rat gh0st network traffic

1. 079f5422ec8e2d956f0533a2a1a62c0658453dbc2f1db0621f3b175ed2e46a21:
2. ----------------------------------------------------------------
3.  
4. • tcp 192.168.149.168:49159 ---> 62.173.139.203 (ymad.ug) :80
5. Host: ymad.ug[...]User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)[...]POST /1/index.php
6. HTTP/1.1[...]Content-Length: 99[...]Cache-Control: no-cache
7.  
8. • tcp 62.173.139.203 (ymad.ug) :80 ---> 192.168.149.168:49159
9. A<PE$4QE$<QE$8Q[...]Date: Thu, 21 Mar 2019 22:22:09 GMT[...]!uf2/|k9=g|$3nq/R[...]yi:frg3kou(|d{!qUQ[...]z0C3e .3e
10. x3e %3e d3e 63e L3e q3e[...]eD"E <QE#$Q[...])m ()m 6)m ?)m D)m [)m[...]<Z1EavgAmigA-22[...]6gA$2gC"<gA$42[...]Le2!L
11. e1QLe3YLe6yLe1[...]Me4)Me1=MeTCNe[...]gC#$gA"$gC#&g;[...]Transfer-Encoding: chunked[...]8gC#tgA$ V #+[...]f 7ff "gf
12. #ef @ef[...]D$E2tSE$$QE$ Q[...]WiiJ6`dA8{s\\*r~W$M]f[...]C 8x&d;`\tE(8k[...]og Mhg Xhg 7hg ghg
13. hg[...]yYJFtRDOcOVTnDX]Murb@~|kWcnpZh`y[...]C <RC88WC-<2>[...]tZ+#oZ-#cZ,#gZ*[...]A,XC/ gC%6gA$[...]X-Powered-By:
14. PHP/5.6.38[...]I>$-I>)OI>XiI>1[...]Connection: close[...]C (RC8 WKE0VE&pQC; <[...]HTTP/1.1 200 OK[...]E 8QE QE
15. <Q[...]e0PE*<PE+<P P[...]t` Rv` @w` 1r` &s;`[...]Content-Type: text/html; charset=UTF-8[...]Ib Ib )Ib .Ib 7Ib <Ib
16. EIb JIb SIb WIb [Ib ^Ib bIb TC[...]e0PE-<PE+<P[...])m 1)m R)m i)m n)m w)m[...]Server:
17. nginx[...]W<20Ve5[PC7CS[...]z0uQd uQd eQd[...].J>YJJ>evJ>M[...]0E:d I:d M:d Q:d Y:d a:d i:d q:d }:d
18. @[...]8o\\R;Z_3:*X0q[...],>lM}3Xm/>hMM5[...]\\L8$\\|;$_\\:Q^[...]L>;4L>)^L>C@L>;kL>
19.  
20. • tcp 192.168.149.168:49160 ---> 62.173.139.203 (ymad.ug) :80
21. Host: ymad.ug[...]User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)[...]POST /1/index.php
22. HTTP/1.1[...]Content-Length: 56353[...]Cache-Control: no-cache
23.  
24. • tcp 62.173.139.203 (ymad.ug) :80 ---> 192.168.149.168:49160
25. Content-Type: text/html; charset=UTF-8[...]Date: Thu, 21 Mar 2019 22:22:19 GMT[...]Connection: close[...]Server:
26. nginx[...]HTTP/1.1 200 OK[...]X-Powered-By: PHP/5.6.38[...]Transfer-Encoding: chunked
27.  
28.  
29. 42085547983488e48bd39759d68bd6e9c87461ac261e4c2271e7338aa58a9991:
30. ----------------------------------------------------------------
31.  
32. • tcp 192.168.149.220:49159 ---> 185.43.6.86 (axx.trustbro.ru) :80
33. User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)[...]POST /index.php HTTP/1.1[...]POST /index.php
34. HTTP/1.1[...]Host: axx.trustbro.ru[...]Content-Length: 99[...]Content-Length: 56112[...]Cache-Control: no-cache
35.  
36. • tcp 185.43.6.86 (axx.trustbro.ru) :80 ---> 192.168.149.220:49159
37. A<PE$4QE$<QE$8Q[...]!uf2/|k9=g|$3nq/R[...]yi:frg3kou(|d{!qUQ[...]Server: Apache/2.4.10 (Debian)[...]eD"E
38. <QE#$Q[...])m ()m 6)m ?)m D)m [)m[...]<Z1EavgAmigA-22[...]6gA$2gC"<gA$42[...]Le2!Le1QLe3YLe6yLe1[...]Me4)Me1=MeTCNe
39. [...]gC#$gA"$gC#&g;[...]Transfer-Encoding: chunked[...]8gC#tgA$ V #+[...]f 7ff "gf #ef @ef[...]D$E2tSE$$QE$
40. Q[...]I>$-I>)OI>XiI>1[...]HTTP/1.1 200 OK[...]C 8x&d;`\tE(8k[...]og Mhg Xhg 7hg ghg
41. hg[...]yYJFtRDOcOVTnDX]Murb@~|kWcnpZh`y[...]C <RC88WC-<2>[...]tZ+#oZ-#cZ,#gZ*[...]Date: Fri, 22 Mar 2019 06:29:41
42. GMT[...]A,XC/ gC%6gA$[...]Content-Length: 2[...]z0C3e .3e x3e %3e d3e 63e L3e q3e[...]HTTP/1.1 200 OK[...]E 8QE QE
43. <Q[...]e0PE*<PE+<P P[...]t` Rv` @w` 1r` &s;`[...]Content-Type: text/html; charset=UTF-8[...]OKHTTP/1.1 200 OK[...]C
44. (RC8 WKE0VE&pQC; <[...]Ib Ib )Ib .Ib 7Ib <Ib EIb JIb SIb WIb [Ib ^Ib bIb TC[...]e0PE-<PE+<P[...])m 1)m R)m i)m n)m
45. w)m[...]WiiJ6`dA8{s\\*r~W$M]f[...]Vary: Accept-Encoding[...]Date: Fri, 22 Mar 2019 06:29:50
46. GMT[...]W<20Ve5[PC7CS[...]z0uQd uQd eQd[...].J>YJJ>evJ>M[...]0E:d I:d M:d Q:d Y:d a:d i:d q:d }:d
47. @[...]8o\\R;Z_3:*X0q[...],>lM}3Xm/>hMM5[...]\\L8$\\|;$_\\:Q^[...]L>;4L>)^L>C@L>;kL>