Edit tour

macOS Analysis Report
https://www2.bing.com/ipv6test/test

Overview

General Information

Sample URL:	https://www2.bing.com/ipv6test/test
Analysis ID:	1466949
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false

Signatures

No high impact signatures.

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466949
Start date and time:	2024-07-03 15:38:44 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://www2.bing.com/ipv6test/test
Analysis system description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.14
CPU architecture:	x86_64
Analysis Mode:	default
Detection:	CLEAN
Classification:	clean0.mac@0/9@2/0

Warnings

Excluded IPs from analysis (whitelisted): 17.253.27.200, 17.253.27.198, 23.221.244.29, 54.163.77.158, 3.141.137.205, 172.64.154.167, 104.18.33.89, 142.250.190.42, 23.196.49.229, 17.253.27.205, 17.253.27.199, 17.253.27.197, 17.253.27.196, 17.36.200.79, 17.253.27.195
VT rate limit hit for: https://www2.bing.com/ipv6test/test

Process Tree

System is macvm-mojave

xpcproxy New Fork (PID: 612, Parent: 1)

nsurlstoraged (MD5: 321b0a40e24b45f0af49ba42742b3f64) Arguments: /usr/libexec/nsurlstoraged --privileged

mono-sgen32 New Fork (PID: 617, Parent: 537)

open (MD5: 34bd93241fa5d2aee225941b1ca14fa4) Arguments: /usr/bin/open -a Safari https://www2.bing.com/ipv6test/test

xpcproxy New Fork (PID: 618, Parent: 1)

Safari (MD5: 2dde28c2f8a38ed2701ba17a0893cbc1) Arguments: /Applications/Safari.app/Contents/MacOS/Safari

xpcproxy New Fork (PID: 647, Parent: 1)

eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

cleanup

Yara Signatures

⊘No yara matches

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• System Summary
• Persistence and Installation Behavior
• Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.207.65:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49419 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49420 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.65
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.69
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.69
Source: unknown	TCP traffic detected without corresponding DNS query: 17.248.207.69
Source: unknown	TCP traffic detected without corresponding DNS query: 184.84.128.210
Source: unknown	TCP traffic detected without corresponding DNS query: 184.84.128.210
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: .https://www.facebook.com/settings?tab=security_ equals www.facebook.com (Facebook)
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: 2https://www.linkedin.com/psettings/change-password_ equals www.linkedin.com (Linkedin)

Source: global traffic	DNS traffic detected: DNS query: updates.cdn-apple.com
Source: global traffic	DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: CloudHistoryRemoteConfiguration.plist.252.dr	String found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://247sports.com/my/settings/password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.bbc.com/account/settings/edit/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.booking.com/account-recovery_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.docusign.com/me/changepassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.forbes.com/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.gmx.net/ciss/security/edit/passwordChange_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.idm.telekom.com/account-manager/password/index.xhtml_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.live.com/password/Change_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.magento.com/customer/account/changepassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.samsung.com/membership/contents/security/password/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://account.shodan.io/change_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.autodesk.com/Profile/Security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.craigslist.org/pass_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.ebay.com/acctsec/security-center/chngpwd_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.intuit.com/app/account-manager/security/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.nintendo.com/password/edit_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.pch.com/forgotpass_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://accounts.shopify.com/accounts/186490458/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://acesso.gov.br/area-cidadao/#/alterarSenha_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://adultfriendfinder.com/p/update.cgi?p=my_account_update_account_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.acorns.com/settings/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.carta.com/profiles/update/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.getflywheel.com/profile/security/change_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.parkmobile.io/account/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.plex.tv/desktop#
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.prolific.co/account/general_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.sipgatebasic.de/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.stonly.com/app/general/userSettings/Account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://app.zeplin.io/profile/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://appleid.apple.com/account/manage_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://apps.anatel.gov.br/AnatelConsumidor/ConsumidorEditar.aspx_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://apps.jw.org/E_PASSCHG1_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://archive.org/account/index.php?settings=1_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://arxiv.org/user/change_own_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://auth.astonmartinf1.com/Dashboard/ChangePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://auth.danawa.com/modifyMember_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://auth.fandom.com/auth/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://auth.readymag.com/password/forgot_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://auth.redgifs.com/lo/reset?ticket=_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://auth.usnews.com/changePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://bandcamp.com/settings#password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://benefitslogin.discoverybenefits.com/Profile/UpdatePassword.aspx_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://blend.io/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://bugzilla.kernel.org/userprefs.cgi?tab=account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://campus.tum.de_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://card.discover.com/cardmembersvcs/personalprofile/pp/UpdateDetails?ICMPGN=MYPROFILE_USERID_PA
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://censys.io/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://cfspart.impots.gouv.fr/monprofil-webapp/GererMonProfil_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://chaturbate.com/auth/password_change/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://classroom.udacity.com/settings/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://cloud.digitalocean.com/settings/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://cloud.linode.com/profile/auth_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://codepen.io/settings/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://consumercenter.mysynchrony.com/consumercenter/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://customer.xfinity.com/users/me/update-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://customercenter.marketwatch.com/account#password?mod=ql_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://customercenter.wsj.com/account#password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://dash.cloudflare.com/profile/authentication_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://dashboard.branch.io/account-settings/user_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://dashboard.dittomusic.com/account/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://dashboard.heroku.com/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://dashboard.messagebird.com/account/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://discord.com/settings/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://fetlife.com/settings/account/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://forum.wii-homebrew.com/index.php/AccountManagement/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://foursquare.com/change_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/ChangePIN/Init_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://genius.com/password_resets/new_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://github.com/settings/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://go.com/profile/account-settings/edit_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://help.steampowered.com/en/wizard/HelpChangePassword?redir=store/account/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://hibrain.net/mybrain/users/password/edit_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://home.thesun.co.uk/edit/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://hotels.com/profile/settings.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://hq1.appsflyer.com/account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://id.atlassian.com/manage-profile/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://id.nfl.com/account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://id.sonyentertainmentnetwork.com/id/management/#/p/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://imgur.com/account/settings/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://key.harvard.edu/manage-account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://kundenportal.edeka-smart.de/edeka-csc/forgot-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://leetcode.com/accounts/password/set/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://legacy.memoriams.com/Network/Account/ChangePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://linktr.ee/admin/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.aliexpress.com/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.aol.com/account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.blockchain.com/en/#/security-center/advanced_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.coupang.com/login/userModify.pang_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.teamviewer.com/nav/profile/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.tmon.co.kr/user/info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.usatoday.com/USAT-GUP/password-forgot/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.yahoo.com/account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.yahoo.com/myaccount/security/change-password/?src=finance_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://login.yahoo.com/myaccount/security/change-password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://logonservices.iam.target.com/change-password/?target=#
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://mail.protonmail.com/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://mastercard.syf.com/login/reset_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://mathworks.com/mwaccount/profiles/password/change_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://member.daum.net/change/password.daum_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://member.webmd.com/password-reset_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://membership.latimes.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://memberssl.auction.co.kr/membership/MyInfo/MyInfo.aspx_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://meuvivo.vivo.com.br/meuvivo/appmanager/portal/fixo_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://minhanet.net.com.br/webcenter/portal/MinhaNet/pages_alterarsenha_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://moncompte.lemonde.fr/gcustomer/account/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://my.foxbusiness.com/?p=account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://my.foxnews.com/?pieces=reset_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://my.ticketmaster.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://myaccount.ea.com/cp-ui/security/index_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://myaccount.google.com/signinoptions/password?continue=https://myaccount.google.com/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://myaccount.google.com/signinoptions/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://myaccount.virginmobile.ca/MyProfile/Details/EditProfile?editField=PASSWORD_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://myaccounts.capitalone.com/Security/changePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://mychart.clevelandclinic.org/inside.asp?mode=passwd_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://mypassword.uml.edu/#Change_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://myvpostpay.verizon.com/ui/bill/secure/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://na224.lightning.force.com/lightning/settings/personal/ChangePassword/home_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://nbcuniversal.nbc.com/request-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://news.ycombinator.com/changepw_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://nhentai.net/reset/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://nid.naver.com/user2/help/myInfo.nhn?m=viewChangePasswd_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://nypost.com/account/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://online.citi.com/US/ag/profile-update/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://onlyfans.com/my/settings/account/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://orcid.org/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://password.umsystem.edu/reset/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://play.hbomax.com/setting/account/edit/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://portal.edd.ca.gov/WebApp/Profile/UpdatePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://portal.pilotflyingj.com/myrewards/forgot-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://portalpersonas.bancochile.cl/mibancochile-web/front/persona/index.html#/mi-perfil/datos-segu
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://portlandgeneral.com/secure/profile/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://poshmark.com/user/account-info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://profile.callofduty.com/cod/info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://profile.theguardian.com/reset_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://pwrecovery.ruc.dk_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://quizlet.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://redirect.pizza/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://reelgood.com/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://reg.usps.com/entreg/secure/ChangePasswordAction_input?returnActionName_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://rule34.xxx/index.php?page=account&s=change_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://rumble.com/account/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://saude.sulamericaseguros.com.br/segurado/gerenciar-cadastro/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure-www.gap.com/my-account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.aarp.org/account/editaccount?request_locale=en&nu=t_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.bankofamerica.com/auth/security-center/main/?activity=changePasscode_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.cecredentialtrust.com/account/editpassword/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.fnac.com/account/update-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.hulu.com/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.indeed.com/account/changepassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.maxpreps.com/utility/member/forgotpassword.aspx_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.npr.org/oauth2/login_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.orclinic.com/portal/editprofile.aspx_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure.ssa.gov/RIM/UpwdView.action_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://secure07ea.chase.com/web/auth/dashboard#/dashboard/myProfileSignInSecurity/resetPassword/res
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://selvbetjening.rejsekort.dk/CWS/CustomerManagement/ChangePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://shein.com/user/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://shop.tmz.com/user?show=account-tab_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://slickdeals.net/forums/login.php?do=lostpw_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://soap2day.to/home/user/changepassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://soundcloud.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://spankbang.com/users/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://sslmember2.gmarket.co.kr/MYInfo/MemberInfo_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://stackoverflow.com/users/account-recovery_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://stacksocial.com/user?show=account-tab_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://stripchat.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://subscribe.washingtonpost.com/profile/#
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://support.opentable.com/s/login/ForgotPassword?language=en_US_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://thenounproject.com/accounts/password/change/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://todoist.com/prefs/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://trakt.tv/settings#password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://tripit.com/account/edit/section/change_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://twitter.com/settings/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://udapps.nss.udel.edu/myUDsettings/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://ui.attentivemobile.com/forgot-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://usa.experian.com/member/ngx-profile/account-info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://user.manganelo.com/user_changes_pass_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://web.500px.com/settings/account/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://wordpress.com/me/security/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://worldstarhiphop.com/videos/reset.php_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.11st.co.kr/register/popupModifyPWD.tmall_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.1800contacts.com/account/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.aa.com/loyalty/profile/information_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.account.publishing.service.gov.uk/account/edit/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ae.com/myaccount_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.aerlingus.com/html/user-profile.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.aesop.com/my-account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.airnewzealand.com/membership/profile/security/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.alaskaair.com/www2/ssl/myalaskaair/myalaskaair.aspx?view=myinformation&tab=email_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.alliantcreditunion.com/OnlineBanking/Settings/AccessAndSecurity/ChangePassword.aspx_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.allianz.com.br/alteracao-de-password-ecliente_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.allrecipes.com/account/profile#/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.alternate.de/html/myAccount/account/basicData.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.amctheatres.com/amcstubs/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.americanexpress.com/en-us/account/password/reset_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ancestry.com/account/security/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.apartments.com/my-account/#_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.arlt.com/mein-passwort/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.att.com/acctmgmt/profile/overview_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.bathandbodyworks.com/my-account/edit-profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.bbq-grill-world.de/customer/account/edit/changepass/1/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.bedbathandbeyond.com/store/account/personalinfo_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.berlet.de/mein-konto.htm#my-account--edit-pass_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.bestbuy.com/identity/accountSettings/page/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.biblegateway.com/user/account/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.birkenstock.com/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.bloomberg.com/portal/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.blutdruck-shop.de/mein-passwort/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.boredpanda.com/settings/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.browserstack.com/accounts/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.businessinsider.com/#_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.buzzfeed.com/settings/password/change_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cakeresume.com/settings/account?ref=navs_settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.canva.com/login?redirect=%2Fsettings%2Flogin-and-security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cargurus.com/Cars/myAccount#/accountSettings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cbsnews.com/user/change-password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cbssports.com/settings/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.chegg.com/my/account-next_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.chess.com/settings/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.chewy.com/app/resetpassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.clien.net/service/mypage/myInfoComfrim_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cnbc.com/account/#profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cnn.com/account/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.columbia.com/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.consumidor.gov.br/pages/usuario/editar_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.costco.com/AccountInformationView?identifier=manage-membership_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.crackle.com/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.creditkarma.com/myprofile/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.crunchyroll.com/resetpw_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.cvs.com/my-account/profile/sign-in-and-security/edit-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.dailymail.co.uk/registration/profile/change-password.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.darty.com/espace_client/donnees-personnelles/mot-de-passe/edition_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.delta.com/myprofile/security-settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.deviantart.com/settings/general_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.dickssportinggoods.com/MyAccount/AccountSettings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.disneyplus.com/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.dominos.com/en/pages/customer/#
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.doordash.com/accounts/password/reset/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.dropbox.com/account/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.dsw.com/en/us/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.dwr.com/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.eporner.com/profile/mturk_eporn/my/edit-pass/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.espn.com/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.etsy.com/your/account?ref=hdr_user_menu-settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.eventbrite.com/account-settings/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.evite.com/reset_password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.expedia.com/user/forgotpassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.fanfiction.net/account/password.php_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.fedex.com/en-us/create-account/how-to-reset-forgot-password.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.fitbit.com/settings/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.foodnetwork.com/user-profile-page_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.foxsports.com/#_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.gamespot.com/change-details/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.geocaching.com/account/settings/changepassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.glassdoor.com/member/profile/settings.htm_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.gog.com/account/settings/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.grubhub.com/account/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.happycow.net/members/profile/update/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.homedepot.com/myaccount/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.huffpost.com/member/edit-profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ign.com/account/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.insider.com/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.instacart.com/store/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.instagram.com/accounts/password/change/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.jcpenney.com/account/dashboard/personal/info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.kohls.com/myaccount/accountsettings.jsp_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.kroger.com/account/update_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.linkedin.com/psettings/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.livejasmin.com/en/girls/#
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.lowes.com/mylowes/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.macys.com/account/profile?cm_sp=macys_account-_-my_account-_-my_profile&linklocation=lef
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.marktplaats.nl/account/password-reset/confirm.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.marriott.com/loyalty/myAccount/changePassword.mi_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.meliuz.com.br/minha-conta/meus-dados/senha_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.mercari.com/mypage/email_password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.michaels.com/on/demandware.store/Sites-MichaelsUS-Site/default/Account-EditProfile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.mlb.com/account/general_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.myfreecams.com/php/account.php?request=status&vcc=1674246522#change_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.mylo.id/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.nba.com/account/nbaprofile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.netflix.com/password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.newsweek.com/contact_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.nike.com/member/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.nordstrom.com/my-account/sign-in-info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.nordstromrack.com/my-account/sign-in-info_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.nytimes.com/account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.overleaf.com/user/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.paramountplus.com/account/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.patreon.com/settings/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.paypal.com/myaccount/security/password/change_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.peacocktv.com/forgot_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.pearson.com/store/en-us/my-account/update-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.pinterest.com/settings/account-settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.politico.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.pornhub.com/user/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ppomppu.co.kr/myinfo/profile.php_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.prowlapp.com/settings.php_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.quora.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.rakuten.com/account-settings.htm_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.realtor.com/myaccount/profile/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.reddit.com/prefs/update/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.redfin.com/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.redtube.com/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.rei.com/YourAccountCredentials_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.reuters.com/account/forgot-password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.roblox.com/my/account#
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.rottentomatoes.com/user/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.samsclub.com/account/personal-info?xid=hdr_account_change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.santahelenasaude.com.br/beneficiario/#/alterar-senha_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.saturn.de/webapp/wcs/stores/servlet/MultiChannelMAChangePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.sephora.com/profile/MyAccount_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.serasa.com.br/meus-dados/alterar-senha_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.shoop.de/einstellungen/benutzerdaten_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.shopback.co.kr/account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.shutterfly.com/account-settings/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.sonos.com/myaccount/user/profile/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.southwest.com/loyalty/myaccount/profile-security.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.spectrum.net/user-preferences/your-info/manage/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.speedway.com/my-account/security/passcode_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.splunk.com/my-account/#/profile-details
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.spotify.com/in-en/account/change-password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.tasteofhome.com/login/updatepassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.temu.com/bgp_account_security.html_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.thetrainline.com/my-account/change-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.thetvdb.com/dashboard/account/changepass_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.tiktok.com/login/email/forget-password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.tripadvisor.com/Settings-cp_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.trulia.com/account/user_profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.tumblr.com/settings/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.twilio.com/console/user/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.twitch.tv/settings/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ulta.com/myaccount/index.jsp_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.united.com/ual/en/US/account/security/setpassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ups.com/lasso/updatePass?loc=en_US_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ventrachicago.com/account/manage-account/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.victoriassecret.com/us/account/profile#changePassword_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.walgreens.com/account/user_and_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.walmart.com/account/profile_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.wayfair.com/v/account/personal_info/edit_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.wikihow.com/Special:ChangeCredentials/MediaWiki%5CAuth%5CPasswordAuthenticationRequest_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.wunderground.com/member/settings_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.xvideos.com/account/security_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.youporn.com/settings/change/password/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.zhihu.com/settings/account_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.zillow.com/myzillow/profile/_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.ziprecruiter.com/login/forgot-password?realm=candidates_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://www.zocdoc.com/patient/editprofile?section=Password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://xhamster.com/password-recovery_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://yelp.com/profile_password_
Source: AutoFillQuirks.plist.252.dr	String found in binary or memory: https://zoom.us/profile#pwd-form_

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 49410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49420
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49385
Source: unknown	Network traffic detected: HTTP traffic on port 49395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49419
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49417
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 49387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49327

Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.207.65:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49350 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49385 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49387 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49395 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49410 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49417 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49418 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49419 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49420 version: TLS 1.2

Source: classification engine

Classification label: clean0.mac@0/9@2/0

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	Random device file read: /dev/urandom			Jump to behavior
Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 647)	Random device file read: /dev/random			Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)

AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist

Jump to behavior

Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	Binary plist file created: /private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	XML plist file created: /private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	Binary plist file created: /private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 2)/AutoFillQuirks.plist	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	Binary plist file created: /private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist	Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	Binary plist file created: /private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist	Jump to dropped file

Source: /usr/bin/open (PID: 617)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 618)	System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist			Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www2.bing.com/ipv6test/test	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://www.amctheatres.com/amcstubs/account_	0%	Avira URL Cloud	safe
https://www.sephora.com/profile/MyAccount_	0%	Avira URL Cloud	safe
https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage_	0%	Avira URL Cloud	safe
https://www.walmart.com/account/profile_	0%	Avira URL Cloud	safe
https://customer.xfinity.com/users/me/update-password_	0%	Avira URL Cloud	safe
https://acesso.gov.br/area-cidadao/#/alterarSenha_	0%	Avira URL Cloud	safe
https://www.southwest.com/loyalty/myaccount/profile-security.html_	0%	Avira URL Cloud	safe
https://xhamster.com/password-recovery_	0%	Avira URL Cloud	safe
https://accounts.ebay.com/acctsec/security-center/chngpwd_	0%	Avira URL Cloud	safe
https://hotels.com/profile/settings.html_	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
h3.apis.apple.map.fastly.net	151.101.3.6	true	false		unknown
updates.cdn-apple.com	unknown	unknown	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.sephora.com/profile/MyAccount_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://accounts.ebay.com/acctsec/security-center/chngpwd_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://www.southwest.com/loyalty/myaccount/profile-security.html_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://xhamster.com/password-recovery_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://acesso.gov.br/area-cidadao/#/alterarSenha_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://hotels.com/profile/settings.html_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://www.usaa.com/inet/ent_auth_password/pages/ChangePasswordPage_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://www.amctheatres.com/amcstubs/account_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://customer.xfinity.com/users/me/update-password_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://www.walmart.com/account/profile_	AutoFillQuirks.plist.252.dr	false	Avira URL Cloud: safe	unknown
https://moncompte.lemonde.fr/gcustomer/account/password_	AutoFillQuirks.plist.252.dr	false		unknown
https://shein.com/user/security_	AutoFillQuirks.plist.252.dr	false		unknown
https://zoom.us/profile#pwd-form_	AutoFillQuirks.plist.252.dr	false		unknown
https://support.opentable.com/s/login/ForgotPassword?language=en_US_	AutoFillQuirks.plist.252.dr	false		unknown
https://forum.wii-homebrew.com/index.php/AccountManagement/_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.twitch.tv/settings/security_	AutoFillQuirks.plist.252.dr	false		unknown
https://fps.fidelity.com/ftgw/Fps/Fidelity/RtlCust/ChangePIN/Init_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.instacart.com/store/account_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.newsweek.com/contact_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.victoriassecret.com/us/account/profile#changePassword_	AutoFillQuirks.plist.252.dr	false		unknown
https://dashboard.dittomusic.com/account/password_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.birkenstock.com/profile_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.delta.com/myprofile/security-settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.fanfiction.net/account/password.php_	AutoFillQuirks.plist.252.dr	false		unknown
https://id.sonyentertainmentnetwork.com/id/management/#/p/security_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.nba.com/account/nbaprofile_	AutoFillQuirks.plist.252.dr	false		unknown
https://cloud.linode.com/profile/auth_	AutoFillQuirks.plist.252.dr	false		unknown
https://meuvivo.vivo.com.br/meuvivo/appmanager/portal/fixo_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.livejasmin.com/en/girls/#	AutoFillQuirks.plist.252.dr	false		unknown
https://slickdeals.net/forums/login.php?do=lostpw_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.alaskaair.com/www2/ssl/myalaskaair/myalaskaair.aspx?view=myinformation&tab=email_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.linkedin.com/psettings/change-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://bugzilla.kernel.org/userprefs.cgi?tab=account_	AutoFillQuirks.plist.252.dr	false		unknown
https://codepen.io/settings/account_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.roblox.com/my/account#	AutoFillQuirks.plist.252.dr	false		unknown
https://www.serasa.com.br/meus-dados/alterar-senha_	AutoFillQuirks.plist.252.dr	false		unknown
https://reg.usps.com/entreg/secure/ChangePasswordAction_input?returnActionName_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.allrecipes.com/account/profile#/change-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://user.manganelo.com/user_changes_pass_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.dailymail.co.uk/registration/profile/change-password.html_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.11st.co.kr/register/popupModifyPWD.tmall_	AutoFillQuirks.plist.252.dr	false		unknown
https://app.plex.tv/desktop#	AutoFillQuirks.plist.252.dr	false		unknown
https://cam.ana.co.jp/psz/us/amc_us.jsp?index=105_	AutoFillQuirks.plist.252.dr	false		unknown
https://account.samsung.com/membership/contents/security/password/change-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.creditkarma.com/myprofile/security_	AutoFillQuirks.plist.252.dr	false		unknown
https://auth.readymag.com/password/forgot_	AutoFillQuirks.plist.252.dr	false		unknown
https://archive.org/account/index.php?settings=1_	AutoFillQuirks.plist.252.dr	false		unknown
https://secure07ea.chase.com/web/auth/dashboard#/dashboard/myProfileSignInSecurity/resetPassword/res	AutoFillQuirks.plist.252.dr	false		unknown
https://account.magento.com/customer/account/changepassword_	AutoFillQuirks.plist.252.dr	false		unknown
https://accounts.nintendo.com/password/edit_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.nordstrom.com/my-account/sign-in-info_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.dominos.com/en/pages/customer/#	AutoFillQuirks.plist.252.dr	false		unknown
https://profile.theguardian.com/reset_	AutoFillQuirks.plist.252.dr	false		unknown
https://reelgood.com/account_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.dropbox.com/account/security_	AutoFillQuirks.plist.252.dr	false		unknown
https://customercenter.wsj.com/account#password_	AutoFillQuirks.plist.252.dr	false		unknown
https://go.com/profile/account-settings/edit_	AutoFillQuirks.plist.252.dr	false		unknown
https://chaturbate.com/auth/password_change/_	AutoFillQuirks.plist.252.dr	false		unknown
https://genius.com/password_resets/new_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.macys.com/account/profile?cm_sp=macys_account-_-my_account-_-my_profile&linklocation=lef	AutoFillQuirks.plist.252.dr	false		unknown
https://www.alternate.de/html/myAccount/account/basicData.html_	AutoFillQuirks.plist.252.dr	false		unknown
https://blend.io/settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.cnn.com/account/settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.instagram.com/accounts/password/change/_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.redtube.com/settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.aesop.com/my-account_	AutoFillQuirks.plist.252.dr	false		unknown
https://member.daum.net/change/password.daum_	AutoFillQuirks.plist.252.dr	false		unknown
https://myaccount.virginmobile.ca/MyProfile/Details/EditProfile?editField=PASSWORD_	AutoFillQuirks.plist.252.dr	false		unknown
https://mastercard.syf.com/login/reset_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.jcpenney.com/account/dashboard/personal/info_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.pearson.com/store/en-us/my-account/update-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://worldstarhiphop.com/videos/reset.php_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.boredpanda.com/settings/_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.shoop.de/einstellungen/benutzerdaten_	AutoFillQuirks.plist.252.dr	false		unknown
https://mypassword.uml.edu/#Change_	AutoFillQuirks.plist.252.dr	false		unknown
https://stripchat.com/settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://accounts.shopify.com/accounts/186490458/security_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.redfin.com/change-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://hibrain.net/mybrain/users/password/edit_	AutoFillQuirks.plist.252.dr	false		unknown
https://app.carta.com/profiles/update/_	AutoFillQuirks.plist.252.dr	false		unknown
https://legacy.memoriams.com/Network/Account/ChangePassword_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.ups.com/lasso/updatePass?loc=en_US_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.pinterest.com/settings/account-settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://profile.callofduty.com/cod/info_	AutoFillQuirks.plist.252.dr	false		unknown
https://bandcamp.com/settings#password_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.crackle.com/profile_	AutoFillQuirks.plist.252.dr	false		unknown
https://secure.hulu.com/account_	AutoFillQuirks.plist.252.dr	false		unknown
https://app.acorns.com/settings/change-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://news.ycombinator.com/changepw_	AutoFillQuirks.plist.252.dr	false		unknown
https://classroom.udacity.com/settings/password_	AutoFillQuirks.plist.252.dr	false		unknown
https://pwrecovery.ruc.dk_	AutoFillQuirks.plist.252.dr	false		unknown
https://rumble.com/account/profile_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.michaels.com/on/demandware.store/Sites-MichaelsUS-Site/default/Account-EditProfile_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.splunk.com/my-account/#/profile-details	AutoFillQuirks.plist.252.dr	false		unknown
https://secure.ssa.gov/RIM/UpwdView.action_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.realtor.com/myaccount/profile/settings_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.ancestry.com/account/security/password_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.zillow.com/myzillow/profile/_	AutoFillQuirks.plist.252.dr	false		unknown
https://key.harvard.edu/manage-account/change-password_	AutoFillQuirks.plist.252.dr	false		unknown
https://www.nytimes.com/account/change-password_	AutoFillQuirks.plist.252.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
184.84.128.210	unknown	United States	16625	AKAMAI-ASUS	false
151.101.131.6	unknown	United States	54113	FASTLYUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/dev/null

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	ASCII text
Category:	dropped
Size (bytes):	61
Entropy (8bit):	4.87124241161058
Encrypted:	false
SSDEEP:	3:tRTlWugjDgXLKRWOv:nhX7hA
MD5:	57140CD48471C699C002D24AD349823A
SHA1:	12BB35BB9B16431AB6A10932689E1C515D22FA33
SHA-256:	C1DA28ADC39DD0BBD86D72B2A91D0AB5C7ED95661FC40982F948B35950F7E977
SHA-512:	2109A29BA9446BBBDFC60762396E50997C93294C6F169D1B14CC66A08120F7313D61980412B789C494A2B7FC48FA49A043047AEB698438FF6A4DE2B6600D5532
Malicious:	false
Reputation:	low
Preview:	2024-07-03 08:39:48.650 Safari[618:4787] ApplePersistence=NO.

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/com.apple.scriptmanager2.le.cache

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	data
Category:	dropped
Size (bytes):	19328
Entropy (8bit):	2.9753497322131066
Encrypted:	false
SSDEEP:	192:XVlGq37NZFFFF/QQQQgdFSGXFFFFnQQQQ:uq37HFFFF/QQQQg3SGXFFFFnQQQQ
MD5:	1D8E1388683DC96ED97907EFCCE83FDA
SHA1:	561FDF03A98032BAAEB7BC214FD6FC2712BA42B0
SHA-256:	A6BE2B32F120066646A50B537477F2D359D7013851F123146CB9B6A7A1371E8C
SHA-512:	70A1E99DAD32B200EB26AD78E6433B3E9E052355ADA3A3AD1CB6C644C1A0513E593CCD89EF8B9B305013B37F3F850F049D787677878F412D23FB517147C18C98
Malicious:	false
Reputation:	low
Preview:	.............J..dJ......clti....0.......mlti........0...blti....2.......blti....2...H...blti....2...\|...blti....2.......blti....2.......blti....2.......blti....2...L...blti~...2.......5lti.@..,.......5lti.B..,....$..5lti.p..,.......5lti.D..,...87..................(....................................... .....................~...f... ...!............... ...4...3.......>.......U.......F...E...G...C...J...K...I...H...L...M...N.......O...?...9...P.......!............. .......t............."...........................................................#...............................^.......X...Y...Z...[...\...].......Q...........S.......R...............$.......(...%.......................&...'........... ...*...+...,...-.......5......./...0...1...6...7...8...:...4...3...........2...<...........T...;...=...>.......)...U...V...W.......@...A...B...F...E...G...C...D...J...K...I...H...L...M...N.......O...?.......9...P.......!...............j...X.....R...........%...7...........\.........".........

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsDirectory.db_

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mac OS X Keychain File
Category:	dropped
Size (bytes):	48908
Entropy (8bit):	3.533814637805397
Encrypted:	false
SSDEEP:	384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGB5pBfbouR6/chQOnGqwc2U+v+h/:8MdGleOhpBouRwchQOnGqwc2U+v+h/
MD5:	0E4A0D1CEB2AF6F0F8D0167CE77BE2D3
SHA1:	414BA4C1DC5FC8BF53D550E296FD6F5AD669918C
SHA-256:	CCA093BCFC65E25DD77C849866E110DF72526DFFBE29D76E11E29C7D888A4030
SHA-512:	1DC5282D27C49A4B6F921BA5DFC88B8C1D32289DF00DD866F9AC6669A5A8D99AFEDA614BFFC7CF61A44375AE73E09CD52606B443B63636977C9CD2EF4FA68A20
Malicious:	false
Reputation:	low
Preview:	kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsObject.db_

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Mac OS X Keychain File
Category:	dropped
Size (bytes):	4404
Entropy (8bit):	3.5110922853353324
Encrypted:	false
SSDEEP:	24:mFkXs98w/mBr53CEb9ujBbCYoVeA7uBEUMy733Ka2VCneWHrUZRJkWnJI4FNMOQS:m6Xsh+CLjL3Pe3T5FFEfEn8xiYuuSsS
MD5:	D3A1859E6EC593505CC882E6DEF48FC8
SHA1:	F8E6728E3E9DE477A75706FAA95CEAD9CE13CB32
SHA-256:	3EBAFA97782204A4A1D75CFEC22E15FCDEAB45B65BAB3B3E65508707E034A16C
SHA-512:	EA2A749B105759EA33408186B417359DEFFB4A3A5ED0533CB26B459C16BB3524D67EDE5C9CF0D5098921C0C0A9313FB9C2672F1E5BA48810EDA548FA3209E818
Malicious:	false
Reputation:	low
Preview:	kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 2)/AutoFillQuirks.plist

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	59633
Entropy (8bit):	6.443121907804341
Encrypted:	false
SSDEEP:	768:GHSprdgMh/OkIgSyeImFeEWMdJYRPO/I7u0/P8MbN3Oys39Nf+J4Gh6es4t:rrrh/r79mKo+tOQ7u0H8MbhNs39Eausc
MD5:	D6DE3EFC09827BD3FB5BBD09BD34CE1C
SHA1:	A283AD0C2A4FCB068DD80E3312D6FCA63FA52FC7
SHA-256:	0B59549AEBD6C442613E0A345A74F5F35873F5FE7454B242785E1BC64C9A7830
SHA-512:	863F36F06CB3684279EA2764AC1D04015C778D052C22D68939467EF59DB7388052E190C1EBCE1F166A01EC0D27CCEC20B6899601800AF6732A84E42E0B6556A3
Malicious:	false
Reputation:	low
Preview:	bplist00..................................".^._.b_.$DomainsIneligibleForStreamlinedLogin_. DomainsWithAssociatedCredentials_..PasswordGenerationRequirements_..DomainsForPasskeyFallbackUI_..ChangePasswordURLs_."DomainsIneligibleForAutomaticLogin_..AppIDsToDomainsAssociations_..DomainsIneligibleForPasskeys_..DomainsToConsiderIdentical]SharedDomains...^old.reddit.com.......... .V.Z.f.i.l.............................................................................".9.<.?.B.E.H.K.N.R.U.Z.^.a.d.g.j.m.p.t.w.z.~....................................................................... .#.&.).,./.2.5.8.>.A.E.H.K.N.Q.T.[.^.a.g.j.m.q.x.{.~.....................................[3docean.net_..audiojungle.net^codecanyon.netZenvato.com_..graphicriver.net]photodune.net[placeit.net_..themeforest.net\tutsplus.com]videohive.net.......Vaa.com_..americanairlines.com_..americanairlines.jp.....Yaetna.com_..banneraetna.myplanportal.com..5.!.".#.$.%.&.'.(.).*.+.,.-.../.0.1.2.3.4.5.6.7.8.9.:.;.<.=.>.?.@.A.B.C.D.E.F

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	XML 1.0 document, ASCII text
Category:	dropped
Size (bytes):	1012
Entropy (8bit):	5.286991847916908
Encrypted:	false
SSDEEP:	24:2dfyiwHuG5Ku3hu65juqVrTrmuGoTxR1F1xW:cfyP5Z/5PrUon1F1xW
MD5:	0C29425555C7FF0CA114B1FD0DC39C50
SHA1:	D7D808E8BE92462F4C3CEBA66734F0E9BB26ACDD
SHA-256:	52826AFEEC974BB7BACB85BDC01DC4F23BF917D65E04773D7CAD393F7866F3FD
SHA-512:	D9C8364A85F4B4A96CAAC1409F32F9D6B2F8AE19201E0ABD2D449A3EEDADD471E99E44BC92DEB5D8FB60287DA64A88E61B45F759E7B9A383A9BBE5F5FD242F95
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>SingleDeviceSaveChangesThrottlingPolicy</key>..<string>1:1440</string>..<key>MultipleDeviceSaveChangesThrottlingPolicy</key>..<string>50:1 \| 10:2 \| 10:5 \| 10:30 \| 9:40 \| 1:510</string>..<key>SingleDeviceFetchChangesThrottlingPolicy</key>..<string>11:15 \| 1:1275</string>..<key>MultipleDeviceFetchChangesThrottlingPolicy</key>..<string>50:1 \| 50:3 \| 20:4 \| 20:5 \| 20:15 \| 20:18 \| 20:20</string>..<key>SyncCircleSizeRetrievalThrottlingPolicy</key>..<string>1:1440</string>..<key>MaximumRequestLimitCharacterCount</key>..<integer>100000</integer>..<key>SyncWindow</key>..<real>1209600</real>..<key>HistoryModificationIdleDelayBeforeSyncAttemptKey</key>..<integer>90</integer>..<key>HistoryRemovalIdleDelayBeforeSyncAttempt</key>..<integer>6</integer>..<key>SaveChangesBeforeTerminationTimeout</key>..<integer>1</integer>.</dic

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	2890
Entropy (8bit):	6.383267531551876
Encrypted:	false
SSDEEP:	48:FMO+0F/o0CCPb/bCCoumzC6kiaR/wN4Gfhb0NegHI5mP0waijwg+tiEe:FMO+EoOfjovzCuv5I12msjtHe
MD5:	99707B6E8B1DAA434DE2A176A458F85C
SHA1:	96324F62483DD7AC8683D1850D694BB900EB3419
SHA-256:	F282D8A52BFDCD208792A47C074E59A1E16D627D53094E11FC73E595AEC7DDAD
SHA-512:	E8018018F91A5CE5C418F5C6445DC11A44B40AA6F619958D496B18507B3FE309415BF9AB293E9C7C0B3E4BA109213D0216D39C0304A7BC3CCE301DB0A729430C
Malicious:	false
Reputation:	low
Preview:	bplist00..=..........!$'*-0369<?BEHKNPRTWZ]`cfilnqtwz}......................._..Bundle Identifier_..Developer Identifier_..com.ci.LetyShopsZ8SY8U2YJ38....._..com.stopallads.stopalladssafariZW5672G9B78....._..com.ci.MyPointsScoreZPV79DKGW8E....._..com.shopicks.safariZ52637H29AM....._..com.mallforafrica.mfaZW67LVM7587....._..com.ci.FatWalletExpressZMUA2CU723E....._..com.ci.CashrewardsZWPDLU326V5....._..com.ci.ObybSecurityZ284W368NRK.....^com.ci.AmikashZP77C556755.... _..com.ci.ShopBackCashbackButtonZ63768R85VC..."#_..com.skaggivara.UniblockZ9ZWDNJ5X28...%&_..com.pcvark.adblockerZRQA86TX865...()_..com.ci.PrescritZDPQ487PKR3...+,^com.ci.CashBagZWPHQAS3C45..../_..com.betteradvertising.ghosteryZHPY23A294X...12_..com.ci.RotaryGumdropZ24MGUH34FU...45_..com.ci.DeippiesnlSpaarhulpZH8MVFTTJJ3...78_..com.ci.Rewards4RacingZL6C8C726SQ...:;_..com.findx.privacycontrolZ5QE6FTCMP9...=>_..com.ci.ShopandGivereminderZ5KWKJVWBTS...@A_..com.el1t.uBlockZ3NU33NW2M3...CD_..com.ci.DealDoktorZN64U5Y52L6...FG_.(co

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	1519
Entropy (8bit):	7.2583811794436235
Encrypted:	false
SSDEEP:	24:/MVp+dVGmEH3oFqBrWZTAqg9QrTiQxOdRcE4O2/XRHuESd8t6+CksQO0TLUz4n9b:E3NmrDZTlg9yesu2/XcxCtqkjjTLUz45
MD5:	74014416C0967A64DF007D9A31F33E43
SHA1:	D236C895006FAED2ADF9AAA7577B74B7F74D3D6C
SHA-256:	BF7E031C1D2208DC0DC61E7F15C5375E178A106184C414639737EA038581C2E4
SHA-512:	935FA2493B8726D1340CDC9D62C3156E78F465946381E1F6CBF46B8D10D45A474ED87770A51FBAB4A7564E703696C4BDB434AB1F776DAC6299EFAEDA127DE596
Malicious:	false
Reputation:	low
Preview:	bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A...........S2.0_.$4EB654D1-EEB5-4EF0-AD67-1250FB6E2FEA_..{{0, 49}, {1024, 696}}.... !."#.$%&'().,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O..].(;W.\|.mN..#...j.7i..#..H..q.u.a.o.&.?..R...!.=.@Zbs......`...\|....V......P.W3Y..e69.u:..#^.+..[.^.J.a.]^....99...jq......N...$....5x....H.nj....D.Y....Y.U.8..RO>.!\.3.......4.?...m.\.C.5...X... .E.A...v.A,.w'.?....l..........#?.Q6>Y.....49..DX...H.F...)I.."....8..@..I....X"..q.xn}F......z.[...WX\.Q>...O.8u?......I.%...]T..J9}..+Q(...!..#<....P.tfL.z..h."uZg...A....2..BEWv.D...+...I.E

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist

Download File

Process:	/Applications/Safari.app/Contents/MacOS/Safari
File Type:	Apple binary property list
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.9370658315190226
Encrypted:	false
SSDEEP:	3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
MD5:	CDC65B5F112547EAFAE0F16F9C149426
SHA1:	AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
SHA-256:	1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
SHA-512:	E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
Malicious:	false
Reputation:	low
Preview:	bplist00..._..ExtensionArchivesExtracted...(...............................)

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 150
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 15:39:46.661676884 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.662331104 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.667022943 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.689685106 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.691853046 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.691931009 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.691993952 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.692053080 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.692096949 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.693727970 CEST	49348	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.693727970 CEST	49348	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.693859100 CEST	49348	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.694327116 CEST	49348	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.701319933 CEST	49348	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.720586061 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.786640882 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.786731958 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.786798000 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.786859035 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.786905050 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.786959887 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.787015915 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.788538933 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.788539886 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.788670063 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.788755894 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.820055008 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.820122957 CEST	443	49348	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.820738077 CEST	49348	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.834852934 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.839728117 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.840498924 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.841851950 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.954509020 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.954739094 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.954798937 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:46.957225084 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.957285881 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.960406065 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.961838961 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.961914062 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.961973906 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.962063074 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.962132931 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:46.963269949 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.963324070 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.963324070 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.963596106 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.969486952 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:46.989058971 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.989279032 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.989624023 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.989815950 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:46.990156889 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.088042974 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:47.088133097 CEST	443	49350	151.101.131.6	192.168.11.12
Jul 3, 2024 15:39:47.088685036 CEST	49350	443	192.168.11.12	151.101.131.6
Jul 3, 2024 15:39:47.108598948 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.108659029 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.108701944 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.109152079 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.109210968 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.110061884 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.110138893 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.110723972 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.110929966 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.117819071 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.117896080 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.119975090 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.120204926 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.126130104 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.126205921 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.127746105 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.127940893 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.134572029 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.134660959 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.136472940 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.136745930 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.142940998 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.143018007 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.143659115 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.143721104 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.151411057 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.151487112 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.152256012 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.152463913 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.159797907 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.159898996 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.160554886 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.160762072 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.168157101 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.168282986 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.168894053 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.169095039 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.228751898 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.228835106 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.229507923 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.232376099 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.232871056 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.232950926 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.233583927 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.233742952 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.241349936 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:47.242086887 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.719520092 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:47.838922024 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:49.037374973 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:49.157352924 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:49.158368111 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:49.833842039 CEST	49349	443	192.168.11.12	17.248.207.65
Jul 3, 2024 15:39:49.874577999 CEST	49327	443	192.168.11.12	17.248.207.69
Jul 3, 2024 15:39:49.877629995 CEST	49327	443	192.168.11.12	17.248.207.69
Jul 3, 2024 15:39:49.953334093 CEST	443	49349	17.248.207.65	192.168.11.12
Jul 3, 2024 15:39:49.994224072 CEST	443	49327	17.248.207.69	192.168.11.12
Jul 3, 2024 15:39:49.994429111 CEST	443	49327	17.248.207.69	192.168.11.12
Jul 3, 2024 15:39:49.995085001 CEST	49327	443	192.168.11.12	17.248.207.69
Jul 3, 2024 15:39:49.997154951 CEST	443	49327	17.248.207.69	192.168.11.12
Jul 3, 2024 15:40:19.665168047 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.665205002 CEST	443	49385	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:19.665828943 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.667112112 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.667128086 CEST	443	49385	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:19.912862062 CEST	443	49385	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:19.914561033 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.914658070 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.961323023 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.961365938 CEST	443	49385	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:19.961559057 CEST	443	49385	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:19.961869001 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:19.962102890 CEST	49385	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.043524981 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.043545008 CEST	443	49387	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.044117928 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.045403004 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.045413017 CEST	443	49387	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.288422108 CEST	443	49387	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.289851904 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.289851904 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.300968885 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.301055908 CEST	443	49387	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.301248074 CEST	443	49387	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.301800966 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.301867962 CEST	49387	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.374075890 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.374106884 CEST	443	49388	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.374798059 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.375859976 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.375874043 CEST	443	49388	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.621815920 CEST	443	49388	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.622716904 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.622716904 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.641388893 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.641546011 CEST	443	49388	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.641889095 CEST	443	49388	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.642257929 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.642528057 CEST	49388	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.698388100 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.698477030 CEST	443	49391	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.699189901 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.701241970 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.701272964 CEST	443	49391	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.946726084 CEST	443	49391	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.947432995 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.947494030 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.952544928 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.952640057 CEST	443	49391	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.952934980 CEST	443	49391	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:20.953298092 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:20.953547955 CEST	49391	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.356523037 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.356544971 CEST	443	49395	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.357089043 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.358172894 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.358181000 CEST	443	49395	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.607542992 CEST	443	49395	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.608747005 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.608820915 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.643418074 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.643517017 CEST	443	49395	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.643711090 CEST	443	49395	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.644207954 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.644268036 CEST	49395	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.700747967 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.700776100 CEST	443	49397	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.701445103 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.704237938 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.704257011 CEST	443	49397	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.952693939 CEST	443	49397	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.953989983 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.953989983 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.974966049 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.975039005 CEST	443	49397	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.975238085 CEST	443	49397	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:21.975693941 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:21.975785017 CEST	49397	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.205133915 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.205152035 CEST	443	49410	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:23.205775023 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.219141960 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.219156981 CEST	443	49410	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:23.461626053 CEST	443	49410	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:23.462672949 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.462879896 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.498338938 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.498395920 CEST	443	49410	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:23.498621941 CEST	443	49410	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:23.499125004 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:23.499213934 CEST	49410	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:43.716644049 CEST	49344	80	192.168.11.12	184.84.128.210
Jul 3, 2024 15:40:43.836944103 CEST	80	49344	184.84.128.210	192.168.11.12
Jul 3, 2024 15:40:43.838557005 CEST	49344	80	192.168.11.12	184.84.128.210
Jul 3, 2024 15:40:57.705950022 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.705982924 CEST	443	49417	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:57.706521988 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.738730907 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.738748074 CEST	443	49417	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:57.981020927 CEST	443	49417	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:57.981770992 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.981836081 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.994278908 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.994354010 CEST	443	49417	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:57.994505882 CEST	443	49417	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:57.995450020 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:57.995538950 CEST	49417	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.032887936 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.032912970 CEST	443	49418	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.033593893 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.035063028 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.035075903 CEST	443	49418	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.277360916 CEST	443	49418	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.278140068 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.278162956 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.288383961 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.288459063 CEST	443	49418	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.288604021 CEST	443	49418	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.289071083 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.289197922 CEST	49418	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.320970058 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.321010113 CEST	443	49419	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.321687937 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.323273897 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.323297977 CEST	443	49419	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.568782091 CEST	443	49419	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.570221901 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.570314884 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.575505018 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.575614929 CEST	443	49419	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.575896025 CEST	443	49419	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.576318979 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.576575041 CEST	49419	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.590995073 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.591039896 CEST	443	49420	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.591943979 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.592730999 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.592760086 CEST	443	49420	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.835007906 CEST	443	49420	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.835855961 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.835938931 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.842894077 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.842952013 CEST	443	49420	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.843066931 CEST	443	49420	151.101.67.6	192.168.11.12
Jul 3, 2024 15:40:58.843533993 CEST	49420	443	192.168.11.12	151.101.67.6
Jul 3, 2024 15:40:58.843580961 CEST	49420	443	192.168.11.12	151.101.67.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 15:39:50.498265982 CEST	137	137	192.168.11.12	192.168.11.255
Jul 3, 2024 15:39:50.505053043 CEST	137	137	192.168.11.12	192.168.11.255
Jul 3, 2024 15:40:08.503282070 CEST	53	59261	1.1.1.1	192.168.11.12
Jul 3, 2024 15:40:25.585635900 CEST	59284	53	192.168.11.12	1.1.1.1
Jul 3, 2024 15:40:58.031558037 CEST	61921	53	192.168.11.12	1.1.1.1
Jul 3, 2024 15:40:58.151025057 CEST	53	61921	1.1.1.1	192.168.11.12

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 3, 2024 15:40:20.156687021 CEST	192.168.11.12	1.1.1.1	3594	(Port unreachable)	Destination Unreachable
Jul 3, 2024 15:40:23.100570917 CEST	192.168.11.12	1.1.1.1	2623	(Port unreachable)	Destination Unreachable
Jul 3, 2024 15:40:58.151609898 CEST	192.168.11.12	1.1.1.1	a70	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 15:40:25.585635900 CEST	192.168.11.12	1.1.1.1	0xc518	Standard query (0)	updates.cdn-apple.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 15:40:58.031558037 CEST	192.168.11.12	1.1.1.1	0xff80	Standard query (0)	h3.apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 15:40:25.705272913 CEST	1.1.1.1	192.168.11.12	0xc518	No error (0)	updates.cdn-apple.com	updates.cdn-apple.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 3, 2024 15:40:58.151025057 CEST	1.1.1.1	192.168.11.12	0xff80	No error (0)	h3.apis.apple.map.fastly.net		151.101.3.6	A (IP address)	IN (0x0001)	false
Jul 3, 2024 15:40:58.151025057 CEST	1.1.1.1	192.168.11.12	0xff80	No error (0)	h3.apis.apple.map.fastly.net		151.101.67.6	A (IP address)	IN (0x0001)	false
Jul 3, 2024 15:40:58.151025057 CEST	1.1.1.1	192.168.11.12	0xff80	No error (0)	h3.apis.apple.map.fastly.net		151.101.195.6	A (IP address)	IN (0x0001)	false
Jul 3, 2024 15:40:58.151025057 CEST	1.1.1.1	192.168.11.12	0xff80	No error (0)	h3.apis.apple.map.fastly.net		151.101.131.6	A (IP address)	IN (0x0001)	false

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jul 3, 2024 15:39:46.691993952 CEST	151.101.131.6	443	192.168.11.12	49348	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Apr 26 02:39:11 CEST 2024 Wed Apr 29 14:54:50 CEST 2020	Wed Oct 23 02:49:11 CEST 2024 Thu Apr 11 01:59:59 CEST 2030
Jul 3, 2024 15:39:46.691993952 CEST	151.101.131.6	443	192.168.11.12	49348	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030
Jul 3, 2024 15:39:46.786959887 CEST	17.248.207.65	443	192.168.11.12	49349	CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US	Wed Nov 01 09:04:18 CET 2023 Wed Dec 12 13:00:00 CET 2018 Thu Apr 28 23:38:00 CEST 2022	Sat Nov 30 09:04:17 CET 2024 Wed May 07 14:00:00 CEST 2025 Wed May 07 02:00:00 CEST 2025	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
					C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE	Wed Dec 12 13:00:00 CET 2018	Wed May 07 14:00:00 CEST 2025
					C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1	CN=Apple Root CA, OU=Apple Certification Authority, O=Apple Inc., C=US	Thu Apr 28 23:38:00 CEST 2022	Wed May 07 02:00:00 CEST 2025
Jul 3, 2024 15:39:46.961973906 CEST	151.101.131.6	443	192.168.11.12	49350	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Apr 26 02:39:11 CEST 2024 Wed Apr 29 14:54:50 CEST 2020	Wed Oct 23 02:49:11 CEST 2024 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Jul 3, 2024 15:39:46.961973906 CEST	151.101.131.6	443	192.168.11.12	49350	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c

System Behavior

Analysis Process: xpcproxy PID: 612, Parent PID: 1

General

Start time (UTC):	13:39:45
Start date (UTC):	03/07/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

File Activities

File Opened

File Read

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: nsurlstoraged PID: 612, Parent PID: 1

General

Start time (UTC):	13:39:45
Start date (UTC):	03/07/2024
Path:	/usr/libexec/nsurlstoraged
Arguments:	/usr/libexec/nsurlstoraged --privileged
File size:	246624 bytes
MD5 hash:	321b0a40e24b45f0af49ba42742b3f64

File Activities

File Opened

File Read

Directory Enumerated

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: mono-sgen32 PID: 617, Parent PID: 537

General

Start time (UTC):	13:39:47
Start date (UTC):	03/07/2024
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

File Activities

File Read (Anonymous Pipes)

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: open PID: 617, Parent PID: 537

General

Start time (UTC):	13:39:47
Start date (UTC):	03/07/2024
Path:	/usr/bin/open
Arguments:	/usr/bin/open -a Safari https://www2.bing.com/ipv6test/test
File size:	105952 bytes
MD5 hash:	34bd93241fa5d2aee225941b1ca14fa4

File Activities

File Opened

File Read

File Seeked

Directory Enumerated

Process Activities

Process Exited

Process Killed

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: xpcproxy PID: 618, Parent PID: 1

General

Start time (UTC):	13:39:47
Start date (UTC):	03/07/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

File Activities

File Opened

Directory Created

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: Safari PID: 618, Parent PID: 1

General

Start time (UTC):	13:39:47
Start date (UTC):	03/07/2024
Path:	/Applications/Safari.app/Contents/MacOS/Safari
Arguments:	/Applications/Safari.app/Contents/MacOS/Safari
File size:	27120 bytes
MD5 hash:	2dde28c2f8a38ed2701ba17a0893cbc1

File Activities

File Opened

File Created

File Deleted

File Truncated

File Read

File Read (Anonymous Pipes)

File Written

File Seeked

File Moved

Directory Enumerated

Directory Attributes Enumerated Bulk

Directory Created

Directory Deleted

Permission Modified

Extended Attributes Set

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: xpcproxy PID: 647, Parent PID: 1

General

Start time (UTC):	13:40:41
Start date (UTC):	03/07/2024
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

File Activities

File Opened

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: eficheck PID: 647, Parent PID: 1

General

Start time (UTC):	13:40:41
Start date (UTC):	03/07/2024
Path:	/usr/libexec/firmwarecheckers/eficheck/eficheck
Arguments:	/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
File size:	74048 bytes
MD5 hash:	328beb81a2263449258057506bb4987f

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report https://www2.bing.com/ipv6test/test

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Process Tree

Yara Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/dev/null

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/com.apple.scriptmanager2.le.cache

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsDirectory.db_

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/C/com.apple.Safari/mds/mdsObject.db_

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari 2)/AutoFillQuirks.plist

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/CloudHistoryRemoteConfiguration.plist

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/KnownExtensions.plist

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/LastSession.plist

/private/var/folders/t9/r5v5jljx0rb04g1yc95c7hw40000gp/T/com.apple.Safari/TemporaryItems/(A Document Being Saved By Safari)/Preferences.plist

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTPS Connections

System Behavior

Analysis Process: xpcproxy PID: 612, Parent PID: 1

General

File Activities

File Opened

File Read

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: nsurlstoraged PID: 612, Parent PID: 1

General

File Activities

File Opened

File Read

Directory Enumerated

macOS Analysis Report
https://www2.bing.com/ipv6test/test