hxxps://drive[.]google[.]com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing

Resubmissions

05/09/2024, 15:52 UTC

240905-tbbpaavcpc 6

05/09/2024, 15:49 UTC

240905-s9jbcatfkl 6

13/07/2024, 12:36 UTC

240713-ps1mhstaje 6

Analysis

max time kernel
1s
max time network
150s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
05/09/2024, 15:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing

Score

3^/10

discovery

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 64 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/resource	firefox
File opened for reading	/sys/bus/pci/devices	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/resource	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:00.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:04.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:03.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/vendor	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.3/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:02.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:05.0/class	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.1/device	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:06.0/irq	firefox
File opened for reading	/sys/bus/pci/devices/0000:00:01.0/class	firefox

Reads runtime system information 16 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/task/1600/stat	firefox
File opened for reading	/proc/self/fd	dbus-send
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/task/1614/stat	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/task/1587/stat	firefox
File opened for reading	/proc/self/stat	firefox
File opened for reading	/proc/filesystems	firefox
File opened for reading	/proc/self/fd	dbus-send
File opened for reading	/proc/filesystems	sed

/usr/bin/xdg-open
xdg-open "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
1⤵
PID:1483
- /usr/bin/dbus-send
  dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
  2⤵
  - Reads runtime system information
  PID:1484
- - /usr/bin/dbus-launch
    dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
    3⤵
    PID:1485
- /bin/grep
  grep " = \\\"xfce4\\\"\$"
  2⤵
  PID:1490
- /usr/bin/xprop
  xprop -root _DT_SAVE_MODE
  2⤵
  PID:1489
- /bin/grep
  grep -i "^xfce_desktop_window"
  2⤵
  PID:1495
- /usr/bin/xprop
  xprop -root
  2⤵
  PID:1494
- /bin/grep
  grep -q "^Enlightenment"
  2⤵
  PID:1500
- /bin/uname
  uname
  2⤵
  PID:1501
- /bin/grep
  grep -q "^file://"
  2⤵
  PID:1503
- /bin/egrep
  egrep -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /usr/local/sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /usr/local/bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /usr/sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /usr/bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:1505
- /bin/sed
  sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
  2⤵
  - Reads runtime system information
  PID:1508
- /usr/bin/xdg-mime
  xdg-mime query default x-scheme-handler/https
  2⤵
  PID:1509
- - /usr/bin/dbus-send
    dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
    3⤵
    - Reads runtime system information
    PID:1510
  - - /usr/bin/dbus-launch
      dbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr
      4⤵
      PID:1511
- - /bin/grep
    grep " = \\\"xfce4\\\"\$"
    3⤵
    PID:1513
- - /usr/bin/xprop
    xprop -root _DT_SAVE_MODE
    3⤵
    PID:1512
- - /bin/grep
    grep -i "^xfce_desktop_window"
    3⤵
    PID:1521
- - /usr/bin/xprop
    xprop -root
    3⤵
    PID:1520
- - /bin/grep
    grep -q "^Enlightenment"
    3⤵
    PID:1526
- - /bin/uname
    uname
    3⤵
    PID:1527
- - /bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:1530
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:1535
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:1534
- - /usr/bin/head
    head -n 1
    3⤵
    PID:1533
- - /bin/grep
    grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
    3⤵
    PID:1532
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:1540
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:1539
- - /usr/bin/head
    head -n 1
    3⤵
    PID:1538
- - /bin/grep
    grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
    3⤵
    PID:1537
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:1545
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:1544
- - /usr/bin/head
    head -n 1
    3⤵
    PID:1543
- - /bin/grep
    grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
    3⤵
    PID:1542
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:1550
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:1549
- - /usr/bin/head
    head -n 1
    3⤵
    PID:1548
- - /bin/grep
    grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
    3⤵
    PID:1547
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:1555
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:1554
- - /usr/bin/head
    head -n 1
    3⤵
    PID:1553
- - /bin/grep
    grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
    3⤵
    PID:1552
- /bin/sed
  sed "s/:/ /g"
  2⤵
  - Reads runtime system information
  PID:1558
- /bin/sed
  sed -e "s|-|/|"
  2⤵
  - Reads runtime system information
  PID:1561
- /bin/sed
  sed -e "s|-|/|"
  2⤵
  - Reads runtime system information
  PID:1564
- /usr/bin/cut
  cut "-d=" -f 2-
  2⤵
  PID:1569
- /usr/bin/which
  which firefox
  2⤵
  PID:1570
- /usr/bin/cut
  cut "-d=" -f 2-
  2⤵
  PID:1573
- /usr/bin/cut
  cut "-d=" -f 2-
  2⤵
  PID:1576
- /usr/bin/cut
  cut "-d=" -f 2-
  2⤵
  PID:1584
- /usr/bin/firefox
  /usr/bin/firefox "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
  2⤵
  PID:1585
- - /usr/bin/which
    which /usr/bin/firefox
    3⤵
    PID:1586
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1585
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1597
- /usr/bin/x-www-browser
  x-www-browser "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
  2⤵
  PID:1598
- - /usr/bin/which
    which /usr/bin/x-www-browser
    3⤵
    PID:1599
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1598
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1608
- /usr/bin/firefox
  firefox "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
  2⤵
  PID:1612
- - /usr/bin/which
    which /usr/bin/firefox
    3⤵
    PID:1613
- /usr/lib/firefox/firefox
  /usr/lib/firefox/firefox "https://drive.google.com/file/d/1lcS3silVTAliDy5z1KBAZU2rb7vUg-AF/view?usp=sharing"
  2⤵
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:1612
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1623
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1625
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1630
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1632
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1634
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1636
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1638
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1640
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1642
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1644
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1646
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1648
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1650
- /bin/grep
  grep -q "%s"
  2⤵
  PID:1652

Network

DNS

spocs.getpocket.com

Remote address:

1.1.1.1:53

Request

spocs.getpocket.com

IN A

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net

prod.ads.prod.webservices.mozgcp.net

IN A

34.117.188.166
DNS

spocs.getpocket.com

Remote address:

1.1.1.1:53

Request

spocs.getpocket.com

IN AAAA

Response

spocs.getpocket.com

IN CNAME

prod.ads.prod.webservices.mozgcp.net
DNS

getpocket.cdn.mozilla.net

Remote address:

1.1.1.1:53

Request

getpocket.cdn.mozilla.net

IN A

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN A

34.120.5.221
DNS

getpocket.cdn.mozilla.net

Remote address:

1.1.1.1:53

Request

getpocket.cdn.mozilla.net

IN AAAA

Response

getpocket.cdn.mozilla.net

IN CNAME

getpocket-cdn.prod.mozaws.net

getpocket-cdn.prod.mozaws.net

IN CNAME

prod.pocket.prod.cloudops.mozgcp.net

prod.pocket.prod.cloudops.mozgcp.net

IN AAAA

2600:1901:0:524c::
DNS

prod.ads.prod.webservices.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.ads.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

shavar.prod.mozaws.net

Remote address:

1.1.1.1:53

Request

shavar.prod.mozaws.net

IN AAAA

Response
DNS

prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

tracking-protection.cdn.mozilla.net

Remote address:

1.1.1.1:53

Request

tracking-protection.cdn.mozilla.net

IN A

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net

tracking-protection.prod.mozaws.net

IN A

34.120.158.37
DNS

tracking-protection.cdn.mozilla.net

Remote address:

1.1.1.1:53

Request

tracking-protection.cdn.mozilla.net

IN AAAA

Response

tracking-protection.cdn.mozilla.net

IN CNAME

tracking-protection.prod.mozaws.net
DNS

tracking-protection.prod.mozaws.net

Remote address:

1.1.1.1:53

Request

tracking-protection.prod.mozaws.net

IN AAAA

Response
DNS

firefox-settings-attachments.cdn.mozilla.net

Remote address:

1.1.1.1:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN A

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

attachments.prod.remote-settings.prod.webservices.mozgcp.net

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN A

34.117.121.53
DNS

firefox-settings-attachments.cdn.mozilla.net

Remote address:

1.1.1.1:53

Request

firefox-settings-attachments.cdn.mozilla.net

IN AAAA

Response

firefox-settings-attachments.cdn.mozilla.net

IN CNAME

attachments.prod.remote-settings.prod.webservices.mozgcp.net
DNS

attachments.prod.remote-settings.prod.webservices.mozgcp.net

Remote address:

1.1.1.1:53

Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.180.4
DNS

www.google.com

Remote address:

1.1.1.1:53

Request

www.google.com

IN AAAA

Response

www.google.com

IN AAAA

2a00:1450:4009:821::2004
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA

Response
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA
DNS

prod.balrog.prod.cloudops.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.balrog.prod.cloudops.mozgcp.net

IN AAAA
DNS

location.services.mozilla.com

Remote address:

1.1.1.1:53

Request

location.services.mozilla.com

IN A

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net

prod.classify-client.prod.webservices.mozgcp.net

IN A

35.190.72.216
DNS

location.services.mozilla.com

Remote address:

1.1.1.1:53

Request

location.services.mozilla.com

IN AAAA

Response

location.services.mozilla.com

IN CNAME

prod.classify-client.prod.webservices.mozgcp.net
DNS

prod.classify-client.prod.webservices.mozgcp.net

Remote address:

1.1.1.1:53

Request

prod.classify-client.prod.webservices.mozgcp.net

IN AAAA

Response
DNS

archive.mozilla.org

Remote address:

1.1.1.1:53

Request

archive.mozilla.org

IN A

Response

archive.mozilla.org

IN A

34.117.35.28
DNS

archive.mozilla.org

Remote address:

1.1.1.1:53

Request

archive.mozilla.org

IN AAAA

Response

archive.mozilla.org

IN AAAA

2600:1901:0:b9fd::
DNS

ciscobinary.openh264.org

Remote address:

1.1.1.1:53

Request

ciscobinary.openh264.org

IN A

Response

ciscobinary.openh264.org

IN CNAME

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com

IN CNAME

a17.rackcdn.com

a17.rackcdn.com

IN CNAME

a17.rackcdn.com.mdc.edgesuite.net

a17.rackcdn.com.mdc.edgesuite.net

IN CNAME

a19.dscg10.akamai.net

a19.dscg10.akamai.net

IN A

88.221.134.243

a19.dscg10.akamai.net

IN A

88.221.134.209
DNS

a19.dscg10.akamai.net

Remote address:

1.1.1.1:53

Request

a19.dscg10.akamai.net

IN AAAA

Response

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86f3

a19.dscg10.akamai.net

IN AAAA

2a02:26f0:a1::58dd:86d1
GET

http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

Remote address:

88.221.134.209:80

Request

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/113.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

Response

HTTP/1.1 200 OK

Last-Modified: Wed, 10 Apr 2024 18:44:25 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1712774664.95299
Content-Type: application/zip
X-Trans-Id: txd90ec9b4ae4346178833d-006618a6badfw1
Cache-Control: public, max-age=145970
Expires: Sat, 07 Sep 2024 08:23:49 GMT
Date: Thu, 05 Sep 2024 15:50:59 GMT
Connection: keep-alive

185.125.188.62:443

tls

135 B
2
185.125.188.62:443

tls

135 B
2
151.101.1.91:443

tls, https

233 B
40 B
1
1
151.101.1.91:443

extensions.gnome.org

tls

5.0kB
222.2kB
85
173
195.181.164.14:443

tls, https

22.2kB
86
34.120.5.221:443

getpocket.cdn.mozilla.net

tls

2.1kB
13.2kB
16
20
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

7.2kB
368.9kB
116
271
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

26.6kB
1.6MB
390
1125
34.117.121.53:443

firefox-settings-attachments.cdn.mozilla.net

tls

421.1kB
4.1MB
3669
5355
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.0kB
8.8kB
14
18
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.0kB
4.2kB
14
12
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.0kB
2.3kB
14
11
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.0kB
5.1kB
13
14
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.0kB
5.0kB
13
12
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.0kB
9.1kB
14
15
34.120.158.37:443

tracking-protection.cdn.mozilla.net

tls

2.1kB
14.2kB
15
20
142.250.180.4:443

www.google.com

tls

2.8kB
11.5kB
19
27
35.190.72.216:443

location.services.mozilla.com

tls

1.8kB
4.9kB
13
15
34.117.35.28:443

archive.mozilla.org

tls

2.6kB
21.7kB
26
27
88.221.134.209:80

http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

http

14.5kB
534.0kB
215
393

HTTP Request

GET http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

HTTP Response

200

224.0.0.251:5353

146 B
2
1.1.1.1:53

spocs.getpocket.com

dns

76 B
142 B
1
1

DNS Request

spocs.getpocket.com

DNS Response

34.117.188.166
1.1.1.1:53

spocs.getpocket.com

dns

76 B
216 B
1
1

DNS Request

spocs.getpocket.com
1.1.1.1:53

getpocket.cdn.mozilla.net

dns

82 B
185 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

34.120.5.221
1.1.1.1:53

getpocket.cdn.mozilla.net

dns

82 B
197 B
1
1

DNS Request

getpocket.cdn.mozilla.net

DNS Response

2600:1901:0:524c::
1.1.1.1:53

prod.ads.prod.webservices.mozgcp.net

dns

93 B
186 B
1
1

DNS Request

prod.ads.prod.webservices.mozgcp.net
1.1.1.1:53

shavar.prod.mozaws.net

dns

79 B
164 B
1
1

DNS Request

shavar.prod.mozaws.net
1.1.1.1:53

prod.remote-settings.prod.webservices.mozgcp.net

dns

105 B
198 B
1
1

DNS Request

prod.remote-settings.prod.webservices.mozgcp.net
1.1.1.1:53

tracking-protection.cdn.mozilla.net

dns

92 B
154 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net

DNS Response

34.120.158.37
1.1.1.1:53

tracking-protection.cdn.mozilla.net

dns

92 B
223 B
1
1

DNS Request

tracking-protection.cdn.mozilla.net
1.1.1.1:53

tracking-protection.prod.mozaws.net

dns

92 B
177 B
1
1

DNS Request

tracking-protection.prod.mozaws.net
1.1.1.1:53

firefox-settings-attachments.cdn.mozilla.net

dns

101 B
188 B
1
1

DNS Request

firefox-settings-attachments.cdn.mozilla.net

DNS Response

34.117.121.53
1.1.1.1:53

firefox-settings-attachments.cdn.mozilla.net

dns

101 B
265 B
1
1

DNS Request

firefox-settings-attachments.cdn.mozilla.net
1.1.1.1:53

attachments.prod.remote-settings.prod.webservices.mozgcp.net

dns

117 B
210 B
1
1

DNS Request

attachments.prod.remote-settings.prod.webservices.mozgcp.net
1.1.1.1:53

www.google.com

dns

71 B
87 B
1
1

DNS Request

www.google.com

DNS Response

142.250.180.4
1.1.1.1:53

www.google.com

dns

71 B
99 B
1
1

DNS Request

www.google.com

DNS Response

2a00:1450:4009:821::2004
142.250.180.4:443

www.google.com

https

77.1kB
399.4kB
165
359
1.1.1.1:53

prod.balrog.prod.cloudops.mozgcp.net

dns

372 B
186 B
4
1

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net

DNS Request

prod.balrog.prod.cloudops.mozgcp.net
1.1.1.1:53

location.services.mozilla.com

dns

86 B
164 B
1
1

DNS Request

location.services.mozilla.com

DNS Response

35.190.72.216
1.1.1.1:53

location.services.mozilla.com

dns

86 B
238 B
1
1

DNS Request

location.services.mozilla.com
1.1.1.1:53

prod.classify-client.prod.webservices.mozgcp.net

dns

105 B
198 B
1
1

DNS Request

prod.classify-client.prod.webservices.mozgcp.net
35.190.72.216:443

location.services.mozilla.com

https

1.7kB
4.2kB
5
6
1.1.1.1:53

archive.mozilla.org

dns

76 B
92 B
1
1

DNS Request

archive.mozilla.org

DNS Response

34.117.35.28
1.1.1.1:53

archive.mozilla.org

dns

76 B
104 B
1
1

DNS Request

archive.mozilla.org

DNS Response

2600:1901:0:b9fd::
1.1.1.1:53

ciscobinary.openh264.org

dns

81 B
297 B
1
1

DNS Request

ciscobinary.openh264.org

DNS Response

88.221.134.243

88.221.134.209
1.1.1.1:53

a19.dscg10.akamai.net

dns

78 B
134 B
1
1

DNS Request

a19.dscg10.akamai.net

DNS Response

2a02:26f0:a1::58dd:86f3

2a02:26f0:a1::58dd:86d1
34.117.35.28:443

archive.mozilla.org

https

1.5kB
178 B
2
2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.