hxxp://img[.]demo[.]18appitalia[.]it

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 13:24 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://img.demo.18appitalia.it

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133675106737567117"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe
2932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe
Token: SeShutdownPrivilege	2920	chrome.exe
Token: SeCreatePagefilePrivilege	2920	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe
2920	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1844	2920	chrome.exe	83
PID 2920 wrote to memory of 1844	2920	chrome.exe	83
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 3304	2920	chrome.exe	84
PID 2920 wrote to memory of 1980	2920	chrome.exe	85
PID 2920 wrote to memory of 1980	2920	chrome.exe	85
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86
PID 2920 wrote to memory of 928	2920	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://img.demo.18appitalia.it
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffed34ecc40,0x7ffed34ecc4c,0x7ffed34ecc58
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3060,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3052,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4464 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3364,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3080 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4668,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4624,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,14723568929610073804,4279050062446101773,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2932

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2844

Network

DNS

img.demo.18appitalia.it

chrome.exe

Remote address:

8.8.8.8:53

Request

img.demo.18appitalia.it

IN A

Response

img.demo.18appitalia.it

IN A

185.53.177.53
GET

https://img.demo.18appitalia.it/

chrome.exe

Remote address:

185.53.177.53:443

Request

GET / HTTP/2.0
host: img.demo.18appitalia.it
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ch: viewport-width
accept-ch: dpr
accept-ch: device-memory
accept-ch: rtt
accept-ch: downlink
accept-ch: ect
accept-ch: ua
accept-ch: ua-full-version
accept-ch: ua-platform
accept-ch: ua-platform-version
accept-ch: ua-arch
accept-ch: ua-model
accept-ch: ua-mobile
accept-ch-lifetime: 30
alt-svc: h3=":8443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Aug 2024 13:24:30 GMT
host: {http.reverse_proxy.upstream.hostport}
server: Caddy
server: nginx
vary: Accept-Encoding
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_WImQVxQj8tVEXfD1K1yk77IoYI79dJ6fAK4t7yuZINb7tsjWpZHJcvX1fvzwva5iBNTmqGV6y7+sQei/1p2gdw==
x-buckets: bucket011
x-domain: 18appitalia.it
x-forwarded-host: img.demo.18appitalia.it
x-language: english
x-ssl-c: v1
x-ssl-proxy: v2
x-subdomain: img.demo
x-template: tpl_CleanPeppermintBlack_twoclick
GET

https://img.demo.18appitalia.it/track.php?domain=18appitalia.it&toggle=browserjs&uid=MTcyMzAzNzA3MC43Njg2OjQ1YzkwYmNjYmIyMGU3YzA1NmViNjNiMDEwODIyOTM3OTg4ZDYzODZiZGJkNzQyMDg2Yzc1ZjJhZTVlMmQ5MmY6NjZiMzc1OGViYmE2Mw%3D%3D

chrome.exe

Remote address:

185.53.177.53:443

Request

GET /track.php?domain=18appitalia.it&toggle=browserjs&uid=MTcyMzAzNzA3MC43Njg2OjQ1YzkwYmNjYmIyMGU3YzA1NmViNjNiMDEwODIyOTM3OTg4ZDYzODZiZGJkNzQyMDg2Yzc1ZjJhZTVlMmQ5MmY6NjZiMzc1OGViYmE2Mw%3D%3D HTTP/2.0
host: img.demo.18appitalia.it
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
device-memory: 8
rtt: 100
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
viewport-width: 1280
dpr: 1
downlink: 1.45
ect: 4g
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

accept-ch: viewport-width
accept-ch: dpr
accept-ch: device-memory
accept-ch: rtt
accept-ch: downlink
accept-ch: ect
accept-ch: ua
accept-ch: ua-full-version
accept-ch: ua-platform
accept-ch: ua-platform-version
accept-ch: ua-arch
accept-ch: ua-model
accept-ch: ua-mobile
accept-ch-lifetime: 30
access-control-allow-origin: *
alt-svc: h3=":8443"; ma=2592000
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 07 Aug 2024 13:24:30 GMT
host: {http.reverse_proxy.upstream.hostport}
server: Caddy
server: nginx
vary: Accept-Encoding
x-custom-track: browserjs
x-forwarded-host: img.demo.18appitalia.it
x-ssl-c: v1
x-ssl-proxy: v2
GET

https://img.demo.18appitalia.it/ls.php?t=66b3758e&token=fa14d0a85bef300f826d6a70a5e910b07003931e

chrome.exe

Remote address:

185.53.177.53:443

Request

GET /ls.php?t=66b3758e&token=fa14d0a85bef300f826d6a70a5e910b07003931e HTTP/2.0
host: img.demo.18appitalia.it
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
device-memory: 8
rtt: 100
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
viewport-width: 1280
dpr: 1
downlink: 1.45
ect: 4g
sec-ch-ua-platform: "Windows"
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 201

accept-ch: viewport-width
accept-ch: dpr
accept-ch: device-memory
accept-ch: rtt
accept-ch: downlink
accept-ch: ect
accept-ch: ua
accept-ch: ua-full-version
accept-ch: ua-platform
accept-ch: ua-platform-version
accept-ch: ua-arch
accept-ch: ua-model
accept-ch: ua-mobile
accept-ch-lifetime: 30
access-control-allow-methods: POST, OPTIONS
access-control-allow-origin:
access-control-max-age: 86400
alt-svc: h3=":8443"; ma=2592000
charset: utf-8
content-type: text/javascript;charset=UTF-8
date: Wed, 07 Aug 2024 13:24:30 GMT
host: {http.reverse_proxy.upstream.hostport}
server: Caddy
server: nginx
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_nyuJAP1RrYHGq2jyCEl7YK8ZJY4ER9jMWDiZmTYOFLwOW0eIxPwUz7Kb9lRL/c0rD6/sTZKVYvJK27VYnRo6GA==
x-forwarded-host: img.demo.18appitalia.it
x-log-success: 66b3758eb832ffcf8d0ae96d
x-ssl-c: v1
x-ssl-proxy: v2
GET

https://img.demo.18appitalia.it/favicon.ico

chrome.exe

Remote address:

185.53.177.53:443

Request

GET /favicon.ico HTTP/2.0
host: img.demo.18appitalia.it
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
device-memory: 8
rtt: 100
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
viewport-width: 1280
dpr: 1
downlink: 1.45
ect: 4g
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
cookie: __gsas=ID=7e2632f1d3f24515:T=1723037071:RT=1723037071:S=ALNI_MZuom0pNz1-l85L18S3sUNnfqlShQ

Response

HTTP/2.0 200

accept-ranges: bytes
alt-svc: h3=":8443"; ma=2592000
content-type: image/x-icon
date: Wed, 07 Aug 2024 13:24:33 GMT
etag: "66ac8482-0"
host: {http.reverse_proxy.upstream.hostport}
last-modified: Fri, 02 Aug 2024 07:02:26 GMT
server: Caddy
server: nginx
x-forwarded-host: img.demo.18appitalia.it
x-ssl-c: v1
x-ssl-proxy: v2
content-length: 0
DNS

d38psrni17bvxu.cloudfront.net

chrome.exe

Remote address:

8.8.8.8:53

Request

d38psrni17bvxu.cloudfront.net

IN A

Response

d38psrni17bvxu.cloudfront.net

IN A

18.172.218.22

d38psrni17bvxu.cloudfront.net

IN A

18.172.218.119

d38psrni17bvxu.cloudfront.net

IN A

18.172.218.144

d38psrni17bvxu.cloudfront.net

IN A

18.172.218.219
DNS

www.google.com

chrome.exe

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.179.196
GET

https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CLmPywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

chrome.exe

Remote address:

18.172.218.22:443

Request

GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/2.0
host: d38psrni17bvxu.cloudfront.net
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9

Response

HTTP/2.0 200

content-type: image/png
content-length: 11375
server: nginx
date: Tue, 06 Aug 2024 17:27:24 GMT
last-modified: Thu, 21 Mar 2024 11:48:11 GMT
accept-ranges: bytes
etag: "65fc1e7b-2c6f"
x-cache: Hit from cloudfront
via: 1.1 e635875a1b765e19e161b42a06c4be12.cloudfront.net (CloudFront)
x-amz-cf-pop: BCN50-P1
x-amz-cf-id: wdAkwrqmZtvJAps6uoMbJBEAp2___KCKt-0bput4ur5bHff78qKh4Q==
age: 71827
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

53.177.53.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

53.177.53.185.in-addr.arpa

IN PTR

Response
DNS

202.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.179.250.142.in-addr.arpa

IN PTR

Response

202.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f101e100net
DNS

syndicatedsearch.goog

chrome.exe

Remote address:

8.8.8.8:53

Request

syndicatedsearch.goog

IN A

Response

syndicatedsearch.goog

IN A

142.250.179.142
DNS

partner.googleadservices.com

chrome.exe

Remote address:

8.8.8.8:53

Request

partner.googleadservices.com

IN A

Response

partner.googleadservices.com

IN A

172.217.168.194
GET

https://syndicatedsearch.goog/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fimg.demo.18appitalia.it%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2271262091554768&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3%7Cs&nocache=8031723037070790&num=0&output=afd_ads&domain_name=img.demo.18appitalia.it&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1723037070790&u_w=1280&u_h=720&biw=1263&bih=593&psw=1263&psh=791&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=659524724&rurl=https%3A%2F%2Fimg.demo.18appitalia.it%2F

chrome.exe

Remote address:

142.250.179.142:443

Request

GET /afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fimg.demo.18appitalia.it%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2271262091554768&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3%7Cs&nocache=8031723037070790&num=0&output=afd_ads&domain_name=img.demo.18appitalia.it&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1723037070790&u_w=1280&u_h=720&biw=1263&bih=593&psw=1263&psh=791&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=659524724&rurl=https%3A%2F%2Fimg.demo.18appitalia.it%2F HTTP/2.0
host: syndicatedsearch.goog
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://partner.googleadservices.com/gampad/cookie.js?domain=img.demo.18appitalia.it&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie

chrome.exe

Remote address:

172.217.168.194:443

Request

GET /gampad/cookie.js?domain=img.demo.18appitalia.it&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie HTTP/2.0
host: partner.googleadservices.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CLmPywE=
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=0B45DB75402E6FA336CFCFA141CE6E12; domain=.bing.com; expires=Mon, 01-Sep-2025 13:24:31 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 65848014C6254161A6CCD4F247DFA68E Ref B: LON04EDGE1217 Ref C: 2024-08-07T13:24:31Z
date: Wed, 07 Aug 2024 13:24:31 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0B45DB75402E6FA336CFCFA141CE6E12

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=nchTmkSPiXrGrPlGMLglkSRbdPZVy-UxQMqeoGnlUbM; domain=.bing.com; expires=Mon, 01-Sep-2025 13:24:31 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4DA5EE4EB6384AF788BCA670D9CBB74C Ref B: LON04EDGE1217 Ref C: 2024-08-07T13:24:31Z
date: Wed, 07 Aug 2024 13:24:31 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=0B45DB75402E6FA336CFCFA141CE6E12; MSPTC=nchTmkSPiXrGrPlGMLglkSRbdPZVy-UxQMqeoGnlUbM

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 43451C337BB84936B6E58A195EB25B71 Ref B: LON04EDGE1217 Ref C: 2024-08-07T13:24:31Z
date: Wed, 07 Aug 2024 13:24:31 GMT
GET

https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26psid%3D7840396037%26pcsa%3Dfalse%26channel%3D000001%252Cbucket011%26client%3Ddp-teaminternet09_3ph%26r%3Dm%26hl%3Den%26ivt%3D0%26rpbu%3Dhttp%253A%252F%252Fimg.demo.18appitalia.it%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%25253D%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2271262091554768%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr3%257Cs%26nocache%3D8031723037070790%26num%3D0%26output%3Dafd_ads%26domain_name%3Dimg.demo.18appitalia.it%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D0%26dt%3D1723037070790%26u_w%3D1280%26u_h%3D720%26biw%3D1263%26bih%3D593%26psw%3D1263%26psh%3D791%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D659524724%26rurl%3Dhttps%253A%252F%252Fimg.demo.18appitalia.it%252F&hl=en&q=EgTCbg1GGI_rzbUGIjD8Tqwhu2srLMD2w-zAxR9Xa_1XEePlkABn36HytS4bZRDhGQcPvcZHgGwVIuTRjScyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26psid%3D7840396037%26pcsa%3Dfalse%26channel%3D000001%252Cbucket011%26client%3Ddp-teaminternet09_3ph%26r%3Dm%26hl%3Den%26ivt%3D0%26rpbu%3Dhttp%253A%252F%252Fimg.demo.18appitalia.it%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%25253D%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2271262091554768%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr3%257Cs%26nocache%3D8031723037070790%26num%3D0%26output%3Dafd_ads%26domain_name%3Dimg.demo.18appitalia.it%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D0%26dt%3D1723037070790%26u_w%3D1280%26u_h%3D720%26biw%3D1263%26bih%3D593%26psw%3D1263%26psh%3D791%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D659524724%26rurl%3Dhttps%253A%252F%252Fimg.demo.18appitalia.it%252F&hl=en&q=EgTCbg1GGI_rzbUGIjD8Tqwhu2srLMD2w-zAxR9Xa_1XEePlkABn36HytS4bZRDhGQcPvcZHgGwVIuTRjScyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/2.0
host: www.google.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
referer: https://img.demo.18appitalia.it/
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://www.google.com/recaptcha/api.js

chrome.exe

Remote address:

142.250.179.196:443

Request

GET /recaptcha/api.js HTTP/2.0
host: www.google.com
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
accept: */*
x-client-data: CLmPywE=
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26psid%3D7840396037%26pcsa%3Dfalse%26channel%3D000001%252Cbucket011%26client%3Ddp-teaminternet09_3ph%26r%3Dm%26hl%3Den%26ivt%3D0%26rpbu%3Dhttp%253A%252F%252Fimg.demo.18appitalia.it%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%25253D%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2271262091554768%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr3%257Cs%26nocache%3D8031723037070790%26num%3D0%26output%3Dafd_ads%26domain_name%3Dimg.demo.18appitalia.it%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D0%26dt%3D1723037070790%26u_w%3D1280%26u_h%3D720%26biw%3D1263%26bih%3D593%26psw%3D1263%26psh%3D791%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D659524724%26rurl%3Dhttps%253A%252F%252Fimg.demo.18appitalia.it%252F&hl=en&q=EgTCbg1GGI_rzbUGIjD8Tqwhu2srLMD2w-zAxR9Xa_1XEePlkABn36HytS4bZRDhGQcPvcZHgGwVIuTRjScyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

196.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

196.179.250.142.in-addr.arpa

IN PTR

Response

196.179.250.142.in-addr.arpa

IN PTR

ams15s42-in-f41e100net
DNS

22.218.172.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.218.172.18.in-addr.arpa

IN PTR

Response

22.218.172.18.in-addr.arpa

IN PTR

server-18-172-218-22bcn50r cloudfrontnet
DNS

142.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.179.250.142.in-addr.arpa

IN PTR

Response

142.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f141e100net
DNS

194.168.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.168.217.172.in-addr.arpa

IN PTR

Response

194.168.217.172.in-addr.arpa

IN PTR

ams16s32-in-f21e100net
DNS

136.32.126.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

136.32.126.40.in-addr.arpa

IN PTR

Response
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

content-autofill.googleapis.com

chrome.exe

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

216.58.208.106

content-autofill.googleapis.com

IN A

142.250.179.202

content-autofill.googleapis.com

IN A

142.251.36.10

content-autofill.googleapis.com

IN A

142.251.36.42

content-autofill.googleapis.com

IN A

142.251.39.106

content-autofill.googleapis.com

IN A

142.250.179.138

content-autofill.googleapis.com

IN A

172.217.168.234

content-autofill.googleapis.com

IN A

142.250.179.170

content-autofill.googleapis.com

IN A

172.217.23.202
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk8dqZYMe7mkRIFDVNaR8UhNPMsUJv-EH0=?alt=proto

chrome.exe

Remote address:

216.58.208.106:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk8dqZYMe7mkRIFDVNaR8UhNPMsUJv-EH0=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CLmPywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
GET

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk2QkampSz8XhIFDVNaR8Uh1qELrzPmFXkSGQk8dqZYMe7mkRIFDVNaR8Uh1qELrzPmFXk=?alt=proto

chrome.exe

Remote address:

216.58.208.106:443

Request

GET /v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk2QkampSz8XhIFDVNaR8Uh1qELrzPmFXkSGQk8dqZYMe7mkRIFDVNaR8Uh1qELrzPmFXk=?alt=proto HTTP/2.0
host: content-autofill.googleapis.com
x-goog-encode-response-if-executable: base64
x-goog-api-key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
x-client-data: CLmPywE=
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

131.179.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

131.179.250.142.in-addr.arpa

IN PTR

Response

131.179.250.142.in-addr.arpa

IN PTR

ams17s10-in-f31e100net
DNS

106.208.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.208.58.216.in-addr.arpa

IN PTR

Response

106.208.58.216.in-addr.arpa

IN PTR

ams17s08-in-f101e100net

106.208.58.216.in-addr.arpa

IN PTR

sof01s11-in-f106�I
DNS

3.36.251.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.36.251.142.in-addr.arpa

IN PTR

Response

3.36.251.142.in-addr.arpa

IN PTR

ams15s44-in-f31e100net
DNS

50.23.12.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

50.23.12.20.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

71.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.190.18.2.in-addr.arpa

IN PTR

Response

71.190.18.2.in-addr.arpa

IN PTR

a2-18-190-71deploystaticakamaitechnologiescom
DNS

172.214.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.214.232.199.in-addr.arpa

IN PTR

Response
DNS

79.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

79.190.18.2.in-addr.arpa

IN PTR

Response

79.190.18.2.in-addr.arpa

IN PTR

a2-18-190-79deploystaticakamaitechnologiescom
DNS

beacons.gcp.gvt2.com

chrome.exe

Remote address:

8.8.8.8:53

Request

beacons.gcp.gvt2.com

IN A

Response

beacons.gcp.gvt2.com

IN CNAME

beacons-handoff.gcp.gvt2.com

beacons-handoff.gcp.gvt2.com

IN A

142.250.69.3
POST

https://beacons.gcp.gvt2.com/domainreliability/upload

chrome.exe

Remote address:

142.250.69.3:443

Request

POST /domainreliability/upload HTTP/2.0
host: beacons.gcp.gvt2.com
content-length: 522
content-type: application/json; charset=utf-8
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-encoding: gzip, deflate, br, zstd
accept-language: en-US,en;q=0.9
DNS

3.69.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.69.250.142.in-addr.arpa

IN PTR

Response

3.69.250.142.in-addr.arpa

IN PTR

lcphxq-aa-in-f31e100net

3.69.250.142.in-addr.arpa

IN PTR

qro02s18-in-f3�G

185.53.177.53:80

img.demo.18appitalia.it

chrome.exe

190 B
164 B
4
4
185.53.177.53:80

img.demo.18appitalia.it

chrome.exe

190 B
164 B
4
4
185.53.177.53:443

https://img.demo.18appitalia.it/favicon.ico

tls, http2

chrome.exe

3.0kB
12.5kB
25
27

HTTP Request

GET https://img.demo.18appitalia.it/

HTTP Response

200

HTTP Request

GET https://img.demo.18appitalia.it/track.php?domain=18appitalia.it&toggle=browserjs&uid=MTcyMzAzNzA3MC43Njg2OjQ1YzkwYmNjYmIyMGU3YzA1NmViNjNiMDEwODIyOTM3OTg4ZDYzODZiZGJkNzQyMDg2Yzc1ZjJhZTVlMmQ5MmY6NjZiMzc1OGViYmE2Mw%3D%3D

HTTP Response

200

HTTP Request

GET https://img.demo.18appitalia.it/ls.php?t=66b3758e&token=fa14d0a85bef300f826d6a70a5e910b07003931e

HTTP Response

201

HTTP Request

GET https://img.demo.18appitalia.it/favicon.ico

HTTP Response

200
142.250.179.196:443

https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true

tls, http2

chrome.exe

3.2kB
66.2kB
44
58

HTTP Request

GET https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true
18.172.218.22:443

https://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

tls, http2

chrome.exe

2.2kB
18.9kB
22
23

HTTP Request

GET https://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png

HTTP Response

200
142.250.179.142:443

syndicatedsearch.goog

tls, http2

chrome.exe

1.1kB
5.7kB
11
10
142.250.179.142:443

https://syndicatedsearch.goog/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fimg.demo.18appitalia.it%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2271262091554768&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3%7Cs&nocache=8031723037070790&num=0&output=afd_ads&domain_name=img.demo.18appitalia.it&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1723037070790&u_w=1280&u_h=720&biw=1263&bih=593&psw=1263&psh=791&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=659524724&rurl=https%3A%2F%2Fimg.demo.18appitalia.it%2F

tls, http2

chrome.exe

2.7kB
9.4kB
16
19

HTTP Request

GET https://syndicatedsearch.goog/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000001%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&ivt=0&rpbu=http%3A%2F%2Fimg.demo.18appitalia.it%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%253D%253D&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2271262091554768&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301431%2C17301433%2C17301436%2C17301511%2C17301516%2C17301266&format=r3%7Cs&nocache=8031723037070790&num=0&output=afd_ads&domain_name=img.demo.18appitalia.it&v=3&bsl=8&pac=2&u_his=1&u_tz=0&dt=1723037070790&u_w=1280&u_h=720&biw=1263&bih=593&psw=1263&psh=791&frm=0&uio=--&cont=tc&drt=0&jsid=caf&jsv=659524724&rurl=https%3A%2F%2Fimg.demo.18appitalia.it%2F
172.217.168.194:443

https://partner.googleadservices.com/gampad/cookie.js?domain=img.demo.18appitalia.it&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie

tls, http2

chrome.exe

2.0kB
7.1kB
15
18

HTTP Request

GET https://partner.googleadservices.com/gampad/cookie.js?domain=img.demo.18appitalia.it&client=dp-teaminternet09_3ph&product=SAS&callback=__sasCookie
204.79.197.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

tls, http2

2.0kB
9.3kB
21
18

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=dd0fbf11098c48f2900d816254745ade&localId=w:58F15D5C-450D-8348-2910-A8A47129F4C2&deviceId=6825833575955334&anid=

HTTP Response

204
142.250.179.196:443

https://www.google.com/recaptcha/api.js

tls, http2

chrome.exe

4.6kB
15.0kB
24
29

HTTP Request

GET https://www.google.com/sorry/index?continue=https://syndicatedsearch.goog/afs/ads%3Fadtest%3Doff%26psid%3D7840396037%26pcsa%3Dfalse%26channel%3D000001%252Cbucket011%26client%3Ddp-teaminternet09_3ph%26r%3Dm%26hl%3Den%26ivt%3D0%26rpbu%3Dhttp%253A%252F%252Fimg.demo.18appitalia.it%252F%253Fts%253DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NmIzNzU4ZWJiYTJmfHx8MTcyMzAzNzA3MC44MDQyfDdjNzE4YTY5YTRhMzMzYTk3ZjhiZmJkNWEyM2RkNzA2NTgxNWU2Zjd8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxmYTE0ZDBhODViZWYzMDBmODI2ZDZhNzBhNWU5MTBiMDcwMDM5MzFlfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8fA%25253D%25253D%26max_radlink_len%3D40%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-2271262091554768%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301431%252C17301433%252C17301436%252C17301511%252C17301516%252C17301266%26format%3Dr3%257Cs%26nocache%3D8031723037070790%26num%3D0%26output%3Dafd_ads%26domain_name%3Dimg.demo.18appitalia.it%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D0%26dt%3D1723037070790%26u_w%3D1280%26u_h%3D720%26biw%3D1263%26bih%3D593%26psw%3D1263%26psh%3D791%26frm%3D0%26uio%3D--%26cont%3Dtc%26drt%3D0%26jsid%3Dcaf%26jsv%3D659524724%26rurl%3Dhttps%253A%252F%252Fimg.demo.18appitalia.it%252F&hl=en&q=EgTCbg1GGI_rzbUGIjD8Tqwhu2srLMD2w-zAxR9Xa_1XEePlkABn36HytS4bZRDhGQcPvcZHgGwVIuTRjScyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM

HTTP Request

GET https://www.google.com/recaptcha/api.js
216.58.208.106:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk8dqZYMe7mkRIFDVNaR8UhNPMsUJv-EH0=?alt=proto

tls, http2

chrome.exe

1.9kB
6.8kB
15
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk8dqZYMe7mkRIFDVNaR8UhNPMsUJv-EH0=?alt=proto
216.58.208.106:443

https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk2QkampSz8XhIFDVNaR8Uh1qELrzPmFXkSGQk8dqZYMe7mkRIFDVNaR8Uh1qELrzPmFXk=?alt=proto

tls, http2

chrome.exe

2.0kB
6.8kB
16
16

HTTP Request

GET https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTIzLjAuNjMxMi4xMjMSGQk2QkampSz8XhIFDVNaR8Uh1qELrzPmFXkSGQk8dqZYMe7mkRIFDVNaR8Uh1qELrzPmFXk=?alt=proto
142.250.69.3:443

https://beacons.gcp.gvt2.com/domainreliability/upload

tls, http2

chrome.exe

2.2kB
6.9kB
15
15

HTTP Request

POST https://beacons.gcp.gvt2.com/domainreliability/upload

8.8.8.8:53

img.demo.18appitalia.it

dns

chrome.exe

69 B
85 B
1
1

DNS Request

img.demo.18appitalia.it

DNS Response

185.53.177.53
8.8.8.8:53

d38psrni17bvxu.cloudfront.net

dns

chrome.exe

75 B
139 B
1
1

DNS Request

d38psrni17bvxu.cloudfront.net

DNS Response

18.172.218.22

18.172.218.119

18.172.218.144

18.172.218.219
8.8.8.8:53

www.google.com

dns

chrome.exe

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.179.196
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

53.177.53.185.in-addr.arpa

dns

72 B
150 B
1
1

DNS Request

53.177.53.185.in-addr.arpa
8.8.8.8:53

202.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

202.179.250.142.in-addr.arpa
8.8.8.8:53

syndicatedsearch.goog

dns

chrome.exe

67 B
83 B
1
1

DNS Request

syndicatedsearch.goog

DNS Response

142.250.179.142
8.8.8.8:53

partner.googleadservices.com

dns

chrome.exe

74 B
90 B
1
1

DNS Request

partner.googleadservices.com

DNS Response

172.217.168.194
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
142.250.179.196:443

www.google.com

https

chrome.exe

7.6kB
52.0kB
41
58
8.8.8.8:53

196.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

196.179.250.142.in-addr.arpa
8.8.8.8:53

22.218.172.18.in-addr.arpa

dns

72 B
129 B
1
1

DNS Request

22.218.172.18.in-addr.arpa
8.8.8.8:53

142.179.250.142.in-addr.arpa

dns

74 B
113 B
1
1

DNS Request

142.179.250.142.in-addr.arpa
8.8.8.8:53

194.168.217.172.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

194.168.217.172.in-addr.arpa
8.8.8.8:53

136.32.126.40.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

136.32.126.40.in-addr.arpa
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

content-autofill.googleapis.com

dns

chrome.exe

77 B
221 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

216.58.208.106

142.250.179.202

142.251.36.10

142.251.36.42

142.251.39.106

142.250.179.138

172.217.168.234

142.250.179.170

172.217.23.202
8.8.8.8:53

131.179.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

131.179.250.142.in-addr.arpa
8.8.8.8:53

106.208.58.216.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

106.208.58.216.in-addr.arpa
8.8.8.8:53

3.36.251.142.in-addr.arpa

dns

71 B
109 B
1
1

DNS Request

3.36.251.142.in-addr.arpa
224.0.0.251:5353

chrome.exe

204 B
3
8.8.8.8:53

50.23.12.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

50.23.12.20.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

71.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

71.190.18.2.in-addr.arpa
8.8.8.8:53

172.214.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.214.232.199.in-addr.arpa
8.8.8.8:53

79.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

79.190.18.2.in-addr.arpa
8.8.8.8:53

beacons.gcp.gvt2.com

dns

chrome.exe

66 B
112 B
1
1

DNS Request

beacons.gcp.gvt2.com

DNS Response

142.250.69.3
8.8.8.8:53

3.69.250.142.in-addr.arpa

dns

71 B
139 B
1
1

DNS Request

3.69.250.142.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
299722db91ba49b613139de257be32d0

SHA1
abcc0ce7aa309aae46753003c03bcf72e8ac5a6e

SHA256
f9919c1e74bd3ccdefce083e6157b7439ca8a859559de8f96d879725ecbe207f

SHA512
f225943c187cdff9c015105037b0cd7d8767450decfb5ca1afedd5423e075bbbeba6e51973c1297a8c8353e2fa9b4339958a6ef9bd633be0484428984226b10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
66f42c479316ce3fcdb32304a3e21788

SHA1
d7e2412bb13c974067d3c32b39874c3fe542ee83

SHA256
ecaeb09461661c1ec49be5d17134f666ef01c4dbaf91a896a54777825bf6f342

SHA512
ac5b788a8364fff45d47dbd7ebcef72bebcf8babfcde47bd78fa4ec8e87b9e4b6faa714cfd75ee279889ca14884f574ac529bb17d6ddbc4c12684243ab752c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b8c10aaae14e517b94e333fe32661ce7

SHA1
5dbed18d91cda45b83a63115f50948c6d725f88c

SHA256
95990ebda5e385829c25c4502b91ed4b8cee2a0a6eaef69bbe99af5656bb9bb8

SHA512
d043fc09e4376750dcfb3ffb66e2a0e73e116602364a10a9484bd868a5403935430cfd489cf537e31a407b098de9f62e5c0fd7670839bd6f2ac2d6b607429f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5b4123358c9c17a9619b3667c417b131

SHA1
07ed9569abd9741fead94df68546e7be569a6384

SHA256
41d778468d838fab93bd082d1dd0d3fd22f3cf7b64b82425ac1245f70d4a6954

SHA512
2fb8e69a00f73c63a458f78e9ff1311bd8b7f5417378dec7605139bdd391462982a4fa1ec003f16bfe49d28cb61e3542a69038aceae5737dcd3441b3736e33c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3494954b57b2f5c0532b6b0af46c8e7b

SHA1
4657853cde8f344a7b31a3aed26cb835e183a2d8

SHA256
7604451929d9e84b89cae3c487fc2610a4e9ec38b128248f6e18b4048b31c406

SHA512
c5e48252abbd0e281f24570a3407c81a530bd997ff0a27b6708921c8c17d080209fc5b2996a301de9c7ec82c7fac56bd62615208af3d670a6d3f949905fbad7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa819e87010fbdc46cc9c5971407ae88

SHA1
a4acb5c32901205b41ec3618c2b1086507bf44c9

SHA256
edef3c77d371a1e7a831ddd3cf6e86dea384ef4ce4699ba7c614158721b8a7aa

SHA512
bdef579c9b2ef8a9afee506f58396307ae1fc9bf29f47d85ee44444caa9d3584a6e21953bf6c50e0789bf5a6ca45b63b099a55f266b6f30f4d0c9f91a9be29be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94e1dac32c95c61b87872e981483e3e6

SHA1
56bf2a1d5e63fed57e1f037001969dfbbe93832d

SHA256
5400e80526447d9ac4e1c92dad37bd4c438d7d5a18638625a3528d23677ec4c4

SHA512
688065fdd8670be1e60ddfe0ae011b5077fd4edc07ac150e58b747d18bc0b72afcb27e20ff1e1d33906031044769f5d647e5244ca78eb6307beb667d0700f256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3575e7979158e406ec12b2c00d017a7

SHA1
ab2ea2ff36ef7eeb3e00f4f1e30e6ba84cf5c9f1

SHA256
2e015eed9b9ccad85e6e71db1a4ac92d1068aee602b782d78238b888ee23e974

SHA512
dd3aefde2f639ce6567b9c3cbbf94b5bc77229d6c5549f8aa7dd0fd1799c2772dcdd9dcc0a2317d6279b8b242f83f689dedad84335d25e98c2a885f9b52b6a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
03cda14095c0636cfee629fdeeca8637

SHA1
f0a4863d94f04fd3d9cb1d6b8442a2266203a026

SHA256
679b9727fd230a74244a2a9bda74dda87f3b5ecc877ed8ed38fa3c528d3b5043

SHA512
c278921368d4bda66b1ea3debdcf4c5db965ba82cdd11e0a13ae6e76ab4e3ac3b6c01d5d46e6e47f54d773e8120ec9eb3629095a6fcb286b277ebd7df5243d01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c67a269d01820e1a0006eb5007bf47b2

SHA1
f83a39cf190a80c464f1bbf27d14b052014b3776

SHA256
e69274db67b48103004db7e3bd41d577c4114369e74b434f0205317912aecdd0

SHA512
57cb3fb6027afb0a0b2779e9f01e52d8d2ffafa53cf2db00ef041b2343c93f0588d6b6e7c1a6a0663e985954cba50c2be55bd76688e071d5b4925725226e097b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5605a37bdfc24f8ece927d68d592876

SHA1
5bd5227667cc2850b4fa29ec08d1dede3af14e9f

SHA256
2a88b1654a49365bde68656f1ba1b482bacbbe9de411ace3a84b5a71cdfe267c

SHA512
9f7b4fad35de4b913fbfffcf81e3baf144f10c923aa383130dc84c1ec7e0592dee14c48695aa7830f51f8ea0e637bda3811c2849c5f32bf3957bcc51b942f85a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8aba1c95cb2d58cf96c728ae25eaf3ed

SHA1
ee2450aac0e9e506185f0479faff176303b4f1a7

SHA256
766f7e33bb55e983819f7f07fcce2b4db22c0250d3ca49493122f54bdff9eba8

SHA512
b0ef92e56eb234560a8c2a781e2acfcaa7b2f40cc8e11a9b5efb15ab74ec95d6f67aad4e7d75bd570793a20e9efdcc0575679282ff3f330f0006d0461a0e6784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
6145cd1c1999f43181863e6d45a396ab

SHA1
9e725a9b341faf70335d0df90097e8fe89c54810

SHA256
6f5598456e4da297e9215568ac2795c66bc02db14fc78b42b02931be81e6f868

SHA512
65d8fe418aaf78f7153606d0b36eea95127d655f82cca2e9b5fb03f5bda068bf1ca4298860142d002e7e5f3d8a448c5d1aa235e63c586ad3ee3def83f81805a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8d354d02ad4113399fd97754690c3607

SHA1
60883829bff357259bc3feee626093e8ae40d0de

SHA256
94444955c1db27e01fd4a136fa232f01209bc6dc5117614d3b8feef691c554b3

SHA512
8daec8bd7d3f0ff05b526f1556f7b403ef384f4107b92ca656b282d4ce024af93e6b20e0bbcafaeef1fa0c444678bbeda7df4c8bc371fe009b701c4a6eeb0266

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.