hxxps://ftp[.]onogost[.]com

Analysis

max time kernel
36s
max time network
38s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
10/10/2022, 15:05 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ftp.onogost.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1928	firefox.exe
Token: SeDebugPrivilege	1928	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1928	firefox.exe
1928	firefox.exe
1928	firefox.exe
1928	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1928	firefox.exe
1928	firefox.exe
1928	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1048 wrote to memory of 1928	1048	firefox.exe	27
PID 1928 wrote to memory of 1156	1928	firefox.exe	29
PID 1928 wrote to memory of 1156	1928	firefox.exe	29
PID 1928 wrote to memory of 1156	1928	firefox.exe	29
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 632	1928	firefox.exe	30
PID 1928 wrote to memory of 1312	1928	firefox.exe	31
PID 1928 wrote to memory of 1312	1928	firefox.exe	31
PID 1928 wrote to memory of 1312	1928	firefox.exe	31
PID 1928 wrote to memory of 1312	1928	firefox.exe	31
PID 1928 wrote to memory of 1312	1928	firefox.exe	31
PID 1928 wrote to memory of 1312	1928	firefox.exe	31
PID 1928 wrote to memory of 1312	1928	firefox.exe	31

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://ftp.onogost.com
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://ftp.onogost.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.0.59840206\613831345" -parentBuildID 20200403170909 -prefsHandle 1188 -prefMapHandle 1180 -prefsLen 1 -prefMapSize 220106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 1292 gpu
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.3.826661796\528984970" -childID 1 -isForBrowser -prefsHandle 1664 -prefMapHandle 1120 -prefsLen 156 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 1756 tab
    3⤵
    PID:632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1928.13.2106782764\1382640888" -childID 2 -isForBrowser -prefsHandle 2632 -prefMapHandle 2628 -prefsLen 6938 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1928 "\\.\pipe\gecko-crash-server-pipe.1928" 2644 tab
    3⤵
    PID:1312

Network

DNS

ftp.onogost.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ftp.onogost.com

IN A

Response

ftp.onogost.com

IN A

185.99.1.126
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

34.102.187.140
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists

firefox.exe

Remote address:

34.102.187.140:443

Request

GET /v1/buckets/main/collections/hijack-blocklists HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main

firefox.exe

Remote address:

34.102.187.140:443

Request

GET /v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
if-modified-since: Thu, 01 Sep 2022 12:57:16 GMT
if-none-match: "1662037036313"
te: trailers
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

34.102.187.140
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
DNS

ftp.onogost.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ftp.onogost.com

IN A

Response

ftp.onogost.com

IN A

185.99.1.126
DNS

cs9.wac.phicdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cs9.wac.phicdn.net

IN A

Response

cs9.wac.phicdn.net

IN A

72.21.91.29
DNS

cs9.wac.phicdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cs9.wac.phicdn.net

IN AAAA

Response
DNS

ftp.onogost.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ftp.onogost.com

IN AAAA

Response
DNS

ocsp.comodoca.com.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ocsp.comodoca.com.cdn.cloudflare.net

IN A

Response

ocsp.comodoca.com.cdn.cloudflare.net

IN A

104.18.32.68

ocsp.comodoca.com.cdn.cloudflare.net

IN A

172.64.155.188
DNS

ocsp.comodoca.com.cdn.cloudflare.net

firefox.exe

Remote address:

8.8.8.8:53

Request

ocsp.comodoca.com.cdn.cloudflare.net

IN AAAA

Response

ocsp.comodoca.com.cdn.cloudflare.net

IN AAAA

2606:4700:4400::ac40:9bbc

ocsp.comodoca.com.cdn.cloudflare.net

IN AAAA

2606:4700:4400::6812:2044
DNS

search.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.services.mozilla.com

IN A

Response

search.services.mozilla.com

IN CNAME

search.r53-2.services.mozilla.com

search.r53-2.services.mozilla.com

IN A

34.160.46.54
GET

https://search.services.mozilla.com/1/firefox/75.0/release/en-US/IE/default/default/nov17-1

firefox.exe

Remote address:

34.160.46.54:443

Request

GET /1/firefox/75.0/release/en-US/IE/default/default/nov17-1 HTTP/2.0
host: search.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN A

Response

search.r53-2.services.mozilla.com

IN A

34.160.46.54
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN AAAA

Response
DNS

a1887.dscq.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a1887.dscq.akamai.net

IN A

Response

a1887.dscq.akamai.net

IN A

96.16.53.165

a1887.dscq.akamai.net

IN A

96.16.53.142
DNS

a1887.dscq.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a1887.dscq.akamai.net

IN AAAA

Response

a1887.dscq.akamai.net

IN AAAA

2a02:26f0:6d00:1c::6010:358e

a1887.dscq.akamai.net

IN AAAA

2a02:26f0:6d00:1c::6010:35a5
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

35.163.90.214

shavar.prod.mozaws.net

IN A

52.88.11.165

shavar.prod.mozaws.net

IN A

52.36.92.75

shavar.prod.mozaws.net

IN A

34.215.6.110

shavar.prod.mozaws.net

IN A

52.35.225.239

shavar.prod.mozaws.net

IN A

35.82.2.166
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

35.163.90.214

shavar.prod.mozaws.net

IN A

35.82.2.166

shavar.prod.mozaws.net

IN A

34.215.6.110

shavar.prod.mozaws.net

IN A

52.88.11.165

shavar.prod.mozaws.net

IN A

52.36.92.75

shavar.prod.mozaws.net

IN A

52.35.225.239
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
GET

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

35.162.217.251
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

54.191.251.76
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A

Response

support.mozilla.org

IN CNAME

prod-tp.sumo.mozit.cloud

prod-tp.sumo.mozit.cloud

IN A

54.203.119.212

prod-tp.sumo.mozit.cloud

IN A

54.149.98.205

prod-tp.sumo.mozit.cloud

IN A

44.240.61.77
DNS

www.facebook.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
DNS

star-mini.c10r.facebook.com

firefox.exe

Remote address:

8.8.8.8:53

Request

star-mini.c10r.facebook.com

IN A

Response

star-mini.c10r.facebook.com

IN A

31.13.83.36
DNS

prod-tp.sumo.mozit.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

prod-tp.sumo.mozit.cloud

IN A

Response

prod-tp.sumo.mozit.cloud

IN A

44.240.61.77

prod-tp.sumo.mozit.cloud

IN A

54.149.98.205

prod-tp.sumo.mozit.cloud

IN A

54.203.119.212
DNS

youtube-ui.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube-ui.l.google.com

IN A

Response

youtube-ui.l.google.com

IN A

142.250.179.206

youtube-ui.l.google.com

IN A

142.251.36.14

youtube-ui.l.google.com

IN A

142.251.39.110

youtube-ui.l.google.com

IN A

172.217.168.206

youtube-ui.l.google.com

IN A

216.58.208.110

youtube-ui.l.google.com

IN A

142.250.179.142

youtube-ui.l.google.com

IN A

142.251.36.46

youtube-ui.l.google.com

IN A

172.217.168.238

youtube-ui.l.google.com

IN A

142.250.179.174
DNS

prod-tp.sumo.mozit.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

prod-tp.sumo.mozit.cloud

IN AAAA

Response
DNS

www.wikipedia.org

firefox.exe

Remote address:

8.8.8.8:53

Request

www.wikipedia.org

IN A

Response

www.wikipedia.org

IN CNAME

dyna.wikimedia.org

dyna.wikimedia.org

IN A

208.80.154.224
DNS

star-mini.c10r.facebook.com

firefox.exe

Remote address:

8.8.8.8:53

Request

star-mini.c10r.facebook.com

IN AAAA

Response

star-mini.c10r.facebook.com

IN AAAA

2a03:2880:f104:83:face:b00c:0:25de
DNS

youtube-ui.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube-ui.l.google.com

IN AAAA

Response

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:803::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:80f::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:811::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:80c::200e
DNS

dyna.wikimedia.org

firefox.exe

Remote address:

8.8.8.8:53

Request

dyna.wikimedia.org

IN A

Response

dyna.wikimedia.org

IN A

208.80.154.224
DNS

dyna.wikimedia.org

firefox.exe

Remote address:

8.8.8.8:53

Request

dyna.wikimedia.org

IN AAAA

Response

dyna.wikimedia.org

IN AAAA

2620:0:861:ed1a::1
DNS

www.reddit.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.reddit.com

IN A

Response

www.reddit.com

IN CNAME

reddit.map.fastly.net

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
DNS

twitter.com

firefox.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.129

twitter.com

IN A

104.244.42.193
DNS

twitter.com

firefox.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.65

twitter.com

IN A

104.244.42.129
DNS

twitter.com

firefox.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN AAAA

Response
DNS

reddit.map.fastly.net

firefox.exe

Remote address:

8.8.8.8:53

Request

reddit.map.fastly.net

IN A

Response

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
DNS

reddit.map.fastly.net

firefox.exe

Remote address:

8.8.8.8:53

Request

reddit.map.fastly.net

IN AAAA

Response
DNS

snippets.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

snippets.cdn.mozilla.net

IN A

Response

snippets.cdn.mozilla.net

IN CNAME

d228z91au11ukj.cloudfront.net

d228z91au11ukj.cloudfront.net

IN A

52.222.139.86

d228z91au11ukj.cloudfront.net

IN A

52.222.139.115

d228z91au11ukj.cloudfront.net

IN A

52.222.139.5

d228z91au11ukj.cloudfront.net

IN A

52.222.139.26
GET

https://snippets.cdn.mozilla.net/6/Firefox/75.0/20200403170909/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/

firefox.exe

Remote address:

52.222.139.86:443

Request

GET /6/Firefox/75.0/20200403170909/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/ HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 303 See Other

Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=86400
Date: Mon, 10 Oct 2022 01:22:19 GMT
Location: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Server: meinheld/1.0.2
X-Backend-Server: frankfurt/snippets-prod/snippets-prod-5574c9cf88-btd45
X-Cache: Hit from cloudfront
Via: 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS50-C1
X-Amz-Cf-Id: NEFIrud293IDpKgb6wnE45MrPr2mzOmm0SHX8ueHKLW1zM5A6gKdJA==
Age: 49438
GET

https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

firefox.exe

Remote address:

52.222.139.86:443

Request

GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
If-Modified-Since: Tue, 30 Aug 2022 17:30:37 GMT
If-None-Match: "141e029b12c2be2c06403fba76ca0b07"

Response

HTTP/1.1 304 Not Modified

Connection: keep-alive
Last-Modified: Tue, 30 Aug 2022 17:30:37 GMT
x-amz-expiration: expiry-date="Sun, 30 Oct 2022 00:00:00 GMT", rule-id="bundles"
x-amz-version-id: null
Server: AmazonS3
Date: Mon, 10 Oct 2022 14:58:35 GMT
Cache-Control: max-age=600
ETag: "141e029b12c2be2c06403fba76ca0b07"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 e286b474b1ba30ed08f54fc007fcfa08.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS50-C1
X-Amz-Cf-Id: RvVP7CJAR2fVn88QZ2YTj-w84PrsMPbZoiZdWrd5Fn7SzyKhLbtRrg==
Age: 463
DNS

d228z91au11ukj.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d228z91au11ukj.cloudfront.net

IN A

Response

d228z91au11ukj.cloudfront.net

IN A

52.222.139.86

d228z91au11ukj.cloudfront.net

IN A

52.222.139.26

d228z91au11ukj.cloudfront.net

IN A

52.222.139.115

d228z91au11ukj.cloudfront.net

IN A

52.222.139.5
DNS

d228z91au11ukj.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d228z91au11ukj.cloudfront.net

IN AAAA

Response
GET

https://snippets.cdn.mozilla.net/media/icons/d9d3d961-4c6b-415c-b640-9d77efb36e4c.png

firefox.exe

Remote address:

52.222.139.86:443

Request

GET /media/icons/d9d3d961-4c6b-415c-b640-9d77efb36e4c.png HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 736
Connection: keep-alive
Last-Modified: Wed, 26 Jun 2019 08:49:15 GMT
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Mon, 10 Oct 2022 07:25:10 GMT
ETag: "a8d570917279c861bfe592ce30020073"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 196da8dbede310a18cd917665afeaa22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS50-C1
X-Amz-Cf-Id: ASmt6o-pQ4pK0x1oNqaiNcpsS7SerfqdfJIj0j62WdtORYnIBIljYA==
Age: 27669
GET

https://snippets.cdn.mozilla.net/media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png

firefox.exe

Remote address:

52.222.139.86:443

Request

GET /media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 667
Connection: keep-alive
Date: Wed, 31 Aug 2022 02:07:12 GMT
Last-Modified: Tue, 12 May 2020 23:32:26 GMT
ETag: "a31e4364b3f7a3b3330d6f86bb120710"
Cache-Control: max-age=15552000
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 196da8dbede310a18cd917665afeaa22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS50-C1
X-Amz-Cf-Id: HRZSnlElCOyPkZFWiXfWFIDXEgx1Jnys6S39zRsu-oMF8L1tlz8zbA==
Age: 3502747
GET

https://ftp.onogost.com/

firefox.exe

Remote address:

185.99.1.126:443

Request

GET / HTTP/2.0
host: ftp.onogost.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
te: trailers

Response

HTTP/2.0 301

location: http://zoocentar.com/
content-length: 229
content-type: text/html; charset=iso-8859-1
date: Mon, 10 Oct 2022 15:06:31 GMT
server: Apache/2.4.54 (cPanel) OpenSSL/1.1.1q mod_bwlimited/1.4
DNS

ftp.onogost.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ftp.onogost.com

IN A

Response

ftp.onogost.com

IN A

185.99.1.126
DNS

ftp.onogost.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ftp.onogost.com

IN A

Response

ftp.onogost.com

IN A

185.99.1.126
DNS

zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

zoocentar.com

IN A

Response

zoocentar.com

IN A

144.76.87.11
GET

http://zoocentar.com/

firefox.exe

Remote address:

144.76.87.11:80

Request

GET / HTTP/1.1
Host: zoocentar.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 301 Moved Permanently

Content-Type: text/html; charset=UTF-8
Location: https://www.zoocentar.com/
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
Date: Mon, 10 Oct 2022 15:06:34 GMT
Content-Length: 149
DNS

zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

zoocentar.com

IN A

Response

zoocentar.com

IN A

144.76.87.11
DNS

zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

zoocentar.com

IN AAAA

Response
DNS

www.zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.zoocentar.com

IN A

Response

www.zoocentar.com

IN CNAME

zoocentar.com

zoocentar.com

IN A

144.76.87.11
DNS

a1887.dscq.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a1887.dscq.akamai.net

IN A

Response

a1887.dscq.akamai.net

IN A

96.16.53.165

a1887.dscq.akamai.net

IN A

96.16.53.142
DNS

a1887.dscq.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a1887.dscq.akamai.net

IN AAAA

Response

a1887.dscq.akamai.net

IN AAAA

2a02:26f0:6d00:1c::6010:358e

a1887.dscq.akamai.net

IN AAAA

2a02:26f0:6d00:1c::6010:35a5
DNS

www.zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.zoocentar.com

IN A

Response

www.zoocentar.com

IN CNAME

zoocentar.com

zoocentar.com

IN A

144.76.87.11
DNS

www.zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.zoocentar.com

IN A

Response

www.zoocentar.com

IN CNAME

zoocentar.com

zoocentar.com

IN A

144.76.87.11
DNS

pki-goog.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pki-goog.l.google.com

IN A

Response

pki-goog.l.google.com

IN A

142.251.36.35
DNS

pki-goog.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

pki-goog.l.google.com

IN AAAA

Response

pki-goog.l.google.com

IN AAAA

2a00:1450:400e:810::2003
DNS

connect.facebook.net

firefox.exe

Remote address:

8.8.8.8:53

Request

connect.facebook.net

IN A

Response

connect.facebook.net

IN CNAME

scontent.xx.fbcdn.net

scontent.xx.fbcdn.net

IN A

157.240.247.8
DNS

scontent.xx.fbcdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN A

Response

scontent.xx.fbcdn.net

IN A

31.13.83.4
DNS

scontent.xx.fbcdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

scontent.xx.fbcdn.net

IN AAAA

Response

scontent.xx.fbcdn.net

IN AAAA

2a03:2880:f004:8:face:b00c:0:1
DNS

www-alv.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www-alv.google-analytics.com

IN A

Response

www-alv.google-analytics.com

IN A

216.239.34.178

www-alv.google-analytics.com

IN A

216.239.32.178

www-alv.google-analytics.com

IN A

216.239.38.178

www-alv.google-analytics.com

IN A

216.239.36.178
DNS

www-alv.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www-alv.google-analytics.com

IN AAAA

Response

www-alv.google-analytics.com

IN AAAA

2001:4860:4802:38::178

www-alv.google-analytics.com

IN AAAA

2001:4860:4802:34::178

www-alv.google-analytics.com

IN AAAA

2001:4860:4802:32::178

www-alv.google-analytics.com

IN AAAA

2001:4860:4802:36::178
DNS

www.zoocentar.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.zoocentar.com

IN A

Response

www.zoocentar.com

IN CNAME

zoocentar.com

zoocentar.com

IN A

144.76.87.11
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

142.250.102.157

stats.g.doubleclick.net

IN A

142.250.102.155

stats.g.doubleclick.net

IN A

142.250.102.156

stats.g.doubleclick.net

IN A

142.250.102.154
POST

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&gjid=1916142875&_gid=1068630713.1665414399&_u=YEBAAUAAAAAAACAAI~&z=1576451192

firefox.exe

Remote address:

142.250.102.157:443

Request

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&gjid=1916142875&_gid=1068630713.1665414399&_u=YEBAAUAAAAAAACAAI~&z=1576451192 HTTP/2.0
host: stats.g.doubleclick.net
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.zoocentar.com/
content-type: text/plain
content-length: 0
origin: https://www.zoocentar.com
cache-control: max-age=0
te: trailers
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN A

Response

stats.g.doubleclick.net

IN A

142.250.102.154

stats.g.doubleclick.net

IN A

142.250.102.155

stats.g.doubleclick.net

IN A

142.250.102.157

stats.g.doubleclick.net

IN A

142.250.102.156
DNS

stats.g.doubleclick.net

firefox.exe

Remote address:

8.8.8.8:53

Request

stats.g.doubleclick.net

IN AAAA

Response

stats.g.doubleclick.net

IN AAAA

2a00:1450:4025:402::9b

stats.g.doubleclick.net

IN AAAA

2a00:1450:4025:402::9c

stats.g.doubleclick.net

IN AAAA

2a00:1450:4025:402::9a

stats.g.doubleclick.net

IN AAAA

2a00:1450:4025:402::9d
DNS

www.google.nl

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.nl

IN A

Response

www.google.nl

IN A

142.251.36.3
GET

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&_u=YEBAAUAAAAAAACAAI~&z=716721513

firefox.exe

Remote address:

142.251.36.3:443

Request

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&_u=YEBAAUAAAAAAACAAI~&z=716721513 HTTP/2.0
host: www.google.nl
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: image/webp,*/*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
referer: https://www.zoocentar.com/
te: trailers
DNS

www.google.nl

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.nl

IN A

Response

www.google.nl

IN A

142.251.36.3
DNS

www.google.nl

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.nl

IN AAAA

Response

www.google.nl

IN AAAA

2a00:1450:400e:80f::2003
POST

http://ocsp.pki.goog/gts1c3

firefox.exe

Remote address:

142.251.36.35:80

Request

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: application/ocsp-response
Date: Mon, 10 Oct 2022 15:06:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

127.0.0.1:49161

firefox.exe
127.0.0.1:49163

firefox.exe
34.102.187.140:443

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main

tls, http2

firefox.exe

1.9kB
6.4kB
15
19

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main
185.99.1.126:443

ftp.onogost.com

tls

firefox.exe

955 B
6.7kB
9
9
34.160.46.54:443

https://search.services.mozilla.com/1/firefox/75.0/release/en-US/IE/default/default/nov17-1

tls, http2

firefox.exe

1.7kB
6.3kB
14
15

HTTP Request

GET https://search.services.mozilla.com/1/firefox/75.0/release/en-US/IE/default/default/nov17-1
35.163.90.214:443

shavar.services.mozilla.com

tls

firefox.exe

2.2kB
4.1kB
9
9
34.160.144.191:443

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

tls, http2

firefox.exe

1.7kB
11.6kB
14
16

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
35.162.217.251:443

push.services.mozilla.com

tls

firefox.exe

1.7kB
4.4kB
9
9
127.0.0.1:49171

firefox.exe
52.222.139.86:443

https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

tls, http

firefox.exe

1.9kB
6.5kB
11
14

HTTP Request

GET https://snippets.cdn.mozilla.net/6/Firefox/75.0/20200403170909/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/

HTTP Response

303

HTTP Request

GET https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

HTTP Response

304
52.222.139.86:443

https://snippets.cdn.mozilla.net/media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png

tls, http

firefox.exe

1.7kB
8.4kB
11
14

HTTP Request

GET https://snippets.cdn.mozilla.net/media/icons/d9d3d961-4c6b-415c-b640-9d77efb36e4c.png

HTTP Response

200

HTTP Request

GET https://snippets.cdn.mozilla.net/media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png

HTTP Response

200
185.99.1.126:443

https://ftp.onogost.com/

tls, http2

firefox.exe

1.8kB
7.1kB
17
20

HTTP Request

GET https://ftp.onogost.com/

HTTP Response

301
144.76.87.11:80

http://zoocentar.com/

http

firefox.exe

523 B
930 B
4
3

HTTP Request

GET http://zoocentar.com/

HTTP Response

301
144.76.87.11:443

www.zoocentar.com

tls

firefox.exe

76.1kB
2.5MB
938
1787
144.76.87.11:443

www.zoocentar.com

tls

firefox.exe

17.3kB
618.4kB
241
452
144.76.87.11:443

www.zoocentar.com

tls

firefox.exe

6.8kB
107.2kB
51
81
144.76.87.11:443

www.zoocentar.com

tls

firefox.exe

7.3kB
188.9kB
77
143
144.76.87.11:443

www.zoocentar.com

tls

firefox.exe

6.6kB
177.3kB
76
132
144.76.87.11:443

www.zoocentar.com

tls

firefox.exe

21.4kB
803.5kB
311
586
157.240.247.8:443

connect.facebook.net

tls

firefox.exe

5.9kB
217.5kB
101
186
157.240.247.8:443

connect.facebook.net

tls

firefox.exe

1.2kB
3.7kB
10
8
142.250.102.157:443

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&gjid=1916142875&_gid=1068630713.1665414399&_u=YEBAAUAAAAAAACAAI~&z=1576451192

tls, http2

firefox.exe

1.8kB
5.7kB
13
14

HTTP Request

POST https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&gjid=1916142875&_gid=1068630713.1665414399&_u=YEBAAUAAAAAAACAAI~&z=1576451192
142.251.36.3:443

https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&_u=YEBAAUAAAAAAACAAI~&z=716721513

tls, http2

firefox.exe

1.7kB
6.2kB
12
15

HTTP Request

GET https://www.google.nl/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-129578127-1&cid=1570892619.1665414399&jid=665491733&_u=YEBAAUAAAAAAACAAI~&z=716721513
142.251.36.35:80

http://ocsp.pki.goog/gts1c3

http

firefox.exe

572 B
1.6kB
4
4

HTTP Request

POST http://ocsp.pki.goog/gts1c3

HTTP Response

200
157.240.247.35:443

www.facebook.com

tls

firefox.exe

6.0kB
4.7kB
16
17

8.8.8.8:53

ftp.onogost.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

ftp.onogost.com

DNS Response

185.99.1.126
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.102.187.140
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
99 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.102.187.140
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
167 B
1
1

DNS Request

firefox.settings.services.mozilla.com
8.8.8.8:53

ftp.onogost.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

ftp.onogost.com

DNS Response

185.99.1.126
8.8.8.8:53

cs9.wac.phicdn.net

dns

firefox.exe

64 B
80 B
1
1

DNS Request

cs9.wac.phicdn.net

DNS Response

72.21.91.29
8.8.8.8:53

cs9.wac.phicdn.net

dns

firefox.exe

64 B
132 B
1
1

DNS Request

cs9.wac.phicdn.net
8.8.8.8:53

ftp.onogost.com

dns

firefox.exe

61 B
128 B
1
1

DNS Request

ftp.onogost.com
8.8.8.8:53

ocsp.comodoca.com.cdn.cloudflare.net

dns

firefox.exe

82 B
114 B
1
1

DNS Request

ocsp.comodoca.com.cdn.cloudflare.net

DNS Response

104.18.32.68

172.64.155.188
8.8.8.8:53

ocsp.comodoca.com.cdn.cloudflare.net

dns

firefox.exe

82 B
138 B
1
1

DNS Request

ocsp.comodoca.com.cdn.cloudflare.net

DNS Response

2606:4700:4400::ac40:9bbc

2606:4700:4400::6812:2044
8.8.8.8:53

search.services.mozilla.com

dns

firefox.exe

73 B
116 B
1
1

DNS Request

search.services.mozilla.com

DNS Response

34.160.46.54
8.8.8.8:53

search.r53-2.services.mozilla.com

dns

firefox.exe

79 B
95 B
1
1

DNS Request

search.r53-2.services.mozilla.com

DNS Response

34.160.46.54
8.8.8.8:53

search.r53-2.services.mozilla.com

dns

firefox.exe

79 B
161 B
1
1

DNS Request

search.r53-2.services.mozilla.com
8.8.8.8:53

a1887.dscq.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a1887.dscq.akamai.net

DNS Response

96.16.53.165

96.16.53.142
8.8.8.8:53

a1887.dscq.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a1887.dscq.akamai.net

DNS Response

2a02:26f0:6d00:1c::6010:358e

2a02:26f0:6d00:1c::6010:35a5
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
205 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

35.163.90.214

52.88.11.165

52.36.92.75

34.215.6.110

52.35.225.239

35.82.2.166
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
164 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

35.163.90.214

35.82.2.166

34.215.6.110

52.88.11.165

52.36.92.75

52.35.225.239
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

35.162.217.251
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

54.191.251.76
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

support.mozilla.org

dns

firefox.exe

65 B
151 B
1
1

DNS Request

support.mozilla.org

DNS Response

54.203.119.212

54.149.98.205

44.240.61.77
8.8.8.8:53

www.facebook.com

dns

firefox.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

star-mini.c10r.facebook.com

dns

firefox.exe

73 B
89 B
1
1

DNS Request

star-mini.c10r.facebook.com

DNS Response

31.13.83.36
8.8.8.8:53

prod-tp.sumo.mozit.cloud

dns

firefox.exe

70 B
118 B
1
1

DNS Request

prod-tp.sumo.mozit.cloud

DNS Response

44.240.61.77

54.149.98.205

54.203.119.212
8.8.8.8:53

youtube-ui.l.google.com

dns

firefox.exe

69 B
213 B
1
1

DNS Request

youtube-ui.l.google.com

DNS Response

142.250.179.206

142.251.36.14

142.251.39.110

172.217.168.206

216.58.208.110

142.250.179.142

142.251.36.46

172.217.168.238

142.250.179.174
8.8.8.8:53

prod-tp.sumo.mozit.cloud

dns

firefox.exe

70 B
155 B
1
1

DNS Request

prod-tp.sumo.mozit.cloud
8.8.8.8:53

www.wikipedia.org

dns

firefox.exe

63 B
108 B
1
1

DNS Request

www.wikipedia.org

DNS Response

208.80.154.224
8.8.8.8:53

star-mini.c10r.facebook.com

dns

firefox.exe

73 B
101 B
1
1

DNS Request

star-mini.c10r.facebook.com

DNS Response

2a03:2880:f104:83:face:b00c:0:25de
8.8.8.8:53

youtube-ui.l.google.com

dns

firefox.exe

69 B
181 B
1
1

DNS Request

youtube-ui.l.google.com

DNS Response

2a00:1450:400e:803::200e

2a00:1450:400e:80f::200e

2a00:1450:400e:811::200e

2a00:1450:400e:80c::200e
8.8.8.8:53

dyna.wikimedia.org

dns

firefox.exe

64 B
80 B
1
1

DNS Request

dyna.wikimedia.org

DNS Response

208.80.154.224
8.8.8.8:53

dyna.wikimedia.org

dns

firefox.exe

64 B
92 B
1
1

DNS Request

dyna.wikimedia.org

DNS Response

2620:0:861:ed1a::1
8.8.8.8:53

www.reddit.com

dns

firefox.exe

60 B
159 B
1
1

DNS Request

www.reddit.com

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

twitter.com

dns

firefox.exe

57 B
89 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.129

104.244.42.193
8.8.8.8:53

twitter.com

dns

firefox.exe

57 B
89 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.65

104.244.42.129
8.8.8.8:53

twitter.com

dns

firefox.exe

57 B
129 B
1
1

DNS Request

twitter.com
8.8.8.8:53

reddit.map.fastly.net

dns

firefox.exe

67 B
131 B
1
1

DNS Request

reddit.map.fastly.net

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

reddit.map.fastly.net

dns

firefox.exe

67 B
128 B
1
1

DNS Request

reddit.map.fastly.net
8.8.8.8:53

snippets.cdn.mozilla.net

dns

firefox.exe

70 B
174 B
1
1

DNS Request

snippets.cdn.mozilla.net

DNS Response

52.222.139.86

52.222.139.115

52.222.139.5

52.222.139.26
8.8.8.8:53

d228z91au11ukj.cloudfront.net

dns

firefox.exe

75 B
139 B
1
1

DNS Request

d228z91au11ukj.cloudfront.net

DNS Response

52.222.139.86

52.222.139.26

52.222.139.115

52.222.139.5
8.8.8.8:53

d228z91au11ukj.cloudfront.net

dns

firefox.exe

75 B
156 B
1
1

DNS Request

d228z91au11ukj.cloudfront.net
8.8.8.8:53

ftp.onogost.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

ftp.onogost.com

DNS Response

185.99.1.126
8.8.8.8:53

ftp.onogost.com

dns

firefox.exe

61 B
77 B
1
1

DNS Request

ftp.onogost.com

DNS Response

185.99.1.126
8.8.8.8:53

zoocentar.com

dns

firefox.exe

59 B
75 B
1
1

DNS Request

zoocentar.com

DNS Response

144.76.87.11
8.8.8.8:53

zoocentar.com

dns

firefox.exe

59 B
75 B
1
1

DNS Request

zoocentar.com

DNS Response

144.76.87.11
8.8.8.8:53

zoocentar.com

dns

firefox.exe

59 B
114 B
1
1

DNS Request

zoocentar.com
8.8.8.8:53

www.zoocentar.com

dns

firefox.exe

63 B
93 B
1
1

DNS Request

www.zoocentar.com

DNS Response

144.76.87.11
8.8.8.8:53

a1887.dscq.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a1887.dscq.akamai.net

DNS Response

96.16.53.165

96.16.53.142
8.8.8.8:53

a1887.dscq.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a1887.dscq.akamai.net

DNS Response

2a02:26f0:6d00:1c::6010:358e

2a02:26f0:6d00:1c::6010:35a5
8.8.8.8:53

www.zoocentar.com

dns

firefox.exe

126 B
186 B
2
2

DNS Request

www.zoocentar.com

DNS Request

www.zoocentar.com

DNS Response

144.76.87.11

DNS Response

144.76.87.11
8.8.8.8:53

pki-goog.l.google.com

dns

firefox.exe

67 B
83 B
1
1

DNS Request

pki-goog.l.google.com

DNS Response

142.251.36.35
8.8.8.8:53

pki-goog.l.google.com

dns

firefox.exe

67 B
95 B
1
1

DNS Request

pki-goog.l.google.com

DNS Response

2a00:1450:400e:810::2003
8.8.8.8:53

connect.facebook.net

dns

firefox.exe

66 B
114 B
1
1

DNS Request

connect.facebook.net

DNS Response

157.240.247.8
8.8.8.8:53

scontent.xx.fbcdn.net

dns

firefox.exe

67 B
83 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

31.13.83.4
8.8.8.8:53

scontent.xx.fbcdn.net

dns

firefox.exe

67 B
95 B
1
1

DNS Request

scontent.xx.fbcdn.net

DNS Response

2a03:2880:f004:8:face:b00c:0:1
8.8.8.8:53

www-alv.google-analytics.com

dns

firefox.exe

74 B
138 B
1
1

DNS Request

www-alv.google-analytics.com

DNS Response

216.239.34.178

216.239.32.178

216.239.38.178

216.239.36.178
8.8.8.8:53

www-alv.google-analytics.com

dns

firefox.exe

74 B
186 B
1
1

DNS Request

www-alv.google-analytics.com

DNS Response

2001:4860:4802:38::178

2001:4860:4802:34::178

2001:4860:4802:32::178

2001:4860:4802:36::178
8.8.8.8:53

www.zoocentar.com

dns

firefox.exe

63 B
93 B
1
1

DNS Request

www.zoocentar.com

DNS Response

144.76.87.11
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

142.250.102.157

142.250.102.155

142.250.102.156

142.250.102.154
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

69 B
133 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

142.250.102.154

142.250.102.155

142.250.102.157

142.250.102.156
8.8.8.8:53

stats.g.doubleclick.net

dns

firefox.exe

69 B
181 B
1
1

DNS Request

stats.g.doubleclick.net

DNS Response

2a00:1450:4025:402::9b

2a00:1450:4025:402::9c

2a00:1450:4025:402::9a

2a00:1450:4025:402::9d
8.8.8.8:53

www.google.nl

dns

firefox.exe

59 B
75 B
1
1

DNS Request

www.google.nl

DNS Response

142.251.36.3
8.8.8.8:53

www.google.nl

dns

firefox.exe

59 B
75 B
1
1

DNS Request

www.google.nl

DNS Response

142.251.36.3
8.8.8.8:53

www.google.nl

dns

firefox.exe

59 B
87 B
1
1

DNS Request

www.google.nl

DNS Response

2a00:1450:400e:80f::2003

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request