| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.18.20.226 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 23.215.131.169 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 23.215.131.200 | United States | 20940 | Akamai Technologies, Inc. | OS Process | |
| 192.241.99.194 | Canada | 55286 | B2 Net Solutions Inc. | Malware Process | |
| secure.informaction.com | 69.195.158.196 | United States | 19969 | Joe's Datacenter, LLC | Malware Process |
| s2.symcb.com | 23.50.75.27 | United States | 3257 | Akamai Technologies, Inc. | Malware Process |
| crl.microsoft.com | 208.185.118.88 | United States | 6461 | Zayo Bandwidth | OS Process |
| a652.dscb.akamai.net | 38.69.238.19 | United States | 174 | PSINet, Inc. | Malware Process |
| sv.symcd.com | 23.50.75.27 | United States | 3257 | Akamai Technologies, Inc. | Malware Process |
| ocsp.int-x3.letsencrypt.org | 38.69.238.113 | United States | 174 | PSINet, Inc. | Malware Process |
| sv.symcb.com | 72.21.91.29 | United States | 15133 | MCI Communications Services, Inc. d/b/a Verizon Business | Malware Process |
| ocsp.usertrust.com | 38.69.238.11 | United States | 174 | PSINet, Inc. | OS Process |
| a207.dscb.akamai.net | 38.69.238.10 | United States | 174 | PSINet, Inc. | Malware Process |
| notification.adblockplus.org | 78.47.138.56 | Germany | 24940 | Malware Process | |
| ctldl.windowsupdate.com | 208.185.118.89 | United States | 6461 | Zayo Bandwidth | OS Process |
| ocsp.comodoca.com | 38.69.238.19 | United States | 174 | PSINet, Inc. | OS Process |
| a771.dscq.akamai.net | 38.93.140.16 | United States | 26769 | PSINet, Inc. | Malware Process |
| safe-registration.com | 172.99.100.191 | United States | 33070 | Cloud Loadbalancing as a Service-LBaaS (DFW) | Malware Process |
| crl.globalsign.net | 151.101.22.133 | United States | 54113 | Fastly | Malware Process |
| easylist-downloads.adblockplus.org | 176.9.122.53 | Germany | 24940 | Malware Process | |
| pppcw.shieldapps.ml | 37.97.173.64 | Netherlands | 20857 | Malware Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 90.3878748417 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?63600f0772d56571 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?63600f0772d56571 |
||||||
| s2.symcb.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 97.6835708618 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D URI: http://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D |
||||||
| pppcw.shieldapps.ml | 80 | POST | 1.1 | 1 | 103.33739686 | |
|
Path: /pppcw/pppcw.php URI: http://pppcw.shieldapps.ml/pppcw/pppcw.php |
||||||
| sv.symcd.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 103.849877834 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEGllzqlxaYVWCPVm%2BOHAM%2FM%3D URI: http://sv.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEGllzqlxaYVWCPVm%2BOHAM%2FM%3D |
||||||
| sv.symcb.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 103.875424862 |
|
Path: /sv.crl URI: http://sv.symcb.com/sv.crl |
||||||
| pppcw.shieldapps.ml | 80 | POST | 1.1 | 1 | 123.092378855 | |
|
Path: /pppcw/pppcw.php URI: http://pppcw.shieldapps.ml/pppcw/pppcw.php |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 148.779680014 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 154.108059883 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 159.375500917 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 164.84492898 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| notification.adblockplus.org | A |
|
Answers - 136.243.55.39 (A) - 94.130.73.110 (A) - 88.99.186.153 (A) - 95.216.27.38 (A) - 144.76.116.39 (A) - 148.251.12.230 (A) - easylist-downloads.adblockplus.org (CNAME) - 5.9.15.86 (A) - 176.9.122.53 (A) - 94.130.104.89 (A) - 176.9.26.105 (A) - 46.4.115.44 (A) - 148.251.66.238 (A) |
|
| easylist-downloads.adblockplus.org | A |
|
Answers - 136.243.88.49 (A) - 46.4.68.226 (A) - 78.46.39.215 (A) - 88.99.186.149 (A) - 144.76.20.58 (A) - 94.130.168.30 (A) - 85.10.210.166 (A) - 136.243.62.212 (A) - 78.46.27.186 (A) - 178.63.70.146 (A) |
|
| easylist-downloads.adblockplus.org | AAAA |
|
Answers - 2a01:4f8:151:8129::2 (AAAA) - 2a01:4f9:2a:1b5f::2 (AAAA) - 2a01:4f8:200:2175::2 (AAAA) - 2a01:4f8:222:1982::2 (AAAA) |
|
| ocsp.comodoca.com | A |
|
Answers - ocsp.comodoca.com.edgesuite.net (CNAME) - a652.dscb.akamai.net (CNAME) - 184.84.243.42 (A) - 184.84.243.34 (A) |
|
| ocsp.usertrust.com | A |
|
Answers - ocsp.usertrust.com.edgesuite.net (CNAME) - 23.67.251.26 (A) - a207.dscb.akamai.net (CNAME) - 23.67.251.33 (A) |
|
| secure.informaction.com | A |
|
Answers - 69.195.158.196 (A) - 69.195.158.198 (A) - 69.195.158.195 (A) - 69.195.158.197 (A) - 69.195.158.194 (A) |
|
| a652.dscb.akamai.net | A |
| a207.dscb.akamai.net | A |
|
Answers - 184.84.243.57 (A) - 184.84.243.10 (A) |
|
| a652.dscb.akamai.net | AAAA |
|
Answers - 2600:140a::48f6:2b21 (AAAA) - 2600:140a::48f6:2b33 (AAAA) |
|
| secure.informaction.com | AAAA |
| a207.dscb.akamai.net | AAAA |
|
Answers - 2600:140a::48f6:2b10 (AAAA) - 2600:140a::48f6:2b08 (AAAA) |
|
| ocsp.int-x3.letsencrypt.org | A |
|
Answers - a771.dscq.akamai.net (CNAME) - 184.24.97.217 (A) - ocsp.int-x3.letsencrypt.org.edgesuite.net (CNAME) - 184.24.97.216 (A) |
|
| safe-registration.com | A |
|
Answers - 172.99.100.191 (A) |
|
| a771.dscq.akamai.net | A |
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 23.215.131.169 (A) - a1621.g.akamai.net (CNAME) - ctldl.windowsupdate.com.edgesuite.net (CNAME) - 23.215.131.176 (A) |
|
| s2.symcb.com | A |
|
Answers - ocsp-ds.ws.symantec.com.edgekey.net (CNAME) - e8218.dscb1.akamaiedge.net (CNAME) - 23.50.75.27 (A) |
|
| pppcw.shieldapps.ml | A |
|
Answers - 37.97.173.64 (A) |
|
| sv.symcd.com | A |
| sv.symcb.com | A |
|
Answers - crl-symcprod.digicert.com (CNAME) - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A) |
|
| crl.microsoft.com | A |
|
Answers - 23.215.131.202 (A) - 23.215.131.200 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
|
Answers - 104.18.21.226 (A) - global.prd.cdn.globalsign.com (CNAME) - cdn.globalsigncdn.com.cdn.cloudflare.net (CNAME) - 104.18.20.226 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 76.9187979698 | Sandbox | 144.76.116.39 | 443 |
| 80.5211699009 | Sandbox | 69.195.158.196 | 443 |
| 90.3878748417 | Sandbox | 23.215.131.169 | 80 |
| 97.6835708618 | Sandbox | 23.50.75.27 | 80 |
| 103.33739686 | Sandbox | 37.97.173.64 | 80 |
| 103.849877834 | Sandbox | 23.50.75.27 | 80 |
| 103.875424862 | Sandbox | 72.21.91.29 | 80 |
| 123.092378855 | Sandbox | 37.97.173.64 | 80 |
| 148.779680014 | Sandbox | 23.215.131.200 | 80 |
| 164.84492898 | Sandbox | 104.18.20.226 | 80 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 6.96035003662 | Sandbox | 224.0.0.252 | 5355 |
| 6.97356891632 | Sandbox | 224.0.0.252 | 5355 |
| 6.98036384583 | Sandbox | 239.255.255.250 | 3702 |
| 6.99124383926 | Sandbox | 192.168.56.255 | 137 |
| 9.57113289833 | Sandbox | 224.0.0.252 | 5355 |
| 10.0054399967 | Sandbox | 192.168.56.255 | 138 |
| 76.5283858776 | Sandbox | 8.8.4.4 | 53 |
| 76.6774120331 | Sandbox | 8.8.4.4 | 53 |
| 76.6878638268 | Sandbox | 8.8.4.4 | 53 |
| 80.2184848785 | Sandbox | 8.8.4.4 | 53 |
| 80.3716700077 | Sandbox | 8.8.4.4 | 53 |
| 80.4592218399 | Sandbox | 8.8.4.4 | 53 |
| 80.4599430561 | Sandbox | 8.8.4.4 | 53 |
| 80.6019940376 | Sandbox | 8.8.4.4 | 53 |
| 80.6022689342 | Sandbox | 8.8.4.4 | 53 |
| 80.6028249264 | Sandbox | 8.8.4.4 | 53 |
| 80.6137189865 | Sandbox | 8.8.4.4 | 53 |
| 80.6417798996 | Sandbox | 8.8.4.4 | 53 |
| 83.4602408409 | Sandbox | 224.0.0.252 | 5355 |
| 87.5926530361 | Sandbox | 224.0.0.252 | 5355 |
| 87.7331709862 | Sandbox | 8.8.4.4 | 53 |
| 87.7335448265 | Sandbox | 8.8.4.4 | 53 |
| 87.8054759502 | Sandbox | 8.8.4.4 | 53 |
| 87.8059568405 | Sandbox | 8.8.4.4 | 53 |
| 90.255854845 | Sandbox | 8.8.4.4 | 53 |
| 92.1211760044 | Sandbox | 224.0.0.252 | 5355 |
| 94.9425868988 | Sandbox | 224.0.0.252 | 5355 |
| 97.6374230385 | Sandbox | 8.8.4.4 | 53 |
| 98.4237060547 | Sandbox | 224.0.0.252 | 5355 |
| 98.489689827 | Sandbox | 224.0.0.252 | 5355 |
| 100.33285594 | Sandbox | 224.0.0.252 | 5355 |
| 101.092857838 | Sandbox | 224.0.0.252 | 5355 |
| 101.11003089 | Sandbox | 224.0.0.252 | 5355 |
| 103.152148008 | Sandbox | 8.8.4.4 | 53 |
| 103.81050992 | Sandbox | 8.8.4.4 | 53 |
| 103.827497959 | Sandbox | 8.8.4.4 | 53 |
| 143.288633823 | Sandbox | 224.0.0.252 | 5355 |
| 145.997442007 | Sandbox | 224.0.0.252 | 5355 |
| 148.580873966 | Sandbox | 8.8.4.4 | 53 |
| 148.845846891 | Sandbox | 224.0.0.252 | 5355 |
| 151.524047852 | Sandbox | 224.0.0.252 | 5355 |
| 154.128706932 | Sandbox | 224.0.0.252 | 5355 |
| 156.811919928 | Sandbox | 224.0.0.252 | 5355 |
| 159.502957821 | Sandbox | 224.0.0.252 | 5355 |
| 162.19451499 | Sandbox | 224.0.0.252 | 5355 |
| 164.797171831 | Sandbox | 8.8.4.4 | 53 |