Các câu trả lời gần đây cho Firefox sends "nice ports,/Trinity.txt.bak"https://support.mozilla.org/vi/questions/13356312021-05-09T17:23:19-07:00Connection is normal http protocol, via LAN cable.
It seems happening first thing in the morning aft2021-05-09T17:23:19-07:00takfujihttps://support.mozilla.org/vi/questions/1335631#answer-1411893<p>Connection is normal http protocol, via LAN cable.
It seems happening first thing in the morning after launching FF. Strange is the "GET /", which I
never requested. Although (not requested) the response code is 200, and this page did not
appear.
</p><p>I deleted the folder, as you suggested, and re-installed. Rebooted, launched FF, browsed the site,
and looked into the log. Alas, the strange access does not exist.
Although I could not grab the culprit, I consider the problem resolved.
Thanks for your help anyway.
Tak
</p>What is the connection with Firefox? Does this happen a certain time after Firefox startup, or when 2021-05-09T16:25:42-07:00jscher2000https://support.mozilla.org/vi/questions/1335631#answer-1411886<p>What is the connection with Firefox? Does this happen a certain time after Firefox startup, or when making certain requests?
</p><p>You could delete the Firefox program folder and reinstall. The program folder usually is
</p><p>C:\Program Files\Mozilla Firefox
</p><p>You can download the installer from
</p><p><a href="https://www.mozilla.org/firefox/all/#product-desktop-release" rel="nofollow">https://www.mozilla.org/firefox/all/#product-desktop-release</a>
</p>Thanks for response, but,,,
IP 192.168.1.188 is not for the server but client, as well as xps8940. 2021-05-09T12:50:57-07:00takfujihttps://support.mozilla.org/vi/questions/1335631#answer-1411857<p>Thanks for response, but,,,
IP 192.168.1.188 is not for the server but client, as well as xps8940. This log is taken from the sever, so there
is no need to record the server's IP.
Response code 403 is sent out because my httpd.conf setting is to reject the request if no user-agent is
specified.
So, the server side is safe even if the client is infected.
</p><p>Have read some pages you suggested beforehand, that is why I suspected any malware penetration into FF.
BTW, two&nbsp;?-marks you indicated are for %l and %u in Apache log format, they are remote-logname and
remote-user respectively. You can just ignore them.
Tak
</p>Hmm, I assumed that was a random phrase, but actually Google has some matching results:
https://www.2021-05-09T10:35:34-07:00jscher2000https://support.mozilla.org/vi/questions/1335631#answer-1411838<p>Hmm, I assumed that was a random phrase, but actually Google has some matching results:
</p><p><a href="https://www.google.com/search?client=firefox-b-1-d&amp;q=%2Fnice%2520ports%252C%2FTri%256Eity.txt%252ebak" rel="nofollow">https://www.google.com/search?client=firefox-b-1-d&amp;q=%2Fnice%2520ports%252C%2FTri%256Eity.txt%252ebak</a>
</p><p>Seems to be something you could find in your logs if the <strong>Nmap</strong> utility ran on your network. I don't think that would come from within Firefox.
</p><p>When I look at the log more closely, if the last parameter is the host sending the request, the second and third seem to be from the server itself or the return IP address is spoofed:
</p>
<table>
<tbody><tr><td>Server</td><td>?</td><td>?</td><td>Date-Time</td>
<td>Request</td><td>Status</td><td>bytes</td><td>referrer</td><td>user-agent</td><td>remote host</td></tr>
<tr><td>192.168.1.188</td><td>-</td><td>-</td><td>[10/May/2021:07:42:41 +0900]</td>
<td>"GET / HTTP/1.1"</td>
<td>200</td><td>665</td><td>"-"</td><td>"Mozilla/5.0"</td><td>xps8940</td></tr>
<tr><td>192.168.1.188</td><td>-</td><td>-</td><td>[10/May/2021:07:42:42 +0900]</td>
<td>"GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0"</td><td>403</td><td>-</td><td>"-"</td><td>"-"</td><td>192.168.1.188</td></tr>
<tr><td>192.168.1.188</td><td>-</td><td>-</td><td>[10/May/2021:07:42:42 +0900]</td>
<td>"GET / HTTP/1.0"</td><td>403</td><td>-</td><td>"-"</td><td>"-"</td><td>192.168.1.188</td></tr>
</tbody></table>