macOS
Analysis Report
https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFkILOsO1UnLItklUwD68rhtr94fRPJI4HAEjYZ7vdlgHTiHU_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPRzSyzWe4FlQQyqQA-2BOTqGjWjoN-2BuPm4tzM5LM6f6tO2PXKa74YSjAhzL6onG-2BuKO989bZZj9
Overview
General Information
Sample URL: | https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFkILOsO1UnLItklUwD68rhtr94fRPJI4HAEjYZ7vdlgHTiHU_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7 |
Analysis ID: | 1505740 |
Infos: | |
Errors
|
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Classification
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1505740 |
Start date and time: | 2024-09-06 18:34:22 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 1m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | urldownload.jbs |
Sample URL: | https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFkILOsO1UnLItklUwD68rhtr94fRPJI4HAEjYZ7vdlgHTiHU_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPRzSyzWe4FlQQyqQA-2BOTqGjWjoN-2BuPm4tzM5LM6f6tO2PXKa74YSjAhzL6onG-2BuKO989bZZj9vupVvXtBWU0qXeI6VZny9p-2FgjssbU9Je1I2RDoZPOLgxX8gxf2-2BzsuoGYoVqnaS5CYR1Z5WEWAcZP0wmQbm4ikqer-2BGrlVppyDdPw-2BxPiObQZTbU2ZeclEy9V5nUC-2BnwlvdDmQwsjghHkHuJFiwInVWpyiCgGFo0uYjlPs3G8hdAgJBJu-2F-2B0K864-3D#ZmluYW5jZUBjbGVhcnZpZXcuYWk= |
Analysis system description: | Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
macOS major version: | 10.14 |
CPU architecture: | x86_64 |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal48.mac@0/0@2/0 |
- Script error: cURL download failed with exit code CURLE_WRITE_ERROR (23) and standard error:* Trying 108.139.47.10...* TCP_NODELAY set* Connected to clickme.thryv.com (108.139.47.10) port 443 (#0)* ALPN, offering h2* ALPN, offering http/1.1* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH* successfully set certificate verify locations:* CAfile: /etc/ssl/cert.pem CApath: none* TLSv1.2 (OUT), TLS handshake, Client hello (1):} [223 bytes data]* TLSv1.2 (IN), TLS handshake, Server hello (2):{ [100 bytes data]* TLSv1.2 (IN), TLS handshake, Certificate (11):{ [4950 bytes data]* TLSv1.2 (IN), TLS handshake, Server key exchange (12):{ [300 bytes data]* TLSv1.2 (IN), TLS handshake, Server finished (14):{ [4 bytes data]* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):} [37 bytes data]* TLSv1.2 (OUT), TLS change cipher, Client hello (1):} [1 bytes data]* TLSv1.2 (OUT), TLS handshake, Finished (20):} [16 bytes data]* TLSv1.2 (IN), TLS change cipher, Client hello (1):{ [1 bytes da
- Excluded IPs from analysis (whitelisted): 17.137.170.2, 23.199.49.152, 104.18.38.233, 172.64.149.23
- Excluded domains from analysis (whitelisted): e11408.d.akamaiedge.net, help.origin-apple.com.akadns.net, ocsp.comodoca.com.cdn.cloudflare.net, ocsp.usertrust.com, radarsubmissions.apple.com.akadns.net, radarsubmissions.apple.com, help.apple.com, help-ar.apple.com.edgekey.net
- VT rate limit hit for: https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFkILOsO1UnLItklUwD68rhtr94fRPJI4HAEjYZ7vdlgHTiHU_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPRzSyzWe4FlQQyqQA-2BOTqGjWjoN-2BuPm4tzM5LM6f6tO2PXKa74YSjAhzL6onG-2BuKO989bZZj9vupVvXtBWU0qXeI6VZny9p-2FgjssbU9Je1I2RDoZPOLgxX8gxf2-2BzsuoGYoVqnaS5CYR1Z5WEWAcZP0wmQbm4ikqer-2BGrlVppyDdPw-2BxPiObQZTbU2ZeclEy9V5nUC-2BnwlvdDmQwsjghHkHuJFiwInVWpyiCgGFo0uYjlPs3G8hdAgJBJu-2F-2B0K864-3D#ZmluYW5jZUBjbGVhcnZpZXcuYWk=
- System is macvm-mojave
- xpcproxy New Fork (PID: 611, Parent: 1)
- mono-sgen32 New Fork (PID: 616, Parent: 537)
- cleanup
⊘No yara matches
⊘No Suricata rule has matched
- • AV Detection
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | SlashNext: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | Reads from socket in process: | Jump to behavior |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Writes from socket in process: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | System Service Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
inspire.rashienti.com | 172.67.168.219 | true | false | unknown | |
d1rsqi0l6b7evg.cloudfront.net | 108.139.47.10 | true | false | unknown | |
clickme.thryv.com | unknown | unknown | false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
108.139.47.10 | d1rsqi0l6b7evg.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
151.101.131.6 | unknown | United States | 54113 | FASTLYUS | false | |
172.67.168.219 | inspire.rashienti.com | United States | 13335 | CLOUDFLARENETUS | false |
⊘No context
⊘No context
⊘No context
⊘No context
⊘No context
⊘No created / dropped files found
⊘No static file info
Download Network PCAP: filtered – full
- Total Packets: 59
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 6, 2024 18:35:23.629386902 CEST | 443 | 49351 | 151.101.131.6 | 192.168.11.12 |
Sep 6, 2024 18:35:23.629614115 CEST | 443 | 49351 | 151.101.131.6 | 192.168.11.12 |
Sep 6, 2024 18:35:23.630168915 CEST | 49351 | 443 | 192.168.11.12 | 151.101.131.6 |
Sep 6, 2024 18:35:23.643461943 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:23.739957094 CEST | 443 | 49352 | 17.253.97.206 | 192.168.11.12 |
Sep 6, 2024 18:35:23.740799904 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:23.752370119 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:23.786389112 CEST | 49347 | 443 | 192.168.11.12 | 17.248.199.68 |
Sep 6, 2024 18:35:23.851999044 CEST | 443 | 49352 | 17.253.97.206 | 192.168.11.12 |
Sep 6, 2024 18:35:23.853367090 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:23.881336927 CEST | 443 | 49347 | 17.248.199.68 | 192.168.11.12 |
Sep 6, 2024 18:35:24.163355112 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:24.260863066 CEST | 443 | 49352 | 17.253.97.206 | 192.168.11.12 |
Sep 6, 2024 18:35:24.261459112 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:24.707721949 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.803181887 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.803949118 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.833575964 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.928710938 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.928894043 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.928983927 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.929060936 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.929630041 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.930061102 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.930147886 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:24.930794954 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.930795908 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.931847095 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.947416067 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:24.999973059 CEST | 49347 | 443 | 192.168.11.12 | 17.248.199.68 |
Sep 6, 2024 18:35:25.001842976 CEST | 49347 | 443 | 192.168.11.12 | 17.248.199.68 |
Sep 6, 2024 18:35:25.042747021 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.042829037 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.042886972 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.044373989 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.044374943 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.046344042 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.046483994 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.046724081 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.047089100 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.047590971 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.094913006 CEST | 443 | 49347 | 17.248.199.68 | 192.168.11.12 |
Sep 6, 2024 18:35:25.095628023 CEST | 49347 | 443 | 192.168.11.12 | 17.248.199.68 |
Sep 6, 2024 18:35:25.096759081 CEST | 443 | 49347 | 17.248.199.68 | 192.168.11.12 |
Sep 6, 2024 18:35:25.141556025 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.141639948 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.142205954 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.142329931 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.186705112 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.220870018 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.220954895 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:25.221664906 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.221664906 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.351106882 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.446400881 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.447169065 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.466156006 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.561554909 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.566724062 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.566827059 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.566891909 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.567624092 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.567624092 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.595439911 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.690958023 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.691015959 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.691622972 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.691714048 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.693532944 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.693743944 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.693845987 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.694042921 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.694561005 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.740092993 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:25.741723061 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:25.791723967 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.791799068 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.791848898 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.792834997 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.840923071 CEST | 443 | 49352 | 17.253.97.206 | 192.168.11.12 |
Sep 6, 2024 18:35:25.841686964 CEST | 49352 | 443 | 192.168.11.12 | 17.253.97.206 |
Sep 6, 2024 18:35:25.962228060 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962333918 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962393999 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962466955 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962542057 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962599993 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962672949 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962747097 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.962810040 CEST | 443 | 49354 | 172.67.168.219 | 192.168.11.12 |
Sep 6, 2024 18:35:25.963051081 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.963051081 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.963960886 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.964031935 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.964222908 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.964498043 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.965624094 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.966799021 CEST | 49354 | 443 | 192.168.11.12 | 172.67.168.219 |
Sep 6, 2024 18:35:25.966948986 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:25.968316078 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:26.061688900 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:26.061758041 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Sep 6, 2024 18:35:26.062258005 CEST | 49353 | 443 | 192.168.11.12 | 108.139.47.10 |
Sep 6, 2024 18:35:26.063043118 CEST | 443 | 49353 | 108.139.47.10 | 192.168.11.12 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 6, 2024 18:35:24.580321074 CEST | 62393 | 53 | 192.168.11.12 | 1.1.1.1 |
Sep 6, 2024 18:35:24.675998926 CEST | 53 | 62393 | 1.1.1.1 | 192.168.11.12 |
Sep 6, 2024 18:35:25.223835945 CEST | 59921 | 53 | 192.168.11.12 | 1.1.1.1 |
Sep 6, 2024 18:35:25.321089983 CEST | 53 | 59921 | 1.1.1.1 | 192.168.11.12 |
Sep 6, 2024 18:35:28.936467886 CEST | 30067 | 25866 | 192.168.11.12 | 192.168.11.1 |
Sep 6, 2024 18:35:28.936578989 CEST | 26994 | 25902 | 192.168.11.12 | 192.168.11.1 |
Sep 6, 2024 18:35:28.936764956 CEST | 8307 | 29810 | 192.168.11.12 | 192.168.11.1 |
Sep 6, 2024 18:35:28.936764956 CEST | 26676 | 21078 | 192.168.11.12 | 192.168.11.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 6, 2024 18:35:24.580321074 CEST | 192.168.11.12 | 1.1.1.1 | 0xdb07 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 6, 2024 18:35:25.223835945 CEST | 192.168.11.12 | 1.1.1.1 | 0x3544 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 6, 2024 18:35:24.675998926 CEST | 1.1.1.1 | 192.168.11.12 | 0xdb07 | No error (0) | d1rsqi0l6b7evg.cloudfront.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 6, 2024 18:35:24.675998926 CEST | 1.1.1.1 | 192.168.11.12 | 0xdb07 | No error (0) | 108.139.47.10 | A (IP address) | IN (0x0001) | false | ||
Sep 6, 2024 18:35:24.675998926 CEST | 1.1.1.1 | 192.168.11.12 | 0xdb07 | No error (0) | 108.139.47.125 | A (IP address) | IN (0x0001) | false | ||
Sep 6, 2024 18:35:24.675998926 CEST | 1.1.1.1 | 192.168.11.12 | 0xdb07 | No error (0) | 108.139.47.36 | A (IP address) | IN (0x0001) | false | ||
Sep 6, 2024 18:35:24.675998926 CEST | 1.1.1.1 | 192.168.11.12 | 0xdb07 | No error (0) | 108.139.47.14 | A (IP address) | IN (0x0001) | false | ||
Sep 6, 2024 18:35:25.321089983 CEST | 1.1.1.1 | 192.168.11.12 | 0x3544 | No error (0) | 172.67.168.219 | A (IP address) | IN (0x0001) | false | ||
Sep 6, 2024 18:35:25.321089983 CEST | 1.1.1.1 | 192.168.11.12 | 0x3544 | No error (0) | 104.21.27.32 | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Sep 6, 2024 18:35:24.930061102 CEST | 108.139.47.10 | 443 | 192.168.11.12 | 49353 | CN=clickme.thryv.com CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | CN=Amazon RSA 2048 M03, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US | Sat Jun 08 02:00:00 CEST 2024 Wed Aug 24 00:26:04 CEST 2022 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009 | Mon Jul 07 01:59:59 CEST 2025 Sat Aug 24 00:26:04 CEST 2030 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034 | 771,52393-52392-52394-49200-49196-49192-49188-49172-49162-159-107-57-65413-196-136-129-157-61-53-192-132-49199-49195-49191-49187-49171-49161-158-103-51-190-69-156-60-47-186-65-49170-49160-22-10-255,0-11-10-13-16,29-23-24,0 | a7a5e32c2ca29907256b5de4fbdf61ed |
CN=Amazon RSA 2048 M03, O=Amazon, C=US | CN=Amazon Root CA 1, O=Amazon, C=US | Wed Aug 24 00:26:04 CEST 2022 | Sat Aug 24 00:26:04 CEST 2030 | |||||||
CN=Amazon Root CA 1, O=Amazon, C=US | CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | Mon May 25 14:00:00 CEST 2015 | Thu Dec 31 02:00:00 CET 2037 | |||||||
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US | OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US | Wed Sep 02 02:00:00 CEST 2009 | Wed Jun 28 19:39:16 CEST 2034 | |||||||
Sep 6, 2024 18:35:25.566891909 CEST | 172.67.168.219 | 443 | 192.168.11.12 | 49354 | CN=rashienti.com CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US | CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE | Tue Aug 20 14:39:30 CEST 2024 Wed Dec 13 10:00:00 CET 2023 Wed Nov 15 04:43:21 CET 2023 | Mon Nov 18 13:39:29 CET 2024 Tue Feb 20 15:00:00 CET 2029 Fri Jan 28 01:00:42 CET 2028 | 771,52393-52392-52394-49200-49196-49192-49188-49172-49162-159-107-57-65413-196-136-129-157-61-53-192-132-49199-49195-49191-49187-49171-49161-158-103-51-190-69-156-60-47-186-65-49170-49160-22-10-255,0-11-10-13-16,29-23-24,0 | a7a5e32c2ca29907256b5de4fbdf61ed |
CN=WE1, O=Google Trust Services, C=US | CN=GTS Root R4, O=Google Trust Services LLC, C=US | Wed Dec 13 10:00:00 CET 2023 | Tue Feb 20 15:00:00 CET 2029 | |||||||
CN=GTS Root R4, O=Google Trust Services LLC, C=US | CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE | Wed Nov 15 04:43:21 CET 2023 | Fri Jan 28 01:00:42 CET 2028 |
System Behavior
Start time (UTC): | 16:35:22 |
Start date (UTC): | 06/09/2024 |
Path: | /usr/libexec/xpcproxy |
Arguments: | - |
File size: | 44048 bytes |
MD5 hash: | 4764d9eafe6b7dac23253a9f8b7f73d6 |
Start time (UTC): | 16:35:22 |
Start date (UTC): | 06/09/2024 |
Path: | /usr/libexec/nsurlstoraged |
Arguments: | /usr/libexec/nsurlstoraged --privileged |
File size: | 246624 bytes |
MD5 hash: | 321b0a40e24b45f0af49ba42742b3f64 |
Start time (UTC): | 16:35:23 |
Start date (UTC): | 06/09/2024 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | - |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
Start time (UTC): | 16:35:23 |
Start date (UTC): | 06/09/2024 |
Path: | /usr/bin/curl |
Arguments: | /usr/bin/curl -t 2 -v --connect-timeout 10 -L --remote-name --insecure --silent --user-agent Mozilla/5.0 (Macintosh Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15 https://clickme.thryv.com/ls/click?upn=u001.Als7cfHaJU2yMdsJgpsIFkILOsO1UnLItklUwD68rhtr94fRPJI4HAEjYZ7vdlgHTiHU_OEO3HRIZ3eedLymwLhvJt9sqs3j4T3CqpVCO9A0ZKplqH1W1Ad1lCPdQBrRfbSauZPLLCLTYBsXDRt8yGG5FOZ7NK342oFTufTBA9n-2F9XZPRzSyzWe4FlQQyqQA-2BOTqGjWjoN-2BuPm4tzM5LM6f6tO2PXKa74YSjAhzL6onG-2BuKO989bZZj9vupVvXtBWU0qXeI6VZny9p-2FgjssbU9Je1I2RDoZPOLgxX8gxf2-2BzsuoGYoVqnaS5CYR1Z5WEWAcZP0wmQbm4ikqer-2BGrlVppyDdPw-2BxPiObQZTbU2ZeclEy9V5nUC-2BnwlvdDmQwsjghHkHuJFiwInVWpyiCgGFo0uYjlPs3G8hdAgJBJu-2F-2B0K864-3D#ZmluYW5jZUBjbGVhcnZpZXcuYWk= |
File size: | 185072 bytes |
MD5 hash: | 2418204e23e2952e7995f1819a1f78f5 |