IOC Report
https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii?utm_source=ext_app_menu

loading gif

Files

File Path
Type
Category
Malicious
/dev/null
ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/com.apple.scriptmanager2.le.cache
data
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsDirectory.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsObject.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/8EB6D6CA33837AFFBA55A8595CE0155D
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/9E40DD27309D746DADE8ED6CB423E8A6
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/AutoFillQuirks.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CacheSettings.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist
XML 1.0 document, ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/FDABE0B26A99EC6E79CF6AD56B0B2748
MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist
Apple binary property list
dropped
There are 4 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
-
/usr/bin/open
/usr/bin/open -a Safari https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii?utm_source=ext_app_menu
/usr/libexec/xpcproxy
-
/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
/usr/libexec/xpcproxy
-
/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
/usr/libexec/xpcproxy
-
/usr/libexec/silhouette
/usr/libexec/silhouette
/usr/libexec/xpcproxy
-
/usr/libexec/firmwarecheckers/eficheck/eficheck
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name
IP
Malicious
https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii?utm_source=ext_app_menu
https://www.sephora.com/profile/MyAccount_
unknown
https://xhamster.com/password-recovery_
unknown
https://hotels.com/profile/settings.html_
unknown
https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage_
unknown
https://allegro.pl/moje-allegro/moje-konto/logowanie-i-haslo_
unknown
https://customer.xfinity.com/users/me/update-password_
unknown
https://moncompte.lemonde.fr/gcustomer/account/password_
unknown
https://shein.com/user/security_
unknown
https://support.opentable.com/s/login/ForgotPassword?language=en_US_
unknown
https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/ChangePIN/Init_
unknown
https://www.amazon.com/ax/account/manage_
unknown
https://www.newsweek.com/contact_
unknown
https://chromewebstore.google.com/detail/scribe-ai-documentation-s/okfkdaglfjjjfefdcppliegebpoegaii?utm_source=ext_app_menu
142.251.41.14
https://www.birkenstock.com/profile_
unknown
https://id.sonyentertainmentnetwork.com/id/management/#/p/security_
unknown
https://www.nba.com/account/nbaprofile_
unknown
https://cloud.linode.com/profile/auth_
unknown
https://codepen.io/settings/account_
unknown
https://www.serasa.com.br/meus-dados/alterar-senha_
unknown
https://reg.usps.com/entreg/secure/ChangePasswordAction_input?returnActionName_
unknown
https://www.allrecipes.com/account/profile#/change-password_
unknown
https://user.manganelo.com/user_changes_pass_
unknown
https://www.dailymail.co.uk/registration/profile/change-password.html_
unknown
https://www.11st.co.kr/register/popupModifyPWD.tmall_
unknown
https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105_
unknown
https://www.creditkarma.com/myprofile/security_
unknown
https://secure07ea.chase.com/web/auth/dashboard#/dashboard/myProfileSignInSecurity/resetPassword/res
unknown
https://account.magento.com/customer/account/changepassword_
unknown
https://profile.theguardian.com/reset_
unknown
https://reelgood.com/account_
unknown
https://go.com/profile/account-settings/edit_
unknown
https://genius.com/password_resets/new_
unknown
https://www.macys.com/account/profile?cm_sp=macys_account-_-my_account-_-my_profile&linklocation=lef
unknown
https://logowanie.pl.canalplus.com/zmien-haslo_
unknown
https://www.alternate.de/html/myAccount/account/basicData.html_
unknown
https://blend.io/settings_
unknown
https://www.aesop.com/my-account_
unknown
https://member.daum.net/change/password.daum_
unknown
https://myaccount.virginmobile.ca/MyProfile/Details/EditProfile?editField=PASSWORD_
unknown
https://lh3.googleusercontent.com/4dYj41_hkCqxtNVmuXcf041z6vRxWSFCmNmlG6gtpHLVnkP_jNlFg2FerzIWD0SwFqfl5_E6AIS8yfp0ZDU25zAY=s275-w275-h175
142.250.176.193
https://mastercard.syf.com/login/reset_
unknown
https://www.jcpenney.com/account/dashboard/personal/info_
unknown
https://www.pearson.com/store/en-us/my-account/update-password_
unknown
https://worldstarhiphop.com/videos/reset.php_
unknown
https://www.shoop.de/einstellungen/benutzerdaten_
unknown
https://accounts.shopify.com/accounts/186490458/security_
unknown
https://app.carta.com/profiles/update/_
unknown
https://legacy.memoriams.com/Network/Account/ChangePassword_
unknown
https://profile.callofduty.com/cod/info_
unknown
https://blackwells.co.uk/bookshop/account/personal-details_
unknown
https://secure.hulu.com/account_
unknown
https://www.splunk.com/my-account/#/profile-details_
unknown
https://news.ycombinator.com/changepw_
unknown
https://classroom.udacity.com/settings/password_
unknown
https://pwrecovery.ruc.dk_
unknown
https://secure.ssa.gov/RIM/UpwdView.action_
unknown
https://www.ancestry.com/account/security/password_
unknown
https://key.harvard.edu/manage-account/change-password_
unknown
https://www.amazon.ca/ax/account/manage_
unknown
https://chromewebstore.google.com/_/ChromeWebStoreConsumerFeUi/browserinfo?f.sid=7340509268026040709&bl=boq_chrome-webstore-consumerfe-ui_20241002.06_p0&hl=en-US&soc-app=1&soc-platform=1&soc-device=1&_reqid=42585&rt=j
142.251.41.14
https://www.patreon.com/settings/account_
unknown
https://apps.anatel.gov.br/AnatelConsumidor/ConsumidorEditar.aspx_
unknown
https://www.amazon.de/ax/account/manage_
unknown
https://www.amazon.es/ax/account/manage_
unknown
https://www.zocdoc.com/patient/editprofile?section=Password_
unknown
https://www.apartments.com/my-account/#_
unknown
https://logonservices.iam.target.com/change-password/?target=#
unknown
https://www.aerlingus.com/html/user-profile.html_
unknown
https://www.dickssportinggoods.com/MyAccount/AccountSettings_
unknown
https://login.tmon.co.kr/user/info_
unknown
https://my.nextdns.io/account_
unknown
https://secure.indeed.com/account/changepassword_
unknown
https://www.temu.com/bgp_account_security.html_
unknown
https://imgur.com/account/settings/password_
unknown
https://account.proton.me/u/0/vpn/account-password_
unknown
https://www.espn.com/_
unknown
https://www.consumidor.gov.br/pages/usuario/editar_
unknown
https://www.nike.com/member/settings_
unknown
https://lh3.googleusercontent.com/a-/ALV-UjU7AHZT2FipakhtLruvfhvghXTT7hyFwwrFSR3ZVSmwrR15Rjlk=s48-w48-h48
142.250.176.193
https://www.bathandbodyworks.com/my-account/edit-profile_
unknown
https://myvpostpay.verizon.com/ui/bill/secure/_
unknown
https://www.glassdoor.com/member/profile/settings.htm_
unknown
https://www.amazon.com.mx/ax/account/manage_
unknown
https://login.yahoo.com/account/change-password_
unknown
https://www.pornhub.com/user/security_
unknown
https://www.cargurus.com/Cars/myAccount#/accountSettings_
unknown
https://www.prowlapp.com/settings.php_
unknown
https://www.aeon.co.jp/app/settings/profile/password/_
unknown
https://accounts.intuit.com/app/account-manager/security/password_
unknown
https://shop.tmz.com/user?show=account-tab_
unknown
https://lh3.googleusercontent.com/_9LWMUPoyETzQ1hkAsSpxwhD1AC1syk4RCZgv_HQehRjF_NflkwABPzjcrXkMdVbm9_95c2g0T-Au5hfHGVGyrMRkFo=s192-w192-h120
142.250.176.193
https://account.gmx.net/ciss/security/edit/passwordChange_
unknown
https://www.samsclub.com/account/personal-info?xid=hdr_account_change-password_
unknown
https://www.xvideos.com/account/security_
unknown
https://portal.edd.ca.gov/WebApp/Profile/UpdatePassword_
unknown
https://my.foxbusiness.com/?p=account_
unknown
https://selvbetjening.rejsekort.dk/CWS/CustomerManagement/ChangePassword_
unknown
https://www.meliuz.com.br/minha-conta/meus-dados/senha_
unknown
https://www.ventrachicago.com/account/manage-account/_
unknown
https://www.alliantcreditunion.com/OnlineBanking/Settings/AccessAndSecurity/ChangePassword.aspx_
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
chromewebstore.google.com
142.251.41.14
play.google.com
142.250.81.238
googlehosted.l.googleusercontent.com
142.250.176.193
lh3.googleusercontent.com
unknown

IPs

IP
Domain
Country
Malicious
142.250.81.238
play.google.com
United States
142.251.41.14
chromewebstore.google.com
United States
151.101.3.6
unknown
United States
23.46.224.247
unknown
United States
142.250.176.193
googlehosted.l.googleusercontent.com
United States