Edit tour
macOS
Analysis Report
https://www.youtube.com/channel/UCAuerig2N-RZWJT8x75V9yw
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Signatures
Writes 64-bit Mach-O files to disk
Reads launchservices plist files
Classification
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 831167 |
Start date and time: | 2023-03-21 07:31:23 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Cookbook file name: | browseurl.jbs |
Sample URL: | https://www.youtube.com/channel/UCAuerig2N-RZWJT8x75V9yw |
Analysis system description: | Virtual Machine, High Sierra (Office 2016 16.16, Java 11.0.2+9, Adobe Reader 2019.010.20099) |
Analysis Mode: | default |
Detection: | CLEAN |
Classification: | clean1.mac@0/10@4/0 |
- Excluded IPs from analysis (whitelisted): 3.73.173.154, 2.16.12.21, 172.217.18.99, 142.250.186.138, 172.217.18.10, 172.217.18.3
- TCP Packets have been reduced to 100
- Excluded domains from analysis (whitelisted): configuration.apple.com, fonts.googleapis.com, gateway.icloud.com, e673.dsce9.akamaiedge.net, fonts.gstatic.com, configuration.apple.com.akadns.net, configuration.apple.com.edgekey.net, api-glb-euc1b.smoot.apple.com, safebrowsing.googleapis.com, www.gstatic.com, api.smoot.apple.com, bag-smoot.v.aaplimg.com
- Report size getting too big, too many PREAD calls found.
- System is macvm-highsierra
- mono-sgen32 New Fork (PID: 878, Parent: 812)
- xpcproxy New Fork (PID: 879, Parent: 1)
- cleanup
⊘No yara matches
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
There are no malicious signatures, click here to show all signatures.
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | DNS traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Classification label: |
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file | ||
Source: | File written: | Jump to dropped file |
Source: | Launchservices plist file read: | Jump to behavior |
Source: | AppleKeyboardLayouts info plist opened: |
Source: | Random device file read: | Jump to behavior |
Source: | Binary plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file | ||
Source: | Binary plist file created: | Jump to dropped file |
Source: | System or server version plist file read: | Jump to behavior | ||
Source: | System or server version plist file read: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | 1 Plist Modification | 1 Plist Modification | Direct Volume Access | OS Credential Dumping | 11 System Information Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 3 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 4 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 1 Ingress Tool Transfer | SIM Card Swap | Carrier Billing Fraud |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
youtube-ui.l.google.com | 142.250.185.174 | true | false | high | |
play.google.com | 172.217.16.142 | true | false | high | |
gateway.fe.apple-dns.net | 17.248.248.15 | true | false | unknown | |
consent.youtube.com | 172.217.16.206 | true | false | high | |
www.google.com | 142.250.186.164 | true | false | high | |
www.youtube.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.174 | youtube-ui.l.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.16.206 | consent.youtube.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.164 | www.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.16.142 | play.google.com | United States | 15169 | GOOGLEUS | false |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 1975 |
Entropy (8bit): | 7.487661238463374 |
Encrypted: | false |
SSDEEP: | 48:E3NmrooTlg9iiQx8k4WV9gnauI6OqVtj92:zdAiie6W7gnaH6zVtx2 |
MD5: | 1F3685B645E3B97F0AABD44E81400036 |
SHA1: | BFC73C25F4737944DC2883B6B2A8298206F1338A |
SHA-256: | C6C330510935B7694416DE28248F57DF1F594671AB01762A14F915CF314DFB2B |
SHA-512: | 7B9A99FB8203C5FE39184C8BE9CC65880CB578EEFB2D19AA563E8A3D6D00345F46B26FE318D125FB0C2954C6391215D6EDD85C0B7B3AC359FC01E11D9A7875DA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 5430 |
Entropy (8bit): | 3.6534652184263736 |
Encrypted: | false |
SSDEEP: | 48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B |
MD5: | F3418A443E7D841097C714D69EC4BCB8 |
SHA1: | 49263695F6B0CDD72F45CF1B775E660FDC36C606 |
SHA-256: | 6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770 |
SHA-512: | 82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563 |
Malicious: | false |
Reputation: | low |
Preview: |
/Users/berri/Library/WebKit/com.apple.Safari/WebsiteData/ResourceLoadStatistics/full_browsing_session_resourceLog.plist
Download File
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 999 |
Entropy (8bit): | 5.692112784657474 |
Encrypted: | false |
SSDEEP: | 24:rqx+XBs6DRXsebAMF+XBSs6DRXe/P/+XBSs6DRXM/AKTalmB:rmGs6RkMFKSs6SP/KSs64ALa |
MD5: | 70D90C1F8717A3931E5F0A22CF43ADEE |
SHA1: | F8C268906301E804CFF2F0337855ED5302E6A8D5 |
SHA-256: | 5E6022AE8CD5C62E3896D2516506618296D671E41CF2A66252C8FE0221C585FA |
SHA-512: | 0FA87B7D5D1E7D3A9FA48A0BC6A3C29A71CF9763BC534AD1FF22B843C1BEFC3F75F5CE634995B10AA3ABE22504526A49682200D1E69E4C92E55FBCFB9937A6D1 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 661 |
Entropy (8bit): | 5.249043164367681 |
Encrypted: | false |
SSDEEP: | 12:kYRGp1o/LVNQp1o/LVp1o/LIp1o/LWp1o/LW:9GpgspgVpgIpgWpgW |
MD5: | F84EE5D1B09071A89736D44844137D8A |
SHA1: | 21E1CA7657746390E720A3478F2E1B7D98230292 |
SHA-256: | D87EBBB355D4FDF96AF8FA8E2556A5B2A9E88AE60BC1DBFD07B5FAA00EFEB470 |
SHA-512: | 83CD3D9E0EF6E2D6C3C46E48F210DD2D6D7EC30A893CFEC03F509E7D0BBC96D6AD33429F4A5F8C66C46A643755571D1DC94806F522330B1CBD0ED1FBE825CF2D |
Malicious: | false |
Reputation: | low |
Preview: |
/private/var/folders/ql/8wfqxrtx52n95h35b6cz4nyw0000gn/0/SafariFamily/Safari/.dat.nosync036f.Pk6yS5
Download File
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 76 |
Entropy (8bit): | 3.9370658315190226 |
Encrypted: | false |
SSDEEP: | 3:N1n6qMvRGNMTAnd/t1tH:N1nleRaMTAltH |
MD5: | CDC65B5F112547EAFAE0F16F9C149426 |
SHA1: | AEAF9908A5B6FF3E2F7B738ABF5FE9E79108BA01 |
SHA-256: | 1C6D085D871A855CE4A3902BAB4B9B92631B8EE8F0B7F6536768A2AAF427B45C |
SHA-512: | E8B0E4CE6A760A718A19976D3CFE9063F04FB4BF179947AECA84E94C83F21459FB9DC0FFABEA8F633BD2D0BA94FE1E15D8C97E9604FDE8BD0DEA961EB83BDDB7 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 48908 |
Entropy (8bit): | 3.533948990143748 |
Encrypted: | false |
SSDEEP: | 384:xSMdGleGkIG7FF3theSMVXBD0tgcNrGBOmBfbouR6/chQOnGqwc2U+v+h/:8MdGleOGmBouRwchQOnGqwc2U+v+h/ |
MD5: | 09070E01FA6ED1973D94FAD50C35E3ED |
SHA1: | 7546663E66F9889EE3365A7A0BE372300C6022CA |
SHA-256: | 2E6EC437A97DD88F9067B2E99AC64789670D9B9C1FC50B2856E392E66163211F |
SHA-512: | 621399FF832F1A8352E5E9A54984B878C7D3432156D9CF9986A1A5B75662E92D9A00FA1BA6714D679286BB49E71916F72655AADA2B99880A2806FAFC6F86E7F3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4404 |
Entropy (8bit): | 3.5113078915037033 |
Encrypted: | false |
SSDEEP: | 48:m6Xsh+CLjL3Pe3T5FFKfEuyu+iYxGv4sS:3X6LjLfe3wEuyu9YxGQX |
MD5: | D487F899A14AE98519B46D51BC810F1B |
SHA1: | 64877ECFBE47ED66EED545B2449BBE8B22B775D0 |
SHA-256: | 4835899C464487946E281D535381D4CAB8BC90EC08CD00A6A0ECB97854E9321D |
SHA-512: | EB4FABD61B4FD2B9EF3C9E93793CA5F11353A1F81EA4DA22E0F79ED45D89180B77469B9E5DCD5350AE650B31DE9018743DA7716EFA7B5CDDFC3FA7A13C476F40 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4752 |
Entropy (8bit): | 5.761647040683616 |
Encrypted: | false |
SSDEEP: | 96:xKvjeoJ2eQIMA1EVQvOsD1cbY2vF/jllllllllKflNJz5w6w:0dJ2eQpMtxmvrllllllllKfly |
MD5: | 1D6F449D22D11E760495CE85C933ADF8 |
SHA1: | D77F5B05549E51310D0C96347482178EBD23C476 |
SHA-256: | BEF505FE1329E19B4AF2FFFD868C753A0824B96FB4531BD106C810D96EFB1D94 |
SHA-512: | 4A9F4BD053BC5069625D60DDD3E1225E01FCE6B31824C35A12D7CAFAC2AD9BF79EE7785A6860E5549836970D8A4C7968355EC715C652EE1C771EDD9D9D1616A6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 4780 |
Entropy (8bit): | 5.78784933687558 |
Encrypted: | false |
SSDEEP: | 96:xav2J2yfQoIeVyCxVaBHlZF/jllllllllKflPz5w65:keJ2OQYTTarllllllllKflT |
MD5: | 6903FFA70C6EF8F2493E3E49101C694D |
SHA1: | B70A5F8C3F48BB2251B114500DFFF1CCCE72D966 |
SHA-256: | 633CEE31BFBF56590F6B62891CD0CB55264FD0F01E183036D8E3556B9EFF72D5 |
SHA-512: | 2A8A297AEE0F285EAA494BA5B731D023BF6438E207B83495FF490EB67BE3D9B4E887F91680761E759973D9FEC782B9E0CEC7E1957C4E794739A0DF90E2346D87 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | /Applications/Safari.app/Contents/MacOS/Safari |
File Type: | |
Category: | dropped |
Size (bytes): | 17444 |
Entropy (8bit): | 4.344991783661145 |
Encrypted: | false |
SSDEEP: | 384:wKjJcXgiRVP7J3AMqLllllllKfllJlROW:wia13AMqAOW |
MD5: | 09CBD27A6D6C025F5067FCA3ECEB23C0 |
SHA1: | B6C4CE88D1174DA7EC3BD2A6B01B56FD10A2C412 |
SHA-256: | 817D05E0855D1D66A1DE931BC52DA7F1C4C57F6C0049B5EE758E4ADCA8A780E8 |
SHA-512: | 361C3F619B6B9C0EBAAEA16E25960539FB86FD72236D0908A679810A998DB283D2B7589BA454E283963EF4857FA538C836CC2116351DD8AED793C05F03419F83 |
Malicious: | false |
Reputation: | low |
Preview: |
⊘No static file info
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 21, 2023 07:32:33.046024084 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.046104908 CET | 443 | 49308 | 17.248.248.15 | 192.168.11.11 |
Mar 21, 2023 07:32:33.046658039 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.047487020 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.047557116 CET | 443 | 49308 | 17.248.248.15 | 192.168.11.11 |
Mar 21, 2023 07:32:33.108097076 CET | 443 | 49308 | 17.248.248.15 | 192.168.11.11 |
Mar 21, 2023 07:32:33.108896017 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.108990908 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.180778027 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.180995941 CET | 443 | 49308 | 17.248.248.15 | 192.168.11.11 |
Mar 21, 2023 07:32:33.181586981 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:33.181642056 CET | 443 | 49308 | 17.248.248.15 | 192.168.11.11 |
Mar 21, 2023 07:32:33.182178974 CET | 49308 | 443 | 192.168.11.11 | 17.248.248.15 |
Mar 21, 2023 07:32:35.198183060 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.198247910 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.198765993 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.199888945 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.200984001 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.266623020 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.267551899 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.267600060 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.268079042 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.268663883 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.270092964 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.312140942 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.312602997 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.314007998 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.315515041 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.316750050 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.351795912 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.352171898 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.353415012 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.353593111 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.376970053 CET | 49312 | 443 | 192.168.11.11 | 142.250.185.174 |
Mar 21, 2023 07:32:35.377017021 CET | 443 | 49312 | 142.250.185.174 | 192.168.11.11 |
Mar 21, 2023 07:32:35.396194935 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.396284103 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.397582054 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.397970915 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.398036957 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.445987940 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.446732044 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.446813107 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.447072983 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.448985100 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.449945927 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.457524061 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.457586050 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.458617926 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.459148884 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.459942102 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.500374079 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.522388935 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.522612095 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.522794008 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.523164988 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.523338079 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.523339987 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.523397923 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.523432016 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.523586035 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.523792028 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.523814917 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.524041891 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.524117947 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.524163008 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.524367094 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.524544001 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.524656057 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.524827003 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.524923086 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.524946928 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.524971962 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.525357008 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.525597095 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.525660038 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.525806904 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.531508923 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.532109976 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.532337904 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.532397985 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.533030033 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.533093929 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.533153057 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.533607006 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.533884048 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.533950090 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.533972025 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.534276962 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.534548998 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.534888029 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.535101891 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.535129070 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.535157919 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.535182953 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.535795927 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.535804987 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.535844088 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Mar 21, 2023 07:32:35.535868883 CET | 443 | 49313 | 172.217.16.206 | 192.168.11.11 |
Mar 21, 2023 07:32:35.536185980 CET | 49313 | 443 | 192.168.11.11 | 172.217.16.206 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 21, 2023 07:32:32.232289076 CET | 53 | 56249 | 1.1.1.1 | 192.168.11.11 |
Mar 21, 2023 07:32:35.167781115 CET | 63371 | 53 | 192.168.11.11 | 1.1.1.1 |
Mar 21, 2023 07:32:35.177141905 CET | 53 | 63371 | 1.1.1.1 | 192.168.11.11 |
Mar 21, 2023 07:32:35.384959936 CET | 51779 | 53 | 192.168.11.11 | 1.1.1.1 |
Mar 21, 2023 07:32:35.394527912 CET | 53 | 51779 | 1.1.1.1 | 192.168.11.11 |
Mar 21, 2023 07:32:36.907757998 CET | 57295 | 53 | 192.168.11.11 | 1.1.1.1 |
Mar 21, 2023 07:32:36.917454958 CET | 53 | 57295 | 1.1.1.1 | 192.168.11.11 |
Mar 21, 2023 07:32:37.051582098 CET | 55576 | 53 | 192.168.11.11 | 1.1.1.1 |
Mar 21, 2023 07:32:37.060633898 CET | 53 | 55576 | 1.1.1.1 | 192.168.11.11 |
Mar 21, 2023 07:32:46.169306993 CET | 137 | 137 | 192.168.11.11 | 192.168.11.255 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 21, 2023 07:32:35.167781115 CET | 192.168.11.11 | 1.1.1.1 | 0x1dd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 07:32:35.384959936 CET | 192.168.11.11 | 1.1.1.1 | 0xf18c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 07:32:36.907757998 CET | 192.168.11.11 | 1.1.1.1 | 0x76c1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 21, 2023 07:32:37.051582098 CET | 192.168.11.11 | 1.1.1.1 | 0xe855 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.248.15 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.145.233 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.145.82 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.145.83 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.145.102 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.145.208 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.248.17 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:33.042762041 CET | 1.1.1.1 | 192.168.11.11 | 0x74a4 | No error (0) | 17.248.182.204 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | youtube-ui.l.google.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 216.58.212.174 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.185.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 172.217.18.14 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.186.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 172.217.23.110 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.177141905 CET | 1.1.1.1 | 192.168.11.11 | 0x1dd0 | No error (0) | 172.217.16.142 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:35.394527912 CET | 1.1.1.1 | 192.168.11.11 | 0xf18c | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:36.917454958 CET | 1.1.1.1 | 192.168.11.11 | 0x76c1 | No error (0) | 142.250.186.164 | A (IP address) | IN (0x0001) | false | ||
Mar 21, 2023 07:32:37.060633898 CET | 1.1.1.1 | 192.168.11.11 | 0xe855 | No error (0) | 172.217.16.142 | A (IP address) | IN (0x0001) | false |
|
System Behavior
Start time: | 07:32:29 |
Start date: | 21/03/2023 |
Path: | /Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32 |
Arguments: | n/a |
File size: | 3722408 bytes |
MD5 hash: | 8910349f44a940d8d79318367855b236 |
Start time: | 07:32:29 |
Start date: | 21/03/2023 |
Path: | /usr/bin/open |
Arguments: | |
File size: | 105952 bytes |
MD5 hash: | 40ed6d8f35c9f20484b97582d296398f |
Start time: | 07:32:29 |
Start date: | 21/03/2023 |
Path: | /usr/libexec/xpcproxy |
Arguments: | n/a |
File size: | 43488 bytes |
MD5 hash: | d1bb9a4899f0af921e8188218b20d744 |
Start time: | 07:32:29 |
Start date: | 21/03/2023 |
Path: | /Applications/Safari.app/Contents/MacOS/Safari |
Arguments: | /Applications/Safari.app/Contents/MacOS/Safari |
File size: | 20896 bytes |
MD5 hash: | 8e18be737fe87f19fe7a97b4821e2005 |