Linux Analysis Report
http://generalivitalityerleben.de

Overview

General Information

Sample URL:	http://generalivitalityerleben.de
Analysis ID:	1417466
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false

Signatures

Creates hidden files and/or directories

Queries the installed Ubuntu/CentOS release

Uses the "uname" system call to query kernel version information (possible evasion)

Classification

Signatures

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58572 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fgeneralivitalityerleben.de%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2130600648422368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301431%2C17301433%2C17301436&client_gdprApplies=0&format=r3%7Cs&nocache=3331711708651410&num=0&output=afd_ads&domain_name=generalivitalityerleben.de&v=3&bsl=8&pac=0&u_his=1&u_tz=60&dt=1711708651413&u_w=1024&u_h=768&biw=1009&bih=616&psw=1009&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fgeneralivitalityerleben.de%2F HTTP/1.1Host: www.adsensecustomsearchads.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://generalivitalityerleben.de/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://generalivitalityerleben.de/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1 HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=MTcxMTcwODY1MC44MjU2OjhjYzE0NzdhZmZhOTBmNGYzM2ViMGFkZjc2NTk4ZDA3OGJkMTY2MjM5MTM3NDg1YWI3NTgyODcyYTkwMTI1YmU6NjYwNjk5ZWFjOTkwMw%3D%3D HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44a HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /fonts/Port_Lligat_Slab/latin.woff2 HTTP/1.1Host: d38psrni17bvxu.cloudfront.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: identityReferer: http://generalivitalityerleben.de/Origin: http://generalivitalityerleben.deConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1 HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive

Source: unknown

DNS traffic detected: queries for: generalivitalityerleben.de

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 839982DA66E6AEDA16AF11C596104840CF7B7BD8.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2
Source: 839982DA66E6AEDA16AF11C596104840CF7B7BD8.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2strongly-framed1request-metho
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngnecko:classi
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.de
Source: recovery.jsonlz4.tmp.34.dr, C07DF163499366D56FA5104974A4679545DF6E5C.34.dr	String found in binary or memory: http://generalivitalityerleben.de/
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.de/ed.nebelreytilativilareneg.d
Source: 94906F1366ECE8E653DCF09415624072CF1772FB.34.dr	String found in binary or memory: http://generalivitalityerleben.de/favicon.ico
Source: 94906F1366ECE8E653DCF09415624072CF1772FB.34.dr	String found in binary or memory: http://generalivitalityerleben.de/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.1
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.de/generalivitalityerleben.deed.nebelreytilativilareneg.d
Source: 889097B98882CF54D9ADA009D12B5E046C8DE7C1.34.dr	String found in binary or memory: http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44a
Source: 889097B98882CF54D9ADA009D12B5E046C8DE7C1.34.dr	String found in binary or memory: http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44ane
Source: C07DF163499366D56FA5104974A4679545DF6E5C.34.dr	String found in binary or memory: http://generalivitalityerleben.de/necko:classified1strongly-framed1request-methodGETrequest-Accept-E
Source: 461FF00D331429AAA371A2C4601DAFB18A84C363.34.dr	String found in binary or memory: http://generalivitalityerleben.de/track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=M
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.ded
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1necko:classified1strongly-framed1request-methodGET
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://cloud.google.com/contact
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/ads-afs-ui
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/ads-afs-ui
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: 64DB6886C6BE539A67BFC0AB0D0B8C0668B73B0B.34.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js?domain=generalivitalityerleben.de&client=dp-te
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://recaptcha.net
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr, B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: 64DB6886C6BE539A67BFC0AB0D0B8C0668B73B0B.34.dr	String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 58602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58582
Source: unknown	Network traffic detected: HTTP traffic on port 37304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58580
Source: unknown	Network traffic detected: HTTP traffic on port 35102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58606
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58572

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58572 version: TLS 1.2

Source: classification engine

Classification label: clean1.lin@0/72@26/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4776)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4791)	Directory: /home/james/.cache	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4776)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4791)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4819)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4853)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4924)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4976)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5020)	Queries kernel information via 'uname':	Jump to behavior

Queries the installed Ubuntu/CentOS release

Source: /usr/lib/firefox/firefox (PID: 4833)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
35.244.181.201	prod.balrog.prod.cloudops.mozgcp.net	United States	15169	GOOGLEUS	false
3.163.115.82	d228z91au11ukj.cloudfront.net	United States	16509	AMAZON-02US	false
104.247.81.50	generalivitalityerleben.de	Canada	206834	TEAMINTERNET-CA-ASCA	false
18.160.64.11	d38psrni17bvxu.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
142.251.167.103	www.google.com	United States	15169	GOOGLEUS	false
142.251.163.113	www3.l.google.com	United States	15169	GOOGLEUS	false

Contacted Domains

Name	IP	Active
prod.balrog.prod.cloudops.mozgcp.net	35.244.181.201	true
www3.l.google.com	142.251.163.113	true
www.google.com	142.251.167.103	true
www.mydomaincontact.com	63.35.168.109	true
generalivitalityerleben.de	104.247.81.50	true
d228z91au11ukj.cloudfront.net	3.163.115.82	true
d38psrni17bvxu.cloudfront.net	18.160.64.11	true
push.services.mozilla.com	unknown	unknown
www.adsensecustomsearchads.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.google.com/adsense/domains/caf.js?abp=1	false		high
http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2	false		high
http://generalivitalityerleben.de/track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=MTcxMTcwODY1MC44MjU2OjhjYzE0NzdhZmZhOTBmNGYzM2ViMGFkZjc2NTk4ZDA3OGJkMTY2MjM5MTM3NDg1YWI3NTgyODcyYTkwMTI1YmU6NjYwNjk5ZWFjOTkwMw%3D%3D	false	Avira URL Cloud: safe	unknown
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png	false		high
http://generalivitalityerleben.de/favicon.ico	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf	false		high
https://www.google.com/recaptcha/api.js	false		high
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44a	false	Avira URL Cloud: safe	unknown
https://www.google.com/js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js	false		high
http://generalivitalityerleben.de/	false		unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1	false		high

Name	Type	MD5	SHA1	SHA256
/home/james/.cache/dconf/user	very short file (no magic)	93B885ADFE0DA089CDF634904FD59F71	5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F	6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/1DBCF2C5F4A9AAB308F13D41AB219EA85A810612	PNG image data, 1500 x 600, 8-bit colormap, non-interlaced	D2D5EA0FCBA75016D642965174030424	2EE668A4DD1ECF770BF0F517D9EBC803752808B7	DF0C7AF09524E5E1B01255799EE627FE624429ED9DEA8767BB91785461D3F245
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/461FF00D331429AAA371A2C4601DAFB18A84C363	gzip compressed data, max speed, from Unix, original size modulo 2^32 335544320	A5566BCD470A9785F21341DD77894E23	F868030870242584DC75F7C3EB0207F6C3898891	924A0C8FEBD868E91EAC0C9E791372915165E47B7CB4B9167D9B4C9696EDC1E9
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/64DB6886C6BE539A67BFC0AB0D0B8C0668B73B0B	data	AEA33CD87870CBAF674E5ADF2F3700DB	F9524B1CBC91A06C09DE8593EAB28140EB178B14	21E20DBF20D4C29DCB27FED1F44AA330686B94A3D38A1CF80B28949AB4A359D6
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/7D8BBF6E94639C1C939058A12AE541F5BD654619	ASCII text, with very long lines (596)	DD6A49BED9E739084198268DFF68CB18	FADDF6EEDFF0F30BFBFDA6D98E7852205F1703E5	2934BAC6BADCF661805FCB0BAEC7A3179F86A6FE04FDE8144C743BD9568320B3
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/839982DA66E6AEDA16AF11C596104840CF7B7BD8	Web Open Font Format (Version 2), TrueType, length 11460, version 1.0	7E13E47BEEE3C8DB41D2A0419F553AB4	16D68E5D367C3954CABD40F320F8A74161DB7400	730B51CEC6E1179AAB6C5C73C56066011BE2B537747B5A2FF11597697EB56968
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/889097B98882CF54D9ADA009D12B5E046C8DE7C1	JSON data	BAD28D215A9645336DABDEF4F7050CDD	9376AC5AE2A97D7299C78C6CEDACF321D1D47335	890BBE560CA01CC764927C8AE62D5007C8A31628B3CE00B33F3BD745C28C91EE
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/94906F1366ECE8E653DCF09415624072CF1772FB	data	51174421A64C9D47B8E1DE11E08B8BE8	A3AB880B22215FC1E353CE2113641276858B4520	AF79A11D6D618C797D730426B47990CA71DBE6CFBAAB230DA23E0D84D87A8885
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/B13A714441C11853FE6BA40EFF6C7097378009F7	data	10541E938D8EE03D29D61E62D97682A3	91E5CF806E4434DA9E76955E9836D8ECF4A9975D	BFC5EC83FA61AB2283376420CD85EB8A5A5889474600EC3FE989258C5E04A767
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C07DF163499366D56FA5104974A4679545DF6E5C	gzip compressed data, max speed, from Unix, original size modulo 2^32 3877044224	289C03E1A1B4E532FA83FBA5DD9569E7	40E49778EA1CBDBC041CEDDC21806FFA0FE46311	859613EC32CE064877DEB2CCAF52F9AC5825412A38943767C1C68415EA2D9BA2
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591	JSON data	8780564944245C646FE41D6379C51CA5	1BE14FB09C193B23CEAFDFFA7B9FB481DB31FC1D	C2102C7B60D2978739DAC0DB37A891AD4D35A3B13F48F3CBD40C9710B4C1D952
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/D2A64B5E2F392B99B4EBC1553A17EA010F0E8891	gzip compressed data, max compression, original size modulo 2^32 231604224	D8AC723C766826722C167899A1308E8D	1F09FF73E8EFFE7C27392035D1EE9EBB81D95E6D	51B7894C47E0A282A2777596C7275E7B84CC80A706F7FDEAE4C1EF8CB96B7B1D
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore	data	D886A47C89D9C49C795DA345BC236990	59E863E0D2B4E428D8C738D48FA0F6F7BAC36849	A03C5E2656D2F292BF5794C8EEB8D223CD6BA4F4BFB2ED1F325460E879D0BCF7
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore	data	60985C9439E7E254CA4EAD41AD1EFF32	184C8B3263D678D854F7B05FC41FDD3267A46FD6	5DA0A3FFC814575410D0F58D9647944AF4EB0809BE9E3475CD96B94DC2B14B56
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore	data	0E8FE60CCD7E9B4C32589A5743A95302	190F3BC536C9489C707AE31DA32BF86947EA5D78	2B124D4026850A3CFFD28DBACB58AEC28F7DCD4D40BC14E52BBE96D60CE4E749
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore	data	04824A1F92353F43EBB9E7F74B7476FD	C2636E8FFA8A5256D7D1F21E147101356E783114	B48E58EBAB82E4C376F16150A3FFF850C1111FF1F5985D68819CFD6F0DB159D2
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore	data	C921D8E98FA01B4F303481E112202E92	9D23B452AD0D06C355477CF70E3AA5D0ADFE6278	4EF1038730EC8BC7206713C29A936768831B922C5E6C83355FD62D7401D8C1DC
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore	data	6F85BC4B2ECB49E26B0BD83A821065D0	4DF430B4D63605E41855DBCB3837A189D4CC7604	C0B3BC9B3DC507AB654CAF72D13C3AEFA58C9B13B1E4D14DD8816712D80A7E54
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore	data	BA0009932844173BC8F9AF264229DF24	C8F6956FA86F4E9CF71599B735E28860245AE4B5	66D1C00C04D86E313E9A02775CDF906B1BE8D4CD6BEF423A1B9E21CC4E9F50C1
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore	data	D6ACF2573E12AFDD7939568804D3FCC1	5C54AD3FF47C6B925E7AC17D361FE0FA60B9181E	5525CBF8F8DC41D19AC632ED324E55293A510AE0EEBA16D0E3F33C707AA58A0C
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset	data	076933FF9904D1110D896E2C525E39E5	4188442577FA77F25820D9B2D01CC446E30684AC	4CBBD8CA5215B8D161AEC181A74B694F4E24B001D5B081DC0030ED797A8973E0
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore	data	845BEDB718B8941F643BB988F640E141	DB9BC33A9C9FF6E6D3651710DC1AC8D387759D24	5083D014CC7E8CFB15D4803429A9AB5FA397E1010CE66D0C8B8215C7FC3C6FDE
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore	data	E2CF527CA7550B7E7BDF7311E483A2C3	C354190BB2B8A00A6051EF2FB86E189AB053FE93	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore	data	E2CF527CA7550B7E7BDF7311E483A2C3	C354190BB2B8A00A6051EF2FB86E189AB053FE93	F1E07B1D717433F47073DC54A7D98E3E87B3D0FA88E53466F93EA544AF885D11
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore	data	051FB32DECE757BA112AC36DC72E3A91	A30D26CEE0F69FA67BF9E60BA692F4831373CC07	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore	data	051FB32DECE757BA112AC36DC72E3A91	A30D26CEE0F69FA67BF9E60BA692F4831373CC07	0806D98FB3DE55F75D7C0B17E26146567E08C483031526659A4A35D09B97EF19
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore	data	3675254E341DF799D4307C1F59109185	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore	data	3675254E341DF799D4307C1F59109185	8711844A41A4ACE77BA0A01A4D3AF2B2E59E6A75	23D108134BED6099793F7DD6B8B6E62081EC3B945EFDBC7C5E0E779FD9B82F98
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore	data	3D1CE5E50208F0CB3B979186043A548F	10C66032C5ACAC22D70670B9302437141E6371EF	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore	data	3D1CE5E50208F0CB3B979186043A548F	10C66032C5ACAC22D70670B9302437141E6371EF	1E13D05D482C3D533DC6035AF2B2D6E84749412A5748D1435B70CEC8B312340B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore	data	95F28EDE25C301301F25FBBD9A3C56EC	80F7D95AFC0DE8C608F672A6837C664EF847BCD5	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore	data	95F28EDE25C301301F25FBBD9A3C56EC	80F7D95AFC0DE8C608F672A6837C664EF847BCD5	87763DF78772F7D750B0FA5A31EEC23E931FD3BD1CBB33BEDDFC61889DA36478
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore	data	65E942614EEE70680464AC4BE75019FC	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore	data	65E942614EEE70680464AC4BE75019FC	7CA1B5994684A7FE37A61BC350A1FA8A89BF91DA	34395085DA32C8B4EFE9959E3B0D756B43FFED17694D66F39B966CD331BD9A94
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore	data	A5695CC64D77967232B0C1344C6E72B3	B0F151A5292D4B796668B242BF896FDBB5A24B67	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset	data	E2CECF06A89B4A6D968486F17F30DA5D	46757A7F71DCFBEB5511665F123810148727324E	E6B10FF8681FB7461557E6227D036617C7ECFC6E31A35412F8A5F72C217F318B
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore	data	A5695CC64D77967232B0C1344C6E72B3	B0F151A5292D4B796668B242BF896FDBB5A24B67	042A22B8681D754671D2018BA109B31A53EE3728D48C6379043F8E3394E7FBAD
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp	Mozilla lz4 compressed data, originally 1426 bytes	C03070F8A39B68E1DF90C197530147B8	CA5D078F9FE04FA46AF10505F930F1F67DEA4314	FB1ABAC28102E4FD1F7CD97C8B4135681C9BD4BA0EF1517895B278DB52BF5256
/home/james/.mozilla/firefox/5zxot757.default/cert9.db	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4	867FFE0D9B232EFE29B3D1A425CABF2B	0EFE92CEEA2269511A18E43D6E61EFA4B0B38BA9	E539A2A72D70E79248599086A49E564D7FA1BE9CF96C1F599C298E02DB5B467B
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal	data	3C0DEB54319AC312D24E29B3C375F860	EACEB91AECD61B758934C6CC16E4F2E4E4D8C274	EE5B6BB3A93E519DE69DC04820A489A80C678BA9D6414F015C86274BCD02DEF1
/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal	SQLite Write-Ahead Log, version 3007000	CC2F38DE44AB405D569B82E022483CF2	228B93075A84C7B2F2ABE8BF4A87F3495287B82D	E81835E63F67870C72EB0363D29E245F6435874495CE5C73E370CC820F30111E
/home/james/.mozilla/firefox/5zxot757.default/key4.db	SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3	38B72139B979DA8F474D683DE36C32CD	A56B82D1404DB4F14EA2554A340F2666A0C746A7	8E688FEC7741F7629E0D9192D5557ABBB193492A39100ED910DB85EC26893233
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal	data	91C70A2CCA16A9BBE881D9C146A008BF	6EEB832A27DC7FA06729BA8AE974DBFD64A59CE2	3EF6B1612654C1414EAB3A1E7A2EF435CBB6928FE69A555B3F6949F39A75343A
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite	SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5	3EC564DFFB31A761D90CC78B79A12619	179B48158BB8B9FAB1422D40C9B0618307AC0C5B	18A9301EDE2C87FC24D9CE4EB1DC710DE2CD13C9DC57C46B0D88F08F8EC0CB91
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal	data	51ABE92062E0B902BB00F685289701F6	F67FC334DEAAB78362155C07DD4229B167F0D884	2BEE4F76490442858ED7E59AA391BFD63B0210DA02EEB3153B64C074D0ADEA03
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal	SQLite Write-Ahead Log, version 3007000	00E9417AEFCFF3E579FBB463C4769D51	D0D199A08A166F6DE55442BACF3BE475670A82E2	9525B0A55B419E3B5E398101ED033D244E03D13EA72342B48FDEB3D46871EFAE
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js	ASCII text, with very long lines (663)	A380175617812ED3E89BE052DA6BFC99	6406831B327773AA66B4B4B9F41C314769C2E2CE	539EA8569C141F97253AF54B61DC69A2FAFBC75E5693EA63218228165361BC89
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp	JSON data	C0E4C22C50DD21142F57714EF49B8713	06B77307DCA5C889EA279243E74730CBC10801BE	6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717
/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp	Mozilla lz4 compressed data, originally 26963 bytes	7D6BE0B1BF0545A898081A105DCCCB03	C0FD64A9DDB77D1A183DC48CCEBF33F67931574D	66A4538CAE7E378990BA9507C3EFC7AD4AF947AA3183B51C4CEE8C4EB432AAED
/proc/4924/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4924/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/4924/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4976/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/4976/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/4976/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/5020/gid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E
/proc/5020/setgroups	ASCII text, with no line terminators	05AFB6CE69B9CEF1BD6ECE7E4745F96C	1D16DC2DCC6851208C1B981E2EC377250A4A0CC5	3026A0CA485E5831657BA0120FA8DD66B3425427BFB0A2BE0DB743E2305CC7C5
/proc/5020/uid_map	ASCII text, with no line terminators	54258652109C33FE06188083A3EC23F4	013EC30A95D66C56642C193613A829B746982601	C459EBB6CF3917EFB05A2E72EF25E223BE9B78780B1CE0CAACCE49C773DF199E

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58572 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /6/Firefox/66.0.3/20190410113011/Linux_x86_64-gcc3/en-US/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/ HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%2Cbucket003&client=dp-teaminternet04_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fgeneralivitalityerleben.de%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2130600648422368&oe=UTF-8&ie=UTF-8&fexp=21404%2C17301383%2C17301431%2C17301433%2C17301436&client_gdprApplies=0&format=r3%7Cs&nocache=3331711708651410&num=0&output=afd_ads&domain_name=generalivitalityerleben.de&v=3&bsl=8&pac=0&u_his=1&u_tz=60&dt=1711708651413&u_w=1024&u_h=768&biw=1009&bih=616&psw=1009&psh=760&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=618877072&rurl=http%3A%2F%2Fgeneralivitalityerleben.de%2F HTTP/1.1Host: www.adsensecustomsearchads.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://generalivitalityerleben.de/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /us-west/bundles-pregen/Firefox/en-us/default.json HTTP/1.1Host: snippets.cdn.mozilla.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://generalivitalityerleben.de/Connection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1 HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%3Doff%26psid%3D1167268112%26pcsa%3Dfalse%26channel%3D000002%252Cbucket003%26client%3Ddp-teaminternet04_3ph%26r%3Dm%26hl%3Den%26rpbu%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMDN8fHx8fHw2NjA2OTllYWM5OGE2fHx8MTcxMTcwODY1MC44NTEzfDNkMTVjNzExOWRjNDQxNWQ3ZjNiOTdjMzg4NzU5NDM4OTE4NGVjMjJ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fFpIQXRkR1ZoYldsdWRHVnlibVYwTURSZk0zQm98ZDgyZjM2MWZiZjFhMmNkYjk1Y2Y3NmRjNjczMTAzZDYzZWVlNTdiZHwwfDB8fDB8fHwwfDB8VzEwPXx8MXxXMTA9fDhiYTNmOWE1MTkwZDQ1NzRiOGZkYjRhYzRlMzA2YjVhMzg2NWU0NGF8MHxkcC10ZWFtaW50ZXJuZXQwNF8zcGh8MHwwfHw%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2130600648422368%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17301383%252C17301431%252C17301433%252C17301436%26client_gdprApplies%3D0%26format%3Dr3%257Cs%26nocache%3D3331711708651410%26num%3D0%26output%3Dafd_ads%26domain_name%3Dgeneralivitalityerleben.de%26v%3D3%26bsl%3D8%26pac%3D0%26u_his%3D1%26u_tz%3D60%26dt%3D1711708651413%26u_w%3D1024%26u_h%3D768%26biw%3D1009%26bih%3D616%26psw%3D1009%26psh%3D760%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D618877072%26rurl%3Dhttp%253A%252F%252Fgeneralivitalityerleben.de%252F&hl=en&q=EgRmpTArGOyzmrAGIjBeLLHAiEbRdxqZvUeUJ5fPjC4jJoOVLaHn-TH5nqarUVNPq5VeLSkHCkfrzCHvpo8yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /update/3/GMP/66.0.3/20190410113011/Linux_x86_64-gcc3/null/release-cck-ubuntu/Linux%204.4.0-116-generic%20(GTK%203.18.9%2Clibpulse%208.0.0)/canonical/1.0/update.xml HTTP/1.1Host: aus5.mozilla.orgUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-aliveUpgrade-Insecure-Requests: 1
Source: global traffic	HTTP traffic detected: GET /track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=MTcxMTcwODY1MC44MjU2OjhjYzE0NzdhZmZhOTBmNGYzM2ViMGFkZjc2NTk4ZDA3OGJkMTY2MjM5MTM3NDg1YWI3NTgyODcyYTkwMTI1YmU6NjYwNjk5ZWFjOTkwMw%3D%3D HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44a HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /fonts/Port_Lligat_Slab/latin.woff2 HTTP/1.1Host: d38psrni17bvxu.cloudfront.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: identityReferer: http://generalivitalityerleben.de/Origin: http://generalivitalityerleben.deConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1 HTTP/1.1Host: www.google.comUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: http://generalivitalityerleben.de/Connection: keep-alive
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: generalivitalityerleben.deUser-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0Accept: image/webp,/Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alive

Source: unknown

DNS traffic detected: queries for: generalivitalityerleben.de

Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0?
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
Source: 839982DA66E6AEDA16AF11C596104840CF7B7BD8.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2
Source: 839982DA66E6AEDA16AF11C596104840CF7B7BD8.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2strongly-framed1request-metho
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
Source: 1DBCF2C5F4A9AAB308F13D41AB219EA85A810612.34.dr	String found in binary or memory: http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngnecko:classi
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.de
Source: recovery.jsonlz4.tmp.34.dr, C07DF163499366D56FA5104974A4679545DF6E5C.34.dr	String found in binary or memory: http://generalivitalityerleben.de/
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.de/ed.nebelreytilativilareneg.d
Source: 94906F1366ECE8E653DCF09415624072CF1772FB.34.dr	String found in binary or memory: http://generalivitalityerleben.de/favicon.ico
Source: 94906F1366ECE8E653DCF09415624072CF1772FB.34.dr	String found in binary or memory: http://generalivitalityerleben.de/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.1
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.de/generalivitalityerleben.deed.nebelreytilativilareneg.d
Source: 889097B98882CF54D9ADA009D12B5E046C8DE7C1.34.dr	String found in binary or memory: http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44a
Source: 889097B98882CF54D9ADA009D12B5E046C8DE7C1.34.dr	String found in binary or memory: http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44ane
Source: C07DF163499366D56FA5104974A4679545DF6E5C.34.dr	String found in binary or memory: http://generalivitalityerleben.de/necko:classified1strongly-framed1request-methodGETrequest-Accept-E
Source: 461FF00D331429AAA371A2C4601DAFB18A84C363.34.dr	String found in binary or memory: http://generalivitalityerleben.de/track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=M
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://generalivitalityerleben.ded
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: http://ocsp.pki.goog/gsr202
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://wiki.ubuntu.com/moc.utnubu.ikiw.
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.debian.org/gro.naibed.www.
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: http://www.google.com/adsense/domains/caf.js?abp=1necko:classified1strongly-framed1request-methodGET
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com
Source: places.sqlite-wal.34.dr	String found in binary or memory: http://www.ubuntu.com/moc.utnubu.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://answers.launchpad.net/ubuntu/
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://cloud.google.com/contact
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/ads-afs-ui
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/ads-afs-ui
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: 64DB6886C6BE539A67BFC0AB0D0B8C0668B73B0B.34.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js?domain=generalivitalityerleben.de&client=dp-te
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://pki.goog/repository/0
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://recaptcha.net
Source: C389DE279BF5275924497D5B33D1F1900116E591.34.dr	String found in binary or memory: https://snippets.cdn.mozilla.net/us-west/bundles-pregen/Firefox/en-us/default.json
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
Source: D2A64B5E2F392B99B4EBC1553A17EA010F0E8891.34.dr	String found in binary or memory: https://www.adsensecustomsearchads.com
Source: cert9.db-journal.34.dr, cert9.db.34.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api.js
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr, B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: 64DB6886C6BE539A67BFC0AB0D0B8C0668B73B0B.34.dr	String found in binary or memory: https://www.googleadservices.com/pagead/p3p.xml
Source: 7D8BBF6E94639C1C939058A12AE541F5BD654619.34.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
Source: B13A714441C11853FE6BA40EFF6C7097378009F7.34.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/about/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/contribute/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/firefox/central/gro.allizom.www.
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: places.sqlite-wal.34.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 58602 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58606 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58572 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58586
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 35102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58582
Source: unknown	Network traffic detected: HTTP traffic on port 37304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58586 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58580
Source: unknown	Network traffic detected: HTTP traffic on port 35102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58580 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58582 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 58594 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 37314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58606
Source: unknown	Network traffic detected: HTTP traffic on port 58596 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58602
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 37304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58596
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58594
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58572

Source: unknown

HTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.20:58572 version: TLS 1.2

Source: classification engine

Classification label: clean1.lin@0/72@26/0

Creates hidden files and/or directories

Source: /usr/bin/exo-open (PID: 4776)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Directory: /home/james/.cache	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Directory: /home/james/.local	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Directory: /home/james/.config	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4791)	Directory: /home/james/.cache	Jump to behavior

Uses the "uname" system call to query kernel version information (possible evasion)

Source: /usr/bin/exo-open (PID: 4776)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 4784)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4791)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4819)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dbus-launch (PID: 4853)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4924)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 4976)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/lib/firefox/firefox (PID: 5020)	Queries kernel information via 'uname':	Jump to behavior

Queries the installed Ubuntu/CentOS release

Source: /usr/lib/firefox/firefox (PID: 4833)

Arguments: /usr/bin/lsb_release -> /usr/bin/python3 -Es /usr/bin/lsb_release -idrc

Jump to behavior

ID:	1417466
Product:	CloudBasic
Start time:	11:36:42
Start date:	29.03.2024
Cookbook:	browseurl.jbs
System description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Architecture:	LINUX

Linux Analysis Report
http://generalivitalityerleben.de

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report http://generalivitalityerleben.de

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Malware Analysis System Evasion

Language, Device and Operating System Detection

Screenshots

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Linux Analysis Report
http://generalivitalityerleben.de