File name:

dealply.exe

Full analysis: https://app.any.run/tasks/8c3fc37e-0d05-4bb9-8902-276a5f889d4f
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: August 26, 2024, 22:15:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
MD5:

32B762E59CFFCB88EEEA37E968AC69A8

SHA1:

1D2ECE6327BC4FADF268B14D34546AB27DCF969F

SHA256:

2011A00579024566753901C28B51B7682A9E35ED3548601407674AD3AC34565D

SSDEEP:

12288:OsKax0fWbYXXlCCC5tmfeVp2CQDnJPBV+MuxlS:Os3quYn/C5tmfeVp2CgnJr+MurS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • dealply.exe (PID: 2604)

    • Uses Task Scheduler to run other applications

      • ns4C67.tmp (PID: 3244)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • dealply.exe (PID: 2604)

    • Executable content was dropped or overwritten

      • dealply.exe (PID: 2604)

    • Reads the Internet Settings

      • dealply.exe (PID: 2604)

    • Creates/Modifies COM task schedule object

      • dealply.exe (PID: 2604)

    • The process creates files with name similar to system file names

      • dealply.exe (PID: 2604)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • dealply.exe (PID: 2604)

    • Starts application with an unusual extension

      • dealply.exe (PID: 2604)

    • Modifies existing scheduled task

      • schtasks.exe (PID: 3720)

    • Creates a software uninstall entry

      • dealply.exe (PID: 2604)

  • INFO

    • Create files in a temporary directory

      • dealply.exe (PID: 2604)

    • Checks supported languages

      • dealply.exe (PID: 2604)
      • ns4C67.tmp (PID: 3244)
      • ns4E2D.tmp (PID: 3296)
      • wmpnscfg.exe (PID: 2980)

    • Checks proxy server information

      • dealply.exe (PID: 2604)

    • Reads the computer name

      • dealply.exe (PID: 2604)
      • wmpnscfg.exe (PID: 2980)

    • Creates files in the program directory

      • dealply.exe (PID: 2604)

    • Manual execution by a user

      • firefox.exe (PID: 648)
      • wmpnscfg.exe (PID: 2980)

    • Application launched itself

      • firefox.exe (PID: 648)
      • firefox.exe (PID: 3228)
      • iexplore.exe (PID: 2400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | NSIS - Nullsoft Scriptable Install System (94.8)
.exe | Win32 Executable MS Visual C++ (generic) (3.4)
.dll | Win32 Dynamic Link Library (generic) (0.7)
.exe | Win32 Executable (generic) (0.5)
.exe | Generic Win/DOS Executable (0.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:12:05 22:50:41+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 23040
InitializedDataSize: 119808
UninitializedDataSize: 1024
EntryPoint: 0x30cb
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 3.0.0.0
ProductVersionNumber: 3.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: ASCII
CompanyName: DealPly
FileDescription: http://www.dealply.com/
FileVersion: 3.0.0.0
LegalCopyright: Copyright (C) 2011 DealPly Technologies Ltd.
LegalTrademarks: [p:dealply,c:dpwbst,zg:no] - DealPly is a trademark or registered trademark of DealPly Technologies Ltd in the U.S. and/or other countries.
ProductName: DealPly
ProductVersion: 3.0.0.0
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
21
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start dealply.exe firefox.exe no specs firefox.exe no specs firefox.exe ns4c67.tmp no specs schtasks.exe no specs ns4e2d.tmp no specs schtasks.exe no specs iexplore.exe iexplore.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs wmpnscfg.exe no specs dealply.exe no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
648"C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Program Files\DealPly\DealPly.xpi" --attempting-deelevationC:\Program Files\Mozilla Firefox\firefox.exeexplorer.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
832"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.7.1969181432\1285375008" -childID 6 -isForBrowser -prefsHandle 3900 -prefMapHandle 3904 -prefsLen 32679 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b95ab97-134d-4bb8-941f-861aff7bea4e} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3872 186bd840 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1476"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.2.967908352\1005595125" -childID 1 -isForBrowser -prefsHandle 1632 -prefMapHandle 1628 -prefsLen 29565 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e6aad4e-0b64-46bf-8912-c0049934f170} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 2120 115fe560 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
1840"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.6.870230524\995153462" -childID 5 -isForBrowser -prefsHandle 3940 -prefMapHandle 3808 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3481470-0a2c-4114-9f1d-0bf317eb2917} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3748 186bd560 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2076"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.1.718478751\400793670" -parentBuildID 20230710165010 -prefsHandle 1416 -prefMapHandle 1412 -prefsLen 28600 -prefMapSize 244195 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fffbb45-3c09-4e44-b9f7-6fced538ad75} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 1428 ee1c260 socketC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2280"C:\Users\admin\Desktop\dealply.exe" C:\Users\admin\Desktop\dealply.exeexplorer.exe
User:
admin
Company:
DealPly
Integrity Level:
MEDIUM
Description:
http://www.dealply.com/
Exit code:
3221226540
Version:
3.0.0.0
Modules
Images
c:\users\admin\desktop\dealply.exe
c:\windows\system32\ntdll.dll
2400"C:\Program Files\Internet Explorer\iexplore.exe" http://www.dealply.com/go/postinstall/?partner=dealply&channel=dpwbst&installVersionMachine=3000&existingVer=C:\Program Files\Internet Explorer\iexplore.exe
dealply.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2604"C:\Users\admin\Desktop\dealply.exe" C:\Users\admin\Desktop\dealply.exe
explorer.exe
User:
admin
Company:
DealPly
Integrity Level:
HIGH
Description:
http://www.dealply.com/
Exit code:
0
Version:
3.0.0.0
Modules
Images
c:\users\admin\desktop\dealply.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2664"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3228.5.19072095\2127997797" -childID 4 -isForBrowser -prefsHandle 3824 -prefMapHandle 3820 -prefsLen 29163 -prefMapSize 244195 -jsInitHandle 896 -jsInitLen 240908 -parentBuildID 20230710165010 -appDir "C:\Program Files\Mozilla Firefox\browser" - {daad8eda-41b7-48b4-b2c8-18bd3bc62500} 3228 "\\.\pipe\gecko-crash-server-pipe.3228" 3836 186bd6d0 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
115.0.2
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
c:\program files\mozilla firefox\msvcp140.dll
c:\program files\mozilla firefox\vcruntime140.dll
2980"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
29 563
Read events
29 237
Write events
220
Delete events
106

Modification events

(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\Wow6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:path
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Operation:writeName:version
Value:
3.0.7.2
(PID) Process:(2604) dealply.exeKey:HKEY_CURRENT_USER\Software\DealPly
Operation:writeName:ChromeCrxPath
Value:
C:\Program Files\DealPly\DealPly.crx
(PID) Process:(2604) dealply.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\DealPly
Operation:writeName:ChromeCrxPath
Value:
C:\Program Files\DealPly\DealPly.crx
Executable files
15
Suspicious files
88
Text files
60
Unknown types
4

Dropped files

PID
Process
Filename
Type
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\LangDLL.dllexecutable
MD5:9384F4007C492D4FA040924F31C00166
SHA256:60A964095AF1BE79F6A99B22212FEFE2D16F5A0AFD7E707D14394E4143E3F4F5
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\NSISdl.dllexecutable
MD5:A5F8399A743AB7F9C88C645C35B1EBB5
SHA256:DACC88A12D3BA438FDAE3535DC7A5A1D389BCE13ADC993706424874A782E51C9
2604dealply.exeC:\Program Files\DealPly\DealPlyIE.dllexecutable
MD5:53905CD4461961F341C0B41D4D0EC02B
SHA256:C28C50700C5560D834B058E0CA816E1CCD003E77FB58777F55CD4B9D015F9013
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\ioSpecial.iniini
MD5:E2D5070BC28DB1AC745613689FF86067
SHA256:D95AED234F932A1C48A2B1B0D98C60CA31F962310C03158E2884AB4DDD3EA1E0
2604dealply.exeC:\Program Files\DealPly\uninst.exeexecutable
MD5:D5AC7B6717BA5342D44AD7A8782182BC
SHA256:60E83753E743620966B1FA15846F704FCBF389D79067135BD6398774C1C17EB5
3228firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\nsisdt.dllexecutable
MD5:DF4795DFABE3BC9278A73D496CC4B40D
SHA256:2261027077F23C8DBA6B72AF28862832AAA059740D0F5634B46CABB14326DD10
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\InstallOptions.dllexecutable
MD5:325B008AEC81E5AAA57096F05D4212B5
SHA256:C9CD5C9609E70005926AE5171726A4142FFBCCCC771D307EFCD195DAFC1E6B4B
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\ns4C67.tmpexecutable
MD5:ACC2B699EDFEA5BF5AAE45ABA3A41E96
SHA256:168A974EAA3F588D759DB3F47C1A9FDC3494BA1FA1A73A84E5E3B2A4D58ABD7E
2604dealply.exeC:\Users\admin\AppData\Local\Temp\nsk2E5D.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
24
TCP/UDP connections
54
DNS requests
81
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3228
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
unknown
whitelisted
3228
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/canonical.html
unknown
whitelisted
3060
iexplore.exe
GET
404
192.185.41.185:80
http://www.dealply.com/go/postinstall/?partner=dealply&channel=dpwbst&installVersionMachine=3000&existingVer=
unknown
malicious
3228
firefox.exe
POST
200
184.24.77.79:80
http://r10.o.lencr.org/
unknown
unknown
2400
iexplore.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?2d087288017acd30
unknown
whitelisted
3228
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
2400
iexplore.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6ae4a2d7e68c5501
unknown
whitelisted
3228
firefox.exe
POST
200
184.24.77.54:80
http://r11.o.lencr.org/
unknown
unknown
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
whitelisted
1372
svchost.exe
20.44.239.154:443
MICROSOFT-CORP-MSN-AS-BLOCK
SG
unknown
1060
svchost.exe
224.0.0.252:5355
whitelisted
3060
iexplore.exe
192.185.41.185:80
www.dealply.com
UNIFIEDLAYER-AS-1
US
unknown
3228
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
3228
firefox.exe
34.117.188.166:443
contile.services.mozilla.com
GOOGLE-CLOUD-PLATFORM
US
whitelisted
3228
firefox.exe
142.250.186.138:443
safebrowsing.googleapis.com
GOOGLE
US
whitelisted
3228
firefox.exe
184.24.77.54:80
r11.o.lencr.org
Akamai International B.V.
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.74.206
whitelisted
trail.dealply.com
unknown
www.dealply.com
  • 192.185.41.185
unknown
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 93.184.215.14
whitelisted
ipv4only.arpa
  • 192.0.0.171
  • 192.0.0.170
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted
prod.ads.prod.webservices.mozgcp.net
  • 34.117.188.166
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
dealply.exe