Impersonating behpardakht PSP (IRAN)

MAIN PAGE

DATA SENT TO TELEGRAM BOT

=========================== (UDURRANI) ================================= 

(DATA PUSH!) IS COMING FROM 172.16.223.1 TO IP ADDRESS 172.16.223.252

     PORT INFORMATION (53412, 23514)

     SEQUENCE INFORMATION (1717645860, 3029759689)

     (14: 20: 20: 363)

POST /cgi-bin/jss.php HTTP/1.1

Host: 172.16.223.252:23514

Connection:

 keep-alive

Accept-Encoding: gzip, deflate

Accept: */*

User-Agent: M

ozilla/5.0

Content-Length: 72

Content-Type: application/x-www-form-ur

lencoded

pin=1234&cvv2=190&month=11&num=1234590909012345&year=21&pan

HTTP/1.1 200 OK

Date: Tue, 20 Aug 2019 07:26:52 GMT

Server: Apache/2.

4.10 (Fedora) PHP/5.6.15

X-Powered-By: PHP/5.6.15

Content-Length: 0

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: t

ext/html; charset=UTF-8

=========================== (UDURRANI) =================================


(LAYER: 4)

s_port: 57297 |d_port: 53 |len=53

    3A 52 01 00 00 01 00 00 00 00 00 00 03 61 70 69

    08 74 65 6C 65 67 72 61 6D 03 6F 72 67 00 00 01

    00 01

:R...........api.telegram.org... ..


=========================== (UDURRANI) ================================= 

(INIT) SYN PACKET SENT FROM 172.16.223.252 TO IP ADDRESS 149.154.167.220

     PORT INFORMATION (55830, 443)

     SEQUENCE INFORMATION (3016187215, 0)

     (14: 20: 20: 74)

=========================== (UDURRANI) ================================= 

(SYN ACK ) PACKET SENT FROM 149.154.167.220 TO IP ADDRESS 172.16.223.252

     PORT INFORMATION (443, 55830)

     SEQUENCE INFORMATION (3982928271, 3016187216)

     (14: 20: 20: 60)

=========================== (UDURRANI) ================================= 

(ACKN) ACK PACKET SENT FROM 172.16.223.252 TO IP ADDRESS 149.154.167.220



 PORT INFORMATION (55830, 443)

SEQUENCE INFORMATION (3016187216, 3982928272)

(14: 20: 20: 60)

=========================== (UDURRANI) =================================

(DATA PUSH!) IS COMING FROM 172.16.223.252 TO IP ADDRESS 149.154.167.220


PORT INFORMATION (55830, 443)

     SEQUENCE INFORMATION (3016187216, 3982928272)

     (14: 20: 20: 286)

?????????l?4?C?i-) ?A?? _???*Z?/?+?'?#?? ?</??g @32AED?0?,?(?$??

?=5??kj98?????

???\

api.telegram.orgt

=========================== (UDURRANI) ================================= 

(DATA PUSH!) IS COMING FROM 149.154.167.220 TO IP ADDRESS 172.16.223.252

     PORT INFORMATION (443, 55830)

     SEQUENCE INFORMATION (3982928272, 3016187448)

     (14: 20: 20: 1494)

A=????+)A???[l?A ???[?w=???W,????/?


-

 )&?0??0*?H??   ?????QH?0

0??1 0UUS1

0Arizona10U

Scottsdale10U

GoDaddy.com, Inc.1-0+

U

#

   $http://certs.godaddy.com/repository/1301U*Go Daddy Secure Cer

200523161738Z0>1!0U- G20

                   Dom

?in Cont*?H??alidated10Uapi.telegram.org0?"0

0?

TELEGRAM BOT RECEIVES THE CREDIT CARD/BANK INFORMATION