hxxp://ttecn[.]com

Analysis

max time kernel
220s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 21:53 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ttecn.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3984	firefox.exe
Token: SeDebugPrivilege	3984	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3984	firefox.exe
3984	firefox.exe
3984	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3984	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3044 wrote to memory of 3984	3044	firefox.exe	69
PID 3984 wrote to memory of 2112	3984	firefox.exe	87
PID 3984 wrote to memory of 2112	3984	firefox.exe	87
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2808	3984	firefox.exe	89
PID 3984 wrote to memory of 2016	3984	firefox.exe	90
PID 3984 wrote to memory of 2016	3984	firefox.exe	90
PID 3984 wrote to memory of 2016	3984	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://ttecn.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://ttecn.com
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.0.505939969\889343021" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20860 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edc7cffb-3fcc-4cf7-81ac-8b3260279b72} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 1952 16bda1f5158 gpu
    3⤵
    PID:2112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.1.499396400\1962216107" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 21676 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c404f08-61d3-4e3c-b2f0-a0f9f9620617} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 2364 16bcd772e58 socket
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.2.629252997\1362088177" -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 3232 -prefsLen 21714 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {801aa74d-10d3-4ea1-b8fb-9590c69bd5ba} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 3248 16bde28d558 tab
    3⤵
    PID:2016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.3.552997967\2093797206" -childID 2 -isForBrowser -prefsHandle 4008 -prefMapHandle 3988 -prefsLen 26294 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a863e28a-d8e0-4efe-8793-74d6cf773913} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4020 16bdf042c58 tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.4.881901568\1986111417" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 2804 -prefsLen 26683 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf3f846f-d7f4-49ec-8c90-9f48a590597e} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4600 16bdda61e58 tab
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.6.1393265086\619466748" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 4224 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6c125c5-eff6-41a9-86d8-ea8eb18bbdd1} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4812 16bdf24b658 tab
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3984.5.776094075\269919441" -childID 4 -isForBrowser -prefsHandle 4488 -prefMapHandle 1312 -prefsLen 26858 -prefMapSize 232645 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f5368a-9839-4dea-bc0b-61b5dc0f07c6} 3984 "\\.\pipe\gecko-crash-server-pipe.3984" 4528 16bdf24aa58 tab
    3⤵
    PID:3676

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f3e8c72a86684020b882f9f7926491d7 /t 3644 /p 3984
1⤵
PID:4184

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

72.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

72.32.126.40.in-addr.arpa

IN PTR

Response
DNS

8.3.197.209.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.3.197.209.in-addr.arpa

IN PTR

Response

8.3.197.209.in-addr.arpa

IN PTR

vip0x008map2sslhwcdnnet
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

183.59.114.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.59.114.20.in-addr.arpa

IN PTR

Response
DNS

241.154.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

241.154.82.20.in-addr.arpa

IN PTR

Response
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

254.23.238.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

254.23.238.8.in-addr.arpa

IN PTR

Response
DNS

ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

ttecn.com

IN A

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

getpocket.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA
GET

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

firefox.exe

Remote address:

34.120.5.221:443

Request

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-none-match: W/"3d86-XuwJFy3S/7zid4f+kHYsvhttb0c"
te: trailers
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

44.239.90.104

shavar.prod.mozaws.net

IN A

54.185.54.63

shavar.prod.mozaws.net

IN A

54.214.185.83
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A
DNS

104.90.239.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.90.239.44.in-addr.arpa

IN PTR

Response

104.90.239.44.in-addr.arpa

IN PTR

ec2-44-239-90-104 us-west-2compute amazonawscom
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

16.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.173.189.20.in-addr.arpa

IN PTR

Response
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
GET

https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /mozstd-trackwhite-digest256/105.0/1684443982 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN A

Response

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.117.65.55
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.117.65.55
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
GET

https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /google-trackwhite-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.117.65.55
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.117.65.55:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +EYiWeb6GwxI01HPUB0ung==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: VVCcil0yJWyJLDfyUl8cWtOONso=
Date: Thu, 12 Oct 2023 21:57:08 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
GET

https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-fingerprinting-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
GET

https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-cryptomining-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-facebook-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR
DNS

29.81.57.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

29.81.57.23.in-addr.arpa

IN PTR
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-linkedin-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-twitter-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

16.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

16.173.189.20.in-addr.arpa

IN PTR

Response
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
GET

https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-email-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

www.ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.ttecn.com

IN A

Response

www.ttecn.com

IN A

206.165.76.171
DNS

www.ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.ttecn.com

IN A

Response

www.ttecn.com

IN A

206.165.76.171
GET

https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /content-email-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

www.ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.ttecn.com

IN A

Response

www.ttecn.com

IN A

206.165.76.171
DNS

www.ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.ttecn.com

IN A

Response

www.ttecn.com

IN A

206.165.76.171
DNS

www.ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.ttecn.com

IN AAAA

Response
DNS

www.ttecn.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.ttecn.com

IN AAAA

Response
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A

Response

support.mozilla.org

IN CNAME

prod.sumo.prod.webservices.mozgcp.net

prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.sumo.prod.webservices.mozgcp.net

IN A

Response

prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.sumo.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.sumo.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

203.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

203.197.79.204.in-addr.arpa

IN PTR

Response

203.197.79.204.in-addr.arpa

IN PTR

a-0003a-msedgenet
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

75.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

75.159.190.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301457_1V7ZJVRAXG9TQ5156&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301457_1V7ZJVRAXG9TQ5156&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 361762
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9610CBE6DC2840609A1C9DA5420C57CB Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:43Z
date: Thu, 12 Oct 2023 21:58:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301034_101MWO31Y1G73VRJP&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301034_101MWO31Y1G73VRJP&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 407668
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B60FC538F455489691705798ED8A528D Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:43Z
date: Thu, 12 Oct 2023 21:58:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 495997
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4C0ECE70FE574B95B7E43A3B0A9243E4 Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:43Z
date: Thu, 12 Oct 2023 21:58:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300970_1WZNZYNWWAF6IP05J&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300970_1WZNZYNWWAF6IP05J&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 356153
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D82FE039FD284FD0AE4F4708B9BDA006 Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:43Z
date: Thu, 12 Oct 2023 21:58:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301467_1G67LNWWVGX8TXDL9&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301467_1G67LNWWVGX8TXDL9&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 418638
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 17B1A3BB30F04154B1FC8F06CF6A986A Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:43Z
date: Thu, 12 Oct 2023 21:58:43 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301403_18A51FWD0ORQI7TWA&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301403_18A51FWD0ORQI7TWA&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 426531
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E27C93785A4F4174BED6F36FAE3618B5 Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:44Z
date: Thu, 12 Oct 2023 21:58:44 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 373128
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 50939CC2592E43D38F77F4B0C1DB51BA Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:44Z
date: Thu, 12 Oct 2023 21:58:44 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301230_12KE1HR78R7KA9ZVM&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301230_12KE1HR78R7KA9ZVM&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 272843
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D925E913D1E644CC83D8DC57E780A677 Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:44Z
date: Thu, 12 Oct 2023 21:58:44 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301639_11NZSAGGK5N1KGU3L&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301639_11NZSAGGK5N1KGU3L&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 310242
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 657FD6DEDB3B4C3B8A90386171D840E8 Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:45Z
date: Thu, 12 Oct 2023 21:58:45 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 360487
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 37F68EC3A4204385863FD0F9F976A7DF Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:45Z
date: Thu, 12 Oct 2023 21:58:45 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301090_1E2XJ6XYFA8M2LCMT&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301090_1E2XJ6XYFA8M2LCMT&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 406737
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E89843C6372B47ADB9A2B2FD649EED7E Ref B: BRU30EDGE0809 Ref C: 2023-10-12T21:58:45Z
date: Thu, 12 Oct 2023 21:58:45 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet

127.0.0.1:53676

firefox.exe
127.0.0.1:53690

firefox.exe
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.8kB
7.9kB
16
18

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.120.5.221:443

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

tls, http2

firefox.exe

1.9kB
13.5kB
15
19

HTTP Request

GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30
34.120.5.221:443

getpocket.cdn.mozilla.net

tls, http2

firefox.exe

1.2kB
5.5kB
10
11
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

1.7kB
5.7kB
16
15
44.239.90.104:443

shavar.services.mozilla.com

tls

firefox.exe

2.1kB
5.3kB
10
9
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982

tls, http2

firefox.exe

5.5kB
352.6kB
95
260

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228

tls, http2

firefox.exe

10.3kB
1.5MB
197
1114

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls, http2

firefox.exe

2.3kB
1.2kB
14
8
34.117.65.55:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.7kB
5.8kB
10
10

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
5.3kB
13
14

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

tls, http2

firefox.exe

1.7kB
6.5kB
13
13

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
4.0kB
12
13

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
2.1kB
12
11

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
1.8kB
14
12

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
1.9kB
13
11

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
8.9kB
14
15

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
7.9kB
13
17

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
15
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301090_1E2XJ6XYFA8M2LCMT&pid=21.2&w=1920&h=1080&c=4

tls, http2

147.0kB
4.3MB
3157
3150

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301457_1V7ZJVRAXG9TQ5156&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301034_101MWO31Y1G73VRJP&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301024_1S39Y613MNXDQQG0C&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300970_1WZNZYNWWAF6IP05J&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301467_1G67LNWWVGX8TXDL9&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301403_18A51FWD0ORQI7TWA&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300937_1HHU6SR72RIO6JU61&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301230_12KE1HR78R7KA9ZVM&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301639_11NZSAGGK5N1KGU3L&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301370_1WTDA3QMJSZ92RY3W&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301090_1E2XJ6XYFA8M2LCMT&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.2kB
15
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.3kB
15
14

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

72.32.126.40.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

72.32.126.40.in-addr.arpa
8.8.8.8:53

8.3.197.209.in-addr.arpa

dns

70 B
111 B
1
1

DNS Request

8.3.197.209.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

183.59.114.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

183.59.114.20.in-addr.arpa
8.8.8.8:53

241.154.82.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

241.154.82.20.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

254.23.238.8.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

254.23.238.8.in-addr.arpa
8.8.8.8:53

ttecn.com

dns

firefox.exe

55 B
118 B
1
1

DNS Request

ttecn.com
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

getpocket.cdn.mozilla.net

dns

firefox.exe

71 B
174 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

370 B
5

DNS Request

contile.services.mozilla.com

DNS Request

contile.services.mozilla.com

DNS Request

contile.services.mozilla.com

DNS Request

contile.services.mozilla.com

DNS Request

contile.services.mozilla.com
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.120.5.221
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
110 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

44.239.90.104

54.185.54.63

54.214.185.83
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

340 B
5

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

104.90.239.44.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

104.90.239.44.in-addr.arpa
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

16.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

16.173.189.20.in-addr.arpa
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

firefox.exe

81 B
143 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
97 B
1
1

DNS Request

tracking-protection.prod.mozaws.net

DNS Response

34.120.158.37
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
166 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.117.65.55
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.117.65.55
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

firefox.exe

81 B
143 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
166 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.117.65.55
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
166 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

29.81.57.23.in-addr.arpa

dns

350 B
5

DNS Request

29.81.57.23.in-addr.arpa

DNS Request

29.81.57.23.in-addr.arpa

DNS Request

29.81.57.23.in-addr.arpa

DNS Request

29.81.57.23.in-addr.arpa

DNS Request

29.81.57.23.in-addr.arpa
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

firefox.exe

81 B
143 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
8.8.8.8:53

16.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

16.173.189.20.in-addr.arpa
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
166 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
8.8.8.8:53

www.ttecn.com

dns

firefox.exe

118 B
150 B
2
2

DNS Request

www.ttecn.com

DNS Request

www.ttecn.com

DNS Response

206.165.76.171

DNS Response

206.165.76.171
8.8.8.8:53

www.ttecn.com

dns

firefox.exe

118 B
150 B
2
2

DNS Request

www.ttecn.com

DNS Request

www.ttecn.com

DNS Response

206.165.76.171

DNS Response

206.165.76.171
8.8.8.8:53

www.ttecn.com

dns

firefox.exe

118 B
244 B
2
2

DNS Request

www.ttecn.com

DNS Request

www.ttecn.com
8.8.8.8:53

support.mozilla.org

dns

firefox.exe

65 B
132 B
1
1

DNS Request

support.mozilla.org

DNS Response

34.149.128.2
8.8.8.8:53

prod.sumo.prod.webservices.mozgcp.net

dns

firefox.exe

83 B
99 B
1
1

DNS Request

prod.sumo.prod.webservices.mozgcp.net

DNS Response

34.149.128.2
8.8.8.8:53

prod.sumo.prod.webservices.mozgcp.net

dns

firefox.exe

166 B
352 B
2
2

DNS Request

prod.sumo.prod.webservices.mozgcp.net

DNS Request

prod.sumo.prod.webservices.mozgcp.net
8.8.8.8:53

203.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

203.197.79.204.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

75.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

75.159.190.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wp0zrwot.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
89b1948c40025345be09d1ee4ade7757

SHA1
33d9e8695c412ab13a0f883e993e01cea376b1c2

SHA256
4fd6ff56f0ac4c9dd3c589ec31909fa424d9eff03bf18b1ae8358054639bff91

SHA512
620309ab6a426359a2888cf1e0a1e9f909da1cef7438e9600065e20151a7f688fd33001b6984ed5ebb132277f174a0d5efc9f23f1e8d7899c0374d420771c2a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
6KB

MD5
20206c5eea1045b41ee9eec566a3ad1c

SHA1
6ba0adc3080c16fa557d51a86d02ed28ac998846

SHA256
83314fee626c4c97eabff0cb9af084fbe3f87bb4cb0eb62a153b1ce27b1e524a

SHA512
43a5df4ebce1fb8d769c1f2955aeca1c0604bc8aa177f51650c68fd040969b6e7368acb86994aaf83462d436fbf4d9933be45a8188f2ba46407395eb3212b85e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\prefs-1.js

Filesize
6KB

MD5
9dd891d7337dbf0711a5535e631b79f0

SHA1
fe2e805a35e50943f67e45c885c57a4cf322b4d4

SHA256
0164635afdd1503056f15978d76593d0bf2252e2363d26f92b3cd902b229f162

SHA512
66d433d2460988bf4dfa2cef418d4d439b064bd57d69a3b7e0c17af78108c243aedb804393f6031a79160e54cd2a45d122de267ed6b60dd79258d7fed560888c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1088d1a807543f635763fc68955243fd

SHA1
7c10aef2b35bc3e4fbe4896bd457d0e61714ff9e

SHA256
ba454522244184577e054aef9b8e91fc2f7dcd2b4119bb3e4fc59e743b5ce083

SHA512
e56d75d19d1fca9a6dc670e2f8e0c979d8c3b67dd11ca00a491816d694159c5fd6a09975cf55a6b9605149cdee050ea66b50882931df2f7d098fd75623374464

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wp0zrwot.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c764013d34d2c43177fc52aa7daa301b

SHA1
bad72573c020188c8524d1acba84260d5ed3d52c

SHA256
fb2f78adeab148f35e849795d9612e132b35222a9c270e3a9f971ce10fe04d3e

SHA512
89de9b67a06a328f3567129cb1c09a8a4832a705c84557424ca69e190d5a3447572dbab096101a5e91369b7834995ce12b4640ec48882e82c42572deb9a782e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request