Edit tour
macOS
Analysis Report
http://amazonoofers.com/
Overview
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Writes 64-bit Mach-O files to disk
Reads launchservices plist files
Classification
Analysis Advice
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior. |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 11641 |
Start date and time: | 2023-02-22 12:59:04 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 42s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://amazonoofers.com/ |
Analysis system description: | Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
Analysis Mode: | default |
Detection: | MAL |
Classification: | mal56.mac@0/8@4/0 |
- Excluded IPs from analysis (whitelisted): 3.73.173.154, 2.19.84.22, 142.250.185.170
- Excluded domains from analysis (whitelisted): configuration.apple.com, gateway.icloud.com, e673.dsce9.akamaiedge.net, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, api-glb-euc1b.smoot.apple.com, safebrowsing.googleapis.com, api.smoot.apple.com, bag-smoot.v.aaplimg.com
- Report size getting too big, too many PREAD calls found.
- System is macvm-highsierra
- mono-sgen32 New Fork (PID: 877, Parent: 811)
- xpcproxy New Fork (PID: 878, Parent: 1)
- cleanup
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | SlashNext: |
Source: | Virustotal: | Perma Link |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file |
Source: | Launchservices plist file read: | Jump to behavior |
Source: | AppleKeyboardLayouts info plist opened: | Jump to behavior |
Source: | Random device file read: | Jump to behavior |
Source: | Binary plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 1 Plist Modification | 1 Plist Modification | Direct Volume Access | OS Credential Dumping | 11 System Information Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | phishing | ||
11% | Virustotal | Browse | ||
100% | SlashNext | Credential Stealing type: Phishing & Social Engineering |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
www.cloudflare.com | 104.16.123.96 | true | false | high | |
gateway.fe.apple-dns.net | 17.248.145.147 | true | false | unknown | |
amazonoofers.com | 104.21.2.253 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
false | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
184.30.16.204 | unknown | United States | 16625 | AKAMAI-ASUS | false | |
104.21.2.253 | amazonoofers.com | United States | 13335 | CLOUDFLARENETUS | false |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 1520 |
Entropy (8bit): | 7.236009738296679 |
Encrypted: | false |
SSDEEP: | 24:/MVp+dVGmEH3oFqBNaHoTAqg9mCoNb8hTVG46Y44knc0rVFQfWCzrc8Ck3lsYnxk:E3NmrwYoTlg93yIB04O4kncIRCzBFhG |
MD5: | 52BB306C14EE17A2FE2A6006F9D554C3 |
SHA1: | A1F52DF3C2ED92740C7C03AE8296528F28390112 |
SHA-256: | A653B1F55DAE77F0FD2AA5BB70E630F24BC9846C0A5F63036275A0FCD4327F39 |
SHA-512: | 19D00DF71D400798524FA72B2C1C97C4DF8A8B441E0ABB52A79A7A018AA824CB8B4C0B3DA056332EE6C729053F83E6E4DD815EB3A4F101F4EF579F7A399794B7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 661 |
Entropy (8bit): | 5.251251369861542 |
Encrypted: | false |
SSDEEP: | 12:km6IM6F70p1o/L8hbp1o/L86sTp1o/L8qVZ2p1o/L8UVp1o/LW:f6IM6Z0pg8hbpg8lTpg8uZ2pg8UVpgW |
MD5: | F717286E0C285F97FABB49698E6C9A7F |
SHA1: | 21B9BDD8A9EFC2E692CAD1388CD7B747F1461B93 |
SHA-256: | 5CABCC4605C9CE4E1FF0EB314E9CC56D728FBDC4DF4606B7900BF2AC40A8ADF4 |
SHA-512: | 764CACAF41F20EB9AD7E85F0846BE56A1C0E29F545ED0C04E9EFF040FCE3123B8BE2EFEA49FC1E2423FE227E2C6EA77C028EE4B9793408B726410B084AB2C897 |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync036e.tTAObS
Download File
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 76 |
Entropy (8bit): | 3.9370658315190226 |
Encrypted: | false |
SSDEEP: | 3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH |
MD5: | CDC65B5F112547EAFAE0F16F9C149426 |
SHA1: | AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01 |
SHA-256: | 1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C |
SHA-512: | E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 48908 |
Entropy (8bit): | 3.533948990143748 |
Encrypted: | false |
SSDEEP: | 384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/ |
MD5: | 09070E01FA6ED1973D94FAD50C35E3ED |
SHA1: | 7546663E66F9889EE3365A7A0BE372300C6022CA |
SHA-256: | 2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F |
SHA-512: | 621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4404 |
Entropy (8bit): | 3.5113078915037033 |
Encrypted: | false |
SSDEEP: | 48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX |
MD5: | D487F899A14AE98519B46D51BC810F1B |
SHA1: | 64877ECFBE47ED66EED545B2449BBE8B22B775D0 |
SHA-256: | 4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D |
SHA-512: | EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4780 |
Entropy (8bit): | 5.78784933687558 |
Encrypted: | false |
SSDEEP: | 96:xav2J2yfQoIeVyCxVaBHlZF/jllllllllKflPz5w65:keJ2OQYTTarllllllllKflT |
MD5: | 6903FFA70C6EF8F2493E3E49101C694D |
SHA1: | B70A5F8C3F48BB2251B114500DFFF1CCCE72D966 |
SHA-256: | 633CEE31BFBF56590F6B62891CD0CB55264FD0F01E183036D8E3556B9EFF72D5 |
SHA-512: | 2A8A297AEE0F285EAA494BA5B731D023BF6438E207B83495FF490EB67BE3D9B4E887F91680761E759973D9FEC782B9E0CEC7E1957C4E794739A0DF90E2346D87 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 17444 |
Entropy (8bit): | 4.3447210238494804 |
Encrypted: | false |
SSDEEP: | 384:wqjJcXgiRVP7J3AMqLllllllKfllJlROW:wCa13AMqAOW |
MD5: | 549DFC95EAD667B3F1A30CDFCDBB9054 |
SHA1: | C093D24AAD8B9BEA70E987145F9B3454BA67F610 |
SHA-256: | 84FF7E42DBF003D1902AE5CC1894611C41CBB9CC90B50B4784787C099318901F |
SHA-512: | F0F86072BA480F6659B81B06D4E7A3C1938098B47997EF33B78AD940DBBBD573C7F340C2FF030E8064A13D7A1E9C27B93D2E61C8D65B49DD491C1D14456941E5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4752 |
Entropy (8bit): | 5.761647040683616 |
Encrypted: | false |
SSDEEP: | 96:xKvjeoJ2eQIMA1EVQvOsD1cbY2vF/jllllllllKflNJz5w6w:0dJ2eQpMtxmvrllllllllKfly |
MD5: | 1D6F449D22D11E760495CE85C933ADF8 |
SHA1: | D77F5B05549E51310D0C96347482178EBD23C476 |
SHA-256: | BEF505FE1329E19B4AF2FFFD868C753A0824B96FB4531BD106C810D96EFB1D94 |
SHA-512: | 4A9F4BD053BC5069625D60DDD3E1225E01FCE6B31824C35A12D7CAFAC2AD9BF79EE7785A6860E5549836970D8A4C7968355EC715C652EE1C771EDD9D9D1616A6 |
Malicious: | false |
Reputation: | low |
Preview: |
⊘No static file info
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2023 13:00:07.673037052 CET | 49293 | 80 | 192.168.11.11 | 17.253.15.208 |
Feb 22, 2023 13:00:07.673242092 CET | 49294 | 80 | 192.168.11.11 | 184.30.16.204 |
Feb 22, 2023 13:00:07.682060003 CET | 80 | 49294 | 184.30.16.204 | 192.168.11.11 |
Feb 22, 2023 13:00:07.682666063 CET | 49294 | 80 | 192.168.11.11 | 184.30.16.204 |
Feb 22, 2023 13:00:07.683259964 CET | 80 | 49293 | 17.253.15.208 | 192.168.11.11 |
Feb 22, 2023 13:00:07.683754921 CET | 49293 | 80 | 192.168.11.11 | 17.253.15.208 |
Feb 22, 2023 13:00:08.264317036 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.264400005 CET | 443 | 49306 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:08.264879942 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.265420914 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.265450954 CET | 443 | 49306 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:08.308080912 CET | 443 | 49306 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:08.308780909 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.308780909 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.335217953 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.335427999 CET | 443 | 49306 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:08.335870981 CET | 49306 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:08.514741898 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.523603916 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.524139881 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.524665117 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.533463001 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.545275927 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.545312881 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.545335054 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.546288967 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.546288967 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.576493025 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.587982893 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.588062048 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.588119030 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.588171005 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.588216066 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.589782000 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.589782000 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.589782000 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.589869022 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.603884935 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.614892960 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.615900040 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.675606966 CET | 49311 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.684765100 CET | 80 | 49311 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.685441971 CET | 49311 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.688673973 CET | 49311 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.697799921 CET | 80 | 49311 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.711500883 CET | 80 | 49311 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.712438107 CET | 49311 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.719299078 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.719383955 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.720127106 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.720581055 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.720644951 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.785829067 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.786516905 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.786516905 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.818428993 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.818476915 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.819031000 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.819454908 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.820272923 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.864326000 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.933489084 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.933722973 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:08.934079885 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.934320927 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.935283899 CET | 49312 | 443 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:08.935300112 CET | 443 | 49312 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:13.915643930 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:13.915769100 CET | 443 | 49314 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:13.916412115 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:13.916737080 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:13.916805029 CET | 443 | 49314 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:13.956190109 CET | 443 | 49314 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:13.956742048 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:13.956742048 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:13.966711044 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:13.967000961 CET | 443 | 49314 | 17.248.145.147 | 192.168.11.11 |
Feb 22, 2023 13:00:13.967489004 CET | 49314 | 443 | 192.168.11.11 | 17.248.145.147 |
Feb 22, 2023 13:00:24.379612923 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.379702091 CET | 443 | 49315 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.380278111 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.380954981 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.381026983 CET | 443 | 49315 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.408324957 CET | 443 | 49315 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.409032106 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.409121037 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.424125910 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.424202919 CET | 443 | 49315 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.424503088 CET | 443 | 49315 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.424818993 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.424916983 CET | 49315 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.457650900 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.457679987 CET | 443 | 49316 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.458133936 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.458733082 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.458753109 CET | 443 | 49316 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.483243942 CET | 443 | 49316 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.483948946 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.483992100 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.500274897 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.500329971 CET | 443 | 49316 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.500495911 CET | 443 | 49316 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:24.500968933 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:24.500968933 CET | 49316 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.605222940 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.605371952 CET | 443 | 49317 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:29.605966091 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.606615067 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.606714010 CET | 443 | 49317 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:29.643959999 CET | 443 | 49317 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:29.644943953 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.644943953 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.655102015 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:29.655390978 CET | 443 | 49317 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:29.655926943 CET | 49317 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:39.412256956 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:39.412560940 CET | 49311 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:39.421639919 CET | 80 | 49311 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:39.421734095 CET | 80 | 49310 | 104.21.2.253 | 192.168.11.11 |
Feb 22, 2023 13:00:39.422626972 CET | 49311 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:39.422638893 CET | 49310 | 80 | 192.168.11.11 | 104.21.2.253 |
Feb 22, 2023 13:00:40.140453100 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:40.140599012 CET | 443 | 49318 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:40.141546011 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:40.142173052 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:40.142282963 CET | 443 | 49318 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:40.178073883 CET | 443 | 49318 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:40.179215908 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:40.179320097 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:40.191243887 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:00:40.191554070 CET | 443 | 49318 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:00:40.192090988 CET | 49318 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.916393995 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.916445017 CET | 443 | 49319 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:01:00.916907072 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.917412996 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.917443037 CET | 443 | 49319 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:01:00.944705963 CET | 443 | 49319 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:01:00.945801973 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.945801973 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.958564043 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.958592892 CET | 443 | 49319 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:01:00.958719015 CET | 443 | 49319 | 17.248.248.15 | 192.168.11.11 |
Feb 22, 2023 13:01:00.959247112 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:00.959331989 CET | 49319 | 443 | 192.168.11.11 | 17.248.248.15 |
Feb 22, 2023 13:01:41.514806032 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.514825106 CET | 443 | 49321 | 17.248.145.202 | 192.168.11.11 |
Feb 22, 2023 13:01:41.515266895 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.516834021 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.516846895 CET | 443 | 49321 | 17.248.145.202 | 192.168.11.11 |
Feb 22, 2023 13:01:41.538213968 CET | 443 | 49321 | 17.248.145.202 | 192.168.11.11 |
Feb 22, 2023 13:01:41.538921118 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.539028883 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.551683903 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.551745892 CET | 443 | 49321 | 17.248.145.202 | 192.168.11.11 |
Feb 22, 2023 13:01:41.551925898 CET | 443 | 49321 | 17.248.145.202 | 192.168.11.11 |
Feb 22, 2023 13:01:41.552243948 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Feb 22, 2023 13:01:41.552380085 CET | 49321 | 443 | 192.168.11.11 | 17.248.145.202 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2023 13:00:07.072597027 CET | 53 | 64298 | 1.1.1.1 | 192.168.11.11 |
Feb 22, 2023 13:00:08.495699883 CET | 56895 | 53 | 192.168.11.11 | 1.1.1.1 |
Feb 22, 2023 13:00:08.512707949 CET | 53 | 56895 | 1.1.1.1 | 192.168.11.11 |
Feb 22, 2023 13:00:08.601126909 CET | 63584 | 53 | 192.168.11.11 | 1.1.1.1 |
Feb 22, 2023 13:00:08.610641003 CET | 53 | 63584 | 1.1.1.1 | 192.168.11.11 |
Feb 22, 2023 13:00:13.797166109 CET | 137 | 137 | 192.168.11.11 | 192.168.11.255 |
Feb 22, 2023 13:00:13.797398090 CET | 137 | 137 | 192.168.11.11 | 192.168.11.255 |
Feb 22, 2023 13:00:24.367590904 CET | 57593 | 53 | 192.168.11.11 | 1.1.1.1 |
Feb 22, 2023 13:00:24.377127886 CET | 53 | 57593 | 1.1.1.1 | 192.168.11.11 |
Feb 22, 2023 13:01:41.503743887 CET | 51434 | 53 | 192.168.11.11 | 1.1.1.1 |
Feb 22, 2023 13:01:41.512658119 CET | 53 | 51434 | 1.1.1.1 | 192.168.11.11 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Feb 22, 2023 13:00:08.495699883 CET | 192.168.11.11 | 1.1.1.1 | 0x7b56 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 22, 2023 13:00:08.601126909 CET | 192.168.11.11 | 1.1.1.1 | 0xcc7a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 22, 2023 13:00:24.367590904 CET | 192.168.11.11 | 1.1.1.1 | 0x5767 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Feb 22, 2023 13:01:41.503743887 CET | 192.168.11.11 | 1.1.1.1 | 0xbd76 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.147 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.204 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.199 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.136 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.137 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.141 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.110 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.259052992 CET | 1.1.1.1 | 192.168.11.11 | 0xfa42 | No error (0) | 17.248.145.69 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.512707949 CET | 1.1.1.1 | 192.168.11.11 | 0x7b56 | No error (0) | 104.21.2.253 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.512707949 CET | 1.1.1.1 | 192.168.11.11 | 0x7b56 | No error (0) | 172.67.129.244 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.610641003 CET | 1.1.1.1 | 192.168.11.11 | 0xcc7a | No error (0) | 104.16.123.96 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:08.610641003 CET | 1.1.1.1 | 192.168.11.11 | 0xcc7a | No error (0) | 104.16.124.96 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.248.15 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.248.79 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.145.206 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.248.72 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.248.43 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.145.166 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.145.68 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:00:24.377127886 CET | 1.1.1.1 | 192.168.11.11 | 0x5767 | No error (0) | 17.248.248.52 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.145.202 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.145.206 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.145.170 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.248.71 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.145.72 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.248.10 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.145.100 | A (IP address) | IN (0x0001) | false | ||
Feb 22, 2023 13:01:41.512658119 CET | 1.1.1.1 | 192.168.11.11 | 0xbd76 | No error (0) | 17.248.248.84 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
0 | 192.168.11.11 | 49312 | 104.21.2.253 | 443 |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port |
---|---|---|---|---|
1 | 192.168.11.11 | 49310 | 104.21.2.253 | 80 |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 22, 2023 13:00:08.524665117 CET | 94 | OUT | |
Feb 22, 2023 13:00:08.545275927 CET | 96 | IN |