Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/730FA68718E69A9EC1DE4154BF49B2A37241C7B1
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
|
dropped
|
||
/tmp/khk19L2S.mips.part
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
|
dropped
|
||
/home/saturnino/.cache/dconf/user
|
very short file (no magic)
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/134714F2DF01B21FA934AB16898B0583114E19B0
|
data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/254256B27E0C48CF9B80B695F0B3B8CA84610495
|
JSON data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/5FFD69415953BE9CE9C07B2E9C26DA959ADEA6CB
|
data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/68B780A709FB903C666EF08F51EF5985A89FE446
|
data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/DED23BB33EA3C88FAD1C0A1CD53916E0D8C424D3
|
data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/cache2/entries/F8CBD54DDA10F4286A41EC6A537240712D6C2308
|
JSON data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/settings/main/ms-language-packs/asrouter.ftl.tmp
|
Unicode text, UTF-8 text
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-child-new.bin
|
data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/scriptCache-new.bin
|
data
|
dropped
|
||
/home/saturnino/.cache/mozilla/firefox/a3xevaya.default-release/startupCache/urlCache-new.bin
|
data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 17200 bytes
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/broadcast-listeners.json.tmp
|
JSON data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/cert9.db
|
SQLite 3.x database, last written using SQLite version 3036000, page size 32768, file counter 9, database pages 7, cookie
0x5, schema 4, UTF-8, version-valid-for 9
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/cert9.db-journal
|
data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/crashes/store.json.mozlz4.tmp
|
Mozilla lz4 compressed data, originally 56 bytes
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/aborted-session-ping.tmp
|
JSON data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/db/data.safe.bin
|
data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/glean/tmp/7c4c3d68-b8c8-44e6-a714-345a0583faf2
|
ASCII text, with very long lines (447)
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/session-state.json.tmp
|
JSON data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/datareporting/state.json.tmp
|
JSON data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/extensions.json.tmp
|
JSON data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/key4.db
|
SQLite 3.x database, last written using SQLite version 3036000, page size 32768, file counter 3, database pages 9, cookie
0x6, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/key4.db-journal
|
data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/prefs-1.js
|
ASCII text, with very long lines (1127)
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/search.json.mozlz4
|
Mozilla lz4 compressed data, originally 467 bytes
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/sessionstore-backups/recovery.jsonlz4.tmp
|
Mozilla lz4 compressed data, originally 3230 bytes
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite
|
data
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/storage/permanent/chrome/idb/3870112724rsegmnoittet-es.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
/home/saturnino/.mozilla/firefox/a3xevaya.default-release/xulstore.json.tmp
|
JSON data
|
dropped
|
||
/proc/6304/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6304/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6304/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6340/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6340/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6340/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6383/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6383/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6383/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6434/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6434/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
/proc/6434/uid_map
|
ASCII text, with no line terminators
|
dropped
|
There are 36 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/bin/exo-open
|
exo-open http://31.214.243.29/Demon.mips
|
||
/usr/bin/exo-open
|
n/a
|
||
/usr/bin/exo-open
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2
|
/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2 --launch WebBrowser http://31.214.243.29/Demon.mips
|
||
/usr/lib/x86_64-linux-gnu/xfce4/exo-2/exo-helper-2
|
n/a
|
||
/usr/bin/sensible-browser
|
/usr/bin/sensible-browser http://31.214.243.29/Demon.mips
|
||
/usr/bin/sensible-browser
|
n/a
|
||
/usr/bin/which
|
which sensible-browser
|
||
/usr/bin/x-www-browser
|
/usr/bin/x-www-browser http://31.214.243.29/Demon.mips
|
||
/usr/bin/x-www-browser
|
n/a
|
||
/usr/bin/which
|
which /usr/bin/x-www-browser
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox http://31.214.243.29/Demon.mips
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/bin/lsb_release
|
/usr/bin/lsb_release -idrc
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/bin/dbus-launch
|
dbus-launch --autolaunch=ee49dfd4fa47433baee88884e2d7de7c --binary-syntax --close-stderr
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -parentBuildID 20210816143654 -prefsLen 1 -prefMapSize 238647 -appdir /usr/lib/firefox/browser
6247 true socket
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 188 -prefMapSize 238647 -jsInit 285716 -parentBuildID
20210816143654 -appdir /usr/lib/firefox/browser 6247 true tab
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 5911 -prefMapSize 238647 -jsInit 285716 -parentBuildID
20210816143654 -appdir /usr/lib/firefox/browser 6247 true tab
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
n/a
|
||
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6099 -prefMapSize 238647 -jsInit 285716 -parentBuildID
20210816143654 -appdir /usr/lib/firefox/browser 6247 true tab
|
There are 20 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://31.214.243.29/Demon.mips
|
|||
http://31.214.243.29/Demon.mips
|
31.214.243.29
|
||
http://31.214.243.29/Demon.mipsstrongly-framed1request-methodGETresponse-headHTTP/1.1
|
unknown
|
||
https://www.google.com/policies/privacy/
|
unknown
|
||
http://www.billybobbot.com/crawler/)
|
unknown
|
||
https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records
|
unknown
|
||
https://support.mozilla.org/kb/
|
unknown
|
||
https://firefox.settings.services.mozilla.com/v1/
|
35.241.9.150
|
||
https://yandex.com
|
unknown
|
||
https://trr.dns.nextdns.io/
|
unknown
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=921157
|
unknown
|
||
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes
|
unknown
|
||
https://private.canadianshield.cira.ca/dns-query
|
unknown
|
||
http://31.214.243.29/
|
unknown
|
||
http://mozilla.org/MPL/2.0/.
|
unknown
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
|
unknown
|
||
https://ebay.com
|
unknown
|
||
https://www.openh264.org/
|
unknown
|
||
http://pki.goog/repo/certs/gtsr1.der04
|
unknown
|
||
https://firefox.dns.next
|
unknown
|
||
https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
|
unknown
|
||
http://31.214.243.29/predictor::seen1
|
unknown
|
||
https://twitter.com
|
unknown
|
||
http://x1.c.lencr.org/0
|
unknown
|
||
http://x1.i.lencr.org/0
|
unknown
|
||
https://firefox.dns.nextdns.io/
|
unknown
|
||
https://remote-settings.readthedocs.io
|
unknown
|
||
https://profiler.firefox.com
|
unknown
|
||
http://json-schema.org/draft-04/schema#
|
unknown
|
||
http://www.baidu.com/search/spider.html)
|
unknown
|
||
https://mozilla.cloudflare-dns.com/dns-query
|
unknown
|
||
http://fast.no/support/crawler.asp)
|
unknown
|
||
https://doh.xfinity.com/dns-query
|
unknown
|
||
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
|
unknown
|
||
http://kinto.readthedocs.io/en/latest/tutorials/synchronisation.html#polling-for-remote-changes
|
unknown
|
||
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/4f1bcaa0-ddf9-43ef-aca3-8378c4d05582.ftl
|
34.111.73.144
|
||
https://www.widevine.com/
|
unknown
|
||
http://crl.rootca1.amazontrust.com/rootca1.crl0
|
unknown
|
||
https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records
|
unknown
|
||
http://crl.pki.goog/gtsr1/gtsr1.crl0W
|
unknown
|
||
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
|
unknown
|
||
http://ocsp.rootca1.amazontrust.com0:
|
unknown
|
||
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
|
unknown
|
||
https://pki.goog/repository/0
|
unknown
|
||
https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-language-packs/4f1bcaa0-ddf9-
|
unknown
|
||
https://push.services.mozilla.com/
|
52.25.208.227
|
||
https://firefox.settings.services.mozilla.com/v1
|
unknown
|
||
https://duckduckgo.com
|
unknown
|
||
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
|
unknown
|
||
https://github.com/Kinto/kinto-attachment/
|
unknown
|
||
https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
|
35.241.9.150
|
||
https://amazon.com
|
unknown
|
||
http://crt.rootca1.amazontrust.com/rootca1.cer0?
|
unknown
|
||
https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
|
unknown
|
||
https://firefox-settings-attachments.cdn.mozilla.net/
|
unknown
|
||
https://support.mozilla.org/kb/flash-protected-mode-autodisabled
|
unknown
|
||
https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2021-09-19-15-17-11.chain
|
34.160.144.191
|
||
http://crl.pki.goog/gsr2/gsr2.crl0?
|
unknown
|
||
https://google.com
|
unknown
|
||
http://feedback.redkolibri.com/
|
unknown
|
||
http://www.baidu.com/search/spider.htm)
|
unknown
|
||
https://hg.mozilla.org/releases/mozilla-release/rev/7dafd5f51c0afd1ae627bb4762ac0c140a6cd5f5
|
unknown
|
||
https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
|
unknown
|
||
https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
|
unknown
|
||
https://baidu.com
|
unknown
|
There are 54 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
star-mini.c10r.facebook.com
|
157.240.20.35
|
||
fennec-catalog-cdn.prod.mozaws.net
|
34.111.73.144
|
||
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
twitter.com
|
104.244.42.129
|
||
youtube-ui.l.google.com
|
142.250.185.142
|
||
autopush.prod.mozaws.net
|
52.10.254.200
|
||
reddit.map.fastly.net
|
151.101.65.140
|
||
firefox.settings.services.mozilla.com
|
35.241.9.150
|
||
prod.ingestion-edge.prod.dataops.mozgcp.net
|
34.120.208.123
|
||
dyna.wikimedia.org
|
91.198.174.192
|
||
www.example.com
|
93.184.216.34
|
||
prod.content-signature-chains.prod.webservices.mozgcp.net
|
34.160.144.191
|
||
www.facebook.com
|
unknown
|
||
www.reddit.com
|
unknown
|
||
content-signature-2.cdn.mozilla.net
|
unknown
|
||
push.services.mozilla.com
|
unknown
|
||
www.youtube.com
|
unknown
|
||
www.wikipedia.org
|
unknown
|
||
firefox-settings-attachments.cdn.mozilla.net
|
unknown
|
There are 9 hidden domains, click here to show them.
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
44.231.103.117
|
unknown
|
United States
|
||
52.25.208.227
|
unknown
|
United States
|
||
31.214.243.29
|
unknown
|
Germany
|
||
34.160.144.191
|
prod.content-signature-chains.prod.webservices.mozgcp.net
|
United States
|
||
109.202.202.202
|
unknown
|
Switzerland
|
||
91.189.91.43
|
unknown
|
United Kingdom
|
||
34.120.208.123
|
prod.ingestion-edge.prod.dataops.mozgcp.net
|
United States
|
||
34.111.73.144
|
fennec-catalog-cdn.prod.mozaws.net
|
United States
|
||
91.189.91.42
|
unknown
|
United Kingdom
|
||
35.241.9.150
|
firefox.settings.services.mozilla.com
|
United States
|
There are 1 hidden IPs, click here to show them.