Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
/home/james/.cache/dconf/user
|
very short file (no magic)
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/1219C48A0A068C2295F75CE8A52C12FE06F6C10B
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/34240C7DC72E83783C59D6BD827D189D629A4F48
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/6636573CF5AFDF8A7F35DFA2B3C8E197EF2C586A
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/88501EF5595DDA9CF633105C8280693B0F4E93C5
|
Zip archive data, at least v2.0 to extract, compression method=deflate
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591
|
JSON data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/scriptCache-child-new.bin
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/scriptCache-new.bin
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/urlCache-new.bin
|
data
|
dropped
|
||
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp
|
data
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 1426 bytes
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/cert9.db
|
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie
0x5, schema 4, UTF-8, version-valid-for 4
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal
|
data
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/key4.db
|
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie
0x6, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal
|
data
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite
|
SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database
pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal
|
data
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js
|
ASCII text, with very long lines (663)
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 26938 bytes
|
dropped
|
||
/proc/4879/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4879/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4879/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4924/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4924/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4924/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4964/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4964/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/4964/uid_map
|
ASCII text, with no line terminators
|
dropped
|
There are 61 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/bin/exo-open
|
exo-open https://correros.top/es
|
||
/usr/bin/exo-open
|
-
|
||
/usr/bin/exo-open
|
-
|
||
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
|
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser https://correros.top/es
|
||
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
|
-
|
||
/usr/bin/sensible-browser
|
/bin/sh /usr/bin/sensible-browser https://correros.top/es
|
||
/usr/bin/x-www-browser
|
/bin/sh /usr/bin/x-www-browser https://correros.top/es
|
||
/usr/bin/x-www-browser
|
-
|
||
/usr/bin/which
|
/bin/sh /usr/bin/which /usr/bin/x-www-browser
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox https://correros.top/es
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/bin/lsb_release
|
/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/bin/dbus-launch
|
dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011
-greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4754 true tab
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011
-greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4754 true tab
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
-
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011
-greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4754 true tab
|
There are 15 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://correros.top/es
|
|||
http://%(server)s/dummy/blocklist/)signon.autofillForms-signon.rememberSignons9startup.homepage_welc
|
unknown
|
||
http://www.debian.org/gro.naibed.www.
|
unknown
|
||
https://yandex.com
|
unknown
|
||
http://www.ubuntu.com
|
unknown
|
||
https://correros.top/espot.sorerroc.
|
unknown
|
||
https://discovery.addons-dev.allizom.org
|
unknown
|
||
https://www.google.com/policies/privacy/3https://www.widevine.com/
|
unknown
|
||
http://mozilla.org/MPL/2.0/.
|
unknown
|
||
http://www.ubuntu.com/moc.utnubu.www.
|
unknown
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
|
unknown
|
||
https://ebay.com
|
unknown
|
||
http://a9.com/-/spec/opensearch/1.0/I
|
unknown
|
||
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
|
unknown
|
||
http://a9.com/-/spec/opensearchdescription/1.0/
|
unknown
|
||
https://developer.mozilla.org/docs/JavaScript_OS.File
|
unknown
|
||
https://github.com/
|
unknown
|
||
https://twitter.com
|
unknown
|
||
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/
|
unknown
|
||
https://correros.top
|
unknown
|
||
http://json-schema.org/draft-04/schema#
|
unknown
|
||
http://a9.com/-/spec/opensearch/1.0/Ihttp://a9.com/-/spec/opensearch/1.1/_http://a9.com/-/spec/opens
|
unknown
|
||
https://correros.top/predictor::seen1
|
unknown
|
||
https://discovery.addons.allizom.orgQ
|
unknown
|
||
http://www.debian.org
|
unknown
|
||
http://a9.com/-/spec/opensearchdescription/1.1/_
|
unknown
|
||
https://correros.top/es
|
104.21.53.159
|
||
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
|
unknown
|
||
http://%(server)s/dummy/healthreport/cdatareporting.healthreport.logging.consoleEnabledUdatareportin
|
unknown
|
||
https://www.widevine.com/
|
unknown
|
||
https://hg.mozilla.org/releases/mozilla-release/rev/37ecfd08ffee9924609121aaec3f101598f8a84e
|
unknown
|
||
https://www.google.com/policies/privacy/3
|
unknown
|
||
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
|
unknown
|
||
https://correros.top/favicon.ico
|
104.21.53.159
|
||
http://a9.com/-/spec/opensearch/1.1/_
|
unknown
|
||
http://wiki.ubuntu.com/moc.utnubu.ikiw.
|
unknown
|
||
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
|
unknown
|
||
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_
|
unknown
|
||
https://pki.goog/repository/0
|
unknown
|
||
https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
|
unknown
|
||
https://answers.launchpad.net/ubuntu/
|
unknown
|
||
https://duckduckgo.com
|
unknown
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1243643
|
unknown
|
||
https://answers.launchpad.net
|
unknown
|
||
http://www.openh264.org/
|
unknown
|
||
https://amazon.com
|
unknown
|
||
http://wiki.ubuntu.com
|
unknown
|
||
https://correros.top/
|
unknown
|
||
https://support.mozilla.org/kb/flash-protected-mode-autodisabled
|
unknown
|
||
https://discovery.addons.mozilla.org
|
unknown
|
||
https://support.mozilla.org
|
unknown
|
||
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org
|
unknown
|
||
http://crl.pki.goog/gsr2/gsr2.crl0?
|
unknown
|
||
https://google.com
|
unknown
|
||
https://baidu.com
|
unknown
|
There are 44 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
correros.top
|
104.21.53.159
|
||
d228z91au11ukj.cloudfront.net
|
3.163.115.80
|
||
push.services.mozilla.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
3.163.115.80
|
d228z91au11ukj.cloudfront.net
|
United States
|
||
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
104.21.53.159
|
correros.top
|
United States
|