| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 8.8.8.8 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 203.119.206.95 | China | 37963 | Hangzhou Alibaba Advertising Co.,Ltd. No.699, Wangshang RD., Hangzhou, China | Malware Process | |
| 222.85.26.208 | China | 4134 | CHINANET henan province network China Telecom No.31,jingrong street Beijing 100032 | Malware Process | |
| mybaol.com | 125.88.146.63 | China | 134764 | CHINANET Guangdong province network China Telecom No.31,jingrong street Beijing 100032 | Malware Process |
| easylist-downloads.adblockplus.org | 94.130.136.91 | Germany | 24940 | Malware Process | |
| c.cnzz.com | 222.85.26.209 | China | 4134 | CHINANET henan province network China Telecom No.31,jingrong street Beijing 100032 | Malware Process |
| notification.adblockplus.org | 136.243.58.99 | Germany | 24940 | Malware Process | |
| cloud.zyiis.net | 120.26.167.216 | China | 37963 | Aliyun Computing Co., LTD 5F, Builing D, the West Lake International Plaza of S&T No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 | Malware Process |
| mingwangedu.com | 125.88.146.188 | China | 134764 | CHINANET Guangdong province network China Telecom No.31,jingrong street Beijing 100032 | Malware Process |
| yulv.net | 47.97.218.41 | China | 37963 | Aliyun Computing Co., LTD 5F, Builing D, the West Lake International Plaza of S&T No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099 | Malware Process |
| s131.cnzz.com | 116.207.118.89 | China | 4134 | CHINANET Hubei province network Data Communication Division China Telecom | Malware Process |
| icon.cnzz.com | 116.207.118.89 | China | 4134 | CHINANET Hubei province network Data Communication Division China Telecom | Malware Process |
| weixin0452.com | 125.88.146.63 | China | 134764 | CHINANET Guangdong province network China Telecom No.31,jingrong street Beijing 100032 | Malware Process |
| hzs12.cnzz.com | 203.119.206.97 | China | 37963 | Hangzhou Alibaba Advertising Co.,Ltd. No.699, Wangshang RD., Hangzhou, China | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| yulv.net | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 11.8648340702 |
|
Path: /WHAD.html URI: http://yulv.net/WHAD.html |
||||||
| weixin0452.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 12.683494091 |
|
Path: /s.php?id=186 URI: http://weixin0452.com/s.php?id=186 |
||||||
| mingwangedu.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 14.2480170727 |
|
Path: /s.php?id=192 URI: http://mingwangedu.com/s.php?id=192 |
||||||
| cloud.zyiis.net | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 14.4293830395 |
|
Path: /v.js?laZwak5XnZJWIdK7ZskDSR1rVOdwoHTC2dPOFR9Y1Uw= URI: http://cloud.zyiis.net/v.js?laZwak5XnZJWIdK7ZskDSR1rVOdwoHTC2dPOFR9Y1Uw= |
||||||
| mybaol.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 2 | 14.7489151955 |
|
Path: /stats.php?adsid=273&planid=169&uid=1285&siteid=&plantype=cpm&zoneid=186&adtplid=8&sep=10 URI: http://mybaol.com/stats.php?adsid=273&planid=169&uid=1285&siteid=&plantype=cpm&zoneid=186&adtplid=8&sep=10 |
||||||
| yulv.net | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 18.351984024 |
|
Path: /WHAD.gif URI: http://yulv.net/WHAD.gif |
||||||
| s131.cnzz.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 18.3848671913 |
|
Path: /stat.php?id=1252129&web_id=1252129&show=pic URI: http://s131.cnzz.com/stat.php?id=1252129&web_id=1252129&show=pic |
||||||
| hzs12.cnzz.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 20.3794891834 |
|
Path: /stat.htm?id=1252129&r=&lg=en-us&ntime=none&cnzz_eid=338705755-1560176988-&showp=800x600&p=http%3A%2F%2Fyulv.net%2FWHAD.html&t=WarHelper%20%E8%BD%AF%E4%BB%B6%E6%9B%B4%E6%96%B0%E4%B8%8B%E8%BD%BD%E9%A1%B5%E9%9D%A2&umuuid=16b43bac9271d2-0179f277e643774-26596759-75300-16b43bac9383d3&h=1&rnd=308552283 URI: http://hzs12.cnzz.com/stat.htm?id=1252129&r=&lg=en-us&ntime=none&cnzz_eid=338705755-1560176988-&showp=800x600&p=http%3A%2F%2Fyulv.net%2FWHAD.html&t=WarHelper%20%E8%BD%AF%E4%BB%B6%E6%9B%B4%E6%96%B0%E4%B8%8B%E8%BD%BD%E9%A1%B5%E9%9D%A2&umuuid=16b43bac9271d2-0179f277e643774-26596759-75300-16b43bac9383d3&h=1&rnd=308552283 |
||||||
| c.cnzz.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 2 | 23.3054060936 |
|
Path: /core.php?web_id=1252129&show=pic&t=z URI: http://c.cnzz.com/core.php?web_id=1252129&show=pic&t=z |
||||||
| icon.cnzz.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 1 | 27.216397047 |
|
Path: /img/pic.gif URI: http://icon.cnzz.com/img/pic.gif |
||||||
| Request | Type |
|---|---|
| yulv.net | A |
|
Answers - 47.97.218.41 (A) |
|
| weixin0452.com | A |
|
Answers - 125.88.146.63 (A) |
|
| mingwangedu.com | A |
|
Answers - 125.88.146.188 (A) |
|
| s131.cnzz.com | A |
|
Answers - all.cnzz.com.danuoyi.tbcache.com (CNAME) - c.cnzz.com (CNAME) - 116.207.118.89 (A) - 116.207.118.90 (A) |
|
| mybaol.com | A |
| cloud.zyiis.net | A |
|
Answers - 120.26.167.216 (A) |
|
| hzs12.cnzz.com | A |
|
Answers - z8.cnzz.com (CNAME) - z.cnzz.com (CNAME) - z.gds.cnzz.com (CNAME) - 203.119.206.95 (A) |
|
| c.cnzz.com | A |
|
Answers - 222.85.26.209 (A) - 222.85.26.208 (A) |
|
| icon.cnzz.com | A |
|
Answers - icon.cnzz.com.danuoyi.tbcache.com (CNAME) |
|
| notification.adblockplus.org | A |
|
Answers - 148.251.238.203 (A) - 78.46.39.215 (A) - 94.130.73.103 (A) - 95.216.27.38 (A) - 95.216.14.30 (A) - 94.130.168.30 (A) - 195.201.59.236 (A) - easylist-downloads.adblockplus.org (CNAME) - 136.243.22.80 (A) - 195.201.59.241 (A) - 94.130.73.107 (A) - 195.201.59.240 (A) - 144.76.197.80 (A) |
|
| easylist-downloads.adblockplus.org | A |
|
Answers - 195.201.59.248 (A) - 88.99.186.153 (A) - 148.251.139.76 (A) - 94.130.73.112 (A) - 85.10.210.166 (A) - 88.99.186.150 (A) - 95.216.27.30 (A) - 144.76.219.20 (A) - 46.4.115.44 (A) - 88.99.186.155 (A) - 94.130.104.88 (A) - 94.130.136.91 (A) |
|
| easylist-downloads.adblockplus.org | AAAA |
|
Answers - 2a01:4f9:2a:e97::2 (AAAA) - 2a01:4f8:200:9218::2 (AAAA) - 2a01:4f8:171:1945::2 (AAAA) - 2a01:4f9:2a:e61::2 (AAAA) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 11.8648340702 | Sandbox | 47.97.218.41 | 80 |
| 12.683494091 | Sandbox | 125.88.146.63 | 80 |
| 14.2480170727 | Sandbox | 125.88.146.188 | 80 |
| 14.4293830395 | Sandbox | 120.26.167.216 | 80 |
| 14.7489151955 | Sandbox | 125.88.146.63 | 80 |
| 18.351984024 | Sandbox | 47.97.218.41 | 80 |
| 18.3848671913 | Sandbox | 116.207.118.89 | 80 |
| 20.3794891834 | Sandbox | 203.119.206.95 | 80 |
| 23.3054060936 | Sandbox | 222.85.26.209 | 80 |
| 27.216397047 | Sandbox | 222.85.26.208 | 80 |
| 31.2662940025 | Sandbox | 78.46.39.215 | 443 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 3.02181315422 | Sandbox | 224.0.0.252 | 5355 |
| 3.03619599342 | Sandbox | 224.0.0.252 | 5355 |
| 3.04410600662 | Sandbox | 239.255.255.250 | 3702 |
| 3.07916903496 | Sandbox | 192.168.56.255 | 137 |
| 5.59934401512 | Sandbox | 224.0.0.252 | 5355 |
| 7.41896605492 | Sandbox | 224.0.0.252 | 5355 |
| 9.9896941185 | Sandbox | 8.8.4.4 | 53 |
| 10.984899044 | Sandbox | 8.8.8.8 | 53 |
| 12.1482532024 | Sandbox | 8.8.4.4 | 53 |
| 12.1488761902 | Sandbox | 8.8.4.4 | 53 |
| 12.1493401527 | Sandbox | 8.8.4.4 | 53 |
| 13.9923541546 | Sandbox | 8.8.4.4 | 53 |
| 13.9926869869 | Sandbox | 8.8.4.4 | 53 |
| 19.7239351273 | Sandbox | 8.8.4.4 | 53 |
| 19.7664341927 | Sandbox | 8.8.4.4 | 53 |
| 26.8957240582 | Sandbox | 8.8.4.4 | 53 |
| 30.7706670761 | Sandbox | 8.8.4.4 | 53 |
| 31.0598220825 | Sandbox | 8.8.4.4 | 53 |
| 31.0703251362 | Sandbox | 8.8.4.4 | 53 |