Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Malware?

more options

Firefox has the following connections open without me even doing anything Is this malware? firefox-b 54224 andrew 121u IPv4 12176936 0t0 TCP obsidian:55234->server-13-225-205-77.ewr50.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 122u IPv4 12176935 0t0 TCP obsidian:55706->82.221.107.34.bc.googleusercontent.com:http (ESTABLISHED) firefox-b 54224 andrew 129u IPv4 12129199 0t0 TCP obsidian:49184->server-13-226-50-32.mia3.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 130u IPv4 12129200 0t0 TCP obsidian:55236->server-13-225-205-77.ewr50.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 143u IPv4 12129201 0t0 TCP obsidian:60900->ec2-34-213-33-47.us-west-2.compute.amazonaws.com:https (ESTABLISHED) firefox-b 54224 andrew 144u IPv4 12176958 0t0 TCP obsidian:54312->server-13-225-230-4.jfk51.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 145u IPv4 12176956 0t0 TCP obsidian:58322->ec2-54-185-120-242.us-west-2.compute.amazonaws.com:https (ESTABLISHED) firefox-b 54224 andrew 147u IPv4 12176957 0t0 TCP obsidian:48230->ec2-35-166-92-64.us-west-2.compute.amazonaws.com:https (ESTABLISHED) firefox-b 54224 andrew 152u IPv4 12129219 0t0 TCP obsidian:60738->server-54-230-244-29.ewr53.r.cloudfront.net:http (ESTABLISHED) firefox-b 54224 andrew 153u IPv4 12129220 0t0 TCP obsidian:33328->72.21.91.29:http (ESTABLISHED) firefox-b 54224 andrew 156u IPv4 12176937 0t0 TCP obsidian:55708->82.221.107.34.bc.googleusercontent.com:http (ESTABLISHED)

Firefox has the following connections open without me even doing anything Is this malware? firefox-b 54224 andrew 121u IPv4 12176936 0t0 TCP obsidian:55234->server-13-225-205-77.ewr50.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 122u IPv4 12176935 0t0 TCP obsidian:55706->82.221.107.34.bc.googleusercontent.com:http (ESTABLISHED) firefox-b 54224 andrew 129u IPv4 12129199 0t0 TCP obsidian:49184->server-13-226-50-32.mia3.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 130u IPv4 12129200 0t0 TCP obsidian:55236->server-13-225-205-77.ewr50.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 143u IPv4 12129201 0t0 TCP obsidian:60900->ec2-34-213-33-47.us-west-2.compute.amazonaws.com:https (ESTABLISHED) firefox-b 54224 andrew 144u IPv4 12176958 0t0 TCP obsidian:54312->server-13-225-230-4.jfk51.r.cloudfront.net:https (ESTABLISHED) firefox-b 54224 andrew 145u IPv4 12176956 0t0 TCP obsidian:58322->ec2-54-185-120-242.us-west-2.compute.amazonaws.com:https (ESTABLISHED) firefox-b 54224 andrew 147u IPv4 12176957 0t0 TCP obsidian:48230->ec2-35-166-92-64.us-west-2.compute.amazonaws.com:https (ESTABLISHED) firefox-b 54224 andrew 152u IPv4 12129219 0t0 TCP obsidian:60738->server-54-230-244-29.ewr53.r.cloudfront.net:http (ESTABLISHED) firefox-b 54224 andrew 153u IPv4 12129220 0t0 TCP obsidian:33328->72.21.91.29:http (ESTABLISHED) firefox-b 54224 andrew 156u IPv4 12176937 0t0 TCP obsidian:55708->82.221.107.34.bc.googleusercontent.com:http (ESTABLISHED)

All Replies (1)

more options

The problem is that this connection information is showing content distribution network and cloud hosting host names instead of the customer host names, so it doesn't track back to the original request. That makes it hard to confirm/deny that it's a connection Firefox made for its own purposes vs. a rogue add-on or external malware manipulating Firefox.

To try to narrow it down, you could temporarily switch off Firefox activity as described in the following article: How to stop Firefox from making automatic connections.