IOC Report
https://correros.top/es

loading gif

Files

File Path
Type
Category
Malicious
/home/james/.cache/dconf/user
very short file (no magic)
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/1219C48A0A068C2295F75CE8A52C12FE06F6C10B
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/34240C7DC72E83783C59D6BD827D189D629A4F48
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/6636573CF5AFDF8A7F35DFA2B3C8E197EF2C586A
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/88501EF5595DDA9CF633105C8280693B0F4E93C5
Zip archive data, at least v2.0 to extract, compression method=deflate
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591
JSON data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/scriptCache-child-new.bin
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/scriptCache-new.bin
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/urlCache-new.bin
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp
Mozilla lz4 compressed data, originally 1426 bytes
dropped
/home/james/.mozilla/firefox/5zxot757.default/cert9.db
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4
dropped
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/key4.db
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite
SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
dropped
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js
ASCII text, with very long lines (663)
dropped
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp
JSON data
dropped
/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp
Mozilla lz4 compressed data, originally 26938 bytes
dropped
/proc/4879/gid_map
ASCII text, with no line terminators
dropped
/proc/4879/setgroups
ASCII text, with no line terminators
dropped
/proc/4879/uid_map
ASCII text, with no line terminators
dropped
/proc/4924/gid_map
ASCII text, with no line terminators
dropped
/proc/4924/setgroups
ASCII text, with no line terminators
dropped
/proc/4924/uid_map
ASCII text, with no line terminators
dropped
/proc/4964/gid_map
ASCII text, with no line terminators
dropped
/proc/4964/setgroups
ASCII text, with no line terminators
dropped
/proc/4964/uid_map
ASCII text, with no line terminators
dropped
There are 61 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/bin/exo-open
exo-open https://correros.top/es
/usr/bin/exo-open
-
/usr/bin/exo-open
-
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser https://correros.top/es
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
-
/usr/bin/sensible-browser
/bin/sh /usr/bin/sensible-browser https://correros.top/es
/usr/bin/x-www-browser
/bin/sh /usr/bin/x-www-browser https://correros.top/es
/usr/bin/x-www-browser
-
/usr/bin/which
/bin/sh /usr/bin/which /usr/bin/x-www-browser
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox https://correros.top/es
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/bin/lsb_release
/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
/usr/lib/firefox/firefox
-
/usr/bin/dbus-launch
dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4754 true tab
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4754 true tab
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4754 true tab
There are 15 hidden processes, click here to show them.

URLs

Name
IP
Malicious
https://correros.top/es
http://%(server)s/dummy/blocklist/)signon.autofillForms-signon.rememberSignons9startup.homepage_welc
unknown
http://www.debian.org/gro.naibed.www.
unknown
https://yandex.com
unknown
http://www.ubuntu.com
unknown
https://correros.top/espot.sorerroc.
unknown
https://discovery.addons-dev.allizom.org
unknown
https://www.google.com/policies/privacy/3https://www.widevine.com/
unknown
http://mozilla.org/MPL/2.0/.
unknown
http://www.ubuntu.com/moc.utnubu.www.
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
unknown
https://ebay.com
unknown
http://a9.com/-/spec/opensearch/1.0/I
unknown
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
unknown
http://a9.com/-/spec/opensearchdescription/1.0/
unknown
https://developer.mozilla.org/docs/JavaScript_OS.File
unknown
https://github.com/
unknown
https://twitter.com
unknown
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/
unknown
https://correros.top
unknown
http://json-schema.org/draft-04/schema#
unknown
http://a9.com/-/spec/opensearch/1.0/Ihttp://a9.com/-/spec/opensearch/1.1/_http://a9.com/-/spec/opens
unknown
https://correros.top/predictor::seen1
unknown
https://discovery.addons.allizom.orgQ
unknown
http://www.debian.org
unknown
http://a9.com/-/spec/opensearchdescription/1.1/_
unknown
https://correros.top/es
104.21.53.159
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
unknown
http://%(server)s/dummy/healthreport/cdatareporting.healthreport.logging.consoleEnabledUdatareportin
unknown
https://www.widevine.com/
unknown
https://hg.mozilla.org/releases/mozilla-release/rev/37ecfd08ffee9924609121aaec3f101598f8a84e
unknown
https://www.google.com/policies/privacy/3
unknown
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
unknown
https://correros.top/favicon.ico
104.21.53.159
http://a9.com/-/spec/opensearch/1.1/_
unknown
http://wiki.ubuntu.com/moc.utnubu.ikiw.
unknown
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
unknown
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_
unknown
https://pki.goog/repository/0
unknown
https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
unknown
https://answers.launchpad.net/ubuntu/
unknown
https://duckduckgo.com
unknown
https://bugzilla.mozilla.org/show_bug.cgi?id=1243643
unknown
https://answers.launchpad.net
unknown
http://www.openh264.org/
unknown
https://amazon.com
unknown
http://wiki.ubuntu.com
unknown
https://correros.top/
unknown
https://support.mozilla.org/kb/flash-protected-mode-autodisabled
unknown
https://discovery.addons.mozilla.org
unknown
https://support.mozilla.org
unknown
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org
unknown
http://crl.pki.goog/gsr2/gsr2.crl0?
unknown
https://google.com
unknown
https://baidu.com
unknown
There are 44 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
correros.top
104.21.53.159
d228z91au11ukj.cloudfront.net
3.163.115.80
push.services.mozilla.com
unknown

IPs

IP
Domain
Country
Malicious
3.163.115.80
d228z91au11ukj.cloudfront.net
United States
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.net
United States
104.21.53.159
correros.top
United States