DarkBot detection using Canada Cyber security servers.

One of our security server at a client have detected some IOC's that look like darkbot.
when we looked at the pcap files we did see why ... below are some rules that Canada cyber sensor have triggered.

For more information: 
https://www.us-cert.gov/ncas/alerts/TA15-337A
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32/Dorkbot#tab=2


This first screen is the first request to via DNS to  wipmania.com something that is normal of darkbot.

Next screen is the HTTP request to the same domain.