macOS Analysis Report http://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Opens the Safari browser app
Writes JavaScript files to disk
Classification
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1114 |
Start date: | 11.08.2021 |
Start time: | 19:40:55 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | urldownload.jbs |
Sample URL: | http://cdn.cookielaw.org/scripttemplates/otSDKStub.js |
Analysis system description: | Virtual Machine, High Sierra (Office 2016 v16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
Analysis Mode: | default |
Detection: | CLEAN |
Classification: | clean1.mac@0/7@1/0 |
Warnings: | Show All
|
|
Yara Overview |
---|
No yara matches |
---|
Jbx Signature Overview |
---|
- • Compliance
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | Reads from socket in process: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | Writes from socket in process: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | Safari app opened: |
Source: | JavaScript file created: | Jump to dropped file |
Source: | Random device file read: | Jump to behavior |
Source: | AppleKeyboardLayouts info plist opened: |
Source: | XML plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file |
Source: | System or server version plist file read: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Plist Modification1 | Plist Modification1 | Scripting1 | OS Credential Dumping | System Information Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Ingress Tool Transfer1 | SIM Card Swap | Carrier Billing Fraud |
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
No Antivirus matches |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
No Antivirus matches |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
gateway.fe.apple-dns.net | 17.248.145.100 | true | false |
| unknown |
cdn.cookielaw.org | 104.16.148.64 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.16.148.64 | cdn.cookielaw.org | United States | 13335 | CLOUDFLARENETUS | false | |
104.76.200.212 | unknown | United States | 3462 | HINETDataCommunicationBusinessGroupTW | false |
No context |
---|
No context |
---|
No context |
---|
No context |
---|
No context |
---|
Command: | open "/Users/berri/Desktop/download/otSDKStub.js" --args |
Exit Code: | 0 |
Exit Code Info: | |
Killed: | False |
Standard Output: | |
Standard Error: |
Process: | /usr/bin/curl |
File Type: | |
Category: | dropped |
Size (bytes): | 18980 |
Entropy (8bit): | 5.3338374894840825 |
Encrypted: | false |
SSDEEP: | 192:QQp/7PwSgaX8swswcTa2VFQbcMreCsMFHRymXUxcjHVYRVOgzwwGBaJ+7iIKBw:DRrFsBsfTaiBMFHRy0V2VuwG4J+uIKBw |
MD5: | F180AA7CC67F34C65ED943EA4FD2164D |
SHA1: | A8A64EE6DE4F8335AF2F45FC2C1B982AC3ACE64F |
SHA-256: | 0E45F3B0DAD8AA0528790A6DD6DD2831BB8547129BD1320C10FD120118F44616 |
SHA-512: | 0DD6374860B3BF808F4B93B1D7EFE47E65315EA2D6BC1C778A6804F11CB30A14F0A753D7D68D460324F797818553895883C5C0EB88EC6C4B89777FA736D6B8DD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 1531 |
Entropy (8bit): | 7.243139433123091 |
Encrypted: | false |
SSDEEP: | 24:/MVp+dVGmEH3oFqB2h9HoTAqg94t0uNfvvU7ws7iRNGOKkrqq/C/rraIFhAIyrf6:E3Nmr9oTlg94TfnU7Z+RZKeSeIIf5sl |
MD5: | 3D94D40D28A6C235A6D56D793CA52C13 |
SHA1: | EAF8517E7427A31C4F7977BF7E49709CA14844C2 |
SHA-256: | E04DF22A85CAC6C8EBC8D8D3881FBCB0D9B4ADC776D1F40D89D0731B98B7C970 |
SHA-512: | 6A82D9FAD91AF782D33D0602E8413E6D87D61FA29DF3EF68BF808F153E7AF9D92FADC0D5FF4DAE067E6ADD30E2E59ACC736C20B63D397225322C4A9BC5FB7CA6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 1012 |
Entropy (8bit): | 5.286991847916908 |
Encrypted: | false |
SSDEEP: | 24:2dfyiwHuG5Ku3hu65juqVrTrmuGoTxR1F1xW:cfyP5Z/5PrUon1F1xW |
MD5: | 0C29425555C7FF0CA114B1FD0DC39C50 |
SHA1: | D7D808E8BE92462F4C3CEBA66734F0E9BB26ACDD |
SHA-256: | 52826AFEEC974BB7BACB85BDC01DC4F23BF917D65E04773D7CAD393F7866F3FD |
SHA-512: | D9C8364A85F4B4A96CAAC1409F32F9D6B2F8AE19201E0ABD2D449A3EEDADD471E99E44BC92DEB5D8FB60287DA64A88E61B45F759E7B9A383A9BBE5F5FD242F95 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 61 |
Entropy (8bit): | 4.715344460719975 |
Encrypted: | false |
SSDEEP: | 3:tUI36mKkRXF2gQzS4e/3WOv:mA6mKkxMBSBmA |
MD5: | EF7CB3BE9CD85B537677D5C962937F63 |
SHA1: | E39B7593569195FA556C8635D621289811D10F97 |
SHA-256: | 336C158FE73EAD994439E3D69FF37DC84BB617185D8E99F69055A0163D407283 |
SHA-512: | 4699046BCC3618B458F86D1027F5539DDDC6D0B8FFBFC989BDDC8DD62F86E8656CB93A38D6F93CAF71D44F78B9FDB9C342F3440B37E5DFC233B3533A565FF5FB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 76 |
Entropy (8bit): | 3.9370658315190226 |
Encrypted: | false |
SSDEEP: | 3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH |
MD5: | CDC65B5F112547EAFAE0F16F9C149426 |
SHA1: | AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01 |
SHA-256: | 1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C |
SHA-512: | E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 48908 |
Entropy (8bit): | 3.533948990143748 |
Encrypted: | false |
SSDEEP: | 384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/ |
MD5: | 09070E01FA6ED1973D94FAD50C35E3ED |
SHA1: | 7546663E66F9889EE3365A7A0BE372300C6022CA |
SHA-256: | 2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F |
SHA-512: | 621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4404 |
Entropy (8bit): | 3.5113078915037033 |
Encrypted: | false |
SSDEEP: | 48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX |
MD5: | D487F899A14AE98519B46D51BC810F1B |
SHA1: | 64877ECFBE47ED66EED545B2449BBE8B22B775D0 |
SHA-256: | 4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D |
SHA-512: | EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
- Total Packets: 64
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 11, 2021 19:41:46.098912001 CEST | 49192 | 80 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.106843948 CEST | 80 | 49192 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.107384920 CEST | 49192 | 80 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.107954025 CEST | 49192 | 80 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.115827084 CEST | 80 | 49192 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.121783018 CEST | 80 | 49192 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.122270107 CEST | 49192 | 80 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.128981113 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.136868954 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.137461901 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.147699118 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.155407906 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.188366890 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.188462019 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.188966036 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.205569983 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.213397980 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.229357958 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.229424000 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.229897976 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.229950905 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.231414080 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.231456995 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.231467009 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.231532097 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.232084036 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.239329100 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.239423037 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.239474058 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.239517927 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.239728928 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.255733013 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.256176949 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.287925005 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.287975073 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288043022 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288094044 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288141012 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288184881 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288218021 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288264990 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288338900 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288388014 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288475037 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288510084 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288553953 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288599014 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288644075 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288688898 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288733959 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288778067 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288836002 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.288868904 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.289239883 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289298058 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289315939 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289329052 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289340019 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289350986 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289362907 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289374113 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289386034 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289396048 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289407015 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.289417982 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.292023897 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.292068958 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.292186022 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.292406082 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.292700052 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.293024063 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.293396950 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.293828964 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.294838905 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.294883013 CEST | 49192 | 80 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.304529905 CEST | 80 | 49192 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.305356026 CEST | 49192 | 80 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:46.310693026 CEST | 443 | 49193 | 104.16.148.64 | 192.168.11.11 |
Aug 11, 2021 19:41:46.311198950 CEST | 49193 | 443 | 192.168.11.11 | 104.16.148.64 |
Aug 11, 2021 19:41:53.721322060 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.729443073 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.729904890 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.730426073 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.738492966 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.738591909 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.738640070 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.738686085 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.739099979 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.739146948 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.739490986 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.739543915 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.740017891 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.819926977 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.828218937 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.828277111 CEST | 443 | 49199 | 17.248.145.100 | 192.168.11.11 |
Aug 11, 2021 19:41:53.828877926 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.828965902 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.864943981 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.865029097 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Aug 11, 2021 19:41:53.865041018 CEST | 49199 | 443 | 192.168.11.11 | 17.248.145.100 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 11, 2021 19:41:46.085927010 CEST | 60101 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:41:46.094423056 CEST | 53 | 60101 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:41:51.813941956 CEST | 49155 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:41:51.822818995 CEST | 53 | 49155 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:41:52.297590017 CEST | 49852 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:41:52.306158066 CEST | 53 | 49852 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:41:52.364577055 CEST | 54677 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:41:52.374073029 CEST | 53 | 54677 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:41:53.709847927 CEST | 55096 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:41:53.719535112 CEST | 53 | 55096 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:41:53.781239986 CEST | 59423 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:41:53.790591002 CEST | 53 | 59423 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:42:00.416820049 CEST | 56830 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:42:00.426314116 CEST | 53 | 56830 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:42:01.093364000 CEST | 64845 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:42:01.102942944 CEST | 53 | 64845 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:42:18.243860960 CEST | 53538 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:42:18.252944946 CEST | 53 | 53538 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:42:54.671742916 CEST | 63211 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:42:54.680540085 CEST | 53 | 63211 | 1.1.1.1 | 192.168.11.11 |
Aug 11, 2021 19:42:54.933306932 CEST | 57825 | 53 | 192.168.11.11 | 1.1.1.1 |
Aug 11, 2021 19:42:54.945630074 CEST | 53 | 57825 | 1.1.1.1 | 192.168.11.11 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 11, 2021 19:41:46.085927010 CEST | 192.168.11.11 | 1.1.1.1 | 0xdcb | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 11, 2021 19:41:46.094423056 CEST | 1.1.1.1 | 192.168.11.11 | 0xdcb | No error (0) | 104.16.148.64 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:46.094423056 CEST | 1.1.1.1 | 192.168.11.11 | 0xdcb | No error (0) | 104.16.149.64 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.100 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.205 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.140 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.83 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.139 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.239 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.167 | A (IP address) | IN (0x0001) | ||
Aug 11, 2021 19:41:53.719535112 CEST | 1.1.1.1 | 192.168.11.11 | 0x476d | No error (0) | 17.248.145.210 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.11.11 | 49192 | 104.16.148.64 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Aug 11, 2021 19:41:46.107954025 CEST | 0 | OUT | |
Aug 11, 2021 19:41:46.121783018 CEST | 1 | IN |
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Aug 11, 2021 19:41:46.188462019 CEST | 104.16.148.64 | 443 | 192.168.11.11 | 49193 | CN=cookielaw.org, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Tue Jun 01 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020 | Wed Jun 01 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025 | 771,52244-52243-52245-49200-49196-49192-49188-49172-49162-163-159-107-106-57-56-65413-196-195-136-135-129-49202-49198-49194-49190-49167-49157-157-61-53-192-132-49199-49195-49191-49187-49171-49161-162-158-103-64-51-50-190-189-69-68-49201-49197-49193-49189-49166-49156-156-60-47-186-65-49170-49160-22-19-49165-49155-10-255,0-11-10-13-13172-16-21,14-13-25-28-11-12-27-24-9-10-26-22-23-8-6-7-20-21-4-5-18-19-1-2-3-15-16-17,0-1-2 | 2a26b1a62e40d25d4de3babc9d532f30 |
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:48:08 CET 2020 | Wed Jan 01 00:59:59 CET 2025 | |||||||
Aug 11, 2021 19:41:53.739490986 CEST | 17.248.145.100 | 443 | 192.168.11.11 | 49199 | C=US, ST=California, O=Apple Inc., CN=gateway.icloud.com C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 | C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE CN=GeoTrust Global CA, O=GeoTrust Inc., C=US | Tue Jun 22 13:54:06 CEST 2021 Wed Dec 12 13:00:00 CET 2018 Mon Jun 16 17:42:02 CEST 2014 | Fri Jul 22 13:54:05 CEST 2022 Wed May 07 14:00:00 CEST 2025 Fri May 20 17:42:02 CEST 2022 | 771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47,65281-0-23-13-5-13172-18-16-11-10,29-23-24,0 | 3e4e87dda5a3162306609b7e330441d2 |
C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Wed Dec 12 13:00:00 CET 2018 | Wed May 07 14:00:00 CEST 2025 | |||||||
C=US, O=Apple Inc., OU=Certification Authority, CN=Apple IST CA 2 - G1 | CN=GeoTrust Global CA, O=GeoTrust Inc., C=US | Mon Jun 16 17:42:02 CEST 2014 | Fri May 20 17:42:02 CEST 2022 |
System Behavior |
---|
Start time: | 19:41:45 |
Start date: | 11/08/2021 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | n/a |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
Start time: | 19:41:45 |
Start date: | 11/08/2021 |
Path: | /usr/bin/curl |
Arguments: | |
File size: | 185104 bytes |
MD5 hash: | 078cd73f58d3d8f875eed22522ff73f7 |
File Activities
Start time: | 19:41:51 |
Start date: | 11/08/2021 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 43488 bytes |
MD5 hash: | d1bb9a4899f0af921e8188218b20d744 |
File Activities
Start time: | 19:41:51 |
Start date: | 11/08/2021 |
Path: | /Applications/Safari.app/Contents/MacOS/Safari |
Arguments: | /Applications/Safari.app/Contents/MacOS/Safari |
File size: | 20896 bytes |
MD5 hash: | 8e18be737fe87f19fe7a97b4821e2005 |