IOC Report
http://generalivitalityerleben.de

loading gif

Files

File Path
Type
Category
Malicious
/home/james/.cache/dconf/user
very short file (no magic)
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/1DBCF2C5F4A9AAB308F13D41AB219EA85A810612
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/461FF00D331429AAA371A2C4601DAFB18A84C363
gzip compressed data, max speed, from Unix, original size modulo 2^32 335544320
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/64DB6886C6BE539A67BFC0AB0D0B8C0668B73B0B
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/7D8BBF6E94639C1C939058A12AE541F5BD654619
ASCII text, with very long lines (596)
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/839982DA66E6AEDA16AF11C596104840CF7B7BD8
Web Open Font Format (Version 2), TrueType, length 11460, version 1.0
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/889097B98882CF54D9ADA009D12B5E046C8DE7C1
JSON data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/94906F1366ECE8E653DCF09415624072CF1772FB
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/B13A714441C11853FE6BA40EFF6C7097378009F7
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C07DF163499366D56FA5104974A4679545DF6E5C
gzip compressed data, max speed, from Unix, original size modulo 2^32 3877044224
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591
JSON data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/D2A64B5E2F392B99B4EBC1553A17EA010F0E8891
gzip compressed data, max compression, original size modulo 2^32 231604224
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp
Mozilla lz4 compressed data, originally 1426 bytes
dropped
/home/james/.mozilla/firefox/5zxot757.default/cert9.db
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4
dropped
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
/home/james/.mozilla/firefox/5zxot757.default/key4.db
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite
SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
dropped
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js
ASCII text, with very long lines (663)
dropped
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp
JSON data
dropped
/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp
Mozilla lz4 compressed data, originally 26963 bytes
dropped
/proc/4924/gid_map
ASCII text, with no line terminators
dropped
/proc/4924/setgroups
ASCII text, with no line terminators
dropped
/proc/4924/uid_map
ASCII text, with no line terminators
dropped
/proc/4976/gid_map
ASCII text, with no line terminators
dropped
/proc/4976/setgroups
ASCII text, with no line terminators
dropped
/proc/4976/uid_map
ASCII text, with no line terminators
dropped
/proc/5020/gid_map
ASCII text, with no line terminators
dropped
/proc/5020/setgroups
ASCII text, with no line terminators
dropped
/proc/5020/uid_map
ASCII text, with no line terminators
dropped
There are 63 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/bin/exo-open
exo-open http://generalivitalityerleben.de
/usr/bin/exo-open
-
/usr/bin/exo-open
-
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://generalivitalityerleben.de
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
-
/usr/bin/sensible-browser
/bin/sh /usr/bin/sensible-browser http://generalivitalityerleben.de
/usr/bin/x-www-browser
/bin/sh /usr/bin/x-www-browser http://generalivitalityerleben.de
/usr/bin/x-www-browser
-
/usr/bin/which
/bin/sh /usr/bin/which /usr/bin/x-www-browser
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://generalivitalityerleben.de
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/bin/lsb_release
/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
/usr/lib/firefox/firefox
-
/usr/bin/dbus-launch
dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4791 true tab
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6061 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4791 true tab
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4791 true tab
There are 15 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://generalivitalityerleben.de
http://www.google.com/adsense/domains/caf.js?abp=1
142.251.167.103
http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2
18.160.64.11
http://generalivitalityerleben.de
unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support
unknown
http://generalivitalityerleben.de/track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=MTcxMTcwODY1MC44MjU2OjhjYzE0NzdhZmZhOTBmNGYzM2ViMGFkZjc2NTk4ZDA3OGJkMTY2MjM5MTM3NDg1YWI3NTgyODcyYTkwMTI1YmU6NjYwNjk5ZWFjOTkwMw%3D%3D
104.247.81.50
http://generalivitalityerleben.ded
unknown
http://www.debian.org/gro.naibed.www.
unknown
https://support.google.com/recaptcha#6262736
unknown
http://www.ubuntu.com
unknown
https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
unknown
https://csp.withgoogle.com/csp/ads-afs-ui
unknown
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
18.160.64.11
https://support.google.com/recaptcha/?hl=en#6223828
unknown
https://cloud.google.com/contact
unknown
http://generalivitalityerleben.de/favicon.ico
104.247.81.50
http://www.ubuntu.com/moc.utnubu.www.
unknown
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf
142.251.167.103
https://csp.withgoogle.com/csp/report-to/ads-afs-ui
unknown
https://www.google.com/recaptcha/api.js
142.251.167.103
https://www.google.com/recaptcha/api2/
unknown
http://www.google.com/adsense/domains/caf.js?abp=1necko:classified1strongly-framed1request-methodGET
unknown
https://support.google.com/recaptcha
unknown
http://www.debian.org
unknown
http://d38psrni17bvxu.cloudfront.net/fonts/Port_Lligat_Slab/latin.woff2strongly-framed1request-metho
unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
142.251.167.103
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
unknown
http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44a
104.247.81.50
https://cloud.google.com/recaptcha-enterprise/billing-information
unknown
https://www.adsensecustomsearchads.com
unknown
http://generalivitalityerleben.de/ls.php?t=660699ea&token=8ba3f9a5190d4574b8fdb4ac4e306b5a3865e44ane
unknown
https://recaptcha.net
unknown
https://www.google.com/js/bg/OMzbJ87gkB5MAUky6mmDB4mflkEza4rQHUJNCD4hS_4.js
142.251.167.103
http://generalivitalityerleben.de/generalivitalityerleben.deed.nebelreytilativilareneg.d
unknown
http://wiki.ubuntu.com/moc.utnubu.ikiw.
unknown
https://pki.goog/repository/0
unknown
https://answers.launchpad.net/ubuntu/
unknown
http://generalivitalityerleben.de/
104.247.81.50
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
unknown
http://generalivitalityerleben.de/necko:classified1strongly-framed1request-methodGETrequest-Accept-E
unknown
https://play.google.com/log?format=json&hasfast=true
unknown
https://answers.launchpad.net
unknown
https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
unknown
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngnecko:classi
unknown
http://generalivitalityerleben.de/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.1
unknown
http://wiki.ubuntu.com
unknown
http://generalivitalityerleben.de/ed.nebelreytilativilareneg.d
unknown
https://support.mozilla.org
unknown
http://crl.pki.goog/gsr2/gsr2.crl0?
unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=moV1mTgQ6S91nuTnmll4Y9yf&size=normal&s=txwxami4Pu0Mc2du6o5eFzRwXsZPWKOWu248W-z55Oda3eDa2FplFQhZ9eJnqvqsAf1-bPAtNxN4kEEuXmVA1-OrIWJzPAebzlOtKgNMW1I10za_HCe9aLiAyQAeWcF2ckWUwcEy1-gOOoLhABTkVvzyQ1Iq5LsKlYQTdySjU-UBFGLIXQ3HGRxKCMr_7D-NKAEQqgbrRwUS1FYjRfuQLnZ5Hi3eYBcoUcqyLcqaT3WnYLVjuY2YKyM4ia4rHGsfxbnl9fZMJY_joAyrsjTOykF8Roi8O_8&cb=dfd6i1wqqfr1
142.251.167.103
http://generalivitalityerleben.de/track.php?domain=generalivitalityerleben.de&toggle=browserjs&uid=M
unknown
There are 41 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
www3.l.google.com
142.251.163.113
www.google.com
142.251.167.103
www.mydomaincontact.com
63.35.168.109
generalivitalityerleben.de
104.247.81.50
d228z91au11ukj.cloudfront.net
3.163.115.82
d38psrni17bvxu.cloudfront.net
18.160.64.11
push.services.mozilla.com
unknown
www.adsensecustomsearchads.com
unknown

IPs

IP
Domain
Country
Malicious
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.net
United States
3.163.115.82
d228z91au11ukj.cloudfront.net
United States
104.247.81.50
generalivitalityerleben.de
Canada
18.160.64.11
d38psrni17bvxu.cloudfront.net
United States
142.251.167.103
www.google.com
United States
142.251.163.113
www3.l.google.com
United States