IOC Report
http://selfservicegeneraligroup.com

loading gif

Files

File Path
Type
Category
Malicious
/home/james/.cache/dconf/user
very short file (no magic)
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/1DBCF2C5F4A9AAB308F13D41AB219EA85A810612
PNG image data, 1500 x 600, 8-bit colormap, non-interlaced
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/27384B62E4E2FBED7D3E85C6EAB6BF998474793D
gzip compressed data, max speed, from Unix, original size modulo 2^32 1075314688
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/2F4087E4267A59C0FFA634FA9D0E00268729B4DC
JSON data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/37D23FAB5FB546A476E38CD3870F42D926504EC7
gzip compressed data, max speed, from Unix, original size modulo 2^32 335544320
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/4098689E1EA45FF0094F1C8088E49251FFFF7585
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8C0900F504EEA56B743B4031F3F815083E14491B
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/8E6243BCB240F8914D10249076C524BAE347081E
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/A63C11DE5F2C5CEF985CF75DF4EFB9ECC9BF06B8
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/B13A714441C11853FE6BA40EFF6C7097378009F7
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C296EE2E7F76140275BFE32DF9712B635E6BB55B
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/C389DE279BF5275924497D5B33D1F1900116E591
JSON data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/D2A64B5E2F392B99B4EBC1553A17EA010F0E8891
gzip compressed data, max compression, original size modulo 2^32 3508601088
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/cache2/entries/E6D3854E385D14EBC6F74CDE30437FFAD732EA8E
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/allow-flashallow-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/base-track-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flash-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/block-flashsubdoc-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flash-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashallow-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/except-flashsubdoc-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozplugin-block-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/mozstd-trackwhite-digest256.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-block-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-harmful-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-malware-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-phish-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-track-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-trackwhite-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple-1.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.pset
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/safebrowsing-updating/test-unwanted-simple.sbstore
data
dropped
/home/james/.cache/mozilla/firefox/5zxot757.default/startupCache/webext.sc.lz4.tmp
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/addonStartup.json.lz4.tmp
Mozilla lz4 compressed data, originally 1426 bytes
dropped
/home/james/.mozilla/firefox/5zxot757.default/cert9.db
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 4, database pages 7, cookie 0x5, schema 4, UTF-8, version-valid-for 4
dropped
/home/james/.mozilla/firefox/5zxot757.default/cert9.db-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/cookies.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
/home/james/.mozilla/firefox/5zxot757.default/key4.db
SQLite 3.x database, last written using SQLite version 3026000, page size 32768, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
dropped
/home/james/.mozilla/firefox/5zxot757.default/key4.db-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite
SQLite 3.x database, user version 9, last written using SQLite version 3026000, page size 32768, file counter 5, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 5
dropped
/home/james/.mozilla/firefox/5zxot757.default/permissions.sqlite-journal
data
dropped
/home/james/.mozilla/firefox/5zxot757.default/places.sqlite-wal
SQLite Write-Ahead Log, version 3007000
dropped
/home/james/.mozilla/firefox/5zxot757.default/prefs-1.js
ASCII text, with very long lines (663)
dropped
/home/james/.mozilla/firefox/5zxot757.default/sessionCheckpoints.json.tmp
JSON data
dropped
/home/james/.mozilla/firefox/5zxot757.default/sessionstore-backups/recovery.jsonlz4.tmp
Mozilla lz4 compressed data, originally 26969 bytes
dropped
/proc/4929/gid_map
ASCII text, with no line terminators
dropped
/proc/4929/setgroups
ASCII text, with no line terminators
dropped
/proc/4929/uid_map
ASCII text, with no line terminators
dropped
/proc/4977/gid_map
ASCII text, with no line terminators
dropped
/proc/4977/setgroups
ASCII text, with no line terminators
dropped
/proc/4977/uid_map
ASCII text, with no line terminators
dropped
/proc/5019/gid_map
ASCII text, with no line terminators
dropped
/proc/5019/setgroups
ASCII text, with no line terminators
dropped
/proc/5019/uid_map
ASCII text, with no line terminators
dropped
There are 66 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/bin/exo-open
exo-open http://selfservicegeneraligroup.com
/usr/bin/exo-open
-
/usr/bin/exo-open
-
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch WebBrowser http://selfservicegeneraligroup.com
/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
-
/usr/bin/sensible-browser
/bin/sh /usr/bin/sensible-browser http://selfservicegeneraligroup.com
/usr/bin/x-www-browser
/bin/sh /usr/bin/x-www-browser http://selfservicegeneraligroup.com
/usr/bin/x-www-browser
-
/usr/bin/which
/bin/sh /usr/bin/which /usr/bin/x-www-browser
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox http://selfservicegeneraligroup.com
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/bin/lsb_release
/usr/bin/python3 -Es /usr/bin/lsb_release -idrc
/usr/lib/firefox/firefox
-
/usr/bin/dbus-launch
dbus-launch --autolaunch=11ced2f07072c6ae389b731c5cc84014 --binary-syntax --close-stderr
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 1 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4800 true tab
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 6115 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4800 true tab
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
-
/usr/lib/firefox/firefox
/usr/lib/firefox/firefox -contentproc -childID 3 -isForBrowser -prefsLen 6934 -prefMapSize 172334 -parentBuildID 20190410113011 -greomni /usr/lib/firefox/omni.ja -appomni /usr/lib/firefox/browser/omni.ja -appdir /usr/lib/firefox/browser 4800 true tab
There are 15 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://selfservicegeneraligroup.com
http://www.google.com/adsense/domains/caf.js?abp=1
142.250.217.164
http://www.debian.org/gro.naibed.www.
unknown
http://www.ubuntu.com
unknown
https://csp.withgoogle.com/csp/report-to/gws/other
unknown
https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadtest%
unknown
https://csp.withgoogle.com/csp/ads-afs-ui
unknown
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png
18.160.64.187
http://www.ubuntu.com/moc.utnubu.www.
unknown
http://selfservicegeneraligroup.com
unknown
https://support.mozilla.org/en-US/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=fire
unknown
https://csp.withgoogle.com/csp/report-to/ads-afs-ui
unknown
https://github.com/
unknown
https://www.google.com/recaptcha/api.js
142.250.217.164
http://selfservicegeneraligroup.com/track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&u
unknown
http://selfservicegeneraligroup.comd
unknown
https://www.google.com/recaptcha/api2/
unknown
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png1
unknown
http://www.google.com/adsense/domains/caf.js?abp=1necko:classified1strongly-framed1request-methodGET
unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b
142.250.217.164
http://selfservicegeneraligroup.com/selfservicegeneraligroup.commoc.puorgilarenegecivresfles.d
unknown
http://www.debian.org
unknown
http://selfservicegeneraligroup.com/favicon.icostrongly-framed1request-methodGETresponse-headHTTP/1.
unknown
http://selfservicegeneraligroup.com/ls.php?t=661f6d84&token=10021f01e7cae7e812aa3877ca8fac12fac0f1d8
104.247.82.170
https://support.mozilla.org/en-US/products/firefoxgro.allizom.troppus.
unknown
https://www.adsensecustomsearchads.com/predictor::seen1
unknown
http://d38psrni17bvxu.cloudfront.net/
unknown
https://www.adsensecustomsearchads.com
unknown
http://wiki.ubuntu.com/moc.utnubu.ikiw.
unknown
https://pki.goog/repository/0
unknown
https://answers.launchpad.net/ubuntu/
unknown
http://selfservicegeneraligroup.com/favicon.ico
104.247.82.170
http://selfservicegeneraligroup.com/necko:classified1strongly-framed1request-methodGETrequest-Accept
unknown
https://csp.withgoogle.com/csp/gws/other
unknown
https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=1167268112&pcsa=false&channel=000002%
unknown
http://www.google.com/adsense/domains/caf.js?abp=11
unknown
https://www.google.com/js/bg/KTA1qoE7ZDz05UuzGBms7CVmuC34sZ4nnXwNjg065Po.js
142.250.217.164
https://answers.launchpad.net
unknown
http://selfservicegeneraligroup.com/track.php?domain=selfservicegeneraligroup.com&toggle=browserjs&uid=MTcxMzMzNTY4NC42Mzg2OjVmMjExNDhkOTQ3ODAyM2UyODBlYzE0YWFmNmIyNDhlOTQ5YWEzMTNiYmM4MzYzM2IxMjg1OThkYzlmNTBmOTg6NjYxZjZkODQ5YmU5Yg%3D%3D
104.247.82.170
http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.pngnecko:classi
unknown
http://www.google.com/1
unknown
https://www.adsensecustomsearchads.com/
unknown
http://selfservicegeneraligroup.com/
104.247.82.170
http://wiki.ubuntu.com
unknown
http://selfservicegeneraligroup.com/moc.puorgilarenegecivresfles.d
unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-&size=normal&s=jkYMcceTXa5O0Ql5TftRgDmCgYkPz5gGnrn2IIvbdOT5roe8FKflJH_PAW-QVZa5Jwb9eM13c_0L5Xi4NoFS5624IVNSJIkoPhiOXF6CApz132Cvk-SDE7By3vUrqTv1kZs2ozuzya1IxyTNJn5SQzaL5kDm2Pev9GvHZppY7Sm0XFSYrqIwuN1tSab_ilre7pcGth-Hes5VC3LxDbe7XIbvTKm1-36FKWTciH9JkpVGWXvckVfM5KxkkqBi4PrNUa4aVXYgvR7o70yzur7iGGautLlBMog&cb=yc2zn4iualcv
142.250.217.164
http://selfservicegeneraligroup.com/predictor::seen1predictor::resource-count3predictor::http://d38p
unknown
https://support.mozilla.org
unknown
http://crl.pki.goog/gsr2/gsr2.crl0?
unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=rz4DvU-cY2JYCwHSTck0_qm-
142.250.217.164
http://www.google.com/
unknown
There are 40 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
prod.balrog.prod.cloudops.mozgcp.net
35.244.181.201
www3.l.google.com
142.250.217.174
selfservicegeneraligroup.com
104.247.82.170
www.google.com
142.250.217.164
d228z91au11ukj.cloudfront.net
3.163.115.26
d38psrni17bvxu.cloudfront.net
18.160.64.187
push.services.mozilla.com
unknown
www.adsensecustomsearchads.com
unknown

IPs

IP
Domain
Country
Malicious
35.244.181.201
prod.balrog.prod.cloudops.mozgcp.net
United States
142.250.217.164
www.google.com
United States
142.250.217.174
www3.l.google.com
United States
3.163.115.26
d228z91au11ukj.cloudfront.net
United States
104.247.82.170
selfservicegeneraligroup.com
Canada
18.160.64.187
d38psrni17bvxu.cloudfront.net
United States