analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
URL:

https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Jigsaw/Ransomware.Jigsaw.zip?raw=true

Full analysis: https://app.any.run/tasks/715ec816-5a90-4ac1-bac0-ee54280caac8
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Analysis date: January 14, 2022, 20:56:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
jigsaw
ransomware
bad
Indicators:
MD5:

D4B7AF871CC7EF844BCDBDC4D1A0163F

SHA1:

17CF4CC6A015795E2C036A4BBA327D4A9E7592E4

SHA256:

D823EBF3AFA34FBAFF9DB8AE5AFE2CB9280B1394A851EC4B280663A9FEE16F57

SSDEEP:

3:N8tEdsxHuJKqIEHDhzzu+R/DEj:2u6tuJKz+ByK/Yj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Jigsaw Ransomware.exe (PID: 3404)
      • drpbx.exe (PID: 756)
    • Changes the autorun value in the registry

      • Jigsaw Ransomware.exe (PID: 3404)
    • Drops executable file immediately after starts

      • Jigsaw Ransomware.exe (PID: 3404)
    • Actions looks like stealing of personal data

      • drpbx.exe (PID: 756)
    • Modifies files in Chrome extension folder

      • drpbx.exe (PID: 756)
    • Steals credentials from Web Browsers

      • drpbx.exe (PID: 756)
  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 2292)
      • Jigsaw Ransomware.exe (PID: 3404)
      • drpbx.exe (PID: 756)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2292)
      • Jigsaw Ransomware.exe (PID: 3404)
    • Reads the computer name

      • WinRAR.exe (PID: 2292)
      • Jigsaw Ransomware.exe (PID: 3404)
      • drpbx.exe (PID: 756)
    • Starts itself from another location

      • Jigsaw Ransomware.exe (PID: 3404)
    • Creates files in the user directory

      • Jigsaw Ransomware.exe (PID: 3404)
      • drpbx.exe (PID: 756)
    • Drops a file with a compile date too recent

      • drpbx.exe (PID: 756)
    • Creates files in the program directory

      • drpbx.exe (PID: 756)
    • Reads Environment values

      • drpbx.exe (PID: 756)
  • INFO

    • Reads the computer name

      • firefox.exe (PID: 3812)
      • firefox.exe (PID: 3388)
      • firefox.exe (PID: 2744)
      • firefox.exe (PID: 1792)
      • firefox.exe (PID: 1768)
      • firefox.exe (PID: 2300)
    • Checks supported languages

      • firefox.exe (PID: 3812)
      • firefox.exe (PID: 3464)
      • firefox.exe (PID: 2744)
      • firefox.exe (PID: 3388)
      • firefox.exe (PID: 1792)
      • firefox.exe (PID: 1768)
      • firefox.exe (PID: 2300)
    • Reads CPU info

      • firefox.exe (PID: 3812)
    • Application launched itself

      • firefox.exe (PID: 3464)
      • firefox.exe (PID: 3812)
    • Creates files in the user directory

      • firefox.exe (PID: 3812)
    • Creates files in the program directory

      • firefox.exe (PID: 3812)
    • Checks Windows Trust Settings

      • firefox.exe (PID: 3812)
    • Reads the date of Windows installation

      • firefox.exe (PID: 3812)
    • Manual execution by user

      • WinRAR.exe (PID: 2292)
      • Jigsaw Ransomware.exe (PID: 3404)
    • Dropped object may contain Bitcoin addresses

      • drpbx.exe (PID: 756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
10
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start firefox.exe no specs firefox.exe firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs firefox.exe no specs winrar.exe jigsaw ransomware.exe drpbx.exe

Process information

PID
CMD
Path
Indicators
Parent process
3464"C:\Program Files\Mozilla Firefox\firefox.exe" "https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Jigsaw/Ransomware.Jigsaw.zip?raw=true"C:\Program Files\Mozilla Firefox\firefox.exeExplorer.EXE
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
3812"C:\Program Files\Mozilla Firefox\firefox.exe" https://github.com/ytisf/theZoo/blob/master/malware/Binaries/Ransomware.Jigsaw/Ransomware.Jigsaw.zip?raw=trueC:\Program Files\Mozilla Firefox\firefox.exe
firefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
2744"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.0.1603837660\694914555" -parentBuildID 20201112153044 -prefsHandle 1136 -prefMapHandle 828 -prefsLen 1 -prefMapSize 238726 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 1224 gpuC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
1
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msasn1.dll
3388"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.6.1406186389\2018630751" -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3120 -prefsLen 245 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 3136 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
1768"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.13.793667954\349675716" -childID 2 -isForBrowser -prefsHandle 1992 -prefMapHandle 2012 -prefsLen 6644 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 1964 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msasn1.dll
1792"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.20.2080788669\1574985923" -childID 3 -isForBrowser -prefsHandle 3600 -prefMapHandle 2040 -prefsLen 7399 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 3612 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
2300"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3812.27.1427973711\1723732071" -childID 4 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 7470 -prefMapSize 238726 -parentBuildID 20201112153044 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3812 "\\.\pipe\gecko-crash-server-pipe.3812" 3844 tabC:\Program Files\Mozilla Firefox\firefox.exefirefox.exe
User:
admin
Company:
Mozilla Corporation
Integrity Level:
LOW
Description:
Firefox
Exit code:
0
Version:
83.0
Modules
Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\rpcrt4.dll
2292"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ransomware.Jigsaw.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\gdi32.dll
3404"C:\Users\admin\Desktop\Jigsaw Ransomware.exe" C:\Users\admin\Desktop\Jigsaw Ransomware.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
Firefox
Exit code:
0
Version:
37.0.2.5583
Modules
Images
c:\users\admin\desktop\jigsaw ransomware.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
756"C:\Users\admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\admin\Desktop\Jigsaw?Ransomware.exeC:\Users\admin\AppData\Local\Drpbx\drpbx.exe
Jigsaw Ransomware.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Firefox
Version:
37.0.2.5583
Modules
Images
c:\users\admin\appdata\local\drpbx\drpbx.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
70 357
Read events
70 274
Write events
83
Delete events
0

Modification events

(PID) Process:(3464) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Launcher
Value:
5A9458A070000000
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Browser
Value:
449B58A070000000
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Launcher
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe|Telemetry
Value:
0
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\DllPrefetchExperiment
Operation:writeName:C:\Program Files\Mozilla Firefox\firefox.exe
Value:
0
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableTelemetry
Value:
1
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|DisableDefaultBrowserAgent
Value:
0
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|ServicesSettingsServer
Value:
https://firefox.settings.services.mozilla.com/v1
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Mozilla\Firefox\Default Browser Agent
Operation:writeName:C:\Program Files\Mozilla Firefox|SecurityContentSignatureRootHash
Value:
97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(3812) firefox.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000003B010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A80164000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
3
Suspicious files
1 020
Text files
93
Unknown types
26

Dropped files

PID
Process
Filename
Type
3812firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\startupCache\scriptCache-current.bin
MD5:
SHA256:
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
MD5:
SHA256:
3812firefox.exeC:\Users\admin\AppData\Local\Temp\mz_etilqs_eZA1PMrFOiFCPl2binary
MD5:351821E41EC0086E5EE4B40B74B78C7C
SHA256:7D0661D8684356385C846B65461F3E45C1F187264BC7C9AF978218FCA02FC8B8
3812firefox.exeC:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\qldyz51w.default\settings\main\ms-language-packs\asrouter.ftl.tmptext
MD5:3625F1DDA6D119478AD89D13950C9ACA
SHA256:CB40F6A8D58901D612A86690A41D4E273F24936FC926E98F82C0918CBEF4FC64
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\sessionCheckpoints.json.tmpbinary
MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shmbinary
MD5:B7C14EC6110FA820CA6B65F5AEC85911
SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walbinary
MD5:8A78297C5EFC76A41BEE23975B4B1171
SHA256:B57D190C6EE4D308B259BD5CA19D15482FE34E2A0420A6F6A05340BBF9C69964
3812firefox.exeC:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\places.sqlite-walsqlite-wal
MD5:F43541099397521846F41165EE120C88
SHA256:474C48AD80746242D3B5CEB151A945DDE4CDFE5856ECDDA40E784188BB02452D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
26
DNS requests
71
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3812
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
278 b
whitelisted
3812
firefox.exe
POST
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3
US
der
471 b
whitelisted
3812
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3812
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3812
firefox.exe
POST
200
93.184.220.29:80
http://ocsp.digicert.com/
US
der
471 b
whitelisted
3812
firefox.exe
POST
200
142.250.185.131:80
http://ocsp.pki.goog/gts1c3
US
der
472 b
whitelisted
3812
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt
US
text
8 b
whitelisted
3812
firefox.exe
GET
200
34.107.221.82:80
http://detectportal.firefox.com/success.txt?ipv4
US
text
8 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3812
firefox.exe
34.107.221.82:80
detectportal.firefox.com
US
whitelisted
3812
firefox.exe
93.184.220.29:80
ocsp.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3812
firefox.exe
52.26.7.9:443
location.services.mozilla.com
Amazon.com, Inc.
US
unknown
3812
firefox.exe
142.250.184.234:443
safebrowsing.googleapis.com
Google Inc.
US
whitelisted
3812
firefox.exe
52.40.115.173:443
push.services.mozilla.com
Amazon.com, Inc.
US
suspicious
3812
firefox.exe
143.204.98.30:443
content-signature-2.cdn.mozilla.net
US
suspicious
3812
firefox.exe
185.199.108.133:443
raw.githubusercontent.com
GitHub, Inc.
NL
malicious
3812
firefox.exe
142.250.185.131:80
ocsp.pki.goog
Google Inc.
US
whitelisted
3812
firefox.exe
143.204.98.33:443
firefox.settings.services.mozilla.com
US
suspicious
3812
firefox.exe
140.82.121.3:443
github.com
US
suspicious

DNS requests

Domain
IP
Reputation
detectportal.firefox.com
  • 34.107.221.82
whitelisted
prod.detectportal.prod.cloudops.mozgcp.net
  • 34.107.221.82
  • 2600:1901:0:38d7::
whitelisted
github.com
  • 140.82.121.3
shared
firefox.settings.services.mozilla.com
  • 143.204.98.33
  • 143.204.98.76
  • 143.204.98.29
  • 143.204.98.23
whitelisted
example.org
  • 93.184.216.34
whitelisted
ipv4only.arpa
  • 192.0.0.170
  • 192.0.0.171
whitelisted
location.services.mozilla.com
  • 52.26.7.9
  • 35.163.137.0
  • 52.89.115.53
  • 52.11.104.45
  • 35.163.35.154
  • 52.42.77.140
whitelisted
locprod2-elb-us-west-2.prod.mozaws.net
  • 52.42.77.140
  • 35.163.35.154
  • 52.11.104.45
  • 52.89.115.53
  • 35.163.137.0
  • 52.26.7.9
whitelisted
ocsp.digicert.com
  • 93.184.220.29
whitelisted
cs9.wac.phicdn.net
  • 93.184.220.29
whitelisted

Threats

PID
Process
Class
Message
3812
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
3812
firefox.exe
Potentially Bad Traffic
ET INFO Terse Request for .txt - Likely Hostile
No debug info