I have a Canarytoken QR code stored on my Mac. Recently the URL in the QR code was requested without my interaction and I was not working on the Mac at this time.
It reminded me directly of this story: https://news.ycombinator.com/item?id=33100130 The story was also the original reason I created the token in the first place. However, the token has been sitting on my disk for months now without any events.
The URL was triggered twice within one minute with two different user agents:
1. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15
2. Client/28420 CFNetwork/1404.0.5 Darwin/22.3.0
The request originated from my public IP address.
Could this be an indicator for malicious activities or do you have any explanations for this strange behaviour?
It reminded me directly of this story: https://news.ycombinator.com/item?id=33100130 The story was also the original reason I created the token in the first place. However, the token has been sitting on my disk for months now without any events.
The URL was triggered twice within one minute with two different user agents:
1. Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15
2. Client/28420 CFNetwork/1404.0.5 Darwin/22.3.0
The request originated from my public IP address.
Could this be an indicator for malicious activities or do you have any explanations for this strange behaviour?