macOS Analysis Report
https://www.youtube.com/channel/UCAuerig2N-RZWJT8x75V9yw

Overview

General Information

Sample URL: https://www.youtube.com/channel/UCAuerig2N-RZWJT8x75V9yw
Analysis ID: 831167
Infos:

Detection

Score: 1
Range: 0 - 100
Whitelisted: false

Signatures

Writes 64-bit Mach-O files to disk
Reads launchservices plist files

Classification

Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49308 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.11:49312 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.206:443 -> 192.168.11.11:49313 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.164:443 -> 192.168.11.11:49339 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.142:443 -> 192.168.11.11:49340 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49341 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49343 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49344 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49345 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49346 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.142:443 -> 192.168.11.11:49347 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49349 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49352 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: www.youtube.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown Network traffic detected: HTTP traffic on port 49351 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49347
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49345
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49344
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49343
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49342
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49341
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49340
Source: unknown Network traffic detected: HTTP traffic on port 49339 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49313 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49344 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49308 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49342 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49339
Source: unknown Network traffic detected: HTTP traffic on port 49346 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49313
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49312
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49351
Source: unknown Network traffic detected: HTTP traffic on port 49341 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49312 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49345 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49343 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49308
Source: unknown Network traffic detected: HTTP traffic on port 49347 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49349 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49349
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /channel/UCAuerig2N-RZWJT8x75V9yw HTTP/1.1Host: www.youtube.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: en-usConnection: keep-aliveAccept-Encoding: br, gzip, deflateUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7
Source: global traffic HTTP traffic detected: GET /m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCAuerig2N-RZWJT8x75V9yw%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 HTTP/1.1Host: consent.youtube.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Cookie: CONSENT=PENDING+208; SOCS=CAAaBgiA5-OgBg; YSC=VW-BOUX76pM; __Secure-YEC=Cgt1TXpISGNBNkVTVSiDn-WgBg%3D%3DUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usAccept-Encoding: br, gzip, deflateConnection: keep-alive
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Accept-Language: en-usReferer: https://consent.youtube.com/Accept-Encoding: br, gzip, deflate
Source: .dat.nosync036f.TyISu0.259.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCAuerig2N-RZWJT8x75V9yw%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 equals www.youtube.com (Youtube)
Source: .dat.nosync036f.TyISu0.259.dr String found in binary or memory: https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCAuerig2N-RZWJT8x7
Source: unknown HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comContent-Type: application/x-www-form-urlencoded;charset=UTF-8Origin: https://consent.youtube.comAccept-Encoding: br, gzip, deflateConnection: keep-aliveAccept: */*User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7Referer: https://consent.youtube.com/Content-Length: 2068Accept-Language: en-us
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49308 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.185.174:443 -> 192.168.11.11:49312 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.206:443 -> 192.168.11.11:49313 version: TLS 1.2
Source: unknown HTTPS traffic detected: 142.250.186.164:443 -> 192.168.11.11:49339 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.142:443 -> 192.168.11.11:49340 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49341 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49343 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49344 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49345 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49346 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.217.16.142:443 -> 192.168.11.11:49347 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49349 version: TLS 1.2
Source: unknown HTTPS traffic detected: 17.248.248.15:443 -> 192.168.11.11:49352 version: TLS 1.2
Source: classification engine Classification label: clean1.mac@0/10@4/0
Writes 64-bit Mach-O files to disk
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-TphzPP Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-cKdWhB Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) File written: /private/var/tmp/NSCreateObjectFileImageFromMemory-GLnGst Jump to dropped file
Reads launchservices plist files
Source: /usr/bin/open (PID: 878) Launchservices plist file read: /System/Library/Preferences/Logging/Subsystems/com.apple.launchservices.plist Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) AppleKeyboardLayouts info plist opened: /System/Library/Keyboard Layouts/AppleKeyboardLayouts.bundle/Contents/Info.plist Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) Random device file read: /dev/urandom Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) Binary plist file created: /Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) Binary plist file created: /private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync036f.Pk6yS5 Jump to dropped file
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) Binary plist file created: /Users/berri/Library/Safari/.dat.nosync036f.TyISu0 Jump to dropped file
Source: /usr/bin/open (PID: 878) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
Source: /Applications/Safari.app/Contents/MacOS/Safari (PID: 879) System or server version plist file read: /System/Library/CoreServices/SystemVersion.plist Jump to behavior
cam-macmac-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.185.174
 youtube-ui.l.google.com United States
15169 GOOGLEUS false
172.217.16.206
 consent.youtube.com United States
15169 GOOGLEUS false
142.250.186.164
 www.google.com United States
15169 GOOGLEUS false
172.217.16.142
 play.google.com United States
15169 GOOGLEUS false

Contacted Domains

Name IP Active
youtube-ui.l.google.com 142.250.185.174 true
play.google.com 172.217.16.142 true
gateway.fe.apple-dns.net 17.248.248.15 true
consent.youtube.com 172.217.16.206 true
www.google.com 142.250.186.164 true
www.youtube.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.youtube.com/channel/UCAuerig2N-RZWJT8x75V9yw false
    		high
    https://play.google.com/log?format=json&hasfast=true false
      		high
      https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=6542961051346440918&bl=boq_identityfrontenduiserver_20230314.06_p1&hl=en&gl=GB&_reqid=30759&rt=j false
        		high
        https://play.google.com/log?format=json&hasfast=true&authuser=0 false
          		high
          https://consent.youtube.com/m?continue=https%3A%2F%2Fwww.youtube.com%2Fchannel%2FUCAuerig2N-RZWJT8x75V9yw%3Fcbrd%3D1&gl=GB&m=0&pc=yt&cm=2&hl=en&src=1 false
            		high
            https://www.google.com/favicon.ico false
              		high
              https://consent.youtube.com/_/ConsentUi/browserinfo?f.sid=6542961051346440918&bl=boq_identityfrontenduiserver_20230314.06_p1&hl=en&gl=GB&_reqid=130759&rt=j false
                		high