{ "metadata": { "name": "" }, "nbformat": 3, "nbformat_minor": 0, "worksheets": [ { "cells": [ { "cell_type": "markdown", "metadata": {}, "source": [ "# Explorations of PCAP files from contagio malware dump\n", "
\n", "\n", "### Tools\n", "\n", "\n", " | dst_addr | \n", "dst_port | \n", "sig_id | \n", "sub_msg | \n", "threat | \n", "sample | \n", "
---|---|---|---|---|---|---|
0 | \n", "199.192.156.134 | \n", "443 | \n", "windows_reverse_shell | \n", "POST /bbs/info.asp HTTP/1.1^M^JHost: 199.192.1... | \n", "APT | \n", "Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2... | \n", "
1 rows \u00d7 6 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
sample | \n", "host | \n", "id.resp_h | \n", "\n", " |
purplehaze | \n", "insideentrepreneurs.com | \n", "209.114.50.164 | \n", "20 | \n", "
BIN_ZeroAccess_Sirefef_29A35124ABEAD63CD8DB2BBB469CBC7A_2013-05 | \n", "www.e-zeeinternet.com | \n", "209.68.32.176 | \n", "9 | \n", "
EK_popads_109.236.80.170_2013-08-13 | \n", "tqhsy.8taglik.info | \n", "109.236.80.170 | \n", "8 | \n", "
EK_BIN_Blackhole_leadingto_Medfos_0512E73000BCCCE5AFD2E9329972208A_2013-04 | \n", "autorepairgreeley.info | \n", "198.100.45.44 | \n", "7 | \n", "
EK_Smokekt150(Malwaredontneedcoffee)_2012-09 | \n", "bigfatcounters.com | \n", "213.108.252.185 | \n", "6 | \n", "
BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08 | \n", "dgyqimolcqm.cm | \n", "31.184.244.182 | \n", "5 | \n", "
81.17.26.187 | \n", "4 | \n", "||
EK_popads_109.236.80.170_2013-08-13 | \n", "qkvuz.12taglik.info | \n", "109.236.80.170 | \n", "4 | \n", "
xrp.8taglik.info | \n", "109.236.80.170 | \n", "3 | \n", "|
EK_Smokekt150(Malwaredontneedcoffee)_2012-09 | \n", "LODKDKD12.INFO | \n", "62.76.188.226 | \n", "3 | \n", "
BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08 | \n", "dgyqimolcqm.cm | \n", "81.17.18.18 | \n", "3 | \n", "
BIN_ZeroAccess_3169969E91F5FE5446909BBAB6E14D5D_2012-10 | \n", "izhsuqbtcsx.cm | \n", "31.184.244.180 | \n", "2 | \n", "
RealPlayer_rmoc3260.dll_ActiveX_Control_Remote_Code_Execution_Exploit | \n", "freak | \n", "192.168.0.15 | \n", "1 | \n", "
BIN_Wordpress_Mutopy_Symmi_20A6EBF61243B760DD65F897236B6AD3-ShortRun | \n", "VARNAJALAMARTS.com | \n", "198.154.237.48 | \n", "1 | \n", "
iMesh_7.1.0.x(IMWeb.dll_7.0.0.x)_Remote_Heap_Overflow_Exploit | \n", "freak | \n", "192.168.0.15 | \n", "1 | \n", "
BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08 | \n", "SVRIntl-crl.verisign.com | \n", "23.4.181.163 | \n", "1 | \n", "
Yahoo_Music_Jukebox_2.2-AddImage()_ActiveX_Remote_BOF_Exploit(2) | \n", "freak | \n", "192.168.0.15 | \n", "1 | \n", "
BIN_sality_CEAF4D9E1F408299144E75D7F29C1810 | \n", "livelife-eg.com | \n", "97.74.182.1 | \n", "1 | \n", "
NUVICO_DVR_NVDV4__PdvrAtl_Module_(PdvrAt.DLL_1.0.1.25)_BoF_Exploit | \n", "freak | \n", "192.168.0.15 | \n", "1 | \n", "
purplehaze | \n", "d.pixel.trafficmp.com | \n", "107.20.175.29 | \n", "1 | \n", "
EK_Smokekt150(Malwaredontneedcoffee)_2012-09 | \n", "delivery.trafficbroker.com | \n", "192.168.186.6 | \n", "1 | \n", "
Sejoong_Namo_ActiveSquare_6_NamoInstaller.dll-ActiveX_BoF_Exploit | \n", "freak | \n", "192.168.0.15 | \n", "1 | \n", "
Microsoft_SQL_Server_Distributed_Management_Objects_BoF_Exploit | \n", "freak | \n", "192.168.0.15 | \n", "1 | \n", "
BIN_DNSWatch_protux_4F8A44EF66384CCFAB737C8D7ADB4BB8_2012-11 | \n", "vcvcvcvc.dyndns.org | \n", "114.244.44.115 | \n", "1 | \n", "
24 rows \u00d7 1 columns
\n", "\n", " | id.orig_h | \n", "id.orig_p | \n", "id.resp_h | \n", "id.resp_p | \n", "uri | \n", "sample | \n", "threat | \n", "
---|---|---|---|---|---|---|---|
2 | \n", "192.168.248.165 | \n", "1138 | \n", "81.17.26.187 | \n", "80 | \n", "/X11HXlhHWF1bR1hbWUZcXA8KCloKW19QCF0NDF8LXlpZC... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
4 | \n", "192.168.248.165 | \n", "1143 | \n", "81.17.26.187 | \n", "80 | \n", "/X1xHXVBHW1pHWF1fRlxcDwoKWgpbX1AIXQ0MXwteWlkLD... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
42 | \n", "192.168.248.165 | \n", "1146 | \n", "81.17.26.187 | \n", "80 | \n", "/WFBQR1hYXEdYWFxHWFpfRgoFAAoCVhwbBVQIITtZCi0GH... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
108 | \n", "192.168.248.165 | \n", "1204 | \n", "81.17.26.187 | \n", "80 | \n", "/UFxHW1hYR1hQWkdYUUZWCgUADVRaWRgFDFgYAANRDAcTWQ== | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
150 | \n", "192.168.248.165 | \n", "1229 | \n", "81.17.18.18 | \n", "80 | \n", "/X19HW1tZR15HW11aRg1bWVoNWVENXloLXwxeW19ZXl5ZC... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
221 | \n", "192.168.248.165 | \n", "1257 | \n", "81.17.18.18 | \n", "80 | \n", "/X19HW1tZR15HW11eRg1bWVoNWVENXloLXwxeW19ZXl5ZC... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
258 | \n", "192.168.248.165 | \n", "1263 | \n", "81.17.18.18 | \n", "80 | \n", "/WFBQR1hYXEdYWFxHWFpfRgoFAAoCVhwbBVQIITtZCi0GH... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
363 | \n", "192.168.248.165 | \n", "1328 | \n", "31.184.244.182 | \n", "80 | \n", "/X19HW1tZR15HW11eRg9YWAxeUF8PWg8MXw9eXVALX1pdW... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
365 | \n", "192.168.248.165 | \n", "1332 | \n", "31.184.244.182 | \n", "80 | \n", "/WF5dR1haXkdYXV1HWFFaRgoFAAoCRxkBGVYKBQAKAg0IH... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
446 | \n", "192.168.248.165 | \n", "1350 | \n", "31.184.244.182 | \n", "80 | \n", "/UFxHW1hYR1hQWkdYXEZWCgUADVRbGAULXlgYAANQWVATWQ== | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
634 | \n", "192.168.248.165 | \n", "1419 | \n", "31.184.244.182 | \n", "80 | \n", "/WFBQR1hYXEdYWFxHWFpfRgoFAAoCVhwbBVQIITtZCi0GH... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
921 | \n", "192.168.248.165 | \n", "1561 | \n", "31.184.244.182 | \n", "80 | \n", "/XFFZWkcaAAcNDAUKBQAKAkcKBgRGVhlUUTtcHCo7ASEjX... | \n", "BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F9... | \n", "CRIME | \n", "
12 rows \u00d7 7 columns
\n", "\n", " | sample | \n", "num_ua | \n", "
---|---|---|
6 | \n", "BIN_dirtjumper_2011-10 | \n", "103 | \n", "
63 | \n", "purplehaze | \n", "7 | \n", "
26 | \n", "EK_Smokekt150(Malwaredontneedcoffee)_2012-09 | \n", "7 | \n", "
24 | \n", "EK_popads_109.236.80.170_2013-08-13 | \n", "6 | \n", "
79 | \n", "BIN_ZeusGameover_2012-02 | \n", "6 | \n", "
5 rows \u00d7 2 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
sample | \n", "user_agent | \n", "host | \n", "\n", " |
purplehaze | \n", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1) | \n", "reallysweetgames.com | \n", "1830 | \n", "
webgameroom.com | \n", "1587 | \n", "||
deadrush.com | \n", "1043 | \n", "||
ui.mevio.com | \n", "558 | \n", "||
redirect.xmladfeed.com | \n", "354 | \n", "||
114337.arb.xmladfeed.com | \n", "344 | \n", "||
redirect.ad-feeds.com | \n", "342 | \n", "||
b.scorecardresearch.com | \n", "339 | \n", "||
static3.filmannex.com | \n", "254 | \n", "||
log.adap.tv | \n", "232 | \n", "
10 rows \u00d7 1 columns
\n", "\n", " | \n", " | count | \n", "
---|---|---|
sample | \n", "host | \n", "\n", " |
BIN_dirtjumper_2011-10 | \n", "www.tadawulfx.com | \n", "386 | \n", "
ukashsepeti.com | \n", "4 | \n", "|
asdaddddaaaa.com | \n", "1 | \n", "
3 rows \u00d7 1 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
sample | \n", "user_agent | \n", "host | \n", "\n", " |
BIN_dirtjumper_2011-10 | \n", "Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 6329) Opera 8.00 [ru] | \n", "www.tadawulfx.com | \n", "18 | \n", "
Mozilla/4.1 (compatible; MSIE 5.0; Symbian OS; Nokia 6600;452) Opera 6.20 [ru] | \n", "www.tadawulfx.com | \n", "10 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 | \n", "www.tadawulfx.com | \n", "10 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 6936) Opera 8.50 [ru] | \n", "www.tadawulfx.com | \n", "9 | \n", "|
Mozilla/4.0 (compatible; MSIE 7.0b; Win32) | \n", "www.tadawulfx.com | \n", "9 | \n", "|
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4 | \n", "www.tadawulfx.com | \n", "8 | \n", "|
Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC) | \n", "www.tadawulfx.com | \n", "8 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [en] | \n", "www.tadawulfx.com | \n", "8 | \n", "|
Opera/9.50 (Windows NT 5.1; U; ru) | \n", "www.tadawulfx.com | \n", "7 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98) | \n", "www.tadawulfx.com | \n", "7 | \n", "|
Opera/9.23 (Windows NT 5.1; U; ru) | \n", "www.tadawulfx.com | \n", "6 | \n", "|
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; YPC 3.0.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) | \n", "www.tadawulfx.com | \n", "6 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) | \n", "www.tadawulfx.com | \n", "6 | \n", "|
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3 | \n", "www.tadawulfx.com | \n", "6 | \n", "|
Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11) | \n", "www.tadawulfx.com | \n", "6 | \n", "|
Opera/10.00 (Windows NT 6.0; U; en) Presto/2.2.0 | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.0.2) Gecko/2008092702 Gentoo Firefox/3.0.2 | \n", "www.tadawulfx.com | \n", "5 | \n", "|
mozilla/4.0 (compatible; msie 8.0; windows nt 5.1; trident/4.0; ...) | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 9424) Opera 8.65 [ru] | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Opera/8.51 (Windows NT 5.1; U; en) | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [it] | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Nitro) Opera 8.50 [de] | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Opera/9.50 (Windows NT 6.0; U; en) | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.89 Safari/532.5 | \n", "www.tadawulfx.com | \n", "5 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060516 SeaMonkey/1.0.2 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.03 [en] | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.7) Gecko/2009021910 Firefox/3.0.7 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/2.0 (compatible; MSIE 3.01; Windows 98) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/1.22 (compatible; MSIE 1.5; Windows NT) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.2) Gecko/20060308 Firefox/1.5.0.2 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.20 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.0 (Windows NT 5.1; U; en) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.00 (Wii; U; ; 1038-58; Wii Shop Channel/1.0; en) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.02 (Windows NT 5.1; U; en) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.10 (Windows NT 5.1; U; en) | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.80 (Windows NT 5.1; U; en) Presto/2.5.18 Version/10.50 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (X11; U; Linux x86_64; ru; rv:1.9.1.1) Gecko/20090730 Gentoo Firefox/3.5.1 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.2.15 Version/10.00 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.65 Safari/525.19 | \n", "www.tadawulfx.com | \n", "4 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.1) Gecko/20090716 Ubuntu/9.04 (jaunty) Shiretoko/3.5.1 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.50 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.1) Gecko/20090715 Firefox/3.5.1 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Opera/7.23 (Windows 98; U) [en] | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727) | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.2) Gecko/20070221 SUSE/2.0.0.2-6.1 Firefox/2.0.0.2 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Opera/8.0 (X11; Linux i686; U; cs) | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.50 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3a) Gecko/20030105 Phoenix/0.5 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; Nokia 6600/5.27.0; 1665) Opera 8.60 [ru] | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.6) Gecko/20060808 Fedora/1.5.0.6-2.fc5 Firefox/1.5.0.6 pango-text | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.2.149.27 Safari/525.13 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/0.4.154.25 Safari/525.19 | \n", "www.tadawulfx.com | \n", "3 | \n", "|
\n", " | \n", " | \n", " | ... | \n", "
108 rows \u00d7 1 columns
\n", "\n", " | maxmind_asn | \n", "id.resp_h | \n", "
---|---|---|
0 | \n", "UNKNOWN | \n", "172.16.253.254 | \n", "
1 | \n", "UNKNOWN | \n", "255.255.255.255 | \n", "
2 | \n", "UNKNOWN | \n", "172.16.253.129 | \n", "
3 | \n", "AS15169 Google Inc. | \n", "8.8.8.8 | \n", "
4 | \n", "AS3356 Level 3 Communications | \n", "4.2.2.2 | \n", "
5 | \n", "AS53850 GorillaServers, Inc. | \n", "192.200.99.194 | \n", "
6 | \n", "AS53850 GorillaServers, Inc. | \n", "192.200.99.194 | \n", "
7 | \n", "AS53850 GorillaServers, Inc. | \n", "192.200.99.194 | \n", "
8 | \n", "UNKNOWN | \n", "255.255.255.255 | \n", "
9 | \n", "UNKNOWN | \n", "172.16.253.132 | \n", "
10 | \n", "AS53850 GorillaServers, Inc. | \n", "192.200.99.194 | \n", "
11 | \n", "UNKNOWN | \n", "255.255.255.255 | \n", "
12 | \n", "UNKNOWN | \n", "172.16.253.130 | \n", "
13 rows \u00d7 2 columns
\n", "\n", " | \n", " | ts | \n", "id.orig_p | \n", "orig_bytes | \n", "resp_bytes | \n", "missed_bytes | \n", "orig_pkts | \n", "orig_ip_bytes | \n", "resp_pkts | \n", "resp_ip_bytes | \n", "total_bytes | \n", "count | \n", "
---|---|---|---|---|---|---|---|---|---|---|---|---|
sample | \n", "id.resp_p | \n", "\n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " | \n", " |
purplehaze | \n", "80 | \n", "9.584038e+12 | \n", "21282798 | \n", "14945798 | \n", "172420089 | \n", "29203 | \n", "124500 | \n", "20040903 | \n", "160493 | \n", "179127211 | \n", "187365887 | \n", "7217 | \n", "
1935 | \n", "6.639908e+09 | \n", "19212 | \n", "19172 | \n", "37680956 | \n", "8057592 | \n", "13532 | \n", "560457 | \n", "20374 | \n", "30477819 | \n", "37700128 | \n", "5 | \n", "|
BIN_LoadMoney_MailRu_dl_4e801b46068b31b82dac65885a58ed9e_2013-04 | \n", "80 | \n", "4.242826e+02 | \n", "15894 | \n", "2648 | \n", "28139301 | \n", "0 | \n", "14765 | \n", "593368 | \n", "28269 | \n", "29270121 | \n", "28141949 | \n", "15 | \n", "
BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B | \n", "25 | \n", "2.326434e+13 | \n", "51049454 | \n", "7609979 | \n", "2814589 | \n", "0 | \n", "89551 | \n", "11325211 | \n", "79440 | \n", "6111735 | \n", "10424568 | \n", "17241 | \n", "
BIN_ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18 | \n", "587 | \n", "1.359930e+09 | \n", "1043 | \n", "10343395 | \n", "324 | \n", "0 | \n", "10074 | \n", "10749283 | \n", "10180 | \n", "407564 | \n", "10343719 | \n", "1 | \n", "
BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08 | \n", "80 | \n", "5.559369e+11 | \n", "563199 | \n", "663932 | \n", "8706987 | \n", "0 | \n", "4682 | \n", "854508 | \n", "9845 | \n", "9364779 | \n", "9370919 | \n", "412 | \n", "
BIN_Cutwail_284Fb18Fab33C93Bc69Ce392D08Fd250_2012-10 | \n", "80 | \n", "4.179328e+03 | \n", "117955 | \n", "41749 | \n", "4931282 | \n", "0 | \n", "2984 | \n", "162037 | \n", "5144 | \n", "5137374 | \n", "4973031 | \n", "105 | \n", "
BIN_ZeusGameover_2012-02 | \n", "80 | \n", "9.033005e+10 | \n", "102617 | \n", "11477 | \n", "3721029 | \n", "0 | \n", "1943 | \n", "89581 | \n", "2792 | \n", "3833009 | \n", "3732506 | \n", "68 | \n", "
BIN_9002_D4ED654BCDA42576FDDFE03361608CAA_2013-01-30 | \n", "53 | \n", "1.357444e+09 | \n", "1143 | \n", "3580503 | \n", "117612 | \n", "0 | \n", "3073 | \n", "3703423 | \n", "3588 | \n", "261361 | \n", "3698115 | \n", "1 | \n", "
XTremeRAT_DAEBFDED736903D234214ED4821EAF99_2013-04-13 | \n", "336 | \n", "1.631920e+10 | \n", "12601 | \n", "3482315 | \n", "0 | \n", "0 | \n", "2715 | \n", "3591003 | \n", "0 | \n", "0 | \n", "3482315 | \n", "12 | \n", "
10 rows \u00d7 11 columns
\n", "\n", " | id.resp_h | \n", "proto | \n", "
---|---|---|
5541 | \n", "69.22.155.28 | \n", "tcp | \n", "
5561 | \n", "68.142.111.111 | \n", "tcp | \n", "
6746 | \n", "184.51.157.60 | \n", "tcp | \n", "
7095 | \n", "184.84.220.133 | \n", "tcp | \n", "
7509 | \n", "184.51.157.60 | \n", "tcp | \n", "
5 rows \u00d7 2 columns
\n", "\n", " | id.resp_h | \n", "proto | \n", "
---|---|---|
0 | \n", "197.163.56.70 | \n", "tcp | \n", "
3 | \n", "197.163.56.70 | \n", "tcp | \n", "
4 | \n", "197.163.56.70 | \n", "tcp | \n", "
5 | \n", "197.163.56.70 | \n", "tcp | \n", "
6 | \n", "197.163.56.70 | \n", "tcp | \n", "
7 | \n", "197.163.56.70 | \n", "tcp | \n", "
10 | \n", "197.163.56.70 | \n", "tcp | \n", "
11 | \n", "197.163.56.70 | \n", "tcp | \n", "
12 | \n", "197.163.56.70 | \n", "tcp | \n", "
15 | \n", "197.163.56.70 | \n", "tcp | \n", "
16 | \n", "197.163.56.70 | \n", "tcp | \n", "
17 | \n", "197.163.56.70 | \n", "tcp | \n", "
12 rows \u00d7 2 columns
\n", "\n", " | \n", " | count | \n", "
---|---|---|
from | \n", "subject | \n", "\n", " |
Economy Shipping <support_id81@highperfpostgresql.com> | \n", "Delivery Notification ID#EN95887556F | \n", "6 | \n", "
Next Day Air Saver <message_id98@olgapost.com> | \n", "Delivery Notification ID#EN79318987H | \n", "4 | \n", "
Economy Shipping <support_id55@posturalvertigo.com> | \n", "Delivery Status Notification | \n", "3 | \n", "
One Day Shipping <personal_id86@taskoprupostasi.com> | \n", "Ship Notification ID#EN05842223A | \n", "3 | \n", "
Mail International <contact_id72@bestcatscratchpost.com> | \n", "Delivery Notification ID#EN18841053F | \n", "3 | \n", "
Logistics Services <delivery.id78@kevinpostmotors.com> | \n", "Ship Notification ID#EN43279293A | \n", "3 | \n", "
Next Day Air Saver <us_04@halfpriceposters.com> | \n", "Delivery Status Notification ID#EN56869729X | \n", "3 | \n", "
Standard Shipping <status_id46@goppost.com> | \n", "Delivery Notification ID#EN28866699H | \n", "3 | \n", "
One Day Shipping <personal_id63@taskoprupostasi.com> | \n", "Delivery Notification | \n", "3 | \n", "
Expedited Shipping <federal_id94@scooterspost.com> | \n", "Ship Notification ID#EN28765320A | \n", "3 | \n", "
One Day Shipping <personal_id78@taskoprupostasi.com> | \n", "Delivery Notification | \n", "3 | \n", "
Priority Mail <status_60@hissignpost.com> | \n", "Delivery Notification ID#EN60271900F | \n", "3 | \n", "
One Day Shipping <customer.id15@costaricaposters.com> | \n", "Delivery Notification ID#EN13576648J | \n", "3 | \n", "
One Day Shipping <item_05@npcompost.com> | \n", "Delivery Status Notification ID#EN75648058P | \n", "3 | \n", "
Expedited Shipping <federal_id73@scooterspost.com> | \n", "Delivery Notification ID#EN92085505H | \n", "3 | \n", "
One Day Shipping <personal_id99@taskoprupostasi.com> | \n", "Delivery Notification ID#EN41600040F | \n", "3 | \n", "
Priority Mail <status_80@hissignpost.com> | \n", "Delivery Notification ID#EN80773754H | \n", "3 | \n", "
Mail International <contact_id98@bestcatscratchpost.com> | \n", "Delivery Status Notification ID#EN58347354P | \n", "3 | \n", "
Mail International <help_id50@alexanderapostol.com> | \n", "Delivery Status Notification ID#EN15607017P | \n", "3 | \n", "
Logistics Services <delivery.id07@kevinpostmotors.com> | \n", "Delivery Status Notification ID#EN45696799P | \n", "3 | \n", "
20 rows \u00d7 1 columns
\n", "\n", " | \n", " | seen_bytes | \n", "count | \n", "
---|---|---|---|
source | \n", "mime_type | \n", "\n", " | \n", " |
SMTP | \n", "image/jpeg | \n", "7554332 | \n", "26 | \n", "
HTTP | \n", "binary | \n", "2922872 | \n", "13 | \n", "
application/x-dosexec | \n", "1717057 | \n", "12 | \n", "|
application/pdf | \n", "126691 | \n", "7 | \n", "|
image/png | \n", "2534 | \n", "2 | \n", "|
image/gif | \n", "1082697 | \n", "2 | \n", "|
text/plain | \n", "57254 | \n", "1 | \n", "|
image/jpeg | \n", "9972 | \n", "1 | \n", "
8 rows \u00d7 2 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
source | \n", "mime_type | \n", "filename | \n", "\n", " |
HTTP | \n", "binary | \n", "COMMON.BIN | \n", "6 | \n", "
application/x-dosexec | \n", "contacts.exe | \n", "3 | \n", "|
image/png | \n", "ad516503a11cd5ca435acc9bb6523536.png | \n", "2 | \n", "|
binary | \n", "setusating.bin | \n", "2 | \n", "|
application/x-dosexec | \n", "readme.exe | \n", "2 | \n", "|
info.exe | \n", "1 | \n", "||
image/gif | \n", "maumauwebtvB.gif | \n", "1 | \n", "|
maumauwebtvA.gif | \n", "1 | \n", "||
binary | \n", "pg.dll.crp | \n", "1 | \n", "|
fp10na.dll.crp | \n", "1 | \n", "
10 rows \u00d7 1 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
sample | \n", "mime_type | \n", "filename | \n", "\n", " |
BIN_Kuluoz-Asprox_9F842AD20C50AD1AAB41F20B321BF84B | \n", "binary | \n", "COMMON.BIN | \n", "6 | \n", "
BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08 | \n", "image/png | \n", "ad516503a11cd5ca435acc9bb6523536.png | \n", "2 | \n", "
BIN_ZeusGameover_2012-02 | \n", "application/x-dosexec | \n", "contacts.exe | \n", "2 | \n", "
BIN_Zeus_b1551c676a54e9127cd0e7ea283b92cc-2012-04 | \n", "binary | \n", "setusating.bin | \n", "2 | \n", "
purplehaze | \n", "text/plain | \n", "jquery-1.3.2.min.js | \n", "1 | \n", "
BIN_ArdamaxKeylogger_E33AF9E602CBB7AC3634C2608150DD18 | \n", "image/jpeg | \n", "Jun_06_2013__09_46_41.jpg | \n", "1 | \n", "
Jun_06_2013__09_46_39.jpg | \n", "1 | \n", "||
Jun_06_2013__09_46_38.jpg | \n", "1 | \n", "||
Jun_06_2013__09_46_37.jpg | \n", "1 | \n", "||
Jun_06_2013__09_46_36.jpg | \n", "1 | \n", "
10 rows \u00d7 1 columns
\n", "\n", " | \n", " | count | \n", "
---|---|---|
note | \n", "msg | \n", "\n", " |
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (unable to get local issuer certificate) | \n", "199 | \n", "
SSL certificate validation failed with (certificate is not yet valid) | \n", "14 | \n", "|
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 68% Last seen: 2012-12-09 06:16:04 | \n", "9 | \n", "
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (self signed certificate) | \n", "5 | \n", "
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 41% Last seen: 2013-01-17 10:23:10 | \n", "3 | \n", "
Malware Hash Registry Detection rate: 32% Last seen: 2012-01-21 16:31:03 | \n", "3 | \n", "|
Malware Hash Registry Detection rate: 36% Last seen: 2013-06-01 07:16:06 | \n", "2 | \n", "|
Malware Hash Registry Detection rate: 50% Last seen: 2012-09-22 14:46:06 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 23% Last seen: 2012-04-11 18:01:02 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 60% Last seen: 2013-06-01 03:06:57 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 55% Last seen: 2012-08-27 07:01:03 | \n", "1 | \n", "|
Scan::Address_Scan | \n", "192.168.248.165 scanned at least 25 unique hosts on port 25/tcp in 0m30s | \n", "1 | \n", "
192.168.248.165 scanned at least 25 unique hosts on port 25/tcp in 0m38s | \n", "1 | \n", "|
192.168.248.165 scanned at least 25 unique hosts on port 25/tcp in 3m3s | \n", "1 | \n", "|
Signatures::Sensitive_Signature | \n", "10.0.2.15: ATTACK-RESPONSES Microsoft cmd.exe banner (reverse-shell originator) | \n", "1 | \n", "
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 24% Last seen: 2012-02-06 12:06:50 | \n", "1 | \n", "
Malware Hash Registry Detection rate: 41% Last seen: 2012-04-19 11:16:03 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 25% Last seen: 2012-02-01 14:40:28 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 27% Last seen: 2012-12-01 02:31:03 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 55% Last seen: 2012-04-24 10:46:03 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 32% Last seen: 2012-12-01 05:16:09 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 36% Last seen: 2012-02-05 20:46:02 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 40% Last seen: 2013-06-15 00:00:44 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 81% Last seen: 2013-10-31 23:33:08 | \n", "1 | \n", "
24 rows \u00d7 1 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
note | \n", "msg | \n", "id.resp_p | \n", "\n", " |
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (unable to get local issuer certificate) | \n", "443 | \n", "120 | \n", "
9001 | \n", "56 | \n", "||
SSL certificate validation failed with (certificate is not yet valid) | \n", "443 | \n", "14 | \n", "|
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 68% Last seen: 2012-12-09 06:16:04 | \n", "80 | \n", "9 | \n", "
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (unable to get local issuer certificate) | \n", "80 | \n", "5 | \n", "
10203 | \n", "3 | \n", "||
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 32% Last seen: 2012-01-21 16:31:03 | \n", "80 | \n", "3 | \n", "
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (unable to get local issuer certificate) | \n", "44945 | \n", "3 | \n", "
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 41% Last seen: 2013-01-17 10:23:10 | \n", "80 | \n", "3 | \n", "
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (self signed certificate) | \n", "443 | \n", "3 | \n", "
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 36% Last seen: 2013-06-01 07:16:06 | \n", "80 | \n", "2 | \n", "
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (unable to get local issuer certificate) | \n", "9101 | \n", "2 | \n", "
SSL certificate validation failed with (self signed certificate) | \n", "443 | \n", "2 | \n", "|
SSL certificate validation failed with (unable to get local issuer certificate) | \n", "5001 | \n", "1 | \n", "|
5251 | \n", "1 | \n", "||
11443 | \n", "1 | \n", "||
7540 | \n", "1 | \n", "||
8443 | \n", "1 | \n", "||
22 | \n", "1 | \n", "||
9002 | \n", "1 | \n", "||
9060 | \n", "1 | \n", "||
6001 | \n", "1 | \n", "||
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 81% Last seen: 2013-10-31 23:33:08 | \n", "80 | \n", "1 | \n", "
SSL::Invalid_Server_Cert | \n", "SSL certificate validation failed with (unable to get local issuer certificate) | \n", "39030 | \n", "1 | \n", "
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 36% Last seen: 2012-02-05 20:46:02 | \n", "80 | \n", "1 | \n", "
Malware Hash Registry Detection rate: 60% Last seen: 2013-06-01 03:06:57 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 55% Last seen: 2012-08-27 07:01:03 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 55% Last seen: 2012-04-24 10:46:03 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 50% Last seen: 2012-09-22 14:46:06 | \n", "8888 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 41% Last seen: 2012-04-19 11:16:03 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 40% Last seen: 2013-06-15 00:00:44 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 32% Last seen: 2012-12-01 05:16:09 | \n", "80 | \n", "1 | \n", "|
Scan::Address_Scan | \n", "192.168.248.165 scanned at least 25 unique hosts on port 25/tcp in 0m38s | \n", "- | \n", "1 | \n", "
TeamCymruMalwareHashRegistry::Match | \n", "Malware Hash Registry Detection rate: 27% Last seen: 2012-12-01 02:31:03 | \n", "80 | \n", "1 | \n", "
Malware Hash Registry Detection rate: 25% Last seen: 2012-02-01 14:40:28 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 24% Last seen: 2012-02-06 12:06:50 | \n", "80 | \n", "1 | \n", "|
Malware Hash Registry Detection rate: 23% Last seen: 2012-04-11 18:01:02 | \n", "80 | \n", "1 | \n", "|
Signatures::Sensitive_Signature | \n", "10.0.2.15: ATTACK-RESPONSES Microsoft cmd.exe banner (reverse-shell originator) | \n", "443 | \n", "1 | \n", "
Scan::Address_Scan | \n", "192.168.248.165 scanned at least 25 unique hosts on port 25/tcp in 3m3s | \n", "- | \n", "1 | \n", "
192.168.248.165 scanned at least 25 unique hosts on port 25/tcp in 0m30s | \n", "- | \n", "1 | \n", "
40 rows \u00d7 1 columns
\n", "\n", " | \n", " | count | \n", "
---|---|---|
version | \n", "cipher | \n", "\n", " |
TLSv10 | \n", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA | \n", "211 | \n", "
SSLv3 | \n", "TLS_RSA_WITH_RC4_128_MD5 | \n", "70 | \n", "
TLS_RSA_WITH_RC4_128_SHA | \n", "21 | \n", "|
TLSv10 | \n", "TLS_RSA_WITH_RC4_128_SHA | \n", "18 | \n", "
TLS_RSA_WITH_RC4_128_MD5 | \n", "15 | \n", "|
- | \n", "- | \n", "13 | \n", "
TLSv10 | \n", "TLS_RSA_WITH_AES_128_CBC_SHA | \n", "3 | \n", "
7 rows \u00d7 1 columns
\n", "\n", " | \n", " | \n", " | count | \n", "
---|---|---|---|
sample | \n", "id.resp_p | \n", "server_name | \n", "\n", " |
purplehaze | \n", "443 | \n", "- | \n", "43 | \n", "
PDF_CVE-2011-2462_Pdf_2011-12 | \n", "443 | \n", "- | \n", "36 | \n", "
BIN_ZeroAccess_Sirefef_C2A9CCC8C6A6DF1CA1725F955F991940_2013-08 | \n", "443 | \n", "- | \n", "16 | \n", "
BIN_Cutwail-Pushdo(2)_582DE032477E099EB1024D84C73E98C1 | \n", "443 | \n", "- | \n", "9 | \n", "
BIN_Ramnitpcap_2012-01 | \n", "443 | \n", "- | \n", "7 | \n", "
BIN_Vobfus_634AA845F5B0B519B6D8A8670B994906_2012-12 | \n", "443 | \n", "- | \n", "5 | \n", "
BIN_TrojanPage_86893886C7CBC7310F7675F4EFDE0A29 | \n", "443 | \n", "- | \n", "5 | \n", "
BIN_Enfal_Lurid_0fb1b0833f723682346041d72ed112f9_2013-01 | \n", "443 | \n", "- | \n", "4 | \n", "
BIN_Googledocs_macadocs_2012-12 | \n", "443 | \n", "- | \n", "4 | \n", "
BIN_Cutwail-Pushdo(1)_582DE032477E099EB1024D84C73E98C1 | \n", "443 | \n", "- | \n", "2 | \n", "
EK_Blackholev2_2012-09 | \n", "443 | \n", "- | \n", "2 | \n", "
EK_Blackholev1_2012-08 | \n", "443 | \n", "- | \n", "2 | \n", "
BIN_Tbot_FC7C3E087789824F34A9309DA2388CE5_2012-12 | \n", "10203 | \n", "www.pcnia4i6e6w.com | \n", "1 | \n", "
BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12 | \n", "443 | \n", "www.o4rtqjectd6cr7xj2plup.com | \n", "1 | \n", "
9001 | \n", "www.6fwotxu2.com | \n", "1 | \n", "|
www.54qrxwvimf35.com | \n", "1 | \n", "||
www.2jh3iq.com | \n", "1 | \n", "||
443 | \n", "www.zzrv3tbbn4a.com | \n", "1 | \n", "|
www.zupgh57porobex5l6rn7gn4b.com | \n", "1 | \n", "||
www.zkt4.com | \n", "1 | \n", "||
www.wv5npsememeyqlxeejajjh.com | \n", "1 | \n", "||
www.tntgu2nvt3x4wguftukjoauw.com | \n", "1 | \n", "||
www.rx4a.com | \n", "1 | \n", "||
www.phllv4qobdq66lvikg4.com | \n", "1 | \n", "||
www.odvlsr75agy44jkafb5.com | \n", "1 | \n", "||
www.nhoqywktzrxr.com | \n", "1 | \n", "||
9001 | \n", "www.h6v4rzfaoh7iwjbwchdkxk5r.com | \n", "1 | \n", "|
443 | \n", "www.mdxu5pezm5gctjsiz57jnjlbc.com | \n", "1 | \n", "|
www.m5467gyzaao3dogqgkgnsjz4.com | \n", "1 | \n", "||
www.jwjftcuh7svsqg7il5z.com | \n", "1 | \n", "||
www.jozhagprwwaiayfwtyp.com | \n", "1 | \n", "||
www.jil7bq.com | \n", "1 | \n", "||
www.igi4wpls4vqtpv.com | \n", "1 | \n", "||
www.hoi7duw.com | \n", "1 | \n", "||
www.gl4fqk3ut2jrhm4hhbn735.com | \n", "1 | \n", "||
www.fk4pprq42hsvl2wey.com | \n", "1 | \n", "||
www.enh3nbiuvze2zmjh2e.com | \n", "1 | \n", "||
9001 | \n", "www.d6dh.com | \n", "1 | \n", "|
www.kyswssz.com | \n", "1 | \n", "||
www.jwrpsthzrih.com | \n", "1 | \n", "||
443 | \n", "www.cb4bqglwg.com | \n", "1 | \n", "|
BIN_Tbot_5375FB5E867680FFB8E72D29DB9ABBD5_2012-12 | \n", "443 | \n", "www.czjs7.com | \n", "1 | \n", "
www.clwfhegzhknjxrqgo.com | \n", "1 | \n", "||
www.bt5qn4edtog.com | \n", "1 | \n", "||
www.amdspuvfnwejdbac3s4eyiiei.com | \n", "1 | \n", "||
www.a4grdymgccamccd.com | \n", "1 | \n", "||
www.7f56wbkr.com | \n", "1 | \n", "||
www.5sja.com | \n", "1 | \n", "||
www.5gwwuuomvh4aayxc47lnqag.com | \n", "1 | \n", "||
www.4v2ddyxbnjeeys.com | \n", "1 | \n", "||
www.4ae7bhbe3vwykaetow67swg.com | \n", "1 | \n", "||
www.3yksb5uu6h2vacmutmwhlohm5.com | \n", "1 | \n", "||
80 | \n", "www.rbgnlzi3jgetoxkzqy75gf.com | \n", "1 | \n", "|
BIN_Tbot_2E1814CCCF0C3BB2CC32E0A0671C0891_2012-12 | \n", "44945 | \n", "www.w6wo5d7enjs3nx3xcsvxhnq7u.com | \n", "1 | \n", "
10203 | \n", "www.sqzhpbncwezqjocze2arciro.com | \n", "1 | \n", "|
9002 | \n", "www.7mmi6y7nhxxl3xdtoquu.com | \n", "1 | \n", "|
9001 | \n", "www.yvrfwi3jvukj.com | \n", "1 | \n", "|
www.xy6a.com | \n", "1 | \n", "||
www.w3woqnnv2hker.com | \n", "1 | \n", "||
www.p5r5vru7a.com | \n", "1 | \n", "||
\n", " | \n", " | \n", " | ... | \n", "
228 rows \u00d7 1 columns
\n", "