Click to jump to signature section
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | Avira URL Cloud: detection malicious, Label: phishing |
| Source: https://habora.co.uk/wp-admin/Ope/renew/assets/images/pdf.png | Avira URL Cloud: Label: phishing |
| Source: https://habora.co.uk/wp-admin/Ope/renew/assets/js/main.js | Avira URL Cloud: Label: phishing |
| Source: https://habora.co.uk/wp-admin/Ope/renew/assets/css/styles.css | Avira URL Cloud: Label: phishing |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ms.png | Avira URL Cloud: Label: phishing |
| Source: https://habora.co.uk/favicon.ico | Avira URL Cloud: Label: phishing |
| Source: https://habora.co.uk/wp-admin/Ope/renew/assets/js/auth.js | Avira URL Cloud: Label: phishing |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'habora.co.uk' does not match the legitimate domain for Microsoft., The URL 'habora.co.uk' does not contain any recognizable association with Microsoft., The use of a '.co.uk' domain is unusual for a global brand like Microsoft, which typically uses '.com'., The presence of an input field asking for an email on a non-Microsoft domain is suspicious. DOM: 0.0.pages.csv |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'habora.co.uk' does not match the legitimate domain for Microsoft., The domain 'habora.co.uk' does not contain any recognizable association with Microsoft., The presence of an input field asking for a password on a non-Microsoft domain is suspicious., The domain 'habora.co.uk' could be attempting to impersonate a legitimate service by using a generic or unrelated domain name. DOM: 3.4.pages.csv |
| Source: 1.20.d.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates high-risk indicators, including dynamic code execution through the use of `eval` and the `Function` constructor. It also exhibits data exfiltration by sending data to external servers. The obfuscated code further increases the risk. Overall, this script displays clear signs of malicious intent and should be considered a high-risk security threat. |
| Source: 1.71.d.script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval` and the construction of dynamic function calls pose a significant security risk, as they can allow the execution of arbitrary code. Additionally, the script appears to be heavily obfuscated, making it difficult to analyze and understand its true purpose. Overall, this script exhibits a high level of malicious intent and should be considered a serious security threat. |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: Number of links: 0 |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: Number of links: 0 |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: <input type="password" .../> found but no <form action="... |
| Source: https://www.google.com/search?q=chiocciola&oq=chiocciola&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI3OTNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8&sei=gZ7SZ93ZB5ixi-gPrZaQ6AI | HTTP Parser: Total embedded image size: 81601 |
| Source: https://ztwien-my.sharepoint.com/:x:/g/personal/mollnhuber_am-zt_com/EVCrH4gDMZRLoOnbpTlGQTwBrdjZGugCjtdE8ythzGsttg?e=0WSpHy | HTTP Parser: Base64 decoded: {"typ":"JWT","alg":"RS256","x5t":"NLHNoPzBec3jLlQsSYoL5Q1EgfE"} |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: Title: One Drive does not match URL |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: Title: Sign In does not match URL |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: Invalid link: Privacy policy |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: Invalid link: Privacy policy |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: <input type="password" .../> found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: No favicon |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: No favicon |
| Source: https://www.google.com/search?q=chiocciola&oq=chiocciola&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI3OTNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8&sei=gZ7SZ93ZB5ixi-gPrZaQ6AI | HTTP Parser: No favicon |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No favicon |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No favicon |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No favicon |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: No <meta name="author".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: No <meta name="author".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No <meta name="author".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No <meta name="author".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No <meta name="author".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: No <meta name="copyright".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/ | HTTP Parser: No <meta name="copyright".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No <meta name="copyright".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No <meta name="copyright".. found |
| Source: https://habora.co.uk/wp-admin/Ope/renew/auth.php | HTTP Parser: No <meta name="copyright".. found |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | HTTP traffic: Redirect from: habora.co.uk to https://ztwien-my.sharepoint.com/:x:/g/personal/mollnhuber_am-zt_com/evcrh4gdmzrloonbptlgqtwbrdjzgugcjtde8ythzgsttg?e=0wsphy |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | HTTP traffic: Redirect from: habora.co.uk to https://ztwien-my.sharepoint.com/:x:/g/personal/mollnhuber_am-zt_com/evcrh4gdmzrloonbptlgqtwbrdjzgugcjtde8ythzgsttg?e=0wsphy |
| Source: Network traffic | Suricata IDS: 2827147 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish Jul 17 2017 : 172.93.121.126:443 -> 192.168.2.16:49825 |
| Source: Network traffic | Suricata IDS: 2828331 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish Oct 17 2017 : 172.93.121.126:443 -> 192.168.2.16:49825 |
| Source: Network traffic | Suricata IDS: 2827147 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish Jul 17 2017 : 172.93.121.126:443 -> 192.168.2.16:49832 |
| Source: Network traffic | Suricata IDS: 2828331 - Severity 1 - ETPRO PHISHING Possible Successful Generic Phish Oct 17 2017 : 172.93.121.126:443 -> 192.168.2.16:49832 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.143.211 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 52.182.143.211 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 172.217.16.195 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 199.232.214.172 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 172.217.16.195 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 199.232.214.172 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.159.0 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.77.188 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.190.159.0 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.77.188 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/ HTTP/1.1Host: habora.co.ukConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/assets/css/styles.css HTTP/1.1Host: habora.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://habora.co.uk/wp-admin/Ope/renew/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/assets/images/pdf.png HTTP/1.1Host: habora.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://habora.co.uk/wp-admin/Ope/renew/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/assets/js/main.js HTTP/1.1Host: habora.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://habora.co.uk/wp-admin/Ope/renew/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/ms.png HTTP/1.1Host: habora.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://habora.co.uk/wp-admin/Ope/renew/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/ms.png HTTP/1.1Host: habora.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /wp-admin/Ope/renew/assets/images/pdf.png HTTP/1.1Host: habora.co.ukConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: habora.co.ukConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://habora.co.uk/wp-admin/Ope/renew/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=cb460afad23bf7c55e4803687fba5d87 |
| Source: global traffic | HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=chiocci&oit=1&cp=7&pgcl=7&gs_rn=42&psi=4QpndXxbXt58_4B8&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /search?q=chiocciola&oq=chiocciola&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI3OTNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&url=https%3A%2F%2Fwww.google.com%2Fsearch%3Fq%3Dchiocciola%26oq%3Dchiocciola%26gs_lcrp%3DEgZjaHJvbWUyBggAEEUYOdIBCDI3OTNqMGo3qAIAsAIA%26sourceid%3Dchrome%26ie%3DUTF-8&pgcl=22&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AEC=AVcja2dlrAntlsZkUNZvDDLr9N_8DEaX8SU_EuH5mLRmlLNh47RMrld3ow; NID=522=rleGydgWu_kcPSzkZwegcIkVYYzjKjNMM5V95DGhJ3LWPj1WC7yWEFgXaF28D9Kb-g8xTAnuA1faPUDJe-K--6CwXUb6ggs-gWkVNoe39C2eBW2Ree2ChNy57btn2MEzf2Oj1aGuZvL9H3vXJEup19Aw7psQbB5ZGLOkJC6FtFo5megxy061BU0FiyuFMfWPTM2tjAsS3unE-w |
| Source: global traffic | HTTP traffic detected: GET /search?q=chiocciola&oq=chiocciola&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI3OTNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8&sei=gZ7SZ93ZB5ixi-gPrZaQ6AI HTTP/1.1Host: www.google.comConnection: keep-alivertt: 650downlink: 0.4sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-form-factors: "Desktop"sec-ch-prefers-color-scheme: lightUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Browser-Channel: stableX-Browser-Year: 2025X-Browser-Validation: wTKGXmLo+sPWz1JKKbFzUyHly1Q=X-Browser-Copyright: Copyright 2025 Google LLC. All rights reserved.X-Client-Data: CLbgygE=Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://www.google.com/search?q=chiocciola&oq=chiocciola&gs_lcrp=EgZjaHJvbWUyBggAEEUYOdIBCDI3OTNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: AEC=AVcja2dlrAntlsZkUNZvDDLr9N_8DEaX8SU_EuH5mLRmlLNh47RMrld3ow; NID=522=rleGydgWu_kcPSzkZwegcIkVYYzjKjNMM5V95DGhJ3LWPj1WC7yWEFgXaF28D9Kb-g8xTAnuA1faPUDJe-K--6CwXUb6ggs-gWkVNoe39C2eBW2Ree2ChNy57btn2MEzf2Oj1aGuZvL9H3vXJEup19Aw7psQbB5ZGLOkJC6FtFo5megxy061BU0FiyuFMfWPTM2tjAsS3unE-w; SG_SS=*79Oa04vyAAa7yTBNm8l913SotFiu3Z8EADQBEArZ1DtF47hFXAHIWaYFRQZvIaRqfOrh9NTSxgehyWxdfLrMfIw0X_wLiZ4siHjFL_A3PQAAAC9tAAAAClcBB0EANRb3mKeYlK8DxKdCBBco8JhXB39rx4wFx58Xa1D9K3BGAw__FMC4cia3jw6UTVku7bc6YfH4NQBlpHtoGbdRfdDrvCNf0yjQfbeqwtsJqJjLqW3mpqY9vfkdCXsYs2oWH9VHkBtWEFBED6_zyBan1PZMszAfTWYJnUIlc7thzFJ4z-z81GxTRZKqyddB5V4WcqM4myFGDKEq_nkdU3OmAjNC1pTpH3wZZ2UXIGvcrCke6TkfnbtkRLZhEx2i5ROuUQ3narDeCTqvIyzU7sfeh8EpeIV6ZKxYdqxVongIrRGtwc93vMAqrhlQvfWAdv30aWGFfCkKEVzf6pyKpIdfZ1kg2-B4Z6bTI8DaxAR4QsMNViv1dPkBEhTVL77zZBiYXN2b9HpN_RrOomZXTziW0yO4qycsblXX52o6rAbVOexQyKhN5ZljfiF5kT2rc1hRR1GJYuZuN123wjC6MBBaeRYmf_ESnxfEwaxACyX7VQdMpJGi5G7SmKglgd9kGyeh44zecKbtB4myfhp322PtOgVdp-50XEmvNAezaY74nz8D6qr6dnFr8TrSf7piGjTdhV5FY2ks3Oz |
Edit tour
chrome.exe (PID: 6212 cmdline: 
