Analysis Overview
SHA256
287db0ab6004a61b0a2a944e3bd580a51a271b081c6b4b92b5c09cd2d7f34ce4
Threat Level: No (potentially) malicious behavior was detected
The file a4da2055d50fad8f27bf10e5f0ca14df_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 09:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win7-20240508-en
Max time kernel
144s
Max time network
149s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{57CCB311-2967-11EF-8C89-6200E4292AD7} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432820" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 316 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 316 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 316 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 316 wrote to memory of 2156 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4da2055d50fad8f27bf10e5f0ca14df_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | docsamu.seesaa.net | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | xml.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | t.seesaa.net | udp |
| US | 8.8.8.8:53 | docsamu.seesaa.net | udp |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| US | 8.8.8.8:53 | xml.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | t.seesaa.net | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 09:28
Reported
2024-06-13 09:31
Platform
win10v2004-20240226-en
Max time kernel
143s
Max time network
156s
Command Line
Signatures
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4da2055d50fad8f27bf10e5f0ca14df_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4812 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4860 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4332 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5452 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4332 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5764 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5932 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6052 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6540 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6648 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 51.140.244.186:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 104.90.25.175:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| SE | 184.31.15.35:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | docsamu.seesaa.net | udp |
| US | 8.8.8.8:53 | docsamu.seesaa.net | udp |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| US | 8.8.8.8:53 | 186.244.140.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.234.34.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.25.90.104.in-addr.arpa | udp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| JP | 138.2.21.1:80 | docsamu.seesaa.net | tcp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| US | 8.8.8.8:53 | 29.132.133.27.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.21.2.138.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xml.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | xml.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | t.seesaa.net | udp |
| US | 8.8.8.8:53 | t.seesaa.net | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | blog.seesaa.jp | udp |
| JP | 138.2.21.1:443 | blog.seesaa.jp | tcp |
| FR | 18.155.129.58:80 | t.seesaa.net | tcp |
| JP | 138.2.21.1:443 | blog.seesaa.jp | tcp |
| JP | 133.237.105.32:443 | xml.affiliate.rakuten.co.jp | tcp |
| JP | 133.237.105.32:443 | xml.affiliate.rakuten.co.jp | tcp |
| JP | 138.2.21.1:443 | blog.seesaa.jp | tcp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | 58.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.105.237.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| US | 8.8.8.8:53 | blogparts.gugugulobuu.com | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| JP | 138.2.21.1:443 | blog.seesaa.jp | tcp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.42.73.29:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 29.73.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.ad-stir.com | udp |
| JP | 35.73.153.229:445 | js.ad-stir.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| JP | 13.112.45.104:445 | js.ad-stir.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.ad-stir.com | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| US | 8.8.8.8:53 | js.gsspcln.jp | udp |
| US | 8.8.8.8:53 | js.gsspcln.jp | udp |
| JP | 133.186.12.51:443 | js.gsspcln.jp | tcp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| JP | 133.186.12.51:443 | js.gsspcln.jp | tcp |
| US | 8.8.8.8:53 | dmp.im-apps.net | udp |
| US | 8.8.8.8:53 | aladdin.genieesspv.jp | udp |
| US | 8.8.8.8:53 | aladdin.genieesspv.jp | udp |
| JP | 222.230.178.144:443 | aladdin.genieesspv.jp | tcp |
| SE | 2.21.96.35:445 | dmp.im-apps.net | tcp |
| JP | 222.230.178.144:443 | aladdin.genieesspv.jp | tcp |
| NL | 23.62.61.168:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 51.12.186.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | static.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | static.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | static.affiliate.rakuten.co.jp | udp |
| BE | 104.90.25.214:443 | static.affiliate.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | cs.gssprt.jp | udp |
| US | 8.8.8.8:53 | cs.gssprt.jp | udp |
| JP | 133.186.12.50:443 | cs.gssprt.jp | tcp |
| JP | 133.186.12.50:443 | cs.gssprt.jp | tcp |
| JP | 133.186.12.50:443 | cs.gssprt.jp | tcp |
| JP | 163.43.28.228:443 | sda.seesaa.jp | tcp |
| BE | 104.90.25.214:443 | static.affiliate.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | mtwidget04.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | mtwidget04.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | xml.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | xml.affiliate.rakuten.co.jp | udp |
| JP | 133.237.105.32:443 | xml.affiliate.rakuten.co.jp | tcp |
| JP | 163.43.28.228:443 | sda.seesaa.jp | tcp |
| JP | 133.237.69.60:443 | mtwidget04.affiliate.rakuten.co.jp | tcp |
| JP | 133.237.105.32:443 | xml.affiliate.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | 144.178.230.222.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.25.90.104.in-addr.arpa | udp |
| SE | 2.21.96.91:445 | dmp.im-apps.net | tcp |
| US | 8.8.8.8:53 | 50.12.186.133.in-addr.arpa | udp |
| JP | 133.237.69.60:443 | mtwidget04.affiliate.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | yads.c.yimg.jp | udp |
| US | 8.8.8.8:53 | yads.c.yimg.jp | udp |
| US | 8.8.8.8:53 | mtwidget05.affiliate.ashiato.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | mtwidget05.affiliate.ashiato.rakuten.co.jp | udp |
| JP | 182.22.31.124:443 | yads.c.yimg.jp | tcp |
| JP | 133.237.69.60:443 | mtwidget05.affiliate.ashiato.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | 228.28.43.163.in-addr.arpa | udp |
| JP | 182.22.31.124:443 | yads.c.yimg.jp | tcp |
| JP | 133.237.69.60:443 | mtwidget05.affiliate.ashiato.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | dmp.im-apps.net | udp |
| US | 8.8.8.8:53 | 60.69.237.133.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.31.22.182.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 172.217.16.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | log.affiliate.rakuten.co.jp | udp |
| US | 8.8.8.8:53 | log.affiliate.rakuten.co.jp | udp |
| JP | 133.237.60.7:443 | log.affiliate.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | 234.16.217.172.in-addr.arpa | udp |
| JP | 133.237.60.7:443 | log.affiliate.rakuten.co.jp | tcp |
| US | 8.8.8.8:53 | 7.60.237.133.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| US | 8.8.8.8:53 | sda.seesaa.jp | udp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| JP | 27.133.132.29:443 | sda.seesaa.jp | tcp |
| US | 8.8.8.8:53 | b.st-hatena.com | udp |
| US | 8.8.8.8:53 | b.st-hatena.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| FR | 52.222.201.116:443 | b.st-hatena.com | tcp |
| FR | 52.222.201.116:443 | b.st-hatena.com | tcp |
| GB | 163.70.151.21:445 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 18.245.175.22:443 | b.hatena.ne.jp | tcp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 8.8.8.8:53 | b.hatena.ne.jp | udp |
| US | 18.245.175.22:443 | b.hatena.ne.jp | tcp |
| US | 18.245.175.22:443 | b.hatena.ne.jp | tcp |
| US | 18.245.175.22:443 | b.hatena.ne.jp | tcp |
| US | 18.245.175.22:443 | b.hatena.ne.jp | tcp |
| US | 8.8.8.8:53 | js.ad-stir.com | udp |
| US | 8.8.8.8:53 | js.ad-stir.com | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 116.201.222.52.in-addr.arpa | udp |
| JP | 13.112.45.104:80 | js.ad-stir.com | tcp |
| JP | 13.112.45.104:80 | js.ad-stir.com | tcp |
| US | 8.8.8.8:53 | b.st-hatena.com | udp |
| US | 8.8.8.8:53 | b.st-hatena.com | udp |
| FR | 52.222.201.116:443 | b.st-hatena.com | tcp |
| FR | 52.222.201.116:443 | b.st-hatena.com | tcp |
| US | 8.8.8.8:53 | sh.adingo.jp | udp |
| US | 8.8.8.8:53 | sh.adingo.jp | udp |
| JP | 54.168.141.194:80 | sh.adingo.jp | tcp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| JP | 54.168.141.194:80 | sh.adingo.jp | tcp |
| US | 8.8.8.8:53 | 22.175.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.45.112.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.adingo.jp | udp |
| GB | 163.70.151.21:139 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | i.adingo.jp | udp |
| JP | 35.79.126.110:443 | i.adingo.jp | tcp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 104.244.42.200:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| JP | 35.79.126.110:443 | i.adingo.jp | tcp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| GB | 199.232.56.157:443 | platform.twitter.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 194.141.168.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.126.79.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| GB | 216.58.213.14:445 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:139 | www.google-analytics.com | tcp |
| NL | 23.62.61.106:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 106.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.blog.seesaa.jp | udp |
| US | 8.8.8.8:53 | cdn.blog.seesaa.jp | udp |
| JP | 138.2.21.1:80 | cdn.blog.seesaa.jp | tcp |
| JP | 138.2.21.1:80 | cdn.blog.seesaa.jp | tcp |
| US | 8.8.8.8:53 | 24.173.189.20.in-addr.arpa | udp |