搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

Firefox sends "nice ports,/Trinity.txt.bak"

  • 4 回覆
  • 1 有這個問題
  • 35 次檢視
  • 最近回覆由 takfuji

more options

I, today, found that Firefox 88.0.1(64bit) sends "/nice%20ports%2C/Tri%6Eity.txt%2ebak" to an website. What is this? Am I infected? The Apache log at the HTTP server is as follows:


snip --------------------

192.168.1.188 - - [10/May/2021:07:42:41 +0900] "GET / HTTP/1.1" 200 665 "-" "Mozilla/5.0" xps8940 192.168.1.188 - - [10/May/2021:07:42:42 +0900] "GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0" 403 - "-" "-" 192.168.1.188 192.168.1.188 - - [10/May/2021:07:42:42 +0900] "GET / HTTP/1.0" 403 - "-" "-" 192.168.1.188 192.168.1.188 - - [10/May/2021:07:43:58 +0900] "GET /Picture/MicroS5S.gif HTTP/1.1" 200 3042 "http://wista.jp/Index.htm" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0" xps8940


snip --------------------

The server is located within my home LAN. 192.168.1.188 and xps8940 is the captioned machine that sends this unknown protocol. Tested by Chrome and found no such protocol sent. Could any guru enlighten me? Tak

被選擇的解決方法

What is the connection with Firefox? Does this happen a certain time after Firefox startup, or when making certain requests?

You could delete the Firefox program folder and reinstall. The program folder usually is

C:\Program Files\Mozilla Firefox

You can download the installer from

https://www.mozilla.org/firefox/all/#product-desktop-release

從原來的回覆中察看解決方案 👍 0

所有回覆 (4)

more options

Hmm, I assumed that was a random phrase, but actually Google has some matching results:

https://www.google.com/search?client=firefox-b-1-d&q=%2Fnice%2520ports%252C%2FTri%256Eity.txt%252ebak

Seems to be something you could find in your logs if the Nmap utility ran on your network. I don't think that would come from within Firefox.

When I look at the log more closely, if the last parameter is the host sending the request, the second and third seem to be from the server itself or the return IP address is spoofed:

Server??Date-Time RequestStatusbytesreferreruser-agentremote host
192.168.1.188--[10/May/2021:07:42:41 +0900] "GET / HTTP/1.1" 200665"-""Mozilla/5.0"xps8940
192.168.1.188--[10/May/2021:07:42:42 +0900] "GET /nice%20ports%2C/Tri%6Eity.txt%2ebak HTTP/1.0"403-"-""-"192.168.1.188
192.168.1.188--[10/May/2021:07:42:42 +0900] "GET / HTTP/1.0"403-"-""-"192.168.1.188

有幫助嗎?

more options

Thanks for response, but,,, IP 192.168.1.188 is not for the server but client, as well as xps8940. This log is taken from the sever, so there is no need to record the server's IP. Response code 403 is sent out because my httpd.conf setting is to reject the request if no user-agent is specified. So, the server side is safe even if the client is infected.

Have read some pages you suggested beforehand, that is why I suspected any malware penetration into FF. BTW, two ?-marks you indicated are for %l and %u in Apache log format, they are remote-logname and remote-user respectively. You can just ignore them. Tak

有幫助嗎?

more options

選擇的解決方法

What is the connection with Firefox? Does this happen a certain time after Firefox startup, or when making certain requests?

You could delete the Firefox program folder and reinstall. The program folder usually is

C:\Program Files\Mozilla Firefox

You can download the installer from

https://www.mozilla.org/firefox/all/#product-desktop-release

有幫助嗎?

more options

Connection is normal http protocol, via LAN cable. It seems happening first thing in the morning after launching FF. Strange is the "GET /", which I never requested. Although (not requested) the response code is 200, and this page did not appear.

I deleted the folder, as you suggested, and re-installed. Rebooted, launched FF, browsed the site, and looked into the log. Alas, the strange access does not exist. Although I could not grab the culprit, I consider the problem resolved. Thanks for your help anyway. Tak

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先 登入您的帳號 來回覆文章。請 開始一個新問題