Edit tour

macOS Analysis Report
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505

Overview

General Information

Sample URL:	http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505
Analysis ID:	1349687
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Writes 64-bit Mach-O files to disk

Reads launchservices plist files

Classification

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1349687
Start date and time:	2023-11-29 04:50:35 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505
Analysis system description:	Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.13
CPU architecture:	x86_64
Analysis Mode:	default
Detection:	MAL
Classification:	mal56.mac@0/10@4/0

Warnings

Excluded IPs from analysis (whitelisted): 34.202.64.211, 23.194.109.150, 3.73.173.154, 142.250.65.202, 17.253.3.199, 17.253.3.204, 23.44.233.108, 17.253.3.206, 17.253.3.198, 17.253.97.205, 17.253.97.203, 17.253.97.206
Excluded domains from analysis (whitelisted): e11408.d.akamaiedge.net, ocsp-a.g.aaplimg.com, gateway.icloud.com, crl.apple.com, valid.apple.com, safebrowsing.googleapis.com, help.apple.com, api-glb-aeuc1b.smoot.apple.com, smoot-searchv2-aeuc1b.v.aaplimg.com, cds-cdn.v.aaplimg.com, cds.apple.com.akadns.net, e673.dsce9.akamaiedge.net, cds.apple.com, help-ar.apple.com.edgekey.net, crl.g.aaplimg.com, api.smoot.apple.com, bag-smoot.v.aaplimg.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, ocsp-lb.apple.com.akadns.net, configuration.apple.com, ocsp.apple.com, valid.origin-apple.com.akadns.net, help.origin-apple.com.akadns.net, valid-apple.g.aaplimg.com, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, world-gen.g.aaplimg.com
Report size getting too big, too many PREAD calls found.

Process Tree

System is macvm-highsierra

mono-sgen32 New Fork (PID: 893, Parent: 825)

open (MD5: 40ed6d8f35c9f20484b97582d296398f) Arguments:

xpcproxy New Fork (PID: 894, Parent: 1)

Safari (MD5: 8e18be737fe87f19fe7a97b4821e2005) Arguments: /Applications/Safari.app/Contents/MacOS/Safari

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505

Avira URL Cloud: detection malicious, Label: phishing

Multi AV Scanner detection for submitted file

Source: http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505

Virustotal: Detection: 14%

Perma Link

Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.90.46.36:443 -> 192.168.11.11:49389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.32.28.133:443 -> 192.168.11.11:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.32.28.133:443 -> 192.168.11.11:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49414 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49415 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49420 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.64:443 -> 192.168.11.11:49421 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.64:443 -> 192.168.11.11:49422 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: www.tropbikewall.art

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49422
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49420
Source: unknown	Network traffic detected: HTTP traffic on port 49414 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49382
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49417
Source: unknown	Network traffic detected: HTTP traffic on port 49382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49414
Source: unknown	Network traffic detected: HTTP traffic on port 49415 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49390
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49390 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49389 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49421 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.3.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.144.29
Source: unknown	TCP traffic detected without corresponding DNS query: 17.253.3.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.48.144.29
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000b25b01d78bfe1106b4368ef6d76fd74b1129-202311-flb5706540-e4d07M7306521088920387799sl_5706540-e4d07b3d8f2a0d720c76d6c6be3e8f77b43ca5be3b8ec21505-85fb5adz21505 HTTP/1.1Host: admoustache.media-412.comUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735 HTTP/1.1Host: yisparoturm.comUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /assets/js/backlink_back_button.js HTTP/1.1Host: yisparoturm.comAccept: /Connection: keep-aliveCookie: _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002160353437482%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22US%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22netcalibre+ltd%22%3Bs%3A5%3A%22_time%22%3Bi%3A1701229896%3B%7D; redirect_user_data=%7B%22country%22%3A%22US%22%2C%22city%22%3Anull%2C%22isp%22%3A%22netcalibre+ltd%22%2C%22netspeed%22%3A%22%22%7DUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735Accept-Encoding: br, gzip, deflate
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: yisparoturm.comAccept: /Connection: keep-aliveCookie: _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002160353437482%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22US%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22netcalibre+ltd%22%3Bs%3A5%3A%22_time%22%3Bi%3A1701229896%3B%7D; redirect_user_data=%7B%22country%22%3A%22US%22%2C%22city%22%3Anull%2C%22isp%22%3A%22netcalibre+ltd%22%2C%22netspeed%22%3A%22%22%7DUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735Accept-Encoding: br, gzip, deflate
Source: global traffic	HTTP traffic detected: GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505 HTTP/1.1Host: www.tropbikewall.artUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=859a4b250a94b682eb45cadd06bede1f&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef= HTTP/1.1Host: www.tropbikewall.artUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive
Source: global traffic	HTTP traffic detected: GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=3&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef= HTTP/1.1Host: www.tropbikewall.artUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive

Source: .dat.nosync037e.ES4T9e.248.dr

String found in binary or memory: https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=656

Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49382 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 34.90.46.36:443 -> 192.168.11.11:49389 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.32.28.133:443 -> 192.168.11.11:49390 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.32.28.133:443 -> 192.168.11.11:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49393 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49414 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49415 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.65:443 -> 192.168.11.11:49420 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.64:443 -> 192.168.11.11:49421 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.64:443 -> 192.168.11.11:49422 version: TLS 1.2

Source: classification engine

Classification label: mal56.mac@0/10@4/0

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-5n0lvO	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-NCZBKc	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-A9pAYC	Jump to dropped file

Source: /usr/bin/open (PID: 893)

Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plist

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)

Random device file read: /dev/urandom

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	Binary plist file created: /Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync037e.wjC7SF	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	Binary plist file created: /Users/berri/Library/Safari/.dat.nosync037e.ES4T9e	Jump to dropped file

Source: /usr/bin/open (PID: 893)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 894)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	11 System Information Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	3 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	100%	Avira URL Cloud	phishing
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	14%	Virustotal		Browse

Name	IP	Active	Malicious	Reputation
gateway.fe.apple-dns.net	17.248.199.65	true	false	unknown
tropbikewall.art	51.68.82.147	true	false	unknown
admoustache.media-412.com	34.90.46.36	true	false	unknown
yisparoturm.com	185.32.28.133	true	false	unknown
www.tropbikewall.art	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://yisparoturm.com/favicon.ico	false	unknown
https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000b25b01d78bfe1106b4368ef6d76fd74b1129-202311-flb5706540-e4d07M7306521088920387799sl_5706540-e4d07b3d8f2a0d720c76d6c6be3e8f77b43ca5be3b8ec21505-85fb5adz21505	false	unknown
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=859a4b250a94b682eb45cadd06bede1f&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef=	false	unknown
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505	true	unknown
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=3&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef=	false	unknown
https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735	false	unknown
https://yisparoturm.com/assets/js/backlink_back_button.js	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=656	.dat.nosync037e.ES4T9e.248.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
51.68.81.31	unknown	France	16276	OVHFR	false
34.90.46.36	admoustache.media-412.com	United States	15169	GOOGLEUS	false
185.32.28.133	yisparoturm.com	Spain	15699	AS_ADAMAdamDatacenterES	false
23.48.144.29	unknown	United States	20940	AKAMAI-ASN1EU	false
51.68.82.147	tropbikewall.art	France	16276	OVHFR	false

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	2285
Entropy (8bit):	7.587204362620109
Encrypted:	false
SSDEEP:	48:E3NmrFCfoTlg9MjBGAHSvO5CsL2rhUg3ihOb3b6fN16Cz0zV4kqKC+j9:zkEAOBG9m5CsL2Sg3iEr6VcCO/qKH9
MD5:	53D912A8DC96B52DF19E3A16DF589301
SHA1:	0DD8DB77C82D7CC02421675E0410F7CB0D3B4284
SHA-256:	58E90B9775FB6132DB5098FD3CF4BAD03F232D7344E80E044693F85B8CDD399D
SHA-512:	BCFDD0D833B9D79EAA0B028AE2EF09792EC2AF15EC1A1640B405350D5B77D9519719E7CA45677648E810195639D9BC3BD5ECF826303116D26C43408F10E6EE78
Malicious:	false
Reputation:	low
Preview:	bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A.vlEE.....S2.0_.$F69D21F8-5085-4E65-870E-36DBCC89D380_..{{0, 52}, {1024, 693}}.... !."#.$%&'().,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O.......L_i....>.}....c..9.V....o../t.4..\|?.........~N>..Z.f......qO....lc...C.o.H......9{.\1.E89..74(.)....I.....9..X.2.}(.$v~..qJ.(.0..~<..QR...;.<.m.....0....UGr...N..E..L.ix.I..)-U.[....5.......tW....3E...aV......Z../..........~Tw.Q...sf...../.~..9..-.._{.S.:.'.zJ......!.....E.....P.u2.~/.r.b.{..p....^........xh....[.p)..W..s....hFT[>A.=At....AU....{Qcd..*$.^.. ...d ....T.....\..P..%

/Users/berri/Library/Safari/Favicon Cache/favicons/.dat.nosync037e.TceAgM

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel
Category:	dropped
Size (bytes):	318
Entropy (8bit):	0.8963966141629544
Encrypted:	false
SSDEEP:	3:8zNa/XllvlNl/AXll/llll//555555555555555n:8zE/4555555555555555n
MD5:	0EB6A3E58FB0F61F080BFD48D9BE4A2D
SHA1:	669802179243BD9C47AAE26D03090F5F8E40A015
SHA-256:	3755ED10FAE26AF17E06F7FF740B9138C0F6B47B524D6BBBAAE98F999433E1EA
SHA-512:	E4574BC23DB8693D92C7BD67D80B50D47BE2962113D26131D667196C9953E83DDFFE891B303AB2FBF07419C9B8D958900B958BC2106E330E1B91DB5D7D6120FB
Malicious:	false
Reputation:	low
Preview:	..............(.......(....... ...............................................................................................................................................................................................................................................................................................

/Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1075
Entropy (8bit):	5.7450058766332495
Encrypted:	false
SSDEEP:	24:Ssx+XBs6DRXomE1Se+XBSs6cXaoBz9vH+XBSs6DRX4VpBmgKkuEoi7:SkGs6lEIeKSs68vHKSs6QUgYvU
MD5:	003B42D1FA50E867C4216138BF3F89DB
SHA1:	49C6E34233B01046D5AF146555617CBBC11AAD10
SHA-256:	B9B3C91F964FCFEBBCCD57ECD9BBF722C2EE555E454364B627336FC5FEF08BE5
SHA-512:	015C24958FC79BB6CB68CF77682F38D2C370CC8C9127BED38EB1D715EE08606C4FE275E7D085062D1C1EFAEB317788DAA5FD90EDAAE916216F7ABFF2EC54CCA3
Malicious:	false
Reputation:	low
Preview:	bplist00.......)C^operatingDates_..browsingStatistics_..endOfGrandfatheringTimestampWversion.....Tdate#A.Y....... 0................._..PrevalentResourceOrigin_..mostRecentUserInteractionXlastSeen]grandfathered_..isPrevalentResource_..subresourceUnderTopFrameOrigins_..hadUserInteraction_..dataRecordsRemoved_..yisparoturm.com#........#A.Y.L............VoriginUcount_..tropbikewall.art......!".#$%&'(.)...-._..PrevalentResourceOrigin_..mostRecentUserInteraction]grandfathered_..isPrevalentResource_..hadUserInteraction_..subresourceUniqueRedirectsTo_..dataRecordsRemoved_..tropbikewall.art#................/.]media-412.com.12.3456789....<.@._..PrevalentResourceOrigin_..mostRecentUserInteraction]grandfathered_..isPrevalentResource_..subresourceUnderTopFrameOrigins_..hadUserInteraction_..subresourceUniqueRedirectsTo_..dataRecordsRemoved]media-412.com...=...>._..tropbikewall.art..A...B._..yisparoturm.com....... .5.T.\.^.a.f.o.s.................3.E.N.W.X.Y.[.`.g.m.....................$.9.L.U.V.W.X.

/dev/null

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	ASCII text
Category:	dropped
Size (bytes):	661
Entropy (8bit):	5.298582318871965
Encrypted:	false
SSDEEP:	12:k4F1p1o/L5p1o/L8Wp1o/Lpxp1o/LRp1o/LW:Jbpg5pgZpgpxpgRpgW
MD5:	06B71239F205EA7C6A295EC9D8747844
SHA1:	DC7D76BA7F3DF01EEE8949B39606FADC21F1655A
SHA-256:	1D1C36222C6A5A036BC3947611A9F86D61A95BEE3885F3BEECD07D9E65659769
SHA-512:	FBD3566FC9331A715C44D58E6A47DE86F80D3FC1B8B2E23DA2918AD3D4220052654AA4456F15C9605C5CFF93D4C535531CC9500AE7D976807014F3887D9898AD
Malicious:	false
Reputation:	low
Preview:	2023-11-29 04:51:33.477 Safari[894:6453] ApplePersistence=NO.2023-11-29 04:51:34.787 Safari[894:6465] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-11-29 04:51:35.219 Safari[894:6456] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-11-29 04:51:36.101 Safari[894:6473] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-11-29 04:51:37.601 Safari[894:6455] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-11-29 04:51:37.923 Safari[894:6454] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync037e.wjC7SF

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.9370658315190226
Encrypted:	false
SSDEEP:	3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
MD5:	CDC65B5F112547EAFAE0F16F9C149426
SHA1:	AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
SHA-256:	1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
SHA-512:	E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
Malicious:	false
Reputation:	low
Preview:	bplist00..._..ExtensionArchivesExtracted...(...............................)

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mac OS X Keychain File
Category:	dropped
Size (bytes):	48908
Entropy (8bit):	3.533948990143748
Encrypted:	false
SSDEEP:	384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/
MD5:	09070E01FA6ED1973D94FAD50C35E3ED
SHA1:	7546663E66F9889EE3365A7A0BE372300C6022CA
SHA-256:	2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F
SHA-512:	621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3
Malicious:	false
Reputation:	low
Preview:	kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mac OS X Keychain File
Category:	dropped
Size (bytes):	4404
Entropy (8bit):	3.5113078915037033
Encrypted:	false
SSDEEP:	48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX
MD5:	D487F899A14AE98519B46D51BC810F1B
SHA1:	64877ECFBE47ED66EED545B2449BBE8B22B775D0
SHA-256:	4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D
SHA-512:	EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40
Malicious:	false
Reputation:	low
Preview:	kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....

/private/var/tmp/NSCreateObjectFileImageFromMemory-5n0lvO

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL>
Category:	dropped
Size (bytes):	4780
Entropy (8bit):	5.78784933687558
Encrypted:	false
SSDEEP:	96:xav2J2yfQoIeVyCxVaBHlZF/jllllllllKflPz5w65:keJ2OQYTTarllllllllKflT
MD5:	6903FFA70C6EF8F2493E3E49101C694D
SHA1:	B70A5F8C3F48BB2251B114500DFFF1CCCE72D966
SHA-256:	633CEE31BFBF56590F6B62891CD0CB55264FD0F01E183036D8E3556B9EFF72D5
SHA-512:	2A8A297AEE0F285EAA494BA5B731D023BF6438E207B83495FF490EB67BE3D9B4E887F91680761E759973D9FEC782B9E0CEC7E1957C4E794739A0DF90E2346D87
Malicious:	false
Reputation:	low
Preview:	.................... ...............(...__TEXT..........................................................__text..........__TEXT..................[.......................................__const.........__TEXT..........`.......@.......`...............................__literal4......__TEXT..........................................................__compact_unwind__LD....................@.......................................__eh_frame......__TEXT..................h..........................h............__opencl........__TEXT..........P...............P...................................H...__LINKEDIT................................................................P/^(G....@.`.."...0.......................................h...........h...................P...................................................................................................................................................................................................................................................

/private/var/tmp/NSCreateObjectFileImageFromMemory-A9pAYC

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL>
Category:	dropped
Size (bytes):	4752
Entropy (8bit):	5.761647040683616
Encrypted:	false
SSDEEP:	96:xKvjeoJ2eQIMA1EVQvOsD1cbY2vF/jllllllllKflNJz5w6w:0dJ2eQpMtxmvrllllllllKfly
MD5:	1D6F449D22D11E760495CE85C933ADF8
SHA1:	D77F5B05549E51310D0C96347482178EBD23C476
SHA-256:	BEF505FE1329E19B4AF2FFFD868C753A0824B96FB4531BD106C810D96EFB1D94
SHA-512:	4A9F4BD053BC5069625D60DDD3E1225E01FCE6B31824C35A12D7CAFAC2AD9BF79EE7785A6860E5549836970D8A4C7968355EC715C652EE1C771EDD9D9D1616A6
Malicious:	false
Reputation:	low
Preview:	.................... ...............(...__TEXT..........................................................__text..........__TEXT..................k.......................................__const.........__TEXT..................@.......................................__literal4......__TEXT..........................................................__compact_unwind__LD....................@.......................................__eh_frame......__TEXT..................h..........................h............__opencl........__TEXT..........p...............p...................................H...__LINKEDIT...............................................................{..T@_.d...a.C"...0.......................................X...........X...................P...................................................................................................................................................................................................................................................

/private/var/tmp/NSCreateObjectFileImageFromMemory-NCZBKc

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS\|DYLDLINK\|TWOLEVEL>
Category:	dropped
Size (bytes):	17444
Entropy (8bit):	4.344603756433635
Encrypted:	false
SSDEEP:	384:w7jJcXgiRVP7J3AMqLllllllKfllJlROW:wna13AMqAOW
MD5:	4B4ABE034F475E3264ACBB94B570CF91
SHA1:	4421BB6E148938DAA309F421EAEA52D8E85483C3
SHA-256:	677F8C9920790DEC6A2A270BDB2D2665D9FECF76060B8443C4381CD583FA0AA4
SHA-512:	AFB0CAAB7D6568B1CC79410BE1B4CC9300AADB672568FC537D27203990492864815B31DBAD9313FAEB3FEC6E99560878DAF1F27B4A7F5493804AC346C6C20D1B
Malicious:	false
Reputation:	low
Preview:	........................................__TEXT...................0...............0......................__text..........__TEXT..........P...............P...............................__const.........__TEXT...........(......P........(..............................__literal4......__TEXT..........0+..............0+..............................__compact_unwind__LD............H+......@.......H+..............................__eh_frame......__TEXT...........+......h........+.................h............__symbol_stub1..__TEXT...........+...............+..............................__stub_helper...__TEXT...........+...............+..............................__opencl........__TEXT...........,...............,......................................__DATA...........0...............0..............................__nl_symbol_ptr.__DATA...........0...............0..............................__la_symbol_ptr.__DATA...........0...............0..................................H...__LINKEDIT......

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2023 04:51:36.314935923 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:36.315031052 CET	443	49382	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:36.315622091 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:36.372999907 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:36.373092890 CET	443	49382	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:36.582833052 CET	443	49382	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:36.583652973 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:36.583652973 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:36.843117952 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:36.843394995 CET	443	49382	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:36.843933105 CET	49382	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:38.066168070 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.168673038 CET	49387	80	192.168.11.11	51.68.81.31
Nov 29, 2023 04:51:38.243396044 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.244611025 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.246959925 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.348287106 CET	80	49387	51.68.81.31	192.168.11.11
Nov 29, 2023 04:51:38.349066019 CET	49387	80	192.168.11.11	51.68.81.31
Nov 29, 2023 04:51:38.423337936 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.423455000 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.423516989 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.423573017 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.423621893 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.423666954 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.425333977 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.425333977 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.425432920 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.425898075 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.564529896 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.750056982 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.751070976 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.771903992 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:38.949354887 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:51:38.950095892 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:51:39.088089943 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.088198900 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.088840008 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.089402914 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.089473009 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.453231096 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.454077959 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.454390049 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.477885008 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.477936029 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.478562117 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.479209900 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.480079889 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.520713091 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.794291019 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.794652939 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:39.794954062 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.795176029 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.798106909 CET	49389	443	192.168.11.11	34.90.46.36
Nov 29, 2023 04:51:39.798177004 CET	443	49389	34.90.46.36	192.168.11.11
Nov 29, 2023 04:51:40.007796049 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.007884979 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.008558989 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.009639978 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.009705067 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.639252901 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.640228987 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.640228987 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.652657032 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.652757883 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.653826952 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.654608965 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.655580997 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.696718931 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.884231091 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.884329081 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.884557962 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.886254072 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.886321068 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.886589050 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.886589050 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.886846066 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.887896061 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.887994051 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.888345003 CET	49390	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.888406038 CET	443	49390	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.945861101 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.946014881 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:40.946682930 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.947473049 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:40.947547913 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.557868004 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.558438063 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.558945894 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.558993101 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.559406996 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.559454918 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.745152950 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.745541096 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.745754957 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.751605034 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.752023935 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.752041101 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.752614021 CET	49391	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.752630949 CET	443	49391	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.968637943 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.968749046 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:41.969419956 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.969798088 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:41.969861984 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.338356972 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.338454008 CET	443	49393	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:42.339225054 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.340331078 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.340390921 CET	443	49393	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:42.364438057 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.365959883 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.366170883 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.377816916 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.377882957 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.378921986 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.379574060 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.380183935 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.424680948 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.550390959 CET	443	49393	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:42.551248074 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.551280975 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.551417112 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.574395895 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.574534893 CET	443	49393	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:42.574986935 CET	443	49393	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:42.575123072 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.575355053 CET	49393	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:42.765513897 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.765711069 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:42.766199112 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.766287088 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.768543005 CET	49392	443	192.168.11.11	185.32.28.133
Nov 29, 2023 04:51:42.768619061 CET	443	49392	185.32.28.133	192.168.11.11
Nov 29, 2023 04:51:53.042408943 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.042532921 CET	443	49414	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.043193102 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.044517994 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.044595003 CET	443	49414	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.259315968 CET	443	49414	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.260468960 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.260468960 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.278191090 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.278472900 CET	443	49414	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.279088974 CET	49414	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.326174021 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.326303005 CET	443	49415	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.327125072 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.328200102 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.328308105 CET	443	49415	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.542464972 CET	443	49415	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.543436050 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.543497086 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.567688942 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.567970037 CET	443	49415	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.568767071 CET	443	49415	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:53.568922997 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:53.569366932 CET	49415	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.143907070 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.143970013 CET	443	49417	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:59.144584894 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.150697947 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.150751114 CET	443	49417	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:59.371112108 CET	443	49417	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:59.372267008 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.372267008 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.372709036 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.443406105 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.443706036 CET	443	49417	17.248.199.65	192.168.11.11
Nov 29, 2023 04:51:59.444355011 CET	49417	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:51:59.695924997 CET	49375	80	192.168.11.11	17.253.3.196
Nov 29, 2023 04:51:59.696106911 CET	49376	80	192.168.11.11	23.48.144.29
Nov 29, 2023 04:51:59.793633938 CET	80	49375	17.253.3.196	192.168.11.11
Nov 29, 2023 04:51:59.793684959 CET	80	49376	23.48.144.29	192.168.11.11
Nov 29, 2023 04:51:59.794328928 CET	49375	80	192.168.11.11	17.253.3.196
Nov 29, 2023 04:51:59.794553995 CET	49376	80	192.168.11.11	23.48.144.29
Nov 29, 2023 04:52:09.922013998 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:09.922133923 CET	443	49420	17.248.199.65	192.168.11.11
Nov 29, 2023 04:52:09.922929049 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:09.924479961 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:09.924540997 CET	443	49420	17.248.199.65	192.168.11.11
Nov 29, 2023 04:52:10.138343096 CET	443	49420	17.248.199.65	192.168.11.11
Nov 29, 2023 04:52:10.139028072 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:10.139086962 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:10.139707088 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:10.212479115 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:10.212779045 CET	443	49420	17.248.199.65	192.168.11.11
Nov 29, 2023 04:52:10.213411093 CET	49420	443	192.168.11.11	17.248.199.65
Nov 29, 2023 04:52:30.806224108 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:30.806323051 CET	443	49421	17.248.199.64	192.168.11.11
Nov 29, 2023 04:52:30.807044029 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:30.823764086 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:30.823852062 CET	443	49421	17.248.199.64	192.168.11.11
Nov 29, 2023 04:52:31.034878016 CET	443	49421	17.248.199.64	192.168.11.11
Nov 29, 2023 04:52:31.035732031 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:31.035732031 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:31.036118984 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:31.178634882 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:31.178934097 CET	443	49421	17.248.199.64	192.168.11.11
Nov 29, 2023 04:52:31.179560900 CET	49421	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:52:39.933157921 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:52:40.109169006 CET	80	49385	51.68.82.147	192.168.11.11
Nov 29, 2023 04:52:40.109822035 CET	49385	80	192.168.11.11	51.68.82.147
Nov 29, 2023 04:53:11.629241943 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:11.629360914 CET	443	49422	17.248.199.64	192.168.11.11
Nov 29, 2023 04:53:11.630264044 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:11.630764961 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:11.630831957 CET	443	49422	17.248.199.64	192.168.11.11
Nov 29, 2023 04:53:11.843127012 CET	443	49422	17.248.199.64	192.168.11.11
Nov 29, 2023 04:53:11.844052076 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:11.844052076 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:11.844330072 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:12.103642941 CET	49422	443	192.168.11.11	17.248.199.64
Nov 29, 2023 04:53:12.103939056 CET	443	49422	17.248.199.64	192.168.11.11
Nov 29, 2023 04:53:12.104489088 CET	49422	443	192.168.11.11	17.248.199.64

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2023 04:51:37.963880062 CET	54883	53	192.168.11.11	1.1.1.1
Nov 29, 2023 04:51:38.063116074 CET	53	54883	1.1.1.1	192.168.11.11
Nov 29, 2023 04:51:38.969151974 CET	54721	53	192.168.11.11	1.1.1.1
Nov 29, 2023 04:51:39.084420919 CET	53	54721	1.1.1.1	192.168.11.11
Nov 29, 2023 04:51:39.824588060 CET	62930	53	192.168.11.11	1.1.1.1
Nov 29, 2023 04:51:40.006550074 CET	53	62930	1.1.1.1	192.168.11.11
Nov 29, 2023 04:51:57.685267925 CET	53	52126	1.1.1.1	192.168.11.11
Nov 29, 2023 04:52:30.708304882 CET	62619	53	192.168.11.11	1.1.1.1
Nov 29, 2023 04:52:30.804207087 CET	53	62619	1.1.1.1	192.168.11.11

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 29, 2023 04:51:37.963880062 CET	192.168.11.11	1.1.1.1	0x5d0d	Standard query (0)	www.tropbikewall.art	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:38.969151974 CET	192.168.11.11	1.1.1.1	0x187b	Standard query (0)	admoustache.media-412.com	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:39.824588060 CET	192.168.11.11	1.1.1.1	0x5564	Standard query (0)	yisparoturm.com	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:52:30.708304882 CET	192.168.11.11	1.1.1.1	0x38ca	Standard query (0)	gateway.fe.apple-dns.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 29, 2023 04:51:36.308111906 CET	1.1.1.1	192.168.11.11	0xfde6	No error (0)	gateway.fe.apple-dns.net		17.248.199.65	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:38.063116074 CET	1.1.1.1	192.168.11.11	0x5d0d	No error (0)	www.tropbikewall.art	tropbikewall.art		CNAME (Canonical name)	IN (0x0001)	false
Nov 29, 2023 04:51:38.063116074 CET	1.1.1.1	192.168.11.11	0x5d0d	No error (0)	tropbikewall.art		51.68.82.147	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:38.063116074 CET	1.1.1.1	192.168.11.11	0x5d0d	No error (0)	tropbikewall.art		51.68.81.31	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:38.063116074 CET	1.1.1.1	192.168.11.11	0x5d0d	No error (0)	tropbikewall.art		51.68.85.158	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:39.084420919 CET	1.1.1.1	192.168.11.11	0x187b	No error (0)	admoustache.media-412.com		34.90.46.36	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:39.084420919 CET	1.1.1.1	192.168.11.11	0x187b	No error (0)	admoustache.media-412.com		34.141.137.168	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:39.084420919 CET	1.1.1.1	192.168.11.11	0x187b	No error (0)	admoustache.media-412.com		34.91.27.112	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:39.084420919 CET	1.1.1.1	192.168.11.11	0x187b	No error (0)	admoustache.media-412.com		34.147.1.177	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:51:40.006550074 CET	1.1.1.1	192.168.11.11	0x5564	No error (0)	yisparoturm.com		185.32.28.133	A (IP address)	IN (0x0001)	false
Nov 29, 2023 04:52:30.804207087 CET	1.1.1.1	192.168.11.11	0x38ca	No error (0)	gateway.fe.apple-dns.net		17.248.199.64	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

admoustache.media-412.com

yisparoturm.com

https:

www.tropbikewall.art

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.11.11	49385	51.68.82.147	80

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2023 04:51:38.246959925 CET	533	OUT	GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505 HTTP/1.1 Host: www.tropbikewall.art Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive
Nov 29, 2023 04:51:38.423455000 CET	1340	IN	HTTP/1.1 200 OK Date: Wed, 29 Nov 2023 03:51:38 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Cache-Control: no-transform Accept-CH: Sec-CH-UA-Platform-Version Data Raw: 31 30 65 32 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 72 65 66 65 72 72 65 72 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6e 6f 73 63 72 69 70 74 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 6f 70 62 69 6b 65 77 61 6c 6c 2e 61 72 74 2f 3f 73 6c 3d 35 37 30 36 35 34 30 2d 65 34 64 30 37 26 64 61 74 61 31 3d 54 72 61 63 6b 31 26 64 61 74 61 32 3d 54 72 61 63 6b 32 26 74 61 67 3d 4d 37 33 30 36 35 32 31 30 38 38 39 32 30 33 38 37 37 39 39 26 77 65 62 73 69 74 65 3d 32 31 35 30 35 2d 38 35 66 62 35 61 64 7a 26 70 6c 61 63 65 6d 65 6e 74 3d 32 31 35 30 35 26 65 79 65 67 3d 31 22 2f 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 32 3b 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 74 72 6f 70 62 69 6b 65 77 61 6c 6c 2e 61 72 74 2f 3f 73 6c 3d 35 37 30 36 35 34 30 2d 65 34 64 30 37 26 64 61 74 61 31 3d 54 72 61 63 6b 31 26 64 61 74 61 32 3d 54 72 61 63 6b 32 26 74 61 67 3d 4d 37 33 30 36 35 32 31 30 38 38 39 32 30 33 38 37 37 39 39 26 77 65 62 73 69 74 65 3d 32 31 35 30 35 2d 38 35 66 62 35 61 64 7a 26 70 6c 61 63 65 6d 65 6e 74 3d 32 31 35 30 35 26 65 79 65 67 3d 32 22 2f 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 69 66 20 28 77 69 6e 64 6f 77 2e 6f 70 65 6e 65 72 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 6f 70 65 6e 65 72 2e 66 6f 63 75 73 28 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 20 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0a 20 20 20 20 20 20 20 20 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 20 20 20 20 20 20 20 20 76 61 72 20 5f 30 78 34 36 61 30 3d 5b 27 26 65 79 65 77 3d 27 2c 27 26 65 79 65 68 3d 27 2c 27 6c 65 6e 67 74 68 27 2c 27 26 65 79 65 74 64 3d 27 2c 27 26 65 79 65 66 3d 27 2c 27 72 65 70 6c 61 63 65 27 2c 27 38 35 39 61 34 62 32 35 30 61 39 34 62 36 38 32 65 62 34 35 63 61 64 64 30 36 62 65 64 65 31 66 27 2c 27 74 6f 70 27 2c 27 69 6e 6e 65 72 57 69 64 74 68 27 2c 27 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 27 2c 27 63 6c 69 65 6e 74 57 69 64 74 68 27 2c 27 6f 6e 74 6f 75 63 68 73 74 61 72 74 27 2c 27 6d 61 78 54 6f 75 63 68 50 6f 69 6e 74 73 27 2c 27 6d 73 4d 61 78 54 6f 75 63 68 50 6f 69 6e 74 73 27 2c 27 75 6e 64 65 66 69 6e 65 64 27 2c 27 70 72 6f 64 75 63 74 53 75 62 27 2c 27 32 30 Data Ascii: 10e2<!DOCTYPE html><html> <head> <meta name="referrer" content="never"/> <meta name="referrer" content="no-referrer"/> <meta name="robots" content="noindex, nofollow"/> <noscript><meta http-equiv="refresh" content="0;url=http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=1"/></noscript> <meta http-equiv="refresh" content="2;url=http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=2"/> <script language="javascript"> if (window.opener) { window.opener.focus(); } </script> </head> <body> <script type="text/javascript"> var _0x46a0=['&eyew=','&eyeh=','length','&eyetd=','&eyef=','replace','859a4b250a94b682eb45cadd06bede1f','top','innerWidth','documentElement','clientWidth','ontouchstart','maxTouchPoints','msMaxTouchPoints','undefined','productSub','20
Nov 29, 2023 04:51:38.423516989 CET	1340	IN	Data Raw: 30 33 30 31 30 37 27 2c 27 62 6c 75 65 74 6f 6f 74 68 27 2c 27 63 65 6c 6c 75 6c 61 72 27 2c 27 65 74 68 65 72 6e 65 74 27 2c 27 6d 69 78 65 64 27 2c 27 6f 74 68 65 72 27 2c 27 75 6e 6b 6e 6f 77 6e 27 2c 27 77 69 66 69 27 2c 27 63 6f 6e 6e 65 63 Data Ascii: 030107','bluetooth','cellular','ethernet','mixed','other','unknown','wifi','connection','type','toString','indexOf','split','&eyer=','random'];(function(_0x3abcec,_0x483a06){var _0x1f33f5=function(_0x54e3d0){while(--_0x54e3d0){_0x3abcec['push'
Nov 29, 2023 04:51:38.423573017 CET	1340	IN	Data Raw: 34 35 32 34 30 31 29 7b 7d 72 65 74 75 72 6e 20 5f 30 78 35 38 39 39 37 32 3b 7d 66 75 6e 63 74 69 6f 6e 20 64 65 74 65 63 74 42 72 6f 77 73 65 72 50 72 6f 64 75 63 74 53 75 62 28 29 7b 76 61 72 20 5f 30 78 33 35 39 66 38 34 3d 30 78 30 3b 74 72 Data Ascii: 452401){}return _0x589972;}function detectBrowserProductSub(){var _0x359f84=0x0;try{var _0x167a2e=navigator[_0x25cf('0x9')];if(_0x167a2e!==_0x25cf('0x8')){if(_0x167a2e===_0x25cf('0xa')){_0x359f84=0x1;}else{_0x359f84=0x2;}}else{_0x359f84=0x3;}}
Nov 29, 2023 04:51:38.423621893 CET	775	IN	Data Raw: 35 64 36 3b 7d 66 75 6e 63 74 69 6f 6e 20 62 75 69 6c 64 28 29 7b 76 61 72 20 5f 30 78 34 37 64 66 32 63 3d 62 61 73 65 55 72 6c 3b 69 66 28 5f 30 78 34 37 64 66 32 63 5b 27 69 6e 64 65 78 4f 66 27 5d 28 27 3f 27 29 3e 3d 30 78 30 29 7b 5f 30 78 Data Ascii: 5d6;}function build(){var _0x47df2c=baseUrl;if(_0x47df2c['indexOf']('?')>=0x0){_0x47df2c=_0x47df2c+'&';}else{_0x47df2c=_0x47df2c+'?';}_0x47df2c=_0x47df2c+'eyeg='+baseId+_0x25cf('0x17')+Math[_0x25cf('0x18')]()+'&eyei='+inIframe()+_0x25cf('0x19'
Nov 29, 2023 04:51:38.423666954 CET	71	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 29, 2023 04:51:38.564529896 CET	636	OUT	GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=859a4b250a94b682eb45cadd06bede1f&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef= HTTP/1.1 Host: www.tropbikewall.art Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive
Nov 29, 2023 04:51:38.750056982 CET	416	IN	HTTP/1.1 302 Found Date: Wed, 29 Nov 2023 03:51:38 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-transform Location: http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=3&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef=
Nov 29, 2023 04:51:38.771903992 CET	605	OUT	GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505&eyeg=3&eyer=0.497347318274973&eyei=0&eyew=1024&eyeh=655&eyetd=210&eyef= HTTP/1.1 Host: www.tropbikewall.art Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive
Nov 29, 2023 04:51:38.949354887 CET	453	IN	HTTP/1.1 302 Found Date: Wed, 29 Nov 2023 03:51:38 GMT Content-Length: 0 Connection: keep-alive Cache-Control: no-transform Location: https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000b25b01d78bfe1106b4368ef6d76fd74b1129-202311-flb5706540-e4d07M7306521088920387799sl_5706540-e4d07b3d8f2a0d720c76d6c6be3e8f77b43ca5be3b8ec21505-85fb5adz21505

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.11.11	49389	34.90.46.36	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 03:51:39 UTC	575	OUT	GET /sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000b25b01d78bfe1106b4368ef6d76fd74b1129-202311-flb5706540-e4d07M7306521088920387799sl_5706540-e4d07b3d8f2a0d720c76d6c6be3e8f77b43ca5be3b8ec21505-85fb5adz21505 HTTP/1.1 Host: admoustache.media-412.com Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive
2023-11-29 03:51:39 UTC	466	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 32 20 46 6f 75 6e 64 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 30 33 3a 35 31 3a 33 39 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 58 2d 41 64 6a 75 73 74 2d 55 73 65 2d 4f 72 69 67 69 6e 61 6c 2d 46 6f 72 77 61 72 64 65 64 2d 46 6f 72 3a 20 31 0d 0a 52 65 66 65 72 65 72 3a 20 0d 0a 52 65 66 65 72 72 65 72 2d 50 6f 6c 69 63 79 3a 20 6e 6f 2d 72 65 66 65 72 72 65 72 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 79 69 73 70 61 72 6f 74 75 72 6d 2e 63 6f 6d 2f 3f 63 61 74 3d 32 26 67 72 6f 75 70 64 73 3d 31 35 37 26 63 6c 69 65 6e 74 49 64 3d 31 36 Data Ascii: HTTP/1.1 302 FoundServer: nginxDate: Wed, 29 Nov 2023 03:51:39 GMTContent-Length: 0Connection: closeX-Adjust-Use-Original-Forwarded-For: 1Referer: Referrer-Policy: no-referrerLocation: https://yisparoturm.com/?cat=2&groupds=157&clientId=16

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.11.11	49390	185.32.28.133	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 03:51:40 UTC	452	OUT	GET /?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735 HTTP/1.1 Host: yisparoturm.com Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: keep-alive
2023-11-29 03:51:40 UTC	827	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 30 33 3a 35 31 3a 33 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 54 72 61 6e 73 66 65 72 2d 45 6e 63 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 2a 0d 0a 53 65 74 2d 43 6f 6f 6b 69 65 3a 20 72 65 64 69 72 65 63 74 5f 75 73 65 72 5f 64 61 74 61 3d 25 37 42 25 32 32 63 6f 75 6e 74 72 79 25 32 32 25 33 41 25 32 32 55 53 25 32 32 25 32 43 25 32 32 63 69 74 Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Wed, 29 Nov 2023 03:51:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *Set-Cookie: redirect_user_data=%7B%22country%22%3A%22US%22%2C%22cit
2023-11-29 03:51:40 UTC	6965	IN	Data Raw: 31 62 32 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 72 6f 63 65 73 73 69 6e 67 20 44 6f 77 6e 6c 6f 61 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 50 72 6f 63 65 73 73 69 6e 67 20 44 6f 77 6e 6c 6f 61 64 22 3e 0a 20 20 20 20 3c 6d 65 74 Data Ascii: 1b28<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Processing Download</title> <meta name="description" content="Processing Download"> <met

Session ID	Source IP	Source Port	Destination IP	Destination Port
2	192.168.11.11	49391	185.32.28.133	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 03:51:41 UTC	845	OUT	GET /assets/js/backlink_back_button.js HTTP/1.1 Host: yisparoturm.com Accept: / Connection: keep-alive Cookie: _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002160353437482%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22US%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22netcalibre+ltd%22%3Bs%3A5%3A%22_time%22%3Bi%3A1701229896%3B%7D; redirect_user_data=%7B%22country%22%3A%22US%22%2C%22city%22%3Anull%2C%22isp%22%3A%22netcalibre+ltd%22%2C%22netspeed%22%3A%22%22%7D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Referer: https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735 Accept-Encoding: br, gzip, deflate
2023-11-29 03:51:41 UTC	345	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 30 33 3a 35 31 3a 33 36 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 36 33 32 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 32 38 20 4e 6f 76 20 32 30 32 32 20 31 34 3a 33 36 3a 34 38 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 33 38 34 63 37 38 30 2d 32 37 38 22 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 36 33 30 37 32 Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Wed, 29 Nov 2023 03:51:36 GMTContent-Type: application/javascriptContent-Length: 632Last-Modified: Mon, 28 Nov 2022 14:36:48 GMTConnection: closeETag: "6384c780-278"Strict-Transport-Security: max-age=63072
2023-11-29 03:51:41 UTC	632	IN	Data Raw: 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 20 3d 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 0a 20 20 20 20 69 66 20 28 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 2f 2f 43 68 72 6f 6d 65 20 61 6e 64 20 6d 6f 64 65 72 6e 20 62 72 6f 77 73 65 72 73 0a 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 28 6e 75 6c 6c 2c 20 64 6f 63 75 6d 65 6e 74 2e 74 69 74 6c 65 2c 20 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 3b 0a 20 20 20 20 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 70 6f 70 73 74 61 74 65 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 65 76 65 6e 74 29 20 7b 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 69 73 74 6f 72 79 2e 70 75 73 68 53 74 61 74 65 28 Data Ascii: window.onload = function () { if (history.pushState) { //Chrome and modern browsers history.pushState(null, document.title, location.href); window.addEventListener('popstate', function (event) { history.pushState(

Session ID	Source IP	Source Port	Destination IP	Destination Port
3	192.168.11.11	49392	185.32.28.133	443

Timestamp	Bytes transferred	Direction	Data
2023-11-29 03:51:42 UTC	823	OUT	GET /favicon.ico HTTP/1.1 Host: yisparoturm.com Accept: / Connection: keep-alive Cookie: _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002160353437482%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22US%22%3Bs%3A4%3A%22_isp%22%3Bs%3A14%3A%22netcalibre+ltd%22%3Bs%3A5%3A%22_time%22%3Bi%3A1701229896%3B%7D; redirect_user_data=%7B%22country%22%3A%22US%22%2C%22city%22%3Anull%2C%22isp%22%3A%22netcalibre+ltd%22%2C%22netspeed%22%3A%22%22%7D User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7 Accept-Language: en-us Referer: https://yisparoturm.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=6566b54b05d7890001227735 Accept-Encoding: br, gzip, deflate
2023-11-29 03:51:42 UTC	335	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 53 65 72 76 65 72 3a 20 6e 67 69 6e 78 0d 0a 44 61 74 65 3a 20 57 65 64 2c 20 32 39 20 4e 6f 76 20 32 30 32 33 20 30 33 3a 35 31 3a 33 37 20 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 33 31 38 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 57 65 64 2c 20 30 35 20 4f 63 74 20 32 30 32 32 20 31 35 3a 30 35 3a 32 30 20 47 4d 54 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a 45 54 61 67 3a 20 22 36 33 33 64 39 64 33 30 2d 31 33 65 22 0d 0a 53 74 72 69 63 74 2d 54 72 61 6e 73 70 6f 72 74 2d 53 65 63 75 72 69 74 79 3a 20 6d 61 78 2d 61 67 65 3d 36 33 30 37 32 30 30 30 3b 20 69 6e 63 6c 75 Data Ascii: HTTP/1.1 200 OKServer: nginxDate: Wed, 29 Nov 2023 03:51:37 GMTContent-Type: image/x-iconContent-Length: 318Last-Modified: Wed, 05 Oct 2022 15:05:20 GMTConnection: closeETag: "633d9d30-13e"Strict-Transport-Security: max-age=63072000; inclu
2023-11-29 03:51:42 UTC	318	IN	Data Raw: 00 00 01 00 01 00 10 10 10 00 01 00 04 00 28 01 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 04 00 00 00 00 00 80 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff Data Ascii: ((

System Behavior

Analysis Process: mono-sgen32 PID: 893, Parent PID: 825

General

Start time (UTC):	03:51:32
Start date (UTC):	29/11/2023
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

Start time (UTC):	03:51:32
Start date (UTC):	29/11/2023
Path:	/usr/bin/open
Arguments:
File size:	105952 bytes
MD5 hash:	40ed6d8f35c9f20484b97582d296398f

Start time (UTC):	03:51:32
Start date (UTC):	29/11/2023
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	43488 bytes
MD5 hash:	d1bb9a4899f0af921e8188218b20d744

Start time (UTC):	03:51:32
Start date (UTC):	29/11/2023
Path:	/Applications/Safari.app/Contents/MacOS/Safari
Arguments:	/Applications/Safari.app/Contents/MacOS/Safari
File size:	20896 bytes
MD5 hash:	8e18be737fe87f19fe7a97b4821e2005

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Persistence and Installation Behavior

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/Users/berri/Library/Safari/.dat.nosync037e.ES4T9e

/Users/berri/Library/Safari/Favicon Cache/favicons/.dat.nosync037e.TceAgM

/Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist

/dev/null

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync037e.wjC7SF

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_

/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_

/private/var/tmp/NSCreateObjectFileImageFromMemory-5n0lvO

/private/var/tmp/NSCreateObjectFileImageFromMemory-A9pAYC

/private/var/tmp/NSCreateObjectFileImageFromMemory-NCZBKc

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

System Behavior

Analysis Process: mono-sgen32 PID: 893, Parent PID: 825

General

Chronological Activities

Analysis Process: open PID: 893, Parent PID: 825

General

Chronological Activities

Analysis Process: xpcproxy PID: 894, Parent PID: 1

General

Chronological Activities

Analysis Process: Safari PID: 894, Parent PID: 1

General

Chronological Activities

macOS Analysis Report
http://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7306521088920387799&website=21505-85fb5adz&placement=21505