ZeroAccess/Sirefef Peer-to-Peer Botnet 16464/UDP Beacon and www.e-zeeinternet.com Counter Malware

By | June 19, 2015

2013-02-03 21:30:51.276294 IP 172.16.253.132.1047 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E….:@…^n…..D ….P.._.DB&kP…….GET /count.php?page=952000&style=LED_g&nbdigits=9 HTTP/1.1
Host: www.e-zeeinternet.com
User-Agent: Opera/10 (Windows NT 5.1; US; x86)
Connection: close

2013-02-03 21:30:51.276372 IP 172.16.253.132.1049 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E….;@…^m…..D ….P 172.16.253.132.1047: Flags [.], ack 159, win 64240, length 0
E..(y…..%e.D ……P..DB&k..`.P…~………
2013-02-03 21:30:51.276521 IP 172.16.253.132.1051 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E….<@...^l.....D ....P...y^.. P...>…GET /count.php?page=952130&style=LED_g&nbdigits=9 HTTP/1.1
Host: www.e-zeeinternet.com
User-Agent: Opera/10 (Windows NT 5.1; US; x86)
Connection: close

2013-02-03 21:30:51.276565 IP 209.68.32.176.80 > 172.16.253.132.1049: Flags [.], ack 159, win 64240, length 0
E..(y…..%d.D ……P…V.$ 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E….=@…^k…..D ….Pxp]is.1jP…#d..GET /count.php?page=952131&style=LED_g&nbdigits=9 HTTP/1.1
Host: www.e-zeeinternet.com
User-Agent: Opera/10 (Windows NT 5.1; US; x86)
Connection: close

2013-02-03 21:30:51.276639 IP 209.68.32.176.80 > 172.16.253.132.1051: Flags [.], ack 159, win 64240, length 0
E..(y…..%c.D ……P..^.. ….P….x……..
2013-02-03 21:30:51.276713 IP 172.16.253.132.1055 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E….>@…^j…..D ….Pd.b…f.P…….GET /count.php?page=952001&style=LED_g&nbdigits=9 HTTP/1.1
Host: www.e-zeeinternet.com
User-Agent: Opera/10 (Windows NT 5.1; US; x86)
Connection: close

2013-02-03 21:30:51.276745 IP 209.68.32.176.80 > 172.16.253.132.1053: Flags [.], ack 159, win 64240, length 0
E..(y…..%b.D ……P..s.1jxp^.P….]……..
2013-02-03 21:30:51.276818 IP 172.16.253.132.1057 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158
E….?@…^i…..D ..!.P..X…..P….q..GET /count.php?page=952020&style=LED_g&nbdigits=9 HTTP/1.1
Host: www.e-zeeinternet.com
User-Agent: Opera/10 (Windows NT 5.1; US; x86)
Connection: close

2013-02-03 21:30:51.447190 IP 209.68.32.176.80 > 172.16.253.132.1047: Flags [P.], seq 1:433, ack 159, win 64240, length 432
E…y…..#..D ……P..DB&k..`.P…….HTTP/1.1 200 OK
Date: Tue, 07 May 2013 11:02:01 GMT
Server: Apache/2.2.24
Set-Cookie: ez_counter_952000=1
Content-Length: 255
Connection: close
Content-Type: image/png

.PNG
.
….IHDR…………..U.@….PLTE…….P……X…..tRNS.@..f….IDAT(…1
.0.EuI..G.}..G.):{………..d.Pb..Y…?..C]C…V…!..Gh…S…w..z8(..N9….VJ~qP………..0.j5….*”..s…&L…l……….C..3…………&!…o…..<.Nv......IEND.B`. 2013-02-03 21:30:51.447207 IP 209.68.32.176.80 > 172.16.253.132.1047: Flags [FP.], seq 433, ack 159, win 64240, length 0
E..(y…..%^.D ……P..DB(…`.P…|N……..
2013-02-03 21:30:51.447229 IP 172.16.253.132.1047 > 209.68.32.176.80: Flags [.], ack 434, win 63808, length 0
E..(.D@…_……D ….P..`.DB(.P..@~…
2013-02-03 21:30:51.447314 IP 172.16.253.132.1047 > 209.68.32.176.80: Flags [F.], seq 159, ack 434, win 63808, length 0
E..(.E@…_……D ….P..`.DB(.P..@~…
2013-02-03 21:30:51.447456 IP 209.68.32.176.80 > 172.16.253.132.1047: Flags [.], ack 160, win 64239, length 0
E..(y…..%].D ……P..DB(…`.P…|V……..
2013-02-03 21:30:51.452140 IP 172.16.253.132.1067 > 209.68.32.176.80: Flags [S], seq 2189142361, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0.F@…^……D ..+.P.{.Y….p….T……….
2013-02-03 21:30:51.453513 IP 209.68.32.176.80 > 172.16.253.132.1049: Flags [P.], seq 1:411, ack 159, win 64240, length 410
E…y…..#..D ……P…V.$ 172.16.253.132.1070: UDP, length 568
E..Tz……p.1.Z….@P…@{.8!7.(……….3….L…W..c3.8:…..d..’7=/3……..L..*g..:3.8……d.eg4>.3……..L..cd.8:3……..d./d7..3.v……L..`g.8:3C…d….>,g…3%.GgM…)…..8:.|.”….=…tYCe…mZ…]Wc……….*.(..IM……@%p…=.C…._..8P..
2013-02-03 21:31:10.793033 IP 172.16.253.132.1072 > 174.49.196.90.16464: Flags [S], seq 2864873584, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0.{@….+…..1.Z.0@P…p….p….Y……….
2013-02-03 21:31:10.793460 IP 172.16.253.132.1073 > 174.49.196.90.16464: Flags [S], seq 1860606433, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0.|@….*…..1.Z.1@Pn…….p……………
2013-02-03 21:31:10.793831 IP 172.16.253.132.1074 > 174.49.196.90.16464: Flags [S], seq 3526021680, win 64240, options [mss 1460,nop,nop,sackOK], length 0
E..0.}@….)…..1.Z.2@P.*.0….p…./……….
2013-02-03 21:31:10.985965 IP 174.49.196.90.16464 > 172.16.253.132.1074: Flags [S.], seq 966921630, ack 3526021681, win 64240, options [mss 1460], length 0
E..,z……..1.Z….@P.29….*.1`…P………
2013-02-03 21:31:10.985996 IP 172.16.253.132.1074 > 174.49.196.90.16464: Flags [.], ack 1, win 64240, length 0
E..(.~@….0…..1.Z.2@P.*.19…P…h…
2013-02-03 21:31:10.986090 IP 172.16.253.132.1074 > 174.49.196.90.16464: Flags [P.], seq 1:13, ack 1, win 64240, length 12
E..4..@….#…..1.Z.2@P.*.19…P…g^………>.V..
2013-02-03 21:31:10.986282 IP 174.49.196.90.16464 > 172.16.253.132.1074: Flags [.], ack 13, win 64240, length 0
E..(z …….1.Z….@P.29….*.=P…h………
2013-02-03 21:31:10.986292 IP 174.49.196.90.16464 > 172.16.253.132.1072: Flags [S.], seq 2357453461, ack 2864873585, win 64240, options [mss 1460], length 0
E..,z
…….1.Z….@P.0…….q`….6……..
2013-02-03 21:31:10.986310 IP 172.16.253.132.1072 > 174.49.196.90.16464: Flags [.], ack 1, win 64240, length 0
E..(..@……….1.Z.0@P…q….P…….
2013-02-03 21:31:10.986377 IP 172.16.253.132.1072 > 174.49.196.90.16464: Flags [P.], seq 1:13, ack 1, win 64240, length 12
E..4..@….!…..1.Z.0@P…q….P…………..>….
2013-02-03 21:31:10.986463 IP 174.49.196.90.16464 > 172.16.253.132.1072: Flags [.], ack 13, win 64240, length 0
E..(z……..1.Z….@P.0…….}P………….
2013-02-03 21:31:10.991026 IP 174.49.196.90.16464 > 172.16.253.132.1073: Flags [S.], seq 4029511187, ack 1860606434, win 64240, options [mss 1460], length 0
E..,z……..1.Z….@P.1.-v.n…`….x……..
2013-02-03 21:31:10.991059 IP 172.16.253.132.1073 > 174.49.196.90.16464: Flags [.], ack 1, win 64240, length 0
E..(..@….,…..1.Z.1@Pn….-v.P….5..
2013-02-03 21:31:10.991162 IP 172.16.253.132.1073 > 174.49.196.90.16464: Flags [P.], seq 1:13, ack 1, win 64240, length 12
E..4..@……….1.Z.1@Pn….-v.P…y2………=….
2013-02-03 21:31:10.991347 IP 174.49.196.90.16464 > 172.16.253.132.1073: Flags [.], ack 13, win 64240, length 0
E..(z……..1.Z….@P.1.-v.n…P….)……..
2013-02-03 21:31:11.181301 IP 174.49.196.90.16464 > 172.16.253.132.1074: Flags [P.], seq 1:1229, ack 13, win 64240, length 1228
E…z……..1.Z….@P.29….*.=P…[Y….gK..k.<#.-F..W;...b..92.h...n..(..v...(0C^.....XQ.... -V.p)..L

Share Button

One thought on “ZeroAccess/Sirefef Peer-to-Peer Botnet 16464/UDP Beacon and www.e-zeeinternet.com Counter Malware

  1. Pingback: click here link click click this link good site here is the site http://www.clemsondeckbuilders.com/ www.clemsondeckbuilders.com/ clemsondeckbuilders.com/ http://www.clemsondeckbuilders.com/ www.clemsondeckbuilders.com/ clemsondeckbuilders.com/ http://www

Leave a Reply

Your email address will not be published. Required fields are marked *