hxxps://downloaddevtools[.]com/en/product/479/download-hex-rays-ida-pro-crack-19

Analysis

max time kernel
34s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 16:40 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1140	firefox.exe
Token: SeDebugPrivilege	1140	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1140	firefox.exe
1140	firefox.exe
1140	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 2320 wrote to memory of 1140	2320	firefox.exe	81
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 736	1140	firefox.exe	82
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83
PID 1140 wrote to memory of 4496	1140	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19"
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.0.285719020\426410048" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f92e491-e5bc-4426-93cb-2e3060d99a41} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 1868 1b95fb30b58 gpu
    3⤵
    PID:736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.1.1516921937\1357494065" -parentBuildID 20230214051806 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c946fd97-72c4-452d-9963-2491092ceff4} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 2456 1b94b789c58 socket
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.2.1272728318\1111928907" -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d0088dc-7410-4e29-8986-648951676dc0} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 2856 1b962939858 tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.3.526593140\1210429908" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b2e3b93-193b-4261-ae88-0c08034bd391} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 3528 1b94b77ae58 tab
    3⤵
    PID:868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.4.2114621679\532932678" -childID 3 -isForBrowser -prefsHandle 5200 -prefMapHandle 5192 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {974cbf7c-313b-439f-af13-18650758d282} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5220 1b9658b2e58 tab
    3⤵
    PID:1496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.5.745360980\577121746" -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d07e9b8c-e315-4966-a6a1-6a56cb68ed2d} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5420 1b965f95758 tab
    3⤵
    PID:5108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.6.1619231972\396150851" -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d132d9db-19e5-4cf6-a1f4-ddeba292a682} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5612 1b965f95d58 tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1140.7.2140563827\1977218556" -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 5912 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1300 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52c3efd6-2886-443b-b5ef-402c29afda36} 1140 "\\.\pipe\gecko-crash-server-pipe.1140" 5932 1b967810f58 tab
    3⤵
    PID:1248

Network

DNS

downloaddevtools.com

firefox.exe

Remote address:

8.8.8.8:53

Request

downloaddevtools.com

IN A

Response

downloaddevtools.com

IN A

104.26.14.176

downloaddevtools.com

IN A

172.67.69.185

downloaddevtools.com

IN A

104.26.15.176
DNS

spocs.getpocket.com

firefox.exe

Remote address:

8.8.8.8:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

getpocket.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

content-signature-2.cdn.mozilla.net

firefox.exe

Remote address:

8.8.8.8:53

Request

content-signature-2.cdn.mozilla.net

IN A

Response

content-signature-2.cdn.mozilla.net

IN CNAME

content-signature-chains.prod.autograph.services.mozaws.net

content-signature-chains.prod.autograph.services.mozaws.net

IN CNAME

prod.content-signature-chains.prod.webservices.mozgcp.net

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

shavar.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.services.mozilla.com

IN A

Response

shavar.services.mozilla.com

IN CNAME

shavar.prod.mozaws.net

shavar.prod.mozaws.net

IN A

44.241.14.171

shavar.prod.mozaws.net

IN A

44.242.121.21

shavar.prod.mozaws.net

IN A

52.33.222.107
DNS

push.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

push.services.mozilla.com

IN A

Response

push.services.mozilla.com

IN CNAME

autopush.prod.mozaws.net

autopush.prod.mozaws.net

IN A

34.107.243.93
POST

https://spocs.getpocket.com/spocs

firefox.exe

Remote address:

34.117.188.166:443

Request

POST /spocs HTTP/2.0
host: spocs.getpocket.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
content-length: 191
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
GET

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30

firefox.exe

Remote address:

34.120.5.221:443

Request

GET /v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30 HTTP/2.0
host: getpocket.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-none-match: W/"56d6-dFfCG2D9jX7O+nqkg//gqjhKE2w"
te: trailers
GET

https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19

firefox.exe

Remote address:

104.26.14.176:443

Request

GET /en/product/479/download-hex-rays-ida-pro-crack-19 HTTP/2.0
host: downloaddevtools.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
upgrade-insecure-requests: 1
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
te: trailers

Response

HTTP/2.0 200

date: Mon, 01 Jul 2024 16:40:51 GMT
content-type: text/html; charset=utf-8
cache-control: public, must-revalidate, max-age=300, s-max-age=300, max-age=300, s-maxage=300
expires: Mon, 01 Jul 2024 16:45:49 GMT
last-modified: Wed, 13 Dec 2023 08:17:26 GMT
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
set-cookie: __RequestVerificationToken=MePAluQpm1s_mjY3-87xKXaqbNIdKV-BxXAHuGn3AL-KKblU_cNWJzZk6Iamkg8hGz8oBCX2N8LQqhkGiHJzdYRNk341; path=/; secure; HttpOnly; SameSite=Lax
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L5nJ%2Fk2VgDrfrUmMIwBMX2imRkPPx8b9gYJXTLR2LGgf9VqJKof5PATS0j0LMusNgv0FgTmTKv%2BaF%2BI6Dv0egDneDks5yrfmiFl3Eamx3RvkQ2Yd1v%2Fk1syk4b72xQQcTGbVhXUc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
expect-ct: max-age=86400, enforce
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
server: cloudflare
cf-ray: 89c7d70cda9e52d0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
if-modified-since: Sat, 20 Apr 2024 11:51:10 GMT
if-none-match: "b4944a0f4143c705f938452dfddd53cd"
te: trailers

Response

HTTP/2.0 200

x-amz-id-2: kBHdfjeadNgLS727+DoMHe66z8GGW7mE0cHi88um4ns46iz+fNObo7rzBSrIhQN4QhixBbZdfJE=
x-amz-request-id: RVHF3FHYXZ3182WY
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5352
via: 1.1 google
date: Mon, 01 Jul 2024 16:21:09 GMT
age: 1182
last-modified: Thu, 20 Jun 2024 10:34:55 GMT
etag: "47d6d9d5083484ace8a341375cec41e7"
content-type: binary/octet-stream
etag: "47d6d9d5083484ace8a341375cec41e7"
content-type: binary/octet-stream
GET

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain

firefox.exe

Remote address:

34.160.144.191:443

Request

GET /chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain HTTP/2.0
host: content-signature-2.cdn.mozilla.net
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
GET

https://contile.services.mozilla.com/v1/tiles

firefox.exe

Remote address:

34.117.188.166:443

Request

GET /v1/tiles HTTP/2.0
host: contile.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN A

Response

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN A

Response

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

downloaddevtools.com

firefox.exe

Remote address:

8.8.8.8:53

Request

downloaddevtools.com

IN A

Response

downloaddevtools.com

IN A

104.26.14.176

downloaddevtools.com

IN A

104.26.15.176

downloaddevtools.com

IN A

172.67.69.185
DNS

downloaddevtools.com

firefox.exe

Remote address:

8.8.8.8:53

Request

downloaddevtools.com

IN AAAA

Response

downloaddevtools.com

IN AAAA

2606:4700:20::ac43:45b9

downloaddevtools.com

IN AAAA

2606:4700:20::681a:eb0

downloaddevtools.com

IN AAAA

2606:4700:20::681a:fb0
DNS

firefox.settings.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

firefox.settings.services.mozilla.com

IN A

Response

firefox.settings.services.mozilla.com

IN CNAME

prod.remote-settings.prod.webservices.mozgcp.net

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.ads.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN A

34.160.144.191
DNS

prod.pocket.prod.cloudops.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

Response

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

144.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.107.17.2.in-addr.arpa

IN PTR

Response

144.107.17.2.in-addr.arpa

IN PTR

a2-17-107-144deploystaticakamaitechnologiescom
DNS

221.5.120.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

221.5.120.34.in-addr.arpa

IN PTR

Response

221.5.120.34.in-addr.arpa

IN PTR

221512034bcgoogleusercontentcom
DNS

176.14.26.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.14.26.104.in-addr.arpa

IN PTR

Response
DNS

prod.content-signature-chains.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

Response

prod.content-signature-chains.prod.webservices.mozgcp.net

IN AAAA

2600:1901:0:92a9::
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN A

Response

contile.services.mozilla.com

IN A

34.117.188.166
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN A

Response

autopush.prod.mozaws.net

IN A

34.107.243.93
POST

https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2

firefox.exe

Remote address:

44.241.14.171:443

Request

POST /downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 582
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache

Response

HTTP/1.1 200 OK

Content-Type: application/octet-stream
Date: Mon, 01 Jul 2024 16:40:50 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
if-modified-since: Fri, 25 Mar 2022 17:45:46 GMT
if-none-match: "1648230346554"
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:11:33 GMT
age: 1758
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:11:33 GMT
age: 1758
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
GET

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

firefox.exe

Remote address:

34.149.100.209:443

Request

GET /v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185 HTTP/2.0
host: firefox.settings.services.mozilla.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: application/json
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
content-type: application/json
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:11:33 GMT
age: 1758
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:11:33 GMT
age: 1758
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:11:33 GMT
age: 1758
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 232
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:11:33 GMT
age: 1758
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
DNS

firefox.exe

Remote address:

34.149.100.209:443

Response

HTTP/2.0 200

server: nginx
content-length: 2377
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Backoff, Alert, Content-Type
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
via: 1.1 google
date: Mon, 01 Jul 2024 16:07:57 GMT
age: 1974
last-modified: Fri, 28 Jun 2024 00:00:13 GMT
content-type: application/json
last-modified: Mon, 01 Jul 2024 15:57:10 GMT
content-type: application/json
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A

Response

shavar.prod.mozaws.net

IN A

44.242.121.21

shavar.prod.mozaws.net

IN A

44.241.14.171

shavar.prod.mozaws.net

IN A

52.33.222.107
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN A
DNS

contile.services.mozilla.com

firefox.exe

Remote address:

8.8.8.8:53

Request

contile.services.mozilla.com

IN AAAA

Response
DNS

autopush.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

autopush.prod.mozaws.net

IN AAAA

Response
GET

https://push.services.mozilla.com/

firefox.exe

Remote address:

34.107.243.93:443

Request

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uSntKebQhZPHZ2Qw1vT+Tg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

Response

HTTP/1.1 101 Switching Protocols

sec-websocket-accept: U00i+Tug1t+54nek4Q1nEtMyrGc=
date: Mon, 01 Jul 2024 16:40:49 GMT
Via: 1.1 google
Upgrade: websocket
Connection: Upgrade
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN A

Response

prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.149.100.209
DNS

prod.remote-settings.prod.webservices.mozgcp.net

firefox.exe

Remote address:

8.8.8.8:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

171.14.241.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.14.241.44.in-addr.arpa

IN PTR

Response

171.14.241.44.in-addr.arpa

IN PTR

ec2-44-241-14-171 us-west-2compute amazonawscom
DNS

138.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.32.126.40.in-addr.arpa

IN PTR

Response
DNS

shavar.prod.mozaws.net

firefox.exe

Remote address:

8.8.8.8:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

static.cloudflareinsights.com

firefox.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
GET

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

firefox.exe

Remote address:

104.16.80.73:443

Request

GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/2.0
host: static.cloudflareinsights.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: https://downloaddevtools.com
sec-fetch-dest: script
sec-fetch-mode: cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 200

date: Mon, 01 Jul 2024 16:40:51 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/"2024.6.1"
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 89c7d7189f0a775b-LHR
content-encoding: gzip
DNS

static.cloudflareinsights.com

firefox.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN A

Response

static.cloudflareinsights.com

IN A

104.16.80.73

static.cloudflareinsights.com

IN A

104.16.79.73
DNS

static.cloudflareinsights.com

firefox.exe

Remote address:

8.8.8.8:53

Request

static.cloudflareinsights.com

IN AAAA

Response

static.cloudflareinsights.com

IN AAAA

2606:4700::6810:4f49

static.cloudflareinsights.com

IN AAAA

2606:4700::6810:5049
DNS

73.80.16.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

73.80.16.104.in-addr.arpa

IN PTR

Response
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A
DNS

www.clarity.ms

firefox.exe

Remote address:

8.8.8.8:53

Request

www.clarity.ms

IN A

Response

www.clarity.ms

IN CNAME

clarity.azurefd.net

clarity.azurefd.net

IN CNAME

azurefd-t-prod.trafficmanager.net

azurefd-t-prod.trafficmanager.net

IN CNAME

shed.dual-low.s-part-0036.t-0009.t-msedge.net

shed.dual-low.s-part-0036.t-0009.t-msedge.net

IN CNAME

s-part-0036.t-0009.t-msedge.net

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

s-part-0036.t-0009.t-msedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

s-part-0036.t-0009.t-msedge.net

IN A

Response

s-part-0036.t-0009.t-msedge.net

IN A

13.107.246.64
DNS

s-part-0036.t-0009.t-msedge.net

firefox.exe

Remote address:

8.8.8.8:53

Request

s-part-0036.t-0009.t-msedge.net

IN AAAA

Response

s-part-0036.t-0009.t-msedge.net

IN AAAA

2620:1ec:bdf::64
DNS

99.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

99.201.58.216.in-addr.arpa

IN PTR

Response

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f31e100net

99.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f99�G

99.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f3�G
DNS

74.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

74.204.58.216.in-addr.arpa

IN PTR

Response

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f101e100net

74.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f10�H

74.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f74�H
GET

https://www.clarity.ms/tag/kdia3tg7g8

firefox.exe

Remote address:

13.107.246.64:443

Request

GET /tag/kdia3tg7g8 HTTP/2.0
host: www.clarity.ms
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers

Response

HTTP/2.0 502

date: Mon, 01 Jul 2024 16:40:52 GMT
content-type: text/html
content-length: 1379
cache-control: no-store
x-azure-ref: 20240701T164052Z-165bd8dd578l8t6f1ssqrm30c8000000081g000000003fff
x-cache: CONFIG_NOCACHE
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.187.196
DNS

www.google.com

firefox.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:81f::2004
GET

https://www.google.com/recaptcha/api.js?hl=en

firefox.exe

Remote address:

142.250.187.196:443

Request

GET /recaptcha/api.js?hl=en HTTP/2.0
host: www.google.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
sec-fetch-dest: script
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
te: trailers
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN A

Response

region1.google-analytics.com

IN A

216.239.34.36

region1.google-analytics.com

IN A

216.239.32.36
DNS

region1.google-analytics.com

firefox.exe

Remote address:

8.8.8.8:53

Request

region1.google-analytics.com

IN AAAA

Response

region1.google-analytics.com

IN AAAA

2001:4860:4802:34::36

region1.google-analytics.com

IN AAAA

2001:4860:4802:32::36
POST

https://region1.google-analytics.com/g/collect?v=2&tid=G-JH1LJWQY28&gtm=45je46q0v867756891za200&_p=1719852051063&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=267674791.1719852052&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1719852052&sct=1&seg=0&dl=https%3A%2F%2Fdownloaddevtools.com%2Fen%2Fproduct%2F479%2Fdownload-hex-rays-ida-pro-crack-19&dt=Download%20Hex-Rays%20IDA%20Pro%20v8.3.230608%20%2B%20CRACK&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3665&_z=fetch

firefox.exe

Remote address:

216.239.34.36:443

Request

POST /g/collect?v=2&tid=G-JH1LJWQY28&gtm=45je46q0v867756891za200&_p=1719852051063&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=267674791.1719852052&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1719852052&sct=1&seg=0&dl=https%3A%2F%2Fdownloaddevtools.com%2Fen%2Fproduct%2F479%2Fdownload-hex-rays-ida-pro-crack-19&dt=Download%20Hex-Rays%20IDA%20Pro%20v8.3.230608%20%2B%20CRACK&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3665&_z=fetch HTTP/2.0
host: region1.google-analytics.com
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
accept: */*
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br
origin: null
sec-fetch-dest: empty
sec-fetch-mode: no-cors
sec-fetch-site: cross-site
pragma: no-cache
cache-control: no-cache
content-length: 0
te: trailers
DNS

64.246.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

64.246.107.13.in-addr.arpa

IN PTR

Response
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

196.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.187.250.142.in-addr.arpa

IN PTR

Response

196.187.250.142.in-addr.arpa

IN PTR

lhr25s33-in-f41e100net
DNS

104.201.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.201.58.216.in-addr.arpa

IN PTR

Response

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f1041e100net

104.201.58.216.in-addr.arpa

IN PTR

lhr48s48-in-f8�J

104.201.58.216.in-addr.arpa

IN PTR

prg03s02-in-f8�J
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f31e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f195�H

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�H
DNS

195.212.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.212.58.216.in-addr.arpa

IN PTR

Response

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f1951e100net

195.212.58.216.in-addr.arpa

IN PTR

ams16s21-in-f3�J

195.212.58.216.in-addr.arpa

IN PTR

lhr25s27-in-f3�J
DNS

14.213.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.213.58.216.in-addr.arpa

IN PTR

Response

14.213.58.216.in-addr.arpa

IN PTR

lhr25s25-in-f141e100net

14.213.58.216.in-addr.arpa

IN PTR

ber01s14-in-f14�H
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

36.34.239.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

36.34.239.216.in-addr.arpa

IN PTR

Response
DNS

196.249.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.249.167.52.in-addr.arpa

IN PTR

Response
DNS

97.17.167.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

97.17.167.52.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

21.121.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.121.18.2.in-addr.arpa

IN PTR

Response

21.121.18.2.in-addr.arpa

IN PTR

a2-18-121-21deploystaticakamaitechnologiescom

127.0.0.1:58186

firefox.exe
34.117.188.166:443

https://spocs.getpocket.com/spocs

tls, http2

firefox.exe

1.8kB
5.6kB
12
13

HTTP Request

POST https://spocs.getpocket.com/spocs
34.120.5.221:443

https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30

tls, http2

firefox.exe

1.7kB
13.1kB
12
17

HTTP Request

GET https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=40249-e88c401e1b1f2242d9e441c4&locale_lang=en-US&region=GB&count=30
104.26.14.176:443

https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19

tls, http2

firefox.exe

1.9kB
26.1kB
15
31

HTTP Request

GET https://downloaddevtools.com/en/product/479/download-hex-rays-ida-pro-crack-19

HTTP Response

200
34.160.144.191:443

https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain

tls, http2

firefox.exe

1.7kB
10.2kB
15
19

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-06-09-11-51-09.chain

HTTP Request

GET https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2024-08-09-10-34-54.chain

HTTP Response

200
34.117.188.166:443

https://contile.services.mozilla.com/v1/tiles

tls, http2

firefox.exe

1.5kB
8.1kB
11
14

HTTP Request

GET https://contile.services.mozilla.com/v1/tiles
34.107.243.93:443

push.services.mozilla.com

tls, http2

firefox.exe

1.4kB
4.1kB
9
9
44.241.14.171:443

https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2

tls, http

firefox.exe

2.2kB
3.7kB
10
9

HTTP Request

POST https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=110.0&pver=2.2

HTTP Response

200
34.149.100.209:443

https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

tls, http2

firefox.exe

2.3kB
7.9kB
18
20

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?collection=partitioning-exempt-urls&bucket=main&_expected=0

HTTP Request

GET https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/partitioning-exempt-urls/changeset?_expected=1702403047185

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
34.107.243.93:443

https://push.services.mozilla.com/

tls, http

firefox.exe

1.7kB
1.4kB
7
7

HTTP Request

GET https://push.services.mozilla.com/

HTTP Response

101
34.149.100.209:443

firefox.settings.services.mozilla.com

tls, http2

firefox.exe

1.1kB
3.9kB
12
10
104.16.80.73:443

https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

tls, http2

firefox.exe

1.6kB
13.8kB
11
19

HTTP Request

GET https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

HTTP Response

200
127.0.0.1:58194

firefox.exe
13.107.246.64:443

https://www.clarity.ms/tag/kdia3tg7g8

tls, http2

firefox.exe

1.5kB
7.4kB
10
14

HTTP Request

GET https://www.clarity.ms/tag/kdia3tg7g8

HTTP Response

502
142.250.187.196:443

https://www.google.com/recaptcha/api.js?hl=en

tls, http2

firefox.exe

1.9kB
6.7kB
17
20

HTTP Request

GET https://www.google.com/recaptcha/api.js?hl=en
216.239.34.36:443

https://region1.google-analytics.com/g/collect?v=2&tid=G-JH1LJWQY28&gtm=45je46q0v867756891za200&_p=1719852051063&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=267674791.1719852052&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1719852052&sct=1&seg=0&dl=https%3A%2F%2Fdownloaddevtools.com%2Fen%2Fproduct%2F479%2Fdownload-hex-rays-ida-pro-crack-19&dt=Download%20Hex-Rays%20IDA%20Pro%20v8.3.230608%20%2B%20CRACK&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3665&_z=fetch

tls, http2

firefox.exe

2.2kB
6.4kB
16
17

HTTP Request

POST https://region1.google-analytics.com/g/collect?v=2&tid=G-JH1LJWQY28&gtm=45je46q0v867756891za200&_p=1719852051063&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=267674791.1719852052&ul=en-us&sr=1280x720&frm=0&pscdl=noapi&_eu=AAAI&_s=1&sid=1719852052&sct=1&seg=0&dl=https%3A%2F%2Fdownloaddevtools.com%2Fen%2Fproduct%2F479%2Fdownload-hex-rays-ida-pro-crack-19&dt=Download%20Hex-Rays%20IDA%20Pro%20v8.3.230608%20%2B%20CRACK&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3665&_z=fetch

8.8.8.8:53

downloaddevtools.com

dns

firefox.exe

66 B
114 B
1
1

DNS Request

downloaddevtools.com

DNS Response

104.26.14.176

172.67.69.185

104.26.15.176
8.8.8.8:53

spocs.getpocket.com

dns

firefox.exe

65 B
131 B
1
1

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

getpocket.cdn.mozilla.net

dns

firefox.exe

71 B
174 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
8.8.8.8:53

content-signature-2.cdn.mozilla.net

dns

firefox.exe

81 B
235 B
1
1

DNS Request

content-signature-2.cdn.mozilla.net

DNS Response

34.160.144.191
8.8.8.8:53

shavar.services.mozilla.com

dns

firefox.exe

73 B
157 B
1
1

DNS Request

shavar.services.mozilla.com

DNS Response

44.241.14.171

44.242.121.21

52.33.222.107
8.8.8.8:53

push.services.mozilla.com

dns

firefox.exe

71 B
125 B
1
1

DNS Request

push.services.mozilla.com

DNS Response

34.107.243.93
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net

DNS Response

34.117.188.166
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
98 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

34.120.5.221
8.8.8.8:53

downloaddevtools.com

dns

firefox.exe

66 B
114 B
1
1

DNS Request

downloaddevtools.com

DNS Response

104.26.14.176

104.26.15.176

172.67.69.185
8.8.8.8:53

downloaddevtools.com

dns

firefox.exe

66 B
150 B
1
1

DNS Request

downloaddevtools.com

DNS Response

2606:4700:20::ac43:45b9

2606:4700:20::681a:eb0

2606:4700:20::681a:fb0
8.8.8.8:53

firefox.settings.services.mozilla.com

dns

firefox.exe

83 B
161 B
1
1

DNS Request

firefox.settings.services.mozilla.com

DNS Response

34.149.100.209
8.8.8.8:53

prod.ads.prod.webservices.mozgcp.net

dns

firefox.exe

82 B
175 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
119 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

34.160.144.191
8.8.8.8:53

prod.pocket.prod.cloudops.mozgcp.net

dns

firefox.exe

82 B
110 B
1
1

DNS Request

prod.pocket.prod.cloudops.mozgcp.net

DNS Response

2600:1901:0:524c::
8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

144.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

144.107.17.2.in-addr.arpa
8.8.8.8:53

221.5.120.34.in-addr.arpa

dns

71 B
122 B
1
1

DNS Request

221.5.120.34.in-addr.arpa
8.8.8.8:53

176.14.26.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

176.14.26.104.in-addr.arpa
8.8.8.8:53

prod.content-signature-chains.prod.webservices.mozgcp.net

dns

firefox.exe

103 B
131 B
1
1

DNS Request

prod.content-signature-chains.prod.webservices.mozgcp.net

DNS Response

2600:1901:0:92a9::
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
90 B
1
1

DNS Request

contile.services.mozilla.com

DNS Response

34.117.188.166
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
86 B
1
1

DNS Request

autopush.prod.mozaws.net

DNS Response

34.107.243.93
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

136 B
116 B
2
1

DNS Request

shavar.prod.mozaws.net

DNS Request

shavar.prod.mozaws.net

DNS Response

44.242.121.21

44.241.14.171

52.33.222.107
8.8.8.8:53

contile.services.mozilla.com

dns

firefox.exe

74 B
155 B
1
1

DNS Request

contile.services.mozilla.com
8.8.8.8:53

autopush.prod.mozaws.net

dns

firefox.exe

70 B
155 B
1
1

DNS Request

autopush.prod.mozaws.net
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
110 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net

DNS Response

34.149.100.209
8.8.8.8:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

firefox.exe

94 B
187 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
34.117.188.166:443

contile.services.mozilla.com

https

firefox.exe

1.7kB
4.2kB
5
6
34.117.188.166:443

contile.services.mozilla.com

https

firefox.exe

1.7kB
4.2kB
5
6
34.107.243.93:443

autopush.prod.mozaws.net

https

firefox.exe

1.7kB
4.2kB
5
6
8.8.8.8:53

171.14.241.44.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

171.14.241.44.in-addr.arpa
8.8.8.8:53

138.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

138.32.126.40.in-addr.arpa
8.8.8.8:53

shavar.prod.mozaws.net

dns

firefox.exe

68 B
153 B
1
1

DNS Request

shavar.prod.mozaws.net
104.26.14.176:443

downloaddevtools.com

https

firefox.exe

28.8kB
958.8kB
144
851
8.8.8.8:53

static.cloudflareinsights.com

dns

firefox.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
8.8.8.8:53

static.cloudflareinsights.com

dns

firefox.exe

75 B
107 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

104.16.80.73

104.16.79.73
8.8.8.8:53

static.cloudflareinsights.com

dns

firefox.exe

75 B
131 B
1
1

DNS Request

static.cloudflareinsights.com

DNS Response

2606:4700::6810:4f49

2606:4700::6810:5049
8.8.8.8:53

73.80.16.104.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

73.80.16.104.in-addr.arpa
8.8.8.8:53

www.google.com

dns

firefox.exe

120 B
76 B
2
1

DNS Request

www.google.com

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

www.clarity.ms

dns

firefox.exe

60 B
223 B
1
1

DNS Request

www.clarity.ms

DNS Response

13.107.246.64
8.8.8.8:53

s-part-0036.t-0009.t-msedge.net

dns

firefox.exe

77 B
93 B
1
1

DNS Request

s-part-0036.t-0009.t-msedge.net

DNS Response

13.107.246.64
8.8.8.8:53

s-part-0036.t-0009.t-msedge.net

dns

firefox.exe

77 B
105 B
1
1

DNS Request

s-part-0036.t-0009.t-msedge.net

DNS Response

2620:1ec:bdf::64
8.8.8.8:53

99.201.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

99.201.58.216.in-addr.arpa
8.8.8.8:53

74.204.58.216.in-addr.arpa

dns

72 B
171 B
1
1

DNS Request

74.204.58.216.in-addr.arpa
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.187.196
8.8.8.8:53

www.google.com

dns

firefox.exe

60 B
88 B
1
1

DNS Request

www.google.com

DNS Response

2a00:1450:4009:81f::2004
142.250.187.196:443

www.google.com

https

firefox.exe

4.2kB
53.1kB
24
54
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
106 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

216.239.34.36

216.239.32.36
8.8.8.8:53

region1.google-analytics.com

dns

firefox.exe

74 B
130 B
1
1

DNS Request

region1.google-analytics.com

DNS Response

2001:4860:4802:34::36

2001:4860:4802:32::36
216.239.34.36:443

region1.google-analytics.com

https

firefox.exe

1.8kB
7.3kB
6
8
8.8.8.8:53

64.246.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

64.246.107.13.in-addr.arpa
8.8.8.8:53

196.187.250.142.in-addr.arpa

dns

148 B
224 B
2
2

DNS Request

196.187.250.142.in-addr.arpa

DNS Request

196.187.250.142.in-addr.arpa
8.8.8.8:53

104.201.58.216.in-addr.arpa

dns

73 B
171 B
1
1

DNS Request

104.201.58.216.in-addr.arpa
8.8.8.8:53

195.212.58.216.in-addr.arpa

dns

146 B
342 B
2
2

DNS Request

195.212.58.216.in-addr.arpa

DNS Request

195.212.58.216.in-addr.arpa
8.8.8.8:53

14.213.58.216.in-addr.arpa

dns

72 B
141 B
1
1

DNS Request

14.213.58.216.in-addr.arpa
8.8.8.8:53

36.34.239.216.in-addr.arpa

dns

144 B
264 B
2
2

DNS Request

36.34.239.216.in-addr.arpa

DNS Request

36.34.239.216.in-addr.arpa
8.8.8.8:53

196.249.167.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

196.249.167.52.in-addr.arpa
8.8.8.8:53

97.17.167.52.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

97.17.167.52.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

21.121.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

21.121.18.2.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
9f4eacf68d1a0dbd332a4ea4ab48ace9

SHA1
df669dfbfd18887bd10286f96a8286dfc6d1afcb

SHA256
cfacb23e905045e5bd035a154b4cb1eedcb7a42754290ecc2b479173625ba646

SHA512
cfe5f412a7bbe074230b9a7625fc0a6028f8566a89d9ce473f4d6c03ee1f02e28f06e0016733a97d472c017a4af80ed773e217f32e49eef4f63d82bac8c66bc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs-1.js

Filesize
7KB

MD5
db142affde6fb65a846001fc4d16cd7a

SHA1
eec66392fa6e09a153c32c3c26f3159e1a662722

SHA256
fcc2f9699522395c2076bebacfc183c48616b5bdf63c161fd635c0ab451eb8eb

SHA512
968d5834d7d427574971e08cf246c3ec77d62a4dad960a1f257fcd8a34ff6d3418df1ce28847db9fa24797d78e61782eee168ed348c035e57fbb9454743b261b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\prefs.js

Filesize
6KB

MD5
ee2488d4baba3d4d2471d16fd01a8f0a

SHA1
684491c9ea5fc08b4e3d5ea811e24bee01ee8db5

SHA256
b4611103d44eeaae4319017046d347210faa110f8d1c3947a09f131e6ccdcdd7

SHA512
d8ab02e34d3bdd8e729075a62f90d99e2ffe3627e521ed44898c17016ca8242872ae0e9648b87ccc253ee0faf46ea5bbe2b4b68bf3bbfc9bc01c8cf08ae2b3ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
873f991a49b771bf43e9213b0ea5c815

SHA1
84744049b3c47f5b275531a082e754f0e1be8dbf

SHA256
0a31a7720fef8522cd8c0338678046b917fabab7767ea30798e9c9e3b7cf92d4

SHA512
cc6494a09d1d3bb500a7c226177834ad3951c60ca05a9262741bb592890a5dcdb91788969f43705ae3446d7c8ca7c0caeab7914209c7cf053f7a7d34ad51e1b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
0b1ddeb62dccbe2e5ff122ed45e80c59

SHA1
2f06dfab2de0308a6b7e519be9126db432734c14

SHA256
ee62faed881652ee8afc04ff37604e9389ba8336aeb23461e253ddd79c4acbd1

SHA512
052da417ef625de632359b94b125bffddb198c119103442265fb2e8b870968c7e9e82aca9921cfd187cbd73d78f275733bd87a98505a1db4161846839500a4c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xs8l7p8u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
47291f5bffb17c1658b2811eee4df7be

SHA1
e030537635d7c86eb9fe73d9c7fc05f5c4165545

SHA256
1385c163850263d9c6806b1defd58aa25e00b04a0faf83446c25ec92ac761f31

SHA512
7582a960472b794ae598be82cf65857cb51b389ac657c20e394d041db7a46a1eae761a2530090f67ec0e4d90edf84a7139593bc846731130b14b44a13b8d4c2b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request