5.59792: Flags [.], ack 546, win 15260, length 0
E..(.N@.7…m.P……P….q.?.+.P.;..G……..
2013-08-12 09:41:56.557016 IP 109.236.80.170.80 > 1.2.3.5.59792: Flags [P.], seq 1:462, ack 546, win 15260, length 461
E….O@.7…m.P……P….q.?.+.P.;…..HTTP/1.1 404 Not Found
Date: Mon, 12 Aug 2013 13:39:21 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
2013-08-12 14:16:07.235455 IP 1.2.3.6.37870 > 109.236.80.170.80: Flags [P.], seq 1:567, ack 1, win 65535, length 566
E..^} @………m.P….PR….g..P…….GET /?0090c763e668fab7bbb1c5576207655f=q10&c561f8448a523af56b17eb9ac7ad7a58=sansit.in HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET4.0C; .NET4.0E; InfoPath.3)
Accept-Encoding: gzip, deflate
Host: fizv.11taglik[.]info
Connection: Keep-Alive

2013-08-12 14:16:07.324418 IP 109.236.80.170.80 > 1.2.3.6.37870: Flags [.], ack 567, win 15282, length 0
E..(0.@.7.PDm.P……P…g..R…P.;.>~……..
2013-08-12 14:16:07.326556 IP 109.236.80.170.80 > 1.2.3.6.37870: Flags [P.], seq 1:1582, ack 567, win 15282, length 1581
E..U0.@.7.J.m.P……P…g..R…P.;./x..HTTP/1.1 200 OK
Date: Mon, 12 Aug 2013 18:13:31 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
2013-08-12 14:16:07.472063 IP 1.2.3.6.29228 > 109.236.80.170.80: Flags [P.], seq 1:408, ack 1, win 65535, length 407
E…}z@…. ….m.P.r,.P…..A..P….P..GET /39ff9ff8c3b603d8eed017df64dd2799.eot HTTP/1.1
Accept: */*
Referer: http://fizv.11taglik[.]info/?0090c763e668fab7bbb1c5576207655f=q10&c561f8448a523af56b17eb9ac7ad7a58=sansit.in
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET4.0C; .NET4.0E; InfoPath.3)
Accept-Encoding: gzip, deflate
Host: fizv.11taglik[.]info
Connection: Keep-Alive

2013-08-12 14:16:07.566490 IP 109.236.80.170.80 > 1.2.3.6.29228: Flags [.], ack 408, win 15544, length 0
E..(LP@.8.3.m.P……Pr,.A…..`P.<.J^........ 2013-08-12 14:16:07.568021 IP 109.236.80.170.80 > 1.2.3.6.29228: Flags [.], seq 1:1461, ack 408, win 15544, length 1460
E…LQ@.8..-m.P……Pr,.A…..`P.<.....HTTP/1.1 200 OK Date: Mon, 12 Aug 2013 18:13:31 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Content-Length: 4207 Connection: close Content-Type: application/vnd.ms-fontobject 2013-08-12 14:16:12.370164 IP 1.2.3.6.35301 > 109.236.80.170.80: Flags [P.], seq 1:335, ack 1, win 65535, length 334
E..v.\@………m.P….P.Q….”.P…/…GET /855feed4acbb99c63ad7f25fef289284/decaff5b6ee641742f53d8ef8c6f9a16.jar HTTP/1.1
accept-encoding: pack200-gzip, gzip
content-type: application/x-java-archive
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.7.0_07
Host: fizv.11taglik[.]info
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2013-08-12 14:16:12.467982 IP 109.236.80.170.80 > 1.2.3.6.35301: Flags [.], ack 335, win 15544, length 0
E..((<@.7.X.m.P......P...."..Q \P.<.k......... 2013-08-12 14:16:12.470117 IP 109.236.80.170.80 > 1.2.3.6.35301: Flags [.], seq 1:1461, ack 335, win 15544, length 1460
E…(=@.7.SAm.P……P….”..Q \P.<.....HTTP/1.1 200 OK Date: Mon, 12 Aug 2013 18:13:36 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Content-Length: 12023 Connection: close Content-Type: application/x-java-archive 2013-08-12 14:16:12.593649 IP 1.2.3.6.59502 > 109.236.80.170.80: Flags [P.], seq 1:377, ack 1, win 65535, length 376
E…..@………m.P..n.P…x..(.P… …GET /855feed4acbb99c63ad7f25fef289284/decaff5b6ee641742f53d8ef8c6f9a16.jar HTTP/1.1
content-type: application/x-java-archive
accept-encoding: pack200-gzip,gzip
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.7.0_07
Host: fizv.11taglik[.]info
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2013-08-12 14:16:12.692152 IP 109.236.80.170.80 > 1.2.3.6.59502: Flags [.], ack 377, win 15544, length 0
E..(#.@.7.].m.P……P.n..(…..P.<.\V........ 2013-08-12 14:16:12.693788 IP 109.236.80.170.80 > 1.2.3.6.59502: Flags [.], seq 1:1461, ack 377, win 15544, length 1460
E…#.@.7.W.m.P……P.n..(…..P.<.....HTTP/1.1 200 OK Date: Mon, 12 Aug 2013 18:13:37 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Content-Length: 12023 Connection: close Content-Type: application/x-java-archive 2013-08-12 14:16:13.725257 IP 1.2.3.6.56684 > 109.236.80.170.80: Flags [P.], seq 1:377, ack 1, win 65535, length 376
E…..@………m.P..l.P…>.r..P…Y…GET /855feed4acbb99c63ad7f25fef289284/decaff5b6ee641742f53d8ef8c6f9a16.jar HTTP/1.1
content-type: application/x-java-archive
accept-encoding: pack200-gzip,gzip
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.7.0_07
Host: fizv.11taglik[.]info
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
2013-08-12 14:16:14.035315 IP 1.2.3.6.8594 > 109.236.80.170.80: Flags [P.], seq 1:227, ack 1, win 65535, length 226
E..
.}@………m.P.!..P….I…P…….GET /855feed4acbb99c63ad7f25fef289284/r.class HTTP/1.1
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.7.0_07
Host: fizv.11taglik[.]info
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2013-08-12 14:16:14.133027 IP 109.236.80.170.80 > 1.2.3.6.8594: Flags [.], ack 227, win 15544, length 0
E..(..@.7..=m.P……P!.I…….P.<.d......... 2013-08-12 14:16:14.134428 IP 109.236.80.170.80 > 1.2.3.6.8594: Flags [P.], seq 1:462, ack 227, win 15544, length 461
E…..@.7..om.P……P!.I…….P.<.....HTTP/1.1 404 Not Found Date: Mon, 12 Aug 2013 18:13:38 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Connection: close Transfer-Encoding: chunked Content-Type: text/html 2013-08-12 14:16:14.254167 IP 1.2.3.6.25653 > 109.236.80.170.80: Flags [P.], seq 1:227, ack 1, win 65535, length 226
E..
..@….h….m.P.d5.P……..P…….GET /855feed4acbb99c63ad7f25fef289284/r.class HTTP/1.1
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.7.0_07
Host: fizv.11taglik[.]info
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2013-08-12 14:16:14.338716 IP 109.236.80.170.80 > 1.2.3.6.25653: Flags [.], ack 227, win 15544, length 0
E..(.?@.8…m.P……Pd5……..P.<..7........ 2013-08-12 14:16:14.340171 IP 109.236.80.170.80 > 1.2.3.6.25653: Flags [P.], seq 1:462, ack 227, win 15544, length 461
E….@@.8..$m.P……Pd5……..P.<.....HTTP/1.1 404 Not Found Date: Mon, 12 Aug 2013 18:13:38 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Connection: close Transfer-Encoding: chunked Content-Type: text/html 2013-08-12 14:20:39.929125 IP 1.2.3.6.39020 > 109.236.80.170.80: Flags [P.], seq 1:567, ack 1, win 65535, length 566
E..^g.@………m.P..l.P.K+I..{.P….9..GET /?0090c763e668fab7bbb1c5576207655f=a15&c561f8448a523af56b17eb9ac7ad7a58=sansit.in HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET4.0C; .NET4.0E; InfoPath.3)
Accept-Encoding: gzip, deflate
Host: fizv.11taglik[.]info
Connection: Keep-Alive

2013-08-12 14:20:40.019609 IP 109.236.80.170.80 > 1.2.3.6.39020: Flags [.], ack 567, win 15282, length 0
E..(d.@.7..Km.P……P.l..{..K-.P.;.@………
2013-08-12 14:20:40.021272 IP 109.236.80.170.80 > 1.2.3.6.39020: Flags [P.], seq 1:1334, ack 567, win 15282, length 1333
E..]d.@.7…m.P……P.l..{..K-.P.;…..HTTP/1.1 200 OK
Date: Mon, 12 Aug 2013 18:18:04 GMT
Server: Apache/2.2.25 (CentOS)
X-Powered-By: PHP/5.3.26
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html
2013-08-12 14:20:40.225162 IP 1.2.3.6.60644 > 109.236.80.170.80: Flags [P.], seq 1:472, ack 1, win 65535, length 471
E…ht@………m.P….P*…n…P…….GET /855feed4acbb99c63ad7f25fef289284/5a8adf2f0a2fab70292b933855847c4f.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://fizv.11taglik[.]info/?0090c763e668fab7bbb1c5576207655f=a15&c561f8448a523af56b17eb9ac7ad7a58=sansit.in
x-flash-version: 11,7,700,224
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB7.5; .NET4.0C; .NET4.0E; InfoPath.3)
Host: fizv.11taglik[.]info
Connection: Keep-Alive

2013-08-12 14:20:40.264253 IP 109.236.80.170.80 > 1.2.3.6.39419: Flags [S.], seq 2449758624, ack 299123807, win 14600, options [mss 1460], length 0
E..,..@.8…m.P……P….Y…D_`.9..L……..
2013-08-12 14:20:40.265520 IP 1.2.3.6.39419 > 109.236.80.170.80: Flags [.], ack 1, win 65535, length 0
E..(h.@………m.P….P..D_..Y.P………….
2013-08-12 14:20:40.267580 IP 1.2.3.6.39419 > 109.236.80.170.80: Flags [P.], seq 1:377, ack 1, win 65535, length 376
E…h.@………m.P….P..D_..Y.P…….GET /855feed4acbb99c63ad7f25fef289284/decaff5b6ee641742f53d8ef8c6f9a16.jar HTTP/1.1
content-type: application/x-java-archive
accept-encoding: pack200-gzip,gzip
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.7.0_07
Host: fizv.11taglik[.]info
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

2013-08-12 17:25:29.825298 IP 1.2.3.4.54692 > 109.236.80.170.80: Flags [P.], seq 1:577, ack 1, win 65520, length 576
E..hy.@.}..!….m.P….P…RN.X.P…e…GET /?82f98f39d50070ac6bccd765eb93b37e=n15&8d97baff25493bce238a6ac40dbd2dc1=perfectboys.org HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Accept-Encoding: gzip, deflate
Host: qkvuz.12taglik[.]info
Connection: Keep-Alive

2013-08-12 17:25:29.923029 IP 109.236.80.170.80 > 1.2.3.4.54692: Flags [.], ack 577, win 15552, length 0
E..(.E@.7.s.m.P……P..N.X…..P.<.d......... 2013-08-12 17:25:29.924707 IP 109.236.80.170.80 > 1.2.3.4.54692: Flags [P.], seq 1:1339, ack 577, win 15552, length 1338
E..b.F@.7.n.m.P……P..N.X…..P.<..O..HTTP/1.1 200 OK Date: Mon, 12 Aug 2013 21:22:53 GMT Server: Apache/2.2.25 (CentOS) X-Powered-By: PHP/5.3.26 Connection: close Transfer-Encoding: chunked Content-Type: text/html 479




Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *