Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
|
URL
|
initial url
|
 |
|
|
/Users/berri/Library/Safari/.dat.nosync0210.8kfcUv
|
Apple binary property list
|
dropped
|
 |
|
|
/Users/berri/Library/Safari/.dat.nosync0210.bKXvUw
|
XML 1.0 document, ASCII text
|
dropped
|
|
|
|
/Users/berri/Library/Safari/Favicon Cache/favicons/.dat.nosync0210.t7NkvP
|
MS Windows icon resource - 6 icons, 256x256 withPNG image data, 256 x 256, 8-bit/color RGB, non-interlaced, 32 bits/pixel,
128x128, 32 bits/pixel
|
dropped
|
|
|
|
/dev/null
|
ASCII text
|
dropped
|
|
|
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync0210.Is8mxg
|
Apple binary property list
|
dropped
|
|
|
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_
|
Mac OS X Keychain File
|
dropped
|
|
|
|
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_
|
Mac OS X Keychain File
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/usr/libexec/xpcproxy
|
n/a
|
|
|
|
/Applications/Safari.app/Contents/MacOS/Safari
|
/Applications/Safari.app/Contents/MacOS/Safari
|
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://sparkasse.corona-umstellungsverfahren-de.com/ALC81OPACG
|
unknown
|
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
sparkasse.corona-umstellungsverfahren-de.com
|
47.243.138.168
|
|
|
|
dart.l.doubleclick.net
|
172.217.16.102
|
|
|
|
pagead46.l.doubleclick.net
|
142.250.181.226
|
|
|
|
static.rheinturm.de
|
85.13.148.189
|
|
|
|
stats.l.doubleclick.net
|
142.250.27.154
|
|
|
|
gateway.fe.apple-dns.net
|
17.248.145.74
|
|
|
|
a97adde81b00f2ca4.awsglobalaccelerator.com
|
13.248.242.197
|
|
|
|
cm.g.doubleclick.net
|
172.217.20.2
|
|
|
|
pixelglobal.sojern.com
|
107.178.244.119
|
|
|
|
ib.anycast.adnxs.com
|
185.33.221.90
|
|
|
|
kubernetes-loadbalancer.triptease.io
|
35.186.195.233
|
|
|
|
static.triptease.io
|
unknown
|
|
|
|
pixel.sojern.com
|
unknown
|
|
|
|
ad.doubleclick.net
|
unknown
|
|
|
|
onboard.triptease.io
|
unknown
|
|
|
|
adservice.google.de
|
unknown
|
|
|
|
stats.g.doubleclick.net
|
unknown
|
|
|
|
beacon.sojern.com
|
unknown
|
|
|
|
x1.c.lencr.org
|
unknown
|
|
|
|
api.triptease.io
|
unknown
|
|
|
|
ib.adnxs.com
|
unknown
|
|
|
|
r3.o.lencr.org
|
unknown
|
|
|
|
match.adsrvr.org
|
unknown
|
|
There are 13 hidden domains, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
47.243.138.168
|
sparkasse.corona-umstellungsverfahren-de.com
|
United States
|
|
|
|
185.33.221.90
|
ib.anycast.adnxs.com
|
Netherlands
|
|
|
|
107.178.244.119
|
pixelglobal.sojern.com
|
United States
|
|
|
|
13.248.242.197
|
a97adde81b00f2ca4.awsglobalaccelerator.com
|
United States
|
|
|
|
17.253.55.204
|
unknown
|
United States
|
|
|
|
17.248.145.74
|
gateway.fe.apple-dns.net
|
United States
|
|
|
|
104.76.200.212
|
unknown
|
United States
|
|
|
|
85.13.148.189
|
static.rheinturm.de
|
Germany
|
|
|
|
172.217.16.102
|
dart.l.doubleclick.net
|
United States
|
|
|
|
142.250.27.154
|
stats.l.doubleclick.net
|
United States
|
|
|
|
17.171.27.65
|
unknown
|
United States
|
|
|
|
35.186.195.233
|
kubernetes-loadbalancer.triptease.io
|
United States
|
|
|
|
172.217.20.2
|
cm.g.doubleclick.net
|
United States
|
|
There are 3 hidden IPs, click here to show them.