Analysis Overview
score
10/10
Threat Level: Known bad
The file http://twtwin.vip was found to be: Known bad.
Malicious Activity Summary
N/A
MITRE ATT&CK Matrix
N/A
Analysis: static1
Detonation Overview
Reported
2024-06-16 17:22
Signatures
N/A
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 17:22
Reported
2024-06-16 17:23
Platform
ubuntu2404-amd64-20240523-en
Max time network
16s
Command Line
N/A
Signatures
N/A
Processes
N/A
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | twtwin.vip | udp |
| US | 8.8.8.8:53 | twtwin.vip | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 172.67.189.24:80 | twtwin.vip | tcp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 8.8.8.8:53 | detectportal.firefox.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozilla.org | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| DE | 13.32.119.185:443 | www.mozilla.org | tcp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | r11.o.lencr.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | example.org | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 8.8.8.8:53 | ipv4only.arpa | udp |
| US | 34.107.221.82:80 | detectportal.firefox.com | tcp |
| BE | 2.17.107.186:80 | r11.o.lencr.org | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 8.8.8.8:53 | r10.o.lencr.org | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | tcp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 8.8.8.8:53 | www.cloudflare.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | twtpage.vip | udp |
| US | 8.8.8.8:53 | twtpage.vip | udp |
| US | 172.67.189.61:443 | twtpage.vip | tcp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | img-getpocket.cdn.mozilla.net | udp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| US | 172.67.189.61:443 | twtpage.vip | udp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | udp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| US | 34.36.165.17:443 | tiles-cdn.prod.ads.prod.webservices.mozgcp.net | tcp |
| BE | 2.17.107.186:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.117.188.166:443 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 52.42.69.239:443 | shavar.services.mozilla.com | tcp |
| BE | 2.17.107.186:80 | r10.o.lencr.org | tcp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | normandy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | normandy-cdn.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 35.201.103.21:443 | normandy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 8.8.8.8:53 | incoming.telemetry.mozilla.org | udp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.120.208.123:443 | incoming.telemetry.mozilla.org | tcp |
| US | 34.120.237.76:443 | img-getpocket.cdn.mozilla.net | tcp |
| BE | 2.17.107.153:80 | r10.o.lencr.org | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | fp2e7a.wpc.phicdn.net | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | classify-client.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod-classifyclient.normandy.prod.cloudops.mozgcp.net | udp |
| US | 34.98.75.36:443 | classify-client.services.mozilla.com | tcp |
| US | 34.107.243.93:443 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.vodafone.co.uk | udp |
| US | 8.8.8.8:53 | www.vodafone.co.uk | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.amazon.co.uk | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.reddit.com | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.bbc.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | www.ebay.co.uk | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | getpocket.com | udp |
| US | 8.8.8.8:53 | www-live.waf.digital-prod.vodafoneaws.co.uk | udp |
| US | 8.8.8.8:53 | e11847.a.akamaiedge.net | udp |
| US | 8.8.8.8:53 | reddit.map.fastly.net | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | bbc.map.fastly.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | www.mozorg.moz.works | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.theguardian.com | udp |
| US | 8.8.8.8:53 | www.hellofresh.co.uk | udp |
| US | 8.8.8.8:53 | www.hellofresh.co.uk | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | telemetry-incoming.r53-2.services.mozilla.com | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 172.67.189.24:80 | twtwin.vip | tcp |
| US | 172.67.189.24:80 | twtwin.vip | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 104.21.9.118:443 | twtpage.vip | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 104.21.9.118:443 | twtpage.vip | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | support.mozilla.org | udp |
| US | 8.8.8.8:53 | us-west1.prod.sumo.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | www.independent.co.uk | udp |
| US | 8.8.8.8:53 | lifehacker.com | udp |
| US | 8.8.8.8:53 | lifehacker.com | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | www.oxtxrelay.xyz | udp |
| US | 8.8.8.8:53 | foundation.mozilla.org | udp |
| US | 8.8.8.8:53 | foundation.mozilla.org | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | www.womenshealthmag.com | udp |
| US | 8.8.8.8:53 | hearst-hdm.map.fastly.net | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | time.com | udp |
| US | 8.8.8.8:53 | www.thecut.com | udp |
| US | 8.8.8.8:53 | www.thecut.com | udp |
Files
N/A