DETAILS FROM SANS ISC DIARY ENTRY ON EXPLOIT KIT ROUNDUP

NOTES:

Below is more information on the linked files (pcaps and malware) from: https://isc.sans.edu/diary/Exploit+kit+roundup+early+June+2015/19763

 

MALWARE

2015-06-03-malware-samples.zip

 

• 2015-06-03-Angler-EK-flash-exploit.swf  --  MD5 hash:  35597a9e4011dcc27b73835f82cceb2d
• 2015-06-03-Angler-EK-landing-page.txt  --  MD5 hash:  2ec5bfdfe41a3470babbb200061f096f
• 2015-06-03-Fiesta-EK-flash-exploit-example-01.swf  --  MD5 hash:  55a8c0e51ac43d171f890a43122ce18b
• 2015-06-03-Fiesta-EK-flash-exploit-example-02.swf  --  MD5 hash:  d5ea4703b8176719ed08cfb3fe1fa39b
• 2015-06-03-Fiesta-EK-java-exploit.jar  --  MD5 hash:  387e944d2183fb445d32090e7b786ab4
• 2015-06-03-Fiesta-EK-malware-payload-example-01.exe  --  MD5 hash:  c46ebc33e744f1fd81049cefd06f22cf
• 2015-06-03-Fiesta-EK-malware-payload-example-02.exe  --  MD5 hash:  83a7892cdfca3e4e0850845db0b1b880
• 2015-06-03-Fiesta-EK-pdf-exploit.pdf  --  MD5 hash:  c03e64023bc89278b3f8c05517b234fa
• 2015-06-03-Fiesta-EK-silverlight-exploit.xap  --  MD5 hash:  7130731249e66579d73add6af469d61b
• 2015-06-03-Magnitude-EK-browser-exploit.txt  --  MD5 hash:  1794a8c12115132107063ab2dc74c4ba
• 2015-06-03-Magnitude-EK-flash-exploit.swf  --  MD5 hash:  739c8c0e66f07a828a0102ad4101d421
• 2015-06-03-Magnitude-EK-malware-payload-cryptowall-3.0.exe  --  MD5 hash:  ac72eec5290be50d97cafbc24001cef4
• 2015-06-03-Neutrino-EK-flash-exploit.swf  --  MD5 hash:  17e3b8bed4cf319a05b82e02c11e7236
• 2015-06-03-Neutrino-EK-malware-payload.exe  --  MD5 hash:  d997c78585bc84e0e7c29b1ed6c611b8
• 2015-06-03-Nuclear-EK-flash-exploit.swf  --  MD5 hash:  39fc7bad51b1f8ac6d2d13dce12f28b0
• 2015-06-03-Nuclear-EK-landing-page.txt  --  MD5 hash:  baa42adbb1408a024641d334ebe5111a
• 2015-06-03-Nuclear-EK-malware-payload-Glupteba.exe  --  MD5 hash:  f453782c32d4a0304b40d28d3ebb8d87
• 2015-06-03-Rig-EK-flash-exploit.swf  --  MD5 hash:  2d733659f0dca4b57238f48521c27649
• 2015-06-03-Rig-EK-landing-page.txt  --  MD5 hash:  c74fcf244c917cc7a157d2520eaa1bbd
• 2015-06-03-Rig-EK-malware-payload.exe  --  MD5 hash:  3212cfb225f0834247ecd763e7bf3747

 

TRAFFIC

2015-06-03-Angler-EK-traffic.pcap.zip

 

• 89.39.144.155 port 80 - com.custermd.com - Redirect pointing to Angler EK
• 69.64.73.139 port 80 - piscatorialist.newevecollection.com - Angler EK
• 195.22.26.252 port 80 - xemuzxizznq6u.com - Post-infection traffic
• 195.22.26.248 port 80 - sso.anbtr.com - Post-infection traffic
• 83.149.127.7 port 80 - jmkixfvxprrtn.com - Post-infection traffic
• 95.211.202.33 port 80 - jerorefest.com - Click fraud traffic begins
• 209.133.193.98 port 80 - lopjertamoper.com - Click fraud traffic begins
• 162.244.34.39 port 80 - jertadopoeremo.com - Click fraud traffic begins
• 95.211.202.33 port 80 - jerorefest.com - Click fraud traffic begins

 

• 2015-06-03 14:32:44 UTC - com.custermd.com - GET /js/view.js
• 2015-06-03 14:32:45 UTC - piscatorialist.newevecollection.com - GET /whinnied_swivel_languor_legibly/126044985793117700
• 2015-06-03 14:32:50 UTC - piscatorialist.newevecollection.com - GET /9trkcewrOLU5WruECPQ_jJz6W0Z8TCRt4-1qQb1kmBx1GTO7.aspnet
• 2015-06-03 14:32:59 UTC - piscatorialist.newevecollection.com - GET /20i8bqZDM1nApbbiiIzkbJzJ6gAlK2d5rVLGWez8kwSUuXib.jsscript
• 2015-06-03 14:33:00 UTC - www.earthtools.org - GET /timezone-1.1/-54.60046/25.71254
• 2015-06-03 14:33:01 UTC - www.ecb.europa.eu - GET /stats/eurofxref/eurofxref-hist-90d.xml?46590099265aee91ccb0954b2efadb50
• 2015-06-03 14:33:01 UTC - DNS query for: cdxnzcdxzcjgmeoef1.com (reponse but no info)
• 2015-06-03 14:33:02 UTC - DNS query for: aknkzddllqrio8.com (No such name)
• 2015-06-03 14:33:04 UTC - xemuzxizznq6u.com - POST /index.php
• 2015-06-03 14:33:05 UTC - sso.anbtr.com - GET /domain/xemuzxizznq6u.com
• 2015-06-03 14:33:05 UTC - xsso.xemuzxizznq6u.com - GET /45bdee6cbdacfe5ad2842213e867fde6
• 2015-06-03 14:33:06 UTC - DNS query for: oglntfpvurtpmpaa8a.com (No such name)
• 2015-06-03 14:33:07 UTC - jmkixfvxprrtn.com - POST /include/functions_databuild.php
• 2015-06-03 14:33:09 UTC - jmkixfvxprrtn.com - POST /calendar.php
• 2015-06-03 14:33:15 UTC - DNS query for: chebanazvo.com (No such name)
• 2015-06-03 14:33:15 UTC - DNS query for: nlvnsrrrwieyfq.com (No such name)
• 2015-06-03 14:33:15 UTC - DNS query for: wsdthvunow.com (No such name)
• 2015-06-03 14:33:15 UTC - DNS query for: sdggclostsw.com (No such name)
• 2015-06-03 14:33:19 UTC - DNS query for: npkxghmoru.biz (No such name)
• 2015-06-03 14:33:19 UTC - 158.227.93.115 - Source port: 49322 - Destination port: 32450 [SYN] (no response from the server)
• 2015-06-03 14:33:29 UTC - 93.184.83.237 - Source port: 27176 - Destination port: 5862 (return traffic noted)
• 2015-06-03 14:33:32 UTC - jmkixfvxprrtn.com - POST /include/class_apiclient.php
• 2015-06-03 14:33:34 UTC - 190.220.201.38 - Source port: 27176 - Destination port: 23525 (UDP traffic)
• 2015-06-03 14:33:39 UTC - 200.127.177.170 - Source port: 27176 - Destination port: 16663 (UDP traffic)
• 2015-06-03 14:33:44 UTC - 95.87.24.137 - Source port: 27176 - Destination port: 24282 (UDP traffic)
• 2015-06-03 14:33:49 UTC - 91.193.87.114 - Source port: 27176 - Destination port: 20029 (UDP traffic)
• 2015-06-03 14:33:54 UTC - 74.197.207.50 - Source port: 49325 - Destination port: 32050 (encrypted TCP traffic)
• 2015-06-03 14:33:59 UTC - 190.105.47.149 - Source port: 27176 - Destination port: 30123 (UDP traffic)
• 2015-06-03 14:34:04 UTC - 89.103.45.211 - Source port: 49326 - Destination port: 27486 [SYN] (no response from the server)
• 2015-06-03 14:34:09 UTC - 87.69.21.149 - Source port: 27176 - Destination port: 17931 (UDP traffic)
• 2015-06-03 14:34:14 UTC - 151.33.84.144 - Source port: 27176 - Destination port: 28463 (UDP traffic)
• 2015-06-03 14:34:19 UTC - 176.111.114.203 - Source port: 27176 - Destination port: 15497 (UDP traffic)
• 2015-06-03 14:34:25 UTC - 148.202.107.38 - Source port: 27176 - Destination port: 28694 (UDP traffic)
• 2015-06-03 14:34:30 UTC - 188.254.238.6 - Source port: 27176 - Destination port: 23214 (UDP traffic)
• 2015-06-03 14:34:35 UTC - 188.127.134.236 - Source port: 49328 - Destination port: 20901 (encrypted TCP traffic)
• 2015-06-03 14:34:40 UTC - 158.109.147.218 - Source port: 27176 - Destination port: 17479 (UDP traffic)
• 2015-06-03 14:34:45 UTC - 95.43.168.45 - Source port: 27176 - Destination port: 26019 (UDP traffic)
• 2015-06-03 14:34:50 UTC - 178.203.150.188 - Source port: 27176 - Destination port: 12698 (UDP traffic)
• 2015-06-03 14:34:55 UTC - 176.223.104.232 - Source port: 27176 - Destination port: 30595 (UDP traffic)
• 2015-06-03 14:34:56 UTC - jmkixfvxprrtn.com - POST /calendar.php
• 2015-06-03 14:34:58 UTC - jmkixfvxprrtn.com - POST /announcement.php
• 2015-06-03 14:35:00 UTC - 148.202.211.203 - Source port: 27176 - Destination port: 15053 (UDP traffic)
• 2015-06-03 14:35:05 UTC - 87.111.127.137 - Source port: 49331 - Destination port: 23627 [SYN] (no response from the server)
• 2015-06-03 14:35:10 UTC - 90.4.30.15 - Source port: 49333 - Destination port: 14884 [SYN] (no response from the server)
• 2015-06-03 14:35:15 UTC - 77.78.230.170 - Source port: 27176 - Destination port: 9342 (UDP traffic)
• 2015-06-03 14:35:20 UTC - 193.147.170.194 - Source port: 27176 - Destination port: 17446 (UDP traffic)
• 2015-06-03 14:35:25 UTC - 123.242.129.221 - Source port: 27176 - Destination port: 19996 (UDP traffic)
• 2015-06-03 14:35:30 UTC - 66.169.162.8 - Source port: 27176 - Destination port: 31452 (UDP traffic)
• 2015-06-03 14:35:52 UTC - jerorefest.com GET /ads.php?sid=1917
• 2015-06-03 14:35:52 UTC - lopjertamoper.com GET /ads.php?sid=1917
• 2015-06-03 14:35:52 UTC - jertadopoeremo.com GET /ads.php?sid=1917
• 2015-06-03 14:36:01 UTC - jerorefest.com GET /ads.php?sid=1917

 

2015-06-03-Fiesta-EK-traffic-example-01.pcap.zip
2015-06-03-Fiesta-EK-traffic-example-02.pcap.zip

 

• 205.234.186.115 port 80 - youblueold.eu - Fiesta EK

 

• 2015-06-03 14:07:51 UTC - youblueold.eu - GET /jqi20bnr/Ad6nlzpYGs2SFygmlIT9
• 2015-06-03 14:07:53 UTC - youblueold.eu - GET /jqi20bnr/CF4NAa32bY1jfiSVII9kIJSZnO965DCKRUAV9bgsYDx.112202.228
• 2015-06-03 14:07:54 UTC - youblueold.eu - GET /jqi20bnr/1mNWidLrjgO9pwIK1AYgo7k_1kN24IhLdVf0ybs92
• 2015-06-03 14:07:54 UTC - youblueold.eu - GET /jqi20bnr/cJeAFD2WzT4CZ0ew--RkI2_Pa47LY9CKITsVSPgfhDx.4060310
• 2015-06-03 14:07:58 UTC - youblueold.eu - GET /jqi20bnr/CjHVZcKwvyKIQ0rw-I_2YAYPkm7T58BlUWKc8JgX-yt.910
• 2015-06-03 14:08:00 UTC - youblueold.eu - GET /jqi20bnr/3M0ch93FuIcy5DechK9v5AYMa49L8yx-UWfVevsIY3C
• 2015-06-03 14:08:02 UTC - youblueold.eu - GET /jqi20bnr/CEF0t1qARbYJXDqVYwtvU39PuBYLf3QK5I-cefKISQz
• 2015-06-03 14:08:04 UTC - youblueold.eu - GET /jqi20bnr/3M0ch93FuIcy5DechK9v5AYMa49L8yx-UWfVevsIY3C.1
• 2015-06-03 14:08:07 UTC - youblueold.eu - GET /jqi20bnr/CEF0t1qARbYJXDqVYwtvU39PuBYLf3QK5I-cefKISQz.1
• 2015-06-03 14:08:07 UTC - youblueold.eu - GET /jqi20bnr/5egy98_2YwOWkgB2rG-6YvYGSMuZRLI9OI-UEc9f-IKCP
• 2015-06-03 14:08:19 UTC - youblueold.eu - GET /jqi20bnr/5egy98_2YwOWkgB2rG-6YvYGSMuZRLI9OI-UEc9f-IKCP.1

• 2015-06-03 14:13:20 UTC - youblueold.eu - GET /jqi20bnr/A7XfgiqP3YAecu11b5Ku
• 2015-06-03 14:13:22 UTC - youblueold.eu - GET /jqi20bnr/AgiF-AiSyovMqVRkhkh2jeh9VcG38II6Ucr2UKSs0.140000.125
• 2015-06-03 14:13:24 UTC - youblueold.eu - GET /jqi20bnr/cl5e-n4Gp57wc1eVIdsv507eYrAFDFO-5_yVeXIKo9M
• 2015-06-03 14:13:27 UTC - youblueold.eu - GET /jqi20bnr/cl5e-n4Gp57wc1eVIdsv507eYrAFDFO-5_yVeXIKo9M.1
• 2015-06-03 14:13:35 UTC - youblueold.eu - GET /jqi20bnr/bm3ihpys2ga42oVULlkhXCShDwFv08INUKcbikIQhX
• 2015-06-03 14:13:36 UTC - youblueold.eu - GET /jqi20bnr/EOGwStoRqg397wiyScILJvYeRehSkFA2xbYWUV8i6XtVh
• 2015-06-03 14:13:36 UTC - youblueold.eu - GET /jqi20bnr/EOGwStoRqg397wiyScILJvYeRehSkFA2xbYWUV8i6XtVh
• 2015-06-03 14:13:38 UTC - youblueold.eu - GET /jqi20bnr/FOjc05CbUsXQf1doC5V-nJA-sSSRMczGF1lRUsVbs0byc-.1
• 2015-06-03 14:13:41 UTC - youblueold.eu - GET /jqi20bnr/FOjc05CbUsXQf1doC5V-nJA-sSSRMczGF1lRUsVbs0byc-.1.1

 

2015-06-03 Magnitude EK

 

• 62.210.24.175 port 80 - wbd77d4b.12.s6352.574dcr.v1d161c.d0b.30.z662t.q7n56037.attemptspulled.in - Magnitude EK
• 91.215.216.28 port 80 - superhamali.com - CryptoWall 3.0 callback domain
• 95.163.121.105 port 80 - 7oqnsnzwwnm6zb7y.paygateawayoros.com - Viewing CryptoWall 3.0 decrypt instructions

 

• 2015-06-03 14:42:00 UTC - wbd77d4b.12.s6352.574dcr.v1d161c.d0b.30.z662t.q7n56037.attemptspulled.in - GET /?324057545957404653515d5d5e4157401c515d5f
• 2015-06-03 14:42:02 UTC - e88ec5p.960bbc3.t6b4fe.4e40s.kbd58c.599n.2bs.q7n56037.attemptspulled.in - GET /
• 2015-06-03 14:42:02 UTC - d59cbz.dcr.s92q.yd3ft.a3ab3.sb216a4.l1bc9p.99f15s.q7n56037.attemptspulled.in - GET /
• 2015-06-03 14:42:10 UTC - 62.210.24.175 - GET /ef8a44dc97afd2a0252e3fc05b5bfd30
• 2015-06-03 14:42:11 UTC - 62.210.24.175 - GET /811e64a3b3a788634fbb87c9383cc9f8
• 2015-06-03 14:42:11 UTC - 62.210.24.175 - GET /?a3d174345b000dd3d4fdee41dd0597be
• 2015-06-03 14:42:13 UTC - 62.210.24.175 - GET /?b6b79e7bb18cf9d6927597f1d1be0530
• 2015-06-03 14:42:15 UTC - 62.210.24.175 - GET /?8de728d909efd76bb63a4686ecf45625
• 2015-06-03 14:42:15 UTC - 62.210.24.175 - GET /?31f439adc18513f0ed7d300c71e662b5
• 2015-06-03 14:42:16 UTC - ip-addr.es - GET /
• 2015-06-03 14:42:16 UTC - 62.210.24.175 - GET /?8d84c4e6a745034423f2a981d533bd60
• 2015-06-03 14:42:17 UTC - 62.210.24.175 - GET /?5bd27da54c63b38d091754807bcc1446
• 2015-06-03 14:42:17 UTC - superhamali.com - POST /img5.php?h=gu7rx61m455p69
• 2015-06-03 14:42:18 UTC - 62.210.24.175 - GET /?3b5ab8a01c5d964bb26bc677f0027deb
• 2015-06-03 14:42:20 UTC - superhamali.com - POST /img5.php?o=ucottaion4ojy
• 2015-06-03 14:42:25 UTC - superhamali.com - POST /img5.php?p=21c0sf67g3
• 2015-06-03 14:43:18 UTC - superhamali.com - POST /img5.php?f=fscru7xkijjnu7e
• 2015-06-03 14:44:29 UTC - 7oqnsnzwwnm6zb7y.paygateawayoros.com - GET /Uwk0fY
• 2015-06-03 14:44:53 UTC - 7oqnsnzwwnm6zb7y.paymentgateposa.com - GET /Uwk0fY

 

2015-06-03-Neutrino-EK-traffic.pcap.zip

 

• 89.238.181.125 port 34262 - xarxihsb.muxgelwujkvoyyi.gq:34262 - Neutrino EK

 

• 2015-06-03 15:41:32 UTC - xarxihsb.muxgelwujkvoyyi.gq:34262 - GET /alice/87380/medical/31365/eastward/19927/charles/259/health/54220/

• 2015-06-03 15:41:32 UTC - xarxihsb.muxgelwujkvoyyi.gq:34262 - GET /furniture.htm?shelf=74279&fleet=34496&clutch=55313&carter=figure&anyway=704&
  channel=mine&yellow=79580&send=4574

• 2015-06-03 15:41:34 UTC - xarxihsb.muxgelwujkvoyyi.gq:34262 - GET /steam/slap/traffic/31745/work/2955/steeple/cause/deny/underground/ride/59355/limp/57845/
  occupy/2146/social/85994/seize/79176/unhappy/57674/

• 2015-06-03 15:41:35 UTC - xarxihsb.muxgelwujkvoyyi.gq:34262 - GET /blaze/26007/pont/88413/lift/1812/misty/41088/earn/22009/halt/4460/monster/21161/about/64940/
  unexpected/48816/behave/98994/

• 2015-06-03 15:41:36 UTC - xarxihsb.muxgelwujkvoyyi.gq:34262 - GET /stain.aspx?dungeon=basket&make=2704&bosom=80955&limb=even&pack=52228&doctor=84352

 

2015-06-03-Nuclear-EK-traffic-Operation-Windigo.pcap.zip

 

• 66.199.231.59 port 80 - filestore72.info - Compromised site that redirects to Nuclear EK
• 41.77.114.189 port 80 - va5z21rqd1gi0hf7hsq3mzf.seoisko.org - Cushion redirect
• 41.77.114.189 port 80 - x795qknh8aucybdtxobfxti.seoisko.org - Nuclear EK
• 208.75.188.2 port 48105 - no domain name - Post-infection Glupteba traffic
• 209.236.74.175 port 49721 - no domain name - Post-infection Glupteba traffic

 

• 2015-06-03 16:19:14 UTC - filestore72.info - GET /download.php?id=ae3d01d0
• 2015-06-03 16:19:14 UTC - va5z21rqd1gi0hf7hsq3mzf.seoisko.org - GET /index.php?u=a3Z1dHhqdz1oaWVqZHlhJnRpbW[long string of characters]
• 2015-06-03 16:19:17 UTC - va5z21rqd1gi0hf7hsq3mzf.seoisko.org - GET /watch.php?sccyy=MTA3NjU5YzQzODAzODM4NjA0MmJiNDQwOTQ4ODNkOTZi

• 2015-06-03 16:19:18 UTC - x795qknh8aucybdtxobfxti.seoisko.org - GET /AAwbSAVOHlVaAUFZCApbVUVRHwAHQEhdBAQbQFkcFQcMXUNZCUwMRlc.html

• 2015-06-03 16:19:19 UTC - x795qknh8aucybdtxobfxti.seoisko.org - GET /AxoTSFZcHh5WSAROHlVaAUFZCApbVUVRHwAHQEhdBAQbQFkcFQcMXUNZCU
  wMRldOUFRNBQgFSFRbGglOV1ZQBwMGXlFWDExUClM

• 2015-06-03 16:19:20 UTC - x795qknh8aucybdtxobfxti.seoisko.org - GET /AAsPUUxUCBofAUwGGhpUDQVDDQwLDFFHBRsBUERKCQAFTERbSBEGW1lBD
  Q1NW0JVGlRVGgEKUUxVDB4LGlNXBwMBUlpQAQhOUR4EYVtADhMQQHVOVw

• 2015-06-03 16:19:27 UTC - 208.75.188.2 port 48105 - GET /stat?uid=100&downlink=1111&uplink=1111&id=0002625A&[long string of characters]
• 2015-06-03 16:20:07 UTC - www.google.com - GET /robots.txt
• 2015-06-03 16:20:08 UTC - various mail server IP addresses, port 25 - [SYN] (no response from server)
• 2015-06-03 16:20:27 UTC - 209.236.74.175 port 49721 - GET /stat?uid=100&downlink=1111&uplink=1111&[long string of characters]

 

2015-06-03-Rig-EK-traffic.pcap.zip

 

• 95.128.182.120 port 80 - blank.cre8tiveportland.com - Rig EK
• 93.95.98.50 port 80 - okiijlijlili.eu - Post-infection traffic
• 166.78.144.80 port 80 - f34234f234f2sdcsv.info - Post-infection traffic
• 188.190.114.99 port 80 - w4gvnlw4kjbvrbvshkvbsd.ru - Post-infection traffic

 

• 2015-06-03 15:19:31 UTC - blank.cre8tiveportland.com - GET /?xH2AcreYJBzICoo=l3SKfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhKrXCJ-
  ofSih17OIFxzsmTu2KV_OpqxveN0SZFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioXW9B2KYAxBrJrBErRo3lX2zbASI8MhwhCB4GBVzuhOVEgbrA

• 2015-06-03 15:19:31 UTC - blank.cre8tiveportland.com - GET /?xH2AcreYJBzICoo=l3SKfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhKrXCJ-
  ofSih17OIFxzsmTu2KV_OpqxveN0SZFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioXW9B2KYAxBrJrBErRo3lX2zbASI8MhwhCB4GBVzuhOVEgbrA

• 2015-06-03 15:19:34 UTC - blank.cre8tiveportland.com - GET /index.php?xH2AcreYJBzICoo=l3SMfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhKrXCJ-
  ofSih17OIFxzsmTu2KV_OpqxveN0SZFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioXW9B2KYAxBrJrBErRo3lX2zbASI8MhwhCB4GBVzuhOVEgbogAQl
  ryJQ-DbpgN6V0ggEkqfPZVlqx7IQnmtayh42P24Qzt3kKM

• 2015-06-03 15:19:34 UTC - blank.cre8tiveportland.com - GET /index.php?xH2AcreYJBzICoo=l3SMfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhKrXCJ-
  ofSih17OIFxzsmTu2KV_OpqxveN0SZFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioXW9B2KYAxBrJrBErRo3lX2zbASI8MhwhCB4GBVzuhOVEgbogAQl
  ryJQ-DbpgN6V0ggEkqfPZVlqx7IQnmtayh42P29Qzx0kKM

• 2015-06-03 15:19:37 UTC - blank.cre8tiveportland.com - GET /index.php?xH2AcreYJBzICoo=l3SMfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhKrXCJ-
  ofSih17OIFxzsmTu2KV_OpqxveN0SZFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioXW9B2KYAxBrJrBErRo3lX2zbASI8MhwhCB4GBVzuhOVEgbogAQl
  ryJQ-DbpgN6V0ggDE3KPZVlqx7IQnmtayh42P2_QjA4

• 2015-06-03 15:19:48 UTC - blank.cre8tiveportland.com - GET /index.php?xH2AcreYJBzICoo=l3SMfPrfJxzFGMSUb-nJDa9GPkXCRQLPh4SGhKrXCJ-
  ofSih17OIFxzsmTu2KV_OpqxveN0SZFT_zR3AaQ4ilotXQB5MrPzwnEqWwxWeioXW9B2KYAxBrJrBErRo3lX2zbASI8MhwhCB4GBVzuhOVEgbogAQl
  ryJQ-DbpgN6V0ggDE3KPZVlqx7IQnmtayh42P25RTA4

• 2015-06-03 15:19:49 UTC - okiijlijlili.eu - [SYN] (no response from the server, repeats several times)
• 2015-06-03 15:20:11 UTC - f34234f234f2sdcsv.info - POST /gate.php
• 2015-06-03 15:20:13 UTC - w4gvnlw4kjbvrbvshkvbsd.ru - POST /gate.php
• 2015-06-03 15:20:19 UTC - f34234f234f2sdcsv.info - POST /gate.php
• 2015-06-03 15:20:20 UTC - w4gvnlw4kjbvrbvshkvbsd.ru - POST /gate.php

 

Click here to return to the main page.