| Name | IP | Country | ASN | ASN Name | Trigger Process Type |
|---|---|---|---|---|---|
| 8.8.4.4 | United States | 15169 | Level 3 Parent, LLC | Malware Process | |
| 104.16.89.188 | United States | 13335 | Cloudflare, Inc. | Malware Process | |
| 209.126.124.166 | United States | 30083 | HEG US Inc. | Malware Process | |
| 38.69.238.114 | United States | 174 | PSINet, Inc. | OS Process | |
| 38.69.238.128 | United States | 174 | PSINet, Inc. | OS Process | |
| 50.89.138.223 | United States | 33363 | Bright House Networks - CFL Division | Malware Process | |
| 66.220.110.56 | United States | 4181 | TDS TELECOM | Malware Process | |
| 72.215.47.23 | United States | 22773 | Cox Communications | Malware Process | |
| 76.177.3.96 | United States | 10796 | Time Warner Cable Internet LLC | Malware Process | |
| 98.163.53.175 | United States | 22773 | Cox Communications Inc. | Malware Process | |
| 72.230.204.136 | United States | 11351 | Time Warner Cable Internet LLC | Malware Process | |
| 66.96.133.9 | United States | 29873 | The Endurance International Group, Inc. | Malware Process | |
| 23.49.13.33 | United States | 20940 | Akamai Technologies, Inc. | Malware Process | |
| 173.175.76.49 | United States | 11427 | Time Warner Cable Internet LLC | Malware Process | |
| 178.255.83.1 | 35838 | OS Process | |||
| 38.69.238.122 | 174 | PSINet, Inc. | OS Process | ||
| 104.16.90.188 | 13335 | Cloudflare, Inc. | Malware Process | ||
| 104.28.16.56 | 13335 | Cloudflare, Inc. | Malware Process | ||
| 23.63.226.105 | 20940 | Akamai Technologies, Inc. | OS Process | ||
| 85.93.88.251 | 8972 | Malware Process | |||
| 178.255.83.1 | 35838 | OS Process |
| Host | Port | Method | Version | User Agent | Count | Call Time During Execution(Sec) |
|---|---|---|---|---|---|---|
| www.ip-adress.com | 80 | GET | 1.1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) | 7 | 35.2424409389 |
|
Path: / URI: http://www.ip-adress.com/ |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 70.9386670589 |
|
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?0235c510ea678695 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?0235c510ea678695 |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 70.9388320446 |
|
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?82b0f4d24e34c8a2 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?82b0f4d24e34c8a2 |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 70.9389669895 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19a361189413c5cf URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19a361189413c5cf |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 70.9390940666 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1f3ebde0922e0df0 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1f3ebde0922e0df0 |
||||||
| ocsp.usertrust.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 2 | 83.9497468472 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D URI: http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI%3D |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 85.0819659233 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e6fdf0b8612e98d9 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e6fdf0b8612e98d9 |
||||||
| crl.comodoca.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 88.1244490147 |
|
Path: /COMODORSACertificationAuthority.crl URI: http://crl.comodoca.com/COMODORSACertificationAuthority.crl |
||||||
| ocsp.comodoca.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 88.1283209324 |
|
Path: /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D URI: http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69%2BAj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc%3D |
||||||
| ocsp.comodoca.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 88.1285099983 |
|
Path: /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCOot%2Bo4GHnch9qDcxWT3Pj URI: http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCOot%2Bo4GHnch9qDcxWT3Pj |
||||||
| crl.comodoca.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 88.1286828518 |
|
Path: /COMODORSADomainValidationSecureServerCA.crl URI: http://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 89.2810900211 |
|
Path: /msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9a77ba1534915b5d URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?9a77ba1534915b5d |
||||||
| ctldl.windowsupdate.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 89.2812509537 |
|
Path: /msdownload/update/v3/static/trustedr/en/authrootstl.cab?16df1de2208c0861 URI: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?16df1de2208c0861 |
||||||
| ocsp.comodoca.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 95.1614630222 |
|
Path: /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCOot%2Bo4GHnch9qDcxWT3Pj URI: http://ocsp.comodoca.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBR64T7ooMQqLLQoy%2BemBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEQCOot%2Bo4GHnch9qDcxWT3Pj |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 119.757361889 |
|
Path: /pki/crl/products/tspca.crl URI: http://crl.microsoft.com/pki/crl/products/tspca.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 120.214140892 |
|
Path: /pki/crl/products/CodeSignPCA2.crl URI: http://crl.microsoft.com/pki/crl/products/CodeSignPCA2.crl |
||||||
| crl.microsoft.com | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 120.239315987 |
|
Path: /pki/crl/products/WinPCA.crl URI: http://crl.microsoft.com/pki/crl/products/WinPCA.crl |
||||||
| crl.globalsign.net | 80 | GET | 1.1 | Microsoft-CryptoAPI/6.1 | 1 | 120.309280872 |
|
Path: /primobject.crl URI: http://crl.globalsign.net/primobject.crl |
||||||
| Request | Type |
|---|---|
| www.ip-adress.com | A |
|
Answers - 85.93.89.6 (A) - 85.93.88.251 (A) - 209.126.124.166 (A) - 207.38.89.115 (A) |
|
| ctldl.windowsupdate.com | A |
|
Answers - ctldl.windowsupdate.nsatc.net (CNAME) - 38.69.238.122 (A) - a1621.g.akamai.net (CNAME) - 38.69.238.114 (A) - ctldl.windowsupdate.com.edgesuite.net (CNAME) |
|
| ocsp.usertrust.com | A |
|
Answers - 178.255.83.1 (A) |
|
| crl.comodoca.com | A |
|
Answers - crl.comodoca.com.cdn.cloudflare.net (CNAME) - 104.16.92.188 (A) - 104.16.93.188 (A) - 104.16.90.188 (A) - 104.16.91.188 (A) - 104.16.89.188 (A) |
|
| ocsp.comodoca.com | A |
| 194.99.241.192.in-addr.arpa | PTR |
|
Answers - wooservers.com (PTR) |
|
| crl.microsoft.com | A |
|
Answers - 38.69.238.81 (A) - 38.69.238.128 (A) - crl.www.ms.akadns.net (CNAME) - a1363.dscg.akamai.net (CNAME) |
|
| crl.globalsign.net | A |
|
Answers - 104.28.16.56 (A) - 104.28.17.56 (A) |
|
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 35.2424409389 | Sandbox | 209.126.124.166 | 80 |
| 48.022108078 | Sandbox | 98.163.53.175 | 995 |
| 48.0224249363 | Sandbox | 209.126.124.166 | 443 |
| 59.9028389454 | Sandbox | 209.126.124.166 | 80 |
| 59.9472520351 | Sandbox | 209.126.124.166 | 443 |
| 59.9613149166 | Sandbox | 66.220.110.56 | 50010 |
| 70.9386670589 | Sandbox | 38.69.238.122 | 80 |
| 70.9388320446 | Sandbox | 38.69.238.122 | 80 |
| 70.9389669895 | Sandbox | 38.69.238.122 | 80 |
| 70.9390940666 | Sandbox | 38.69.238.114 | 80 |
| 83.9497468472 | Sandbox | 178.255.83.1 | 80 |
| 83.9552738667 | Sandbox | 178.255.83.1 | 80 |
| 84.4081599712 | Sandbox | 209.126.124.166 | 80 |
| 84.4539408684 | Sandbox | 209.126.124.166 | 443 |
| 84.6818799973 | Sandbox | 209.126.124.166 | 80 |
| 84.7302680016 | Sandbox | 209.126.124.166 | 443 |
| 85.0819659233 | Sandbox | 38.69.238.122 | 80 |
| 86.2627079487 | Sandbox | 209.126.124.166 | 80 |
| 86.3085000515 | Sandbox | 209.126.124.166 | 443 |
| 86.6562318802 | Sandbox | 209.126.124.166 | 80 |
| 86.7807729244 | Sandbox | 93.108.180.227 | 443 |
| 86.9702320099 | Sandbox | 209.126.124.166 | 443 |
| 88.1244490147 | Sandbox | 104.16.89.188 | 80 |
| 88.1283209324 | Sandbox | 178.255.83.1 | 80 |
| 88.1285099983 | Sandbox | 178.255.83.1 | 80 |
| 88.1286828518 | Sandbox | 104.16.89.188 | 80 |
| 89.2810900211 | Sandbox | 38.69.238.122 | 80 |
| 89.2812509537 | Sandbox | 38.69.238.122 | 80 |
| 95.1614630222 | Sandbox | 178.255.83.1 | 80 |
| 96.4516859055 | Sandbox | 209.126.124.166 | 80 |
| 97.2798478603 | Sandbox | 209.126.124.166 | 443 |
| 100.655611992 | Sandbox | 93.108.180.227 | 443 |
| 101.385457993 | Sandbox | 98.163.53.175 | 995 |
| 102.620430946 | Sandbox | 50.89.138.223 | 443 |
| 106.316699982 | Sandbox | 76.177.3.96 | 443 |
| 109.184499025 | Sandbox | 72.215.47.23 | 443 |
| 119.757361889 | Sandbox | 38.69.238.128 | 80 |
| 120.309280872 | Sandbox | 104.28.16.56 | 80 |
| 128.601422071 | Sandbox | 192.168.56.10 | 49310 |
| 128.603452921 | Sandbox | 192.168.56.10 | 49311 |
| 128.893338919 | Sandbox | 192.168.56.10 | 49312 |
| Call Time During Execution(sec) | Source IP | Dest IP | Dest Port |
|---|---|---|---|
| 6.87473893166 | Sandbox | 224.0.0.252 | 5355 |
| 6.89462304115 | Sandbox | 224.0.0.252 | 5355 |
| 6.90027093887 | Sandbox | 239.255.255.250 | 3702 |
| 6.93095207214 | Sandbox | 192.168.56.255 | 137 |
| 9.44754195213 | Sandbox | 224.0.0.252 | 5355 |
| 12.9308629036 | Sandbox | 192.168.56.255 | 138 |
| 31.5292289257 | Sandbox | 224.0.0.252 | 5355 |
| 35.177243948 | Sandbox | 8.8.4.4 | 53 |
| 60.2917048931 | Sandbox | 224.0.0.252 | 5355 |
| 60.5862970352 | Sandbox | 224.0.0.252 | 5355 |
| 60.6132040024 | Sandbox | 224.0.0.252 | 5355 |
| 60.6229279041 | Sandbox | 224.0.0.252 | 5355 |
| 67.911921978 | Sandbox | 224.0.0.252 | 5355 |
| 67.9251909256 | Sandbox | 224.0.0.252 | 5355 |
| 67.9255239964 | Sandbox | 224.0.0.252 | 5355 |
| 67.925921917 | Sandbox | 224.0.0.252 | 5355 |
| 70.637321949 | Sandbox | 8.8.4.4 | 53 |
| 70.6378128529 | Sandbox | 8.8.4.4 | 53 |
| 77.8792488575 | Sandbox | 224.0.0.252 | 5355 |
| 78.2761838436 | Sandbox | 224.0.0.252 | 5355 |
| 78.4763128757 | Sandbox | 224.0.0.252 | 5355 |
| 80.7849700451 | Sandbox | 224.0.0.252 | 5355 |
| 81.1767370701 | Sandbox | 224.0.0.252 | 5355 |
| 81.1770470142 | Sandbox | 224.0.0.252 | 5355 |
| 83.5991690159 | Sandbox | 224.0.0.252 | 5355 |
| 83.927533865 | Sandbox | 8.8.4.4 | 53 |
| 83.9332239628 | Sandbox | 8.8.4.4 | 53 |
| 84.3600189686 | Sandbox | 224.0.0.252 | 5355 |
| 84.3607668877 | Sandbox | 224.0.0.252 | 5355 |
| 84.3966639042 | Sandbox | 224.0.0.252 | 5355 |
| 84.6839039326 | Sandbox | 224.0.0.252 | 5355 |
| 84.7544679642 | Sandbox | 224.0.0.252 | 5355 |
| 87.7708349228 | Sandbox | 8.8.4.4 | 53 |
| 87.7736279964 | Sandbox | 8.8.4.4 | 53 |
| 93.1511719227 | Sandbox | 224.0.0.252 | 5355 |
| 98.0551888943 | Sandbox | 224.0.0.252 | 5355 |
| 98.0557670593 | Sandbox | 8.8.4.4 | 53 |
| 102.181921959 | Sandbox | 224.0.0.252 | 5355 |
| 106.248108864 | Sandbox | 224.0.0.252 | 5355 |
| 110.373113871 | Sandbox | 224.0.0.252 | 5355 |
| 116.188117981 | Sandbox | 224.0.0.252 | 5355 |
| 119.693022966 | Sandbox | 8.8.4.4 | 53 |
| 120.261780977 | Sandbox | 8.8.4.4 | 53 |
| 129.854168892 | Sandbox | 224.0.0.252 | 5355 |