Advanced File Analysis System

File Name: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2.bin

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 949f1903642e72575e107ee492faba670c8e0006

MD5: 5384f752e3a2b59fad9d0f143ce0215a

Contacted IPs

Network Port Distribution

Name	IP	Country	ASN	ASN Name	Trigger Process Type
	8.8.4.4	United States	15169	Level 3 Parent, LLC	Malware Process
	104.18.35.60	United States	13335	Cloudflare, Inc.	Malware Process
	157.238.74.89	United States	20940	NTT America, Inc.	Malware Process
	205.185.216.42	United States	20446	Highwinds Network Group, Inc.	OS Process
	23.59.155.35	United States	20940	Akamai Technologies, Inc.	Malware Process
	66.6.32.21	United States	26101	Oath Holdings Inc.	Malware Process
	98.136.103.24	United States	36647	Oath Holdings Inc.	Malware Process
flexiblepestsolutions.com	75.98.175.104	United States	55293	A2 Hosting, Inc.	Malware Process
www.hugedomains.com	104.25.38.108	United States	13335	Cloudflare, Inc.	Malware Process
ocsp.int-x3.letsencrypt.org	157.238.74.104	United States	20940	NTT America, Inc.	Malware Process
texmart.in	184.168.131.241	United States	26496	GoDaddy.com, LLC	Malware Process
menoffaithinaction.godaddysites.com	198.71.232.10	United States	26496	GoDaddy.com, LLC	Malware Process
imagescameraclub.com	184.168.47.225	United States	26496	GoDaddy.com, LLC	Malware Process
frc-conf.com	178.132.201.54	Russian Federation	49505		Malware Process
crl.globalsign.net	151.101.2.133	United States	54113	Fastly	Malware Process
alltimefacts.com	23.20.239.12	United States	14618	Amazon.com, Inc.	Malware Process
novolani.com	69.172.201.153	United States	19324	Cogeco Peer 1	Malware Process
tuvestir.com	104.18.34.60	United States	13335	Cloudflare, Inc.	Malware Process
www.shrisaisales.in	13.228.67.110	Singapore	16509 38895	Amazon Technologies Inc.	Malware Process
ctldl.windowsupdate.com	72.21.81.240	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	OS Process
frc-pr.com	178.208.83.56	Russian Federation	48282		Malware Process
mycampusjuice.com	204.11.56.48	Virgin Islands, British	40034	Confluence Networks Inc	Malware Process
adcconsulting.net	107.190.137.18	United States	33182	HostDime.com, Inc.	Malware Process
mofiaweb.com	198.71.232.3	United States	26496	GoDaddy.com, LLC	Malware Process
myshop.lk	104.31.71.239	United States	13335	Cloudflare, Inc.	Malware Process
shrisaisales.in	13.228.67.110	Singapore	16509 38895	Amazon Technologies Inc.	Malware Process
isrg.trustid.ocsp.identrust.com	157.238.74.66	United States	20940	NTT America, Inc.	Malware Process
parsimaj.com	5.135.231.147	France	16276		Malware Process
yahoosupportaustralia.com	106.10.248.151	Singapore	56173	Yahoo-Inc 701 First Avenue	Malware Process
yahoohelpcommunity.tumblr.com	66.6.33.21	United States	26101	Oath Holdings Inc.	Malware Process
stwholesaleinc.com	52.91.146.127	United States	14618	Amazon Technologies Inc.	Malware Process
supercravings.com	207.148.248.143	United States	29873	The Endurance International Group, Inc.	Malware Process
crl.microsoft.com	208.185.118.104	United States	6461	Zayo Bandwidth	OS Process
ocsp.comodoca4.com	151.139.128.14	United States	20446	StackPath, LLC.	Malware Process
pastimefoods.com	104.236.189.233	United States	14061	DigitalOcean, LLC	Malware Process
ocsp.usertrust.com	151.139.128.14	United States	20446	StackPath, LLC.	OS Process
abelindia.com	107.190.137.18	United States	33182	HostDime.com, Inc.	Malware Process
adrive62.com	5.101.152.167	Russian Federation	198610		Malware Process
ocsp.digicert.com	72.21.91.29	United States	15133	MCI Communications Services, Inc. d/b/a Verizon Business	Malware Process

HTTP Packets

Host	Port	Method	Version	User Agent	Count	Call Time During Execution(Sec)
mofiaweb.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	17.0909638405
Path: /OJP84q.php?w=m2w54de8rvv78b URI: http://mofiaweb.com/OJP84q.php?w=m2w54de8rvv78b
adcconsulting.net	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	20.5679810047
Path: /XEGeuI.php?o=m2w54de8rvv78b URI: http://adcconsulting.net/XEGeuI.php?o=m2w54de8rvv78b
adrive62.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	39.8094279766
Path: /Dre8j9.php?n=m2w54de8rvv78b URI: http://adrive62.com/Dre8j9.php?n=m2w54de8rvv78b
texmart.in	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	45.1466588974
Path: /dEXh_e.php?t=m2w54de8rvv78b URI: http://texmart.in/dEXh_e.php?t=m2w54de8rvv78b
yahoosupportaustralia.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	45.4884939194
Path: /8gX7hN.php?j=m2w54de8rvv78b URI: http://yahoosupportaustralia.com/8gX7hN.php?j=m2w54de8rvv78b
ctldl.windowsupdate.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	47.7849907875
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?401044ba0f862f93 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?401044ba0f862f93
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	48.4568967819
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8%3D
frc-conf.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	49.1238639355
Path: /o51qYV.php?l=m2w54de8rvv78b URI: http://frc-conf.com/o51qYV.php?l=m2w54de8rvv78b
isrg.trustid.ocsp.identrust.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	50.0268979073
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D URI: http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D
ocsp.int-x3.letsencrypt.org	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	50.4227309227
Path: /MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgRjbPY7UZSW1St6RAKsejskvA%3D%3D URI: http://ocsp.int-x3.letsencrypt.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBR%2B5mrncpqz%2FPiiIGRsFqEtYHEIXQQUqEpqYwR93brm0Tm3pkVl7%2FOo7KECEgRjbPY7UZSW1St6RAKsejskvA%3D%3D
frc-pr.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	72.323843956
Path: /dA91lI.php?d=m2w54de8rvv78b URI: http://frc-pr.com/dA91lI.php?d=m2w54de8rvv78b
flexiblepestsolutions.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	72.9670109749
Path: /Rr70KQ.php?v=m2w54de8rvv78b URI: http://flexiblepestsolutions.com/Rr70KQ.php?v=m2w54de8rvv78b
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	82.210272789
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	82.2891018391
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl
crl.microsoft.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	82.3861148357
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl
crl.globalsign.net	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	82.5048758984
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl
mycampusjuice.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	94.7802119255
Path: /z9r0qh.php?x=m2w54de8rvv78b URI: http://mycampusjuice.com/z9r0qh.php?x=m2w54de8rvv78b
novolani.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	95.6666429043
Path: /HR8srq.php?z=m2w54de8rvv78b URI: http://novolani.com/HR8srq.php?z=m2w54de8rvv78b
tuvestir.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	95.8809309006
Path: /qPA0JU.php?q=m2w54de8rvv78b URI: http://tuvestir.com/qPA0JU.php?q=m2w54de8rvv78b
ocsp.digicert.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	96.2202239037
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D URI: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D
parsimaj.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	98.2448959351
Path: /60wEBT.php?l=m2w54de8rvv78b URI: http://parsimaj.com/60wEBT.php?l=m2w54de8rvv78b
shrisaisales.in	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	106.520383835
Path: /ZUQce4.php?a=m2w54de8rvv78b URI: http://shrisaisales.in/ZUQce4.php?a=m2w54de8rvv78b
www.shrisaisales.in	80	GET	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	107.081039906
Path: /ZUQce4.php?a=m2w54de8rvv78b URI: http://www.shrisaisales.in/ZUQce4.php?a=m2w54de8rvv78b
imagescameraclub.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	108.511665821
Path: /j7b5kK.php?w=m2w54de8rvv78b URI: http://imagescameraclub.com/j7b5kK.php?w=m2w54de8rvv78b
abelindia.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	171.944960833
Path: /1LaXd8.php?z=m2w54de8rvv78b URI: http://abelindia.com/1LaXd8.php?z=m2w54de8rvv78b
SuperCravings.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	187.660893917
Path: /RTosaZ.php?s=m2w54de8rvv78b URI: http://SuperCravings.com/RTosaZ.php?s=m2w54de8rvv78b
frc-pr.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	190.232283831
Path: /BMzH_7.php?t=m2w54de8rvv78b URI: http://frc-pr.com/BMzH_7.php?t=m2w54de8rvv78b
myshop.lk	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	190.873251915
Path: /6872VF.php?q=m2w54de8rvv78b URI: http://myshop.lk/6872VF.php?q=m2w54de8rvv78b
alltimefacts.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	191.337942839
Path: /EiFSId.php?b=m2w54de8rvv78b URI: http://alltimefacts.com/EiFSId.php?b=m2w54de8rvv78b
ocsp.usertrust.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	191.648952961
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D URI: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D
ocsp.comodoca4.com	80	GET	1.1	Microsoft-CryptoAPI/6.1	1	191.937731981
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D URI: http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCEAui0B3Ly3d26KxlCXrBJUE%3D
mofiaweb.com	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	207.486113787
Path: /OJP84q.php?o=t34emjh44sc URI: http://mofiaweb.com/OJP84q.php?o=t34emjh44sc
adcconsulting.net	80	POST	1.1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)	1	210.309872866
Path: /XEGeuI.php?o=t34emjh44sc URI: http://adcconsulting.net/XEGeuI.php?o=t34emjh44sc

DNS Queries/Answers

Request	Type
mofiaweb.com	A
Answers - 198.71.232.3 (A)
mabawamathare.org	A
Answers - (NXDOMAIN)
19bee88.com	A
adcconsulting.net	A
Answers - 107.190.137.18 (A)
adrive62.com	A
Answers - 5.101.152.167 (A)
kingalter.com	A
thegingod.com	A
texmart.in	A
Answers - 184.168.131.241 (A)
yahoosupportaustralia.com	A
Answers - 212.82.100.151 (A) - 98.136.103.24 (A) - 212.82.102.24 (A) - 106.10.248.151 (A) - 74.6.136.151 (A)
yahoohelpcommunity.tumblr.com	A
Answers - 66.6.33.21 (A) - 66.6.33.149 (A) - 66.6.32.21 (A)
ctldl.windowsupdate.com	A
Answers - 205.185.216.42 (A) - audownload.windowsupdate.nsatc.net (CNAME) - au.download.windowsupdate.com.hwcdn.net (CNAME) - cds.d2s7q6s2.hwcdn.net (CNAME) - 205.185.216.10 (A)
ocsp.digicert.com	A
Answers - cs9.wac.phicdn.net (CNAME) - 72.21.91.29 (A)
smfinternational.com	A
frc-conf.com	A
Answers - 178.132.201.54 (A)
isrg.trustid.ocsp.identrust.com	A
Answers - 23.59.155.18 (A) - isrg.trustid.ocsp.identrust.com.edgesuite.net (CNAME) - a279.dscq.akamai.net (CNAME) - 23.59.155.35 (A)
ocsp.int-x3.letsencrypt.org	A
Answers - 157.238.74.104 (A) - a771.dscq.akamai.net (CNAME) - 157.238.74.89 (A) - ocsp.int-x3.letsencrypt.org.edgesuite.net (CNAME)
stwholesaleinc.com	A
Answers - 52.91.146.127 (A)
frc-pr.com	A
Answers - 178.208.83.56 (A)
flexiblepestsolutions.com	A
Answers - 75.98.175.104 (A)
pastimefoods.com	A
Answers - 104.236.189.233 (A)
crl.microsoft.com	A
Answers - a1363.dscg.akamai.net (CNAME) - 208.185.118.104 (A) - crl.www.ms.akadns.net (CNAME) - 208.185.118.88 (A)
crl.globalsign.net	A
Answers - 151.101.66.133 (A) - 151.101.2.133 (A) - global.prd.cdn.globalsign.com (CNAME) - 151.101.194.133 (A) - 151.101.130.133 (A) - prod.globalsign.map.fastly.net (CNAME)
mycampusjuice.com	A
Answers - 204.11.56.48 (A)
gerberinsreferral.com	A
hajsy.pro-linuxpl.com	A
localburialinsuranceinfo.com	A
novolani.com	A
Answers - 69.172.201.153 (A)
tuvestir.com	A
Answers - 104.18.35.60 (A) - 104.18.34.60 (A)
parsimaj.com	A
Answers - 5.135.231.147 (A)
lexscheep.com	A
ks0407.com	A
shrisaisales.in	A
Answers - 13.228.67.110 (A)
www.shrisaisales.in	A
Answers - shrisaisales.in (CNAME)
fitbalancechallenge.com	A
royalsboostersgbball.com	A
imagescameraclub.com	A
Answers - 184.168.47.225 (A)
abelindia.com	A
salamasisters.org	A
supercravings.com	A
Answers - 207.148.248.143 (A)
httthanglong.com	A
myshop.lk	A
Answers - 104.31.71.239 (A) - 104.31.70.239 (A)
alltimefacts.com	A
Answers - HDRedirect-LB5-1afb6e2973825a56.elb.us-east-1.amazonaws.com (CNAME) - 23.20.239.12 (A)
www.hugedomains.com	A
Answers - 104.25.38.108 (A) - 104.25.37.108 (A)
ocsp.usertrust.com	A
Answers - t3j2g9x7.stackpathcdn.com (CNAME) - 151.139.128.14 (A)
ocsp.comodoca4.com	A
champagneframeofmind.com	A
menoffaithinaction.godaddysites.com	A
Answers - 198.71.232.10 (A)

TCP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
17.0909638405	Sandbox	198.71.232.3	80
20.5679810047	Sandbox	107.190.137.18	80
39.8094279766	Sandbox	5.101.152.167	80
45.1466588974	Sandbox	184.168.131.241	80
45.4884939194	Sandbox	98.136.103.24	80
45.9492709637	Sandbox	66.6.32.21	443
47.7849907875	Sandbox	205.185.216.42	80
48.4568967819	Sandbox	72.21.91.29	80
49.1238639355	Sandbox	178.132.201.54	80
49.3597369194	Sandbox	178.132.201.54	443
50.0268979073	Sandbox	23.59.155.35	80
50.4227309227	Sandbox	157.238.74.89	80
72.323843956	Sandbox	178.208.83.56	80
72.9670109749	Sandbox	75.98.175.104	80
82.210272789	Sandbox	208.185.118.104	80
82.5048758984	Sandbox	151.101.2.133	80
94.7802119255	Sandbox	204.11.56.48	80
95.6666429043	Sandbox	69.172.201.153	80
95.8809309006	Sandbox	104.18.35.60	80
95.8909368515	Sandbox	104.18.35.60	443
98.2448959351	Sandbox	5.135.231.147	80
106.520383835	Sandbox	13.228.67.110	80
107.081039906	Sandbox	13.228.67.110	80
108.511665821	Sandbox	184.168.47.225	80
171.944960833	Sandbox	107.190.137.18	80
187.660893917	Sandbox	207.148.248.143	80
190.232283831	Sandbox	178.208.83.56	80
190.873251915	Sandbox	104.31.71.239	80
190.881955862	Sandbox	104.31.71.239	443
191.337942839	Sandbox	23.20.239.12	80
191.365141869	Sandbox	104.25.38.108	443
191.648952961	Sandbox	151.139.128.14	80
191.937731981	Sandbox	151.139.128.14	80
207.486113787	Sandbox	198.71.232.3	80
207.587817907	Sandbox	198.71.232.10	443
210.309872866	Sandbox	107.190.137.18	80

UDP Packets

Call Time During Execution(sec)	Source IP	Dest IP	Dest Port
3.0287399292	Sandbox	224.0.0.252	5355
3.09252595901	Sandbox	192.168.56.255	137
3.09456181526	Sandbox	224.0.0.252	5355
3.10212397575	Sandbox	239.255.255.250	3702
5.66135382652	Sandbox	224.0.0.252	5355
14.1569697857	Sandbox	224.0.0.252	5355
17.0483977795	Sandbox	8.8.4.4	53
17.2984619141	Sandbox	8.8.4.4	53
17.4562518597	Sandbox	8.8.4.4	53
20.4387998581	Sandbox	8.8.4.4	53
39.3460159302	Sandbox	8.8.4.4	53
40.1433489323	Sandbox	8.8.4.4	53
42.5637998581	Sandbox	8.8.4.4	53
45.0321118832	Sandbox	8.8.4.4	53
45.3911178112	Sandbox	8.8.4.4	53
45.8058278561	Sandbox	8.8.4.4	53
47.7688148022	Sandbox	8.8.4.4	53
48.4031147957	Sandbox	8.8.4.4	53
48.7192239761	Sandbox	8.8.4.4	53
48.8643569946	Sandbox	8.8.4.4	53
49.9379239082	Sandbox	8.8.4.4	53
50.3751208782	Sandbox	8.8.4.4	53
50.8308269978	Sandbox	8.8.4.4	53
72.1283187866	Sandbox	8.8.4.4	53
72.8316438198	Sandbox	8.8.4.4	53
73.4074249268	Sandbox	8.8.4.4	53
82.1179859638	Sandbox	8.8.4.4	53
82.4760699272	Sandbox	8.8.4.4	53
94.6754179001	Sandbox	8.8.4.4	53
94.9249079227	Sandbox	8.8.4.4	53
95.1274328232	Sandbox	8.8.4.4	53
95.4229938984	Sandbox	8.8.4.4	53
95.5651710033	Sandbox	8.8.4.4	53
95.8455588818	Sandbox	8.8.4.4	53
98.0631628036	Sandbox	8.8.4.4	53
101.237217903	Sandbox	8.8.4.4	53
103.829308987	Sandbox	8.8.4.4	53
106.220939875	Sandbox	8.8.4.4	53
106.786111832	Sandbox	8.8.4.4	53
108.127931833	Sandbox	8.8.4.4	53
108.283801794	Sandbox	8.8.4.4	53
108.411799908	Sandbox	8.8.4.4	53
171.846873999	Sandbox	8.8.4.4	53
187.490055799	Sandbox	8.8.4.4	53
187.627887964	Sandbox	8.8.4.4	53
190.720541	Sandbox	8.8.4.4	53
190.845891953	Sandbox	8.8.4.4	53
191.30063796	Sandbox	8.8.4.4	53
191.354340792	Sandbox	8.8.4.4	53
191.633782864	Sandbox	8.8.4.4	53
191.916071892	Sandbox	8.8.4.4	53
192.239014864	Sandbox	8.8.4.4	53
207.547437906	Sandbox	8.8.4.4	53

Loading...