IOC Report
http://josten-tortechnik.de/UlCnoRToZJ9HKuPEL8B7Yn0/Zu6OSoQkrQs2TBRj9b8G/1Q1JS3ZIMsr4MdogoPSmHhHBh/6Z/knZhcGdhkjPFPUFMbsisH/PCJXsHOZALekdXPQayRkrE/ADJEJgmjKRYvGqfF3Hmi8Tjt/r7xMBck/4PWOg1lrpQWJFyiXiXsfQd/OLpbrE12VfTxp8hTmLovbHqx/SNutNiaq3CztKqusTonzVc/M/4PbgurauisVkr7cjfBcC/wH6I3aCo7d3pNmYmvFESR/uLst

loading gif

Files

File Path
Type
Category
Malicious
/dev/null
ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/com.apple.scriptmanager2.le.cache
data
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsDirectory.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsObject.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 2)/AutoFillQuirks.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CacheSettings.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist
XML 1.0 document, ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/F75E803424977C4618E1D230483C5FF7
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist
Apple binary property list
dropped
There are 2 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
-
/usr/bin/open
/usr/bin/open -a Safari http://josten-tortechnik.de/UlCnoRToZJ9HKuPEL8B7Yn0/Zu6OSoQkrQs2TBRj9b8G/1Q1JS3ZIMsr4MdogoPSmHhHBh/6Z/knZhcGdhkjPFPUFMbsisH/PCJXsHOZALekdXPQayRkrE/ADJEJgmjKRYvGqfF3Hmi8Tjt/r7xMBck/4PWOg1lrpQWJFyiXiXsfQd/OLpbrE12VfTxp8hTmLovbHqx/SNutNiaq3CztKqusTonzVc/M/4PbgurauisVkr7cjfBcC/wH6I3aCo7d3pNmYmvFESR/uLst3KAHYSnvSguuGl2suF9/rrxd/4e68SsA5Rz90cFa2lgwV/r3GmF8P9z0hhG18uaO9dcUpj/50fKPGQtyre57SwnEwJxBBA26/7rrM/1OXlYLNBBseLAXnptMhaP7i/fWyvW9SJqRcvWe7Fcq9jF/WMz0LOdNvtT29rU1Edx0j8fZ/r7/BrevImhCxDxDdlIRbe73V/4t9Ex68ICL8fF5vGgZ0sa/ikux8mVyzMYB52SSIuca3Y3/re7d_v/EDdO9sm1Yy01NMJNtNxO/PmigbBFjqxGny5HBPE7q7FKT/cBYy4Q8grpaxZcszWhXc5Cd/
/usr/libexec/xpcproxy
-
/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
/usr/libexec/xpcproxy
-
/usr/libexec/silhouette
/usr/libexec/silhouette
/usr/libexec/xpcproxy
-
/usr/libexec/firmwarecheckers/eficheck/eficheck
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name
IP
Malicious
http://josten-tortechnik.de/UlCnoRToZJ9HKuPEL8B7Yn0/Zu6OSoQkrQs2TBRj9b8G/1Q1JS3ZIMsr4MdogoPSmHhHBh/6Z/knZhcGdhkjPFPUFMbsisH/PCJXsHOZALekdXPQayRkrE/ADJEJgmjKRYvGqfF3Hmi8Tjt/r7xMBck/4PWOg1lrpQWJFyiXiXsfQd/OLpbrE12VfTxp8hTmLovbHqx/SNutNiaq3CztKqusTonzVc/M/4PbgurauisVkr7cjfBcC/wH6I3aCo7d3pNmYmvFESR/uLst3KAHYSnvSguuGl2suF9/rrxd/4e68SsA5Rz90cFa2lgwV/r3GmF8P9z0hhG18uaO9dcUpj/50fKPGQtyre57SwnEwJxBBA26/7rrM/1OXlYLNBBseLAXnptMhaP7i/fWyvW9SJqRcvWe7Fcq9jF/WMz0LOdNvtT29rU1Edx0j8fZ/r7/BrevImhCxDxDdlIRbe73V/4t9Ex68ICL8fF5vGgZ0sa/ikux8mVyzMYB52SSIuca3Y3/re7d_v/EDdO9sm1Yy01NMJNtNxO/PmigbBFjqxGny5HBPE7q7FKT/cBYy4Q8grpaxZcszWhXc5Cd/
https://www.sephora.com/profile/MyAccount_
unknown
https://myaccount.uscis.gov/users/registration/password_
unknown
https://www.dotloop.com/my/account/#/settings_
unknown
https://xhamster.com/password-recovery_
unknown
https://hotels.com/profile/settings.html_
unknown
https://myspace.com/settings/profile/email_
unknown
https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage_
unknown
https://allegro.pl/moje-allegro/moje-konto/logowanie-i-haslo_
unknown
https://customer.xfinity.com/users/me/update-password_
unknown
https://moncompte.lemonde.fr/gcustomer/account/password_
unknown
https://shein.com/user/security_
unknown
https://www.discogs.com/settings/user_
unknown
https://support.opentable.com/s/login/ForgotPassword?language=en_US_
unknown
https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/ChangePIN/Init_
unknown
https://www.amazon.com/ax/account/manage_
unknown
https://www.newsweek.com/contact_
unknown
https://www.birkenstock.com/profile_
unknown
https://id.sonyentertainmentnetwork.com/id/management/#/p/security_
unknown
https://www.nba.com/account/nbaprofile_
unknown
https://cloud.linode.com/profile/auth_
unknown
https://www.google.com/sorry/index?continue=https://www.google.com/&q=EgSaEMDhGNC67bgGIjBV-IZf196GjTCcBbX3FxQrSmKi6QHgpDCElRunpgdB90kLROvKvBkkaqVuR1qiO28yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
142.251.41.4
https://codepen.io/settings/account_
unknown
https://www.serasa.com.br/meus-dados/alterar-senha_
unknown
https://reg.usps.com/entreg/secure/ChangePasswordAction_input?returnActionName_
unknown
https://www.allrecipes.com/account/profile#/change-password_
unknown
https://www.google.com/js/bg/OKNjvDGeGEHvUuuoE-T6T1Pknx_vLPA0dwPiW09grss.js
142.251.41.4
https://pro.housecallpro.com/service_pro/account/reset_password_
unknown
https://user.manganelo.com/user_changes_pass_
unknown
https://www.dailymail.co.uk/registration/profile/change-password.html_
unknown
https://www.11st.co.kr/register/popupModifyPWD.tmall_
unknown
https://www.zulily.com/account/edit?rel=top_flyout_
unknown
https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105_
unknown
https://www.creditkarma.com/myprofile/security_
unknown
https://secure07ea.chase.com/web/auth/dashboard#/dashboard/myProfileSignInSecurity/resetPassword/res
unknown
https://account.magento.com/customer/account/changepassword_
unknown
https://profile.theguardian.com/reset_
unknown
https://reelgood.com/account_
unknown
https://dash.e.jimdo.com/profile_
unknown
https://go.com/profile/account-settings/edit_
unknown
https://genius.com/password_resets/new_
unknown
https://www.macys.com/account/profile?cm_sp=macys_account-_-my_account-_-my_profile&linklocation=lef
unknown
https://logowanie.pl.canalplus.com/zmien-haslo_
unknown
https://www.alternate.de/html/myAccount/account/basicData.html_
unknown
https://blend.io/settings_
unknown
https://www.aesop.com/my-account_
unknown
https://member.daum.net/change/password.daum_
unknown
https://myaccount.virginmobile.ca/MyProfile/Details/EditProfile?editField=PASSWORD_
unknown
https://mastercard.syf.com/login/reset_
unknown
https://www.google.com/favicon.ico
142.251.41.4
https://www.jcpenney.com/account/dashboard/personal/info_
unknown
https://worldstarhiphop.com/videos/reset.php_
unknown
https://www.shoop.de/einstellungen/benutzerdaten_
unknown
https://accounts.shopify.com/accounts/186490458/security_
unknown
https://app.carta.com/profiles/update/_
unknown
https://legacy.memoriams.com/Network/Account/ChangePassword_
unknown
https://profile.callofduty.com/cod/info_
unknown
https://blackwells.co.uk/bookshop/account/personal-details_
unknown
https://secure.hulu.com/account_
unknown
https://www.splunk.com/my-account/#/profile-details_
unknown
https://news.ycombinator.com/changepw_
unknown
https://classroom.udacity.com/settings/password_
unknown
https://pwrecovery.ruc.dk_
unknown
https://secure.ssa.gov/RIM/UpwdView.action_
unknown
https://www.ancestry.com/account/security/password_
unknown
https://key.harvard.edu/manage-account/change-password_
unknown
https://www.amazon.ca/ax/account/manage_
unknown
https://account.id.me/signin/password_
unknown
https://www.carnival.com/profilemanagement/profiles/changepassword_
unknown
https://thejigsawpuzzles.com/profile/?changepassword_
unknown
https://www.patreon.com/settings/account_
unknown
https://account.deere.com/actmgmt/change-password_
unknown
https://www.ikea.com/in/en/profile/dashboard/_
unknown
https://apps.anatel.gov.br/AnatelConsumidor/ConsumidorEditar.aspx_
unknown
https://www.safeway.com/customer-account/account-settings_
unknown
https://www.amazon.de/ax/account/manage_
unknown
https://www.cars.com/reset_password_
unknown
https://www.google.com/recaptcha/api.js
142.251.41.4
https://www.amazon.es/ax/account/manage_
unknown
https://www.zocdoc.com/patient/editprofile?section=Password_
unknown
https://www.apartments.com/my-account/#_
unknown
https://logonservices.iam.target.com/change-password/?target=#
unknown
https://www.aerlingus.com/html/user-profile.html_
unknown
https://www.dickssportinggoods.com/MyAccount/AccountSettings_
unknown
https://login.tmon.co.kr/user/info_
unknown
https://my.nextdns.io/account_
unknown
https://secure.indeed.com/account/changepassword_
unknown
https://www.temu.com/bgp_account_security.html_
unknown
https://imgur.com/account/settings/password_
unknown
https://my.norton.com/extspa/account/personalinfo_
unknown
https://account.proton.me/u/0/vpn/account-password_
unknown
https://www.espn.com/_
unknown
https://www.consumidor.gov.br/pages/usuario/editar_
unknown
https://www.nike.com/member/settings_
unknown
https://www.bathandbodyworks.com/my-account/edit-profile_
unknown
https://myvpostpay.verizon.com/ui/bill/secure/_
unknown
https://www.glassdoor.com/member/profile/settings.htm_
unknown
https://employeewe.bamboohr.com/dashboard/password.php_
unknown
https://login.yahoo.com/account/change-password_
unknown
https://www.pornhub.com/user/security_
unknown
https://www.cargurus.com/Cars/myAccount#/accountSettings_
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
www.google.com
142.251.41.4
appledownload.map.fastly.net
151.101.3.8
josten-tortechnik.de
207.174.2.88
h3.apis.apple.map.fastly.net
151.101.195.6

IPs

IP
Domain
Country
Malicious
207.174.2.88
josten-tortechnik.de
United States
151.101.3.8
appledownload.map.fastly.net
United States
151.101.131.6
unknown
United States
151.101.195.6
h3.apis.apple.map.fastly.net
United States
23.46.224.247
unknown
United States
142.251.41.4
www.google.com
United States
151.101.67.6
unknown
United States