Joe Sandbox Cloud Basic Analysis Report
Play interactive tourEdit tour

macOS Analysis Report http://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Overview

General Information

Sample URL:http://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Analysis ID:1114
Infos:

Most interesting Screenshot:

Detection

Score:1
Range:0 - 100
Whitelisted:false

Signatures

Opens the Safari browser app
Writes JavaScript files to disk

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox Version:33.0.0 White Diamond
Analysis ID:1114
Start date:11.08.2021
Start time:19:40:55
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 3s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:urldownload.jbs
Sample URL:http://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Analysis system description:Virtual Machine, High Sierra (Office 2016 v16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:default
Detection:CLEAN
Classification:clean1.mac@0/7@1/0
Warnings:
  • Excluded IPs from analysis (whitelisted): 18.156.205.85, 104.111.214.42, 93.184.220.29, 23.37.43.27, 17.253.55.202, 17.253.55.204, 17.253.55.206, 17.253.54.123, 17.253.34.251, 17.253.54.251, 17.253.54.253, 17.253.34.253
  • TCP Packets have been reduced to 100
  • Excluded domains from analysis (whitelisted): cdn.smoot.apple.com, time-macos.apple.com, time-osx.g.aaplimg.com, smoot-searchv2-euc1a.v.aaplimg.com, ocsp-a.g.aaplimg.com, gateway.icloud.com, g.symcd.com, e673.dsce9.akamaiedge.net, e8218.dscb1.akamaiedge.net, crl.apple.com, api.smoot.apple.com, bag-smoot.v.aaplimg.com, ocsp-ds.ws.symantec.com.edgekey.net, valid.apple.com, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, api-glb-euc1a.smoot.apple.com, configuration.apple.com, ocsp.apple.com, valid.origin-apple.com.akadns.net, cdn.smoot.g.aaplimg.com, ocsp.digicert.com, valid-apple.g.aaplimg.com, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net
  • Report size getting too big, too many PREAD calls found.

Process Tree

  • System is macvm-highsierra
  • curl (MD5: 078cd73f58d3d8f875eed22522ff73f7) Arguments:
  • Safari (MD5: 8e18be737fe87f19fe7a97b4821e2005) Arguments: /Applications/Safari.app/Contents/MacOS/Safari
  • cleanup

Yara Overview

No yara matches

Jbx Signature Overview

  • Compliance
  • Networking
  • System Summary
  • Persistence and Installation Behavior
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 104.16.148.64:443 -> 192.168.11.11:49193 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.145.100:443 -> 192.168.11.11:49199 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 104.76.200.212
Source: unknownTCP traffic detected without corresponding DNS query: 104.76.200.212
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15Accept: */*
Source: unknownDNS traffic detected: queries for: cdn.cookielaw.org
Source: /usr/bin/curl (PID: 552)Reads from socket in process: data
Source: .dat.nosync022f.Yka7fz.247.drString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49193
Source: unknownNetwork traffic detected: HTTP traffic on port 49193 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49199 -> 443
Source: /usr/bin/curl (PID: 552)Writes from socket in process: data
Source: unknownHTTPS traffic detected: 104.16.148.64:443 -> 192.168.11.11:49193 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.145.100:443 -> 192.168.11.11:49199 version: TLS 1.2
Source: classification engineClassification label: clean1.mac@0/7@1/0
Source: /usr/libexec/xpcproxy (PID: 559)Safari app opened: /Applications/Safari.app/Contents/MacOS/Safari
Source: /usr/bin/curl (PID: 552)JavaScript file created: /Users/berri/Desktop/download/otSDKStub.jsJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 559)Random device file read: /dev/urandomJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 559)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 559)XML plist file created: /Users/berri/Library/Safari/.dat.nosync022f.Yka7fzJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 559)Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync022f.F2F7txJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 559)Binary plist file created: /Users/berri/Library/Safari/.dat.nosync022f.PKWYacJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 559)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsScripting1Plist Modification1Plist Modification1Scripting1OS Credential DumpingSystem Information Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferIngress Tool Transfer1SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1114 URL: http://cdn.cookielaw.org/sc... Startdate: 11/08/2021 Architecture: MAC Score: 1 9 104.76.200.212, 49191, 80 HINETDataCommunicationBusinessGroupTW United States 2->9 11 cdn.cookielaw.org 104.16.148.64, 443, 49192, 49193 CLOUDFLARENETUS United States 2->11 13 gateway.fe.apple-dns.net 2->13 5 xpcproxy Safari 5 2->5         started        7 mono-sgen32 curl 1 2->7         started        process3

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

cam-macmac-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://cdn.cookielaw.org/scripttemplates/otSDKStub.js0%VirustotalBrowse
http://cdn.cookielaw.org/scripttemplates/otSDKStub.js0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
gateway.fe.apple-dns.net0%VirustotalBrowse

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
gateway.fe.apple-dns.net
17.248.145.100
truefalseunknown
cdn.cookielaw.org
104.16.148.64
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    http://cdn.cookielaw.org/scripttemplates/otSDKStub.jsfalse
      		high

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      104.16.148.64
      		cdn.cookielaw.orgUnited States
      		13335CLOUDFLARENETUSfalse
      104.76.200.212
      		unknownUnited States
      		3462HINETDataCommunicationBusinessGroupTWfalse

      Joe Sandbox View / Context

      IPs

      No context

      Domains

      No context

      ASN

      No context

      JA3 Fingerprints

      No context

      Dropped Files

      No context


      Runtime Messages

      Command:open "/Users/berri/Desktop/download/otSDKStub.js" --args
      Exit Code:0
      Exit Code Info:
      Killed:False
      Standard Output:

      Standard Error:

      Created / dropped Files

      /Users/berri/Desktop/download/otSDKStub.js
      Process:/usr/bin/curl
      File Type:ASCII text, with very long lines
      Category:dropped
      Size (bytes):18980
      Entropy (8bit):5.3338374894840825
      Encrypted:false
      SSDEEP:192:QQp/7PwSgaX8swswcTa2VFQbcMreCsMFHRymXUxcjHVYRVOgzwwGBaJ+7iIKBw:DRrFsBsfTaiBMFHRy0V2VuwG4J+uIKBw
      MD5:F180AA7CC67F34C65ED943EA4FD2164D
      SHA1:A8A64EE6DE4F8335AF2F45FC2C1B982AC3ACE64F
      SHA-256:0E45F3B0DAD8AA0528790A6DD6DD2831BB8547129BD1320C10FD120118F44616
      SHA-512:0DD6374860B3BF808F4B93B1D7EFE47E65315EA2D6BC1C778A6804F11CB30A14F0A753D7D68D460324F797818553895883C5C0EB88EC6C4B89777FA736D6B8DD
      Malicious:false
      Reputation:low
      Preview: var OneTrustStub=function(e){"use strict";var t,o,n,i,a,r,s,l,c,p,u,d,m,h,f,g,b,A,y,v,C,I,w,S,T,L,R,B,D,P,_,E,G,U,O,k,F,V,N,x,j,H,M,K,z,q,J,W,Y,Q,X,Z,$,ee=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.IABCookieValue="",this.oneTrustIABCookieName="eupubconsent",this.oneTrustIsIABCrossConsentEnableParam="isIABGlobal",this.isStubReady=!0,this.geolocationCookiesParam="geolocation",this.EUCOUNTRIES=["BE","BG","CZ","DK","DE","EE","IE","GR","ES","FR","IT","CY","LV","LT","LU","HU","MT","NL","AT","PL","PT","RO","SI","SK","FI","SE","GB","HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",this.userLocation={country:"",state:""}};(o=t=t||{})[o.Unknown=0]="Unknown",o[o.BannerCloseButton=1]="BannerCloseButton",o[
      /Users/berri/Library/Safari/.dat.nosync022f.PKWYac
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Apple binary property list
      Category:dropped
      Size (bytes):1531
      Entropy (8bit):7.243139433123091
      Encrypted:false
      SSDEEP:24:/MVp+dVGmEH3oFqB2h9HoTAqg94t0uNfvvU7ws7iRNGOKkrqq/C/rraIFhAIyrf6:E3Nmr9oTlg94TfnU7Z+RZKeSeIIf5sl
      MD5:3D94D40D28A6C235A6D56D793CA52C13
      SHA1:EAF8517E7427A31C4F7977BF7E49709CA14844C2
      SHA-256:E04DF22A85CAC6C8EBC8D8D3881FBCB0D9B4ADC776D1F40D89D0731B98B7C970
      SHA-512:6A82D9FAD91AF782D33D0602E8413E6D87D61FA29DF3EF68BF808F153E7AF9D92FADC0D5FF4DAE067E6ADD30E2E59ACC736C20B63D397225322C4A9BC5FB7CA6
      Malicious:false
      Reputation:low
      Preview: bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A.b/.......S2.0_.$B2FBEBF7-61E9-40A1-ABFE-3F1B58B468C6_..{{0, 52}, {1024, 693}}.... !."#.$%&'()*.,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O..d..e7C2...g.....@..4.I...iH.=[`..:..(...,xI...q#i.Z.y..?..4....VbsQK......K....J....s...5.........;..t`w7 .9.5wQGi\.|@.I.d..dU.R_A.m...W.b .|2....RlJ..>..S.,.-..@.9..sK...3.d..+.gRS.*S..A.#..8is..-\f.Q.Nc#.......<Y....?F..X2-N>e.......N.6.@...H..c.D...........=25X.......#."...?.).._x=.i<a.....*.D..1rg.T.....hD.z.......\.k........Z.BH..j......*.e@u`uNF...[.......$.z.?..^.Z........6O.H..
      /Users/berri/Library/Safari/.dat.nosync022f.Yka7fz
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:XML 1.0 document, ASCII text
      Category:dropped
      Size (bytes):1012
      Entropy (8bit):5.286991847916908
      Encrypted:false
      SSDEEP:24:2dfyiwHuG5Ku3hu65juqVrTrmuGoTxR1F1xW:cfyP5Z/5PrUon1F1xW
      MD5:0C29425555C7FF0CA114B1FD0DC39C50
      SHA1:D7D808E8BE92462F4C3CEBA66734F0E9BB26ACDD
      SHA-256:52826AFEEC974BB7BACB85BDC01DC4F23BF917D65E04773D7CAD393F7866F3FD
      SHA-512:D9C8364A85F4B4A96CAAC1409F32F9D6B2F8AE19201E0ABD2D449A3EEDADD471E99E44BC92DEB5D8FB60287DA64A88E61B45F759E7B9A383A9BBE5F5FD242F95
      Malicious:false
      Reputation:low
      Preview: <?xml version="1.0" encoding="UTF-8"?>.<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">.<plist version="1.0">.<dict>..<key>SingleDeviceSaveChangesThrottlingPolicy</key>..<string>1:1440</string>..<key>MultipleDeviceSaveChangesThrottlingPolicy</key>..<string>50:1 | 10:2 | 10:5 | 10:30 | 9:40 | 1:510</string>..<key>SingleDeviceFetchChangesThrottlingPolicy</key>..<string>11:15 | 1:1275</string>..<key>MultipleDeviceFetchChangesThrottlingPolicy</key>..<string>50:1 | 50:3 | 20:4 | 20:5 | 20:15 | 20:18 | 20:20</string>..<key>SyncCircleSizeRetrievalThrottlingPolicy</key>..<string>1:1440</string>..<key>MaximumRequestLimitCharacterCount</key>..<integer>100000</integer>..<key>SyncWindow</key>..<real>1209600</real>..<key>HistoryModificationIdleDelayBeforeSyncAttemptKey</key>..<integer>90</integer>..<key>HistoryRemovalIdleDelayBeforeSyncAttempt</key>..<integer>6</integer>..<key>SaveChangesBeforeTerminationTimeout</key>..<integer>1</integer>.</dic
      /dev/null
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:ASCII text
      Category:dropped
      Size (bytes):61
      Entropy (8bit):4.715344460719975
      Encrypted:false
      SSDEEP:3:tUI36mKkRXF2gQzS4e/3WOv:mA6mKkxMBSBmA
      MD5:EF7CB3BE9CD85B537677D5C962937F63
      SHA1:E39B7593569195FA556C8635D621289811D10F97
      SHA-256:336C158FE73EAD994439E3D69FF37DC84BB617185D8E99F69055A0163D407283
      SHA-512:4699046BCC3618B458F86D1027F5539DDDC6D0B8FFBFC989BDDC8DD62F86E8656CB93A38D6F93CAF71D44F78B9FDB9C342F3440B37E5DFC233B3533A565FF5FB
      Malicious:false
      Reputation:low
      Preview: 2021-08-11 21:41:51.542 Safari[559:5047] ApplePersistence=NO.
      /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync022f.F2F7tx
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Apple binary property list
      Category:dropped
      Size (bytes):76
      Entropy (8bit):3.9370658315190226
      Encrypted:false
      SSDEEP:3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
      MD5:CDC65B5F112547EAFAE0F16F9C149426
      SHA1:AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
      SHA-256:1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
      SHA-512:E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
      Malicious:false
      Reputation:low
      Preview: bplist00..._..ExtensionArchivesExtracted...(...............................)
      /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsDirectory.db_
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mac OS X Keychain File
      Category:dropped
      Size (bytes):48908
      Entropy (8bit):3.533948990143748
      Encrypted:false
      SSDEEP:384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/
      MD5:09070E01FA6ED1973D94FAD50C35E3ED
      SHA1:7546663E66F9889EE3365A7A0BE372300C6022CA
      SHA-256:2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F
      SHA-512:621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3
      Malicious:false
      Reputation:low
      Preview: kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R
      /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/C/mds/mdsObject.db_
      Process:/Applications/Safari.app/Contents/MacOS/Safari
      File Type:Mac OS X Keychain File
      Category:dropped
      Size (bytes):4404
      Entropy (8bit):3.5113078915037033
      Encrypted:false
      SSDEEP:48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX
      MD5:D487F899A14AE98519B46D51BC810F1B
      SHA1:64877ECFBE47ED66EED545B2449BBE8B22B775D0
      SHA-256:4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D
      SHA-512:EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40
      Malicious:false
      Reputation:low
      Preview: kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....

      Static File Info

      No static file info

      Network Behavior

      Network Port Distribution

      • Total Packets: 64
      • 443 (HTTPS)
      • 80 (HTTP)
      • 53 (DNS)
      TimestampSource PortDest PortSource IPDest IP
      Aug 11, 2021 19:41:46.098912001 CEST4919280192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.106843948 CEST8049192104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.107384920 CEST4919280192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.107954025 CEST4919280192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.115827084 CEST8049192104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.121783018 CEST8049192104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.122270107 CEST4919280192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.128981113 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.136868954 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.137461901 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.147699118 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.155407906 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.188366890 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.188462019 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.188966036 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.205569983 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.213397980 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.229357958 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.229424000 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.229897976 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.229950905 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.231414080 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.231456995 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.231467009 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.231532097 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.232084036 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.239329100 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.239423037 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.239474058 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.239517927 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.239728928 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.255733013 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.256176949 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.287925005 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.287975073 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288043022 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288094044 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288141012 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288184881 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288218021 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288264990 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288338900 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288388014 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288475037 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288510084 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288553953 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288599014 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288644075 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288688898 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288733959 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288778067 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288836002 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.288868904 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.289239883 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289298058 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289315939 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289329052 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289340019 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289350986 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289362907 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289374113 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289386034 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289396048 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289407015 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.289417982 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.292023897 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.292068958 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.292186022 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.292406082 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.292700052 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.293024063 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.293396950 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.293828964 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.294838905 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.294883013 CEST4919280192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.304529905 CEST8049192104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.305356026 CEST4919280192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:46.310693026 CEST44349193104.16.148.64192.168.11.11
      Aug 11, 2021 19:41:46.311198950 CEST49193443192.168.11.11104.16.148.64
      Aug 11, 2021 19:41:53.721322060 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.729443073 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.729904890 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.730426073 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.738492966 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.738591909 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.738640070 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.738686085 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.739099979 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.739146948 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.739490986 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.739543915 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.740017891 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.819926977 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.828218937 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.828277111 CEST4434919917.248.145.100192.168.11.11
      Aug 11, 2021 19:41:53.828877926 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.828965902 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.864943981 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.865029097 CEST49199443192.168.11.1117.248.145.100
      Aug 11, 2021 19:41:53.865041018 CEST49199443192.168.11.1117.248.145.100
      TimestampSource PortDest PortSource IPDest IP
      Aug 11, 2021 19:41:46.085927010 CEST6010153192.168.11.111.1.1.1
      Aug 11, 2021 19:41:46.094423056 CEST53601011.1.1.1192.168.11.11
      Aug 11, 2021 19:41:51.813941956 CEST4915553192.168.11.111.1.1.1
      Aug 11, 2021 19:41:51.822818995 CEST53491551.1.1.1192.168.11.11
      Aug 11, 2021 19:41:52.297590017 CEST4985253192.168.11.111.1.1.1
      Aug 11, 2021 19:41:52.306158066 CEST53498521.1.1.1192.168.11.11
      Aug 11, 2021 19:41:52.364577055 CEST5467753192.168.11.111.1.1.1
      Aug 11, 2021 19:41:52.374073029 CEST53546771.1.1.1192.168.11.11
      Aug 11, 2021 19:41:53.709847927 CEST5509653192.168.11.111.1.1.1
      Aug 11, 2021 19:41:53.719535112 CEST53550961.1.1.1192.168.11.11
      Aug 11, 2021 19:41:53.781239986 CEST5942353192.168.11.111.1.1.1
      Aug 11, 2021 19:41:53.790591002 CEST53594231.1.1.1192.168.11.11
      Aug 11, 2021 19:42:00.416820049 CEST5683053192.168.11.111.1.1.1
      Aug 11, 2021 19:42:00.426314116 CEST53568301.1.1.1192.168.11.11
      Aug 11, 2021 19:42:01.093364000 CEST6484553192.168.11.111.1.1.1
      Aug 11, 2021 19:42:01.102942944 CEST53648451.1.1.1192.168.11.11
      Aug 11, 2021 19:42:18.243860960 CEST5353853192.168.11.111.1.1.1
      Aug 11, 2021 19:42:18.252944946 CEST53535381.1.1.1192.168.11.11
      Aug 11, 2021 19:42:54.671742916 CEST6321153192.168.11.111.1.1.1
      Aug 11, 2021 19:42:54.680540085 CEST53632111.1.1.1192.168.11.11
      Aug 11, 2021 19:42:54.933306932 CEST5782553192.168.11.111.1.1.1
      Aug 11, 2021 19:42:54.945630074 CEST53578251.1.1.1192.168.11.11

      DNS Queries

      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
      Aug 11, 2021 19:41:46.085927010 CEST192.168.11.111.1.1.10xdcbStandard query (0)cdn.cookielaw.orgA (IP address)IN (0x0001)

      DNS Answers

      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
      Aug 11, 2021 19:41:46.094423056 CEST1.1.1.1192.168.11.110xdcbNo error (0)cdn.cookielaw.org104.16.148.64A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:46.094423056 CEST1.1.1.1192.168.11.110xdcbNo error (0)cdn.cookielaw.org104.16.149.64A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.100A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.205A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.140A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.83A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.139A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.239A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.167A (IP address)IN (0x0001)
      Aug 11, 2021 19:41:53.719535112 CEST1.1.1.1192.168.11.110x476dNo error (0)gateway.fe.apple-dns.net17.248.145.210A (IP address)IN (0x0001)

      HTTP Request Dependency Graph

      • cdn.cookielaw.org

      HTTP Packets

      Session IDSource IPSource PortDestination IPDestination Port
      0192.168.11.1149192104.16.148.6480
      TimestampkBytes transferredDirectionData
      Aug 11, 2021 19:41:46.107954025 CEST0OUTGET /scripttemplates/otSDKStub.js HTTP/1.1
      Host: cdn.cookielaw.org
      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15
      Accept: */*
      Aug 11, 2021 19:41:46.121783018 CEST1INHTTP/1.1 301 Moved Permanently
      Date: Wed, 11 Aug 2021 17:41:46 GMT
      Transfer-Encoding: chunked
      Connection: keep-alive
      Cache-Control: max-age=3600
      Expires: Wed, 11 Aug 2021 18:41:46 GMT
      Location: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
      X-Content-Type-Options: nosniff
      Server: cloudflare
      CF-RAY: 67d341b3284005d8-FRA
      Data Raw: 30 0d 0a 0d 0a
      Data Ascii: 0


      HTTPS Packets

      TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
      Aug 11, 2021 19:41:46.188462019 CEST104.16.148.64443192.168.11.1149193CN=cookielaw.org, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IETue Jun 01 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020Wed Jun 01 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025771,52244-52243-52245-49200-49196-49192-49188-49172-49162-163-159-107-106-57-56-65413-196-195-136-135-129-49202-49198-49194-49190-49167-49157-157-61-53-192-132-49199-49195-49191-49187-49171-49161-162-158-103-64-51-50-190-189-69-68-49201-49197-49193-49189-49166-49156-156-60-47-186-65-49170-49160-22-19-49165-49155-10-255,0-11-10-13-13172-16-21,14-13-25-28-11-12-27-24-9-10-26-22-23-8-6-7-20-21-4-5-18-19-1-2-3-15-16-17,0-1-22a26b1a62e40d25d4de3babc9d532f30
      CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025
      Aug 11, 2021 19:41:53.739490986 CEST17.248.145.100443192.168.11.1149199C=US, ST=California, O=Apple Inc., CN=gateway.icloud.com C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=GeoTrust Global CA, O=GeoTrust Inc., C=USTue Jun 22 13:54:06 CEST 2021 Wed Dec 12 13:00:00 CET 2018 Mon Jun 16 17:42:02 CEST 2014Fri Jul 22 13:54:05 CEST 2022 Wed May 07 14:00:00 CEST 2025 Fri May 20 17:42:02 CEST 2022771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,03e4e87dda5a3162306609b7e330441d2
      C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEWed Dec 12 13:00:00 CET 2018Wed May 07 14:00:00 CEST 2025
      C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1CN=GeoTrust Global CA, O=GeoTrust Inc., C=USMon Jun 16 17:42:02 CEST 2014Fri May 20 17:42:02 CEST 2022

      System Behavior

      Analysis Process: mono-sgen32 PID: 552 Parent PID: 477

      General

      Start time:19:41:45
      Start date:11/08/2021
      Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
      Arguments:n/a
      File size:3722408 bytes
      MD5 hash:8910349f44a940d8d79318367855b236

      Analysis Process: curl PID: 552 Parent PID: 477

      General

      Start time:19:41:45
      Start date:11/08/2021
      Path:/usr/bin/curl
      Arguments:
      File size:185104 bytes
      MD5 hash:078cd73f58d3d8f875eed22522ff73f7

      File Activities

      Analysis Process: xpcproxy PID: 559 Parent PID: 1

      General

      Start time:19:41:51
      Start date:11/08/2021
      Path:/usr/libexec/xpcproxy
      Arguments:n/a
      File size:43488 bytes
      MD5 hash:d1bb9a4899f0af921e8188218b20d744

      File Activities

      Analysis Process: Safari PID: 559 Parent PID: 1

      General

      Start time:19:41:51
      Start date:11/08/2021
      Path:/Applications/Safari.app/Contents/MacOS/Safari
      Arguments:/Applications/Safari.app/Contents/MacOS/Safari
      File size:20896 bytes
      MD5 hash:8e18be737fe87f19fe7a97b4821e2005

      File Activities