hxxps://metlof[.]nl/faq/

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
12/12/2023, 09:30 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://metlof.nl/faq/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2598572287-1024438387-935107970-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	firefox.exe
Token: SeDebugPrivilege	2008	firefox.exe
Token: SeDebugPrivilege	2008	firefox.exe
Token: SeDebugPrivilege	2008	firefox.exe
Token: SeDebugPrivilege	2008	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2008	firefox.exe
2008	firefox.exe
2008	firefox.exe
2008	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2008	firefox.exe
2008	firefox.exe
2008	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2008	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 3460 wrote to memory of 2008	3460	firefox.exe	85
PID 2008 wrote to memory of 444	2008	firefox.exe	87
PID 2008 wrote to memory of 444	2008	firefox.exe	87
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 1640	2008	firefox.exe	88
PID 2008 wrote to memory of 2928	2008	firefox.exe	89
PID 2008 wrote to memory of 2928	2008	firefox.exe	89
PID 2008 wrote to memory of 2928	2008	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://metlof.nl/faq/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://metlof.nl/faq/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.0.1027244935\44031888" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20730 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {87514e00-8874-4018-aef3-2851e7b717d1} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 1976 22a96307658 gpu
    3⤵
    PID:444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.1.1636406116\1026966864" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21546 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a13db01b-10fc-465b-9585-6f6dc06d0a17} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 2404 22a94ffb158 socket
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.2.31213892\2078337167" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3132 -prefsLen 21649 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5340ec3a-2826-445c-a3ec-5283d92217fc} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 3148 22a992bd858 tab
    3⤵
    PID:2928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.3.1910512297\1037252135" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26048 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e693915-8822-491f-abc5-89ec54148708} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 3656 22a88868458 tab
    3⤵
    PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.6.1448159382\564068185" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26282 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce6ffa77-d4a5-4638-999a-6e5e4d80cf10} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5200 22a9b708258 tab
    3⤵
    PID:872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.5.1752465509\1841351638" -childID 4 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26282 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e4559a3-9700-4d0a-bb67-a1da97689e67} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 5000 22a9b4dff58 tab
    3⤵
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2008.4.630936162\801385666" -childID 3 -isForBrowser -prefsHandle 4860 -prefMapHandle 4856 -prefsLen 26282 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4724ae9b-b21a-4157-a52f-a17d6b172ce3} 2008 "\\.\pipe\gecko-crash-server-pipe.2008" 4872 22a9b4df658 tab
    3⤵
    PID:3372

Network

DNS

metlof.nl

firefox.exe

Remote address:

8.8.8.8:53

Request

metlof.nl

IN A

Response

metlof.nl

IN A

52.233.128.61
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

getpocket.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.237.239:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
GET

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

firefox.exe

Remote address:

34.120.5.221:443

Request

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-none-match: W/"5724-k/DRLJfT8CIKnEkNouZPR+WdArQ"
te: trailers
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

21.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.177.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

175.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.178.17.96.in-addr.arpa

IN PTR

Response

175.178.17.96.in-addr.arpa

IN PTR

a96-17-178-175deploystaticakamaitechnologiescom
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

metlof.nl

firefox.exe

Remote address:

8.8.8.8:53

Request

metlof.nl

IN A

Response

metlof.nl

IN A

52.233.128.61
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.237.239
DNS

metlof.nl

firefox.exe

Remote address:

8.8.8.8:53

Request

metlof.nl

IN AAAA

Response
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

35.155.84.57

shavar.prod.mozaws.net

IN A

44.236.180.36

shavar.prod.mozaws.net

IN A

35.161.191.237
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 23177
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Tue, 12 Dec 2023 09:06:12 GMT
age: 1502
last-modified: Tue, 12 Dec 2023 08:08:14 GMT
content-type: application/json
last-modified: Tue, 12 Dec 2023 08:08:14 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221702368494958%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?_expected=%221702368494958%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1702339265534

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1702339265534 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1679600032742&_since=%221659924409785%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/password-rules/changeset?_expected=1679600032742&_since=%221659924409785%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1683667257606

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1683667257606 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1701090424142&_since=%221606870304609%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1701090424142&_since=%221606870304609%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1702283211301&_since=%221662648201700%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1702283211301&_since=%221662648201700%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/sites-classification?_expected=1544035467383

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/sites-classification?_expected=1544035467383 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/public-suffix-list/changeset?_expected=1575468539758

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/public-suffix-list/changeset?_expected=1575468539758 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist?_expected=1595254618540

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/search-default-override-allowlist?_expected=1595254618540 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/top-sites?_expected=1647020600359

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/top-sites?_expected=1647020600359 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-devices?_expected=1653469171354

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/devtools-devices?_expected=1653469171354 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1698666532326&_since=%221661199890666%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1698666532326&_since=%221661199890666%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1701806851414&_since=%221661199949574%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/search-config/changeset?_expected=1701806851414&_since=%221661199949574%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/cert-revocations/changeset?_expected=1702353437215

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/security-state/collections/cert-revocations/changeset?_expected=1702353437215 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/intermediates/changeset?_expected=1702353423385&_since=%221664891823141%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/security-state/collections/intermediates/changeset?_expected=1702353423385&_since=%221664891823141%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/onecrl/changeset?_expected=1701989913617&_since=%221658781354245%22

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/security-state/collections/onecrl/changeset?_expected=1701989913617&_since=%221658781354245%22 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://firefox.settings.services.mozilla.com/v1/

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/ HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

35.161.191.237

shavar.prod.mozaws.net

IN A

44.236.180.36

shavar.prod.mozaws.net

IN A

35.155.84.57
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: h6ueqHS9WzGvFlzM5i47Yg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: DLf7IZi4K2ng60CojU6guFZlydw=
date: Tue, 12 Dec 2023 09:30:54 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
GET

https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /mozstd-trackwhite-digest256/105.0/1684443982 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN A

Response

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

61.128.233.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

61.128.233.52.in-addr.arpa

IN PTR

Response
DNS

57.84.155.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.84.155.35.in-addr.arpa

IN PTR

Response

57.84.155.35.in-addr.arpa

IN PTR

ec2-35-155-84-57 us-west-2compute amazonawscom
DNS

tracking-protection.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

tracking-protection.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
GET

https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /google-trackwhite-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-fingerprinting-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-cryptomining-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-facebook-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-linkedin-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /social-tracking-protection-twitter-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /base-email-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
GET

https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228

firefox.exe

Remote address:

34.120.158.37:443

Request

GET /content-email-track-digest256/105.0/1663274228 HTTP/2.0
host: tracking-protection.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: none
pragma: no-cache
cache-control: no-cache
te: trailers
DNS

support.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

support.mozilla.org

IN A

Response

support.mozilla.org

IN CNAME

prod.sumo.prod.webservices.mozgcp.net

prod.sumo.prod.webservices.mozgcp.net

IN CNAME

us-west1.prod.sumo.prod.webservices.mozgcp.net

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

us-west1.prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

Response

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN A

34.149.128.2
DNS

us-west1.prod.sumo.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

166.175.125.74.in-addr.arpa

Remote address:

8.8.8.8:53

Request

166.175.125.74.in-addr.arpa

IN PTR

Response

166.175.125.74.in-addr.arpa

IN PTR

lhr48s34-in-f61e100net
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 408784
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 75713F78879E4ADFB03B68CEAB931FBE Ref B: LON04EDGE1008 Ref C: 2023-12-12T09:31:00Z
date: Tue, 12 Dec 2023 09:30:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301677_1FP9ECAH39HYIUM37&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301677_1FP9ECAH39HYIUM37&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 339880
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FA51A0CD5B2A4AB6A3C383FAE1578230 Ref B: LON04EDGE1008 Ref C: 2023-12-12T09:31:00Z
date: Tue, 12 Dec 2023 09:30:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301268_19Y3KTBXK9Q1B7ID1&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301268_19Y3KTBXK9Q1B7ID1&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 387682
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45A9B118164949F9BD09EBD3DA68E33A Ref B: LON04EDGE1008 Ref C: 2023-12-12T09:31:00Z
date: Tue, 12 Dec 2023 09:30:59 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 353257
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8156DD8EAC6F4860AB26E2BCE14871B9 Ref B: LON04EDGE1008 Ref C: 2023-12-12T09:31:00Z
date: Tue, 12 Dec 2023 09:30:59 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

208.194.73.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

208.194.73.20.in-addr.arpa

IN PTR

Response
DNS

aus5.mozilla.org

firefox.exe

Remote address:

8.8.8.8:53

Request

aus5.mozilla.org

IN A

Response

aus5.mozilla.org

IN CNAME

balrog-aus5.r53-2.services.mozilla.com

balrog-aus5.r53-2.services.mozilla.com

IN CNAME

prod.balrog.prod.cloudops.mozgcp.net

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN A

Response

prod.balrog.prod.cloudops.mozgcp.net

IN A

35.244.181.201
DNS

prod.balrog.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

ciscobinary.openh264.org

firefox.exe

Remote address:

8.8.8.8:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.243

a19.dscg10.akamai.net

IN A

88.221.134.209
GET

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

firefox.exe

Remote address:

88.221.134.243:80

Request

GET /openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Thu, 16 Nov 2023 07:38:17 GMT
ETag: 85430baed3398695717b0263807cf97c
Content-Length: 453023
Accept-Ranges: bytes
X-Timestamp: 1700120296.01123
Content-Type: application/zip
X-Trans-Id: tx83dabe2b359f4df0880f4-00655605b9dfw1
Cache-Control: public, max-age=172142
Expires: Thu, 14 Dec 2023 09:20:16 GMT
Date: Tue, 12 Dec 2023 09:31:14 GMT
Connection: keep-alive
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN A

Response

a19.dscg10.akamai.net

IN A

88.221.134.209

a19.dscg10.akamai.net

IN A

88.221.134.243
DNS

a19.dscg10.akamai.net

firefox.exe

Remote address:

8.8.8.8:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86f3

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
DNS

201.181.244.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.181.244.35.in-addr.arpa

IN PTR

Response

201.181.244.35.in-addr.arpa

IN PTR

20118124435bcgoogleusercontentcom
DNS

243.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.134.221.88.in-addr.arpa

IN PTR

Response

243.134.221.88.in-addr.arpa

IN PTR

a88-221-134-243deploystaticakamaitechnologiescom
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.16.238
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN A

Response

redirector.gvt1.com

IN A

172.217.16.238
DNS

redirector.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

redirector.gvt1.com

IN AAAA

Response

redirector.gvt1.com

IN AAAA

2a00:1450:4009:821::200e
DNS

r1---sn-aigzrnsz.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1---sn-aigzrnsz.gvt1.com

IN A

Response

r1---sn-aigzrnsz.gvt1.com

IN CNAME

r1.sn-aigzrnsz.gvt1.com

r1.sn-aigzrnsz.gvt1.com

IN A

74.125.175.166
DNS

r1.sn-aigzrnsz.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsz.gvt1.com

IN A

Response

r1.sn-aigzrnsz.gvt1.com

IN A

74.125.175.166
DNS

r1.sn-aigzrnsz.gvt1.com

firefox.exe

Remote address:

8.8.8.8:53

Request

r1.sn-aigzrnsz.gvt1.com

IN AAAA

Response

r1.sn-aigzrnsz.gvt1.com

IN AAAA

2a00:1450:4009:1b::6
DNS

238.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

238.16.217.172.in-addr.arpa

IN PTR

Response

238.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f141e100net

238.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f14�I
DNS

firefox-settings-attachments.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN A

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

attachments.prod.remote-settings.prod.webservices.mozgcp.net

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

31.243.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.243.111.52.in-addr.arpa

IN PTR

Response
DNS

172.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.178.17.96.in-addr.arpa

IN PTR

Response

172.178.17.96.in-addr.arpa

IN PTR

a96-17-178-172deploystaticakamaitechnologiescom
DNS

205.47.74.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

205.47.74.20.in-addr.arpa

IN PTR

Response
DNS

18.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.173.189.20.in-addr.arpa

IN PTR

Response

127.0.0.1:53288

firefox.exe
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

2.4kB
18.0kB
24
32
52.233.128.61:443

metlof.nl

tls

firefox.exe

1.2kB
6.5kB
10
9
34.117.237.239:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.9kB
8.3kB
17
19

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.120.5.221:443

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30

tls, http2

firefox.exe

1.9kB
13.9kB
15
21

HTTP Request

GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=IE&count=30
35.155.84.57:443

shavar.services.mozilla.com

tls

firefox.exe

2.1kB
5.3kB
10
9
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/

tls, http2

firefox.exe

21.1kB
1.3MB
339
1067

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expected=%221702368494958%22

HTTP Response

200

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/normandy-recipes-capabilities/changeset?_expected=1702339265534

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/language-dictionaries/changeset?_expected=1673270322227&_since=%221569410800356%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-recipes/changeset?_expected=1674595048726&_since=%221642005109349%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/password-rules/changeset?_expected=1679600032742&_since=%221659924409785%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/fxmonitor-breaches/changeset?_expected=1683667257606

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/url-classifier-skip-urls/changeset?_expected=1701090424142&_since=%221606870304609%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-compatibility-browsers/changeset?_expected=1702283211301&_since=%221662648201700%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/sites-classification?_expected=1544035467383

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/anti-tracking-url-decoration?_expected=1564511755134

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/public-suffix-list/changeset?_expected=1575468539758

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist?_expected=1595254618540

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/pioneer-study-addons-v1/changeset?_expected=1607042143590

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/top-sites?_expected=1647020600359

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-providers/changeset?_expected=1647549722107&_since=%221621943542621%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/doh-config/changeset?_expected=1651753780606&_since=%221621943462970%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/devtools-devices?_expected=1653469171354

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/websites-with-shared-credential-backends?_expected=1659924446436

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/addons-manager-settings/changeset?_expected=1688747728721

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-telemetry-v2/changeset?_expected=1698666532326&_since=%221661199890666%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/changeset?_expected=1701806851414&_since=%221661199949574%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/cert-revocations/changeset?_expected=1702353437215

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/intermediates/changeset?_expected=1702353423385&_since=%221664891823141%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/security-state/collections/onecrl/changeset?_expected=1701989913617&_since=%221658781354245%22

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.9kB
6.0kB
10
12

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982

tls, http2

firefox.exe

3.4kB
351.1kB
50
259

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/mozstd-trackwhite-digest256/105.0/1684443982
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228

tls, http2

firefox.exe

23.4kB
1.5MB
379
1112

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/google-trackwhite-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
5.2kB
13
12

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-fingerprinting-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
4.0kB
13
13

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-cryptomining-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
2.2kB
13
12

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-facebook-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
1.8kB
12
10

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-linkedin-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228

tls, http2

firefox.exe

1.8kB
1.9kB
12
12

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/social-tracking-protection-twitter-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
9.0kB
13
17

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/base-email-track-digest256/105.0/1663274228
34.120.158.37:443

https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228

tls, http2

firefox.exe

1.9kB
7.8kB
13
14

HTTP Request

GET https://tracking-protection.cdn.mozilla.net/content-email-track-digest256/105.0/1663274228
127.0.0.1:53298

firefox.exe
204.79.197.200:443

tse1.mm.bing.net

tls, http2

972 B
8.3kB
11
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

972 B
8.3kB
11
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

tls, http2

17.8kB
1.5MB
335
1120

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301285_1YX3CCWTOZVY6EU1J&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301677_1FP9ECAH39HYIUM37&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301268_19Y3KTBXK9Q1B7ID1&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301694_17Y0IRSKKQEXFDPLC&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

972 B
8.3kB
11
14
35.244.181.201:443

aus5.mozilla.org

tls

firefox.exe

1.7kB
5.6kB
16
16
34.149.100.209:443

firefox.settings.services.mozilla.com

tls

firefox.exe

1.1kB
5.3kB
12
11
34.160.144.191:443

content-signature-2.cdn.mozilla.net

tls

firefox.exe

1.7kB
11.6kB
16
20
88.221.134.243:80

http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

firefox.exe

7.2kB
467.5kB
150
349

HTTP Request

GET http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200
172.217.16.238:443

redirector.gvt1.com

tls

firefox.exe

1.6kB
9.1kB
16
22
74.125.175.166:443

r1---sn-aigzrnsz.gvt1.com

tls

firefox.exe

88.4kB
8.7MB
1434
6253
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

335.1kB
3.8MB
2934
5508
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.0kB
5.2kB
11
10
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.1kB
5.3kB
13
11
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.1kB
5.3kB
12
11
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.1kB
5.3kB
12
11
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

firefox.exe

1.1kB
5.3kB
12
11

8.8.8.8:53

metlof.nl

dns

firefox.exe

55 B
71 B
1
1

DNS Request

metlof.nl

DNS Response

52.233.128.61
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

getpocket.cdn.mozilla.net

dns

firefox.exe

71 B
174 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

21.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.177.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

175.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

175.178.17.96.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

metlof.nl

dns

firefox.exe

55 B
71 B
1
1

DNS Request

metlof.nl

DNS Response

52.233.128.61
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.237.239
8.8.8.8:53

metlof.nl

dns

firefox.exe

55 B
111 B
1
1

DNS Request

metlof.nl
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.120.5.221
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

35.155.84.57

44.236.180.36

35.161.191.237
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
110 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
116 B
1
1

DNS Request

shavar.prod.mozaws.net

DNS Response

35.161.191.237

44.236.180.36

35.155.84.57
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

firefox.exe

81 B
143 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
97 B
1
1

DNS Request

tracking-protection.prod.mozaws.net

DNS Response

34.120.158.37
8.8.8.8:53

61.128.233.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

61.128.233.52.in-addr.arpa
8.8.8.8:53

57.84.155.35.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

57.84.155.35.in-addr.arpa
8.8.8.8:53

tracking-protection.prod.mozaws.net

dns

firefox.exe

81 B
166 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
8.8.8.8:53

tracking-protection.cdn.mozilla.net

dns

firefox.exe

81 B
143 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
8.8.8.8:53

support.mozilla.org

dns

firefox.exe

65 B
155 B
1
1

DNS Request

support.mozilla.org

DNS Response

34.149.128.2
8.8.8.8:53

us-west1.prod.sumo.prod.webservices.mozgcp.net

dns

firefox.exe

92 B
108 B
1
1

DNS Request

us-west1.prod.sumo.prod.webservices.mozgcp.net

DNS Response

34.149.128.2
8.8.8.8:53

us-west1.prod.sumo.prod.webservices.mozgcp.net

dns

firefox.exe

92 B
185 B
1
1

DNS Request

us-west1.prod.sumo.prod.webservices.mozgcp.net
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

145 B
269 B
2
2

DNS Request

88.156.103.20.in-addr.arpa

DNS Request

166.175.125.74.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
173 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

208.194.73.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

208.194.73.20.in-addr.arpa
8.8.8.8:53

aus5.mozilla.org

dns

firefox.exe

62 B
180 B
1
1

DNS Request

aus5.mozilla.org

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Response

35.244.181.201
8.8.8.8:53

prod.balrog.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
8.8.8.8:53

ciscobinary.openh264.org

dns

firefox.exe

70 B
286 B
1
1

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.243

88.221.134.209
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
99 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

88.221.134.209

88.221.134.243
8.8.8.8:53

a19.dscg10.akamai.net

dns

firefox.exe

67 B
123 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:86f3

2a02:26f0:a1::58dd:86d1
8.8.8.8:53

201.181.244.35.in-addr.arpa

dns

73 B
126 B
1
1

DNS Request

201.181.244.35.in-addr.arpa
8.8.8.8:53

243.134.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

243.134.221.88.in-addr.arpa
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

172.217.16.238
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
81 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

172.217.16.238
8.8.8.8:53

redirector.gvt1.com

dns

firefox.exe

65 B
93 B
1
1

DNS Request

redirector.gvt1.com

DNS Response

2a00:1450:4009:821::200e
172.217.16.238:443

redirector.gvt1.com

https

firefox.exe

3.3kB
9.5kB
8
10
8.8.8.8:53

r1---sn-aigzrnsz.gvt1.com

dns

firefox.exe

71 B
116 B
1
1

DNS Request

r1---sn-aigzrnsz.gvt1.com

DNS Response

74.125.175.166
8.8.8.8:53

r1.sn-aigzrnsz.gvt1.com

dns

firefox.exe

69 B
85 B
1
1

DNS Request

r1.sn-aigzrnsz.gvt1.com

DNS Response

74.125.175.166
8.8.8.8:53

r1.sn-aigzrnsz.gvt1.com

dns

firefox.exe

69 B
97 B
1
1

DNS Request

r1.sn-aigzrnsz.gvt1.com

DNS Response

2a00:1450:4009:1b::6
74.125.175.166:443

r1.sn-aigzrnsz.gvt1.com

https

firefox.exe

1.8kB
6.5kB
5
8
8.8.8.8:53

238.16.217.172.in-addr.arpa

dns

73 B
142 B
1
1

DNS Request

238.16.217.172.in-addr.arpa
8.8.8.8:53

firefox-settings-attachments.cdn.mozilla.net

dns

firefox.exe

90 B
177 B
1
1

DNS Request

firefox-settings-attachments.cdn.mozilla.net

DNS Response

34.117.121.53
8.8.8.8:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

106 B
122 B
1
1

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.117.121.53
8.8.8.8:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

106 B
199 B
1
1

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

31.243.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

31.243.111.52.in-addr.arpa
8.8.8.8:53

172.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

172.178.17.96.in-addr.arpa
8.8.8.8:53

205.47.74.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

205.47.74.20.in-addr.arpa
8.8.8.8:53

18.173.189.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

18.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
f1299642601a45ecd03eeed5ee144a93

SHA1
b2acfac66908d33ed905c69e8f5860e4addb4a17

SHA256
98e3d78abd94271f410a7e3b0b74caf5f367ed5e6b02a31d0c27b224b8d11ad7

SHA512
3221ce469647a79a34c4ba6576b0320975c044061d4a7bec4dcbc060ca9a280a4d43b070061efe17dd195083b254a0e3452468fcb65272aaaa073670f342483c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

Filesize
13KB

MD5
f41485a33f25de1f4d125a475bc90b51

SHA1
8a2556ab25ab149fbc4b127f9f95728cdb987874

SHA256
721bcc48aacaf66003aa2926a35d3659a01ad4439c8f2f03d571b7df0cea8bb0

SHA512
9d22e11da127f92e2ba641dee6853846bcd6dea8f3f6c8634ee1e441cc9ade8bd65dbb23dda32d292757acaeaa61cdd6709d28c234f2ee4a4565292024d03c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
53de74e6ea7651bb67b5e3b9a12fecd4

SHA1
ec7b83625a3cacdb43b9cda90dcec914db106f99

SHA256
52cacd57d510a5d88ff2b219f2ba3367426651ce3a98a5ac3717494238beb27e

SHA512
24c96d69852ef697a463505d35dcbb2fe66cd51883e0a0268d3ebf12ae150c93a953119c0b4523e8b2d913148c7ec1f2c9a992e8223d17ce082e08b70c5acaf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\datareporting\glean\pending_pings\3d95ecf0-189f-4ede-b5ca-b393bc81cbdf

Filesize
746B

MD5
52ee9f7793a870ddce37e5d26d40b642

SHA1
d57fe735d8639760e188441eb99df9d6ce81a03f

SHA256
23824ce52c8e1de684f7190245434976ba400354956d8e525a72e06036475c84

SHA512
4c418f31277c8d9fd58e7e162ffa5d69e433f537d14cbd76fa9440dce3da74ce67baff1a2ad1934ac9957661f502cb2c2a3bf018b19943dc8f1dad6e4ee3d834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\datareporting\glean\pending_pings\abd41e7b-d815-402a-a199-c3771b187cff

Filesize
11KB

MD5
ac00dfc60ec7e46ec8636363282c8c54

SHA1
07c8533a56291df45a6134166c94e9e6958639e3

SHA256
be6c730c0331d2bf4eb6680d2f5df5a266e540d6dcabc734dd77e16e316a73b2

SHA512
f09b86402b550f03106e52741c77aa750193690525cc1651d6ac8a9e15d1aa10316ebdc84336eec6e6c2122359e3eb35e7485898c896028db9b489512dac9cd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\prefs-1.js

Filesize
9KB

MD5
4da54472f8437b455fa3df9aedd84df2

SHA1
3062f90248fa64ca02966a218a2d6a2e8ece2707

SHA256
65af7511e2d6bc7fcd6dd12220272bdb3eeacd5e25ef8d751aafd6c4d67eb048

SHA512
e0502ec729a363899d6414ce308f8b2e5ca3b0ba715b2016c545b27c1f6050c625d435113415a4861ae75a620b190e80cc120193808451a7a99800d6c3e7b3da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\prefs-1.js

Filesize
6KB

MD5
c20f7421d77d195d8196385713719682

SHA1
f58672479c587efeef3593fa95f35fd532074dba

SHA256
4c5d751f323465a105ed9b3d37068801fc1726fef7010136566c819709af0ba1

SHA512
b12b3a4f08435a229c6fe1ee570a6167a2d79acd77eb80dd1c4d12ad73f3febf58c8573cf36153b786128860d985f44f8c3ecabde140458038b5907cff17ac76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9ae613fe00d18dbb8acde90f53604f7f

SHA1
53662f8babed425a64f6ba29d912af45a09a98cb

SHA256
0c4df74201c6c980f33aa27c2bb93b194ecf62fb4682815b748cf8cbc52a413b

SHA512
a58d9807f353b7ad950f7d1b859b4b8b348bcb9152c9658d1718ee8ef7088916dea20ee526235bda1139039fe8d50008c8ce169297178cdb68a5e3347f427d81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4cx5l6t9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
a7612f2f16c8550a49137fef88ee9eb0

SHA1
cfcdd2cbbe487f9df037b8665e331562e99441e5

SHA256
c5744aa38abad347d2f1f9576a4565019cf04e9c6c1bba71657fd121a775af76

SHA512
a29499a3726d003bf2ea95ef7ae78574b14e87e559f1a896fd0380863621c5402a860b70084785e645e4ecd4075b5ebf4f520d95b42f5cd4dc5f4f8caa029852

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request