analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://h.parrable.com/prebid?data=eyJ0cmFja2VycyI6WyJmYTgwYTc5My03NjJjLTQyYTgtOTkzOC1jYWU1ZjRhMmFlNjgiXSwidXJsIjoiaHR0cHM6Ly9maW52aXouY29tLyIsInByZWJpZFZlcnNpb24iOiI2LjE4LjAiLCJpc0lmcmFtZSI6ZmFsc2UsImZpbHRlckhpdHMiOjE2fQ..&gdpr=0&_rand=0.7751393602174699

Full analysis: https://app.any.run/tasks/ccb16d1e-a631-4102-84ee-d8d90865eb0d
Verdict: Malicious activity
Analysis date: October 04, 2022, 21:22:40
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

0D75586607CABBF6268584EDB3A1B776

SHA1:

73DB08542BE75D817174085FD4656739244EBFF7

SHA256:

76B171AF5FB69787AE26F07A32AFA574A6EBB9CE08E8604B58203C284CFE8D76

SSDEEP:

6:2CoSHKPWwAG/PXVYs4RAT4GGTTwVk0HLG711t:2YURAkPgRAMGGTgk0ru

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • firefox.exe (PID: 1536)
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 3888)
    • Uses RUNDLL32.EXE to load library

      • iexplore.exe (PID: 700)
    • Reads the date of Windows installation

      • rundll32.exe (PID: 672)
    • Drops a file with a compile date too recent

      • firefox.exe (PID: 1536)
    • Executable content was dropped or overwritten

      • firefox.exe (PID: 1536)
  • INFO

    • Reads the computer name

      • iexplore.exe (PID: 700)
      • iexplore.exe (PID: 3888)
      • rundll32.exe (PID: 672)
      • firefox.exe (PID: 2516)
      • firefox.exe (PID: 3548)
      • firefox.exe (PID: 2956)
      • firefox.exe (PID: 1288)
      • firefox.exe (PID: 3412)
      • firefox.exe (PID: 1860)
      • firefox.exe (PID: 1536)
      • firefox.exe (PID: 3400)
      • firefox.exe (PID: 3116)
      • firefox.exe (PID: 2520)
      • firefox.exe (PID: 3348)
      • firefox.exe (PID: 3472)
      • firefox.exe (PID: 1368)
      • firefox.exe (PID: 3140)
    • Checks supported languages

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 700)
      • rundll32.exe (PID: 672)
      • firefox.exe (PID: 3396)
      • firefox.exe (PID: 2956)
      • firefox.exe (PID: 2516)
      • firefox.exe (PID: 1288)
      • firefox.exe (PID: 1860)
      • firefox.exe (PID: 3412)
      • firefox.exe (PID: 3548)
      • firefox.exe (PID: 2812)
      • firefox.exe (PID: 1536)
      • firefox.exe (PID: 3400)
      • firefox.exe (PID: 2520)
      • firefox.exe (PID: 1368)
      • firefox.exe (PID: 3472)
      • firefox.exe (PID: 3140)
      • firefox.exe (PID: 3348)
      • firefox.exe (PID: 3116)
    • Application launched itself

      • iexplore.exe (PID: 700)
      • firefox.exe (PID: 3396)
      • firefox.exe (PID: 2516)
      • firefox.exe (PID: 2812)
      • firefox.exe (PID: 1536)
    • Changes internet zones settings

      • iexplore.exe (PID: 700)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 3888)
      • iexplore.exe (PID: 700)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 700)
      • iexplore.exe (PID: 3888)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 700)
      • firefox.exe (PID: 2516)
    • Reads internet explorer settings

      • iexplore.exe (PID: 3888)
    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 700)
    • Creates files in the user directory

      • iexplore.exe (PID: 3888)
      • firefox.exe (PID: 2516)
      • firefox.exe (PID: 1536)
    • Reads CPU info

      • firefox.exe (PID: 2516)
      • firefox.exe (PID: 1536)
    • Changes default file association

      • rundll32.exe (PID: 672)
    • Creates files in the program directory

      • firefox.exe (PID: 2516)
      • firefox.exe (PID: 1536)
    • Dropped object may contain Bitcoin addresses

      • firefox.exe (PID: 1536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
55
Monitored processes
20
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe rundll32.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
700"C:\Program Files\Internet Explorer\iexplore.exe" "https://h.parrable.com/prebid?data=eyJ0cmFja2VycyI6WyJmYTgwYTc5My03NjJjLTQyYTgtOTkzOC1jYWU1ZjRhMmFlNjgiXSwidXJsIjoiaHR0cHM6Ly9maW52aXouY29tLyIsInByZWJpZFZlcnNpb24iOiI2LjE4LjAiLCJpc0lmcmFtZSI6ZmFsc2UsImZpbHRlckhpdHMiOjE2fQ..&gdpr=0&_rand=0.7751393602174699"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\sechost.dll
3888"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:700 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
c:\windows\system32\iertutil.dll
672"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\prebid.jsonC:\Windows\system32\rundll32.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
3396"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\prebid.json"C:\Program Files\Mozilla Firefox\firefox.exerundll32.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
2516"C:\Program Files\Mozilla Firefox\firefox.exe" -url "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\prebid.json"C:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\sechost.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\wintrust.dll
2956"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.0.1155416681\379102301" -parentBuildID 20201112153044 -prefsHandle 1136 -prefMapHandle 1128 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 1224 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
83.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
3548"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.6.45421094\763347814" -childID 1 -isForBrowser -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 181 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 2348 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
1288"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.13.176402449\1991925213" -childID 2 -isForBrowser -prefsHandle 3144 -prefMapHandle 3140 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 3156 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\crypt32.dll
3412"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.20.1762477066\1423830993" -childID 3 -isForBrowser -prefsHandle 3524 -prefMapHandle 3188 -prefsLen 7307 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 1768 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\crypt32.dll
1860"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2516.27.460745880\161388873" -childID 4 -isForBrowser -prefsHandle 3784 -prefMapHandle 3756 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 2516 "\\.\pipe\gecko-crash-server-pipe.2516" 3796 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
Total events
28 108
Read events
27 871
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
277
Text files
158
Unknown types
112

Dropped files

PID
Process
Filename
Type
700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442binary
MD5:972759598F69E3F58E717FBA2949E57F
SHA256:6FD29786D410450C778FAA4874F29FB003879638A33F2864034306FB413E04B0
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\54C62B182F5BF07FA8427C07B0A3AAF8_786EA6C36BF7ABFF201B638497282D19der
MD5:49154D0AFEC9796668590E3167DA0C93
SHA256:3FFC847B3068BB9184A13E9B1FE8E2E7CAD3161942CBC69F019046FA1E59E631
700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442der
MD5:B8BDA0B382A7D056A4241B388338B778
SHA256:7BAA967F6686CCE471826B20FFA5CB7FEB4BF3C5C0BF43F51F08E84EB5850DD2
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94D451DDCFFF94F1A6B8406468FA3558_E4A7C6A10F816F002B00DE3B58B7E44Eder
MD5:8A7A476E52F27D86C2076A7A9F438475
SHA256:7988C84589EF0182B7DB0D9742B38B0BB988F5794C2C453DFB96147016919798
700iexplore.exeC:\Users\admin\AppData\Local\Temp\~DFA5FD5655EBF29B36.TMPgmc
MD5:AE26585048C02AFB4CCE03C2A604D748
SHA256:45772D1C6AEB26BEB6D44A5EAE55674B7F72669569CC4FAC931AC6B0FCF20C83
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CE7B026C819922EDB9B7ED78605E20A3_9C4E6918B80696105F6DD4FA5A223E81der
MD5:5265227AECABA9E474A971B24051586A
SHA256:F91251CD2F737A58D716B740BE71E59035DBCD8D6D17EAD6CCC2F30D71FA8011
700iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:850DF7A41F3E19E8E5C25A90461335A9
SHA256:EEA556AC081E5AB92E54C306D4EA61245BC5AB101E04A65FAA063D2D96206124
3888iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\CZ7MUZD3.txttext
MD5:3C06FEBB9BD3A14BCB4749AD1BFD6FCD
SHA256:6B7CF9D7AD3FC7EF07A4C5957874C34EE577588B41B6F96E2A25CD51E5600F9B
3888iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CE7B026C819922EDB9B7ED78605E20A3_9C4E6918B80696105F6DD4FA5A223E81binary
MD5:0ACDAB6B5FBFF686C75051802C8A4276
SHA256:8A91D3E0C179B6A353DB12B980D400F47665962FE8B830715FB5C9192F8BFF39
2516firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
77
DNS requests
128
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2516
firefox.exe
POST
200
142.250.184.195:80
http://ocsp.pki.goog/gts1c3
US
der
471 b
whitelisted
3888
iexplore.exe
GET
200
52.6.97.148:80
http://ocsps.ssl.com/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBQMDtATfnJO6JAXDQoHl8pAaJdhTQQU3QQJB6L1en1SUxKSle44gCUNplkCCAmX7RCdHwf8
US
der
719 b
whitelisted
700
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D
US
der
1.47 Kb
whitelisted
2516
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3888
iexplore.exe
GET
200
23.36.162.85:80
http://sslcom.ocsp-certum.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTYOkzrrCGQj08njZXbUQQpkoUmuQQUCHbNywf%2FJPbFze27kLzihDdGdfcCEQDkJwSV9oyR1tDse0lOpN8c
NL
der
1.54 Kb
whitelisted
700
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
der
471 b
whitelisted
3888
iexplore.exe
GET
200
52.6.97.148:80
http://ocsps.ssl.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTUkpS%2BK0oZhSMx%2FmmCZ76UqdjUxQQUJhR%2B4NzXpvfi1AQn32HxwuznMsoCEAiPe3Ipmm87iqlBZ9l1zqE%3D
US
der
1.84 Kb
whitelisted
1536
firefox.exe
POST
13.225.84.107:80
http://ocsp.sca1b.amazontrust.com/
US
whitelisted
2516
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
2516
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
700
iexplore.exe
93.184.220.29:80
ocsp.digicert.com
EDGECAST
GB
whitelisted
700
iexplore.exe
204.79.197.200:443
www.bing.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3888
iexplore.exe
35.196.86.86:443
h.parrable.com
GOOGLE-CLOUD-PLATFORM
US
suspicious
700
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
EDGECAST
US
whitelisted
3888
iexplore.exe
23.36.162.85:80
sslcom.ocsp-certum.com
Akamai International B.V.
DE
suspicious
3888
iexplore.exe
52.6.97.148:80
ocsps.ssl.com
AMAZON-AES
US
suspicious
2516
firefox.exe
34.107.221.82:80
detectportal.firefox.com
GOOGLE
US
whitelisted
35.196.86.86:443
h.parrable.com
GOOGLE-CLOUD-PLATFORM
US
suspicious
2516
firefox.exe
52.222.214.116:443
firefox.settings.services.mozilla.com
AMAZON-02
US
suspicious
700
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
h.parrable.com
  • 35.196.86.86
suspicious
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
sslcom.ocsp-certum.com
  • 23.36.162.85
  • 23.36.162.83
whitelisted
ocsps.ssl.com
  • 52.6.97.148
  • 34.237.184.165
  • 100.24.223.135
whitelisted
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
firefox.settings.services.mozilla.com
  • 52.222.214.116
  • 52.222.214.84
  • 52.222.214.96
  • 52.222.214.105
  • 13.224.189.76
  • 13.224.189.71
  • 13.224.189.54
  • 13.224.189.85
whitelisted

Threats

PID
Process
Class
Message
2516
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
1536
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
1536
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
Potentially Bad Traffic
ET INFO Observed DNS Query to .cloud TLD
No debug info