Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Firefox sends "nice ports,/Trinity.txt.bak"

  • 4 trả lời
  • 1 gặp vấn đề này
  • 35 lượt xem
  • Trả lời mới nhất được viết bởi takfuji

more options

I, today, found that Firefox 88.0.1(64bit) sends "/nice%20ports%2C/Tri%6Eity.txt%2ebak" to an website. What is this? Am I infected? The Apache log at the HTTP server is as follows:


snip --------------------

192.168.1.188 - - [10/May/2021:07:42:41 +0900] "GET / HTTP/1.1" 200 665 "-" "Mozilla/5.0" xps8940 192.168.1.188 - - [10/May/2021:07:42:42 +0900] "GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0" 403 - "-" "-" 192.168.1.188 192.168.1.188 - - [10/May/2021:07:42:42 +0900] "GET / HTTP/1.0" 403 - "-" "-" 192.168.1.188 192.168.1.188 - - [10/May/2021:07:43:58 +0900] "GET /Picture/MicroS5S.gif HTTP/1.1" 200 3042 "http://wista.jp/Index.htm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0" xps8940


snip --------------------

The server is located within my home LAN. 192.168.1.188 and xps8940 is the captioned machine that sends this unknown protocol. Tested by Chrome and found no such protocol sent. Could any guru enlighten me? Tak

Giải pháp được chọn

What is the connection with Firefox? Does this happen a certain time after Firefox startup, or when making certain requests?

You could delete the Firefox program folder and reinstall. The program folder usually is

C:\Program Files\Mozilla Firefox

You can download the installer from

https://www.mozilla.org/firefox/all/#product-desktop-release

Đọc câu trả lời này trong ngữ cảnh 👍 0

Tất cả các câu trả lời (4)

more options

Hmm, I assumed that was a random phrase, but actually Google has some matching results:

https://www.google.com/search?client=firefox-b-1-d&q=%2Fnice%2520ports%252C%2FTri%256Eity.txt%252ebak

Seems to be something you could find in your logs if the Nmap utility ran on your network. I don't think that would come from within Firefox.

When I look at the log more closely, if the last parameter is the host sending the request, the second and third seem to be from the server itself or the return IP address is spoofed:

Server??Date-Time RequestStatusbytesreferreruser-agentremote host
192.168.1.188--[10/May/2021:07:42:41 +0900] "GET / HTTP/1.1" 200665"-""Mozilla/5.0"xps8940
192.168.1.188--[10/May/2021:07:42:42 +0900] "GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0"403-"-""-"192.168.1.188
192.168.1.188--[10/May/2021:07:42:42 +0900] "GET / HTTP/1.0"403-"-""-"192.168.1.188

Hữu ích?

more options

Thanks for response, but,,, IP 192.168.1.188 is not for the server but client, as well as xps8940. This log is taken from the sever, so there is no need to record the server's IP. Response code 403 is sent out because my httpd.conf setting is to reject the request if no user-agent is specified. So, the server side is safe even if the client is infected.

Have read some pages you suggested beforehand, that is why I suspected any malware penetration into FF. BTW, two ?-marks you indicated are for %l and %u in Apache log format, they are remote-logname and remote-user respectively. You can just ignore them. Tak

Hữu ích?

more options

Giải pháp được chọn

What is the connection with Firefox? Does this happen a certain time after Firefox startup, or when making certain requests?

You could delete the Firefox program folder and reinstall. The program folder usually is

C:\Program Files\Mozilla Firefox

You can download the installer from

https://www.mozilla.org/firefox/all/#product-desktop-release

Hữu ích?

more options

Connection is normal http protocol, via LAN cable. It seems happening first thing in the morning after launching FF. Strange is the "GET /", which I never requested. Although (not requested) the response code is 200, and this page did not appear.

I deleted the folder, as you suggested, and re-installed. Rebooted, launched FF, browsed the site, and looked into the log. Alas, the strange access does not exist. Although I could not grab the culprit, I consider the problem resolved. Thanks for your help anyway. Tak

Hữu ích?

Đặt một câu hỏi

Bạn phải đăng nhập vào tài khoản của bạn để trả lời bài viết. Vui lòng bắt đầu một câu hỏi mới, nếu bạn chưa có tài khoản.