------------------------------------------------------------------------
Count:1 Event#3.680 2016-01-17 21:25:55 UTC
ET CURRENT_EVENTS Evil Redirector Leading to EK Mon Dec 21 2015 5 (sid:2022290)
101.0.76.7 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=62035
Protocol: 6 sport=80 -> dport=50102

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=17573 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.681 2016-01-17 21:25:55 UTC
ET CURRENT_EVENTS Evil Redirector Leading to EK Mon Dec 21 2015 5 (sid:2022290)
101.0.76.7 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=79 ID=0 flags=0 offset=0 ttl=0 chksum=63353
Protocol: 6 sport=80 -> dport=50102

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=30667 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.682 2016-01-17 21:25:55 UTC
ET CURRENT_EVENTS Evil Redirector Leading to EK Mon Dec 21 2015 5 (sid:2022290)
101.0.76.7 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=45 ID=0 flags=0 offset=0 ttl=0 chksum=63387
Protocol: 6 sport=80 -> dport=50102

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=58510 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.683 2016-01-17 21:26:02 UTC
ETPRO CURRENT_EVENTS Possible Angler EK Landing URI Struct Jul 15 M1 T1 (sid:2811993)
192.168.81.128 -> 31.148.99.125
IPVer=4 hlen=5 tos=0 dlen=414 ID=0 flags=0 offset=0 ttl=0 chksum=9249
Protocol: 6 sport=50104 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=47923 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.684 2016-01-17 21:26:02 UTC
ETPRO CURRENT_EVENTS Angler EK Landing URI Struct Oct 12 (sid:2814318)
192.168.81.128 -> 31.148.99.125
IPVer=4 hlen=5 tos=0 dlen=414 ID=0 flags=0 offset=0 ttl=0 chksum=9249
Protocol: 6 sport=50104 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=47923 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.685 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 (sid:2811641)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=14346 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.686 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 (sid:2811641)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=55314 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.687 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing/RIG EK Landing Dec 23 2015 Common Construct (sid:2815452)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=14346 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.688 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing/RIG EK Landing Dec 23 2015 Common Construct (sid:2815452)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=55314 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.689 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Jan 12 2015 M1 (sid:2815727)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=14346 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.690 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Jan 12 2015 M1 (sid:2815727)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=55314 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.691 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Nov 27 2015 M2 (sid:2815123)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=15951 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.692 2016-01-17 21:26:04 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Nov 27 2015 M2 (sid:2815123)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=42690 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.693 2016-01-17 21:26:06 UTC
ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 (sid:2811641)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=56173 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.694 2016-01-17 21:26:06 UTC
ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 (sid:2811641)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=19366 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.695 2016-01-17 21:26:06 UTC
ETPRO CURRENT_EVENTS Angler EK Landing June 16 2015 M5 (sid:2811641)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=358 ID=0 flags=0 offset=0 ttl=0 chksum=9305
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=25242 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.696 2016-01-17 21:26:06 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Nov 27 2015 M2 (sid:2815123)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=56173 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.697 2016-01-17 21:26:06 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Nov 27 2015 M2 (sid:2815123)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=19366 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.698 2016-01-17 21:26:06 UTC
ETPRO CURRENT_EVENTS Angler EK Landing Nov 27 2015 M2 (sid:2815123)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=358 ID=0 flags=0 offset=0 ttl=0 chksum=9305
Protocol: 6 sport=80 -> dport=50104

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=25242 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.699 2016-01-17 21:26:28 UTC
ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit (IE) Jun 16 M1 T2 (sid:2811829)
192.168.81.128 -> 31.148.99.125
IPVer=4 hlen=5 tos=0 dlen=534 ID=0 flags=0 offset=0 ttl=0 chksum=9129
Protocol: 6 sport=50105 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=53285 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.700 2016-01-17 21:26:30 UTC
ETPRO CURRENT_EVENTS Possible Angler EK Flash Exploit June 16 2015 M1 (sid:2811526)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50105

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=15574 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.701 2016-01-17 21:26:30 UTC
ETPRO CURRENT_EVENTS Possible Angler EK Flash Exploit June 16 2015 M1 (sid:2811526)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50105

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=40120 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.702 2016-01-17 21:26:30 UTC
ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit M2 (sid:2811284)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50105

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=15574 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.703 2016-01-17 21:26:30 UTC
ETPRO CURRENT_EVENTS Angler or Nuclear EK Flash Exploit M2 (sid:2811284)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50105

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=40120 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.706 2016-01-17 21:27:14 UTC
ETPRO CURRENT_EVENTS Possible Angler EK Payload June 16 2015 M2 (sid:2811529)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50106

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=11610 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.707 2016-01-17 21:27:14 UTC
ETPRO CURRENT_EVENTS Possible Angler EK Payload June 16 2015 M2 (sid:2811529)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50106

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=64656 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.708 2016-01-17 21:27:15 UTC
ET CURRENT_EVENTS Angler encrypted payload Nov 23 (1) (sid:2022138)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50106

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=26741 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.709 2016-01-17 21:27:15 UTC
ET CURRENT_EVENTS Angler encrypted payload Nov 23 (1) (sid:2022138)
31.148.99.125 -> 192.168.81.128
IPVer=4 hlen=5 tos=0 dlen=1397 ID=0 flags=0 offset=0 ttl=0 chksum=8266
Protocol: 6 sport=80 -> dport=50106

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=56759 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.713 2016-01-17 21:28:23 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=423 ID=0 flags=0 offset=0 ttl=0 chksum=48112
Protocol: 6 sport=50107 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=418 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.714 2016-01-17 21:28:23 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=168 ID=0 flags=0 offset=0 ttl=0 chksum=48367
Protocol: 6 sport=50107 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=12589 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.715 2016-01-17 21:28:23 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=54 ID=0 flags=0 offset=0 ttl=0 chksum=48481
Protocol: 6 sport=50107 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=61087 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.716 2016-01-17 21:28:32 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=420 ID=0 flags=0 offset=0 ttl=0 chksum=48115
Protocol: 6 sport=50108 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=52524 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.717 2016-01-17 21:28:32 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=155 ID=0 flags=0 offset=0 ttl=0 chksum=48380
Protocol: 6 sport=50108 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=25950 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.718 2016-01-17 21:28:49 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=425 ID=0 flags=0 offset=0 ttl=0 chksum=48110
Protocol: 6 sport=50109 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=39093 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.719 2016-01-17 21:28:49 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=168 ID=0 flags=0 offset=0 ttl=0 chksum=48367
Protocol: 6 sport=50109 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=3557 chksum=0
------------------------------------------------------------------------
Count:1 Event#3.720 2016-01-17 21:28:49 UTC
ET TROJAN CryptoWall Check-in (sid:2018452)
192.168.81.128 -> 50.63.184.249
IPVer=4 hlen=5 tos=0 dlen=53 ID=0 flags=0 offset=0 ttl=0 chksum=48482
Protocol: 6 sport=50109 -> dport=80

Seq=0 Ack=0 Off=5 Res=0 Flags=******** Win=0 urp=8401 chksum=0