URL:

rp.cloud.threatseeker.com

Full analysis: https://app.any.run/tasks/5b6a3016-a0c7-4e1b-9364-c78c4cbd1479
Verdict: Malicious activity
Analysis date: April 04, 2025, 20:24:29
OS: Ubuntu 22.04.2
MD5:

68FBFD3C89C893C8587A91FDADA3A621

SHA1:

69F462149C2789DB199DA0BCD47332A2D251420F

SHA256:

4B31F91499E9CD4092247EBE6B2DB6C30CFED8112E5157AEED112D3B05FB628E

SSDEEP:

3:xVuXHLAm:ruXH0m

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executes commands using command-line interpreter

      • sudo (PID: 40657)
      • firefox (PID: 40658)

    • Check the Environment Variables Related to System Identification (os-release)

      • snapctl (PID: 40717)
      • snapctl (PID: 40748)
      • snapctl (PID: 40712)
      • snapctl (PID: 40754)
      • firefox (PID: 40658)

    • Reads passwd file

      • dumpe2fs (PID: 40683)
      • dumpe2fs (PID: 40690)

  • INFO

    • Checks timezone

      • dumpe2fs (PID: 40683)
      • dumpe2fs (PID: 40690)

    • Creates file in the temporary folder

      • firefox (PID: 40658)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
391
Monitored processes
171
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start dash no specs sudo no specs firefox locale-check no specs snap-seccomp no specs snap-confine no specs dumpe2fs no specs snap-update-ns no specs dumpe2fs no specs snap-update-ns no specs date no specs chmod no specs bash no specs cat no specs bash no specs md5sum no specs md5sum no specs cat no specs grep no specs snapctl no specs snapctl no specs mkdir no specs realpath no specs realpath no specs xdg-user-dirs-update no specs bash no specs realpath no specs bash no specs realpath no specs bash no specs bash no specs realpath no specs realpath no specs bash no specs bash no specs bash no specs realpath no specs realpath no specs realpath no specs bash no specs realpath no specs ln no specs rm no specs ln no specs firefox no specs systemctl no specs snapctl no specs snapctl no specs systemctl no specs systemctl no specs systemctl no specs glxtest no specs snap no specs systemctl no specs firefox no specs firefox no specs systemd-timedated no specs firefox no specs firefox no specs bash no specs dbus-send no specs cut no specs dbus-daemon no specs snap no specs dash no specs dash no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs dash no specs readlink no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs tr no specs dash no specs tr no specs mawk no specs cut no specs basename no specs dash no specs dash no specs grep no specs cut no specs dash no specs readlink no specs firefox no specs firefox no specs bash no specs dbus-send no specs cut no specs dash no specs dash no specs dash no specs dash no specs basename no specs dash no specs dash no specs readlink no specs dash no specs grep no specs cut no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs tr no specs dash no specs tr no specs mawk no specs cut no specs basename no specs dash no specs dash no specs readlink no specs grep no specs cut no specs dash no specs firefox no specs firefox no specs firefox no specs firefox no specs firefox no specs firefox no specs firefox no specs firefox no specs firefox no specs bash no specs dbus-send no specs cut no specs dash no specs dash no specs dash no specs basename no specs dash no specs grep no specs cut no specs dash no specs dash no specs readlink no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs tr no specs dash no specs tr no specs mawk no specs cut no specs basename no specs dash no specs dash no specs readlink no specs grep no specs cut no specs dash no specs

Process information

PID
CMD
Path
Indicators
Parent process
40656/bin/sh -c "DISPLAY=:0 sudo -iu user firefox rp\.cloud\.threatseeker\.com "/usr/bin/dashany-guest-agent
User:
root
Integrity Level:
UNKNOWN
40657sudo -iu user firefox rp.cloud.threatseeker.com/usr/bin/sudodash
User:
root
Integrity Level:
UNKNOWN
40658/snap/firefox/3358/usr/lib/firefox/firefox rp.cloud.threatseeker.com/snap/firefox/3358/usr/lib/firefox/firefox
sudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
40659/usr/bin/locale-check C.UTF-8/usr/bin/locale-checkfirefox
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
40673/snap/snapd/20290/usr/lib/snapd/snap-seccomp version-info/snap/snapd/20290/usr/lib/snapd/snap-seccompfirefox
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
40682/snap/snapd/20290/usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox rp.cloud.threatseeker.com/snap/snapd/20290/usr/lib/snapd/snap-confinefirefox
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40683dumpe2fs -h /dev/sda3/usr/sbin/dumpe2fsudisksd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40684snap-update-ns --from-snap-confine firefox/snap/snapd/20290/usr/lib/snapd/snap-update-nsfirefox
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40690dumpe2fs -h /dev/sda3/usr/sbin/dumpe2fsudisksd
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
40693snap-update-ns --from-snap-confine --user-mounts firefox/snap/snapd/20290/usr/lib/snapd/snap-update-nsfirefox
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
21
TCP/UDP connections
53
DNS requests
92
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.17:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
40658
firefox
POST
2.16.206.148:80
http://r11.o.lencr.org/
unknown
whitelisted
40658
firefox
POST
200
2.16.206.143:80
http://r10.o.lencr.org/
unknown
whitelisted
40658
firefox
POST
200
2.16.206.143:80
http://r10.o.lencr.org/
unknown
whitelisted
40658
firefox
POST
200
2.16.206.148:80
http://r11.o.lencr.org/
unknown
whitelisted
40658
firefox
POST
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
40658
firefox
POST
200
142.250.186.67:80
http://o.pki.goog/we2
unknown
whitelisted
40658
firefox
POST
200
2.16.206.143:80
http://r10.o.lencr.org/
unknown
whitelisted
40658
firefox
POST
200
2.16.206.148:80
http://r11.o.lencr.org/
unknown
whitelisted
40658
firefox
POST
200
142.250.186.67:80
http://o.pki.goog/s/wr3/UTA
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.48:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
484
avahi-daemon
224.0.0.251:5353
unknown
185.125.190.17:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
whitelisted
169.150.255.184:443
odrs.gnome.org
GB
whitelisted
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.58:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
512
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
whitelisted
40658
firefox
75.2.100.102:80
rp.cloud.threatseeker.com
AMAZON-02
US
unknown
40658
firefox
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::98
  • 2620:2d:4002:1::198
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::22
  • 2620:2d:4000:1::97
  • 2001:67c:1562::24
  • 2001:67c:1562::23
  • 2620:2d:4000:1::2a
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::96
  • 2620:2d:4000:1::2b
  • 185.125.190.17
  • 185.125.190.48
  • 185.125.190.97
  • 185.125.190.98
  • 91.189.91.96
  • 91.189.91.98
  • 185.125.190.49
  • 91.189.91.97
  • 185.125.190.96
  • 185.125.190.18
  • 91.189.91.49
  • 91.189.91.48
whitelisted
odrs.gnome.org
  • 169.150.255.184
  • 212.102.56.179
  • 207.211.211.27
  • 195.181.170.19
  • 169.150.255.180
  • 195.181.175.40
  • 37.19.194.81
  • 2a02:6ea0:c700::107
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::112
  • 2a02:6ea0:c700::19
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::18
whitelisted
google.com
  • 142.250.184.206
  • 2a00:1450:4001:82b::200e
whitelisted
api.snapcraft.io
  • 185.125.188.55
  • 185.125.188.58
  • 185.125.188.59
  • 185.125.188.54
  • 2620:2d:4000:1010::344
  • 2620:2d:4000:1010::6d
  • 2620:2d:4000:1010::42
  • 2620:2d:4000:1010::117
whitelisted
rp.cloud.threatseeker.com
  • 75.2.100.102
  • 99.83.233.75
unknown
detectportal.firefox.com
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
example.org
  • 23.215.0.133
  • 96.7.128.192
  • 96.7.128.186
  • 23.215.0.132
  • 2600:1406:bc00:17::6007:8128
  • 2600:1408:ec00:36::1736:7f2e
  • 2600:1406:bc00:17::6007:810d
  • 2600:1408:ec00:36::1736:7f2f
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
contile.services.mozilla.com
  • 34.117.188.166
whitelisted
spocs.getpocket.com
  • 34.117.188.166
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
rp.cloud.threatseeker.com