Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
/home/james/.cache/dconf/user
|
very short file (no magic)
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3897E273C86B69E7EC90C667F04ACC4F68CD01F9
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3A2B697F1FDA5E8CED55FE586EBC2F5D11E0E55F
|
370 sysV executable not stripped
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3D18B3B7E73CB9205101A761EB49BAE007D291B0
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3E1FE883C0FA3898B65C0D6FADBA039F7902FAF2
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/3FE38C9C3C92A20A0349E3495766F11D3CA2EC60
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8F43299B2BBC180803AAE2295F17077D2C87FC5E
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A32D31641179C3E5616066431ABEF74C58BB525A
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A9DB122571F6E7BBF5B17F0B73306BED943AF492
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591
|
JSON data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/F044322FA5BF290DD59313620194059BDC3D6C98
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/FECDC94F0E7BAF8E66A29D10078DC7C9E82E2A2B
|
PNG image data, 44 x 44, 8-bit colormap, non-interlaced
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore
|
data
|
dropped
|
||
|
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp
|
data
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp
|
Mozilla lz4 compressed data, originally 1426 bytes
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/cert9.db
|
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie
0x5, schema 4, UTF-8, version-valid-for 4
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal
|
data
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/key4.db
|
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie
0x6, schema 4, UTF-8, version-valid-for 3
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal
|
data
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite
|
SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database
pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal
|
data
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal
|
SQLite Write-Ahead Log, version 3007000
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js
|
ASCII text, with very long lines (663)
|
dropped
|
||
|
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp
|
JSON data
|
dropped
|
||
|
/proc/4887/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/4887/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/4887/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/4963/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/4963/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/4963/uid_map
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/5001/gid_map
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/5001/setgroups
|
ASCII text, with no line terminators
|
dropped
|
||
|
/proc/5001/uid_map
|
ASCII text, with no line terminators
|
dropped
|
There are 64 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/bin/exo-open
|
exo-open https://airmarkcomponents.com/
|
||
|
/usr/bin/exo-open
|
-
|
||
|
/usr/bin/exo-open
|
-
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
|
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser https://airmarkcomponents.com/
|
||
|
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
|
-
|
||
|
/usr/bin/sensible-browser
|
/bin/sh /usr/bin/sensible-browser https://airmarkcomponents.com/
|
||
|
/usr/bin/x-www-browser
|
/bin/sh /usr/bin/x-www-browser https://airmarkcomponents.com/
|
||
|
/usr/bin/x-www-browser
|
-
|
||
|
/usr/bin/which
|
/bin/sh /usr/bin/which /usr/bin/x-www-browser
|
||
|
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox https://airmarkcomponents.com/
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/bin/lsb_release
|
/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/bin/dbus-launch
|
dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011
-greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011
-greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
-
|
||
|
/usr/lib/firefox/firefox
|
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011
-greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4749 true tab
|
There are 15 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://airmarkcomponents.com/
|
|||
|
http://www.debian.org
|
unknown
|
||
|
http://www.debian.org/gro.naibed.www.
|
unknown
|
||
|
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730
|
104.21.22.55
|
||
|
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com
|
unknown
|
||
|
http://www.ubuntu.com
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/apple-touch-icon.png
|
188.114.97.3
|
||
|
https://qltuh.check-tl-ver-108-a.com/sw-707a7d0735647f53a9228ce50d13ab46.js
|
188.114.97.3
|
||
|
https://airmarkcomponents.com/
|
3.224.72.48
|
||
|
http://wiki.ubuntu.com/moc.utnubu.ikiw.
|
unknown
|
||
|
https://mbtrk1.com/click.php?key=7ef1qd1lvftdju4n985s&tracker=pushlink-placeholder-
|
unknown
|
||
|
https://pki.goog/repository/0
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/favicon-16x16.png
|
188.114.97.3
|
||
|
https://push.services.mozilla.com/
|
34.107.243.93
|
||
|
https://answers.launchpad.net/ubuntu/
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js1
|
unknown
|
||
|
http://www.ubuntu.com/moc.utnubu.www.
|
unknown
|
||
|
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=cr8q51ijvq38mvmg0730&sub_id=&appspot=&d=https%3A%2F%2Fcdnstatic.check-tl-ver-108-a.com&timeout=180&tb=true&nrid=de31d1cd52d74e28bde7668b9e540ce5
|
188.114.96.3
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=5
|
188.114.97.3
|
||
|
https://js.streampsh.top
|
unknown
|
||
|
https://airmarkcomponents.com
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=31
|
unknown
|
||
|
https://airmarkcomponents.com/predictor::seen1
|
unknown
|
||
|
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
|
unknown
|
||
|
https://answers.launchpad.net
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com($
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/style.css?v=51
|
unknown
|
||
|
https://github.com/
|
unknown
|
||
|
https://qltuh.algiedideneb.com
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png
|
188.114.97.3
|
||
|
http://wiki.ubuntu.com
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=41
|
unknown
|
||
|
https://cdnstatic.check-tl-ver-108-a.com/ps/config.js?id=CHiI7Gh3GUyTa8XGgNqDyQ
|
188.114.96.3
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/trls.js
|
188.114.97.3
|
||
|
https://support.mozilla.org
|
unknown
|
||
|
http://crl.pki.goog/gsr2/gsr2.crl0?
|
unknown
|
||
|
https://qltuh.algiedideneb.com/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=cr8q51ijvq38mvmg0730moc.benedidei
|
unknown
|
||
|
https://airmarkcomponents.com/moc.stnenopmockramria.
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/corner.png1
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/shared-js/assets/static-pl.js?v=4
|
188.114.97.3
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/assets/main.js?v=3
|
188.114.97.3
|
||
|
https://cdnstatic.check-tl-ver-108-a.com/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=
|
unknown
|
||
|
https://qltuh.check-tl-ver-108-a.com/space-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&sm=space-robot&click_id=
|
unknown
|
There are 33 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
airmarkcomponents.com
|
3.224.72.48
|
||
|
prod.balrog.prod.cloudops.mozgcp.net
|
35.244.181.201
|
||
|
cdnstatic.check-tl-ver-108-a.com
|
188.114.96.3
|
||
|
push.services.mozilla.com
|
34.107.243.93
|
||
|
d228z91au11ukj.cloudfront.net
|
18.165.183.111
|
||
|
qltuh.check-tl-ver-108-a.com
|
188.114.97.3
|
||
|
qltuh.algiedideneb.com
|
104.21.22.55
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
35.244.181.201
|
prod.balrog.prod.cloudops.mozgcp.net
|
United States
|
||
|
104.21.22.55
|
qltuh.algiedideneb.com
|
United States
|
||
|
188.114.97.3
|
qltuh.check-tl-ver-108-a.com
|
European Union
|
||
|
188.114.96.3
|
cdnstatic.check-tl-ver-108-a.com
|
European Union
|
||
|
18.165.183.111
|
d228z91au11ukj.cloudfront.net
|
United States
|
||
|
3.224.72.48
|
airmarkcomponents.com
|
United States
|
||
|
34.107.243.93
|
push.services.mozilla.com
|
United States
|