IOC Report
https://bagger-laase.dk/mekanisk-sikring/tyverimaerkning

loading gif

Files

File Path
Type
Category
Malicious
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_71167f61-3b69-4c05-aba5-e9629aba10a6.json (copy)
JSON data
dropped
C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_71167f61-3b69-4c05-aba5-e9629aba10a6.json.tmp
JSON data
dropped
C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
dropped
C:\Users\user\AppData\Local\Temp\tmpaddon
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 12:58:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 12:58:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 12:58:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 12:58:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 12:58:56 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\ExperimentStoreData.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4 (copy)
Mozilla lz4 compressed data, originally 23432 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addonStartup.json.lz4.tmp
Mozilla lz4 compressed data, originally 23432 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\addons.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\content-prefs.sqlite
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4 (copy)
Mozilla lz4 compressed data, originally 56 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\crashes\store.json.mozlz4.tmp
Mozilla lz4 compressed data, originally 56 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\extensions.json.tmp
JSON data
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\favicons.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\formhistory.sqlite
SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 8, cookie 0x7, schema 4, UTF-8, version-valid-for 2
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp
PE32+ executable (DLL) (GUI) x86-64, for MS Windows
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)
ASCII text
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp
ASCII text
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\permissions.sqlite
SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-shm
data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\places.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs-1.js
ASCII text, with very long lines (1717), with CRLF line terminators
modified
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\prefs.js (copy)
ASCII text, with very long lines (1717), with CRLF line terminators
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\protections.sqlite
SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionCheckpoints.json.tmp
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.baklz4 (copy)
Mozilla lz4 compressed data, originally 5825 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4 (copy)
Mozilla lz4 compressed data, originally 5825 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\sessionstore-backups\recovery.jsonlz4.tmp
Mozilla lz4 compressed data, originally 6279 bytes
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\storage.sqlite
SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json (copy)
JSON data
dropped
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\sp4c0p22.default-release\targeting.snapshot.json.tmp
JSON data
dropped
There are 32 hidden files, click here to show them.

URLs

Name
IP
Malicious
https://bagger-laase.dk/mekanisk-sikring/tyverimaerkning
https://bagger-laase.dk/mekanisk-sikring/tyverimaerkning
about:blank
https://www.youtube.com/embed/78mF4s3qkZ4?rel=0&showinfo=0
http://detectportal.firefox.com/canonical.html
34.107.221.82
http://detectportal.firefox.com/success.txt?ipv4
34.107.221.82
https://www.youtube.com/embed/KAGUIysMS9Q?rel=0&showinfo=0
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html

Domains

Name
IP
Malicious
example.org
93.184.215.14
prod.detectportal.prod.cloudops.mozgcp.net
34.107.221.82
services.addons.mozilla.org
18.173.166.111
i.ytimg.com
142.250.217.182
d2afiqwypp03na.cloudfront.net
13.32.87.71
bagger-laase.dk
77.235.50.241
contile.services.mozilla.com
34.117.188.166
prod.content-signature-chains.prod.webservices.mozgcp.net
34.160.144.191
us-west1.prod.sumo.prod.webservices.mozgcp.net
34.149.128.2
ipv4only.arpa
192.0.0.171
photos-ugc.l.googleusercontent.com
142.250.217.193
prod.ads.prod.webservices.mozgcp.net
34.117.188.166
www.google.com
142.250.217.228
normandy-cdn.services.mozilla.com
35.201.103.21
fathom-cdn.b-cdn.net
195.181.163.195
star-mini.c10r.facebook.com
157.240.14.35
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
twitter.com
104.244.42.129
dyna.wikimedia.org
208.80.154.224
prod.remote-settings.prod.webservices.mozgcp.net
34.149.100.209
static.doubleclick.net
192.178.50.38
youtube-ui.l.google.com
172.217.2.206
googleads.g.doubleclick.net
142.250.217.226
reddit.map.fastly.net
151.101.193.140
o2.mouseflow.com
185.17.186.161
analytics.freespee.com
18.157.139.40
telemetry-incoming.r53-2.services.mozilla.com
34.120.208.123
yt3.ggpht.com
unknown
www.reddit.com
unknown
spocs.getpocket.com
unknown
imgsct.cookiebot.com
unknown
content-signature-2.cdn.mozilla.net
unknown
support.mozilla.org
unknown
ratinglogo.bisnode.com
unknown
firefox.settings.services.mozilla.com
unknown
push.services.mozilla.com
unknown
www.youtube.com
unknown
cdn.usefathom.com
unknown
consentcdn.cookiebot.com
unknown
www.facebook.com
unknown
cdn.mouseflow.com
unknown
consent.cookiebot.com
unknown
www.linkedin.com
unknown
detectportal.firefox.com
unknown
px.ads.linkedin.com
unknown
normandy.cdn.mozilla.net
unknown
snap.licdn.com
unknown
shavar.services.mozilla.com
unknown
www.wikipedia.org
unknown
There are 39 hidden domains, click here to show them.

IPs

IP
Domain
Country
Malicious
185.17.186.161
o2.mouseflow.com
Netherlands
44.233.67.78
unknown
United States
185.17.186.162
unknown
Netherlands
195.181.163.195
fathom-cdn.b-cdn.net
United Kingdom
142.250.64.238
unknown
United States
142.250.64.232
unknown
United States
74.125.196.84
unknown
United States
172.217.15.202
unknown
United States
13.32.87.71
d2afiqwypp03na.cloudfront.net
United States
142.250.217.163
unknown
United States
142.250.217.246
unknown
United States
142.250.217.202
unknown
United States
18.173.166.111
services.addons.mozilla.org
United States
172.217.2.206
youtube-ui.l.google.com
United States
34.120.208.123
telemetry-incoming.r53-2.services.mozilla.com
United States
142.250.189.131
unknown
United States
23.43.235.121
unknown
United States
1.1.1.1
unknown
Australia
142.250.217.228
www.google.com
United States
142.250.189.138
unknown
United States
142.250.217.226
googleads.g.doubleclick.net
United States
13.107.42.14
unknown
United States
239.255.255.250
unknown
Reserved
142.250.217.234
unknown
United States
34.160.144.191
prod.content-signature-chains.prod.webservices.mozgcp.net
United States
142.250.217.194
unknown
United States
142.250.217.193
photos-ugc.l.googleusercontent.com
United States
127.0.0.1
unknown
unknown
104.18.26.50
unknown
United States
192.178.50.78
unknown
United States
172.217.2.196
unknown
United States
23.55.219.113
unknown
United States
192.168.2.16
unknown
unknown
192.178.50.38
static.doubleclick.net
United States
77.235.50.241
bagger-laase.dk
Netherlands
156.146.43.65
unknown
United States
34.117.188.166
contile.services.mozilla.com
United States
172.217.165.194
unknown
United States
104.124.1.65
unknown
United States
35.201.103.21
normandy-cdn.services.mozilla.com
United States
172.217.3.67
unknown
United States
18.157.139.40
analytics.freespee.com
United States
142.250.217.182
i.ytimg.com
United States
34.149.100.209
prod.remote-settings.prod.webservices.mozgcp.net
United States
34.107.243.93
unknown
United States
34.107.221.82
prod.detectportal.prod.cloudops.mozgcp.net
United States
142.250.64.195
unknown
United States
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.net
United States
13.32.87.82
unknown
United States
52.24.210.222
unknown
United States
184.28.75.169
unknown
United States
23.56.5.67
unknown
United States
There are 42 hidden IPs, click here to show them.