IOC Report
https://omgitsrxqxb.com/

loading gif

Files

File Path
Type
Category
Malicious
/dev/null
ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/com.apple.scriptmanager2.le.cache
data
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsDirectory.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsObject.db_
Mac OS X Keychain File
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 2)/AutoFillQuirks.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CacheSettings.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist
XML 1.0 document, ASCII text
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist
Apple binary property list
dropped
/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist
Apple binary property list
dropped

Processes

Path
Cmdline
Malicious
/usr/libexec/xpcproxy
-
/usr/libexec/nsurlstoraged
/usr/libexec/nsurlstoraged --privileged
/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
-
/usr/bin/open
/usr/bin/open -a Safari https://omgitsrxqxb.com/
/usr/libexec/xpcproxy
-
/Applications/Safari.app/Contents/MacOS/Safari
/Applications/Safari.app/Contents/MacOS/Safari
/usr/libexec/xpcproxy
-
/usr/libexec/silhouette
/usr/libexec/silhouette
/usr/libexec/xpcproxy
-
/usr/libexec/firmwarecheckers/eficheck/eficheck
/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name
IP
Malicious
https://omgitsrxqxb.com/
https://www.sephora.com/profile/MyAccount_
unknown
https://myaccount.uscis.gov/users/registration/password_
unknown
https://www.dotloop.com/my/account/#/settings_
unknown
https://xhamster.com/password-recovery_
unknown
https://hotels.com/profile/settings.html_
unknown
https://myspace.com/settings/profile/email_
unknown
https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage_
unknown
https://allegro.pl/moje-allegro/moje-konto/logowanie-i-haslo_
unknown
https://customer.xfinity.com/users/me/update-password_
unknown
https://moncompte.lemonde.fr/gcustomer/account/password_
unknown
https://shein.com/user/security_
unknown
https://www.discogs.com/settings/user_
unknown
https://support.opentable.com/s/login/ForgotPassword?language=en_US_
unknown
https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/ChangePIN/Init_
unknown
https://www.amazon.com/ax/account/manage_
unknown
https://www.newsweek.com/contact_
unknown
https://www.birkenstock.com/profile_
unknown
https://id.sonyentertainmentnetwork.com/id/management/#/p/security_
unknown
https://www.nba.com/account/nbaprofile_
unknown
https://cloud.linode.com/profile/auth_
unknown
https://codepen.io/settings/account_
unknown
https://www.serasa.com.br/meus-dados/alterar-senha_
unknown
https://reg.usps.com/entreg/secure/ChangePasswordAction_input?returnActionName_
unknown
https://www.allrecipes.com/account/profile#/change-password_
unknown
https://pro.housecallpro.com/service_pro/account/reset_password_
unknown
https://user.manganelo.com/user_changes_pass_
unknown
https://www.dailymail.co.uk/registration/profile/change-password.html_
unknown
https://www.11st.co.kr/register/popupModifyPWD.tmall_
unknown
https://www.zulily.com/account/edit?rel=top_flyout_
unknown
https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105_
unknown
https://www.creditkarma.com/myprofile/security_
unknown
https://secure07ea.chase.com/web/auth/dashboard#/dashboard/myProfileSignInSecurity/resetPassword/res
unknown
https://account.magento.com/customer/account/changepassword_
unknown
https://profile.theguardian.com/reset_
unknown
https://reelgood.com/account_
unknown
https://dash.e.jimdo.com/profile_
unknown
https://go.com/profile/account-settings/edit_
unknown
https://genius.com/password_resets/new_
unknown
https://www.macys.com/account/profile?cm_sp=macys_account-_-my_account-_-my_profile&linklocation=lef
unknown
https://logowanie.pl.canalplus.com/zmien-haslo_
unknown
https://www.alternate.de/html/myAccount/account/basicData.html_
unknown
https://blend.io/settings_
unknown
https://www.aesop.com/my-account_
unknown
https://member.daum.net/change/password.daum_
unknown
https://myaccount.virginmobile.ca/MyProfile/Details/EditProfile?editField=PASSWORD_
unknown
https://mastercard.syf.com/login/reset_
unknown
https://www.jcpenney.com/account/dashboard/personal/info_
unknown
https://worldstarhiphop.com/videos/reset.php_
unknown
https://www.shoop.de/einstellungen/benutzerdaten_
unknown
https://accounts.shopify.com/accounts/186490458/security_
unknown
https://app.carta.com/profiles/update/_
unknown
https://legacy.memoriams.com/Network/Account/ChangePassword_
unknown
https://profile.callofduty.com/cod/info_
unknown
https://blackwells.co.uk/bookshop/account/personal-details_
unknown
https://secure.hulu.com/account_
unknown
https://www.splunk.com/my-account/#/profile-details_
unknown
https://news.ycombinator.com/changepw_
unknown
https://classroom.udacity.com/settings/password_
unknown
https://pwrecovery.ruc.dk_
unknown
https://secure.ssa.gov/RIM/UpwdView.action_
unknown
https://www.ancestry.com/account/security/password_
unknown
https://key.harvard.edu/manage-account/change-password_
unknown
https://www.amazon.ca/ax/account/manage_
unknown
https://account.id.me/signin/password_
unknown
https://omgitsrxqxb.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
104.21.77.60
https://www.carnival.com/profilemanagement/profiles/changepassword_
unknown
https://omgitsrxqxb.com/cdn-cgi/challenge-platform/h/g/jsd/r/8da100c22d34d0a7
104.21.77.60
https://thejigsawpuzzles.com/profile/?changepassword_
unknown
https://www.patreon.com/settings/account_
unknown
https://account.deere.com/actmgmt/change-password_
unknown
https://www.ikea.com/in/en/profile/dashboard/_
unknown
https://apps.anatel.gov.br/AnatelConsumidor/ConsumidorEditar.aspx_
unknown
https://www.safeway.com/customer-account/account-settings_
unknown
https://www.amazon.de/ax/account/manage_
unknown
https://www.cars.com/reset_password_
unknown
https://www.amazon.es/ax/account/manage_
unknown
https://www.zocdoc.com/patient/editprofile?section=Password_
unknown
https://www.apartments.com/my-account/#_
unknown
https://logonservices.iam.target.com/change-password/?target=#
unknown
https://www.aerlingus.com/html/user-profile.html_
unknown
https://www.dickssportinggoods.com/MyAccount/AccountSettings_
unknown
https://login.tmon.co.kr/user/info_
unknown
https://my.nextdns.io/account_
unknown
https://secure.indeed.com/account/changepassword_
unknown
https://www.temu.com/bgp_account_security.html_
unknown
https://imgur.com/account/settings/password_
unknown
https://my.norton.com/extspa/account/personalinfo_
unknown
https://account.proton.me/u/0/vpn/account-password_
unknown
https://www.espn.com/_
unknown
https://www.consumidor.gov.br/pages/usuario/editar_
unknown
https://www.nike.com/member/settings_
unknown
https://www.bathandbodyworks.com/my-account/edit-profile_
unknown
https://myvpostpay.verizon.com/ui/bill/secure/_
unknown
https://www.glassdoor.com/member/profile/settings.htm_
unknown
https://employeewe.bamboohr.com/dashboard/password.php_
unknown
https://login.yahoo.com/account/change-password_
unknown
https://www.pornhub.com/user/security_
unknown
https://www.cargurus.com/Cars/myAccount#/accountSettings_
unknown
https://www.prowlapp.com/settings.php_
unknown
https://www.aeon.co.jp/app/settings/profile/password/_
unknown
There are 90 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
omgitsrxqxb.com
104.21.77.60
appledownload.map.fastly.net
151.101.195.8

IPs

IP
Domain
Country
Malicious
104.21.77.60
omgitsrxqxb.com
United States
151.101.195.8
appledownload.map.fastly.net
United States
151.101.195.6
unknown
United States
23.46.224.247
unknown
United States
151.101.67.6
unknown
United States