Edit tour

macOS Analysis Report
https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F

Overview

General Information

Sample URL:	https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F
Analysis ID:	1660774
Infos:

Detection

Score:	1
Range:	0 - 100

Signatures

Writes HTML files containing JavaScript to disk

Writes HTML files containing suspicious ad-related keywords to disk

Classification

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1660774
Start date and time:	2025-04-09 14:38:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 27s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F
Analysis system description:	Virtual Machine, Mojave (Office 16 16.27, Java 11.0.2+9, Adobe Reader 2019.010.20099)
macOS major version:	10.14
CPU architecture:	x86_64
Analysis Mode:	default
Detection:	CLEAN
Classification:	clean1.mac@0/1@2/0

Warnings

Excluded IPs from analysis (whitelisted): 17.253.97.206, 17.253.97.201, 172.64.149.23, 104.18.38.233, 23.199.49.152, 17.253.97.205, 17.253.3.137, 17.253.3.133, 17.36.200.79, 23.203.176.221, 17.253.3.139, 17.253.3.131, 17.253.3.134, 23.58.90.40
Excluded domains from analysis (whitelisted): e11408.d.akamaiedge.net, updates.cdn-apple.com.akadns.net, gateway.icloud.com, e3913.cd.akamaiedge.net, crl.apple.com, certs.g.aaplimg.com, ocsp.comodoca.com, ocsp.digicert.com, itunes.apple.com.edgekey.net, help.apple.com, init.itunes.apple.com, mesu-cdn.apple.com.akadns.net, lcdn-locator-usuqo.apple.com.akadns.net, ocsp.comodoca.com.cdn.cloudflare.net, ocsp.usertrust.com, e673.dsce9.akamaiedge.net, certs-lb.apple.com.akadns.net, help-ar.apple.com.edgekey.net, lb._dns-sd._udp.0.11.168.192.in-addr.arpa, mesu-cdn.origin-apple.com.akadns.net, lcdn-locator.apple.com.akadns.net, help.origin-apple.com.akadns.net, certs.apple.com, lcdn-locator.apple.com, mesu.g.aaplimg.com, updates.g.aaplimg.com, mesu.apple.com, updates.cdn-apple.com, init-cdn.itunes-apple.com.akadns.net
VT rate limit hit for: https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F

Runtime Messages

Command:	open "/Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F"
PID:	620
Exit Code:	1
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:	No application knows how to open /Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F.

Process Tree

System is macvm-mojave

xpcproxy New Fork (PID: 610, Parent: 1)

nsurlstoraged (MD5: 321b0a40e24b45f0af49ba42742b3f64) Arguments: /usr/libexec/nsurlstoraged --privileged

mono-sgen32 New Fork (PID: 612, Parent: 537)

curl (MD5: 2418204e23e2952e7995f1819a1f78f5) Arguments: /usr/bin/curl -t 2 -v --connect-timeout 10 -L --remote-name --insecure --silent --user-agent Mozilla/5.0 (Macintosh Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15 https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F

mono-sgen32 New Fork (PID: 620, Parent: 537)

open (MD5: 34bd93241fa5d2aee225941b1ca14fa4) Arguments: /usr/bin/open /Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F

xpcproxy New Fork (PID: 639, Parent: 1)

eficheck (MD5: 328beb81a2263449258057506bb4987f) Arguments: /usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

cleanup

Yara Signatures

⊘No yara matches

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

• Compliance
• Networking
• Spam, unwanted Advertisements and Ransom Demands
• System Summary
• Persistence and Installation Behavior

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.68:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.11.12:49355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49369 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.58.91.134
Source: unknown	TCP traffic detected without corresponding DNS query: 23.58.91.134
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: www.vysor.io
Source: global traffic	DNS traffic detected: DNS query: h3.apis.apple.map.fastly.net

Source: /usr/bin/curl (PID: 612)

Reads from socket in process: data

Jump to behavior

Source: ?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	String found in binary or memory: https://app.vysor.io/
Source: ?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	String found in binary or memory: https://chrome.google.com/webstore/detail/gidgenkbbabolejbgbpnhbimgjbffefm
Source: ?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	String found in binary or memory: https://nuts.vysor.io/download/
Source: ?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	String found in binary or memory: https://support.vysor.io/
Source: ?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	String found in binary or memory: https://vysordev.clockworkmod.com/#two

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49369
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49368
Source: unknown	Network traffic detected: HTTP traffic on port 49397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49366
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49365
Source: unknown	Network traffic detected: HTTP traffic on port 49391 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49355 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49355
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49398
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49397
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49391
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49366 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49349

Source: /usr/bin/curl (PID: 612)

Writes from socket in process: data

Jump to behavior

Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49347 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 17.248.199.68:443 -> 192.168.11.12:49349 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.67.6:443 -> 192.168.11.12:49351 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.153:443 -> 192.168.11.12:49355 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49365 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49366 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.195.6:443 -> 192.168.11.12:49369 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49391 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.131.6:443 -> 192.168.11.12:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49397 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49398 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49399 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.3.6:443 -> 192.168.11.12:49400 version: TLS 1.2

Source: /usr/bin/curl (PID: 612)

HTML file containing JavaScript created: /Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F

Jump to dropped file

Source: /usr/bin/curl (PID: 612)

HTML file created with suspicious ad-related keywords: /Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F (keywords found: search, ads)

Jump to dropped file

Source: classification engine

Classification label: clean1.mac@0/1@2/0

Source: /usr/libexec/firmwarecheckers/eficheck/eficheck (PID: 639)

Random device file read: /dev/random

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	Path Interception	Direct Volume Access	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Shell
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
gateway.fe2.apple-dns.net	17.248.199.68	true	false	high
h3.apis.apple.map.fastly.net	151.101.3.6	true	false	high
koush.github.io	185.199.108.153	true	false	unknown
www.vysor.io	unknown	unknown	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://app.vysor.io/	?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	false	unknown
https://chrome.google.com/webstore/detail/gidgenkbbabolejbgbpnhbimgjbffefm	?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	false	high
https://nuts.vysor.io/download/	?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	false	high
https://support.vysor.io/	?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	false	unknown
https://vysordev.clockworkmod.com/#two	?return=https%3A%2F%2Fwww.vysor.io%2F.246.dr	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.3.6	h3.apis.apple.map.fastly.net	United States	54113	FASTLYUS	false
23.58.91.134	unknown	United States	16625	AKAMAI-ASUS	false
185.199.108.153	koush.github.io	Netherlands	54113	FASTLYUS	false
151.101.131.6	unknown	United States	54113	FASTLYUS	false
151.101.195.6	unknown	United States	54113	FASTLYUS	false
151.101.67.6	unknown	United States	54113	FASTLYUS	false

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

/Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F

Download File

Process:	/usr/bin/curl
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4067
Entropy (8bit):	5.1768364139716265
Encrypted:	false
SSDEEP:	48:sGlHlkLF32OuXADddh/LPbRtR8xiCzgieEtm7Q+TaQFlo+4fshL4LUBGL6WvQhhN:retZu0dVN4i6+CUrmQh08jakB8onAg
MD5:	25F91D9DBDF12E8BD9A207A9EFFA1B18
SHA1:	10B527854BA4813483CD6C25CE54C40A9D7C922E
SHA-256:	959BADE7FD3233D14C2C9ECBF7F06F62C418841FB3E21781536E6C630E9238A7
SHA-512:	6937F1806919FB069FC793EA6A9AD49ADEC5A99BB98F8BB637CC70D0363015BA0FDA46508DCB5F40DD037A6E596972A81AB4FBEC51363A8FE05F47F02956B09A
Malicious:	false
Reputation:	low
Preview:	<!DOCTYPE HTML>.. ...Fractal by HTML5 UP...html5up.net \| @n33co...Free for personal and commercial use under the CCA 3.0 license (html5up.net/license)..-->..<html>...<head>....<title>Vysor Downloads</title>....<meta charset="utf-8" />....<meta name="viewport" content="width=device-width, initial-scale=1" />....<link rel="stylesheet" href="/assets/css/main.css" />....<link href="/bootstrap/css/bootstrap.min.css" rel="stylesheet" type="text/css">....<link href="/style.css" rel="stylesheet" type="text/css">....<link rel="chrome-webstore-item" href="https://chrome.google.com/webstore/detail/gidgenkbbabolejbgbpnhbimgjbffefm">......<script>....function getUrlVars()....{.... var vars = [], hash;.... var hashes = window.location.href.slice(window.location.href.indexOf('?') + 1).split('&');.... for(var i = 0; i < hashes.length; i++).... {.... hash = hashes[i].split('=');.... vars.push(hash[0]);.... vars[hash[0]] = hash[1];.... }.... return vars;....}...

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 169
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2025 14:39:21.244163036 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.245505095 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.245522022 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.245536089 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.245551109 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.246371984 CEST	49347	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.246371984 CEST	49347	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.249722004 CEST	49347	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.263010025 CEST	49347	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.305753946 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.328423977 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.359183073 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.359200001 CEST	443	49347	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.361120939 CEST	49347	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.402000904 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.403320074 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.405011892 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.424472094 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.426328897 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.428565025 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.501516104 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.502608061 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.502650023 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.502679110 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.502707005 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.503597975 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.503679037 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.503987074 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.513503075 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.524668932 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.525064945 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.525110960 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.525305033 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.525722027 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.525959015 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.527652979 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.609597921 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.609672070 CEST	443	49348	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.610774994 CEST	49348	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.624002934 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.624509096 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.626019955 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.677154064 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.721980095 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.723721981 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.723747969 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.723764896 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.723783016 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.724597931 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.724597931 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.724945068 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.733401060 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.773349047 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.773461103 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:21.774022102 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.774107933 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.829446077 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.829555035 CEST	443	49351	151.101.67.6	192.168.11.12
Apr 9, 2025 14:39:21.830076933 CEST	49351	443	192.168.11.12	151.101.67.6
Apr 9, 2025 14:39:21.975045919 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.980947018 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.981040955 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:21.981125116 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.026669025 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.080095053 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.080140114 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.080166101 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.080195904 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.080223083 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.080250025 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.080276966 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.082127094 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.082329988 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.082421064 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.084825993 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.084872961 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.085479021 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.091767073 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.091816902 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.092936993 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.094692945 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.098589897 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.098637104 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.099405050 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.099550962 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.105539083 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.105585098 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.110533953 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.111113071 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.112303972 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.112350941 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.113054991 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.113733053 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.164184093 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.178148985 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.178198099 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.178951979 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.179269075 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.181817055 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.181865931 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.182691097 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.182857990 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.188704014 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.188752890 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.189532995 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.189764977 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.195264101 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.195924997 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.265723944 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.362243891 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.362942934 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.378103018 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.474463940 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.479010105 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.479022980 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.479029894 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.479865074 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.479865074 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.495512962 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:22.507636070 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.591861963 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:22.603739977 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.603785992 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.604782104 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.609549046 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.609672070 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.609672070 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.609916925 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.705698013 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.705713034 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.705723047 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.705729008 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.705735922 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.708564043 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.709172010 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.721709967 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.721760988 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.721832037 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.721833944 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.721904993 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.725423098 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.725423098 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.725423098 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.727493048 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.728359938 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.729523897 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.805175066 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.824315071 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.825463057 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.825625896 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.825685978 CEST	443	49355	185.199.108.153	192.168.11.12
Apr 9, 2025 14:39:22.826183081 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:22.826416016 CEST	49355	443	192.168.11.12	185.199.108.153
Apr 9, 2025 14:39:25.025635958 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:25.029405117 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:25.121685028 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:25.121746063 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:25.122432947 CEST	49349	443	192.168.11.12	17.248.199.68
Apr 9, 2025 14:39:25.125617027 CEST	443	49349	17.248.199.68	192.168.11.12
Apr 9, 2025 14:39:49.525845051 CEST	49344	80	192.168.11.12	23.58.91.134
Apr 9, 2025 14:39:49.622688055 CEST	80	49344	23.58.91.134	192.168.11.12
Apr 9, 2025 14:39:49.623931885 CEST	49344	80	192.168.11.12	23.58.91.134
Apr 9, 2025 14:39:55.046295881 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.142946005 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.144402981 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.145396948 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.241508961 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.243577003 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.243607998 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.243623018 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.243640900 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.244435072 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.244435072 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.249192953 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.267504930 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.292483091 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.363873005 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.363917112 CEST	443	49365	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.364684105 CEST	49365	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.388956070 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.389727116 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.390660048 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.486779928 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.488894939 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.488938093 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.488965034 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.488992929 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.489873886 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.490106106 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.492608070 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.516064882 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.594043970 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.612253904 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.612271070 CEST	443	49366	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.613666058 CEST	49366	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.690418959 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.691278934 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.692177057 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.788469076 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.790050030 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.790092945 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.790122986 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.790152073 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.790788889 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.791002035 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.791501045 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.801266909 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.834408045 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.897794962 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.897838116 CEST	443	49368	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.898756981 CEST	49368	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.930831909 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:55.931619883 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:55.932471991 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:56.029195070 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.030617952 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.030663967 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.030694008 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.030723095 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.032084942 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:56.032159090 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:56.032442093 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:56.040632963 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:39:56.136914015 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.136957884 CEST	443	49369	151.101.195.6	192.168.11.12
Apr 9, 2025 14:39:56.137947083 CEST	49369	443	192.168.11.12	151.101.195.6
Apr 9, 2025 14:40:03.394790888 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.491182089 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.492001057 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.494111061 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.590308905 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.592259884 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.592278004 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.592287064 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.592297077 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.593483925 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.593483925 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.593581915 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.658356905 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.699934959 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.754859924 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.754877090 CEST	443	49391	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.755702972 CEST	49391	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.796282053 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.797245026 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.798841953 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.895060062 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.897465944 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.897511005 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.897537947 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.897567034 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:03.898715019 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.898715019 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.898715019 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:03.915132999 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:04.011322975 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:04.011367083 CEST	443	49392	151.101.131.6	192.168.11.12
Apr 9, 2025 14:40:04.012124062 CEST	49392	443	192.168.11.12	151.101.131.6
Apr 9, 2025 14:40:04.761904001 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:04.858145952 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:04.858963013 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:04.861054897 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:04.957506895 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:04.959698915 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:04.959743977 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:04.959769964 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:04.959798098 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:04.960458994 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:04.960546970 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:04.961555958 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:04.971105099 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:05.067630053 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:05.067678928 CEST	443	49396	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:05.068990946 CEST	49396	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.745615959 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.842087984 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:27.843024969 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.843863010 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.940306902 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:27.941759109 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:27.941807985 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:27.941834927 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:27.941864967 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:27.942544937 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.942639112 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.942771912 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.948875904 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:27.962567091 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.045285940 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.045327902 CEST	443	49397	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.046195030 CEST	49397	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.059416056 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.060329914 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.062474966 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.159437895 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.161555052 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.161597967 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.161624908 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.161693096 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.162533045 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.162533998 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.162632942 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.169637918 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.191627979 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.266510010 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.266555071 CEST	443	49398	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.267462015 CEST	49398	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.287894964 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.288671970 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.294637918 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.390780926 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.392693996 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.392718077 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.392731905 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.392746925 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.393716097 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.393716097 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.403271914 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.430514097 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.499552965 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.499596119 CEST	443	49399	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.500422955 CEST	49399	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.526669025 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.527514935 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.530592918 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.626787901 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.627860069 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.627918005 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.627963066 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.627991915 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.628859997 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.628957033 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.629050016 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.645169020 CEST	49400	443	192.168.11.12	151.101.3.6
Apr 9, 2025 14:40:28.741283894 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.741329908 CEST	443	49400	151.101.3.6	192.168.11.12
Apr 9, 2025 14:40:28.742033958 CEST	49400	443	192.168.11.12	151.101.3.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2025 14:39:22.140794039 CEST	55721	53	192.168.11.12	1.1.1.1
Apr 9, 2025 14:39:22.244425058 CEST	53	55721	1.1.1.1	192.168.11.12
Apr 9, 2025 14:39:46.087713957 CEST	53	52458	1.1.1.1	192.168.11.12
Apr 9, 2025 14:40:27.646454096 CEST	62104	53	192.168.11.12	1.1.1.1
Apr 9, 2025 14:40:27.743206978 CEST	53	62104	1.1.1.1	192.168.11.12

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 9, 2025 14:39:22.140794039 CEST	192.168.11.12	1.1.1.1	0xbd0e	Standard query (0)	www.vysor.io	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:40:27.646454096 CEST	192.168.11.12	1.1.1.1	0xfc67	Standard query (0)	h3.apis.apple.map.fastly.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 9, 2025 14:39:21.322978020 CEST	1.1.1.1	192.168.11.12	0xa1c6	No error (0)	gateway.fe2.apple-dns.net		17.248.199.68	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:21.322978020 CEST	1.1.1.1	192.168.11.12	0xa1c6	No error (0)	gateway.fe2.apple-dns.net		17.248.199.71	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:21.322978020 CEST	1.1.1.1	192.168.11.12	0xa1c6	No error (0)	gateway.fe2.apple-dns.net		17.248.199.70	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:21.322978020 CEST	1.1.1.1	192.168.11.12	0xa1c6	No error (0)	gateway.fe2.apple-dns.net		17.248.199.69	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:21.322978020 CEST	1.1.1.1	192.168.11.12	0xa1c6	No error (0)	gateway.fe2.apple-dns.net		17.248.199.12	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:22.244425058 CEST	1.1.1.1	192.168.11.12	0xbd0e	No error (0)	www.vysor.io	koush.github.io		CNAME (Canonical name)	IN (0x0001)	false
Apr 9, 2025 14:39:22.244425058 CEST	1.1.1.1	192.168.11.12	0xbd0e	No error (0)	koush.github.io		185.199.108.153	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:22.244425058 CEST	1.1.1.1	192.168.11.12	0xbd0e	No error (0)	koush.github.io		185.199.109.153	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:22.244425058 CEST	1.1.1.1	192.168.11.12	0xbd0e	No error (0)	koush.github.io		185.199.110.153	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:39:22.244425058 CEST	1.1.1.1	192.168.11.12	0xbd0e	No error (0)	koush.github.io		185.199.111.153	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:40:27.743206978 CEST	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net		151.101.3.6	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:40:27.743206978 CEST	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net		151.101.67.6	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:40:27.743206978 CEST	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net		151.101.131.6	A (IP address)	IN (0x0001)	false
Apr 9, 2025 14:40:27.743206978 CEST	1.1.1.1	192.168.11.12	0xfc67	No error (0)	h3.apis.apple.map.fastly.net		151.101.195.6	A (IP address)	IN (0x0001)	false

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Apr 9, 2025 14:39:21.245536089 CEST	151.101.67.6	443	192.168.11.12	49347	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030
Apr 9, 2025 14:39:21.245536089 CEST	151.101.67.6	443	192.168.11.12	49347	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030
Apr 9, 2025 14:39:21.502679110 CEST	151.101.67.6	443	192.168.11.12	49348	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:21.502679110 CEST	151.101.67.6	443	192.168.11.12	49348	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:21.525305033 CEST	17.248.199.68	443	192.168.11.12	49349	CN=gateway.icloud.com, O=Apple Inc., ST=California, C=US CN=Apple Public Server ECC CA 1 - G1, O=Apple Inc., C=US CN=Apple Public Server ECC CA 1 - G1, O=Apple Inc., C=US	CN=Apple Public Server ECC CA 1 - G1, O=Apple Inc., C=US CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA - G3	Mon Oct 28 07:43:49 CET 2024 Wed Dec 12 13:00:00 CET 2018 Mon Dec 18 22:12:39 CET 2023	Tue Nov 18 21:36:07 CET 2025 Wed Dec 11 13:00:00 CET 2030 Wed Dec 05 01:00:00 CET 2029	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
					CN=Apple Public Server ECC CA 1 - G1, O=Apple Inc., C=US	CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Dec 12 13:00:00 CET 2018	Wed Dec 11 13:00:00 CET 2030
					CN=Apple Public Server ECC CA 1 - G1, O=Apple Inc., C=US	C=US, O=Apple Inc., OU=Apple Certification Authority, CN=Apple Root CA - G3	Mon Dec 18 22:12:39 CET 2023	Wed Dec 05 01:00:00 CET 2029
Apr 9, 2025 14:39:21.723764896 CEST	151.101.67.6	443	192.168.11.12	49351	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:21.723764896 CEST	151.101.67.6	443	192.168.11.12	49351	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:22.479022980 CEST	185.199.108.153	443	192.168.11.12	49355	CN=www.vysor.io CN=R11, O=Let's Encrypt, C=US	CN=R11, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	Tue Mar 04 04:56:08 CET 2025 Wed Mar 13 01:00:00 CET 2024	Mon Jun 02 05:56:07 CEST 2025 Sat Mar 13 00:59:59 CET 2027	771,52393-52392-52394-49200-49196-49192-49188-49172-49162-159-107-57-65413-196-136-129-157-61-53-192-132-49199-49195-49191-49187-49171-49161-158-103-51-190-69-156-60-47-186-65-49170-49160-22-10-255,0-11-10-13-16,29-23-24,0	a7a5e32c2ca29907256b5de4fbdf61ed
Apr 9, 2025 14:39:22.479022980 CEST	185.199.108.153	443	192.168.11.12	49355	CN=R11, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Wed Mar 13 01:00:00 CET 2024	Sat Mar 13 00:59:59 CET 2027		a7a5e32c2ca29907256b5de4fbdf61ed
Apr 9, 2025 14:39:55.243623018 CEST	151.101.195.6	443	192.168.11.12	49365	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:55.243623018 CEST	151.101.195.6	443	192.168.11.12	49365	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:55.488965034 CEST	151.101.195.6	443	192.168.11.12	49366	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:55.488965034 CEST	151.101.195.6	443	192.168.11.12	49366	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:55.790122986 CEST	151.101.195.6	443	192.168.11.12	49368	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:55.790122986 CEST	151.101.195.6	443	192.168.11.12	49368	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:56.030694008 CEST	151.101.195.6	443	192.168.11.12	49369	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:39:56.030694008 CEST	151.101.195.6	443	192.168.11.12	49369	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:03.592287064 CEST	151.101.131.6	443	192.168.11.12	49391	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:03.592287064 CEST	151.101.131.6	443	192.168.11.12	49391	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:03.897537947 CEST	151.101.131.6	443	192.168.11.12	49392	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:03.897537947 CEST	151.101.131.6	443	192.168.11.12	49392	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:04.959769964 CEST	151.101.3.6	443	192.168.11.12	49396	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:04.959769964 CEST	151.101.3.6	443	192.168.11.12	49396	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:27.941834927 CEST	151.101.3.6	443	192.168.11.12	49397	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:27.941834927 CEST	151.101.3.6	443	192.168.11.12	49397	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:28.161624908 CEST	151.101.3.6	443	192.168.11.12	49398	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:28.161624908 CEST	151.101.3.6	443	192.168.11.12	49398	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:28.392731905 CEST	151.101.3.6	443	192.168.11.12	49399	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:28.392731905 CEST	151.101.3.6	443	192.168.11.12	49399	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:28.627963066 CEST	151.101.3.6	443	192.168.11.12	49400	CN=bag.itunes.apple.com, O=Apple Inc., L=Cupertino, ST=California, C=US, SERIALNUMBER=C0806592, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Tue Feb 04 19:54:22 CET 2025 Wed Apr 29 14:54:50 CEST 2020	Tue Nov 18 20:40:14 CET 2025 Thu Apr 11 01:59:59 CEST 2030	771,49196-49195-49188-49187-49162-49161-52393-49200-49199-49192-49191-49172-49171-52392-157-156-61-60-53-47-49160-49170-10,65281-0-23-13-5-13172-18-16-11-10,29-23-24-25,0	5c118da645babe52f060d0754256a73c
Apr 9, 2025 14:40:28.627963066 CEST	151.101.3.6	443	192.168.11.12	49400	CN=Apple Public EV Server RSA CA 2 - G1, O=Apple Inc., C=US	CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Apr 29 14:54:50 CEST 2020	Thu Apr 11 01:59:59 CEST 2030		5c118da645babe52f060d0754256a73c

System Behavior

Analysis Process: xpcproxy PID: 610, Parent PID: 1

General

Start time (UTC):	12:39:19
Start date (UTC):	09/04/2025
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

File Activities

File Opened

File Read

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: nsurlstoraged PID: 610, Parent PID: 1

General

Start time (UTC):	12:39:19
Start date (UTC):	09/04/2025
Path:	/usr/libexec/nsurlstoraged
Arguments:	/usr/libexec/nsurlstoraged --privileged
File size:	246624 bytes
MD5 hash:	321b0a40e24b45f0af49ba42742b3f64

File Activities

File Opened

File Read

Directory Enumerated

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: mono-sgen32 PID: 612, Parent PID: 537

General

Start time (UTC):	12:39:20
Start date (UTC):	09/04/2025
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

File Activities

File Read (Anonymous Pipes)

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: curl PID: 612, Parent PID: 537

General

Start time (UTC):	12:39:20
Start date (UTC):	09/04/2025
Path:	/usr/bin/curl
Arguments:	/usr/bin/curl -t 2 -v --connect-timeout 10 -L --remote-name --insecure --silent --user-agent Mozilla/5.0 (Macintosh Intel Mac OS X 10_14_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Safari/605.1.15 https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F
File size:	185072 bytes
MD5 hash:	2418204e23e2952e7995f1819a1f78f5

File Activities

File Opened

File Created

File Read

File Read (Sockets)

File Written

File Written (Anonymous Pipe)

File Written (Socket)

File Seeked

Process Activities

Process Exited

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: mono-sgen32 PID: 620, Parent PID: 537

General

Start time (UTC):	12:39:26
Start date (UTC):	09/04/2025
Path:	/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
Arguments:	-
File size:	3722408 bytes
MD5 hash:	8910349f44a940d8d79318367855b236

File Activities

File Read (Anonymous Pipes)

Process Activities

Process Overlayed (Exec)

Chronological Activities

Analysis Process: open PID: 620, Parent PID: 537

General

Start time (UTC):	12:39:26
Start date (UTC):	09/04/2025
Path:	/usr/bin/open
Arguments:	/usr/bin/open /Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F
File size:	105952 bytes
MD5 hash:	34bd93241fa5d2aee225941b1ca14fa4

File Activities

File Opened

File Read

File Written (Anonymous Pipe)

File Seeked

Directory Enumerated

Process Activities

Process Exited

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: xpcproxy PID: 639, Parent PID: 1

General

Start time (UTC):	12:40:06
Start date (UTC):	09/04/2025
Path:	/usr/libexec/xpcproxy
Arguments:	-
File size:	44048 bytes
MD5 hash:	4764d9eafe6b7dac23253a9f8b7f73d6

File Activities

File Opened

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: eficheck PID: 639, Parent PID: 1

General

Start time (UTC):	12:40:06
Start date (UTC):	09/04/2025
Path:	/usr/libexec/firmwarecheckers/eficheck/eficheck
Arguments:	/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon
File size:	74048 bytes
MD5 hash:	328beb81a2263449258057506bb4987f

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

macOS Analysis Report https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Persistence and Installation Behavior

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/Users/bernard/Desktop/download/?return=https%3A%2F%2Fwww.vysor.io%2F

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Connections

System Behavior

Analysis Process: xpcproxy PID: 610, Parent PID: 1

General

File Activities

File Opened

File Read

Process Activities

Process Spawned

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: nsurlstoraged PID: 610, Parent PID: 1

General

File Activities

File Opened

File Read

Directory Enumerated

System Activities

Sysctl Requested

Chronological Activities

Analysis Process: mono-sgen32 PID: 612, Parent PID: 537

General

File Activities

File Read (Anonymous Pipes)

Process Activities

macOS Analysis Report
https://www.vysor.io/download/?return=https%3A%2F%2Fwww.vysor.io%2F