Edit tour

Linux Analysis Report
http://cdn2.inner-active.mobi

Overview

General Information

Sample URL:	http://cdn2.inner-active.mobi
Analysis ID:	1368577
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Queries the installed Ubuntu/CentOS release

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.

General Information

Joe Sandbox version:	38.0.0 Ammolite
Analysis ID:	1368577
Start date and time:	2024-01-01 20:07:01 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://cdn2.inner-active.mobi
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Detection:	CLEAN
Classification:	clean1.lin@0/71@18/0

Warnings

Excluded IPs from analysis (whitelisted): 34.107.243.93, 23.60.12.50, 23.60.12.19
Excluded domains from analysis (whitelisted): a19.dscg10.akamai.net, ciscobinary.openh264.org, autopush.prod.mozaws.net, a17.rackcdn.com.mdc.edgesuite.net, aus5.mozilla.org, snippets.cdn.mozilla.net

Process Tree

system is lnxubuntu1

exo-open (PID: 4744, Parent: 4684, MD5: 39c5fa78f1cb3d950b9944f784018d3a) Arguments: exo-open http://cdn2.inner-active.mobi

exo-open New Fork (PID: 4751, Parent: 4744)

exo-open New Fork (PID: 4752, Parent: 4751)

exo-helper-1 (PID: 4752, Parent: 1656, MD5: c27a648e34ba5ce625d064af015be147) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://cdn2.inner-active.mobi

exo-helper-1 New Fork (PID: 4759, Parent: 4752)

sensible-browser (PID: 4759, Parent: 4752, MD5: a5909f49ad9c97574d2b4c49cc24905d) Arguments: /bin/sh /usr/bin/sensible-browser http://cdn2.inner-active.mobi

x-www-browser (PID: 4759, Parent: 4752, MD5: 42b33a4578e4a51d8a5d1010c466a9d7) Arguments: /bin/sh /usr/bin/x-www-browser http://cdn2.inner-active.mobi

x-www-browser New Fork (PID: 4760, Parent: 4759)

which (PID: 4760, Parent: 4759, MD5: e942f154ef9d9974366551d2d231d936) Arguments: /bin/sh /usr/bin/which /usr/bin/x-www-browser

firefox (PID: 4759, Parent: 4752, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox http://cdn2.inner-active.mobi

firefox New Fork (PID: 4773, Parent: 4759)

firefox New Fork (PID: 4787, Parent: 4759)

firefox New Fork (PID: 4801, Parent: 4759)

lsb_release (PID: 4801, Parent: 4759, MD5: 18cba7de7bfedd0d9f027bd1c54cc2b2) Arguments: /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

firefox New Fork (PID: 4822, Parent: 4759)

dbus-launch (PID: 4822, Parent: 4759, MD5: e4a469f27d130d783c21ce9c1c4456c3) Arguments: dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr

firefox New Fork (PID: 4892, Parent: 4759)

firefox New Fork (PID: 4893, Parent: 4892)

firefox (PID: 4892, Parent: 4759, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4759 true tab

firefox New Fork (PID: 4944, Parent: 4759)

firefox New Fork (PID: 4945, Parent: 4944)

firefox (PID: 4944, Parent: 4759, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4759 true tab

firefox New Fork (PID: 4985, Parent: 4759)

firefox New Fork (PID: 4986, Parent: 4985)

firefox (PID: 4985, Parent: 4759, MD5: 9a5584c0c2c9ac6b1ba6296513075910) Arguments: /usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4759 true tab

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary
• Persistence and Installation Behavior
• Malware Analysis System Evasion
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58536 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cdn2.inner-active.mobiUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cdn2.inner-active.mobiUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive

Source: unknown

DNS traffic detected: queries for: cdn2.inner-active.mobi

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: max-age=0Content-Type: application/xmlDate: Mon, 01 Jan 2024 19:07:37 GMTExpires: Mon, 01 Jan 2024 19:07:38 GMTServer: AmazonS3x-amz-bucket-region: eu-west-1x-amz-id-2: Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7SjECRLT1Of7EXnd7w=x-amz-request-id: ATEDTBEAVQXRRX7GTransfer-Encoding: chunkedData Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 41 54 45 44 54 42 45 41 56 51 58 52 52 58 37 47 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4b 6e 35 49 4a 44 34 6c 4e 6e 39 74 65 66 53 54 46 53 61 52 68 49 6c 75 5a 74 6d 46 6e 6e 73 59 67 4f 7a 6d 77 37 32 31 58 57 65 77 50 78 51 57 73 30 50 48 73 63 46 6c 77 37 53 6a 45 43 52 4c 54 31 4f 66 37 45 58 6e 64 37 77 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>ATEDTBEAVQXRRX7G</RequestId><HostId>Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7SjECRLT1Of7EXnd7w=</HostId></Error>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: max-age=0Content-Type: application/xmlDate: Mon, 01 Jan 2024 19:07:38 GMTExpires: Mon, 01 Jan 2024 19:07:39 GMTServer: AmazonS3x-amz-id-2: lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU=x-amz-request-id: ATEBZMJ3ZNXH01CSTransfer-Encoding: chunkedData Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 41 54 45 42 5a 4d 4a 33 5a 4e 58 48 30 31 43 53 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 6c 72 51 79 6e 4e 38 41 41 6f 6a 44 79 75 51 59 34 36 74 64 59 4f 68 4f 78 57 4f 2b 43 43 4d 6d 73 54 57 32 43 45 4d 50 6b 77 54 63 6c 37 77 79 6b 56 53 4a 33 37 52 6e 49 59 72 75 7a 5a 4c 72 78 39 4b 6d 2b 61 31 51 39 5a 55 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>ATEBZMJ3ZNXH01CS</RequestId><HostId>lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU=</HostId></Error>0

Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://%(server)s/dummy/blocklist/)signon.autofillForms-signon.rememberSignons9startup.homepage_welc
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://%(server)s/dummy/healthreport/cdatareporting.healthreport.logging.consoleEnabledUdatareportin
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/I
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://a9.com/-/spec/opensearch/1.0/Ihttp://a9.com/-/spec/opensearch/1.1/_http://a9.com/-/spec/opens
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://a9.com/-/spec/opensearch/1.1/_
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/_
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi
Source: recovery.jsonlz4.tmp.34.dr, 3ED3928D712929ABC19B0EA9C107357775D9F193.34.dr, 969343CCF87C88DC562A5C27B3F48C2B3F0C6551.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi/
Source: 07676B8418AD0428FBB3C5D65D5BF5AC9D097CA2.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi/favicon.ico
Source: 07676B8418AD0428FBB3C5D65D5BF5AC9D097CA2.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.1
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi/ibom.evitca-renni.2ndc.
Source: 3ED3928D712929ABC19B0EA9C107357775D9F193.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi/necko:classified1strongly-framed1request-methodGETresponse-headHTTP/1.
Source: 969343CCF87C88DC562A5C27B3F48C2B3F0C6551.34.dr	String found in binary or memory: http://cdn2.inner-active.mobi/predictor::seen1
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://json-schema.org/draft-04/schema#
Source: scriptCache-child-new.bin.34.dr	String found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.mozilla.org/2006/addons-blocklist
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul-
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul-getElementsByTagNameNS
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.mozilla.org/newlayout/xml/parsererror.xml
Source: scriptCache-new.bin.34.dr	String found in binary or memory: http://www.openh264.org/
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://.bN
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://amazon.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://baidu.com
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1243643
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://developer.mozilla.org/docs/JavaScript_OS.File
Source: scriptCache-child-new.bin.34.dr	String found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIBrowserSearchService#async_war
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://discovery.addons-dev.allizom.org
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://discovery.addons.allizom.orgQ
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://discovery.addons.mozilla.org
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://duckduckgo.com
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://ebay.com
Source: webext.sc.lz4.tmp.34.dr	String found in binary or memory: https://github.com/
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://google.com
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/37ecfd08ffee9924609121aaec3f101598f8a84e
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr, 4098689E1EA45FF0094F1C8088E49251FFFF7585.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://support.mozilla.org/kb/flash-protected-mode-autodisabled
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://twitter.com
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://www.google.com/policies/privacy/3
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://www.google.com/policies/privacy/3https://www.widevine.com/
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://www.widevine.com/
Source: scriptCache-new.bin.34.dr	String found in binary or memory: https://yandex.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46980
Source: unknown	Network traffic detected: HTTP traffic on port 46978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58536 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58536
Source: unknown	Network traffic detected: HTTP traffic on port 46980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 46978
Source: unknown	Network traffic detected: HTTP traffic on port 46982 -> 443

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58536 version: TLS 1.2

Source: classification engine

Classification label: clean1.lin@0/71@18/0

Source: /usr/bin/exo-open (PID: 4744)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4752)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4752)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4752)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4759)	Directory: /home/james/.cache	Jump to behavior

Source: /usr/bin/exo-open (PID: 4744)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4752)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4759)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4787)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4822)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4892)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4944)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4985)	Queries kernel information via 'uname':	Jump to behavior

Source: /usr/lib/firefox/firefox (PID: 4801)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	1 Hidden Files and Directories	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	3 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Malware Configuration

⊘No configs have been found

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://cdn2.inner-active.mobi	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi	0%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://pki.goog/repository/0	0%	URL Reputation	safe
http://%(server)s/dummy/blocklist/)signon.autofillForms-signon.rememberSignons9startup.homepage_welc	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi/favicon.ico	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi/necko:classified1strongly-framed1request-methodGETresponse-headHTTP/1.	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi/	0%	Avira URL Cloud	safe
https://discovery.addons-dev.allizom.org	0%	Avira URL Cloud	safe
https://discovery.addons.allizom.orgQ	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi/	0%	Virustotal		Browse
http://%(server)s/dummy/healthreport/cdatareporting.healthreport.logging.consoleEnabledUdatareportin	0%	Avira URL Cloud	safe
https://discovery.addons-dev.allizom.org	0%	Virustotal		Browse
http://cdn2.inner-active.mobi/predictor::seen1	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi/ibom.evitca-renni.2ndc.	0%	Avira URL Cloud	safe
http://cdn2.inner-active.mobi/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.1	0%	Avira URL Cloud	safe
https://.bN	0%	Avira URL Cloud	safe
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org	0%	Avira URL Cloud	safe
http://crl.pki.goog/gsr2/gsr2.crl0?	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true	false	unknown
fp3282.wpc.thetacdn.net	152.199.6.223	true	false	unknown
d228z91au11ukj.cloudfront.net	3.163.115.8	true	false	high
cdn2.inner-active.mobi	unknown	unknown	false	unknown
push.services.mozilla.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://cdn2.inner-active.mobi/favicon.ico	false	Avira URL Cloud: safe	unknown
http://cdn2.inner-active.mobi/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://%(server)s/dummy/blocklist/)signon.autofillForms-signon.rememberSignons9startup.homepage_welc	scriptCache-new.bin.34.dr	false	Avira URL Cloud: safe	low
http://www.debian.org/gro.naibed.www.	places.sqlite-wal.34.dr	false		high
https://yandex.com	scriptCache-new.bin.34.dr	false		high
http://www.ubuntu.com	places.sqlite-wal.34.dr	false		high
https://discovery.addons-dev.allizom.org	scriptCache-new.bin.34.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/policies/privacy/3https://www.widevine.com/	scriptCache-new.bin.34.dr	false		high
http://mozilla.org/MPL/2.0/.	scriptCache-child-new.bin.34.dr	false		high
http://www.ubuntu.com/moc.utnubu.www.	places.sqlite-wal.34.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1238180	scriptCache-new.bin.34.dr	false		high
https://ebay.com	scriptCache-new.bin.34.dr	false		high
http://a9.com/-/spec/opensearch/1.0/I	scriptCache-new.bin.34.dr	false		high
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire	places.sqlite-wal.34.dr	false		high
http://a9.com/-/spec/opensearchdescription/1.0/	scriptCache-new.bin.34.dr	false		high
https://developer.mozilla.org/docs/JavaScript_OS.File	scriptCache-new.bin.34.dr	false		high
https://github.com/	webext.sc.lz4.tmp.34.dr	false		high
https://twitter.com	scriptCache-new.bin.34.dr	false		high
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/	scriptCache-new.bin.34.dr	false		high
http://json-schema.org/draft-04/schema#	scriptCache-new.bin.34.dr	false		high
http://a9.com/-/spec/opensearch/1.0/Ihttp://a9.com/-/spec/opensearch/1.1/_http://a9.com/-/spec/opens	scriptCache-new.bin.34.dr	false		high
http://cdn2.inner-active.mobi/necko:classified1strongly-framed1request-methodGETresponse-headHTTP/1.	3ED3928D712929ABC19B0EA9C107357775D9F193.34.dr	false	Avira URL Cloud: safe	unknown
https://discovery.addons.allizom.orgQ	scriptCache-new.bin.34.dr	false	Avira URL Cloud: safe	unknown
http://www.debian.org	places.sqlite-wal.34.dr	false		high
http://cdn2.inner-active.mobi	places.sqlite-wal.34.dr	false		unknown
http://a9.com/-/spec/opensearchdescription/1.1/_	scriptCache-new.bin.34.dr	false		high
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.	places.sqlite-wal.34.dr	false		high
http://%(server)s/dummy/healthreport/cdatareporting.healthreport.logging.consoleEnabledUdatareportin	scriptCache-new.bin.34.dr	false	Avira URL Cloud: safe	low
https://www.widevine.com/	scriptCache-new.bin.34.dr	false		high
https://hg.mozilla.org/releases/mozilla-release/rev/37ecfd08ffee9924609121aaec3f101598f8a84e	scriptCache-new.bin.34.dr	false		high
https://www.google.com/policies/privacy/3	scriptCache-new.bin.34.dr	false		high
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations	scriptCache-child-new.bin.34.dr	false		high
http://a9.com/-/spec/opensearch/1.1/_	scriptCache-new.bin.34.dr	false		high
http://wiki.ubuntu.com/moc.utnubu.ikiw.	places.sqlite-wal.34.dr	false		high
https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes	scriptCache-new.bin.34.dr	false		high
https://developer.mozilla.org/en-US/docs/JavaScript_OS.File/OS.File.Info#Cross-platform_Attributes/_	scriptCache-new.bin.34.dr	false		high
https://pki.goog/repository/0	cert9.db-journal.34.dr, cert9.db.34.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/reset-firefox-easily-fix-most-problems	scriptCache-new.bin.34.dr	false		high
http://cdn2.inner-active.mobi/predictor::seen1	969343CCF87C88DC562A5C27B3F48C2B3F0C6551.34.dr	false	Avira URL Cloud: safe	unknown
https://answers.launchpad.net/ubuntu/	places.sqlite-wal.34.dr	false		high
https://duckduckgo.com	scriptCache-new.bin.34.dr	false		high
https://bugzilla.mozilla.org/show_bug.cgi?id=1243643	scriptCache-new.bin.34.dr	false		high
https://answers.launchpad.net	places.sqlite-wal.34.dr	false		high
http://cdn2.inner-active.mobi/ibom.evitca-renni.2ndc.	places.sqlite-wal.34.dr	false	Avira URL Cloud: safe	unknown
http://www.openh264.org/	scriptCache-new.bin.34.dr	false		high
https://amazon.com	scriptCache-new.bin.34.dr	false		high
http://cdn2.inner-active.mobi/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.1	07676B8418AD0428FBB3C5D65D5BF5AC9D097CA2.34.dr	false	Avira URL Cloud: safe	unknown
https://.bN	webext.sc.lz4.tmp.34.dr	false	Avira URL Cloud: safe	low
http://wiki.ubuntu.com	places.sqlite-wal.34.dr	false		high
https://support.mozilla.org/kb/flash-protected-mode-autodisabled	scriptCache-new.bin.34.dr	false		high
https://discovery.addons.mozilla.org	scriptCache-new.bin.34.dr	false		high
https://support.mozilla.org	places.sqlite-wal.34.dr	false		high
https://discovery.addons.allizom.orgQhttps://discovery.addons-dev.allizom.org	scriptCache-new.bin.34.dr	false	Avira URL Cloud: safe	unknown
http://crl.pki.goog/gsr2/gsr2.crl0?	cert9.db-journal.34.dr, cert9.db.34.dr	false	Avira URL Cloud: safe	unknown
https://google.com	scriptCache-new.bin.34.dr	false		high
https://baidu.com	scriptCache-new.bin.34.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
3.163.115.8	d228z91au11ukj.cloudfront.net	United States	16509	AMAZON-02US	false
152.199.6.223	fp3282.wpc.thetacdn.net	United States	15133	EDGECASTUS	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/home/james/.cache/dconf/user

Download File

Process:	/usr/lib/firefox/firefox
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	93B885ADFE0DA089CDF634904FD59F71
SHA1:	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F
SHA-256:	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
SHA-512:	B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB293C324A8423342557D4E5C38438F0E36910EE
Malicious:	false
Reputation:	low
Preview:	.

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/07676B8418AD0428FBB3C5D65D5BF5AC9D097CA2

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	1074
Entropy (8bit):	5.84804112769729
Encrypted:	false
SSDEEP:	24:2d9BECEODBlth5HA9lXv3c3hy0ASDpJc3hy0ASDp61:c9c6BltUkyMIyMk1
MD5:	24C30FED4D43086EFCCBF6E503508D5B
SHA1:	575E509D3F94E50C1BD51B2A6B6C58DAC5C59769
SHA-256:	E9C6766DFEDDC3F0510E641CE5BF1CFB2E0350FFF536462A9272F6FD41A3099F
SHA-512:	3196A5F723B72FE4E6A6B7C0F09B964DF802D25FBF008B96BC3C2793DAC6084E64F244593842B9B32C82B92411D09EF1F497070D9F44E2BEDF02AF220C45455A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>ATEBZMJ3ZNXH01CS</RequestId><HostId>lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU=</HostId></Error>hi.&.1........e..ye..yFg.O.......*....:http://cdn2.inner-active.mobi/favicon.ico.strongly-framed.1.request-method.GET.response-head.HTTP/1.1 403 Forbidden..Cache-Control: max-age=0..Content-Type: application/xml..Date: Mon, 01 Jan 2024 19:07:38 GMT..Expires: Mon, 01 Jan 2024 19:07:39 GMT..Server: AmazonS3..x-amz-id-2: lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU=..x-amz-request-id: ATEBZMJ3ZNXH01CS...original-response-headers.Cache-Control: max-age=0..Content-Type: application/xml..Date: Mon, 01 Jan 2024 19:07:38 GMT..Expires: Mon, 01 Jan 2024 19:07:39 GMT..Server: AmazonS3..x-amz-id-2: lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU=..x-amz-request-id: ATEBZMJ3ZNXH01CS..Transfer-Encoding:

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3ED3928D712929ABC19B0EA9C107357775D9F193

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	1146
Entropy (8bit):	5.767651538979774
Encrypted:	false
SSDEEP:	24:2d9BEC4yb/l8altsZgA9lXv3c37lEyZXc37lEyZZQ:c9QWualtC2qvq8Q
MD5:	01F73937EFE10C720AEC7D353C2C2E02
SHA1:	17FD054AA94898DE4A0BEB793787341EA9266E9B
SHA-256:	7EB9D4CA1E1AEBB1B79DA3CB0DAC42664CC83084AB34C1AFB657D3191E6C967C
SHA-512:	330A4E54DE43AFA22E41F14E43D678E5063E0BCB5E1EDC73033FD0965F61C57A31CBBCBD05C055DF54ECC965BDC3145FE1AB9DAEDDC6CE4E5AB15BF748976EFD
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>ATEDTBEAVQXRRX7G</RequestId><HostId>Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7SjECRLT1Of7EXnd7w=</HostId></Error>1..mJ.........e..xe..yFg.O............:http://cdn2.inner-active.mobi/.necko:classified.1.strongly-framed.1.request-method.GET.response-head.HTTP/1.1 403 Forbidden..Cache-Control: max-age=0..Content-Type: application/xml..Date: Mon, 01 Jan 2024 19:07:37 GMT..Expires: Mon, 01 Jan 2024 19:07:38 GMT..Server: AmazonS3..x-amz-bucket-region: eu-west-1..x-amz-id-2: Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7SjECRLT1Of7EXnd7w=..x-amz-request-id: ATEDTBEAVQXRRX7G...original-response-headers.Cache-Control: max-age=0..Content-Type: application/xml..Date: Mon, 01 Jan 2024 19:07:37 GMT..Expires: Mon, 01 Jan 2024 19:07:38 GMT..Server: AmazonS3..x-amz-bucket-region: eu-west-1..x-amz-id-2: Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7Sj

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	7638
Entropy (8bit):	6.076437148312677
Encrypted:	false
SSDEEP:	192:vkj7i75jaVqWWj7i75jaVqWtfbaI8j3q74i34iU:vkj7eeVkj7eeVnTaId7f3fU
MD5:	B0D68E27D9AB9464E6FADB9B8B9CCC45
SHA1:	F6A6C8998BD27633D1869C51AA341A7FC3E7161F
SHA-256:	62F7831A83E9C28089C431F9727285D3FB78CDECC02D085129A518AA1B7B4B78
SHA-512:	C4A6FB27B76B2227C99A72C635E2748E9F1A275661EB96B53DEDCB1F873E0DE3FE6EEC99C8B697B226BD1E7BB38B8D47D0F00FAAB93CEDD383F62CABC3508CED
Malicious:	false
Reputation:	low
Preview:	(.>.........e..ye..zFg.O............:https://snippets.cdn.mozilla.net/6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/.necko:classified.1.strongly-framed.0.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWVMIIFkTCCA3mgAwIBAgISBP30lB7gTyS/xvDhixxm2GswMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjMxMjMxMTkwNzM4WhcNMjQxMjMwMTkwNzM4WjAcMRowGAYDVQQDDBEqLmNkbi5tb3ppbGxhLm5ldDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBALUahxygTwQV83GYlvSY414lBg/yYLFOGpYcrbrJZHCpLGd6t+zvJfl4ZjB1toSZt3gkqNrOXVo4xRAUpDKFzj7X+kqbt+EsNL0k0Kb03xAlJM2s++RzcyXzGMKJixr1ly6LuurBBzGoOhuPNm8EEK/E0OiVBlON0rm2bnqRVBDZpv3VYqvrYE9uiXsWAPE

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/88501EF5595DDA9CF633105C8280693B0F4E93C5

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	515722
Entropy (8bit):	7.991377486362423
Encrypted:	true
SSDEEP:	12288:gWQAdZAFhMKSIlGsGv+d19rUQlhvAQ2+z2ZYUsupNqw:zvoWrQGLMv3vy+z20upgw
MD5:	D75247CD502F01A8C072E723E63E18B9
SHA1:	CE8D5FD7E56ABE288496C138BAEB1A24A14B42D9
SHA-256:	E2B5A92C197EA4C94394492A59B7E36665EEC95272137A1F8624C4597AADAFCB
SHA-512:	E1086EE6E4FB60A1AA11B5626594B97695533A8E269D776877CEBD5CF29088619E2C164E7BD1EBA5486F772C943F2EFEC723F69CC48478EC84A11D7B61CA1865
Malicious:	false
Reputation:	low
Preview:	PK.........[.H..p............libgmpopenh264.soUT...:v.W:v.Wux..............}.\SI....Q..b...+j(*.P..........".#.b..5......b..{W.].I.?..Jv.y.}>.{....3g.9e.P.@?s33..+.....g.1.-.^.f......,...r..e.r...c.{r......,.<...........x.3..".O.W.3.CaO+.......Y..?-.=H.2\|....^.......~..........0..m.;q.....5...e~3./...om...P..).o.@.oC.G.....[..........<9n.$.....WF.6..[..Wo;....Up..H.\...K........F./kG..........f.[Df.....Wp.u....Wb....Ks...E^s.2.....f.......V......K8...bq..!.......J.P[8s..:....3...,9{..(.f"...A.V.}.."/..Bn......J...k..6R.....5D"...\\..H.i%2."N..YH..<-.,9'[..Y..8rV#9+s.1f...w..j...\+..w..rsKN&...kZhl-.ejqbu=Q.+[...fj.....3....+.f....Td6.Btn.pN,.h...t2#....X..Qs...N.....&..8.,sGn4..C.a..zf.%~..f......6..nr.3.......!...z..one>..PO5..sZ..........E..B,.\..E.5...]8.d.Z.-8..@gKs3.....UQ.B.^EJ..c..<...?:..Yl..9u..w.8....L.Y......8U..KJI...\..E..[7.`E...a&.d5\|.....q\q2v.z.#..V9J9N.Q=.\.-....u+.I.r....{..9bfaaa.U..,..,rs.G.e2....Ug&...-.i..%".P.}u".

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/969343CCF87C88DC562A5C27B3F48C2B3F0C6551

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	108
Entropy (8bit):	4.633741531683453
Encrypted:	false
SSDEEP:	3:Hha56aaRl/8tb9vX3XDkAdBLo/bQHcM+VXkHsX3u+llln:Ba56aaDqlXDFX7HcMs8sHHl/n
MD5:	4C6FC5E0BA2459F02B5A136812A11F73
SHA1:	5F49D6EE022F40AE9AE2E6FCA33A98B04393666C
SHA-256:	2A357891D653E0905927ED0D5FB3969DBB6856BA3C2DCA3E05CB38CA1EB41947
SHA-512:	A32D084B5F911B5B8EFE0227D8630A6D6FB75E3F5C69272ED8BEAA4E7DFAB5D1B9A84CC49A9357DE8B30E162CEED47F833FF279CCFEBD25A064488FB1ADC4B18
Malicious:	false
Reputation:	low
Preview:	.?.U........e..xe..xFg.O.......1....~predictor-origin,:http://cdn2.inner-active.mobi/.predictor::seen.1.....

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	15139
Entropy (8bit):	6.073335124023194
Encrypted:	false
SSDEEP:	384:xIj7eeVkj7eeVnTaIdK+8Ij7eeVkj7eeVnTaIdK+O:xI/ee2/eeBa8uI/ee2/eeBa88
MD5:	83F679646D0C20FA74840B544D30ABBD
SHA1:	93D3E959718D1E299088F64D4BE88696FAA6E35B
SHA-256:	E956F75EEBF135BA91C0DBC4B2FA08263CD5626AF9EFFD9E9EDD41972A810851
SHA-512:	8A53C073B0A73B20066AE5083E84D5499BE4E6D49F3CEB4F8FDFB88AC593FBE609CEEF9140DEE2568DF48A971AF585E496FD005C8DE929B2DD6BE831B7EA6F78
Malicious:	false
Reputation:	low
Preview:	{}.:.v.?6........e..ze..{Fg.Pe......S....:https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json.necko:classified.1.strongly-framed.1.security-info.FnhllAKWRHGAlo+ESXykKAAAAAAAAAAAwAAAAAAAAEaphjojH6pBabDSgSnsfLHeAAAAAgAAAAAAAAAAAAAAAAAAAAEAMQFmCjImkVxP+7sgiYWmMt8FvcOXmlQiTNWFiWlrbpbqgwAAAAAAAAWVMIIFkTCCA3mgAwIBAgISBP30lB7gTyS/xvDhixxm2GswMA0GCSqGSIb3DQEBCwUAMIGSMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzEqMCgGA1UECgwhVGhlIFVuaXZlcnNlIFNlY3VyaXR5IENvbXBhbnkgTHRkMSowKAYDVQQDDCFUaGUgVW5pdmVyc2UgU2VjdXJpdHkgQ29tcGFueSBMdGQwHhcNMjMxMjMxMTkwNzM4WhcNMjQxMjMwMTkwNzM4WjAcMRowGAYDVQQDDBEqLmNkbi5tb3ppbGxhLm5ldDCCASAwDQYJKoZIhvcNAQEBBQADggENADCCAQgCggEBALUahxygTwQV83GYlvSY414lBg/yYLFOGpYcrbrJZHCpLGd6t+zvJfl4ZjB1toSZt3gkqNrOXVo4xRAUpDKFzj7X+kqbt+EsNL0k0Kb03xAlJM2s++RzcyXzGMKJixr1ly6LuurBBzGoOhuPNm8EEK/E0OiVBlON0rm2bnqRVBDZpv3VYqvrYE9uiXsWAPEjx+9Jhbmc1bUfMu4G/BJ0hfx3wUcQccODCY2XUBW63mGqrAWxKsaLaUYumLuFvfge1QRYV/rMF4lhymncZu5pD7+4yRK1fCZU

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.59524688231097
Encrypted:	false
SSDEEP:	3:VUystlMl3YLLLLLLLLLLLZ69kHrRbXq6Eeqy8A5ljGR9:ek3klm7eQA5Nq
MD5:	D886A47C89D9C49C795DA345BC236990
SHA1:	59E863E0D2B4E428D8C738D48FA0F6F7BAC36849
SHA-256:	A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
SHA-512:	8B5A117BC33463F181458F0A99C14657B365CE2A7695DB346D2D086109176AD019DBD5A5F34F09DC3438E6C89CA93D83875DAA6D463EB06D995A2523FE51A5ED
Malicious:	false
Reputation:	low
Preview:	;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......5...8........G...r.E...&Y...Z.;O.C.X....Y9.H...]..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	71044
Entropy (8bit):	7.773438541966354
Encrypted:	false
SSDEEP:	1536:y2skugLebjn9aAt7UGSrqAv4IqISIPP9xubG:ycLAj9aAtY4AwIaIdxF
MD5:	60985C9439E7E254CA4EAD41AD1EFF32
SHA1:	184C8B3263D678D854F7B05FC41FDD3267A46FD6
SHA-256:	5DA0A3FFC814575410D0F58D9647944AF4EB0809BE9E3475CD96B94DC2B14B56
SHA-512:	6894ABAAD1B68CC8844D088832EEC9B5048E68190D8B330A8564D04330022F19A0ACFCFE7B15A0E4F90B8C84538DBF2FF4DA00DA80B5046F6F739A3C0A35B73D
Malicious:	false
Reputation:	low
Preview:	;.1..............................-.\....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../.-.\...z+...m....S..5..6..H.e..B...-.\.7n....~<.g94...f....\.~..s[.s..-.\.Yo..V..}B1.1k.........oS...y%..-.\.q#..QD.:..",=(.....l.......7.O..-.\....q.......A-@..R.,.m.....4.-.\......AS..F...b.. .V....o.Rs.3.-.\...ua...`...-.#,..{....D..RI....-.\..'.Y.....<~..H.(.).}...7...#w..-.\.+...g..K.A6...a....$.'....45.-.\.N...P......o.}4.<......'.@py....-.\.U.......V.yb...n......E.>.....-.\.Y..(.xZ..}...aFfuj.x.......@..-.\.h}...W@hC..6.B\|xoU/VY.p.....4..-.\...#...g.T..<BwH.t...4..#.jN:...-.\..Z7.15.J@h...Q..x....k.?.{..B.-.\...KJ..M....\._..mx'.........-.\..p..i...W.H..JQ.y\\|3vD.~.).f..-.\..w...MEL.{..I.>Bm..O.....E._A..-.\...U....X..3.}..,.>..c."9o.<.-.\...C.....8u..H.....a..j..Xb..n..-.\..mR......D..qD#...w....f.O.?...-.\.Sx..W......v.>7v...>..g.{..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	7648
Entropy (8bit):	7.734433994790214
Encrypted:	false
SSDEEP:	192:9R3/tArlx3czyJ7ALpZ8X7WIisGQchKjmD9ls6ZqOgC:Lvarn3czxLDuliuyD9lLZ7F
MD5:	0E8FE60CCD7E9B4C32589A5743A95302
SHA1:	190F3BC536C9489C707AE31DA32BF86947EA5D78
SHA-256:	2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
SHA-512:	0AF17BD91464F26072F42BACFBB6BA72E68FA07B9D5801A92B14624CC51EBD00AB127272CECD8DF6FE650FE07BF170FD6422D70C2E8CD8F9AD94BC11548446BD
Malicious:	false
Reputation:	low
Preview:	;.1.............................f/Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........T..]..h...........t.V..@..'.f/Y.hy..../..s:....@R$.Q...w..V...f/Y..Y..1...c./!>O.3!..2...f L.x.6f/Y..&F.}......ez.N.R..j....3.;.if/Y....t.J....b.n...5aL...../...f/Y.dm....5.S.k...y+.....T.....Q>f/Y..-..nj.p..z....g...^T......f/Y...`.t9..(...@..'..u.8v%.d..^.f/Y...Z>Z_.b.[).B!/..U.W.y!.G.u..f/Y..@..WG...PAG.I=tsO.......`.N.f/Y.f?..G....;.c.`X....z....j...K\|f/Y.j....A-'v...].]-.....Q..L.4.Jf/Y.{a...!.-#...7.b..\h.4.~..=.ff/Y..{B.7...Bx.K..@.v...76."..hf/Y..;..Q.......!.<...Bd9I.....Mf/Y.B..mFYTJ..5..yj".T.........f/Y. ..'.',1...D......".L/......e.Yf/Y.!W..C..W$........8h.A..Nr;}mf/Y.[..6n.ZkJ.....2........xn..f/Y..,..8n..-E.....s.\|.N..2..Z..f/Y....C.EI....21w.l...Q.p ....f..f/Y.K....J..+.C:...v1...jo.7......f/Y.C."..c.].,@.....u.}.....~

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	82744
Entropy (8bit):	7.772258239877141
Encrypted:	false
SSDEEP:	1536:RXoNNS+GqTr4HlEGVibr7rF5HlwU67HJxPU659kHvfrk++:RYfSAr4FRibr7rhojLPb5sU
MD5:	04824A1F92353F43EBB9E7F74B7476FD
SHA1:	C2636E8FFA8A5256D7D1F21E147101356E783114
SHA-256:	B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
SHA-512:	92914B56FB2BDCDDCC1BEE2BF4DC98420CF0B923D380BB889C8A6EBC333D74EA4DDCA915218BEA0E729782C4904983424F1DE15BE7087C5A5338AED7319A03E5
Malicious:	false
Reputation:	low
Preview:	;.1.............................a.!Z....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........0...6....#....O......Rg.m../a.!Z....Nt.HO5..... ..UM..7<....a.!Z...R..Cl.&/ZM....L...n..9.k.7<.a.!Z...z+...m....S..5..6..H.e..B..a.!Z.Yo..V..}B1.1k.........oS...y%.a.!Z.a{.{..>...M.3....[.THR..>...a.!Z.b.K#.... ..!D.n...}...#k..N..a.!Z.q#..QD.:..",=(.....l.......7.O.a.!Z....q.......A-@..R.,.m.....4a.!Z...Z....]..v..M.&.t...C.D.PA.h..a.!Z......AS..F...b.. .V....o.Rs.3a.!Z...ua...`...-.#,..{....D..RI...a.!Z..'.Y.....<~..H.(.).}...7...#w.a.!Z.N...P......o.}4.<......'.@py...a.!Z.U.......V.yb...n......E.>....a.!Z.V..<.>>....r..In+....v. :L.~..a.!Z.Y..(.xZ..}...aFfuj.x.......@.a.!Z.h}...W@hC..6.B\|xoU/VY.p.....4.a.!Z...#...g.T..<BwH.t...4..#.jN:..a.!Z..Z7.15.J@h...Q..x....k.?.{..Ba.!Z..p..i...W.H..JQ.y\\|3vD.~.).f..a.!Z..)Z.ns.@......O..F...c.9[x.pa.!Z...U....X..3.}..,.>..c."

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	268
Entropy (8bit):	4.291717925117119
Encrypted:	false
SSDEEP:	3:VUystlnlftwLLLLLLLLLLLg2qaXlY0WsLhxrbxq4Y0g42Vv:eziqaXlYfaNbg42Vv
MD5:	C921D8E98FA01B4F303481E112202E92
SHA1:	9D23B452AD0D06C355477CF70E3AA5D0ADFE6278
SHA-256:	4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
SHA-512:	D06422752562AFD1F8B94FF09FC9460BE58E07A84FC537FB6B56B1551C37DB7E56CB7932CC2D27D2FFE2CBAB6EC85BDDA6778F2E812E69E5193FCD6BC77066F2
Malicious:	false
Reputation:	low
Preview:	;.1.............................Q..Y....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......C..8.r..M.'j....-...~.B........Q..Y_.P..........X+.s.........cWn..Q..Y........g.,.}t.!

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.6124882616213143
Encrypted:	false
SSDEEP:	3:VUystlMl3YLLLLLLLLLLLpRy5Ae28XzWvhSSz17Sn:ekeU5AezzWvhSSZ7S
MD5:	6F85BC4B2ECB49E26B0BD83A821065D0
SHA1:	4DF430B4D63605E41855DBCB3837A189D4CC7604
SHA-256:	C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
SHA-512:	AE7688D501A1F59D4C247ED57BA0547F6376748AF57F554BA1B6DE0EF358ED5868721886BAF94813979B3A9968EC330CE11C41767E4AF42DB413EFC9556C2E22
Malicious:	false
Reputation:	low
Preview:	;.1..............................C.X....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......U...f.....aJ.-.....b..rE..{....C.X...U.K..yP.SQS.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	304
Entropy (8bit):	4.70325744277424
Encrypted:	false
SSDEEP:	3:VUystlCwLLLLLLLLLLLPaueiydb1Vf/cMLkBR53B2mZ6C6duKZ/PfuSv+/rI4:e9MHk5xaCQuWGjI4
MD5:	BA0009932844173BC8F9AF264229DF24
SHA1:	C8F6956FA86F4E9CF71599B735E28860245AE4B5
SHA-256:	66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
SHA-512:	582D7F28F41E6A7A5F882D15EC1F48D0BE57DC63E1A0D6E6A8BBD442A3AC27E38E0C3FDB3E1C30F416C41649391AFDE61F8079844B61A4995E0AB34D6CC8E745
Malicious:	false
Reputation:	low
Preview:	;.1...............................yZ....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......#...).=..HZE.E.........9N..u3.....yZ..?\.I.u...Mk..<.......Ly......yZ.J...t...{.6w..y.m......Xj..yZ.w....m .U-.mCL.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	3580
Entropy (8bit):	7.671891447828382
Encrypted:	false
SSDEEP:	96:kvmXn/rUKZuGD5fR3TNQCTBl0VyCt9wrEZRg5n:kunoKpD553BQ3t9OEzun
MD5:	D6ACF2573E12AFDD7939568804D3FCC1
SHA1:	5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E
SHA-256:	5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
SHA-512:	1F72C01AA332A6E3FC5F966ED2B12534653BCACF2DC242850877961CC4C16AC3BD1846939D56EA6E230A71F336F4B37F67E0070DDDB66D57BB51526DE52819CA
Malicious:	false
Reputation:	low
Preview:	;.1.....................^..........W....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............p.....a.....J.B..gZ.........W....+.O..!l$...K...aP....C.5......W..;..t7p.'..qR..,....x..lP..Z...W.1.[.8..^...x.T)..}.Uj2.t..._.B...W.......1.f\|....;.m..i...........W.Q....";...'N..o>....UD..........W.Um..Uz"K...H`."e..\|...'...L...v...W.B...`..r{@...J.^....@r...B....W.}..A.......@..A.G.q...@.5.....W Iod}..zVD../xY..p..h.Z.`i&......W$HWYI.;.~..m.~..5....`.$.J.....W)w.\...t.'[!....#...G~]..CS>.@{...W$.u..%.H4....p\\|..v..)...........W4.8....g.iQE...t.....z.X....N.....W5Feb).<@3Z._..f...e.y.....u.....W6;.')..K.0.b9G.2.n........eP.d.....W6]Y1_A]xZM.L./ozM1S^.a.s....P.H...W77......Oc......g.R....d9F.9.sY...W8.....[.-..............@.?.......W9.R,.j<.G..{.<.,.8..hW.V"../....W<...#5../......@ij...8%0.gX..6...W?.......V..Z\.)..P...w.f...-...W@....c.m.I...G.q.H.R.E.. .

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	0.3372900666170139
Encrypted:	false
SSDEEP:	3:kl:s
MD5:	076933FF9904D1110D896E2C525E39E5
SHA1:	4188442577FA77F25820D9B2D01CC446E30684AC
SHA-256:	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
SHA-512:	6FCEE9A7B7A7B821D241C03C82377928BC6882E7A08C78A4221199BFA220CDC55212273018EE613317C8293BB8D1CE08D1E017508E94E06AB85A734C99C7CC34
Malicious:	false
Reputation:	low
Preview:	................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	333988
Entropy (8bit):	7.7734168827853685
Encrypted:	false
SSDEEP:	6144:Cl/mBoixkKBn/Hd+os1p8vuG3SI7AT6/GIUegPF+8wkyyXDvo7TYwTS:4/FiHBn/9+o9GG3SID+IUey+ryXDOTYr
MD5:	845BEDB718B8941F643BB988F640E141
SHA1:	DB9BC33A9C9FF6E6D3651710DC1AC8D387759D24
SHA-256:	5083D014CC7E8CFB15D4803429A9AB5FA397E1010CE66D0C8B8215C7FC3C6FDE
SHA-512:	96B64D39DC9B4E137D5BB93FD7EF18ABAB3D956C2819C1E569B5E9971AEC465B4EA084058F7F7C1B9012F52AC61189C6D3CF07AD47D2015D372754096FA03349
Malicious:	false
Reputation:	low
Preview:	;.1.....................8$.......-.\....x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.............TV8.1..h@)..N.5.J..._.:BcT.-.\..a...'&.k.$..#.Y... -..W..(.-.\.".`....T..../[..A3..FI.rN<%N.".-.\.#<.k.+^5Q..k..jMY>.tj+.e....J.-.\.,.3b.E9ZC.j..N..l&3.XS.~b...B.-.\.-.s.vf^..9)#x<{.Y...<....z....-.\.?Yj...br4...........J.Z!......-.\.M...+.UJ.)..r..{.t.....f..B.-.\.R2."..'..k..9/z..`7d..#BmeN.j.-.\.T.........}i.<............y.-.\.U.6..."P'/.....J.....>j.E....O.-.\.b.&.-1.....7..[.UOS.W....=..R.-.\.m.#..,..D.&._^.jy.i...p.....hO.-.\.p...RrKJR.U..c"bG7.y.5..YU......-.\.t.L3..e...\.^.;2.......E...fB..-.\....a.):.;rk...U..P.....^..?.KV..-.\....'..>.$.B...3}...T.....E+.....-.\..H.K(.!.A.....(.....H...D..-.\...&q......Y.m4.D.'..S~..w.......-.\..(......7......h.5..P........4.-.\..=#.u@.9.-21.*.x....Gs....^.Ep.-.\..L..m.'..%.;..[.......z.DVn:.-.\.....8?.....h....q....!.j.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367009024331335
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLVtFKAuB079M3Xs/phm:eksMFKy9M3XIQ
MD5:	E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:	C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:	7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367009024331335
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLVtFKAuB079M3Xs/phm:eksMFKy9M3XIQ
MD5:	E2CF527CA7550B7E7BDF7311E483A2C3
SHA1:	C354190BB2B8A00A6051EF2FB86E189AB053FE93
SHA-256:	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
SHA-512:	7A585735ABFB1292B9FC4709B797F09C6BE4DC90A133FBEDB14428AAE79C6DE5FAAE0B151758A75BF90566C98E5BD2A8201E738F321688180BC5B5814A97BB69
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.........`E.eK.zQ.....H..`T1l..............`.j..G1I...r..

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3293711760593867
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLaJPKcZrl3LcC5rY+HVl7sAVZwn:eksbQa3Lz5JPgAVen
MD5:	051FB32DECE757BA112AC36DC72E3A91
SHA1:	A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:	ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3293711760593867
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLaJPKcZrl3LcC5rY+HVl7sAVZwn:eksbQa3Lz5JPgAVen
MD5:	051FB32DECE757BA112AC36DC72E3A91
SHA1:	A30D26CEE0F69FA67BF9E60BA692F4831373CC07
SHA-256:	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
SHA-512:	ADD2D3C503616070F056EA4E3A64FB54A2D8E75AF8FD5D9F1F8EE6B72A1D548FD4AB7D4A3256E4A6F4E1422631439DB62B251EE3F9D07B38A612AFF5E58936D5
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........1.....}/9<...?.nyg....N}........<<.@....{..]{:p

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3683561037768297
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLJnawdSW+vmhnki/0Bn:eksSajWQji0
MD5:	3675254E341DF799D4307C1F59109185
SHA1:	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:	9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.3683561037768297
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLJnawdSW+vmhnki/0Bn:eksSajWQji0
MD5:	3675254E341DF799D4307C1F59109185
SHA1:	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75
SHA-256:	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
SHA-512:	9344CA1456E1E74A4DAC833E0AF55DB9730F8AB2954A855B4A775A938B2055C86EFF367F25BAE80F2FFEA45ACEBADE10A8347ADD18222E715620DD864F2D8E4F
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........B.WG..a..E.+`D8.....a. ...D...q......w...X.Z.Z...~.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.302539208701039
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLOW4xUO0f0iI8hE1R73sBKD:eks3pf+8RABy
MD5:	3D1CE5E50208F0CB3B979186043A548F
SHA1:	10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:	AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8\|..d.\|..{

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.302539208701039
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLOW4xUO0f0iI8hE1R73sBKD:eks3pf+8RABy
MD5:	3D1CE5E50208F0CB3B979186043A548F
SHA1:	10C66032C5ACAC22D70670B9302437141E6371EF
SHA-256:	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
SHA-512:	AE2F35C0549C26251053689C90CE831F0C5742D6F7C1DC13482560B02FB4A6029F107E472FCB26BF41B4E89E47559490F5DA049D5B51864A3C4C2C2AE3F588C2
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........Y.......j..}`A=F......c..5.......T...8\|..d.\|..{

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	272
Entropy (8bit):	3.9834161156862735
Encrypted:	false
SSDEEP:	3:VUylllvl2lll1lCLLLLLLLLLLLQ0ZIn39lAN6r3Zzk9uYs/wPMuiC:rUiU3gNAigr/wMC
MD5:	95F28EDE25C301301F25FBBD9A3C56EC
SHA1:	80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:	C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:	false
Reputation:	low
Preview:	;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	272
Entropy (8bit):	3.9834161156862735
Encrypted:	false
SSDEEP:	3:VUylllvl2lll1lCLLLLLLLLLLLQ0ZIn39lAN6r3Zzk9uYs/wPMuiC:rUiU3gNAigr/wMC
MD5:	95F28EDE25C301301F25FBBD9A3C56EC
SHA1:	80F7D95AFC0DE8C608F672A6837C664EF847BCD5
SHA-256:	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
SHA-512:	C6E09C76840DDEA559E243E5C13881CFBCDCC7B0C2163461FDCCE1F3F5110E2B0BB553DE447A4E1E0D5EDF516EEEE2FAD5EFC15C398E101EF3C81501E55320AF
Malicious:	false
Reputation:	low
Preview:	;.1.........................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......Ik...Xf2.h.J.^..P>.A.:..I%8]........=(K_..W..{...L.w...:7.&.PH..26....U.]..)..{6....(.

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.4079994338327437
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLYdIVDdSxcEtY4NL/n:eksdWdSxc3wn
MD5:	65E942614EEE70680464AC4BE75019FC
SHA1:	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:	55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.4079994338327437
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLYdIVDdSxcEtY4NL/n:eksdWdSxc3wn
MD5:	65E942614EEE70680464AC4BE75019FC
SHA1:	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA
SHA-256:	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
SHA-512:	55B09573C235876D0CB4E6C20070CD1954CF1EB94F513A94985896237A350E48FCD47C88D5EC9632AB9D0AED4A59C250E69F59A59ED88F2A0AEB6734302744A9
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x........=Q.IU`.G...>...u..X...7...k6.b....k:u.z*N._)8.EhnZ

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367107760120435
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLge3nZsRusljWFgm:eks5EsRRQB
MD5:	A5695CC64D77967232B0C1344C6E72B3
SHA1:	B0F151A5292D4B796668B242BF896FDBB5A24B67
SHA-256:	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
SHA-512:	C09F56E91B41D01375C458A6CCC3FC0CEDC18696AEC5D7A2520C51905F4D9BC660F3AD28E69D64B3814AEB3279AFC686794C986F0FA6212463F3AAC850D40019
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......^......R..U:N......LgY.u.l..H.Z....N?^c.d...].1. b

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	28
Entropy (8bit):	0.37123232664087563
Encrypted:	false
SSDEEP:	3:klMl:sk
MD5:	E2CECF06A89B4A6D968486F17F30DA5D
SHA1:	46757A7F71DCFBEB5511665F123810148727324E
SHA-256:	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
SHA-512:	5CFFECE9AF2B403AE150E8D2E755E7E3A71BDDED474293D846CD1A6231C1403261F4B5E6069A0A933738D5CC33F7EA8CC043C721594679E17FC5E8225F3F33C6
Malicious:	false
Reputation:	low
Preview:	............................

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	232
Entropy (8bit):	3.367107760120435
Encrypted:	false
SSDEEP:	3:VUystlMlklllCLLLLLLLLLLLge3nZsRusljWFgm:eks5EsRRQB
MD5:	A5695CC64D77967232B0C1344C6E72B3
SHA1:	B0F151A5292D4B796668B242BF896FDBB5A24B67
SHA-256:	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
SHA-512:	C09F56E91B41D01375C458A6CCC3FC0CEDC18696AEC5D7A2520C51905F4D9BC660F3AD28E69D64B3814AEB3279AFC686794C986F0FA6212463F3AAC850D40019
Malicious:	false
Reputation:	low
Preview:	;.1.....................................x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x...........x.......^......R..U:N......LgY.u.l..H.Z....N?^c.d...].1. b

/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/scriptCache-child-new.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	687060
Entropy (8bit):	4.847998460623796
Encrypted:	false
SSDEEP:	6144:W6FpPcHoaga/uaaKwIMhkVbJSyKiKNyQ/Nwqrw72d:jPEgaG4VbAimNwm
MD5:	A0BA79ECF68E7015BC503A68CC041F65
SHA1:	E38A9CA99DBEFE22328BF175784E4D0E29C5D639
SHA-256:	CF1B03F40CB6A6DAD98094FCD2F8B7B407902D0EE0E37DCE1FA72799B1709562
SHA-512:	AFAE9C6478562C7A3FB03ED9DC30EEBBDEE644733E5406967B8AFEE6B2377C4562BA5A472266462509F694B0CB3224DA174F4D3E828BB888A1CF7CEFB6A7A1FA
Malicious:	false
Reputation:	low
Preview:	mozXDRcachev002......chrome://global/content/process-content.js.chrome://global/content/process-content.js....."...'.resource:///modules/ContentObservers.js'.resource:///modules/ContentObservers.js.".......).resource://gre/modules/ExtensionUtils.jsm>.jsloader/non-syntactic/resource/gre/modules/ExtensionUtils.jsm.=...4...1.resource://gre/modules/ExtensionProcessScript.jsmF.jsloader/non-syntactic/resource/gre/modules/ExtensionProcessScript.jsmrr...M...).resource://gre/modules/MessageChannel.jsm>.jsloader/non-syntactic/resource/gre/modules/MessageChannel.jsmP.......*.resource://gre/modules/ExtensionCommon.jsm?.jsloader/non-syntactic/resource/gre/modules/ExtensionCommon.jsm.B.......".resource://gre/modules/Schemas.jsm7.jsloader/non-syntactic/resource/gre/modules/Schemas.jsm4...hM.....chrome://satchel/content/formSubmitListener.js..chrome://satchel/content/formSubmitListener.js.C...,.../.resource://gre/modules/PrivateBrowsingUtils.jsmD.jsloader/non-syntactic/resource/gre/modules/PrivateB

/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/scriptCache-new.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	5077898
Entropy (8bit):	5.05715181457741
Encrypted:	false
SSDEEP:	24576:Oztjh4Tx/YdN1bG+AXkTrNhxOV4adInZ7yfQeMxpuB3aCU4cVQ6fya+oBxc:Oztj5N1yI3xOV7wAcpMyfya+ozc
MD5:	BA3ED0CBC8A88BEC3C86228EB0C1460A
SHA1:	E137A99E616D6AEBCC7364C95683DEA90EC8FB02
SHA-256:	140269DCC86D10A5D5CE95899C2403509585188B05345CCFEB3AC9181DC22C7A
SHA-512:	BAE5614AC4AB03C3655101A68DEF7B6BFBED5623583694402A89427B3BE2A9217CD3460B84D0A9646718F4041E3B1959169CF46EE0E3BFD511836EAAA77782C8
Malicious:	false
Reputation:	low
Preview:	mozXDRcachev002.nT..G.jar:file:///usr/lib/firefox/omni.ja!/components/MainProcessSingleton.jsF.jsloader/non-syntactic/resource/gre/components/MainProcessSingleton.js.........#.resource://gre/modules/Services.jsm8.jsloader/non-syntactic/resource/gre/modules/Services.jsm.....#...'.resource://gre/modules/AppConstants.jsm<.jsloader/non-syntactic/resource/gre/modules/AppConstants.jsm.4.......%.resource://gre/modules/XPCOMUtils.jsm:.jsloader/non-syntactic/resource/gre/modules/XPCOMUtils.jsm.E...X...1.resource://gre/modules/CustomElementsListener.jsmF.jsloader/non-syntactic/resource/gre/modules/CustomElementsListener.jsm.........A.jar:file:///usr/lib/firefox/omni.ja!/components/PushComponents.js@.jsloader/non-syntactic/resource/gre/components/PushComponents.jsf....n...H.jar:file:///usr/lib/firefox/browser/omni.ja!/components/nsBrowserGlue.js?.jsloader/non-syntactic/resource/app/components/nsBrowserGlue.jsh...,~...-.resource://gre/modules/ActorManagerParent.jsmB.jsloader/non-syntactic/resource

/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/urlCache-new.bin

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	1534
Entropy (8bit):	4.751994770701492
Encrypted:	false
SSDEEP:	24:wbKaVKXoaKMfmS0gn41nsD3GtMeXUGc3VhWu5JrZmmKVgd5sb7dfd5ldAi0:HaMXoDu6XULWaJrQ/QsnVng
MD5:	F2500562251A0F656922E369C506CA48
SHA1:	DFEECB2036AB6DA9815687453F692B813BBC65BD
SHA-256:	627D549C697FCA2B4A5320619AE703A984E600E5D0AC083B34178862AA04B6F3
SHA-512:	D3D9BA2B25ED1BE1EB758DD148447CEB17E07D3BA6B11B547C98F3F318C24A83A8747A407E7D4B33053A417541DCDE6EDC743F63C57DF840B8BECF7A1658797C
Malicious:	false
Reputation:	low
Preview:	mozURLcachev002......-.chrome/en-US/locale/branding/brand.properties.6./home/james/.mozilla/firefox/5zxot757.default/prefs.js.5./home/james/.mozilla/firefox/5zxot757.default/user.js.+./usr/lib/firefox/distribution/policies.json.3.chrome/browser/content/browser/built_in_addons.json.C./home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.3.chrome/en-US/locale/en-US/global/plugins.properties.6.chrome/en-US/locale/en-US/global/extensions.properties.$.chrome/toolkit/res/counterstyles.css...chrome/toolkit/res/html.css.-.chrome/toolkit/content/global/minimal-xul.css...chrome/toolkit/res/quirk.css...res/svg.css.%.chrome/toolkit/content/global/xul.css...chrome/toolkit/skin/classic/global/tooltip.css...chrome/toolkit/res/ua.css...chrome/toolkit/res/mathml.css...chrome/toolkit/res/noscript.css...chrome/toolkit/res/forms.css.1.chrome/toolkit/skin/classic/global/scrollbars.css.$.chrome/toolkit/res/pluginproblem.css.../usr/lib/firefox/distribution/distribution.ini...chrome/en-US/locale

/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	87868
Entropy (8bit):	6.211774112651884
Encrypted:	false
SSDEEP:	1536:X5vK21wGeN4Z/tSKkfS2QOIWznO7hgfzdXhpWGfJCVnll:XZK2GGeN42np3zahghLWS0V7
MD5:	3A3EC4BC58B87D04127D9405612C768A
SHA1:	6B5110302B7E0C8363EDBB7896C9100829EF63FB
SHA-256:	D6B09C31100708E547D437DBA22B59F15F7A3520A98D157CF1C6A85AFF6FF6FC
SHA-512:	7E4ED5E674D22C137DBFF714037FDCC88E1469EE709A97CB5C5F61D4DA6779E3CF03FC801C9584B0C21FF08B8882F58AF178EDD8729ACB64CBB385F35623D589
Malicious:	false
Reputation:	low
Preview:	mozJSSCLz40v001...............................manifests ....S..... ...formautofill@mozilla.orgH...(.21.0=..`.....Qen-US..s.........qapiNamew.1.....S..... ..dependenci$..(...(."id.......x........p..application... ....Rgecko...............strict_max_versionU....,..(./in(....P..update_urlA.....P..X...0.cauthor'.C........browser_specific_setting.....3...0..descript...P.{homepag..3...@..........S..... ..name.......cForm A..C......dshort_.....3... ..e...... ..backgrounH..... ..persistent......`....ss.............B...`..3.o.z.-.e.x.t.e.n.s.i.o.n.:././.5.0.d.7.6.b.8.e.-.8.d.3.b.-.4.7.5.7....5.1.6.-.c.d.6.6.5.8....c.7.4.5./.b.a.c.k.g.r.o.u.n.d...j.......S........content_....... ..ecurity_policy'..H..develope[.....x.Shidde....X.'icq..P..incognitt.....spanning....minimum_chromeN..}..P...(.\opera'.C....(..o...al_permiss....... ..0.As_uiq.....(..G...(...h...web_accessible_resourc............_overrid)....3........(ac.....scommand..$..p..devtools_pag........qomnibox.....;agem..`....nsideba........?ur

/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 1426 bytes
Category:	dropped
Size (bytes):	638
Entropy (8bit):	6.058376992808135
Encrypted:	false
SSDEEP:	12:vkIb3bQPnkKNuN7Xnwutjp/Ai8AXyIF9nfvER9lyNinNii1ABHM6+ztbuEv2Ge:v5r4mNrnwunjR9filyNIii2sdVL7e
MD5:	C03070F8A39B68E1DF90C197530147B8
SHA1:	CA5D078F9FE04FA46AF10505F930F1F67DEA4314
SHA-256:	FB1ABAC28102E4FD1F7CD97C8B4135681C9BD4BA0EF1517895B278DB52BF5256
SHA-512:	26F8A7162835574D22C0AF33AD8F1EE1F1C24F473FD54C835D8DD512C0F26B4F30EBC9F0AE2DE6C8CA3EA92D0402867271B3CA29197B6ED141527EC4FA8200B6
Malicious:	false
Reputation:	low
Preview:	mozLz40.......{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1554899853000,"loader":null,"path":s.....xpi","runInSafeModej..telemetryKeyC.7%40....:1.0","version":"...},"screenshots..T.r.......B....K35.0......startupData...p..astentL..!er..Arunt....{"onMessage":[[]]}}}},"webcompat-reporter7..Ofals..&.z...?...I..F. 1....-..............)....p....!...Y3.0.2......'...webRequest..BeforeSendHe......[{"tabId..0typ0....0url$.U"://...-....-testcases.schub.io/"],"windowQ..},["blocking........?]],......directvnow.comn.!....P.0tag..%{}..../usr/lib/firefox/browser/features"}}

/home/james/.mozilla/firefox/5zxot757.default/broadcast-listeners.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	204
Entropy (8bit):	4.54883533637465
Encrypted:	false
SSDEEP:	6:YWLSf85jcM2MAfeKSBDuQ6s/WoMmgjwHbSRmnPE2cb:YWLSf6gMAfzSBDNFMmqmpncBb
MD5:	72C95709E1A3B27919E13D28BBE8E8A2
SHA1:	00892DECBEE63D627057730BFC0C6A4F13099EE4
SHA-256:	9CF589357FCEEA2F37CD1A925E5D33FD517A44D22A16C357F7FB5D4D187034AA
SHA-512:	613CA9DD2D12AFE31FB2C4A8D9337EEECFB58DABAEAABA11404B9A736A4073DFD9B473BA27C1183D3CC91D5A9233A83DCE5A135A81F755D978CEA9E198209182
Malicious:	false
Reputation:	low
Preview:	{"version":1,"listeners":{"remote-settings/monitor_changes":{"version":"\"0\"","sourceInfo":{"moduleURI":"resource://services-settings/remote-settings.js","symbolName":"remoteSettingsBroadcastHandler"}}}}

/home/james/.mozilla/firefox/5zxot757.default/cert9.db

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	458752
Entropy (8bit):	0.42743533269225176
Encrypted:	false
SSDEEP:	384:9ozkVmvQhyn+ZoohwJtKZYcMM0c6ozkVmvQhyn+ZooFwJtKZYcMM0ryw:9XwJtgYcMfTwJtgYcMH
MD5:	25554DBACBDED820205199D7B7ECD3DE
SHA1:	3F50F9CF452389010709F4EEEE3227497D90BC84
SHA-256:	CC42705E4BA041A341281378354BAE46EC7E6B884BFCA9D7A440510844448F0C
SHA-512:	F8A077ED87126FC2CCB51B5AB81039576895B0CE92CD7605A27E81783BFE203D1B39071CA5AC3F5D322052B2A0C703BDEE74D799E854D1E93013ECFF34A8EF63
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................,P.....z..\|...{.{.{@z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	459912
Entropy (8bit):	0.35329715178190824
Encrypted:	false
SSDEEP:	384:+ZYcMM07SozkVmvQhyn+ZoousVwJtKZYcMM0OCozkVmvQhyn+ZooR:EYcMqTwJtgYcMRT
MD5:	AF2EE637D8990A8F8280E9E6B030566E
SHA1:	4E3D0C33D81A4C386330E3EB867A4776134F7F14
SHA-256:	796E9F2FA9DEECF7ACAE95F1DF40AFE9252CB2E6AE34D1133A307B014E4E7825
SHA-512:	1DBB05457FE1352310472A582A8B1C40207FAE71EF10993C46377290BFDED2319E03A5333C8ED21C83376292F250BEAFBE767DA08A24AAE3B48014AB3FD7B894
Malicious:	false
Reputation:	low
Preview:	...............E........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/key4.db

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.3932219756937869
Encrypted:	false
SSDEEP:	192:mJLvKXzkVmvQhyn+ZoQfqlQbGhMHPaVAL23v8LVs9dl6:mJLozkVmvQhyn+ZooLO9v6
MD5:	06EB16FDAF0AB1782A6E035FCC2BF558
SHA1:	7C44D96EB2479F1EF235D756A687756A044EE43F
SHA-256:	EA7492BB671E1B6B20653BEB52826AE50AE5198A5D29FFD153C5752E0B69A722
SHA-512:	22CB0C0A0831066B8D51D4D4D4DAB5BDE507F2F00E16FDC7E0D6EC08661C3031FB0C161BC3C5B9DC1EC4D860E1B2008E63D9C23A70FD74588F496D3EF117AAC5
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................,P.....zR.\|...{.{w{5z.zRz.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	98852
Entropy (8bit):	0.21424242059928492
Encrypted:	false
SSDEEP:	192:Lt5JLvKXzkVmvQhyn+ZoQfqlQbGhMHPaVAL23v8C:Z5JLozkVmvQhyn+ZooC
MD5:	186F5DF2D7DD7581014035318382D85E
SHA1:	DD4386F66071F954C4388624BD6C33577DCBE769
SHA-256:	98123728F9477BF3110A86B9B0CA828543C361332A08375AC9C422665C1F1E3C
SHA-512:	08BE840355E6AC372C01728E8BE27B75A50366F6C54D5E6EDCA64F5E3703F578D7BA5DA432D5A093EA6951957A991ABDB0C45322EF299D6ABBA8403D5098C4D6
Malicious:	false
Reputation:	low
Preview:	............)x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.09611120034147747
Encrypted:	false
SSDEEP:	12:DBl/Wlb9gPxRymgObsCVR49wcYR4fmnsCVR4aR:DLwZah76wd4+X
MD5:	3EC564DFFB31A761D90CC78B79A12619
SHA1:	179B48158BB8B9FAB1422D40C9B0618307AC0C5B
SHA-256:	18A9301EDE2C87FC24D9CE4EB1DC710DE2CD13C9DC57C46B0D88F08F8EC0CB91
SHA-512:	5081DA75330182C57DE2D4CDE5FFB484E0049ECE32810889127A4900D3A3D0BB289A59EEBE1D43022F19AC7307C7146D94D7AF4B97288BBA38500A32957980DC
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................,P.....~e..F~e........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	data
Category:	dropped
Size (bytes):	66076
Entropy (8bit):	0.11238371111182266
Encrypted:	false
SSDEEP:	12:IP8bPGjcX6Bl/AYlk9gPxRymgObsCVR49wcYR4fmnsCVR4N9:IkjGj26L9lMah76wd4+i9
MD5:	56D597A82AB19252F9A062D19C0C96B8
SHA1:	3A52C9FBE6BCE4E2CADD67F5DA3DD8A0F1CE2177
SHA-256:	FDF28379A446C302E53AB2D122890E324EBED753C54ADAFC4859F0FAA6ADCB57
SHA-512:	EE9ED42C8A6ABB6C84F52E6508D04060C496B04CEA17D58061A4330E6DFB4E2053524E68EC3E45DF797ABD0A65F858B3CACD3657A64FEA267A44FFC84E3BAE8F
Malicious:	false
Reputation:	low
Preview:	............#.T.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal

Download File

Process:	/usr/lib/firefox/firefox
File Type:	SQLite Write-Ahead Log, version 3007000
Category:	dropped
Size (bytes):	459120
Entropy (8bit):	0.10925297401018542
Encrypted:	false
SSDEEP:	48:gudVVdUQ2FclR0KatBU1sIvd1tOxf0HpUDJgL4ErNufMT/XgXkH3cOFflyHyX7p5:gJ641UOxzW4ErNufCPFNyHiN5
MD5:	F79A29A29D719766FD5BBC1D004928D2
SHA1:	645C3687F90010ACE7307021B04497F8689D53A3
SHA-256:	BD069585CB24E8004394212AEAE31EF9CA0C745C831C388C9D56C946CDF02C73
SHA-512:	C34D46A69B9660D60B8189F8FE2A5CF3712EC1B5585CF0929219DC17D4DCF011AAD5844BD6F518AE87D84954C095F3B5440EB14B50214E82429607B95BB3139B
Malicious:	false
Reputation:	low
Preview:	7....-..........1.....V...D...........1.....V ~........(..~...X.8.....\|..~...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with very long lines (663)
Category:	dropped
Size (bytes):	47109
Entropy (8bit):	5.176459393439915
Encrypted:	false
SSDEEP:	384:BDG51pz2DzqNDGw1pz2DzqNDGw1pz2JzqNDGw1pz2wzqNDGS1pz2wzqNDGSVpz25:MltllLleNeN+Nj1
MD5:	58EE12FD27176D3F8340A22B0E28BAB2
SHA1:	08C498B522383D022F9580E1931606D9ADF78CEB
SHA-256:	1CC07EB97CC7C94B189D7F9D6873FA71AD565F118CB54BDA273389549FBB060C
SHA-512:	4AD164D594450614A88950D7600FCF401B491EBBFAF006DD6A1C6B028AED13FEAE78164AE99CDE216493FEE98DFA36F49844873F49FDFB527C1E722D95335BE9
Malicious:	false
Reputation:	low
Preview:	// Mozilla User Preferences..// DO NOT EDIT THIS FILE..//.// If you make changes to this file while the application is running,.// the changes will be overwritten when the application exits..//.// To change a preference value, you can either:.// - modify it via the UI (e.g. via about:config in the browser); or.// - set it within a user.js file in your profile...user_pref("app.normandy.first_run", false);.user_pref("app.normandy.startupExperimentPrefs.dom.push.alwaysConnect", false);.user_pref("app.normandy.startupRolloutPrefs.media.autoplay.default", 1);.user_pref("app.normandy.user_id", "deb21830-19ac-4c3a-a05f-f7f80e818647");.user_pref("app.update.lastUpdateTime.addon-background-update-timer", 0);.user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 0);.user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1556631169);.user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 0);.user_pref("app.update.lastUpdateTime.search-engine-update-timer", 0)

/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	JSON data
Category:	dropped
Size (bytes):	143
Entropy (8bit):	4.223691028533093
Encrypted:	false
SSDEEP:	3:YVXKQJAyiVLQwJtJDBA+ABaQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+kOy6Lb1BA+m2L69Yr
MD5:	C0E4C22C50DD21142F57714EF49B8713
SHA1:	06B77307DCA5C889EA279243E74730CBC10801BE
SHA-256:	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
SHA-512:	A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F75711BB470461B86AA507921AF037A6D22DF9278E
Malicious:	false
Reputation:	low
Preview:	{"profile-after-change":true,"final-ui-startup":true}{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp

Download File

Process:	/usr/lib/firefox/firefox
File Type:	Mozilla lz4 compressed data, originally 26959 bytes
Category:	dropped
Size (bytes):	3674
Entropy (8bit):	6.722725315245033
Encrypted:	false
SSDEEP:	96:/088rVIHrPy9YiCPl18dE0KyylgD2XeoXRk:J8rSH+GPlCdE0mj/k
MD5:	899EEB58CC738074A2AC49AC572FBA97
SHA1:	79BB679F4BC38D32977A1ED898003D776D6B74A4
SHA-256:	01BB682AC13BE68943514CC707D4F617AD4EC9546AC5D47A47476693E4BBB963
SHA-512:	057C2DEEED48076486C715E9525AA212ECBF5EB1322C81799447804A69E590D90FF94D4B74280E31AA640DE87EBB384EFC123ED7E3FD06ABE95D75DBC85EA6A8
Malicious:	false
Reputation:	low
Preview:	mozLz40.Oi....{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"http://cdn2.inner-active.mobi/","title)....cacheKey":0,"ID...docshellUU...&"{f2c46ba2-a343-4e55-b7d5-8d73fceef126}","originalURI{...resultPrincip6.tnull,"p....ToInherit_base64":"vQZuXxRvRHKDMXv9BbHtkA...w.. EY...=4bW96LW51bGxwcmluY2lwYWw6ezVlMDgwZWQxLTliYWMtNDQxZS1iMzdhLWE3NTUwZDRkMTA1NX0P..A]..riggering.......SmIS26zLEdO3ZQBgsLbOy.....!="l..Identifier~..Kpersist":true}],"lastAccessed":1704136060216,"hidden":false,"attributes":{},"userContextId_...index":1,"images..g.aselectc..,"_closedT..u],"busyf...width":921,"height":668,"screenX":4...Y..`izemod...maximized","zI......W..................6.1":{..mUpdate...startTim..P55652v..centCrashS..0},"global1.Bcookl..z..S..!Stg....9..s://www.mozilla.org/en-US/privacy/firefox...F.." P#.. Notice . MH.......9338d488-264a-4aaf-995b-48282..?064...................@.......loadReplace......2...2.S."gyOTFlNmZkLTU2MGUtNDVlNi04OGUwLWY3ZmIyZDBiY2VkOH0...2.o.5566311754552.1a"da

/proc/4892/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4892/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/4892/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4944/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4944/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/4944/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4985/gid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

/proc/4985/setgroups

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:9n:9n
MD5:	05AFB6CE69B9CEF1BD6ECE7E4745F96C
SHA1:	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5
SHA-256:	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
SHA-512:	A37A7790CCB2FA5A3C3F2740480CF4035F2870502060F398A1882A44B675DE736E33D8ECD9B834BB3D19D807B46875E30AA835EDD847C5FE8F1F2942A870BAD5
Malicious:	false
Reputation:	low
Preview:	deny

/proc/4985/uid_map

Download File

Process:	/usr/lib/firefox/firefox
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	11
Entropy (8bit):	1.4353713907745331
Encrypted:	false
SSDEEP:	3:MVUGn:MCG
MD5:	54258652109C33FE06188083A3EC23F4
SHA1:	013EC30A95D66C56642C193613A829B746982601
SHA-256:	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
SHA-512:	AAE8A67B91BDEC9C21ACD88711C262EA3ACD3EE086AEB27645531C47DD618708C7FF284759A68000414579B77C0D8A3449F95480D039A9901F7352121B7D78F0
Malicious:	false
Reputation:	low
Preview:	1000 1000 1

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 74
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2024 20:07:37.670097113 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:37.790791035 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:07:37.790847063 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:38.166953087 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:38.287659883 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:07:38.528856993 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:07:38.529019117 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:38.709022999 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:38.716295958 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:38.716325998 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:38.716375113 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:38.717171907 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:38.717186928 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:38.829768896 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:07:39.003436089 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.003547907 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.024957895 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.024969101 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.025084019 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.025096893 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.064826012 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.064834118 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.065041065 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.097841024 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:07:39.098041058 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:39.567491055 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.567562103 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.567625999 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.567682028 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.567821980 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.567950964 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.567965984 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.567991972 CET	46978	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.567996979 CET	443	46978	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.569451094 CET	46980	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.569482088 CET	443	46980	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.569529057 CET	46980	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.570369959 CET	46980	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.570385933 CET	443	46980	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.571043968 CET	46980	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.571846008 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.571873903 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.571913958 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.572678089 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.572698116 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.612744093 CET	443	46980	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.850347042 CET	443	46980	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.850405931 CET	46980	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.852710962 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.852770090 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.855473042 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.855479002 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.855541945 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.855777025 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:39.855791092 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:39.892657995 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:40.742176056 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:40.742228031 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:40.742304087 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:40.742427111 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:40.742517948 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:40.742696047 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:40.742712021 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:40.742723942 CET	46982	443	192.168.2.20	3.163.115.8
Jan 1, 2024 20:07:40.742731094 CET	443	46982	3.163.115.8	192.168.2.20
Jan 1, 2024 20:07:49.097254038 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:49.218058109 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:07:57.939409018 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:57.939438105 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:57.939634085 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:57.939773083 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:57.939786911 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.200366974 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.200525999 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:58.203946114 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:58.203953028 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.204179049 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.204338074 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:58.244745970 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.648454905 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.648648977 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.649955988 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:58.650166035 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:58.650166035 CET	58536	443	192.168.2.20	35.244.181.201
Jan 1, 2024 20:07:58.650178909 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:58.650185108 CET	443	58536	35.244.181.201	192.168.2.20
Jan 1, 2024 20:07:59.240683079 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:07:59.364325047 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:08:09.384805918 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:08:09.505554914 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:08:19.528816938 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:08:19.649619102 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:08:29.672852993 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:08:29.793648005 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:08:39.816879988 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:08:39.937566996 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:08:49.960921049 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:08:50.081562996 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:09:00.104957104 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:09:00.225637913 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:09:10.248809099 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:09:10.369494915 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:09:20.392796993 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:09:20.513480902 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:09:30.536861897 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:09:30.657555103 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:09:34.940814972 CET	55302	80	192.168.2.20	152.199.6.223
Jan 1, 2024 20:09:35.061721087 CET	80	55302	152.199.6.223	192.168.2.20
Jan 1, 2024 20:09:35.061918020 CET	55302	80	192.168.2.20	152.199.6.223

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 1, 2024 20:07:37.537354946 CET	35333	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:07:37.537354946 CET	35333	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:07:37.661958933 CET	53	35333	8.8.8.8	192.168.2.20
Jan 1, 2024 20:07:37.668750048 CET	53	35333	8.8.8.8	192.168.2.20
Jan 1, 2024 20:07:57.819358110 CET	39574	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:07:57.819358110 CET	39574	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:07:57.939991951 CET	53	39574	8.8.8.8	192.168.2.20
Jan 1, 2024 20:07:57.944212914 CET	56033	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:07:57.944242954 CET	56033	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:07:58.064806938 CET	53	56033	8.8.8.8	192.168.2.20
Jan 1, 2024 20:08:03.626635075 CET	39652	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:03.626635075 CET	39652	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:03.627715111 CET	56247	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:03.750264883 CET	53	39652	8.8.8.8	192.168.2.20
Jan 1, 2024 20:08:14.308363914 CET	40655	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:14.308363914 CET	40655	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:14.308443069 CET	58121	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:14.429020882 CET	53	40655	8.8.8.8	192.168.2.20
Jan 1, 2024 20:08:34.981643915 CET	52928	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:34.981643915 CET	52928	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:34.982513905 CET	59743	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:08:35.102449894 CET	53	52928	8.8.8.8	192.168.2.20
Jan 1, 2024 20:09:15.659364939 CET	55906	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:09:15.659364939 CET	55906	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:09:15.660006046 CET	47485	53	192.168.2.20	8.8.8.8
Jan 1, 2024 20:09:15.780141115 CET	53	55906	8.8.8.8	192.168.2.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 1, 2024 20:07:37.537354946 CET	192.168.2.20	8.8.8.8	0x35b5	Standard query (0)	cdn2.inner-active.mobi	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:37.537354946 CET	192.168.2.20	8.8.8.8	0x9b63	Standard query (0)	cdn2.inner-active.mobi	28	IN (0x0001)	false
Jan 1, 2024 20:07:57.819358110 CET	192.168.2.20	8.8.8.8	0xa8b0	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:57.819358110 CET	192.168.2.20	8.8.8.8	0xdd5a	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Jan 1, 2024 20:07:57.944212914 CET	192.168.2.20	8.8.8.8	0xcd29	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:57.944242954 CET	192.168.2.20	8.8.8.8	0xa9eb	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Jan 1, 2024 20:08:03.626635075 CET	192.168.2.20	8.8.8.8	0xc7b8	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:08:03.626635075 CET	192.168.2.20	8.8.8.8	0xf9a3	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Jan 1, 2024 20:08:03.627715111 CET	192.168.2.20	8.8.8.8	0xabd	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:08:14.308363914 CET	192.168.2.20	8.8.8.8	0x3b77	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:08:14.308363914 CET	192.168.2.20	8.8.8.8	0x503c	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Jan 1, 2024 20:08:14.308443069 CET	192.168.2.20	8.8.8.8	0x6697	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:08:34.981643915 CET	192.168.2.20	8.8.8.8	0x2660	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:08:34.981643915 CET	192.168.2.20	8.8.8.8	0xa35	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Jan 1, 2024 20:08:34.982513905 CET	192.168.2.20	8.8.8.8	0xd283	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:09:15.659364939 CET	192.168.2.20	8.8.8.8	0x6893	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:09:15.659364939 CET	192.168.2.20	8.8.8.8	0x6aff	Standard query (0)	push.services.mozilla.com	28	IN (0x0001)	false
Jan 1, 2024 20:09:15.660006046 CET	192.168.2.20	8.8.8.8	0xe515	Standard query (0)	push.services.mozilla.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 1, 2024 20:07:37.661958933 CET	8.8.8.8	192.168.2.20	0x9b63	No error (0)	cdn2.inner-active.mobi	fp3282.wpc.1e0f14.thetacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:37.661958933 CET	8.8.8.8	192.168.2.20	0x9b63	No error (0)	fp3282.wpc.1e0f14.thetacdn.net	fp3282.wpc.thetacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:37.661958933 CET	8.8.8.8	192.168.2.20	0x9b63	No error (0)	fp3282.wpc.thetacdn.net			28	IN (0x0001)	false
Jan 1, 2024 20:07:37.668750048 CET	8.8.8.8	192.168.2.20	0x35b5	No error (0)	cdn2.inner-active.mobi	fp3282.wpc.1e0f14.thetacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:37.668750048 CET	8.8.8.8	192.168.2.20	0x35b5	No error (0)	fp3282.wpc.1e0f14.thetacdn.net	fp3282.wpc.thetacdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:37.668750048 CET	8.8.8.8	192.168.2.20	0x35b5	No error (0)	fp3282.wpc.thetacdn.net		152.199.6.223	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:38.605873108 CET	8.8.8.8	192.168.2.20	0x5118	No error (0)	d228z91au11ukj.cloudfront.net		3.163.115.8	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:38.605873108 CET	8.8.8.8	192.168.2.20	0x5118	No error (0)	d228z91au11ukj.cloudfront.net		3.163.115.26	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:38.605873108 CET	8.8.8.8	192.168.2.20	0x5118	No error (0)	d228z91au11ukj.cloudfront.net		3.163.115.80	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:38.605873108 CET	8.8.8.8	192.168.2.20	0x5118	No error (0)	d228z91au11ukj.cloudfront.net		3.163.115.82	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:57.936033964 CET	8.8.8.8	192.168.2.20	0x12a4	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:57.936033964 CET	8.8.8.8	192.168.2.20	0x12a4	No error (0)	prod.balrog.prod.cloudops.mozgcp.net		35.244.181.201	A (IP address)	IN (0x0001)	false
Jan 1, 2024 20:07:57.937369108 CET	8.8.8.8	192.168.2.20	0x6580	No error (0)	balrog-aus5.r53-2.services.mozilla.com	prod.balrog.prod.cloudops.mozgcp.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:57.939979076 CET	8.8.8.8	192.168.2.20	0xa8b0	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:57.939991951 CET	8.8.8.8	192.168.2.20	0xdd5a	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:58.064662933 CET	8.8.8.8	192.168.2.20	0xcd29	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:58.064806938 CET	8.8.8.8	192.168.2.20	0xa9eb	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:58.785797119 CET	8.8.8.8	192.168.2.20	0x6a20	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:58.785797119 CET	8.8.8.8	192.168.2.20	0x6a20	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:58.786448956 CET	8.8.8.8	192.168.2.20	0x69f0	No error (0)	a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com	a17.rackcdn.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:07:58.786448956 CET	8.8.8.8	192.168.2.20	0x69f0	No error (0)	a17.rackcdn.com	a17.rackcdn.com.mdc.edgesuite.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:03.750264883 CET	8.8.8.8	192.168.2.20	0xf9a3	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:03.752230883 CET	8.8.8.8	192.168.2.20	0xabd	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:03.752465963 CET	8.8.8.8	192.168.2.20	0xc7b8	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:14.429020882 CET	8.8.8.8	192.168.2.20	0x503c	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:14.429039955 CET	8.8.8.8	192.168.2.20	0x3b77	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:14.429052114 CET	8.8.8.8	192.168.2.20	0x6697	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:35.102432966 CET	8.8.8.8	192.168.2.20	0x2660	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:35.102449894 CET	8.8.8.8	192.168.2.20	0xa35	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:08:35.104589939 CET	8.8.8.8	192.168.2.20	0xd283	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:09:15.780119896 CET	8.8.8.8	192.168.2.20	0x6893	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:09:15.780141115 CET	8.8.8.8	192.168.2.20	0x6aff	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 1, 2024 20:09:15.782857895 CET	8.8.8.8	192.168.2.20	0xe515	No error (0)	push.services.mozilla.com	autopush.prod.mozaws.net		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

snippets.cdn.mozilla.net

aus5.mozilla.org

cdn2.inner-active.mobi

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	55302	152.199.6.223	80

Timestamp	Bytes transferred	Direction	Data
Jan 1, 2024 20:07:38.166953087 CET	342	OUT	GET / HTTP/1.1 Host: cdn2.inner-active.mobi User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1
Jan 1, 2024 20:07:38.528856993 CET	630	IN	HTTP/1.1 403 Forbidden Cache-Control: max-age=0 Content-Type: application/xml Date: Mon, 01 Jan 2024 19:07:37 GMT Expires: Mon, 01 Jan 2024 19:07:38 GMT Server: AmazonS3 x-amz-bucket-region: eu-west-1 x-amz-id-2: Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7SjECRLT1Of7EXnd7w= x-amz-request-id: ATEDTBEAVQXRRX7G Transfer-Encoding: chunked Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 41 54 45 44 54 42 45 41 56 51 58 52 52 58 37 47 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4b 6e 35 49 4a 44 34 6c 4e 6e 39 74 65 66 53 54 46 53 61 52 68 49 6c 75 5a 74 6d 46 6e 6e 73 59 67 4f 7a 6d 77 37 32 31 58 57 65 77 50 78 51 57 73 30 50 48 73 63 46 6c 77 37 53 6a 45 43 52 4c 54 31 4f 66 37 45 58 6e 64 37 77 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>ATEDTBEAVQXRRX7G</RequestId><HostId>Kn5IJD4lNn9tefSTFSaRhIluZtmFnnsYgOzmw721XWewPxQWs0PHscFlw7SjECRLT1Of7EXnd7w=</HostId></Error>0
Jan 1, 2024 20:07:38.709022999 CET	274	OUT	GET /favicon.ico HTTP/1.1 Host: cdn2.inner-active.mobi User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive
Jan 1, 2024 20:07:39.097841024 CET	598	IN	HTTP/1.1 403 Forbidden Cache-Control: max-age=0 Content-Type: application/xml Date: Mon, 01 Jan 2024 19:07:38 GMT Expires: Mon, 01 Jan 2024 19:07:39 GMT Server: AmazonS3 x-amz-id-2: lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU= x-amz-request-id: ATEBZMJ3ZNXH01CS Transfer-Encoding: chunked Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 41 54 45 42 5a 4d 4a 33 5a 4e 58 48 30 31 43 53 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 6c 72 51 79 6e 4e 38 41 41 6f 6a 44 79 75 51 59 34 36 74 64 59 4f 68 4f 78 57 4f 2b 43 43 4d 6d 73 54 57 32 43 45 4d 50 6b 77 54 63 6c 37 77 79 6b 56 53 4a 33 37 52 6e 49 59 72 75 7a 5a 4c 72 78 39 4b 6d 2b 61 31 51 39 5a 55 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>ATEBZMJ3ZNXH01CS</RequestId><HostId>lrQynN8AAojDyuQY46tdYOhOxWO+CCMmsTW2CEMPkwTcl7wykVSJ37RnIYruzZLrx9Km+a1Q9ZU=</HostId></Error>0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	46978	3.163.115.8	443

Timestamp	Bytes transferred	Direction	Data
2024-01-01 19:07:39 UTC	397	OUT	GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1 Host: snippets.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-01-01 19:07:39 UTC	567	IN	HTTP/1.1 303 See Other Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Cache-Control: public, max-age=86400 Date: Mon, 01 Jan 2024 19:07:39 GMT Location: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json Server: meinheld/1.0.2 X-Backend-Server: frankfurt/snippets-prod/snippets-prod-676f79884-z9k2g X-Cache: Miss from cloudfront Via: 1.1 f3a4d9c3b453207682bf976baa10199e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P9 X-Amz-Cf-Id: wLHk8VJ_D24i-SOAEJs_hiri9oDRXDmkxsPyCHiATvRpEXa4V2vCag==

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.20	46982	3.163.115.8	443

Timestamp	Bytes transferred	Direction	Data
2024-01-01 19:07:39 UTC	295	OUT	GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1 Host: snippets.cdn.mozilla.net User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: keep-alive
2024-01-01 19:07:40 UTC	527	IN	HTTP/1.1 200 OK Content-Type: application/json Content-Length: 3 Connection: close Last-Modified: Wed, 30 Oct 2019 08:26:45 GMT x-amz-version-id: null Accept-Ranges: bytes Server: AmazonS3 Date: Mon, 01 Jan 2024 19:07:41 GMT Cache-Control: max-age=600 ETag: "8a80554c91d9fca8acb82f023de02f11" Vary: Accept-Encoding X-Cache: Error from cloudfront Via: 1.1 6417444f186fcad59e9411723c25d4ee.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P9 X-Amz-Cf-Id: W0u5Xs2aWpxKWJVyOWW6xzNXY_QXwLep_JEzr6JbLEJVKlTSUSJj6w==
2024-01-01 19:07:40 UTC	3	IN	Data Raw: 7b 7d 0a Data Ascii: {}

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.2.20	58536	35.244.181.201	443

Timestamp	Bytes transferred	Direction	Data
2024-01-01 19:07:58 UTC	444	OUT	GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive
2024-01-01 19:07:58 UTC	737	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 01 Jan 2024 19:07:58 GMT Content-Type: text/xml; charset=utf-8 Content-Length: 718 Vary: Accept-Encoding Rule-ID: unknown Rule-Data-Version: unknown Content-Signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-02-08-20-06-05.chain; p384ecdsa=4NGtGNd7XOAw5e0nu9qYdwkMSne9pwgXXyzIn7k5p5uKXaKMbSS8gDVIupQH8vfty4YP5PBr54Uqt24p_GD2PmciJDsvGV6QNhdtzgUxiDhAofUUMs1wHgBp7Ryg7u28 Strict-Transport-Security: max-age=31536000; X-Content-Type-Options: nosniff Content-Security-Policy: default-src 'none'; frame-ancestors 'none' X-Proxy-Cache-Status: MISS Via: 1.1 google Cache-Control: public,max-age=90 Alt-Svc: clear Connection: close
2024-01-01 19:07:58 UTC	718	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3f 3e 0a 3c 75 70 64 61 74 65 73 3e 0a 20 20 20 20 3c 61 64 64 6f 6e 73 3e 0a 20 20 20 20 20 20 20 20 3c 61 64 64 6f 6e 20 69 64 3d 22 67 6d 70 2d 67 6d 70 6f 70 65 6e 68 32 36 34 22 20 55 52 4c 3d 22 68 74 74 70 3a 2f 2f 63 69 73 63 6f 62 69 6e 61 72 79 2e 6f 70 65 6e 68 32 36 34 2e 6f 72 67 2f 6f 70 65 6e 68 32 36 34 2d 6c 69 6e 75 78 36 34 2d 36 63 32 65 37 30 30 38 66 38 62 62 65 32 66 66 39 30 31 30 30 39 37 32 66 39 37 30 37 31 65 62 38 37 65 63 33 37 63 62 2e 7a 69 70 22 20 68 61 73 68 46 75 6e 63 74 69 6f 6e 3d 22 73 68 61 35 31 32 22 20 68 61 73 68 56 61 6c 75 65 3d 22 32 36 61 66 66 37 32 63 33 64 35 34 36 65 32 61 37 35 39 66 30 31 63 36 65 37 33 32 39 66 33 32 64 32 65 63 33 39 39 33 64 Data Ascii: <?xml version="1.0"?><updates> <addons> <addon id="gmp-gmpopenh264" URL="http://ciscobinary.openh264.org/openh264-linux64-6c2e7008f8bbe2ff90100972f97071eb87ec37cb.zip" hashFunction="sha512" hashValue="26aff72c3d546e2a759f01c6e7329f32d2ec3993d

System Behavior

Analysis Process: exo-open PID: 4744, Parent PID: 4684

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/exo-open
Arguments:	exo-open http://cdn2.inner-active.mobi
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

File Activities

File Opened

File Read

Directory Enumerated

Directory Created

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: exo-open PID: 4751, Parent PID: 4744

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/exo-open
Arguments:	-
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

Process Activities

Process Forked

Chronological Activities

Analysis Process: exo-open PID: 4752, Parent PID: 4751

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/exo-open
Arguments:	-
File size:	22856 bytes
MD5 hash:	39c5fa78f1cb3d950b9944f784018d3a

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: exo-helper-1 PID: 4752, Parent PID: 1656

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
Arguments:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://cdn2.inner-active.mobi
File size:	63560 bytes
MD5 hash:	c27a648e34ba5ce625d064af015be147

File Activities

File Opened

File Read

Directory Created

Process Activities

Process Forked

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: exo-helper-1 PID: 4759, Parent PID: 4752

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
Arguments:	-
File size:	63560 bytes
MD5 hash:	c27a648e34ba5ce625d064af015be147

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: sensible-browser PID: 4759, Parent PID: 4752

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/sensible-browser
Arguments:	/bin/sh /usr/bin/sensible-browser http://cdn2.inner-active.mobi
File size:	1132 bytes
MD5 hash:	a5909f49ad9c97574d2b4c49cc24905d

File Activities

File Opened

File Read

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: x-www-browser PID: 4759, Parent PID: 4752

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/x-www-browser
Arguments:	/bin/sh /usr/bin/x-www-browser http://cdn2.inner-active.mobi
File size:	31 bytes
MD5 hash:	42b33a4578e4a51d8a5d1010c466a9d7

File Activities

File Opened

File Read

Process Activities

Process Forked

Process Overlayed (Exec)

Chronological Activities

Analysis Process: x-www-browser PID: 4760, Parent PID: 4759

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/x-www-browser
Arguments:	-
File size:	31 bytes
MD5 hash:	42b33a4578e4a51d8a5d1010c466a9d7

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: which PID: 4760, Parent PID: 4759

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/bin/which
Arguments:	/bin/sh /usr/bin/which /usr/bin/x-www-browser
File size:	10 bytes
MD5 hash:	e942f154ef9d9974366551d2d231d936

File Activities

File Opened

File Read

Chronological Activities

Analysis Process: firefox PID: 4759, Parent PID: 4752

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox http://cdn2.inner-active.mobi
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Deleted

File Read

File Written

File Moved

Directory Enumerated

Directory Created

Directory Deleted

Symbolic Link Created

Permission Modified

Process Activities

Process Forked

Prctl Requested

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4773, Parent PID: 4759

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Analysis Process: firefox PID: 4787, Parent PID: 4759

General

Start time (UTC):	19:07:34
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Read

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4801, Parent PID: 4759

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: lsb_release PID: 4801, Parent PID: 4759

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/bin/lsb_release
Arguments:	/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
File size:	3638 bytes
MD5 hash:	18cba7de7bfedd0d9f027bd1c54cc2b2

File Activities

File Opened

File Read

Directory Enumerated

Chronological Activities

Analysis Process: firefox PID: 4822, Parent PID: 4759

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

Directory Enumerated

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: dbus-launch PID: 4822, Parent PID: 4759

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/bin/dbus-launch
Arguments:	dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
File size:	26616 bytes
MD5 hash:	e4a469f27d130d783c21ce9c1c4456c3

File Activities

File Opened

File Read

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4892, Parent PID: 4759

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Written

Directory Enumerated

Process Activities

Process Forked

Process Overlayed (Exec)

Chronological Activities

Analysis Process: firefox PID: 4893, Parent PID: 4892

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

Directory Enumerated

Chronological Activities

Analysis Process: firefox PID: 4892, Parent PID: 4759

General

Start time (UTC):	19:07:35
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4759 true tab
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Deleted

File Read

Directory Enumerated

Process Activities

Prctl Requested

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4944, Parent PID: 4759

General

Start time (UTC):	19:07:36
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Written

Directory Enumerated

Process Activities

Process Forked

Process Overlayed (Exec)

Chronological Activities

Analysis Process: firefox PID: 4945, Parent PID: 4944

General

Start time (UTC):	19:07:36
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

Directory Enumerated

Chronological Activities

Analysis Process: firefox PID: 4944, Parent PID: 4759

General

Start time (UTC):	19:07:36
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4759 true tab
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Deleted

File Read

Directory Enumerated

Process Activities

Prctl Requested

System Activities

Query System Information (uname)

Chronological Activities

Analysis Process: firefox PID: 4985, Parent PID: 4759

General

Start time (UTC):	19:07:38
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

File Written

Directory Enumerated

Process Activities

Process Forked

Process Overlayed (Exec)

Chronological Activities

Analysis Process: firefox PID: 4986, Parent PID: 4985

General

Start time (UTC):	19:07:38
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	-
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

File Activities

File Opened

Directory Enumerated

Chronological Activities

Analysis Process: firefox PID: 4985, Parent PID: 4759

General

Start time (UTC):	19:07:38
Start date (UTC):	01/01/2024
Path:	/usr/lib/firefox/firefox
Arguments:	/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4759 true tab
File size:	219456 bytes
MD5 hash:	9a5584c0c2c9ac6b1ba6296513075910

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report http://cdn2.inner-active.mobi

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Malware Configuration

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/home/james/.cache/dconf/user

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/07676B8418AD0428FBB3C5D65D5BF5AC9D097CA2

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3ED3928D712929ABC19B0EA9C107357775D9F193

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/88501EF5595DDA9CF633105C8280693B0F4E93C5

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/969343CCF87C88DC562A5C27B3F48C2B3F0C6551

/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset

/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore

Linux Analysis Report
http://cdn2.inner-active.mobi