------------------------------------------------------------------------
Count:1 Event#3.59297 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Possible Nuclear EK Landing URI Nov 08 2015 M1
192.168.122.187 -> 104.236.62.254
IPVer=4 hlen=5 tos=0 dlen=445 ID=0 flags=0 offset=0 ttl=0 chksum=54765
Protocol: 6 sport=49376 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=47225 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59301 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=17076 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59302 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Possible Nuclear EK Landing Sep 30 2015 M1
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=24320 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59303 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M1
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=17076 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59304 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M1
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=24320 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59305 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M2
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=17076 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59306 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Nuclear EK Landing Oct 20 2015 M2
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=24320 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59307 2015-11-12 xx:xx:xx
ET CURRENT_EVENTS SUSPICIOUS Likely Neutrino EK or other EK IE Flash request to DYNDNS set non-standard filename
192.168.122.187 -> 104.236.62.254
IPVer=4 hlen=5 tos=0 dlen=541 ID=0 flags=0 offset=0 ttl=0 chksum=54669
Protocol: 6 sport=49376 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=64361 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59309 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=13040 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59310 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=1409 ID=0 flags=0 offset=0 ttl=0 chksum=53801
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=56544 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59311 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS Possible Nuclear EK Flash Exploit M3
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=762 ID=0 flags=0 offset=0 ttl=0 chksum=54448
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=3201 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.59312 2015-11-12 xx:xx:xx
ET CURRENT_EVENTS SUSPICIOUS Likely Neutrino EK or other EK IE Flash request to DYNDNS set non-standard filename
192.168.122.187 -> 104.236.62.254
IPVer=4 hlen=5 tos=0 dlen=825 ID=0 flags=0 offset=0 ttl=0 chksum=54385
Protocol: 6 sport=49376 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=35394 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60037 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS possible Nuclear EK DHE traffic server to client
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=471 ID=0 flags=0 offset=0 ttl=0 chksum=54739
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=61361 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60038 2015-11-12 xx:xx:xx
ETPRO CURRENT_EVENTS possible Nuclear EK DHE traffic server to client
104.236.62.254 -> 192.168.122.187
IPVer=4 hlen=5 tos=0 dlen=45 ID=0 flags=0 offset=0 ttl=0 chksum=55165
Protocol: 6 sport=80 -> dport=49376

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=51014 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60629 2015-11-12 xx:xx:xx
ET POLICY Possible IP Check ip-addr.es
192.168.122.187 -> 188.165.164.184
IPVer=4 hlen=5 tos=0 dlen=273 ID=0 flags=0 offset=0 ttl=0 chksum=7462
Protocol: 6 sport=49381 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=60099 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60630 2015-11-12 xx:xx:xx
ET TROJAN Fareit/Pony Downloader Checkin 2
192.168.122.187 -> 45.63.71.12
IPVer=4 hlen=5 tos=0 dlen=447 ID=0 flags=0 offset=0 ttl=0 chksum=2443
Protocol: 6 sport=49380 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=30647 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60631 2015-11-12 xx:xx:xx
ET TROJAN Fareit/Pony Downloader Checkin 2
192.168.122.187 -> 45.63.71.12
IPVer=4 hlen=5 tos=0 dlen=237 ID=0 flags=0 offset=0 ttl=0 chksum=2653
Protocol: 6 sport=49380 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=10975 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60635 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=407 ID=0 flags=0 offset=0 ttl=0 chksum=41830
Protocol: 6 sport=49382 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=53891 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60636 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=166 ID=0 flags=0 offset=0 ttl=0 chksum=42071
Protocol: 6 sport=49382 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=65357 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60637 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=432 ID=0 flags=0 offset=0 ttl=0 chksum=2160
Protocol: 6 sport=49383 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=20321 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60638 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=166 ID=0 flags=0 offset=0 ttl=0 chksum=2426
Protocol: 6 sport=49383 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=25711 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60661 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=416 ID=0 flags=0 offset=0 ttl=0 chksum=15131
Protocol: 6 sport=49386 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=10887 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60662 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=166 ID=0 flags=0 offset=0 ttl=0 chksum=15381
Protocol: 6 sport=49386 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=38663 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60663 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=408 ID=0 flags=0 offset=0 ttl=0 chksum=41829
Protocol: 6 sport=49387 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=13307 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60664 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=134 ID=0 flags=0 offset=0 ttl=0 chksum=42103
Protocol: 6 sport=49387 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=40421 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60665 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=433 ID=0 flags=0 offset=0 ttl=0 chksum=2159
Protocol: 6 sport=49388 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=30759 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60666 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=134 ID=0 flags=0 offset=0 ttl=0 chksum=2458
Protocol: 6 sport=49388 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=775 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60667 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=417 ID=0 flags=0 offset=0 ttl=0 chksum=15130
Protocol: 6 sport=49391 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=45287 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60668 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=134 ID=0 flags=0 offset=0 ttl=0 chksum=15413
Protocol: 6 sport=49391 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=13727 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60669 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=407 ID=0 flags=0 offset=0 ttl=0 chksum=41830
Protocol: 6 sport=49392 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=26691 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60670 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=168 ID=0 flags=0 offset=0 ttl=0 chksum=42069
Protocol: 6 sport=49392 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=21897 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60671 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=72 ID=0 flags=0 offset=0 ttl=0 chksum=42165
Protocol: 6 sport=49392 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=27204 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60672 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=432 ID=0 flags=0 offset=0 ttl=0 chksum=2160
Protocol: 6 sport=49393 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=12269 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60673 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=168 ID=0 flags=0 offset=0 ttl=0 chksum=2424
Protocol: 6 sport=49393 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=47786 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60674 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=72 ID=0 flags=0 offset=0 ttl=0 chksum=2520
Protocol: 6 sport=49393 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=53093 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60675 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=416 ID=0 flags=0 offset=0 ttl=0 chksum=15131
Protocol: 6 sport=49396 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=49228 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60676 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=168 ID=0 flags=0 offset=0 ttl=0 chksum=15379
Protocol: 6 sport=49396 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=60738 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60677 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=72 ID=0 flags=0 offset=0 ttl=0 chksum=15475
Protocol: 6 sport=49396 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=510 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60678 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=409 ID=0 flags=0 offset=0 ttl=0 chksum=41828
Protocol: 6 sport=49397 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=64279 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60679 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=134 ID=0 flags=0 offset=0 ttl=0 chksum=42103
Protocol: 6 sport=49397 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=6948 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60680 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=434 ID=0 flags=0 offset=0 ttl=0 chksum=2158
Protocol: 6 sport=49398 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=64632 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60681 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=134 ID=0 flags=0 offset=0 ttl=0 chksum=2458
Protocol: 6 sport=49398 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=32837 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60682 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=418 ID=0 flags=0 offset=0 ttl=0 chksum=15129
Protocol: 6 sport=49401 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=21282 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60683 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=134 ID=0 flags=0 offset=0 ttl=0 chksum=15413
Protocol: 6 sport=49401 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=45789 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60684 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=410 ID=0 flags=0 offset=0 ttl=0 chksum=41827
Protocol: 6 sport=49402 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=50502 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60685 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 119.59.99.92
IPVer=4 hlen=5 tos=0 dlen=148 ID=0 flags=0 offset=0 ttl=0 chksum=42089
Protocol: 6 sport=49402 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=30744 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60686 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=435 ID=0 flags=0 offset=0 ttl=0 chksum=2157
Protocol: 6 sport=49403 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=51111 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60687 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 37.187.79.186
IPVer=4 hlen=5 tos=0 dlen=148 ID=0 flags=0 offset=0 ttl=0 chksum=2444
Protocol: 6 sport=49403 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=56633 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60688 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=419 ID=0 flags=0 offset=0 ttl=0 chksum=15128
Protocol: 6 sport=49406 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=16929 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60689 2015-11-12 xx:xx:xx
ET TROJAN CryptoWall Check-in
192.168.122.187 -> 178.212.144.5
IPVer=4 hlen=5 tos=0 dlen=148 ID=0 flags=0 offset=0 ttl=0 chksum=15399
Protocol: 6 sport=49406 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=4050 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.60690 2015-11-12 xx:xx:xx
ETPRO TROJAN CryptoWall .onion Proxy Domain
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=81 ID=14748 flags=0 offset=0 ttl=128 chksum=35569
Protocol: 17 sport=54368 -> dport=53

len=61 chksum=31887
------------------------------------------------------------------------
Count:1 Event#3.60691 2015-11-12 xx:xx:xx
ETPRO POLICY DNS Query to .onion proxy Domain (blindpayallfor.com)
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=81 ID=14748 flags=0 offset=0 ttl=128 chksum=35569
Protocol: 17 sport=54368 -> dport=53

len=61 chksum=31887
------------------------------------------------------------------------
Count:1 Event#3.60693 2015-11-12 xx:xx:xx
ETPRO TROJAN CryptoWall .onion Proxy Domain
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=82 ID=14793 flags=0 offset=0 ttl=128 chksum=35523
Protocol: 17 sport=61317 -> dport=53

len=62 chksum=43872
------------------------------------------------------------------------
Count:1 Event#3.60694 2015-11-12 xx:xx:xx
ETPRO POLICY DNS Query to .onion proxy Domain (stopmigrationss.com)
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=82 ID=14793 flags=0 offset=0 ttl=128 chksum=35523
Protocol: 17 sport=61317 -> dport=53

len=62 chksum=43872
------------------------------------------------------------------------
Count:1 Event#3.60696 2015-11-12 xx:xx:xx
ETPRO TROJAN CryptoWall .onion Proxy Domain
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=81 ID=14831 flags=0 offset=0 ttl=128 chksum=35486
Protocol: 17 sport=61630 -> dport=53

len=61 chksum=55146
------------------------------------------------------------------------
Count:1 Event#3.60698 2015-11-12 xx:xx:xx
ETPRO TROJAN CryptoWall .onion Proxy Domain
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=80 ID=14838 flags=0 offset=0 ttl=128 chksum=35480
Protocol: 17 sport=60497 -> dport=53

len=60 chksum=1270
------------------------------------------------------------------------
Count:1 Event#3.60699 2015-11-12 xx:xx:xx
ETPRO POLICY DNS Query to .onion proxy Domain (malerstoniska.com)
192.168.122.187 -> 192.168.122.2
IPVer=4 hlen=5 tos=0 dlen=80 ID=14838 flags=0 offset=0 ttl=128 chksum=35480
Protocol: 17 sport=60497 -> dport=53

len=60 chksum=1270