hxxp://amat[.]lublin[.]pl

Analysis

max time kernel
294s
max time network
229s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 22:31 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://amat.lublin.pl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1048	firefox.exe
Token: SeDebugPrivilege	1048	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1048	firefox.exe
1048	firefox.exe
1048	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1928 wrote to memory of 1048	1928	firefox.exe	27
PID 1048 wrote to memory of 1768	1048	firefox.exe	29
PID 1048 wrote to memory of 1768	1048	firefox.exe	29
PID 1048 wrote to memory of 1768	1048	firefox.exe	29
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 424	1048	firefox.exe	30
PID 1048 wrote to memory of 1716	1048	firefox.exe	31
PID 1048 wrote to memory of 1716	1048	firefox.exe	31
PID 1048 wrote to memory of 1716	1048	firefox.exe	31
PID 1048 wrote to memory of 1716	1048	firefox.exe	31
PID 1048 wrote to memory of 1716	1048	firefox.exe	31
PID 1048 wrote to memory of 1716	1048	firefox.exe	31
PID 1048 wrote to memory of 1716	1048	firefox.exe	31

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" http://amat.lublin.pl
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" http://amat.lublin.pl
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.0.1913909934\1638785024" -parentBuildID 20200403170909 -prefsHandle 1180 -prefMapHandle 1172 -prefsLen 1 -prefMapSize 220106 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 1256 gpu
    3⤵
    PID:1768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.3.15928654\1499285127" -childID 1 -isForBrowser -prefsHandle 1784 -prefMapHandle 1780 -prefsLen 156 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 1072 tab
    3⤵
    PID:424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1048.13.863165232\558155427" -childID 2 -isForBrowser -prefsHandle 2768 -prefMapHandle 2764 -prefsLen 6938 -prefMapSize 220106 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1048 "\\.\pipe\gecko-crash-server-pipe.1048" 2780 tab
    3⤵
    PID:1716

Network

DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN A

Response

amat.lublin.pl

IN A

193.239.44.226
GET

http://amat.lublin.pl/

firefox.exe

Remote address:

193.239.44.226:80

Request

GET / HTTP/1.1
Host: amat.lublin.pl
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 20 Oct 2022 22:32:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60bdf2b5-127cb"
Content-Encoding: gzip
DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN A

Response

amat.lublin.pl

IN A

193.239.44.226
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

65.9.86.68

firefox.settings.services.mozilla.com

IN A

65.9.86.116

firefox.settings.services.mozilla.com

IN A

65.9.86.127

firefox.settings.services.mozilla.com

IN A

65.9.86.94
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists

firefox.exe

Remote address:

65.9.86.68:443

Request

GET /v1/buckets/main/collections/hijack-blocklists HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: application/json
Content-Length: 681
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Pragma, Content-Length, Content-Type, ETag, Retry-After, Cache-Control, Last-Modified, Backoff, Expires
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Wed, 19 Oct 2022 16:36:56 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Thu, 20 Oct 2022 21:34:13 GMT
Expires: Thu, 20 Oct 2022 21:56:55 GMT
ETag: "1666197416572"
X-Cache: Hit from cloudfront
Via: 1.1 2bf8812c27f5e451eba4aef5c1aff6ae.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: eW-EGUVVKXO5VYjK_7kDkgyZs3x-EsaV-f3w_5djz2LFNzfWA_NXxg==
Age: 3506
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main

firefox.exe

Remote address:

65.9.86.68:443

Request

GET /v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
If-Modified-Since: Fri, 12 Aug 2022 06:57:12 GMT
If-None-Match: "1660287432834"

Response

HTTP/1.1 200 OK

Content-Type: application/json
Content-Length: 11
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, ETag, Retry-After, Cache-Control, Alert, Expires, Pragma, Content-Type, Backoff, Next-Page, Last-Modified
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Thu, 20 Oct 2022 21:55:04 GMT
ETag: "1666294841996"
Expires: Thu, 20 Oct 2022 22:40:49 GMT
Last-Modified: Thu, 20 Oct 2022 19:40:41 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 2bf8812c27f5e451eba4aef5c1aff6ae.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-C1
X-Amz-Cf-Id: ksZUh2F3oADrJBeB2DD_DcZkk0LgO84G2CcvLrwbJ54J2HNR2A4MjQ==
Age: 2258
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN A

18.65.39.94

firefox.settings.services.mozilla.com

IN A

18.65.39.100

firefox.settings.services.mozilla.com

IN A

18.65.39.101

firefox.settings.services.mozilla.com

IN A

18.65.39.69
DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN AAAA
DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN AAAA
DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN AAAA
DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN AAAA
DNS

amat.lublin.pl

firefox.exe

Remote address:

8.8.8.8:53

Request

amat.lublin.pl

IN AAAA
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN AAAA

Response
DNS

search.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.services.mozilla.com

IN A

Response

search.services.mozilla.com

IN CNAME

search.r53-2.services.mozilla.com

search.r53-2.services.mozilla.com

IN A

34.160.46.54
GET

https://search.services.mozilla.com/1/firefox/75.0/release/en-US/IE/default/default/nov17-1

firefox.exe

Remote address:

34.160.46.54:443

Request

GET /1/firefox/75.0/release/en-US/IE/default/default/nov17-1 HTTP/2.0
host: search.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
te: trailers
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN A
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN A
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN A
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN A
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN A
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

52.36.92.75

shavar.prod.mozaws.net

IN A

35.82.2.166

shavar.prod.mozaws.net

IN A

35.163.90.214

shavar.prod.mozaws.net

IN A

34.215.6.110

shavar.prod.mozaws.net

IN A

52.88.11.165

shavar.prod.mozaws.net

IN A

52.35.225.239
GET

http://amat.lublin.pl/favicon.ico

firefox.exe

Remote address:

193.239.44.226:80

Request

GET /favicon.ico HTTP/1.1
Host: amat.lublin.pl
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 404 Not Found

Server: nginx
Date: Thu, 20 Oct 2022 22:32:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"60bdf2b5-127cb"
Content-Encoding: gzip
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

35.82.2.166

shavar.prod.mozaws.net

IN A

52.35.225.239

shavar.prod.mozaws.net

IN A

34.215.6.110

shavar.prod.mozaws.net

IN A

52.36.92.75

shavar.prod.mozaws.net

IN A

35.163.90.214

shavar.prod.mozaws.net

IN A

52.88.11.165
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
GET

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
te: trailers
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

a1887.dscq.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a1887.dscq.akamai.net

IN A

Response

a1887.dscq.akamai.net

IN A

96.16.53.142

a1887.dscq.akamai.net

IN A

96.16.53.165
DNS

a1887.dscq.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a1887.dscq.akamai.net

IN AAAA

Response

a1887.dscq.akamai.net

IN AAAA

2a02:26f0:6d00:1c::6010:35a5

a1887.dscq.akamai.net

IN AAAA

2a02:26f0:6d00:1c::6010:358e
DNS

cs9.wac.phicdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cs9.wac.phicdn.net

IN A

Response

cs9.wac.phicdn.net

IN A

72.21.91.29
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

52.39.57.61
DNS

cs9.wac.phicdn.net

firefox.exe

Remote address:

8.8.8.8:53

Request

cs9.wac.phicdn.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.216.192.228
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
DNS

youtube-ui.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube-ui.l.google.com

IN A

Response

youtube-ui.l.google.com

IN A

172.217.168.238

youtube-ui.l.google.com

IN A

142.250.179.174

youtube-ui.l.google.com

IN A

142.250.179.206

youtube-ui.l.google.com

IN A

142.251.36.14

youtube-ui.l.google.com

IN A

142.251.39.110

youtube-ui.l.google.com

IN A

172.217.168.206

youtube-ui.l.google.com

IN A

216.58.208.110

youtube-ui.l.google.com

IN A

216.58.214.14

youtube-ui.l.google.com

IN A

142.250.179.142

youtube-ui.l.google.com

IN A

142.251.36.46
DNS

youtube-ui.l.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

youtube-ui.l.google.com

IN AAAA

Response

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:80d::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:802::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:803::200e

youtube-ui.l.google.com

IN AAAA

2a00:1450:400e:80f::200e
DNS

www.facebook.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.facebook.com

IN A

Response

www.facebook.com

IN CNAME

star-mini.c10r.facebook.com

star-mini.c10r.facebook.com

IN A

157.240.247.35
DNS

star-mini.c10r.facebook.com

firefox.exe

Remote address:

8.8.8.8:53

Request

star-mini.c10r.facebook.com

IN A

Response

star-mini.c10r.facebook.com

IN A

157.240.24.35
DNS

star-mini.c10r.facebook.com

firefox.exe

Remote address:

8.8.8.8:53

Request

star-mini.c10r.facebook.com

IN AAAA

Response

star-mini.c10r.facebook.com

IN AAAA

2a03:2880:f162:81:face:b00c:0:25de
DNS

www.wikipedia.org

firefox.exe

Remote address:

8.8.8.8:53

Request

www.wikipedia.org

IN A

Response

www.wikipedia.org

IN CNAME

dyna.wikimedia.org

dyna.wikimedia.org

IN A

208.80.154.224
DNS

dyna.wikimedia.org

firefox.exe

Remote address:

8.8.8.8:53

Request

dyna.wikimedia.org

IN A

Response

dyna.wikimedia.org

IN A

208.80.154.224
DNS

dyna.wikimedia.org

firefox.exe

Remote address:

8.8.8.8:53

Request

dyna.wikimedia.org

IN AAAA

Response

dyna.wikimedia.org

IN AAAA

2620:0:861:ed1a::1
DNS

www.reddit.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.reddit.com

IN A

Response

www.reddit.com

IN CNAME

reddit.map.fastly.net

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
DNS

reddit.map.fastly.net

firefox.exe

Remote address:

8.8.8.8:53

Request

reddit.map.fastly.net

IN A

Response

reddit.map.fastly.net

IN A

151.101.1.140

reddit.map.fastly.net

IN A

151.101.65.140

reddit.map.fastly.net

IN A

151.101.129.140

reddit.map.fastly.net

IN A

151.101.193.140
DNS

reddit.map.fastly.net

firefox.exe

Remote address:

8.8.8.8:53

Request

reddit.map.fastly.net

IN AAAA

Response
DNS

twitter.com

firefox.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.1

twitter.com

IN A

104.244.42.129
DNS

twitter.com

firefox.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN A

Response

twitter.com

IN A

104.244.42.1

twitter.com

IN A

104.244.42.65
DNS

twitter.com

firefox.exe

Remote address:

8.8.8.8:53

Request

twitter.com

IN AAAA

Response
DNS

snippets.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

snippets.cdn.mozilla.net

IN A

Response

snippets.cdn.mozilla.net

IN CNAME

d228z91au11ukj.cloudfront.net

d228z91au11ukj.cloudfront.net

IN A

18.65.39.48

d228z91au11ukj.cloudfront.net

IN A

18.65.39.44

d228z91au11ukj.cloudfront.net

IN A

18.65.39.50

d228z91au11ukj.cloudfront.net

IN A

18.65.39.121
GET

https://snippets.cdn.mozilla.net/6/Firefox/75.0/20200403170909/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/

firefox.exe

Remote address:

18.65.39.48:443

Request

GET /6/Firefox/75.0/20200403170909/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/ HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 303 See Other

Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: public, max-age=86400
Date: Thu, 20 Oct 2022 01:36:47 GMT
Location: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Server: meinheld/1.0.2
X-Backend-Server: frankfurt/snippets-prod/snippets-prod-5574c9cf88-wws8w
X-Cache: Hit from cloudfront
Via: 1.1 f988dd3b17063c59f8b85ce38102305c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: Qlmiq4WkS47A3csZhuMi0pF_KUHGrIpzavWai__ChH6d1QLrMx41yA==
Age: 75357
GET

https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

firefox.exe

Remote address:

18.65.39.48:443

Request

GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
If-Modified-Since: Mon, 25 Jul 2022 18:00:54 GMT
If-None-Match: "13ade98d743e520d0e58f3b5fdc88d34"

Response

HTTP/1.1 200 OK

Content-Type: application/json
Content-Length: 6889
Connection: keep-alive
Last-Modified: Tue, 30 Aug 2022 17:30:37 GMT
x-amz-expiration: expiry-date="Sun, 30 Oct 2022 00:00:00 GMT", rule-id="bundles"
Content-Encoding: br
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
Date: Thu, 20 Oct 2022 22:27:39 GMT
Cache-Control: max-age=600
ETag: "141e029b12c2be2c06403fba76ca0b07"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 f988dd3b17063c59f8b85ce38102305c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: 56V5Cw7Fkptx6brNci8VlkskfS5EZJQ7YKqwTLkfoZ4s_qeOgM3Zfg==
Age: 306
DNS

d228z91au11ukj.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d228z91au11ukj.cloudfront.net

IN A

Response

d228z91au11ukj.cloudfront.net

IN A

18.65.39.48

d228z91au11ukj.cloudfront.net

IN A

18.65.39.50

d228z91au11ukj.cloudfront.net

IN A

18.65.39.44

d228z91au11ukj.cloudfront.net

IN A

18.65.39.121
DNS

d228z91au11ukj.cloudfront.net

firefox.exe

Remote address:

8.8.8.8:53

Request

d228z91au11ukj.cloudfront.net

IN AAAA

Response
GET

https://snippets.cdn.mozilla.net/media/icons/cbfa4c2a-fa81-483f-b027-37934466e18e.png

firefox.exe

Remote address:

18.65.39.48:443

Request

GET /media/icons/cbfa4c2a-fa81-483f-b027-37934466e18e.png HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 8960
Connection: keep-alive
Date: Fri, 02 Sep 2022 02:13:42 GMT
Last-Modified: Thu, 14 May 2020 22:35:36 GMT
ETag: "63236da5ac5841b3e3193737745e8772"
Cache-Control: max-age=15552000
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 1a89beee9d72657437f5e91f57220804.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: AeSSCc7ULZ2uObx6WhIWoZhWHPmy1IYLrFbvqbsqRO5retiz0swtqg==
Age: 4220344
GET

https://snippets.cdn.mozilla.net/media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png

firefox.exe

Remote address:

18.65.39.48:443

Request

GET /media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png HTTP/1.1
Host: snippets.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0
Accept: image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive

Response

HTTP/1.1 200 OK

Content-Type: image/png
Content-Length: 667
Connection: keep-alive
Date: Wed, 31 Aug 2022 02:07:12 GMT
Last-Modified: Tue, 12 May 2020 23:32:26 GMT
ETag: "a31e4364b3f7a3b3330d6f86bb120710"
Cache-Control: max-age=15552000
x-amz-version-id: null
Accept-Ranges: bytes
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 f5d6b2021b5a22554c0e7f5b20207324.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: AMS1-P1
X-Amz-Cf-Id: co8if05ClzLAgm_8h_Eyh4e6RNMn8-buUv1vUFU5TQ9DNrRbvtOFeA==
Age: 4393534
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A

Response

support.mozilla.org

IN CNAME

prod-tp.sumo.mozit.cloud

prod-tp.sumo.mozit.cloud

IN A

54.203.119.212

prod-tp.sumo.mozit.cloud

IN A

54.149.98.205

prod-tp.sumo.mozit.cloud

IN A

44.228.117.96
DNS

prod-tp.sumo.mozit.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

prod-tp.sumo.mozit.cloud

IN A

Response

prod-tp.sumo.mozit.cloud

IN A

44.228.117.96

prod-tp.sumo.mozit.cloud

IN A

54.149.98.205

prod-tp.sumo.mozit.cloud

IN A

54.203.119.212
DNS

prod-tp.sumo.mozit.cloud

firefox.exe

Remote address:

8.8.8.8:53

Request

prod-tp.sumo.mozit.cloud

IN AAAA

Response
DNS

search.r53-2.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

search.r53-2.services.mozilla.com

IN AAAA

Response

127.0.0.1:49161

firefox.exe
127.0.0.1:49163

firefox.exe
193.239.44.226:80

http://amat.lublin.pl/

http

firefox.exe

2.2kB
53.1kB
37
42

HTTP Request

GET http://amat.lublin.pl/

HTTP Response

404
193.239.44.226:80

amat.lublin.pl

firefox.exe

190 B
92 B
4
2
65.9.86.68:443

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main

tls, http

firefox.exe

2.6kB
9.3kB
25
28

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/hijack-blocklists

HTTP Response

200

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/records?collection=cfr-fxa&bucket=main

HTTP Response

200
34.160.46.54:443

https://search.services.mozilla.com/1/firefox/75.0/release/en-US/IE/default/default/nov17-1

tls, http2

firefox.exe

2.1kB
6.8kB
21
23

HTTP Request

GET https://search.services.mozilla.com/1/firefox/75.0/release/en-US/IE/default/default/nov17-1
193.239.44.226:80

http://amat.lublin.pl/favicon.ico

http

firefox.exe

1.9kB
53.1kB
33
42

HTTP Request

GET http://amat.lublin.pl/favicon.ico

HTTP Response

404
52.36.92.75:443

shavar.services.mozilla.com

tls

firefox.exe

2.5kB
4.7kB
15
16
34.160.144.191:443

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain

tls, http2

firefox.exe

2.2kB
12.1kB
22
25

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
52.39.57.61:443

push.services.mozilla.com

tls

firefox.exe

1.7kB
4.4kB
9
9
127.0.0.1:49169

firefox.exe
18.65.39.48:443

https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

tls, http

firefox.exe

2.5kB
13.6kB
24
29

HTTP Request

GET https://snippets.cdn.mozilla.net/6/Firefox/75.0/20200403170909/WINNT_x86_64-msvc/en-US/release/Windows_NT%206.1/default/default/

HTTP Response

303

HTTP Request

GET https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json

HTTP Response

200
18.65.39.48:443

https://snippets.cdn.mozilla.net/media/icons/cbfa4c2a-fa81-483f-b027-37934466e18e.png

tls, http

firefox.exe

2.0kB
14.9kB
23
27

HTTP Request

GET https://snippets.cdn.mozilla.net/media/icons/cbfa4c2a-fa81-483f-b027-37934466e18e.png

HTTP Response

200
18.65.39.48:443

https://snippets.cdn.mozilla.net/media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png

tls, http

firefox.exe

1.8kB
6.4kB
20
22

HTTP Request

GET https://snippets.cdn.mozilla.net/media/icons/094b0707-ab65-4b2e-99a1-a84122b6ab26.png

HTTP Response

200

8.8.8.8:53

amat.lublin.pl

dns

firefox.exe

60 B
76 B
1
1

DNS Request

amat.lublin.pl

DNS Response

193.239.44.226
8.8.8.8:53

amat.lublin.pl

dns

firefox.exe

60 B
76 B
1
1

DNS Request

amat.lublin.pl

DNS Response

193.239.44.226
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
147 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

65.9.86.68

65.9.86.116

65.9.86.127

65.9.86.94
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
147 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

18.65.39.94

18.65.39.100

18.65.39.101

18.65.39.69
8.8.8.8:53

amat.lublin.pl

dns

firefox.exe

300 B
5

DNS Request

amat.lublin.pl

DNS Request

amat.lublin.pl

DNS Request

amat.lublin.pl

DNS Request

amat.lublin.pl

DNS Request

amat.lublin.pl
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
167 B
1
1

DNS Request

firefox.settings.services.mozilla.com
8.8.8.8:53

search.services.mozilla.com

dns

firefox.exe

73 B
116 B
1
1

DNS Request

search.services.mozilla.com

DNS Response

34.160.46.54
8.8.8.8:53

search.r53-2.services.mozilla.com

dns

firefox.exe

395 B
5

DNS Request

search.r53-2.services.mozilla.com

DNS Request

search.r53-2.services.mozilla.com

DNS Request

search.r53-2.services.mozilla.com

DNS Request

search.r53-2.services.mozilla.com

DNS Request

search.r53-2.services.mozilla.com
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
205 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

52.36.92.75

35.82.2.166

35.163.90.214

34.215.6.110

52.88.11.165

52.35.225.239
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
164 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

35.82.2.166

52.35.225.239

34.215.6.110

52.36.92.75

35.163.90.214

52.88.11.165
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

a1887.dscq.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a1887.dscq.akamai.net

DNS Response

96.16.53.142

96.16.53.165
8.8.8.8:53

a1887.dscq.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a1887.dscq.akamai.net

DNS Response

2a02:26f0:6d00:1c::6010:35a5

2a02:26f0:6d00:1c::6010:358e
8.8.8.8:53

cs9.wac.phicdn.net

dns

firefox.exe

64 B
80 B
1
1

DNS Request

cs9.wac.phicdn.net

DNS Response

72.21.91.29
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

52.39.57.61
8.8.8.8:53

cs9.wac.phicdn.net

dns

firefox.exe

64 B
132 B
1
1

DNS Request

cs9.wac.phicdn.net
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.216.192.228
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

youtube-ui.l.google.com

dns

firefox.exe

69 B
229 B
1
1

DNS Request

youtube-ui.l.google.com

DNS Response

172.217.168.238

142.250.179.174

142.250.179.206

142.251.36.14

142.251.39.110

172.217.168.206

216.58.208.110

216.58.214.14

142.250.179.142

142.251.36.46
8.8.8.8:53

youtube-ui.l.google.com

dns

firefox.exe

69 B
181 B
1
1

DNS Request

youtube-ui.l.google.com

DNS Response

2a00:1450:400e:80d::200e

2a00:1450:400e:802::200e

2a00:1450:400e:803::200e

2a00:1450:400e:80f::200e
8.8.8.8:53

www.facebook.com

dns

firefox.exe

62 B
107 B
1
1

DNS Request

www.facebook.com

DNS Response

157.240.247.35
8.8.8.8:53

star-mini.c10r.facebook.com

dns

firefox.exe

73 B
89 B
1
1

DNS Request

star-mini.c10r.facebook.com

DNS Response

157.240.24.35
8.8.8.8:53

star-mini.c10r.facebook.com

dns

firefox.exe

73 B
101 B
1
1

DNS Request

star-mini.c10r.facebook.com

DNS Response

2a03:2880:f162:81:face:b00c:0:25de
8.8.8.8:53

www.wikipedia.org

dns

firefox.exe

63 B
108 B
1
1

DNS Request

www.wikipedia.org

DNS Response

208.80.154.224
8.8.8.8:53

dyna.wikimedia.org

dns

firefox.exe

64 B
80 B
1
1

DNS Request

dyna.wikimedia.org

DNS Response

208.80.154.224
8.8.8.8:53

dyna.wikimedia.org

dns

firefox.exe

64 B
92 B
1
1

DNS Request

dyna.wikimedia.org

DNS Response

2620:0:861:ed1a::1
8.8.8.8:53

www.reddit.com

dns

firefox.exe

60 B
159 B
1
1

DNS Request

www.reddit.com

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

reddit.map.fastly.net

dns

firefox.exe

67 B
131 B
1
1

DNS Request

reddit.map.fastly.net

DNS Response

151.101.1.140

151.101.65.140

151.101.129.140

151.101.193.140
8.8.8.8:53

reddit.map.fastly.net

dns

firefox.exe

67 B
128 B
1
1

DNS Request

reddit.map.fastly.net
8.8.8.8:53

twitter.com

dns

firefox.exe

57 B
89 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.1

104.244.42.129
8.8.8.8:53

twitter.com

dns

firefox.exe

57 B
89 B
1
1

DNS Request

twitter.com

DNS Response

104.244.42.1

104.244.42.65
8.8.8.8:53

twitter.com

dns

firefox.exe

57 B
129 B
1
1

DNS Request

twitter.com
8.8.8.8:53

snippets.cdn.mozilla.net

dns

firefox.exe

70 B
174 B
1
1

DNS Request

snippets.cdn.mozilla.net

DNS Response

18.65.39.48

18.65.39.44

18.65.39.50

18.65.39.121
8.8.8.8:53

d228z91au11ukj.cloudfront.net

dns

firefox.exe

75 B
139 B
1
1

DNS Request

d228z91au11ukj.cloudfront.net

DNS Response

18.65.39.48

18.65.39.50

18.65.39.44

18.65.39.121
8.8.8.8:53

d228z91au11ukj.cloudfront.net

dns

firefox.exe

75 B
156 B
1
1

DNS Request

d228z91au11ukj.cloudfront.net
8.8.8.8:53

support.mozilla.org

dns

firefox.exe

65 B
151 B
1
1

DNS Request

support.mozilla.org

DNS Response

54.203.119.212

54.149.98.205

44.228.117.96
8.8.8.8:53

prod-tp.sumo.mozit.cloud

dns

firefox.exe

70 B
118 B
1
1

DNS Request

prod-tp.sumo.mozit.cloud

DNS Response

44.228.117.96

54.149.98.205

54.203.119.212
8.8.8.8:53

prod-tp.sumo.mozit.cloud

dns

firefox.exe

70 B
155 B
1
1

DNS Request

prod-tp.sumo.mozit.cloud
8.8.8.8:53

search.r53-2.services.mozilla.com

dns

firefox.exe

79 B
161 B
1
1

DNS Request

search.r53-2.services.mozilla.com

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request