Loading Joe Sandbox Report ...

Edit tour

macOS Analysis Report
http://amazonoofers.com/

Overview

General Information

Sample URL:http://amazonoofers.com/
Analysis ID:11641
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Writes 64-bit Mach-O files to disk
Reads launchservices plist files

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:11641
Start date and time:2023-02-22 12:59:04 +01:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 42s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://amazonoofers.com/
Analysis system description:Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099)
Analysis Mode:default
Detection:MAL
Classification:mal56.mac@0/8@4/0
  • Excluded IPs from analysis (whitelisted): 3.73.173.154, 2.19.84.22, 142.250.185.170
  • Excluded domains from analysis (whitelisted): configuration.apple.com, gateway.icloud.com, e673.dsce9.akamaiedge.net, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, api-glb-euc1b.smoot.apple.com, safebrowsing.googleapis.com, api.smoot.apple.com, bag-smoot.v.aaplimg.com
  • Report size getting too big, too many PREAD calls found.
  • System is macvm-highsierra
  • open (MD5: 40ed6d8f35c9f20484b97582d296398f) Arguments:
  • Safari (MD5: 8e18be737fe87f19fe7a97b4821e2005) Arguments: /Applications/Safari.app/Contents/MacOS/Safari
  • cleanup
No yara matches
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://amazonoofers.com/Avira URL Cloud: detection malicious, Label: phishing
Source: http://amazonoofers.com/SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Source: http://amazonoofers.com/Virustotal: Detection: 11%Perma Link
Source: unknownHTTPS traffic detected: 17.248.145.147:443 -> 192.168.11.11:49306 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.2.253:443 -> 192.168.11.11:49312 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.145.147:443 -> 192.168.11.11:49314 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49315 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49316 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49317 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49318 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49319 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.145.202:443 -> 192.168.11.11:49321 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: amazonoofers.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49315
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49314
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49312
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49321
Source: unknownNetwork traffic detected: HTTP traffic on port 49319 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49318 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49317 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49314 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49315 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49316 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49312 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49321 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49306 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49319
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49318
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49306
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49317
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49316
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.15.208
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.16.204
Source: unknownTCP traffic detected without corresponding DNS query: 184.30.16.204
Source: unknownTCP traffic detected without corresponding DNS query: 17.253.15.208
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: amazonoofers.comConnection: keep-aliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: http://amazonoofers.com/Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: amazonoofers.comUpgrade-Insecure-Requests: 1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: gzip, deflateConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: amazonoofers.comConnection: keep-aliveAccept: text/css,*/*;q=0.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: http://amazonoofers.com/Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: amazonoofers.comConnection: keep-aliveAccept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: http://amazonoofers.com/Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: amazonoofers.comConnection: keep-aliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: http://amazonoofers.com/Accept-Encoding: gzip, deflate
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 Feb 2023 12:00:08 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQjTtp2KwWbblPuwmz5Ka31hKPI%2BRj%2F%2BzwZs1Fam%2Bc6U3DqGMuVaBwlnxgVl3LqwEOysUTncOPNR9dQI658tMWc7sn5PoLcxkrgHuAuqVIPGEs1Ahq1ethGRYKZph16DoZVE"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 79d78f472c602ba3-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: .dat.nosync036e.Dw20Li.257.drString found in binary or memory: http://amazonoofers.com/
Source: unknownHTTPS traffic detected: 17.248.145.147:443 -> 192.168.11.11:49306 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.2.253:443 -> 192.168.11.11:49312 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.145.147:443 -> 192.168.11.11:49314 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49315 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49316 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49317 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49318 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49319 version: TLS 1.2
Source: unknownHTTPS traffic detected: 17.248.145.202:443 -> 192.168.11.11:49321 version: TLS 1.2
Source: classification engineClassification label: mal56.mac@0/8@4/0
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-FM3qzuJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-Uv1TFwJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-zARZj1Jump to dropped file
Source: /usr/bin/open (PID: 877)Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plistJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plistJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)Random device file read: /dev/urandomJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync036e.tTAObSJump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)Binary plist file created: /Users/berri/Library/Safari/.dat.nosync036e.Dw20LiJump to dropped file
Source: /usr/bin/open (PID: 877)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 878)System or server version plist file read: /System/Library/CoreServices/SystemVersion.plistJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management Instrumentation1
Plist Modification
1
Plist Modification
Direct Volume AccessOS Credential Dumping11
System Information Discovery
Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Shell
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


cam-macmac-stand
SourceDetectionScannerLabelLink
http://amazonoofers.com/100%Avira URL Cloudphishing
http://amazonoofers.com/11%VirustotalBrowse
http://amazonoofers.com/100%SlashNextCredential Stealing type: Phishing & Social Engineering
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
www.cloudflare.com
104.16.123.96
truefalse
    high
    gateway.fe.apple-dns.net
    17.248.145.147
    truefalse
      unknown
      amazonoofers.com
      104.21.2.253
      truefalse
        unknown
        NameMaliciousAntivirus DetectionReputation
        http://amazonoofers.com/true
          unknown
          https://amazonoofers.com/favicon.icofalse
            unknown
            http://amazonoofers.com/cdn-cgi/images/icon-exclamation.png?1376755637true
              unknown
              http://amazonoofers.com/cdn-cgi/styles/cf.errors.csstrue
                unknown
                http://amazonoofers.com/favicon.icotrue
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  184.30.16.204
                  unknownUnited States
                  16625AKAMAI-ASUSfalse
                  104.21.2.253
                  amazonoofers.comUnited States
                  13335CLOUDFLARENETUSfalse
                  No context
                  No context
                  No context
                  No context
                  No context
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Apple binary property list
                  Category:dropped
                  Size (bytes):1520
                  Entropy (8bit):7.236009738296679
                  Encrypted:false
                  SSDEEP:24:/MVp+dVGmEH3oFqBNaHoTAqg9mCoNb8hTVG46Y44knc0rVFQfWCzrc8Ck3lsYnxk:E3NmrwYoTlg93yIB04O4kncIRCzBFhG
                  MD5:52BB306C14EE17A2FE2A6006F9D554C3
                  SHA1:A1F52DF3C2ED92740C7C03AE8296528F28390112
                  SHA-256:A653B1F55DAE77F0FD2AA5BB70E630F24BC9846C0A5F63036275A0FCD4327F39
                  SHA-512:19D00DF71D400798524FA72B2C1C97C4DF8A8B441E0ABB52A79A7A018AA824CB8B4C0B3DA056332EE6C729053F83E6E4DD815EB3A4F101F4EF579F7A399794B7
                  Malicious:false
                  Reputation:low
                  Preview:bplist00.....^SessionVersion^SessionWindowsS1.0............................9_..SelectedTabIndex\TabBarHiddenZDateClosed_..FavoritesBarHidden]IsPopupWindow_. PrefersReadingListSidebarVisible\Miniaturized_..WindowStateVersionZWindowUUID_..WindowContentRectYTabStates_..IsPrivateWindow_..SelectedPinnedTabIndex...3A..$.?.+....S2.0_.$455A0227-7D15-469D-9C1B-4B94CEFB0D35_..{{0, 52}, {1024, 693}}.... !."#.$%&'()*.,-...0123456.\IsDisposable\SessionState_..AncestorTabIdentifers_..SessionStateIsEncryptedXTabIndex]LastVisitTimeWTabUUIDVTabURL]TabIdentifierXTabTitle_..ProcessIdentifierWIsMuted.O..XG..X..i.#.+O%.'...tf]...&......I`..._.YG..:......_..YG..k7W.HX.....)(.H..%.PZ..\.S.c.\ui]..4.=...^Z..g...S..a.$.FN.Z..(G....#b.....qk.rJ...{.FQ.ai.&5...)..4Uv..-h^=.\._..{.......4D..I.'.ln%.Qk..S|.t......<.....r.i.S.O..A?..d<..@..b./..r|.\.`i..L.C..t%.h.Tp..:F....PbOqz...9..-...O.9.......H..._..z ..1..G0)!cK.vH+...Q.r..M.t.i.[ .mYz.....C.Z.s.HR.FH....7....t_..."..J...d.:63~K..r.....
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):661
                  Entropy (8bit):5.251251369861542
                  Encrypted:false
                  SSDEEP:12:km6IM6F70p1o/L8hbp1o/L86sTp1o/L8qVZ2p1o/L8UVp1o/LW:f6IM6Z0pg8hbpg8lTpg8uZ2pg8UVpgW
                  MD5:F717286E0C285F97FABB49698E6C9A7F
                  SHA1:21B9BDD8A9EFC2E692CAD1388CD7B747F1461B93
                  SHA-256:5CABCC4605C9CE4E1FF0EB314E9CC56D728FBDC4DF4606B7900BF2AC40A8ADF4
                  SHA-512:764CACAF41F20EB9AD7E85F0846BE56A1C0E29F545ED0C04E9EFF040FCE3123B8BE2EFEA49FC1E2423FE227E2C6EA77C028EE4B9793408B726410B084AB2C897
                  Malicious:false
                  Reputation:low
                  Preview:2023-02-22 14:00:05.498 Safari[878:6788] ApplePersistence=NO.2023-02-22 14:00:06.085 Safari[878:6827] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-02-22 14:00:06.220 Safari[878:6824] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-02-22 14:00:06.578 Safari[878:6819] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-02-22 14:00:07.390 Safari[878:6818] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).2023-02-22 14:00:07.479 Safari[878:6790] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813).
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Apple binary property list
                  Category:dropped
                  Size (bytes):76
                  Entropy (8bit):3.9370658315190226
                  Encrypted:false
                  SSDEEP:3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH
                  MD5:CDC65B5F112547EAFAE0F16F9C149426
                  SHA1:AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01
                  SHA-256:1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C
                  SHA-512:E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7
                  Malicious:false
                  Reputation:low
                  Preview:bplist00..._..ExtensionArchivesExtracted...(...............................)
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Mac OS X Keychain File
                  Category:dropped
                  Size (bytes):48908
                  Entropy (8bit):3.533948990143748
                  Encrypted:false
                  SSDEEP:384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/
                  MD5:09070E01FA6ED1973D94FAD50C35E3ED
                  SHA1:7546663E66F9889EE3365A7A0BE372300C6022CA
                  SHA-256:2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F
                  SHA-512:621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3
                  Malicious:false
                  Reputation:low
                  Preview:kych...........................`...X...p..S0..SX..Th..T...T...[...^h...........L...X...............T...........d...................t...............t...........<...............P...........0...........$...p...........l...........X.......@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...D.......................!...%@.......MDS_CDSADIR_CSSM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_KRMM_RECORDTYPE....D.......................!...%@.......MDS_CDSADIR_EMM_RECORDTYPE.....L.......................!...%@......"MDS_CDSADIR_EMM_PRIMARY_RECORDTYPE.....H.......................!...%@.......MDS_CDSADIR_COMMON_RECORDTYPE......L.......................!...%@......"MDS_CDSADIR_CSP_PRIMARY_RECORDTYPE.....P.......................!...%@......%MDS_CDSADIR_CSP_CAPABILITY_R
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Mac OS X Keychain File
                  Category:dropped
                  Size (bytes):4404
                  Entropy (8bit):3.5113078915037033
                  Encrypted:false
                  SSDEEP:48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX
                  MD5:D487F899A14AE98519B46D51BC810F1B
                  SHA1:64877ECFBE47ED66EED545B2449BBE8B22B775D0
                  SHA-256:4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D
                  SHA-512:EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40
                  Malicious:false
                  Reputation:low
                  Preview:kych.......................................d...................0...............0...p...........@...@.......................!...%........CSSM_DL_DB_SCHEMA_INFO.....D.......................!...%........CSSM_DL_DB_SCHEMA_ATTRIBUTES...D.......................!...%........CSSM_DL_DB_SCHEMA_INDEXES......H.......................!...%....... CSSM_DL_DB_SCHEMA_PARSING_MODULE...@.......................!...%@.......MDS_OBJECT_RECORDTYPE..............h........... ...`........... ...@.......................-...1...5...9...=@..............................X...............P................... ...p...........l...........d...........P...........H...........,...............h...........P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................RelationName.......P.......................1...5...9...=.......M................RelationID.........P.......................1...5...9...=.......M................AttributeID........X....
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
                  Category:dropped
                  Size (bytes):4780
                  Entropy (8bit):5.78784933687558
                  Encrypted:false
                  SSDEEP:96:xav2J2yfQoIeVyCxVaBHlZF/jllllllllKflPz5w65:keJ2OQYTTarllllllllKflT
                  MD5:6903FFA70C6EF8F2493E3E49101C694D
                  SHA1:B70A5F8C3F48BB2251B114500DFFF1CCCE72D966
                  SHA-256:633CEE31BFBF56590F6B62891CD0CB55264FD0F01E183036D8E3556B9EFF72D5
                  SHA-512:2A8A297AEE0F285EAA494BA5B731D023BF6438E207B83495FF490EB67BE3D9B4E887F91680761E759973D9FEC782B9E0CEC7E1957C4E794739A0DF90E2346D87
                  Malicious:false
                  Reputation:low
                  Preview:.................... ...............(...__TEXT..........................................................__text..........__TEXT..................[.......................................__const.........__TEXT..........`.......@.......`...............................__literal4......__TEXT..........................................................__compact_unwind__LD....................@.......................................__eh_frame......__TEXT..................h..........................h............__opencl........__TEXT..........P...............P...................................H...__LINKEDIT................................................................P/^(G....@.`.."...0.......................................h...........h...................P...................................................................................................................................................................................................................................................
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
                  Category:dropped
                  Size (bytes):17444
                  Entropy (8bit):4.3447210238494804
                  Encrypted:false
                  SSDEEP:384:wqjJcXgiRVP7J3AMqLllllllKfllJlROW:wCa13AMqAOW
                  MD5:549DFC95EAD667B3F1A30CDFCDBB9054
                  SHA1:C093D24AAD8B9BEA70E987145F9B3454BA67F610
                  SHA-256:84FF7E42DBF003D1902AE5CC1894611C41CBB9CC90B50B4784787C099318901F
                  SHA-512:F0F86072BA480F6659B81B06D4E7A3C1938098B47997EF33B78AD940DBBBD573C7F340C2FF030E8064A13D7A1E9C27B93D2E61C8D65B49DD491C1D14456941E5
                  Malicious:false
                  Reputation:low
                  Preview:........................................__TEXT...................0...............0......................__text..........__TEXT..........P...............P...............................__const.........__TEXT...........(......P........(..............................__literal4......__TEXT..........0+..............0+..............................__compact_unwind__LD............H+......@.......H+..............................__eh_frame......__TEXT...........+......h........+.................h............__symbol_stub1..__TEXT...........+...............+..............................__stub_helper...__TEXT...........+...............+..............................__opencl........__TEXT...........,...............,......................................__DATA...........0...............0..............................__nl_symbol_ptr.__DATA...........0...............0..............................__la_symbol_ptr.__DATA...........0...............0..................................H...__LINKEDIT......
                  Process:/Applications/Safari.app/Contents/MacOS/Safari
                  File Type:Mach-O 64-bit x86_64 bundle, flags:<NOUNDEFS|DYLDLINK|TWOLEVEL>
                  Category:dropped
                  Size (bytes):4752
                  Entropy (8bit):5.761647040683616
                  Encrypted:false
                  SSDEEP:96:xKvjeoJ2eQIMA1EVQvOsD1cbY2vF/jllllllllKflNJz5w6w:0dJ2eQpMtxmvrllllllllKfly
                  MD5:1D6F449D22D11E760495CE85C933ADF8
                  SHA1:D77F5B05549E51310D0C96347482178EBD23C476
                  SHA-256:BEF505FE1329E19B4AF2FFFD868C753A0824B96FB4531BD106C810D96EFB1D94
                  SHA-512:4A9F4BD053BC5069625D60DDD3E1225E01FCE6B31824C35A12D7CAFAC2AD9BF79EE7785A6860E5549836970D8A4C7968355EC715C652EE1C771EDD9D9D1616A6
                  Malicious:false
                  Reputation:low
                  Preview:.................... ...............(...__TEXT..........................................................__text..........__TEXT..................k.......................................__const.........__TEXT..................@.......................................__literal4......__TEXT..........................................................__compact_unwind__LD....................@.......................................__eh_frame......__TEXT..................h..........................h............__opencl........__TEXT..........p...............p...................................H...__LINKEDIT...............................................................{..T@_.d...a.C"...0.......................................X...........X...................P...................................................................................................................................................................................................................................................
                  No static file info
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 22, 2023 13:00:07.673037052 CET4929380192.168.11.1117.253.15.208
                  Feb 22, 2023 13:00:07.673242092 CET4929480192.168.11.11184.30.16.204
                  Feb 22, 2023 13:00:07.682060003 CET8049294184.30.16.204192.168.11.11
                  Feb 22, 2023 13:00:07.682666063 CET4929480192.168.11.11184.30.16.204
                  Feb 22, 2023 13:00:07.683259964 CET804929317.253.15.208192.168.11.11
                  Feb 22, 2023 13:00:07.683754921 CET4929380192.168.11.1117.253.15.208
                  Feb 22, 2023 13:00:08.264317036 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.264400005 CET4434930617.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:08.264879942 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.265420914 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.265450954 CET4434930617.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:08.308080912 CET4434930617.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:08.308780909 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.308780909 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.335217953 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.335427999 CET4434930617.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:08.335870981 CET49306443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:08.514741898 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.523603916 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.524139881 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.524665117 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.533463001 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.545275927 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.545312881 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.545335054 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.546288967 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.546288967 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.576493025 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.587982893 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.588062048 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.588119030 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.588171005 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.588216066 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.589782000 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.589782000 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.589782000 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.589869022 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.603884935 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.614892960 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.615900040 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.675606966 CET4931180192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.684765100 CET8049311104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.685441971 CET4931180192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.688673973 CET4931180192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.697799921 CET8049311104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.711500883 CET8049311104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.712438107 CET4931180192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.719299078 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.719383955 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.720127106 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.720581055 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.720644951 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.785829067 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.786516905 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.786516905 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.818428993 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.818476915 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.819031000 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.819454908 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.820272923 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.864326000 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.933489084 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.933722973 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:08.934079885 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.934320927 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.935283899 CET49312443192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:08.935300112 CET44349312104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:13.915643930 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:13.915769100 CET4434931417.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:13.916412115 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:13.916737080 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:13.916805029 CET4434931417.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:13.956190109 CET4434931417.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:13.956742048 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:13.956742048 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:13.966711044 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:13.967000961 CET4434931417.248.145.147192.168.11.11
                  Feb 22, 2023 13:00:13.967489004 CET49314443192.168.11.1117.248.145.147
                  Feb 22, 2023 13:00:24.379612923 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.379702091 CET4434931517.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.380278111 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.380954981 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.381026983 CET4434931517.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.408324957 CET4434931517.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.409032106 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.409121037 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.424125910 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.424202919 CET4434931517.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.424503088 CET4434931517.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.424818993 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.424916983 CET49315443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.457650900 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.457679987 CET4434931617.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.458133936 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.458733082 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.458753109 CET4434931617.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.483243942 CET4434931617.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.483948946 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.483992100 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.500274897 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.500329971 CET4434931617.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.500495911 CET4434931617.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:24.500968933 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:24.500968933 CET49316443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.605222940 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.605371952 CET4434931717.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:29.605966091 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.606615067 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.606714010 CET4434931717.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:29.643959999 CET4434931717.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:29.644943953 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.644943953 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.655102015 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:29.655390978 CET4434931717.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:29.655926943 CET49317443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:39.412256956 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:39.412560940 CET4931180192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:39.421639919 CET8049311104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:39.421734095 CET8049310104.21.2.253192.168.11.11
                  Feb 22, 2023 13:00:39.422626972 CET4931180192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:39.422638893 CET4931080192.168.11.11104.21.2.253
                  Feb 22, 2023 13:00:40.140453100 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:40.140599012 CET4434931817.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:40.141546011 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:40.142173052 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:40.142282963 CET4434931817.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:40.178073883 CET4434931817.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:40.179215908 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:40.179320097 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:40.191243887 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:00:40.191554070 CET4434931817.248.248.15192.168.11.11
                  Feb 22, 2023 13:00:40.192090988 CET49318443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.916393995 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.916445017 CET4434931917.248.248.15192.168.11.11
                  Feb 22, 2023 13:01:00.916907072 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.917412996 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.917443037 CET4434931917.248.248.15192.168.11.11
                  Feb 22, 2023 13:01:00.944705963 CET4434931917.248.248.15192.168.11.11
                  Feb 22, 2023 13:01:00.945801973 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.945801973 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.958564043 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.958592892 CET4434931917.248.248.15192.168.11.11
                  Feb 22, 2023 13:01:00.958719015 CET4434931917.248.248.15192.168.11.11
                  Feb 22, 2023 13:01:00.959247112 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:00.959331989 CET49319443192.168.11.1117.248.248.15
                  Feb 22, 2023 13:01:41.514806032 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.514825106 CET4434932117.248.145.202192.168.11.11
                  Feb 22, 2023 13:01:41.515266895 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.516834021 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.516846895 CET4434932117.248.145.202192.168.11.11
                  Feb 22, 2023 13:01:41.538213968 CET4434932117.248.145.202192.168.11.11
                  Feb 22, 2023 13:01:41.538921118 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.539028883 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.551683903 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.551745892 CET4434932117.248.145.202192.168.11.11
                  Feb 22, 2023 13:01:41.551925898 CET4434932117.248.145.202192.168.11.11
                  Feb 22, 2023 13:01:41.552243948 CET49321443192.168.11.1117.248.145.202
                  Feb 22, 2023 13:01:41.552380085 CET49321443192.168.11.1117.248.145.202
                  TimestampSource PortDest PortSource IPDest IP
                  Feb 22, 2023 13:00:07.072597027 CET53642981.1.1.1192.168.11.11
                  Feb 22, 2023 13:00:08.495699883 CET5689553192.168.11.111.1.1.1
                  Feb 22, 2023 13:00:08.512707949 CET53568951.1.1.1192.168.11.11
                  Feb 22, 2023 13:00:08.601126909 CET6358453192.168.11.111.1.1.1
                  Feb 22, 2023 13:00:08.610641003 CET53635841.1.1.1192.168.11.11
                  Feb 22, 2023 13:00:13.797166109 CET137137192.168.11.11192.168.11.255
                  Feb 22, 2023 13:00:13.797398090 CET137137192.168.11.11192.168.11.255
                  Feb 22, 2023 13:00:24.367590904 CET5759353192.168.11.111.1.1.1
                  Feb 22, 2023 13:00:24.377127886 CET53575931.1.1.1192.168.11.11
                  Feb 22, 2023 13:01:41.503743887 CET5143453192.168.11.111.1.1.1
                  Feb 22, 2023 13:01:41.512658119 CET53514341.1.1.1192.168.11.11
                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                  Feb 22, 2023 13:00:08.495699883 CET192.168.11.111.1.1.10x7b56Standard query (0)amazonoofers.comA (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.601126909 CET192.168.11.111.1.1.10xcc7aStandard query (0)www.cloudflare.comA (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.367590904 CET192.168.11.111.1.1.10x5767Standard query (0)gateway.fe.apple-dns.netA (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.503743887 CET192.168.11.111.1.1.10xbd76Standard query (0)gateway.fe.apple-dns.netA (IP address)IN (0x0001)false
                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.147A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.204A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.199A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.136A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.137A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.141A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.110A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.259052992 CET1.1.1.1192.168.11.110xfa42No error (0)gateway.fe.apple-dns.net17.248.145.69A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.512707949 CET1.1.1.1192.168.11.110x7b56No error (0)amazonoofers.com104.21.2.253A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.512707949 CET1.1.1.1192.168.11.110x7b56No error (0)amazonoofers.com172.67.129.244A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.610641003 CET1.1.1.1192.168.11.110xcc7aNo error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:08.610641003 CET1.1.1.1192.168.11.110xcc7aNo error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.248.15A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.248.79A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.145.206A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.248.72A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.248.43A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.145.166A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.145.68A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:00:24.377127886 CET1.1.1.1192.168.11.110x5767No error (0)gateway.fe.apple-dns.net17.248.248.52A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.145.202A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.145.206A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.145.170A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.248.71A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.145.72A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.248.10A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.145.100A (IP address)IN (0x0001)false
                  Feb 22, 2023 13:01:41.512658119 CET1.1.1.1192.168.11.110xbd76No error (0)gateway.fe.apple-dns.net17.248.248.84A (IP address)IN (0x0001)false
                  • amazonoofers.com
                  Session IDSource IPSource PortDestination IPDestination Port
                  0192.168.11.1149312104.21.2.253443
                  TimestampkBytes transferredDirectionData


                  Session IDSource IPSource PortDestination IPDestination Port
                  1192.168.11.1149310104.21.2.25380
                  TimestampkBytes transferredDirectionData
                  Feb 22, 2023 13:00:08.524665117 CET94OUTGET / HTTP/1.1
                  Host: amazonoofers.com
                  Upgrade-Insecure-Requests: 1
                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
                  Accept-Language: en-us
                  Accept-Encoding: gzip, deflate
                  Connection: keep-alive
                  Feb 22, 2023 13:00:08.545275927 CET96INHTTP/1.1 200 OK
                  Date: Wed, 22 Feb 2023 12:00:08 GMT
                  Content-Type: text/html; charset=UTF-8
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  X-Frame-Options: SAMEORIGIN
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UuLAXEPwkkzFoatti%2FMliRZS%2FUj5cKVIcrfqT1sZhSC0jAhYwf5tjAd5umvKZNFxK231d7yHubO8fh4qHGd1bZ%2FaQVLoRYHk0bXwFiin86ObP8%2Fa4S%2FVqPCoULpLO83EFJmy"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Vary: Accept-Encoding
                  Server: cloudflare
                  CF-RAY: 79d78f454ea69950-FRA
                  Content-Encoding: gzip
                  Data Raw: 36 65 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a5 58 fb 6f db 38 12 fe dd 7f c5 54 0b 24 36 10 5a 8e d7 79 d4 96 05 f4 5a 5f 11 a0 7b cd 5e d3 db 5d 2c 8a 80 22 47 32 2f 14 a9 23 e9 d7 e6 f2 bf 2f a8 87 23 3f 92 de e2 90 00 11 c9 e1 37 0f 0e bf 19 26 7a f3 e1 f3 fb bb df 6e 67 30 77 b9 8c 3b d1 1b 42 7e 17 29 48 07 37 33 b8 fa 16 43 e4 17 80 49 6a ed 34 50 9a fc db 82 c0 4b d0 92 0b 0c 40 52 95 4d 03 54 e4 eb 97 20 86 e8 cd ef a8 b8 48 bf 11 f2 0c 55 e3 00 1c 87 ba fa 6b 50 d7 af 40 5d ff 05 a8 cc d5 68 7e e2 98 97 87 28 84 ec 22 cd 91 f2 b8 13 39 e1 24 c6 5f 16 b6 40 e6 90 43 31 17 76 2e 54 06 56 38 84 ff c2 7b a9 17 3c 95 d4 60 14 56 b2 9d 28 47 47 81 cd a9 b1 e8 a6 c1 d7 bb bf 93 eb 00 c2 66 61 ee 5c 41 f0 3f 0b b1 9c 06 ef b5 72 a8 1c b9 db 14 18 00 ab 46 d3 c0 e1 da 85 de e6 c9 16 e6 35 94 5f c9 d7 77 e4 bd ce 0b ea 44 22 db 40 37 b3 e9 8c 67 d8 da a7 68 8e d3 c0 e8 44 3b db 12 54 5a 28 8e eb 33 50 3a d5 52 ea d5 c1 96 a5 c0 55 a1 8d 6b 6d 5a 09 ee e6 53 8e 4b c1 90 94 83 33 a1 84 13 54 12 cb a8 c4 e9 79 85 22 85 7a 00 83 72 1a 58 b7 91 68 e7 88 2e 00 c1 a7 01 4b ef ab 29 c2 ac 0d 60 6e 30 9d 06 21 e3 8a b0 4c 84 d5 52 c8 d2 3e 1a a3 8d ed 97 42 e1 7e 1e bf fd 16 bf ac e2 f4 59 85 40 af e5 f4 bb 5a 04 36 8a 76 33 a2 14 8c 13 cd 37 8f 39 35 99 50 e3 c1 a4 a0 9c 0b 95 8d 07 4f 51 05 14 77 3a ad 2c 44 6f df f9 a0 ce c3 4e 64 99 11 85 8b 3b 00 22 85 ee 1b 45 97 22 a3 4e 9b 3e d3 fa 41 e0 4c d1 44 22 ef c1 63 c7 5f 83 95 50 5c af fa 94 f3 d9 12 95 fb 24 ac 43 85 a6 7b fa e1 f3 4f 75 e6 7c d2 94 23 3f 3d 83 74 a1 98 13 5a 41 b7 d9 0d b0 a4 06 6a 60 09 53 e0 9a 2d 72 54 ae 9f a1 9b 49 f4 9f 7f db dc f0 ee 69 25 43 a8 44 e3 4e 7b 93 7a 77 b3 b3 5f fa d5 e7 c2 16 92 6e 60 0a a7 89 d4 ec e1 b4 92 7b ea 75 00 9e 3a 51 d8 b8 76 70 93 3a 9d 28 ac 2f 93 8f 9d 77 3e e2 62 59 9f 3f 59 19 5a 14 68 82 b8 84 2b 57 ea 8b ca d2 ca 24 68 3e 48 79 40 7e 58 5b 5c 8e eb 4c 6a f9 10 00 a7 8e 12 67 a8 b2 92 3a f4 d7 dc 07 f6 be 12 b2 41 7c 2b 91 5a 84 6a ba f6 d4 f6 a3 90 8b 65 cb 8e da c2 52 0b e1 e8 a8 90
                  Data Ascii: 6efXo8T$6ZyZ_{^],"G2/#/#?7&zng0w;B~)H73CIj4PK@RMT HUkP@]h~("9$_@C1v.TV8{<`V(GGfa\A?rF5_wD"@7ghD;TZ(3P:RUkmZSK3Ty"zrXh.K)`n0!LR>B~Y@Z6v3795POQw:,DoNd;"E"N>ALD"c_P\$C{Ou|#?=tZAj`S-rTIi%CDN{zw_n`{u:Qvp:(/w>bY?YZh+W$h>Hy@~X[\Ljg:A|+ZjeR
                  Feb 22, 2023 13:00:08.545312881 CET97INData Raw: fe ce 6c ad db 59 d8 73 e4 c0 15 8b d5 f9 b4 5c 86 32 b2 d3 a0 ca 26 e2 74 31 86 f3 c1 a0 58 4f ea 99 44 3b a7 f3 f1 b0 9c db 02 1f 40 33 2d 17 b9 b2 a0 15 b6 84 5e 10 db 91 f0 54 3b 6a 89 78 e2 a9 a3 1a 47 a2 b5 20 98 56 04 d7 4c d2 9c 7a 37 88
                  Data Ascii: lYs\2&t1XOD;@3-^T;jxG VLz7:PPXXOvQdsw|$Ka(1B*(PX`f(}VY|7V?D=1"T(m{j(q<P0/:,*+X"jS$H
                  Feb 22, 2023 13:00:08.545335054 CET97INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0
                  Feb 22, 2023 13:00:08.576493025 CET103OUTGET /cdn-cgi/styles/cf.errors.css HTTP/1.1
                  Host: amazonoofers.com
                  Connection: keep-alive
                  Accept: text/css,*/*;q=0.1
                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
                  Accept-Language: en-us
                  Referer: http://amazonoofers.com/
                  Accept-Encoding: gzip, deflate
                  Feb 22, 2023 13:00:08.587982893 CET104INHTTP/1.1 200 OK
                  Date: Wed, 22 Feb 2023 12:00:08 GMT
                  Content-Type: text/css
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Last-Modified: Wed, 15 Feb 2023 14:30:42 GMT
                  ETag: W/"63ecec92-5e44"
                  Server: cloudflare
                  CF-RAY: 79d78f45af1b9950-FRA
                  X-Frame-Options: DENY
                  X-Content-Type-Options: nosniff
                  Vary: Accept-Encoding
                  Expires: Wed, 22 Feb 2023 14:00:08 GMT
                  Cache-Control: max-age=7200
                  Cache-Control: public
                  Content-Encoding: gzip
                  Data Raw: 31 31 62 31 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b5 3c d9 8e e3 ba 72 ef f9 0a e5 0c 06 98 46 5b 3a 5a ed 6e 1b d9 83 20 79 48 02 e4 e2 3e 25 17 07 b4 44 db 3c 23 89 ba 5a ba dd 63 cc bf 07 5c 24 71 95 68 cf 9c ee 17 8b 4b 6d 2c 16 8b 55 25 7d ca 4f fe 7b 0b 9a 06 b6 1e d8 7c 12 9f 8e c7 56 6e 68 7b 94 97 50 6e eb 50 21 b7 1c e5 27 74 96 9f 4b 9c 7f fd eb 80 7b 65 12 2e 3e a4 86 1c d4 6f a0 53 9a 9a 1e e1 5a 6e 83 75 0f 65 2a 73 a4 c0 ce b1 42 61 51 c8 8f b0 54 9e 7b 80 4a 19 77 71 92 f1 16 e8 4d 7e 56 40 f4 d2 23 ac 94 c7 23 94 49 38 21 58 16 1d ec 95 c6 b3 89 e5 13 3a 0f ad cc d0 09 63 55 0a 27 dc ca 48 2f 91 fc 18 cb 8f 89 fc 98 ca 8f 99 fc b8 95 1f 21 28 14 ec 97 73 8b 87 46 6e ea 2b 59 46 48 7e 3a b5 a0 92 b9 42 95 ac 3a 25 38 2a 2b 55 c2 33 ac 65 49 96 32 d8 0a b4 5f e5 06 58 0f 52 43 0d e4 95 c4 c7 df 61 2e 2f 04 96 b1 e2 a1 6f 06 79 84 cc 6a a3 2c 8f ac 4a 1d a8 e4 e1 1d cc b5 45 ee 2a 50 ca 58 bb 06 28 43 fa 16 7d 85 6a 13 ae 65 a1 75 c3 51 79 ae 2a d0 7e 28 6d 32 41 3d 38 2a bb bc d7 f6 67 2f 8b bd 27 2a 28 b7 5c 94 47 08 94 29 b2 ca f4 f2 74 79 91 86 f2 56 81 f6 8c ea 7d 78 68 40 51 a0 fa bc 0f 0f 47 dc 16 b0 dd 87 87 13 ae fb 3d aa 2f b0 45 3d 7d f0 3b f4 0d ee a3 30 fc 7c e8 e1 b5 f7 0b 98 e3 16 10 29 ef 6b 5c c3 c3 1b 24 a6 0c 94 3e 28 d1 b9 de 1f 41 07 4b 54 c3 ef 22 4e 40 14 f0 c6 71 90 59 72 af 93 2d 34 99 92 1f da d6 6e 7b 6d 55 c9 8d 2a c7 34 e3 56 a0 ae 29 c1 c7 9e 5a 6a 89 e7 20 3f f9 39 2e 87 aa ee f6 e0 a4 92 26 f6 1e e1 09 2b cc 90 6e 8e d6 32 79 ec b5 4c e6 bf 2d 93 c7 5e e3 e4 12 82 f6 84 ae c6 a9 63 9f 61 a2 9d 5c 99 d4 5b 8e eb 1e d6 fd fe 17 ef 97 c3 28 3e ba 89 ee 14 df b2 7c 96 04 60 e7 50 82 79 a3 03 f7 47 dc 5f 44 d2 e4 35 3f 18 b6 5a 83 3b 44 c1 b4 b0 04 3d 7a 83 6c 5f b1 ed 53 c2 53 7f 78 47 45 7f 61 5b ee 9b 8f ea 02 5e f7 af e3 df 21 c7 25 6e f7 9f d2 90 fc ff 2d aa 1a dc f6 a0 e6 7b f5 04 2a 54 7e ec 7d d0 34 25 f4 bb 8f ae 87 d5 e6 9f 4b 54 7f fd 4f 90 ff 89 3e fe 1b ae fb cd 9f e0 19 43 ef cf ff b1 f9 1f 7c c4 3d de fc f7 f5 e3 0c eb cd 9f 8f 43 dd 0f 9b 7f 87 e5 1b 24 9b da fb 2f 38 c0 cd 3f b5 08 94 9b 0e d4 9d df c1 16 9d 54 a4 cc 40 64 cd 55 e8 20 26 c0 bf 40 74 be f4 fb 28 c8 84 1e 93 11 11 27 c2 be 87 ad df 35 20 27 e2 aa 71 5b 81 f2 e0 bf c3 e3 57 d4 fb 3d 68 fc 0b 3a 5f 4a 02 d8 67 a2 68 cf 47 f0 25 4e b7 9b 28 79 dd 24 d1 26 48 9e a6 f1 8c be 0a e3 fe 42 a0 81 ba 47 a0 44 a0 83 85 a6 4e c6 7d cc da 6e 47 90 7f 25 a6 a1 2e f6 a1 17 1e 4c 4b ec 1f 71 df e3 6a 1f c3 6a 6c e9 71 43 1e 35 4c
                  Data Ascii: 11b1<rF[:Zn yH>%D<#Zc\$qhKm,U%}O{|Vnh{PnP!'tK{e.>oSZnue*sBaQT{JwqM~V@##I8!X:cU'H/!(sFn+YFH~:B:%8*+U3eI2_XRCa./oyj,JE*PX(C}jeuQy*~(m2A=8*g/'*(\G)tyV}xh@QG=/E=};0|)k\$>(AKT"N@qYr-4n{mU*4V)Zj ?9.&+n2yL-^ca\[(>|`PyG_D5?Z;D=zl_SSxGEa[^!%n-{*T~}4%KTO>C|=C$/8?T@dU &@t('5 'q[W=h:_JghG%N(y$&HBGDN}nG%.LKqjjlqC5L
                  Feb 22, 2023 13:00:08.588062048 CET106INData Raw: a3 a6 f0 61 64 c9 f7 60 e8 f1 38 af a5 52 a3 2d 4c 13 5e c3 cf 36 ed 57 d4 ad 44 5d ef 77 fd 47 09 99 71 9e b5 6e d6 29 1b 28 cd 49 90 fa 6a f5 9c 16 7b 0d 07 bd d8 dd c1 72 a9 9b 68 04 68 21 b8 55 e0 ea af d3 f9 f7 f3 ef db a9 c4 a0 67 9b 86 b3
                  Data Ascii: ad`8R-L^6WD]wGqn)(Ij{rhh!Ug:C5Wq#(*;#~x]BX{./9kf#q@/~~Ae~Nlmb21}Kt6]5WV7]sd|n<YG3/Y\?-K4q$
                  Feb 22, 2023 13:00:08.588119030 CET107INData Raw: 17 18 de 05 1d e3 d8 ed e7 0b 28 c0 0e 98 fc 01 46 9c 0d 3f 13 b4 03 fb 9c c2 85 85 e1 23 ec 3a c0 79 58 d2 80 91 4d 87 21 b6 d5 b7 4a 22 8b b6 c7 a8 70 5b 89 9b 6e 45 66 37 2a 3c 70 77 29 d9 06 c9 4b 73 3d 90 35 39 95 f8 7d 7f 41 45 01 6b 5b 41
                  Data Ascii: (F?#:yXM!J"p[nEf7*<pw)Ks=59}AEk[A)\)<~>Xz$D!{<eaQ#0B4+v!NB/ImcrhM3{2&''zasXWz;]1AK21d_F3m8D&ds,F
                  Feb 22, 2023 13:00:08.588171005 CET108INData Raw: 90 a8 3c b4 81 dd f3 68 eb 14 3e bc f1 55 7c c9 b4 88 64 ec 28 31 0d 8f c9 70 19 8a b1 1c a1 11 aa 17 de b7 bd 03 0a 27 6c da 42 f4 8e 33 29 2f 11 2e 7d 35 6f 7e 4b ef 11 44 77 1a 59 db 7c c9 ea ba 72 bd b4 c0 94 35 cd f6 ba 02 e5 92 33 be 1f c9
                  Data Ascii: <h>U|d(1p'lB3)/.}5o~KDwY|r53{;swMoIq9"KJ25EPs=5DM:M*9kQ%aO\4&B"FY*.u D*cNC>P_b'bLX2nl7c&8JjJ
                  Feb 22, 2023 13:00:08.588216066 CET108INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0
                  Feb 22, 2023 13:00:08.603884935 CET109OUTGET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1
                  Host: amazonoofers.com
                  Connection: keep-alive
                  Accept: image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
                  Accept-Language: en-us
                  Referer: http://amazonoofers.com/
                  Accept-Encoding: gzip, deflate
                  Feb 22, 2023 13:00:08.614892960 CET110INHTTP/1.1 200 OK
                  Date: Wed, 22 Feb 2023 12:00:08 GMT
                  Content-Type: image/png
                  Content-Length: 452
                  Connection: keep-alive
                  Last-Modified: Wed, 15 Feb 2023 14:30:42 GMT
                  ETag: "63ecec92-1c4"
                  Server: cloudflare
                  CF-RAY: 79d78f45cf719950-FRA
                  X-Frame-Options: DENY
                  X-Content-Type-Options: nosniff
                  Vary: Accept-Encoding
                  Expires: Wed, 22 Feb 2023 14:00:08 GMT
                  Cache-Control: max-age=7200
                  Cache-Control: public
                  Accept-Ranges: bytes
                  Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 6e 56 e5 bc 2e ab 97 a9 21 01 d4 e1 2c 03 9b 86 b3 19 c8 e3 99 80 45 0d a5 9f 05 a8 17 b2 09 74 21 5b 48 57 b2 42 e8 67 f1 52 e6 5c 5e af 65 fa af 6f 2b a0 16 bb 96 a9 9f dd a0 a8 25 f0 26 2d 6a d9 e1 a6 71 11 ee 1a 66 40 d2 b0 05 6f e7 ec e1 5d f3 e2 1d 20 8c 8e e4 ca 9b 75 30 9b 78 93 c7 32 4b bc 2b 43 d9 c4 87 38 92 55 be 4c 03 59 e4 5b 3d 9d ed fc 90 cc 79 e6 de 9a e9 6f d1 74 46 85 0b 5d 4d 1c c5 55 8f 2c 34 a4 a2 be 9d b6 dd e4 ab 11 cf b6 c8 61 13 3e 2f b4 29 f1 c0 b6 d7 43 33 67 4e 49 f7 69 2e ab a4 52 96 3d d0 f0 0c 14 51 37 9e f3 4b 06 01 00 00 00 00 49 45 4e 44 ae 42 60 82
                  Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~|:t5mfpi/e%%nPenV.!,Et![HWBgR\^eo+%&-jqf@o] u0x2K+C8ULY[=yotF]MU,4a>/)C3gNIi.R=Q7KIENDB`


                  Session IDSource IPSource PortDestination IPDestination Port
                  2192.168.11.1149311104.21.2.25380
                  TimestampkBytes transferredDirectionData
                  Feb 22, 2023 13:00:08.688673973 CET111OUTGET /favicon.ico HTTP/1.1
                  Host: amazonoofers.com
                  Connection: keep-alive
                  Accept: */*
                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
                  Accept-Language: en-us
                  Referer: http://amazonoofers.com/
                  Accept-Encoding: gzip, deflate
                  Feb 22, 2023 13:00:08.711500883 CET112INHTTP/1.1 301 Moved Permanently
                  Date: Wed, 22 Feb 2023 12:00:08 GMT
                  Transfer-Encoding: chunked
                  Connection: keep-alive
                  Cache-Control: max-age=3600
                  Expires: Wed, 22 Feb 2023 13:00:08 GMT
                  Location: https://amazonoofers.com/favicon.ico
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4HNS92BFFJiAFWsVAcRDwRzvrYMNNPhpedIM5fjezp%2BYJW3S9EUXpaU9Fd9TitNcMUjojYIqVSVTVWtX6QuzOlHmTztWq942iGkwpsrDrTv%2FC8tQ3cCfhXudLjg7EhBT5tkb"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Vary: Accept-Encoding
                  Server: cloudflare
                  CF-RAY: 79d78f465cd99174-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                  Data Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  Session IDSource IPSource PortDestination IPDestination Port
                  0192.168.11.1149312104.21.2.253443
                  TimestampkBytes transferredDirectionData
                  2023-02-22 12:00:08 UTC0OUTGET /favicon.ico HTTP/1.1
                  Host: amazonoofers.com
                  Connection: keep-alive
                  Accept: */*
                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
                  Accept-Language: en-us
                  Referer: http://amazonoofers.com/
                  Accept-Encoding: gzip, deflate
                  2023-02-22 12:00:08 UTC0INHTTP/1.1 404 Not Found
                  Date: Wed, 22 Feb 2023 12:00:08 GMT
                  Content-Type: text/html; charset=iso-8859-1
                  Transfer-Encoding: chunked
                  Connection: close
                  Cache-Control: max-age=14400
                  CF-Cache-Status: MISS
                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BQjTtp2KwWbblPuwmz5Ka31hKPI%2BRj%2F%2BzwZs1Fam%2Bc6U3DqGMuVaBwlnxgVl3LqwEOysUTncOPNR9dQI658tMWc7sn5PoLcxkrgHuAuqVIPGEs1Ahq1ethGRYKZph16DoZVE"}],"group":"cf-nel","max_age":604800}
                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                  Server: cloudflare
                  CF-RAY: 79d78f472c602ba3-FRA
                  alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                  2023-02-22 12:00:08 UTC0INData Raw: 31 33 62 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74
                  Data Ascii: 13b<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying t
                  2023-02-22 12:00:08 UTC1INData Raw: 30 0d 0a 0d 0a
                  Data Ascii: 0


                  System Behavior

                  Start time:13:00:05
                  Start date:22/02/2023
                  Path:/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32
                  Arguments:n/a
                  File size:3722408 bytes
                  MD5 hash:8910349f44a940d8d79318367855b236
                  Start time:13:00:05
                  Start date:22/02/2023
                  Path:/usr/bin/open
                  Arguments:
                  File size:105952 bytes
                  MD5 hash:40ed6d8f35c9f20484b97582d296398f
                  Start time:13:00:05
                  Start date:22/02/2023
                  Path:/usr/libexec/xpcproxy
                  Arguments:n/a
                  File size:43488 bytes
                  MD5 hash:d1bb9a4899f0af921e8188218b20d744
                  Start time:13:00:05
                  Start date:22/02/2023
                  Path:/Applications/Safari.app/Contents/MacOS/Safari
                  Arguments:/Applications/Safari.app/Contents/MacOS/Safari
                  File size:20896 bytes
                  MD5 hash:8e18be737fe87f19fe7a97b4821e2005