analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://i_love_you.en.downloadastro.com

Full analysis: https://app.any.run/tasks/365e5a17-abd4-4eff-8777-aca9bfd90586
Verdict: Malicious activity
Analysis date: January 24, 2022, 22:54:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

0EC02FB4CA7C738340970641F4C47F7F

SHA1:

9BAE357CF77F13BAE57846A397421B580EB53056

SHA256:

825F9BF6745F9ED701291E59F3712AF2743BCE54A2F4D6621599412F9B335664

SSDEEP:

3:N8Z6fcL0xKZWKKn:2480xt1

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads Microsoft Outlook installation path

      • iexplore.exe (PID: 572)
  • INFO

    • Checks supported languages

      • iexplore.exe (PID: 572)
      • iexplore.exe (PID: 1536)
      • chrome.exe (PID: 3644)
      • chrome.exe (PID: 1400)
      • chrome.exe (PID: 3096)
      • chrome.exe (PID: 1988)
      • chrome.exe (PID: 2808)
      • chrome.exe (PID: 1368)
      • chrome.exe (PID: 1144)
      • firefox.exe (PID: 3808)
      • firefox.exe (PID: 4016)
      • chrome.exe (PID: 832)
      • firefox.exe (PID: 1608)
      • firefox.exe (PID: 1872)
      • firefox.exe (PID: 2112)
      • firefox.exe (PID: 3744)
      • chrome.exe (PID: 2292)
      • firefox.exe (PID: 1864)
      • chrome.exe (PID: 3184)
      • chrome.exe (PID: 600)
      • chrome.exe (PID: 3396)
      • chrome.exe (PID: 968)
      • chrome.exe (PID: 3948)
      • chrome.exe (PID: 3004)
      • chrome.exe (PID: 3496)
      • chrome.exe (PID: 2172)
      • chrome.exe (PID: 3340)
      • chrome.exe (PID: 2260)
      • chrome.exe (PID: 652)
      • chrome.exe (PID: 1408)
      • chrome.exe (PID: 3640)
      • chrome.exe (PID: 3792)
    • Reads the computer name

      • iexplore.exe (PID: 1536)
      • iexplore.exe (PID: 572)
      • chrome.exe (PID: 3644)
      • chrome.exe (PID: 3096)
      • chrome.exe (PID: 1988)
      • chrome.exe (PID: 832)
      • firefox.exe (PID: 3808)
      • firefox.exe (PID: 2112)
      • firefox.exe (PID: 1872)
      • firefox.exe (PID: 1608)
      • firefox.exe (PID: 1864)
      • firefox.exe (PID: 3744)
      • chrome.exe (PID: 2292)
      • chrome.exe (PID: 600)
      • chrome.exe (PID: 3396)
      • chrome.exe (PID: 3004)
      • chrome.exe (PID: 1408)
    • Changes internet zones settings

      • iexplore.exe (PID: 1536)
    • Application launched itself

      • iexplore.exe (PID: 1536)
      • chrome.exe (PID: 3644)
      • firefox.exe (PID: 4016)
      • firefox.exe (PID: 3808)
      • chrome.exe (PID: 2292)
    • Checks Windows Trust Settings

      • iexplore.exe (PID: 572)
      • iexplore.exe (PID: 1536)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 572)
      • iexplore.exe (PID: 1536)
      • chrome.exe (PID: 1988)
      • chrome.exe (PID: 3396)
    • Manual execution by user

      • chrome.exe (PID: 3644)
      • firefox.exe (PID: 4016)
      • chrome.exe (PID: 2292)
    • Reads the date of Windows installation

      • iexplore.exe (PID: 1536)
      • firefox.exe (PID: 3808)
    • Reads the hosts file

      • chrome.exe (PID: 3644)
      • chrome.exe (PID: 1988)
      • chrome.exe (PID: 2292)
      • chrome.exe (PID: 3396)
    • Reads CPU info

      • firefox.exe (PID: 3808)
    • Creates files in the program directory

      • firefox.exe (PID: 3808)
    • Creates files in the user directory

      • firefox.exe (PID: 3808)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
67
Monitored processes
32
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1536"C:\Program Files\Internet Explorer\iexplore.exe" "https://i_love_you.en.downloadastro.com"C:\Program Files\Internet Explorer\iexplore.exe
Explorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
572"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1536 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\gdi32.dll
3644"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exeExplorer.EXE
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\winmm.dll
c:\windows\system32\user32.dll
1400"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=86.0.4240.198 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd4,0x719bd988,0x719bd998,0x719bd9a4C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
3096"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,7166919400934522312,12330157875798278777,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1056 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\chrome.exe
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\version.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1988"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1040,7166919400934522312,12330157875798278777,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1328 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2808"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7166919400934522312,12330157875798278777,131072 --enable-features=PasswordImport --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1144"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7166919400934522312,12330157875798278777,131072 --enable-features=PasswordImport --lang=en-US --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1368"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1040,7166919400934522312,12330157875798278777,131072 --enable-features=PasswordImport --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
832"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1040,7166919400934522312,12330157875798278777,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1072 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
38 594
Read events
38 402
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
84
Text files
128
Unknown types
31

Dropped files

PID
Process
Filename
Type
3644chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61EF2E22-E3C.pma
MD5:
SHA256:
1536iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{42C873D0-1D90-11EB-BA2C-12A9866C77DE}.datbinary
MD5:3D3BE87135DDF7931961E10F9114021C
SHA256:A9849DE8DD56F215D878C47C0CB2C0D9C43CA5483F0DC08CECA920EF57E87F4A
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:A31175B657543A3A51DB41F6AD3D1312
SHA256:A5DE57BC1A6171DAA4F27807827383C6C63494A1506A59B16734967BB6616978
1536iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF1FB239C2422141B8.TMPgmc
MD5:F38105F6B05D456E85ABA9BECF8A2216
SHA256:231693A12C1CF05D666AFA18A70ED5059C87371EDA057DEE436B5CD8E6FBD636
1536iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{92AE653A-7D68-11EC-A20C-12A9866C77DE}.datbinary
MD5:A70D5B9538B2E28BCD2949D993215423
SHA256:51CE485A0FF203A3E55CFB3BF310FA489A95B8E69F2A549E6A36A77CC9837061
1536iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{8BE917A7-7D68-11EC-A20C-12A9866C77DE}.datbinary
MD5:FA07834FBFB294B702F83A9141734A9C
SHA256:2289FB8F51EE2F9E75508A0DE293CA7392DB8618ECDC490AE42B9353DD4306BB
1536iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF2311FF21868991A7.TMPgmc
MD5:877C29DA6F212A27ECC6A0D2878C7761
SHA256:ADE4867E430115B862C866637C7FB36C3FE424F752ACA43E4BBB7B61CE35A405
1536iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF83409DB8A986B96C.TMPgmc
MD5:1CC4F91F7FBC51049E7A2D7D019A4E98
SHA256:D3ED7202247829493F2379F9D93730ED744C14473FCF9ABDEA0BE76A608F7DA6
1536iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:F7DCB24540769805E5BB30D193944DCE
SHA256:6B88C6AC55BBD6FEA0EBE5A760D1AD2CFCE251C59D0151A1400701CB927E36EA
3644chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
25
TCP/UDP connections
87
DNS requests
66
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
1536
iexplore.exe
GET
200
23.32.238.178:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d85cd64283bf8617
US
compressed
4.70 Kb
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
3808
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1536
iexplore.exe
204.79.197.200:443
www.bing.com
Microsoft Corporation
US
whitelisted
1988
chrome.exe
142.250.186.77:443
accounts.google.com
Google Inc.
US
suspicious
1988
chrome.exe
142.250.186.174:443
clients2.google.com
Google Inc.
US
whitelisted
572
iexplore.exe
23.32.238.178:80
ctldl.windowsupdate.com
XO Communications
US
suspicious
1536
iexplore.exe
23.32.238.178:80
ctldl.windowsupdate.com
XO Communications
US
suspicious
572
iexplore.exe
108.163.213.235:443
i_love_you.en.downloadastro.com
SingleHop, Inc.
US
suspicious
1988
chrome.exe
142.250.186.68:443
www.google.com
Google Inc.
US
whitelisted
1988
chrome.exe
216.58.212.131:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3808
firefox.exe
34.107.221.82:80
detectportal.firefox.com
US
whitelisted
52.89.132.147:443
location.services.mozilla.com
Amazon.com, Inc.
US
unknown

DNS requests

Domain
IP
Reputation
i_love_you.en.downloadastro.com
  • 108.163.213.235
suspicious
ctldl.windowsupdate.com
  • 23.32.238.178
  • 23.32.238.201
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
clients2.google.com
  • 142.250.186.174
whitelisted
clientservices.googleapis.com
  • 216.58.212.131
whitelisted
www.google.com
  • 142.250.186.68
whitelisted
accounts.google.com
  • 142.250.186.77
shared
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted

Threats

PID
Process
Class
Message
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3808
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
4 ETPRO signatures available at the full report
No debug info