Edit tour

Windows Analysis Report
https://selfcare.firma-remota.it/asmonitor/panel/login

Overview

General Information

Sample URL:	https://selfcare.firma-remota.it/asmonitor/panel/login
Analysis ID:	1466881
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Found iframes

HTML body contains low number of good links

HTML body with high number of embedded images detected

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6796 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 5096 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,7110544913896648715,9179182868871502647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7052 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://selfcare.firma-remota.it/asmonitor/panel/login" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

HTTP traffic detected: POST /piwik.php?action_name=Selfcare%20Firma%20Remota%20-%20Funzionalit%C3%A0%20ed%20utilizzo%20%7C%20Guide%20pec.it&idsite=40&rec=1&r=446105&h=8&m=36&s=42&url=https%3A%2F%2Fguide.pec.it%2Ffunzionalita-pannello-firma-remota.aspx%23a_1474450182479&_id=0c73832e80648f8f&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=kPWyfe&devicePixelRatio=1&pf_net=0&pf_srv=533&pf_tfr=354&pf_dm1=2504&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D HTTP/1.1Host: wa.aruba.itConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=utf-8Accept: */*Origin: https://guide.pec.itSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://guide.pec.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 03 Jul 2024 12:36:18 GMTServer: ApacheStrict-Transport-Security: max-age=31536000; includeSubDomainsX-Frame-Options: denyX-Content-Type-Options: nosniffX-Permitted-Cross-Domain-Policies: noneReferrer-Policy: strict-origin-when-cross-originCross-Origin-Opener-Policy: same-originCross-Origin-Embedder-Policy: unsafe-noneCross-Origin-Resource-Policy: same-originContent-Security-Policy: base-uri 'self'Clear-Site-Data: *Content-Length: 209Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_294.2.dr	String found in binary or memory: http://angularjs.org
Source: chromecache_191.2.dr	String found in binary or memory: http://areaclienti.pec.it
Source: chromecache_191.2.dr	String found in binary or memory: http://cart.aruba.it
Source: chromecache_294.2.dr	String found in binary or memory: http://errors.angularjs.org/1.6.5/
Source: chromecache_182.2.dr	String found in binary or memory: http://fb.me/use-check-prop-types
Source: chromecache_237.2.dr	String found in binary or memory: http://groups.google.com/group/jquery-en/browse_thread/thread/36640a8730503595/2f6a79a77a78e493#2f6a
Source: chromecache_348.2.dr, chromecache_242.2.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_348.2.dr	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1
Source: chromecache_237.2.dr	String found in binary or memory: http://malsup.com/jquery/block/
Source: chromecache_191.2.dr	String found in binary or memory: http://manage.pec.it
Source: chromecache_218.2.dr	String found in binary or memory: http://matomo.org
Source: chromecache_218.2.dr	String found in binary or memory: http://matomo.org/free-software/bsd/
Source: chromecache_233.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: chromecache_237.2.dr	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: chromecache_237.2.dr	String found in binary or memory: http://www.google.com/search?q=growl)
Source: chromecache_236.2.dr	String found in binary or memory: http://www.greensock.com
Source: chromecache_236.2.dr	String found in binary or memory: http://www.greensock.com/terms_of_use.html
Source: chromecache_216.2.dr	String found in binary or memory: http://www.opensource.org/licenses/MIT
Source: chromecache_237.2.dr	String found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: chromecache_301.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_292.2.dr	String found in binary or memory: https://api.usabilla.com/v2/f/
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://areaclienti.arubapec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_191.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://areaclienti.pec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://asbadm.firma-automatica.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://asbadmcredem.firma-automatica.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://asbfe.firma-automatica.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://asbfecredem.firma-automatica.it
Source: chromecache_216.2.dr	String found in binary or memory: https://blueimp.net
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_191.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://cart.aruba.it
Source: chromecache_302.2.dr, chromecache_181.2.dr, chromecache_301.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_356.2.dr, chromecache_344.2.dr	String found in binary or memory: https://cdn.docsbot.ai/teams%2FdLbpMCFxf0DU53JB0aBU%2Fbots%2FyeJDiVixfHo5yMe4ufHx%2Fimages%2F442d267
Source: chromecache_356.2.dr, chromecache_344.2.dr	String found in binary or memory: https://cdn.docsbot.ai/teams%2FdLbpMCFxf0DU53JB0aBU%2Fbots%2FyeJDiVixfHo5yMe4ufHx%2Fimages%2F8c6a075
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://cms.gruppoaruba.it
Source: chromecache_302.2.dr	String found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
Source: chromecache_302.2.dr	String found in binary or memory: https://consent.cookiebot.
Source: chromecache_337.2.dr, chromecache_205.2.dr, chromecache_339.2.dr	String found in binary or memory: https://consent.cookiebot.com/uc.js
Source: chromecache_181.2.dr	String found in binary or memory: https://consent.cookiebot.com/uc.js?cbid=
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://conservazione.docfly.it
Source: chromecache_292.2.dr	String found in binary or memory: https://d6tizftlrpuof.cloudfront.net/live/resources/throbber.gif)
Source: chromecache_292.2.dr	String found in binary or memory: https://d6tizftlrpuof.cloudfront.net/live/scripts/campaign-include/a5f669c28be1979ab5e2785121a6e10b/
Source: chromecache_244.2.dr	String found in binary or memory: https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-aruba-2021-basic-inpage-6cac85841
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://demo.areaclienti.arubapec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://demo.docfly.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://demo.fatturazioneelettronica.aruba.it
Source: chromecache_218.2.dr	String found in binary or memory: https://developer.matomo.org/api-reference/tracking-javascript
Source: chromecache_218.2.dr	String found in binary or memory: https://developer.matomo.org/guides/tracking-javascript-guide#multiple-piwik-trackers
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://fatturazioneelettronica.aruba.it
Source: chromecache_182.2.dr	String found in binary or memory: https://feross.org
Source: chromecache_337.2.dr, chromecache_205.2.dr, chromecache_339.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
Source: chromecache_208.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/gloriahallelujah/v21/LYjYdHv3kUk9BMV96EIswT9DIbW-MIS11zM.woff2)
Source: chromecache_340.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwaPGR_p.woff2)
Source: chromecache_340.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2)
Source: chromecache_315.2.dr, chromecache_198.2.dr, chromecache_340.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2)
Source: chromecache_315.2.dr, chromecache_198.2.dr, chromecache_340.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2)
Source: chromecache_198.2.dr, chromecache_340.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwaPGR_p.woff2)
Source: chromecache_198.2.dr, chromecache_340.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2)
Source: chromecache_315.2.dr, chromecache_198.2.dr, chromecache_340.2.dr, chromecache_229.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2)
Source: chromecache_315.2.dr, chromecache_198.2.dr, chromecache_340.2.dr, chromecache_229.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2)
Source: chromecache_303.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_303.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_303.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_303.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_303.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://gestionemail.pec.it
Source: chromecache_293.2.dr, chromecache_323.2.dr, chromecache_184.2.dr, chromecache_193.2.dr, chromecache_204.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_216.2.dr	String found in binary or memory: https://github.com/blueimp/Bootstrap-Image-Gallery
Source: chromecache_218.2.dr	String found in binary or memory: https://github.com/matomo-org/matomo/blob/master/js/piwik.js
Source: chromecache_293.2.dr, chromecache_204.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_293.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_302.2.dr	String found in binary or memory: https://google.com
Source: chromecache_302.2.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://guide.pec.it
Source: chromecache_337.2.dr	String found in binary or memory: https://guide.pec.it/soluzioni-firma-digitale/firma-remota/gestione-e-utilizzo-firma-remota/funziona
Source: chromecache_337.2.dr	String found in binary or memory: https://guide.pec.it/soluzioni-firma-digitale/firma-remota/riconfigurare-app-aruba-otp.aspx
Source: chromecache_213.2.dr	String found in binary or memory: https://hosting.aruba.it/documents/tc-files/en/7_privacypolicyhostingcart.pdf
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://identification.arubapec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://login.aruba.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://loginspid.aruba.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_191.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://manage.pec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://ml.pec.aruba.it
Source: chromecache_301.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_302.2.dr, chromecache_181.2.dr, chromecache_301.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://partner.arubapec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://pec.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://peclog.pec.aruba.it
Source: chromecache_218.2.dr	String found in binary or memory: https://piwik.org
Source: chromecache_218.2.dr	String found in binary or memory: https://piwik.org/free-software/bsd/
Source: chromecache_215.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_302.2.dr	String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: chromecache_215.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://registrazionespid.aruba.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://riconoscimento.aruba.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://riconoscimentobnl.aruba.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://search.get.cloud
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://selfcare.firma-remota.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://selfcarespid.aruba.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://servicematica.conservazione.docfly.it
Source: chromecache_302.2.dr	String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://spidtest.aruba.it
Source: chromecache_301.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://supervisore.pec.it
Source: chromecache_215.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_302.2.dr, chromecache_181.2.dr, chromecache_301.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://terna.conservazione.docfly.it
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://videoriconoscimento.arubapec.it
Source: chromecache_292.2.dr	String found in binary or memory: https://w.usabilla.com/a/t?m=b&b=
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://webmail.pec.it
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_356.2.dr, chromecache_344.2.dr	String found in binary or memory: https://www.aruba.it/documents/tc-files/it/21_informativa_privacy_aruba_spa_chatbot.pdf).
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_213.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://www.cookiebot.com
Source: chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: https://www.get.cloud
Source: chromecache_301.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_196.2.dr, chromecache_253.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_302.2.dr, chromecache_181.2.dr, chromecache_301.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_301.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_302.2.dr	String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_196.2.dr, chromecache_215.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__.
Source: chromecache_194.2.dr, chromecache_253.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__en.js
Source: chromecache_301.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_379.2.dr	String found in binary or memory: https://www.pec.it/cookie-policy.aspx
Source: chromecache_379.2.dr	String found in binary or memory: https://www.toctoc.me/
Source: chromecache_301.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.8:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.8:49725 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@27/370@95/23

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,7110544913896648715,9179182868871502647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://selfcare.firma-remota.it/asmonitor/panel/login"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 --field-trial-handle=1904,i,7110544913896648715,9179182868871502647,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Drive-by Compromise	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://selfcare.firma-remota.it/asmonitor/panel/login	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://stats.g.doubleclick.net/g/collect	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#localhost_support	0%	URL Reputation	safe
https://support.google.com/recaptcha#6262736	0%	URL Reputation	safe
http://jqueryui.com	0%	URL Reputation	safe
https://support.google.com/recaptcha/?hl=en#6223828	0%	URL Reputation	safe
https://px.ads.linkedin.com/collect?	0%	URL Reputation	safe
https://www.youtube.com/iframe_api	0%	URL Reputation	safe
http://www.opensource.org/licenses/mit-license.php	0%	URL Reputation	safe
https://connect.facebook.net/en_US/fbevents.js	0%	URL Reputation	safe
https://support.google.com/recaptcha/#6175971	0%	URL Reputation	safe
http://opensource.org/licenses/MIT).	0%	URL Reputation	safe
https://support.google.com/recaptcha	0%	URL Reputation	safe
https://www.apache.org/licenses/	0%	URL Reputation	safe
https://cct.google/taggy/agent.js	0%	URL Reputation	safe
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	0%	URL Reputation	safe
http://www.gnu.org/licenses/gpl.html	0%	URL Reputation	safe
https://selfcare.firma-remota.it/asmonitor/images/04_sm_info.png	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/cookiebot.css.xhtml?ln=css	0%	Avira URL Cloud	safe
https://img.sct.eu1.usercentrics.eu/1.gif?dgi=171bc42f-3eec-4afe-be43-f3c81c141fa7	0%	Avira URL Cloud	safe
about:blank	0%	Avira URL Cloud	safe
https://piwik.org/free-software/bsd/	0%	Avira URL Cloud	safe
https://registrazionespid.aruba.it	0%	Avira URL Cloud	safe
https://blueimp.github.io/Gallery/css/blueimp-gallery.min.css	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/	0%	Avira URL Cloud	safe
https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-aruba-2021-basic-inpage-6cac8584191ce485eb6e11121e5b2bb3.css	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/selfcare-style.css.xhtml?ln=css	0%	Avira URL Cloud	safe
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/graphs/contributors)	0%	Avira URL Cloud	safe
http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1	0%	Avira URL Cloud	safe
https://riconoscimento.aruba.it	0%	Avira URL Cloud	safe
https://developer.matomo.org/guides/tracking-javascript-guide#multiple-piwik-trackers	0%	Avira URL Cloud	safe
https://ams.creativecdn.com/tags/v2?type=json	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
https://www.cookiebot.com	0%	Avira URL Cloud	safe
https://d6tizftlrpuof.cloudfront.net/vendor/1.6.5/angular.min.js	0%	Avira URL Cloud	safe
https://w.usabilla.com/a/t?m=b&b=	0%	Avira URL Cloud	safe
https://fatturazioneelettronica.aruba.it	0%	Avira URL Cloud	safe
https://github.com/matomo-org/matomo/blob/master/js/piwik.js	0%	Avira URL Cloud	safe
https://peclog.pec.aruba.it	0%	Avira URL Cloud	safe
https://webmail.pec.it	0%	Avira URL Cloud	safe
http://matomo.org/free-software/bsd/	0%	Avira URL Cloud	safe
http://www.greensock.com	0%	Avira URL Cloud	safe
https://gestionemail.pec.it	0%	Avira URL Cloud	safe
https://www.get.cloud	0%	Avira URL Cloud	safe
https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-aruba-2021-basic-inpage-6cac85841	0%	Avira URL Cloud	safe
https://w.usabilla.com/6c82bc643068.js?lv=1	0%	Avira URL Cloud	safe
https://asbfecredem.firma-automatica.it	0%	Avira URL Cloud	safe
https://spidtest.aruba.it	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/jquery-ui.min.js.xhtml?ln=js	0%	Avira URL Cloud	safe
https://developer.matomo.org/api-reference/tracking-javascript	0%	Avira URL Cloud	safe
https://docsbot.ai/api/widget/dLbpMCFxf0DU53JB0aBU/yeJDiVixfHo5yMe4ufHx	0%	Avira URL Cloud	safe
https://wa.aruba.it/piwik.php?action_name=Selfcare%20Firma%20Remota%20-%20Funzionalit%C3%A0%20ed%20utilizzo%20%7C%20Guide%20pec.it&idsite=40&rec=1&r=446105&h=8&m=36&s=42&url=https%3A%2F%2Fguide.pec.it%2Ffunzionalita-pannello-firma-remota.aspx%23a_1474450182479&_id=0c73832e80648f8f&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=kPWyfe&devicePixelRatio=1&pf_net=0&pf_srv=533&pf_tfr=354&pf_dm1=2504&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D	0%	Avira URL Cloud	safe
https://asbfe.firma-automatica.it	0%	Avira URL Cloud	safe
https://cms.gruppoaruba.it	0%	Avira URL Cloud	safe
https://blueimp.net	0%	Avira URL Cloud	safe
https://servicematica.conservazione.docfly.it	0%	Avira URL Cloud	safe
https://pec.it	0%	Avira URL Cloud	safe
https://play.google.com/log?format=json&hasfast=true	0%	Avira URL Cloud	safe
https://widget.docsbot.ai/chat.js	0%	Avira URL Cloud	safe
http://www.opensource.org/licenses/MIT	0%	Avira URL Cloud	safe
https://areaclienti.arubapec.it	0%	Avira URL Cloud	safe
https://riconoscimentobnl.aruba.it	0%	Avira URL Cloud	safe
https://github.com/twbs/bootstrap/blob/master/LICENSE)	0%	Avira URL Cloud	safe
http://malsup.com/jquery/block/	0%	Avira URL Cloud	safe
http://cart.aruba.it	0%	Avira URL Cloud	safe
https://connect.facebook.net/signals/config/144174932978658?v=2.9.160&r=stable&domain=www.pec.it&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106	0%	Avira URL Cloud	safe
https://videoriconoscimento.arubapec.it	0%	Avira URL Cloud	safe
https://consent.cookiebot.eu/uc.js?cbid=171bc42f-3eec-4afe-be43-f3c81c141fa7&implementation=gtm&consentmode-dataredaction=dynamic&culture=it	0%	Avira URL Cloud	safe
https://loginspid.aruba.it	0%	Avira URL Cloud	safe
https://api.usabilla.com/v2/f/	0%	Avira URL Cloud	safe
https://selfcarespid.aruba.it	0%	Avira URL Cloud	safe
https://consent.cookiebot.com/uc.js?cbid=	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/popper.min.js.xhtml?ln=js	0%	Avira URL Cloud	safe
https://www.toctoc.me/	0%	Avira URL Cloud	safe
https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js	0%	Avira URL Cloud	safe
http://areaclienti.pec.it	0%	Avira URL Cloud	safe
https://consent.cookiebot.eu/logconsent.ashx?action=accept&nocache=1720010246841&dnt=false&method=strict&clp=true&cls=true&clm=true&cbid=171bc42f-3eec-4afe-be43-f3c81c141fa7&cbt=inlineoptin&hasdata=true&usercountry=US-06&referer=https%3A%2F%2Fwww.pec.it&rc=false	0%	Avira URL Cloud	safe
http://www.google.com/search?q=growl)	0%	Avira URL Cloud	safe
https://demo.docfly.it	0%	Avira URL Cloud	safe
https://d6tizftlrpuof.cloudfront.net/live/resources/throbber.gif)	0%	Avira URL Cloud	safe
https://d6tizftlrpuof.cloudfront.net/live/campaign/js/b1f1cccccf.in-page-form.js	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/jquery.min.js.xhtml?ln=js	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/jsf.js.xhtml?ln=javax.faces	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/cookiepolicy.js.xhtml?ln=js	0%	Avira URL Cloud	safe
https://www.aruba.it/documents/tc-files/it/21_informativa_privacy_aruba_spa_chatbot.pdf).	0%	Avira URL Cloud	safe
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/bootstrap.min.js.xhtml?ln=js	0%	Avira URL Cloud	safe
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CBSMR1FX8C&cid=1246374857.1720010248&gtm=45je4710v880708810z8867718176za200zb867718176&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5&npa=0&frm=0	0%	Avira URL Cloud	safe
https://conservazione.docfly.it	0%	Avira URL Cloud	safe
https://cloud.google.com/contact	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
docsbot.ai	76.76.21.21	true	false	unknown
selfcare.firma-remota.it	217.61.8.139	true	false	unknown
prod-consentcdneu.b-cdn.net	169.150.247.39	true	false	unknown
w.usabilla.com	52.50.116.41	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
ams.creativecdn.com	185.184.8.90	true	false	unknown
stats.g.doubleclick.net	142.250.110.157	true	false	unknown
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
1589314308.rsc.cdn77.org	156.146.33.141	true	false	unknown
blueimp.github.io	185.199.108.153	true	false	unknown
scontent.xx.fbcdn.net	157.240.0.6	true	false	unknown
analytics-alv.google.com	216.239.36.181	true	false	unknown
d6tizftlrpuof.cloudfront.net	52.222.206.22	true	false	unknown
googleads.g.doubleclick.net	172.217.18.98	true	false	unknown
docsbot-widget.b-cdn.net	169.150.247.37	true	false	unknown
prod-consenteu.b-cdn.net	169.150.247.38	true	false	unknown
www.google.com	142.250.186.68	true	false	unknown
uc-img-sct.b-cdn.net	169.150.247.38	true	false	unknown
td.doubleclick.net	142.250.186.34	true	false	unknown
wa.aruba.it	62.149.188.146	true	false	unknown
docsbot.b-cdn.net	169.150.247.38	true	false	unknown
cdn.docsbot.ai	unknown	unknown	false	unknown
u360.d-bi.fr	unknown	unknown	false	unknown
img.sct.eu1.usercentrics.eu	unknown	unknown	false	unknown
script.crazyegg.com	unknown	unknown	false	unknown
imgsct.cookiebot.com	unknown	unknown	false	unknown
guide.pec.it	unknown	unknown	false	unknown
www.pec.it	unknown	unknown	false	unknown
consentcdn.cookiebot.com	unknown	unknown	false	unknown
consent.cookiebot.com	unknown	unknown	false	unknown
connect.facebook.net	unknown	unknown	false	unknown
px.ads.linkedin.com	unknown	unknown	false	unknown
consentcdn.cookiebot.eu	unknown	unknown	false	unknown
consent.cookiebot.eu	unknown	unknown	false	unknown
tags.creativecdn.com	unknown	unknown	false	unknown
snap.licdn.com	unknown	unknown	false	unknown
analytics.google.com	unknown	unknown	false	unknown
widget.docsbot.ai	unknown	unknown	false	unknown
mediacdn.aruba.it	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/selfcare-style.css.xhtml?ln=css	false	Avira URL Cloud: safe	unknown
https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-aruba-2021-basic-inpage-6cac8584191ce485eb6e11121e5b2bb3.css	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/images/04_sm_info.png	false	Avira URL Cloud: safe	unknown
https://blueimp.github.io/Gallery/css/blueimp-gallery.min.css	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9QCYTAAAAALtKxbL-6WvASf3xM49M7zzRbbZO&co=aHR0cHM6Ly9zZWxmY2FyZS5maXJtYS1yZW1vdGEuaXQ6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=67iabom3zyq	false		unknown
https://img.sct.eu1.usercentrics.eu/1.gif?dgi=171bc42f-3eec-4afe-be43-f3c81c141fa7	false	Avira URL Cloud: safe	unknown
https://guide.pec.it/funzionalita-pannello-firma-remota.aspx#a_1474450182479	false		unknown
about:blank	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/cookiebot.css.xhtml?ln=css	false	Avira URL Cloud: safe	unknown
https://guide.pec.it/soluzioni-firma-digitale/firma-remota/riconfigurare-app-aruba-otp.aspx	false		unknown
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt	false	Avira URL Cloud: safe	unknown
https://d6tizftlrpuof.cloudfront.net/vendor/1.6.5/angular.min.js	false	Avira URL Cloud: safe	unknown
https://ams.creativecdn.com/tags/v2?type=json	false	Avira URL Cloud: safe	unknown
https://connect.facebook.net/en_US/fbevents.js	false	URL Reputation: safe	unknown
https://w.usabilla.com/6c82bc643068.js?lv=1	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/api2/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Le9QCYTAAAAALtKxbL-6WvASf3xM49M7zzRbbZO	false		unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/jquery-ui.min.js.xhtml?ln=js	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/	false		unknown
https://consentcdn.cookiebot.eu/sdk/bc-v4.min.html	false		unknown
https://www.pec.it/cookie-policy.aspx	false		unknown
https://wa.aruba.it/piwik.php?action_name=Selfcare%20Firma%20Remota%20-%20Funzionalit%C3%A0%20ed%20utilizzo%20%7C%20Guide%20pec.it&idsite=40&rec=1&r=446105&h=8&m=36&s=42&url=https%3A%2F%2Fguide.pec.it%2Ffunzionalita-pannello-firma-remota.aspx%23a_1474450182479&_id=0c73832e80648f8f&_idn=1&send_image=0&_refts=0&pdf=1&qt=0&realp=0&wma=0&fla=0&java=0&ag=0&cookie=1&res=1280x1024&pv_id=kPWyfe&devicePixelRatio=1&pf_net=0&pf_srv=533&pf_tfr=354&pf_dm1=2504&uadata=%7B%22fullVersionList%22%3A%5B%7B%22brand%22%3A%22Google%20Chrome%22%2C%22version%22%3A%22117.0.5938.132%22%7D%2C%7B%22brand%22%3A%22Not%3BA%3DBrand%22%2C%22version%22%3A%228.0.0.0%22%7D%2C%7B%22brand%22%3A%22Chromium%22%2C%22version%22%3A%22117.0.5938.132%22%7D%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22Windows%22%2C%22platformVersion%22%3A%2210.0.0%22%7D	false	Avira URL Cloud: safe	unknown
https://docsbot.ai/api/widget/dLbpMCFxf0DU53JB0aBU/yeJDiVixfHo5yMe4ufHx	false	Avira URL Cloud: safe	unknown
https://widget.docsbot.ai/chat.js	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/panel/login	false		unknown
https://consentcdn.cookiebot.com/sdk/bc-v4.min.html	false		unknown
https://connect.facebook.net/signals/config/144174932978658?v=2.9.160&r=stable&domain=www.pec.it&hme=733c3732ec767f7a62e7787aff967e6d19b1e13e533937876f2e15efe07bf678&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C175%2C171%2C172%2C174%2C28%2C94%2C50%2C73%2C173%2C155%2C158%2C168%2C169%2C176%2C122%2C39%2C33%2C134%2C14%2C48%2C181%2C180%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106	false	Avira URL Cloud: safe	unknown
https://td.doubleclick.net/td/ga/rul?tid=G-CBSMR1FX8C&gacid=1246374857.1720010248&gtm=45je4710v880708810z8867718176za200zb867718176&dma=0&gcs=G111&gcd=13r3r3r3r5&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&z=1230193440	false		unknown
https://consent.cookiebot.eu/uc.js?cbid=171bc42f-3eec-4afe-be43-f3c81c141fa7&implementation=gtm&consentmode-dataredaction=dynamic&culture=it	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/popper.min.js.xhtml?ln=js	false	Avira URL Cloud: safe	unknown
https://blueimp.github.io/Gallery/js/jquery.blueimp-gallery.min.js	false	Avira URL Cloud: safe	unknown
https://consent.cookiebot.eu/logconsent.ashx?action=accept&nocache=1720010246841&dnt=false&method=strict&clp=true&cls=true&clm=true&cbid=171bc42f-3eec-4afe-be43-f3c81c141fa7&cbt=inlineoptin&hasdata=true&usercountry=US-06&referer=https%3A%2F%2Fwww.pec.it&rc=false	false	Avira URL Cloud: safe	unknown
https://d6tizftlrpuof.cloudfront.net/live/campaign/js/b1f1cccccf.in-page-form.js	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/jquery.min.js.xhtml?ln=js	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/jsf.js.xhtml?ln=javax.faces	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/cookiepolicy.js.xhtml?ln=js	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/javax.faces.resource/bootstrap.min.js.xhtml?ln=js	false	Avira URL Cloud: safe	unknown
https://selfcare.firma-remota.it/asmonitor/login.xhtml	false		unknown
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CBSMR1FX8C&cid=1246374857.1720010248&gtm=45je4710v880708810z8867718176za200zb867718176&aip=1&dma=0&gcs=G111&gcd=13r3r3r3r5&npa=0&frm=0	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://stats.g.doubleclick.net/g/collect	chromecache_301.2.dr	false	URL Reputation: safe	unknown
https://developers.google.com/recaptcha/docs/faq#localhost_support	chromecache_196.2.dr, chromecache_215.2.dr	false	URL Reputation: safe	unknown
https://registrazionespid.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha#6262736	chromecache_196.2.dr, chromecache_215.2.dr	false	URL Reputation: safe	unknown
http://jqueryui.com	chromecache_348.2.dr, chromecache_242.2.dr	false	URL Reputation: safe	unknown
https://piwik.org/free-software/bsd/	chromecache_218.2.dr	false	Avira URL Cloud: safe	unknown
https://riconoscimento.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/?hl=en#6223828	chromecache_196.2.dr, chromecache_215.2.dr	false	URL Reputation: safe	unknown
https://px.ads.linkedin.com/collect?	chromecache_302.2.dr	false	URL Reputation: safe	unknown
http://jqueryui.com/themeroller/?ffDefault=Verdana%2CArial%2Csans-serif&fwDefault=normal&fsDefault=1	chromecache_348.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com	chromecache_301.2.dr	false	Avira URL Cloud: safe	unknown
https://www.youtube.com/iframe_api	chromecache_301.2.dr	false	URL Reputation: safe	unknown
http://www.opensource.org/licenses/mit-license.php	chromecache_237.2.dr	false	URL Reputation: safe	unknown
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_293.2.dr	false	Avira URL Cloud: safe	unknown
https://www.cookiebot.com	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_213.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.matomo.org/guides/tracking-javascript-guide#multiple-piwik-trackers	chromecache_218.2.dr	false	Avira URL Cloud: safe	unknown
https://w.usabilla.com/a/t?m=b&b=	chromecache_292.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/matomo-org/matomo/blob/master/js/piwik.js	chromecache_218.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha/#6175971	chromecache_196.2.dr, chromecache_215.2.dr	false	URL Reputation: safe	unknown
https://gestionemail.pec.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://fatturazioneelettronica.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://peclog.pec.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
http://opensource.org/licenses/MIT).	chromecache_233.2.dr	false	URL Reputation: safe	unknown
http://matomo.org/free-software/bsd/	chromecache_218.2.dr	false	Avira URL Cloud: safe	unknown
https://www.get.cloud	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
http://www.greensock.com	chromecache_236.2.dr	false	Avira URL Cloud: safe	unknown
https://support.google.com/recaptcha	chromecache_215.2.dr	false	URL Reputation: safe	unknown
https://webmail.pec.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://d6tizftlrpuof.cloudfront.net/themes/production/aruba-italy-aruba-2021-basic-inpage-6cac85841	chromecache_244.2.dr	false	Avira URL Cloud: safe	unknown
https://developer.matomo.org/api-reference/tracking-javascript	chromecache_218.2.dr	false	Avira URL Cloud: safe	unknown
https://asbfecredem.firma-automatica.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://www.apache.org/licenses/	chromecache_196.2.dr, chromecache_215.2.dr	false	URL Reputation: safe	unknown
https://asbfe.firma-automatica.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://cct.google/taggy/agent.js	chromecache_302.2.dr, chromecache_181.2.dr, chromecache_301.2.dr	false	URL Reputation: safe	unknown
https://spidtest.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://blueimp.net	chromecache_216.2.dr	false	Avira URL Cloud: safe	unknown
https://cms.gruppoaruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que	chromecache_196.2.dr, chromecache_215.2.dr	false	URL Reputation: safe	unknown
https://servicematica.conservazione.docfly.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://play.google.com/log?format=json&hasfast=true	chromecache_215.2.dr	false	Avira URL Cloud: safe	unknown
https://pec.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://riconoscimentobnl.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
http://www.opensource.org/licenses/MIT	chromecache_216.2.dr	false	Avira URL Cloud: safe	unknown
https://areaclienti.arubapec.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
http://malsup.com/jquery/block/	chromecache_237.2.dr	false	Avira URL Cloud: safe	unknown
http://cart.aruba.it	chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_293.2.dr, chromecache_204.2.dr	false	Avira URL Cloud: safe	unknown
http://www.gnu.org/licenses/gpl.html	chromecache_237.2.dr	false	URL Reputation: safe	unknown
https://videoriconoscimento.arubapec.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://loginspid.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://consent.cookiebot.com/uc.js?cbid=	chromecache_181.2.dr	false	Avira URL Cloud: safe	unknown
https://api.usabilla.com/v2/f/	chromecache_292.2.dr	false	Avira URL Cloud: safe	unknown
https://selfcarespid.aruba.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://www.toctoc.me/	chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
http://areaclienti.pec.it	chromecache_191.2.dr	false	Avira URL Cloud: safe	unknown
https://d6tizftlrpuof.cloudfront.net/live/resources/throbber.gif)	chromecache_292.2.dr	false	Avira URL Cloud: safe	unknown
https://demo.docfly.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
http://www.google.com/search?q=growl)	chromecache_237.2.dr	false	Avira URL Cloud: safe	unknown
https://www.aruba.it/documents/tc-files/it/21_informativa_privacy_aruba_spa_chatbot.pdf).	chromecache_356.2.dr, chromecache_344.2.dr	false	Avira URL Cloud: safe	unknown
https://conservazione.docfly.it	chromecache_355.2.dr, chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	false	Avira URL Cloud: safe	unknown
https://cloud.google.com/contact	chromecache_196.2.dr, chromecache_215.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
169.150.247.38	prod-consenteu.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false
169.150.247.39	prod-consentcdneu.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false
169.150.247.36	unknown	United States	2711	SPIRITTEL-ASUS	false
169.150.247.37	docsbot-widget.b-cdn.net	United States	2711	SPIRITTEL-ASUS	false
76.76.21.21	docsbot.ai	United States	16509	AMAZON-02US	false
142.250.186.34	td.doubleclick.net	United States	15169	GOOGLEUS	false
52.222.206.22	d6tizftlrpuof.cloudfront.net	United States	16509	AMAZON-02US	false
185.184.8.90	ams.creativecdn.com	Poland	204995	RTB-HOUSE-AMSNL	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
62.149.188.146	wa.aruba.it	Italy	31034	ARUBA-ASNIT	false
52.50.116.41	w.usabilla.com	United States	16509	AMAZON-02US	false
185.199.108.153	blueimp.github.io	Netherlands	54113	FASTLYUS	false
217.61.8.139	selfcare.firma-remota.it	Italy	31034	ARUBA-ASNIT	false
52.222.206.77	unknown	United States	16509	AMAZON-02US	false
157.240.0.6	scontent.xx.fbcdn.net	United States	32934	FACEBOOKUS	false
172.217.18.98	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
216.239.36.181	analytics-alv.google.com	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
216.58.206.68	unknown	United States	15169	GOOGLEUS	false
185.93.1.244	unknown	Czech Republic	60068	CDN77GB	false
156.146.33.141	1589314308.rsc.cdn77.org	United States	3743	ARCEL-2US	false

Private

IP
192.168.2.8

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466881
Start date and time:	2024-07-03 14:35:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://selfcare.firma-remota.it/asmonitor/panel/login
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean3.win@27/370@95/23
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: https://selfcare.firma-remota.it/asmonitor/informazioni-profilo.xhtml?faces-redirect=true Browse: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml Browse: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml Browse: https://guide.pec.it/soluzioni-firma-digitale/firma-remota/gestione-e-utilizzo-firma-remota/funzionalita-gestione-pannello-firma-remota.aspx#a_1474450182479 Browse: https://guide.pec.it/soluzioni-firma-digitale/firma-remota/riconfigurare-app-aruba-otp.aspx Browse: https://www.pec.it/cookie-policy.aspx

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.181.238, 74.125.71.84, 34.104.35.123, 142.250.184.202, 142.250.74.195, 216.58.206.74, 142.250.184.234, 172.217.16.202, 142.250.185.234, 142.250.186.170, 142.250.185.170, 142.250.185.202, 142.250.185.138, 142.250.185.74, 142.250.185.106, 142.250.186.74, 216.58.212.138, 216.58.206.42, 172.217.18.106, 142.250.186.106, 172.217.23.106, 2.18.64.31, 2.18.64.26, 2.17.190.7, 40.68.123.157, 199.232.210.172, 192.229.221.95, 52.165.164.15, 172.217.23.99, 142.250.181.227, 142.250.186.163, 20.3.187.198, 104.22.52.85, 104.22.53.85, 172.67.29.81, 172.67.20.213, 104.22.0.79, 104.22.1.79, 142.250.184.200, 172.217.18.10, 142.250.186.138, 172.217.16.138, 142.250.186.42, 142.250.181.234, 2.16.1.194, 2.16.1.216, 23.55.225.27, 172.217.18.3, 23.215.19.90, 23.197.7.89, 142.250.186.67, 199.232.214.172, 2.18.64.212, 2.18.64.220, 13.107.21.237, 204.79.197.237, 13.107.42.14, 104.19.148.8, 104.19.147.8
Excluded domains from analysis (whitelisted): bat-bing-com.dual-a-0034.a-msedge.net, slscr.update.microsoft.com, mediacdn.aruba.it.cdn.cloudflare.net, clientservices.googleapis.com, script.crazyegg.com.cdn.cloudflare.net, l-0005.l-msedge.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, bat.bing.com, consent.cookiebot.com-v2.edgekey.net, www.gstatic.com, guide.pec.it.cdn.cloudflare.net, wu-b-net.trafficmanager.net, consentcdn.cookiebot.com-v1.edgekey.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www-linkedin-com.l-0005.l-msedge.net, fonts.googleapis.com, fs.microsoft.com, e3849.dsca.akamaiedge.net, accounts.google.com, content-autofill.googleapis.com, fonts.gstatic.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, od.linkedin.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, imgsct.cookiebot.com.edg
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://selfcare.firma-remota.it/asmonitor/panel/login

Input	Output
URL: https://selfcare.firma-remota.it/asmonitor/login.xhtml Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as username and password.","There is no sense of urgency created in the text.","There is no CAPTCHA or anti-robot detection mechanism present on the webpage."]}
Title: Aruba Selfcare - Firma digitale OCR: English v pgg VACTALIS Remote Signature MANAGEMENT PANEL Login Username Username or user@domain Password Password Have you miss the username? Login Have miss the password? If yw need help please check the guide here. kowto do if I no longer have the phone to generate OTP codes, how do I log in? You have to before log in with username + password and, on the next screen, follow the device replacement Read the guide
URL: https://selfcare.firma-remota.it/asmonitor/login.xhtml Model: Perplexity: mixtral-8x7b-instruct	{"loginform": true,"urgency": false,"captcha": false,"reasons": ["The webpage contains a login form which explicitly requests sensitive information such as username and password.","The text does not create a sense of urgency or interest.","The webpage does not contain a CAPTCHA or any anti-robot detection mechanism."]}
Title: Aruba Selfcare - Firma digitale OCR: English v pgg VACTALIS Remote Signature MANAGEMENT PANEL Login Username Username or user@domain Password Password Have you miss the username? Login Have miss the password? Questo sito web utilizza i cookie Accetta tutti Per offrirti un'esperienza di navigazione sempre migliore, questo sito utilizza cookie propri e di terze partit partner selezionati_ I cookie di terze parti potranno anche essere di profilazione. Leggi la nostra Informativa sull'uso dei cookie per saperne di Personalizza pi oppure vai su 'Personalizza" per gestire le tue impostazioni. Cliccando "Accetta" acconsenti alla memorizzazione dei cookie sul tuo dispositivo. Cliccando su "Rifiuta" accetti la memorizzazione dei soli cookie necessari. Rifiuta tutti Mostra dettagli >
URL: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": false,"reasons": ["The webpage does not contain a login form, as there is no explicit request for sensitive information such as passwords, email addresses, usernames, phone numbers, or credit card numbers.","The text does not create a sense of urgency, as it does not include phrases such as 'click here to view document', 'to view secured document click here', or 'open the link to see your invoice'.","The webpage does not contain a CAPTCHA or any other anti-robot detection mechanism."]}
Title: Username recovery OCR: English v OAru&a2EC 'ACTALIS Username recovery Enter the required data and press the Submit button. An email will be sent to you with your username. Email Submit Copyright 02024 Aruba S.pA- RI. 01573850516 - All rights reserved Cookie Policy_ - Personalizza Cookie Questo sito web utilizza i cookie Accetta tutti Per offrirti un'esperienza di navigazione sempre migliore, questo sito utilizza cookie propri e di terze parti, partner selezionati. I cookie di terze parti potranno anche essere di profilazione. Leggi la nostra Informativa sull'uso dei cookie per saperne di Personalizza pi oppure vai su "Personalizza" per gestire le tue impostazioni. Cliccando "Accetta" acconsenti alla memorizzazione dei cookie sul tuo dispositivo_ Cliccando su "Rifiuta" accetti la memorizzazione dei soli cookie necessari_ Rifiuta tutti Mostra dettagli >
URL: https://selfcare.firma-remota.it Model: gpt-4o	```json{ "phishing_score": 2, "brands": "Aruba PEC, Actalis", "phishing": false, "suspicious_domain": false, "has_prominent_loginform": true, "has_captcha": false, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "firma-remota.it", "reasons": "The URL 'https://selfcare.firma-remota.it' appears to be legitimate. The domain 'firma-remota.it' is associated with remote signature services, which aligns with the content of the webpage. The page prominently displays logos of Aruba PEC and Actalis, which are known brands in the field of digital certification and remote signature services. The login form is prominent, but there is no evidence of social engineering techniques or suspicious links. The absence of a CAPTCHA is noted, but it is not uncommon for legitimate sites to lack this feature. Overall, there is no strong evidence to suggest that this is a phishing site."}

URL: https://selfcare.firma-remota.it Model: gpt-4o	```json{ "phishing_score": 4, "brands": "Aruba PEC, Actalis", "phishing": false, "suspicious_domain": false, "has_prominent_loginform": true, "has_captcha": false, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "firma-remota.it", "reasons": "The URL 'https://selfcare.firma-remota.it' appears to be legitimate as it uses a subdomain of 'firma-remota.it', which is associated with the brand names Aruba PEC and Actalis. The page shows a prominent login form, which is common for legitimate sites that require user authentication. There are no obvious social engineering techniques or suspicious links present. However, the lack of a CAPTCHA could be a minor concern for security, but it is not uncommon for legitimate sites to omit this feature. Overall, the site does not exhibit strong indicators of phishing."}

URL: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml Model: Perplexity: mixtral-8x7b-instruct	{"loginform": false,"urgency": false,"captcha": true,"reasons": ["The webpage contains a CAPTCHA mechanism in the form of 'I'm not a robot' checkbox.","The text does not create a sense of urgency.","The webpage does not contain a login form."]}
Title: Username recovery OCR: English v OAru&a2EC 'ACTALIS Username recovery Enter the required data and press the Submit button. An email will be sent to you with your username. Email I'm not a robot Submit Copyright 02024 Aruba S.pA- RI. 01573850516 - All rights reserved Cookie Policy_ - Personalizza Cookie Questo sito web utilizza i cookie Accetta tutti Per offrirti un'esperienza di navigazione sempre migliore, questo sito utilizza cookie propri e di terze parti, partner selezionati. I cookie di terze parti potranno anche essere di profilazione. Leggi la nostra Informativa sull'uso dei cookie per saperne di Personalizza pi oppure vai su "Personalizza" per gestire le tue impostazioni. Cliccando "Accetta" acconsenti alla memorizzazione dei cookie sul tuo dispositivo_ Cliccando su "Rifiuta" accetti la memorizzazione dei soli cookie necessari_ Rifiuta tutti Mostra dettagli >
URL: https://selfcare.firma-remota.it Model: gpt-4o	```json{ "phishing_score": 2, "brands": "Aruba PEC", "phishing": false, "suspicious_domain": false, "has_prominent_loginform": true, "has_captcha": true, "setechniques": false, "has_suspicious_link": false, "legitmate_domain": "aruba.it", "reasons": "The URL 'https://selfcare.firma-remota.it' appears to be legitimate as it uses a subdomain of 'firma-remota.it', which is associated with Aruba PEC, a known brand. The page includes a prominent login form and a CAPTCHA, which are common features of legitimate sites. There are no obvious social engineering techniques or suspicious links present. The domain does not appear to be suspicious, and the content and branding match the legitimate Aruba PEC brand."}

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jul 3 11:36:07 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9852925866535553
Encrypted:	false
SSDEEP:	48:860dhTJ5h2HmidAKZdA1oehwiZUklqehRdy+3:86CHkwdy
MD5:	D828350F3307640EB3EC86A8960D661F
SHA1:	20FB93152A5DFBF56A5F66043501CC1C3455C7D7
SHA-256:	491D9408F332F7892C6E1BA8233646A12307A314F90C1D3242017758A1B7DB85
SHA-512:	7205BF3DA1D1DE3F1B1DFF4302FC207A7317D4515D315275CCDA0A4F2ECD6B76144252A5814AC74FEF02ED4800174A350C81C9B4C9C45B112436766865CF493A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........E...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....EW)C..PROGRA~1..t......O.I.X.d....B...............J.....V...P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.d....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.d....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.d..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.d...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..........."M._.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: Iframe src: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html

Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: Number of links: 0
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: Number of links: 1
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: Number of links: 1

Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: Total embedded image size: 24020
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: Total embedded image size: 24020
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: Total embedded image size: 24020
Source: https://guide.pec.it/funzionalita-pannello-firma-remota.aspx#a_1474450182479	HTTP Parser: Total embedded image size: 24020
Source: https://guide.pec.it/soluzioni-firma-digitale/firma-remota/riconfigurare-app-aruba-otp.aspx	HTTP Parser: Total embedded image size: 24020
Source: https://www.pec.it/cookie-policy.aspx	HTTP Parser: Total embedded image size: 24020

Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: Title: Username recovery does not match URL
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: Title: Recover password does not match URL

Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: No favicon
Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: No favicon
Source: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html	HTTP Parser: No favicon
Source: https://selfcare.firma-remota.it/asmonitor/informazioni-profilo.xhtml?faces-redirect=true	HTTP Parser: No favicon
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: No favicon
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9QCYTAAAAALtKxbL-6WvASf3xM49M7zzRbbZO&co=aHR0cHM6Ly9zZWxmY2FyZS5maXJtYS1yZW1vdGEuaXQ6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=eu4pvst4ur1q	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Le9QCYTAAAAALtKxbL-6WvASf3xM49M7zzRbbZO	HTTP Parser: No favicon
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: No favicon
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9QCYTAAAAALtKxbL-6WvASf3xM49M7zzRbbZO&co=aHR0cHM6Ly9zZWxmY2FyZS5maXJtYS1yZW1vdGEuaXQ6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=67iabom3zyq	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le9QCYTAAAAALtKxbL-6WvASf3xM49M7zzRbbZO&co=aHR0cHM6Ly9zZWxmY2FyZS5maXJtYS1yZW1vdGEuaXQ6NDQz&hl=en&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=normal&cb=67iabom3zyq	HTTP Parser: No favicon
Source: https://d6tizftlrpuof.cloudfront.net/live/i/58987715876927b611f17d7b/518f96f18901e5fddf63f8475b196c42f4960ed4.html	HTTP Parser: No favicon

Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: No <meta name="author".. found
Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: No <meta name="author".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: No <meta name="author".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: No <meta name="author".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: No <meta name="author".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: No <meta name="author".. found

Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: https://selfcare.firma-remota.it/asmonitor/login.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-username.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: No <meta name="copyright".. found
Source: https://selfcare.firma-remota.it/asmonitor/recupero-password.xhtml	HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: chromecache_379.2.dr	String found in binary or memory: consente al utente di accedere ad un sito web tramite la sua applicazione LinkedIn, ad esempio.","1 anno","Cookie HTTP","1","","www.linkedin.com","it"]]; equals www.linkedin.com (Linkedin)
Source: chromecache_355.2.dr	String found in binary or memory: consente al utente di accedere ad un sito web tramite la sua applicazione LinkedIn, ad esempio.","1 anno","HTTP","1","","www.linkedin.com","it"]]; equals www.linkedin.com (Linkedin)
Source: chromecache_355.2.dr	String found in binary or memory: dei contenuti video di YouTube sul sito.","Persistente","IDB","6","","youtube.com","it"],["TESTCOOKIESENABLED","youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","0 giorno","HTTP","1","","www.youtube.com","it"],["VISITOR_INFO1_LIVE","youtube.com","Prova a stimare la velocit equals www.youtube.com (Youtube)
Source: chromecache_379.2.dr	String found in binary or memory: dei contenuti video di YouTube sul sito.","Persistente","IndexedDB","6","","youtube.com","it"],["TESTCOOKIESENABLED","youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","1 giorno","Cookie HTTP","1","","www.youtube.com","it"],["VISITOR_INFO1_LIVE","youtube.com","Prova a stimare la velocit equals www.youtube.com (Youtube)
Source: chromecache_379.2.dr	String found in binary or memory: dei contenuti video di YouTube sul sito.","Sessione","Cookie HTTP","1","","www.youtube.com","it"],["ServiceWorkerLogsDatabase#SWHealthLog","youtube.com","Necessario per l'implementazione e la funzionalit equals www.youtube.com (Youtube)
Source: chromecache_355.2.dr	String found in binary or memory: dei contenuti video di YouTube sul sito.","Sessione","HTTP","1","","www.youtube.com","it"],["ServiceWorkerLogsDatabase#SWHealthLog","youtube.com","Necessario per l'implementazione e la funzionalit equals www.youtube.com (Youtube)
Source: chromecache_355.2.dr	String found in binary or memory: impostato da Twitter - Il cookie consente al'utente di condividere contenuti dal sito web sul proprio profilo Twitter.","399 giorni","HTTP","1","","twitter.com","it"],["a/t","w.usabilla.com","aiuta a capire il modo in cui gli Utenti interagiscono con il sito web, raccogliendo e trasmettendo informazioni in forma anonima","Sessione","Pixel","5","","w.usabilla.com","it"],["td","www.googletagmanager.com","Registra dati statistici sul comportamento dei utenti sul sito web. Questi vengono utilizzati per l'analisi interna dall'operatore del sito.","Sessione","Pixel","5","","www.googletagmanager.com","it"]]; equals www.twitter.com (Twitter)
Source: chromecache_355.2.dr	String found in binary or memory: utilizzato.","0 giorno","HTTP","1","","www.pec.it","it"],["#-#","www.youtube-nocookie.com<br/>youtube.com","In attesa","Sessione","HTML","2","","www.youtube-nocookie.com",null],["iU5q-!O9@$","www.youtube-nocookie.com<br/>youtube.com","Registra un ID univoco per statistiche legate a quali video YouTube sono stati visualizzati dall'utente.","Sessione","HTML","2","","www.youtube-nocookie.com","it"],["LAST_RESULT_ENTRY_KEY","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Sessione","HTTP","1","","www.youtube-nocookie.com","it"],["nextId","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Sessione","HTTP","1","","www.youtube-nocookie.com","it"],["requests","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Sessione","HTTP","1","","www.youtube-nocookie.com","it"],["yt.innertube::nextId","www.youtube-nocookie.com<br/>youtube.com","Registra un ID univoco per statistiche legate a quali video YouTube sono stati visualizzati dall'utente.","Persistente","HTML","2","","www.youtube-nocookie.com","it"],["ytidb::LAST_RESULT_ENTRY_KEY","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Persistente","HTML","2","","www.youtube-nocookie.com","it"],["YtIdbMeta#databases","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Persistente","IDB","6","","www.youtube-nocookie.com","it"],["yt-remote-cast-available","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-cast-installed","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-connected-devices","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Persistente","HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-device-id","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Persistente","HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-fast-check-period","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-session-app","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-s
Source: chromecache_379.2.dr	String found in binary or memory: utilizzato.","1 giorno","Cookie HTTP","1","","www.pec.it","it"],["#-#","www.youtube-nocookie.com<br/>youtube.com","In attesa","Sessione","Archiviazione locale HTML","2","","www.youtube-nocookie.com",null],["iU5q-!O9@$","www.youtube-nocookie.com<br/>youtube.com","Registra un ID univoco per statistiche legate a quali video YouTube sono stati visualizzati dall'utente.","Sessione","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["LAST_RESULT_ENTRY_KEY","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Sessione","Cookie HTTP","1","","www.youtube-nocookie.com","it"],["nextId","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Sessione","Cookie HTTP","1","","www.youtube-nocookie.com","it"],["requests","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Sessione","Cookie HTTP","1","","www.youtube-nocookie.com","it"],["yt.innertube::nextId","www.youtube-nocookie.com<br/>youtube.com","Registra un ID univoco per statistiche legate a quali video YouTube sono stati visualizzati dall'utente.","Persistente","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["ytidb::LAST_RESULT_ENTRY_KEY","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Persistente","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["YtIdbMeta#databases","www.youtube-nocookie.com<br/>youtube.com","Utilizzato per tracciare l'interazione dell'utente con i contenuti incorporati.","Persistente","IndexedDB","6","","www.youtube-nocookie.com","it"],["yt-remote-cast-available","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-cast-installed","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-connected-devices","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Persistente","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-device-id","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Persistente","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["yt-remote-fast-check-period","www.youtube-nocookie.com<br/>youtube.com","Memorizza le preferenze del lettore video dell'utente usando il video YouTube incorporato","Sessione","Archiviazione locale HTML","2","","www.youtube-nocookie.com","it"],["yt-rem
Source: chromecache_301.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Tj:function(){e=Db()},pd:function(){d()}}};var jc=ka(["data-gtm-yt-inspected-"]),DC=["www.youtube.com","www.youtube-nocookie.com"],EC,FC=!1; equals www.youtube.com (Youtube)
Source: chromecache_301.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|k.length))return;var n={Rg:d,Pg:e,Qg:f,Fh:g,Gh:k,xe:m,Bb:b},p=F.YT,q=function(){LC(n)};if(p)return p.ready&&p.ready(q),b;var r=F.onYouTubeIframeAPIReady;F.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(OC(w,"iframe_api")\|\|OC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,B=0;B<y;B++)if(!FC&&MC(x[B],n.xe))return Bc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_302.2.dr, chromecache_181.2.dr	String found in binary or memory: return b}BC.J="internal.enableAutoEventOnTimer";var jc=ka(["data-gtm-yt-inspected-"]),DC=["www.youtube.com","www.youtube-nocookie.com"],EC,FC=!1; equals www.youtube.com (Youtube)
Source: chromecache_364.2.dr, chromecache_310.2.dr, chromecache_379.2.dr	String found in binary or memory: utente con il servizio di identificazione.","Sessione","Cookie HTTP","1","","videoriconoscimento.arubapec.it","it"],["openid_state","webmail.pec.it","Cookie necessario per la gestione delle sessioni\t","Sessione","Cookie HTTP","1","","webmail.pec.it","it"],["bscookie","www.linkedin.com","Questo cookie viene utilizzato per identificare l'utente attraverso un'applicazione. Ci equals www.linkedin.com (Linkedin)
Source: chromecache_355.2.dr	String found in binary or memory: utente con il servizio di identificazione.","Sessione","HTTP","1","","videoriconoscimento.arubapec.it","it"],["_HID_.D5C42B047C59A9A98A4D0053654B882A","webmail.pec.it","Cookie necessario per la protezione della sessione nei casi di download dei files\t","Sessione","HTTP","1","","webmail.pec.it","it"],["openid_state","webmail.pec.it","Cookie necessario per la gestione delle sessioni\t","Sessione","HTTP","1","","webmail.pec.it","it"],["x-csrf-token.IeBAInjBo2bNipMyc@BAJiStM9Ymzb8SbJkzl6dD0xpM_YKVqUKdM@","webmail.pec.it","Cookie necessario per la protezione della sessione\t","Sessione","HTTP","1","","webmail.pec.it","it"],["bscookie","www.linkedin.com","Questo cookie viene utilizzato per identificare l'utente attraverso un'applicazione. Ci equals www.linkedin.com (Linkedin)

Source: global traffic	DNS traffic detected: DNS query: selfcare.firma-remota.it
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: consent.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: consentcdn.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: guide.pec.it
Source: global traffic	DNS traffic detected: DNS query: mediacdn.aruba.it
Source: global traffic	DNS traffic detected: DNS query: blueimp.github.io
Source: global traffic	DNS traffic detected: DNS query: wa.aruba.it
Source: global traffic	DNS traffic detected: DNS query: w.usabilla.com
Source: global traffic	DNS traffic detected: DNS query: widget.docsbot.ai
Source: global traffic	DNS traffic detected: DNS query: d6tizftlrpuof.cloudfront.net
Source: global traffic	DNS traffic detected: DNS query: imgsct.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: docsbot.ai
Source: global traffic	DNS traffic detected: DNS query: cdn.docsbot.ai
Source: global traffic	DNS traffic detected: DNS query: www.pec.it
Source: global traffic	DNS traffic detected: DNS query: consent.cookiebot.eu
Source: global traffic	DNS traffic detected: DNS query: consentcdn.cookiebot.eu
Source: global traffic	DNS traffic detected: DNS query: img.sct.eu1.usercentrics.eu
Source: global traffic	DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic	DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic	DNS traffic detected: DNS query: u360.d-bi.fr
Source: global traffic	DNS traffic detected: DNS query: tags.creativecdn.com
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: ams.creativecdn.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: script.crazyegg.com
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 14:36:05.843480110 CEST	53	62058	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:05.853724003 CEST	53	54438	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:07.083698034 CEST	53	61684	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:07.371464014 CEST	55733	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:07.371751070 CEST	50582	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:07.405090094 CEST	53	50582	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:07.436686039 CEST	53	55733	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:10.286781073 CEST	54835	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:10.287199020 CEST	55325	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:10.309925079 CEST	53	54835	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:10.309937000 CEST	53	55325	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:11.583264112 CEST	53	53551	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:12.529958010 CEST	53	58575	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:14.409509897 CEST	51684	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:14.409818888 CEST	50607	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:14.415463924 CEST	53	52236	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:14.650113106 CEST	49336	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:14.650343895 CEST	62108	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:14.683092117 CEST	53	62108	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:14.704463959 CEST	53	49336	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:15.646992922 CEST	49968	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:15.647447109 CEST	52119	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:24.396040916 CEST	53	57046	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:24.740180969 CEST	57569	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:24.747576952 CEST	53	57569	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:24.750777006 CEST	62092	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:24.758038998 CEST	53	62092	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:26.070950031 CEST	53	52543	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:27.911025047 CEST	56299	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:27.911756992 CEST	55507	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:27.917865038 CEST	53	56299	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:27.918562889 CEST	53	55507	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:28.930646896 CEST	53	49947	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:30.584065914 CEST	53	51945	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:31.431325912 CEST	53	52049	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:38.228132010 CEST	62408	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:38.228491068 CEST	50049	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:38.253499985 CEST	53	50049	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:39.751432896 CEST	53121	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:39.751600027 CEST	58831	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:39.756534100 CEST	65264	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:39.756668091 CEST	64973	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:39.765760899 CEST	53	58466	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:39.768567085 CEST	53	64973	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:39.769287109 CEST	53	65264	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:39.790550947 CEST	53	58831	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:40.690062046 CEST	53	51644	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:41.691299915 CEST	50310	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:41.691586018 CEST	50093	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:41.699065924 CEST	53	65123	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:41.702435970 CEST	53	50093	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:41.721019030 CEST	60654	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:41.721204042 CEST	53302	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:41.722795963 CEST	53	50310	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:41.728295088 CEST	53	60654	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:41.728771925 CEST	53	53302	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:42.229408979 CEST	52108	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:42.229604959 CEST	50419	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:42.237993002 CEST	53	52108	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:42.239959955 CEST	53	50419	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:42.297033072 CEST	53	49232	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:42.436249018 CEST	63493	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:42.436471939 CEST	52236	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:42.467807055 CEST	53	52236	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:43.070612907 CEST	59042	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:43.070775986 CEST	51038	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:43.428316116 CEST	56804	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:43.428474903 CEST	62588	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:43.436495066 CEST	53	56804	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:43.437053919 CEST	53	62588	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:43.576229095 CEST	53	53278	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:43.973182917 CEST	51704	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:43.973634005 CEST	62296	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:44.006967068 CEST	53	62296	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:44.227262020 CEST	64209	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:44.227446079 CEST	60869	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:45.568381071 CEST	53	61004	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:45.935637951 CEST	138	138	192.168.2.8	192.168.2.255
Jul 3, 2024 14:36:46.495579958 CEST	53	59948	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:47.643454075 CEST	56964	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:47.643709898 CEST	62527	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:47.653556108 CEST	57482	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:47.653660059 CEST	61752	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:47.663507938 CEST	53	57482	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:47.663522959 CEST	53	61752	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:47.738744974 CEST	60336	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:47.738888025 CEST	61746	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:47.746424913 CEST	53	60336	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:47.747148991 CEST	53	61746	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:48.334311008 CEST	61219	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:48.334475994 CEST	49849	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:48.344553947 CEST	53	61219	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:48.348710060 CEST	53	49849	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:48.440392971 CEST	57621	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:48.440699100 CEST	62255	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:48.449244022 CEST	53	57621	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:48.451566935 CEST	53	62255	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:48.587447882 CEST	53534	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:48.587625027 CEST	60193	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:49.726056099 CEST	62758	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:49.726290941 CEST	55163	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:36:49.735100985 CEST	53	55163	1.1.1.1	192.168.2.8
Jul 3, 2024 14:36:49.736552000 CEST	53	62758	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:05.580120087 CEST	53	61408	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:06.196032047 CEST	64100	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:06.196234941 CEST	59379	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:06.223717928 CEST	53	59379	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:06.499228954 CEST	53	63277	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:09.710012913 CEST	60257	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:09.710155010 CEST	51342	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:09.740390062 CEST	53	51342	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:11.236073971 CEST	49681	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:11.236427069 CEST	50077	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:11.244914055 CEST	53	49681	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:11.245775938 CEST	53	50077	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:12.562263012 CEST	57017	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:12.562710047 CEST	54479	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:12.569797993 CEST	53	54479	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:12.569834948 CEST	53	57017	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:14.328218937 CEST	50982	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:14.328588009 CEST	52883	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:14.335995913 CEST	53	52883	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:14.336261034 CEST	53	50982	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:16.295809984 CEST	64781	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:16.296628952 CEST	61890	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:16.304476023 CEST	53	64781	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:16.305037022 CEST	53	61890	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.894939899 CEST	53987	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.895116091 CEST	49589	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.899952888 CEST	65373	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.900228024 CEST	58023	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.902473927 CEST	53	49589	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.902549028 CEST	62734	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.902848959 CEST	59448	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.903182983 CEST	53	53987	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.907325029 CEST	53749	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.907491922 CEST	52643	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.908627033 CEST	50085	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.908818960 CEST	56312	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.909785032 CEST	53	62734	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.909802914 CEST	53	59448	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.915435076 CEST	53	52643	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.915606022 CEST	53	50085	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.915661097 CEST	53	53749	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.916781902 CEST	51226	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.916951895 CEST	53	56312	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.927428007 CEST	65350	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.927663088 CEST	65165	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.936806917 CEST	53	65350	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.940521955 CEST	53	65165	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.961572886 CEST	64611	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.961776972 CEST	49787	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.962691069 CEST	52546	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.962878942 CEST	51209	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:28.972301006 CEST	53	64611	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.973038912 CEST	53	49787	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.973355055 CEST	53	52546	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.973721027 CEST	53	51209	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:28.976874113 CEST	53	51226	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:29.843930006 CEST	60441	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:29.844166040 CEST	56364	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:29.853204012 CEST	53	60441	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:29.853218079 CEST	53	56364	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:29.911499023 CEST	62079	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:29.911499023 CEST	63008	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:29.918962002 CEST	53	63008	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:29.919779062 CEST	53	62079	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:30.191288948 CEST	55708	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.191689968 CEST	62489	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.200813055 CEST	53	62489	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:30.230381012 CEST	52325	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.230639935 CEST	51617	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.243247986 CEST	53	51617	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:30.243258953 CEST	53	52325	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:30.904755116 CEST	53330	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.905016899 CEST	53300	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.959415913 CEST	55261	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.959528923 CEST	53835	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.964571953 CEST	59615	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.964679956 CEST	57517	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:30.966979980 CEST	53	53835	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:30.967606068 CEST	53	55261	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:30.971522093 CEST	53	57517	1.1.1.1	192.168.2.8
Jul 3, 2024 14:37:32.194715977 CEST	65518	53	192.168.2.8	1.1.1.1
Jul 3, 2024 14:37:32.194848061 CEST	56855	53	192.168.2.8	1.1.1.1

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 3, 2024 14:36:39.791085958 CEST	192.168.2.8	1.1.1.1	c257	(Port unreachable)	Destination Unreachable
Jul 3, 2024 14:37:06.223782063 CEST	192.168.2.8	1.1.1.1	c249	(Port unreachable)	Destination Unreachable

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:08 UTC	688	OUT	GET /asmonitor/panel/login HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-07-03 12:36:08 UTC	731	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 03 Jul 2024 12:36:08 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Location: https://selfcare.firma-remota.it Content-Length: 240 Connection: close Content-Type: text/html; charset=iso-8859-1 Set-Cookie: cookiesession1=678B29B0B77372E1DE818E66860C1CF1;Expires=Thu, 03 Jul 2025 12:36:08 GMT;Path=/;HttpOnly
2024-07-03 12:36:08 UTC	240	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 6c 66 63 61 72 65 2e 66 69 72 6d 61 2d 72 65 6d 6f 74 61 2e 69 74 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://selfcare.firma-remota.it">here</a>.</p></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:08 UTC	724	OUT	GET / HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:08 UTC	615	IN	HTTP/1.1 302 Found Date: Wed, 03 Jul 2024 12:36:08 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Location: https://selfcare.firma-remota.it/asmonitor/ Content-Length: 227 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-07-03 12:36:08 UTC	227	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 6c 66 63 61 72 65 2e 66 69 72 6d 61 2d 72 65 6d 6f 74 61 2e 69 74 2f 61 73 6d 6f 6e 69 74 6f 72 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="https://selfcare.firma-remota.it/asmonitor/">here</a>.</p></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:09 UTC	734	OUT	GET /asmonitor/ HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:10 UTC	765	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:09 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Set-Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; Path=/asmonitor; Secure; HttpOnly Content-Length: 247 Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/html;charset=UTF-8
2024-07-03 12:36:10 UTC	247	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 20 69 64 3d 22 6a 5f 69 64 74 32 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 69 6e 64 65 78 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 55 52 4c 3d 6c 6f 67 69 6e 2e 78 68 74 6d 6c 22 20 2f 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml"><head id="j_idt2"> <title>index</title> <meta http-equiv="refresh" content="0;URL=login.xhtml" /></head><body></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:11 UTC	831	OUT	GET /asmonitor/login.xhtml HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://selfcare.firma-remota.it/asmonitor/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:11 UTC	675	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:11 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/html;charset=UTF-8 content-length: 11780
2024-07-03 12:36:11 UTC	3368	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 62 6f 64 79 3e 3c 2f 62 6f 64 79 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 20 69 64 3d 22 6a 5f 69 64 74 37 22 3e 0a 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d Data Ascii: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html><body></body><html xmlns="http://www.w3.org/1999/xhtml"><head id="j_idt7"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-
2024-07-03 12:36:11 UTC	4048	IN	Data Raw: 31 35 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 09 0a 09 09 09 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 31 32 30 30 70 78 29 20 7b 0a 09 09 09 09 2e 6c 6f 67 6f 2d 73 6d 20 7b 0a 09 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 34 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 09 0a 09 09 09 40 6d 65 64 69 61 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 39 39 32 70 78 29 20 7b 0a 09 09 09 09 2e 6c 6f 67 6f 2d 73 6d 20 7b 0a 09 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 36 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 09 09 09 09 7d 0a 09 09 09 7d 0a 09 09 09 0a 09 09 09 40 6d 65 64 69 61 20 73 63 Data Ascii: 15% !important;}}@media screen and (max-width: 1200px) {.logo-sm {margin-left: 14% !important;}}@media screen and (max-width: 992px) {.logo-sm {margin-left: 6% !important;}}@media sc
2024-07-03 12:36:11 UTC	4048	IN	Data Raw: 52 65 6d 6f 74 65 20 53 69 67 6e 61 74 75 72 65 20 70 75 72 63 68 61 73 65 64 20 74 68 72 6f 75 67 68 20 43 44 52 4c 2c 20 69 6e 20 61 64 64 69 74 69 6f 6e 20 74 6f 20 79 6f 75 72 20 75 73 65 72 6e 61 6d 65 2c 20 73 70 65 63 69 66 79 20 74 68 65 20 44 6f 6d 61 69 6e 20 74 6f 20 77 68 69 63 68 20 69 74 20 62 65 6c 6f 6e 67 73 20 69 6e 20 74 68 65 20 66 6f 72 6d 20 75 73 65 72 6e 61 6d 65 40 64 6f 6d 61 69 6e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii: Remote Signature purchased through CDRL, in addition to your username, specify the Domain to which it belongs in the form username@domain</p> </div> </div>
2024-07-03 12:36:11 UTC	316	IN	Data Raw: 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 70 65 63 2e 69 74 2f 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 2e 61 73 70 78 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 31 34 37 34 42 44 22 3e 20 3c 75 3e 43 6f 6f 6b 69 65 20 50 6f 6c 69 63 79 3c 2f 75 3e 20 3c 2f 61 3e 2d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 6a 61 76 61 73 63 72 69 70 74 3a 20 43 6f 6f 6b 69 65 62 6f 74 2e 72 65 6e 65 77 28 29 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 31 34 37 34 42 44 22 3e 20 3c 75 3e 50 65 72 73 6f 6e 61 6c 69 7a 7a 61 20 43 6f 6f 6b 69 65 3c 2f 75 3e 3c 2f 61 3e Data Ascii: body> <br><a href="https://www.pec.it/cookie-policy.aspx" target="_blank" style="color: #1474BD"> <u>Cookie Policy</u> </a>- <a href="javascript: Cookiebot.renew()" style="color: #1474BD"> <u>Personalizza Cookie</u></a>

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:11 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 12:36:12 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=99226 Date: Wed, 03 Jul 2024 12:36:11 GMT Connection: close X-CID: 2

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:12 UTC	731	OUT	GET /asmonitor/javax.faces.resource/bootstrap.min.css.xhtml?ln=css HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:12 UTC	779	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:12 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:12 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"155758-1704450954000" Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/css content-length: 155758
2024-07-03 12:36:12 UTC	3265	IN	Data Raw: 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 33 2e 31 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 39 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 6c 75 65 3a 23 30 30 37 62 66 66 3b 2d 2d 69 6e 64 69 67 6f 3a 23 36 36 31 30 66 32 3b 2d 2d Data Ascii: /! Bootstrap v4.3.1 (https://getbootstrap.com/) * Copyright 2011-2019 The Bootstrap Authors * Copyright 2011-2019 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */:root{--blue:#007bff;--indigo:#6610f2;--
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 6e 74 2d 66 61 6d 69 6c 79 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 69 6e 68 65 72 69 74 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 7b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 7d 62 75 74 74 6f 6e 2c 73 65 6c 65 63 74 7b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 73 65 6c 65 63 74 7b 77 6f 72 64 2d 77 72 61 70 3a 6e 6f 72 6d 61 6c 7d 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 2c 5b 74 79 70 65 3d 72 65 73 65 74 5d 2c 5b 74 79 70 65 3d 73 75 62 6d 69 74 5d 2c 62 75 74 74 6f 6e 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 62 75 74 74 6f 6e 7d 5b 74 79 70 65 3d 62 75 74 74 6f 6e 5d 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 2c 5b 74 79 70 65 3d 72 65 Data Ascii: nt-family:inherit;font-size:inherit;line-height:inherit}button,input{overflow:visible}button,select{text-transform:none}select{word-wrap:normal}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]:not(:disabled),[type=re
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 6c 2d 6d 64 2d 35 2c 2e 63 6f 6c 2d 6d 64 2d 36 2c 2e 63 6f 6c 2d 6d 64 2d 37 2c 2e 63 6f 6c 2d 6d 64 2d 38 2c 2e 63 6f 6c 2d 6d 64 2d 39 2c 2e 63 6f 6c 2d 6d 64 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 73 6d 2c 2e 63 6f 6c 2d 73 6d 2d 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 2e 63 6f 6c 2d 73 6d 2d 32 2c 2e 63 6f 6c 2d 73 6d 2d 33 2c 2e 63 6f 6c 2d 73 6d 2d 34 2c 2e 63 6f 6c 2d 73 6d 2d 35 2c 2e 63 6f 6c 2d 73 6d 2d 36 2c 2e 63 6f 6c 2d 73 6d 2d 37 2c 2e 63 6f 6c 2d 73 6d 2d 38 2c 2e 63 6f 6c 2d 73 6d 2d 39 2c 2e 63 6f 6c 2d 73 6d 2d 61 75 74 6f 2c 2e 63 6f 6c 2d 78 6c 2c 2e 63 6f 6c 2d 78 6c 2d 31 2c 2e 63 6f 6c 2d 78 6c 2d 31 30 2c 2e 63 6f 6c 2d 78 6c 2d 31 31 2c 2e 63 6f 6c 2d 78 6c 2d 31 32 2c Data Ascii: l-md-5,.col-md-6,.col-md-7,.col-md-8,.col-md-9,.col-md-auto,.col-sm,.col-sm-1,.col-sm-10,.col-sm-11,.col-sm-12,.col-sm-2,.col-sm-3,.col-sm-4,.col-sm-5,.col-sm-6,.col-sm-7,.col-sm-8,.col-sm-9,.col-sm-auto,.col-xl,.col-xl-1,.col-xl-10,.col-xl-11,.col-xl-12,
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 2d 73 6d 2d 37 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 38 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 38 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 36 36 2e 36 36 36 36 36 37 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 35 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 31 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 73 6d 2d 31 31 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 39 31 2e 36 36 36 36 36 37 25 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 37 36 38 70 78 29 7b 2e 63 6f 6c 2d 6d 64 7b 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 65 64 2d 73 69 7a 65 3a 30 3b 66 6c 65 78 2d 62 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 Data Ascii: -sm-7{margin-left:58.333333%}.offset-sm-8{margin-left:66.666667%}.offset-sm-9{margin-left:75%}.offset-sm-10{margin-left:83.333333%}.offset-sm-11{margin-left:91.666667%}}@media (min-width:768px){.col-md{-ms-flex-preferred-size:0;flex-basis:0;-ms-flex-posit
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 2d 6c 67 2d 39 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 37 35 25 7d 2e 6f 66 66 73 65 74 2d 6c 67 2d 31 30 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 33 2e 33 33 33 33 33 33 25 7d 2e 6f 66 66 73 65 74 2d 6c 67 2d 31 31 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 39 31 2e 36 36 36 36 36 37 25 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 31 32 30 30 70 78 29 7b 2e 63 6f 6c 2d 78 6c 7b 2d 6d 73 2d 66 6c 65 78 2d 70 72 65 66 65 72 72 65 64 2d 73 69 7a 65 3a 30 3b 66 6c 65 78 2d 62 61 73 69 73 3a 30 3b 2d 6d 73 2d 66 6c 65 78 2d 70 6f 73 69 74 69 76 65 3a 31 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 7d 2e 63 6f 6c 2d 78 6c 2d 61 75 74 6f 7b 2d 6d 73 2d 66 6c 65 78 3a 30 20 30 20 61 75 74 6f 3b 66 6c 65 78 3a 30 20 Data Ascii: -lg-9{margin-left:75%}.offset-lg-10{margin-left:83.333333%}.offset-lg-11{margin-left:91.666667%}}@media (min-width:1200px){.col-xl{-ms-flex-preferred-size:0;flex-basis:0;-ms-flex-positive:1;flex-grow:1;max-width:100%}.col-xl-auto{-ms-flex:0 0 auto;flex:0
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 61 62 64 64 65 35 7d 2e 74 61 62 6c 65 2d 68 6f 76 65 72 20 2e 74 61 62 6c 65 2d 69 6e 66 6f 3a 68 6f 76 65 72 3e 74 64 2c 2e 74 61 62 6c 65 2d 68 6f 76 65 72 20 2e 74 61 62 6c 65 2d 69 6e 66 6f 3a 68 6f 76 65 72 3e 74 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 61 62 64 64 65 35 7d 2e 74 61 62 6c 65 2d 77 61 72 6e 69 6e 67 2c 2e 74 61 62 6c 65 2d 77 61 72 6e 69 6e 67 3e 74 64 2c 2e 74 61 62 6c 65 2d 77 61 72 6e 69 6e 67 3e 74 68 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 65 65 62 61 7d 2e 74 61 62 6c 65 2d 77 61 72 6e 69 6e 67 20 74 62 6f 64 79 2b 74 62 6f 64 79 2c 2e 74 61 62 6c 65 2d 77 61 72 6e 69 6e 67 20 74 64 2c 2e 74 61 62 6c 65 2d 77 61 72 Data Ascii: hover{background-color:#abdde5}.table-hover .table-info:hover>td,.table-hover .table-info:hover>th{background-color:#abdde5}.table-warning,.table-warning>td,.table-warning>th{background-color:#ffeeba}.table-warning tbody+tbody,.table-warning td,.table-war
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 6c 2d 66 69 6c 65 2c 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 72 61 6e 67 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 63 6f 6c 2d 66 6f 72 6d 2d 6c 61 62 65 6c 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 61 6c 63 28 2e 33 37 35 72 65 6d 20 2b 20 31 70 78 29 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 63 61 6c 63 28 2e 33 37 35 72 65 6d 20 2b 20 31 70 78 29 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 7d 2e 63 6f 6c 2d 66 6f 72 6d 2d 6c 61 62 65 6c 2d 6c 67 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 63 61 6c 63 28 2e 35 72 65 6d 20 2b 20 31 70 78 29 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 63 61 6c 63 28 2e Data Ascii: l-file,.form-control-range{display:block;width:100%}.col-form-label{padding-top:calc(.375rem + 1px);padding-bottom:calc(.375rem + 1px);margin-bottom:0;font-size:inherit;line-height:1.5}.col-form-label-lg{padding-top:calc(.5rem + 1px);padding-bottom:calc(.
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 65 6c 65 63 74 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 63 75 73 74 6f 6d 2d 73 65 6c 65 63 74 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 66 69 6c 65 2e 69 73 2d 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 66 69 6c 65 2e 69 73 2d 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 74 6f 6f 6c 74 69 70 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 66 69 6c 65 3a 76 61 6c 69 64 7e 2e 76 61 6c 69 64 2d 66 65 65 64 62 61 63 6b 2c 2e 77 61 73 2d 76 61 6c 69 64 61 74 65 64 20 2e 66 6f 72 Data Ascii: elect:valid~.valid-feedback,.was-validated .custom-select:valid~.valid-tooltip{display:block}.form-control-file.is-valid~.valid-feedback,.form-control-file.is-valid~.valid-tooltip,.was-validated .form-control-file:valid~.valid-feedback,.was-validated .for
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 73 76 67 27 20 66 69 6c 6c 3d 27 25 32 33 64 63 33 35 34 35 27 20 76 69 65 77 42 6f 78 3d 27 2d 32 20 2d 32 20 37 20 37 27 25 33 65 25 33 63 70 61 74 68 20 73 74 72 6f 6b 65 3d 27 25 32 33 64 63 33 35 34 35 27 20 64 3d 27 4d 30 20 30 6c 33 20 33 6d 30 2d 33 4c 30 20 33 27 2f 25 33 65 25 33 63 63 69 72 63 6c 65 20 72 3d 27 2e 35 27 2f 25 33 65 25 33 63 63 69 72 63 6c 65 20 63 78 3d 27 33 27 20 72 3d 27 2e 35 27 2f 25 33 65 25 33 63 63 69 72 63 6c 65 20 63 79 3d 27 33 27 20 72 3d 27 2e 35 27 2f 25 33 65 25 33 63 63 69 72 63 6c 65 20 63 78 3d 27 33 27 20 63 79 3d 27 33 27 20 72 3d 27 2e 35 27 2f 25 33 65 25 33 63 2f 73 76 67 25 33 45 22 29 20 23 66 66 66 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 72 69 67 68 74 20 31 2e 37 35 72 65 6d 2f 63 61 6c Data Ascii: svg' fill='%23dc3545' viewBox='-2 -2 7 7'%3e%3cpath stroke='%23dc3545' d='M0 0l3 3m0-3L0 3'/%3e%3ccircle r='.5'/%3e%3ccircle cx='3' r='.5'/%3e%3ccircle cy='3' r='.5'/%3e%3ccircle cx='3' cy='3' r='.5'/%3e%3c/svg%3E") #fff no-repeat center right 1.75rem/cal
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 6e 6c 69 6e 65 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 7d 7d 2e 62 74 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 63 6f 6c 6f 72 3a 23 32 31 32 35 32 39 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b Data Ascii: nline .custom-control-label{margin-bottom:0}}.btn{display:inline-block;font-weight:400;color:#212529;text-align:center;vertical-align:middle;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;background-color:transparent;

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:12 UTC	732	OUT	GET /asmonitor/javax.faces.resource/selfcare-style.css.xhtml?ln=css HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:12 UTC	775	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:12 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:12 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"9404-1704450954000" Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/css content-length: 9417
2024-07-03 12:36:12 UTC	3267	IN	Data Raw: 2f 2a 0a 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0a 23 23 20 41 52 55 42 41 20 53 45 4c 46 43 41 52 45 20 54 48 45 4d 45 20 23 23 0a 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 0a 2a 2f 0a 0a 2f 2a 20 53 49 5a 49 4e 47 20 2a 2f 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 35 37 36 70 78 29 20 7b 0a 09 2e 77 2d 73 6d 2d 32 35 20 7b 20 77 69 64 74 68 3a 20 32 35 25 3b 20 7d 0a 09 2e 77 2d 73 6d 2d 35 30 20 7b 20 77 69 64 74 68 3a 20 35 30 25 3b 20 7d 0a 09 2e 77 2d 73 6d 2d 37 35 20 7b 20 77 69 64 74 68 3a 20 38 32 25 3b 20 7d 0a 09 2e 77 2d 73 6d 2d 31 30 30 20 7b 20 77 69 64 74 68 3a 20 31 30 30 25 3b 20 7d 0a 7d 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a Data Ascii: /############################ ARUBA SELFCARE THEME ############################//* SIZING */@media (min-width: 576px) {.w-sm-25 { width: 25%; }.w-sm-50 { width: 50%; }.w-sm-75 { width: 82%; }.w-sm-100 { width: 100%; }}@media (min-width:
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 2d 62 72 65 61 6b 2d 61 6c 6c 20 7b 20 77 6f 72 64 2d 62 72 65 61 6b 3a 20 62 72 65 61 6b 2d 61 6c 6c 3b 20 7d 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 39 39 32 70 78 29 20 7b 0a 09 2e 62 6f 72 64 65 72 2d 6c 67 2d 72 69 67 68 74 20 7b 20 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 3b 20 7d 0a 7d 0a 0a 2e 62 74 6e 2d 73 77 69 74 63 68 65 72 20 7b 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 65 61 73 65 2d 6f 75 74 20 2e 32 73 3b 20 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 64 64 64 3b 20 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 20 70 61 64 64 69 6e 67 3a 20 32 70 78 20 31 30 70 78 20 32 70 78 20 32 70 78 3b 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e Data Ascii: -break-all { word-break: break-all; }@media (min-width: 992px) {.border-lg-right { border-right: 1px solid #ddd; }}.btn-switcher { transition: ease-out .2s; border: none; background-color: #ddd; color: #666; padding: 2px 10px 2px 2px; display: inlin
2024-07-03 12:36:12 UTC	2102	IN	Data Raw: 62 6c 65 64 2c 20 2e 62 74 6e 3a 64 69 73 61 62 6c 65 64 20 7b 0a 20 20 20 20 6f 70 61 63 69 74 79 3a 20 2e 36 35 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 36 36 36 3b 0a 7d 0a 0a 23 70 72 6f 67 72 65 73 73 62 61 72 20 7b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 09 63 6f 6c 6f 72 3a 20 6c 69 67 68 74 67 72 65 79 0a 7d 0a 0a 23 70 72 6f 67 72 65 73 73 62 61 72 20 2e 61 63 74 69 76 65 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 0a 7d 0a 0a 23 70 72 6f 67 72 65 73 73 62 61 72 20 6c 69 20 7b 0a 09 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 6e 6f 6e 65 3b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 09 77 69 64 74 Data Ascii: bled, .btn:disabled { opacity: .65; background-color: #666;}#progressbar {margin-bottom: 30px;overflow: hidden;color: lightgrey}#progressbar .active {color: #000000}#progressbar li {list-style-type: none;font-size: 12px;widt

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:12 UTC	727	OUT	GET /asmonitor/javax.faces.resource/jquery-ui.css.xhtml?ln=css HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:12 UTC	777	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:12 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:12 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"36552-1704450954000" Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/css content-length: 36111
2024-07-03 12:36:12 UTC	3266	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 55 49 20 2d 20 76 31 2e 31 32 2e 31 20 2d 20 32 30 31 36 2d 30 39 2d 31 34 0a 2a 20 68 74 74 70 3a 2f 2f 6a 71 75 65 72 79 75 69 2e 63 6f 6d 0a 2a 20 49 6e 63 6c 75 64 65 73 3a 20 63 6f 72 65 2e 63 73 73 2c 20 61 63 63 6f 72 64 69 6f 6e 2e 63 73 73 2c 20 61 75 74 6f 63 6f 6d 70 6c 65 74 65 2e 63 73 73 2c 20 6d 65 6e 75 2e 63 73 73 2c 20 62 75 74 74 6f 6e 2e 63 73 73 2c 20 63 6f 6e 74 72 6f 6c 67 72 6f 75 70 2e 63 73 73 2c 20 63 68 65 63 6b 62 6f 78 72 61 64 69 6f 2e 63 73 73 2c 20 64 61 74 65 70 69 63 6b 65 72 2e 63 73 73 2c 20 64 69 61 6c 6f 67 2e 63 73 73 2c 20 64 72 61 67 67 61 62 6c 65 2e 63 73 73 2c 20 72 65 73 69 7a 61 62 6c 65 2e 63 73 73 2c 20 70 72 6f 67 72 65 73 73 62 61 72 2e 63 73 73 2c 20 73 65 6c 65 63 74 61 Data Ascii: /! jQuery UI - v1.12.1 - 2016-09-14 http://jqueryui.com* Includes: core.css, accordion.css, autocomplete.css, menu.css, button.css, controlgroup.css, checkboxradio.css, datepicker.css, dialog.css, draggable.css, resizable.css, progressbar.css, selecta
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 6e 2d 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 61 64 64 69 6e 67 3a 20 31 65 6d 20 32 2e 32 65 6d 3b 0a 09 62 6f 72 64 65 72 2d 74 6f 70 3a 20 30 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 75 69 2d 61 75 74 6f 63 6f 6d 70 6c 65 74 65 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 74 6f 70 3a 20 30 3b 0a 09 6c 65 66 74 3a 20 30 3b 0a 09 63 75 72 73 6f 72 3a 20 64 65 66 61 75 6c 74 3b 0a 7d 0a 2e 75 69 2d 6d 65 6e 75 20 7b 0a 09 6c 69 73 74 2d 73 74 79 6c 65 3a 20 6e 6f 6e 65 3b 0a 09 70 61 64 64 69 6e 67 3a 20 30 3b 0a 09 6d 61 72 67 69 6e 3a 20 30 3b 0a 09 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 09 6f 75 74 6c 69 6e 65 3a 20 30 3b 0a 7d 0a 2e 75 69 2d 6d 65 6e 75 20 2e 75 69 2d 6d 65 6e 75 20 7b 0a 09 Data Ascii: n-content {padding: 1em 2.2em;border-top: 0;overflow: auto;}.ui-autocomplete {position: absolute;top: 0;left: 0;cursor: default;}.ui-menu {list-style: none;padding: 0;margin: 0;display: block;outline: 0;}.ui-menu .ui-menu {
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 73 6f 6c 69 64 3b 0a 7d 0a 2e 75 69 2d 63 68 65 63 6b 62 6f 78 72 61 64 69 6f 2d 64 69 73 61 62 6c 65 64 20 7b 0a 09 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 20 7b 0a 09 77 69 64 74 68 3a 20 31 37 65 6d 3b 0a 09 70 61 64 64 69 6e 67 3a 20 2e 32 65 6d 20 2e 32 65 6d 20 30 3b 0a 09 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 20 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 2d 68 65 61 64 65 72 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 09 70 61 64 64 69 6e 67 3a 20 2e 32 65 6d 20 30 3b 0a 7d 0a 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 20 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 2d 70 72 65 76 2c 0a 2e 75 69 2d Data Ascii: solid;}.ui-checkboxradio-disabled {pointer-events: none;}.ui-datepicker {width: 17em;padding: .2em .2em 0;display: none;}.ui-datepicker .ui-datepicker-header {position: relative;padding: .2em 0;}.ui-datepicker .ui-datepicker-prev,.ui-
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 69 67 68 74 3a 20 32 30 70 78 3b 0a 7d 0a 2e 75 69 2d 64 69 61 6c 6f 67 20 2e 75 69 2d 64 69 61 6c 6f 67 2d 63 6f 6e 74 65 6e 74 20 7b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 09 62 6f 72 64 65 72 3a 20 30 3b 0a 09 70 61 64 64 69 6e 67 3a 20 2e 35 65 6d 20 31 65 6d 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 3a 20 6e 6f 6e 65 3b 0a 09 6f 76 65 72 66 6c 6f 77 3a 20 61 75 74 6f 3b 0a 7d 0a 2e 75 69 2d 64 69 61 6c 6f 67 20 2e 75 69 2d 64 69 61 6c 6f 67 2d 62 75 74 74 6f 6e 70 61 6e 65 20 7b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 09 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 20 31 70 78 20 30 20 30 20 30 3b 0a 09 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 20 6e 6f 6e 65 3b 0a 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 Data Ascii: ight: 20px;}.ui-dialog .ui-dialog-content {position: relative;border: 0;padding: .5em 1em;background: none;overflow: auto;}.ui-dialog .ui-dialog-buttonpane {text-align: left;border-width: 1px 0 0 0;background-image: none;margin-top:
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 41 41 6f 41 43 67 41 41 41 4b 58 6a 49 38 42 79 35 7a 66 34 6b 4f 78 54 56 72 58 4e 56 6c 76 31 58 30 64 38 49 47 5a 47 4b 4c 6e 4e 70 59 74 6d 38 4c 72 39 63 71 56 65 75 4f 53 76 66 4f 57 37 39 44 39 61 44 48 69 7a 4e 68 44 4a 69 64 46 5a 68 4e 79 64 45 61 68 4f 61 44 48 36 6e 6f 6d 74 4a 6a 70 31 74 75 74 4b 6f 4e 57 6b 76 41 36 4a 71 66 52 56 4c 48 55 2f 51 55 66 61 75 39 6c 32 78 37 47 35 34 64 31 66 6c 39 39 35 78 63 49 47 41 64 58 71 4d 66 42 4e 61 64 6f 59 72 68 48 2b 4d 67 32 4b 42 6c 70 56 70 62 6c 75 43 69 58 6d 4d 6e 5a 32 53 68 34 47 42 71 4a 2b 63 6b 49 4f 71 71 4a 36 4c 6d 4b 53 6c 6c 5a 6d 73 6f 71 36 77 70 51 41 41 41 68 2b 51 51 4a 41 51 41 42 41 43 77 41 41 41 41 41 4b 41 41 6f 41 41 41 43 6c 59 78 2f 6f 4c 76 6f 78 75 4a 44 6b 55 31 61 Data Ascii: AAoACgAAAKXjI8By5zf4kOxTVrXNVlv1X0d8IGZGKLnNpYtm8Lr9cqVeuOSvfOW79D9aDHizNhDJidFZhNydEahOaDH6nomtJjp1tutKoNWkvA6JqfRVLHU/QUfau9l2x7G54d1fl995xcIGAdXqMfBNadoYrhH+Mg2KBlpVpbluCiXmMnZ2Sh4GBqJ+ckIOqqJ6LmKSllZmsoq6wpQAAAh+QQJAQABACwAAAAAKAAoAAAClYx/oLvoxuJDkU1a
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 62 73 2d 61 6e 63 68 6f 72 20 7b 0a 09 66 6c 6f 61 74 3a 20 6c 65 66 74 3b 0a 09 70 61 64 64 69 6e 67 3a 20 2e 35 65 6d 20 31 65 6d 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 2e 75 69 2d 74 61 62 73 20 2e 75 69 2d 74 61 62 73 2d 6e 61 76 20 6c 69 2e 75 69 2d 74 61 62 73 2d 61 63 74 69 76 65 20 7b 0a 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 2d 31 70 78 3b 0a 09 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 3b 0a 7d 0a 2e 75 69 2d 74 61 62 73 20 2e 75 69 2d 74 61 62 73 2d 6e 61 76 20 6c 69 2e 75 69 2d 74 61 62 73 2d 61 63 74 69 76 65 20 2e 75 69 2d 74 61 62 73 2d 61 6e 63 68 6f 72 2c 0a 2e 75 69 2d 74 61 62 73 20 2e 75 69 2d 74 61 62 73 2d 6e 61 76 20 6c 69 2e 75 69 2d 73 74 61 74 65 2d 64 69 73 61 Data Ascii: bs-anchor {float: left;padding: .5em 1em;text-decoration: none;}.ui-tabs .ui-tabs-nav li.ui-tabs-active {margin-bottom: -1px;padding-bottom: 1px;}.ui-tabs .ui-tabs-nav li.ui-tabs-active .ui-tabs-anchor,.ui-tabs .ui-tabs-nav li.ui-state-disa
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 20 2e 75 69 2d 73 74 61 74 65 2d 65 72 72 6f 72 2d 74 65 78 74 2c 0a 2e 75 69 2d 77 69 64 67 65 74 2d 68 65 61 64 65 72 20 2e 75 69 2d 73 74 61 74 65 2d 65 72 72 6f 72 2d 74 65 78 74 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 63 64 30 61 30 61 3b 0a 7d 0a 2e 75 69 2d 70 72 69 6f 72 69 74 79 2d 70 72 69 6d 61 72 79 2c 0a 2e 75 69 2d 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 2e 75 69 2d 70 72 69 6f 72 69 74 79 2d 70 72 69 6d 61 72 79 2c 0a 2e 75 69 2d 77 69 64 67 65 74 2d 68 65 61 64 65 72 20 2e 75 69 2d 70 72 69 6f 72 69 74 79 2d 70 72 69 6d 61 72 79 20 7b 0a 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 2e 75 69 2d 70 72 69 6f 72 69 74 79 2d 73 65 63 6f 6e 64 61 72 79 2c 0a 2e 75 69 2d 77 69 64 67 65 74 2d 63 6f 6e 74 65 6e 74 20 2e 75 69 Data Ascii: .ui-state-error-text,.ui-widget-header .ui-state-error-text {color: #cd0a0a;}.ui-priority-primary,.ui-widget-content .ui-priority-primary,.ui-widget-header .ui-priority-primary {font-weight: bold;}.ui-priority-secondary,.ui-widget-content .ui
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 6f 77 74 68 69 63 6b 2d 31 2d 77 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 39 36 70 78 20 2d 34 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 61 72 72 6f 77 74 68 69 63 6b 2d 31 2d 6e 77 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 31 32 70 78 20 2d 34 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 61 72 72 6f 77 74 68 69 63 6b 2d 32 2d 6e 2d 73 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 32 38 70 78 20 2d 34 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 61 72 72 6f 77 74 68 69 63 6b 2d 32 2d 6e 65 2d 73 77 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 34 34 70 78 20 2d 34 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d Data Ascii: owthick-1-w { background-position: -96px -48px; }.ui-icon-arrowthick-1-nw { background-position: -112px -48px; }.ui-icon-arrowthick-2-n-s { background-position: -128px -48px; }.ui-icon-arrowthick-2-ne-sw { background-position: -144px -48px; }.ui-icon-
2024-07-03 12:36:12 UTC	4048	IN	Data Raw: 2d 69 63 6f 6e 2d 6b 65 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 31 32 70 78 20 2d 31 32 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 6c 69 67 68 74 62 75 6c 62 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 32 38 70 78 20 2d 31 32 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 73 63 69 73 73 6f 72 73 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 34 34 70 78 20 2d 31 32 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 63 6c 69 70 62 6f 61 72 64 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 20 2d 31 36 30 70 78 20 2d 31 32 38 70 78 3b 20 7d 0a 2e 75 69 2d 69 63 6f 6e 2d 63 6f 70 79 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f Data Ascii: -icon-key { background-position: -112px -128px; }.ui-icon-lightbulb { background-position: -128px -128px; }.ui-icon-scissors { background-position: -144px -128px; }.ui-icon-clipboard { background-position: -160px -128px; }.ui-icon-copy { background-po
2024-07-03 12:36:12 UTC	461	IN	Data Raw: 20 7b 0a 09 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 61 6c 6c 2c 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 62 6f 74 74 6f 6d 2c 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 6c 65 66 74 2c 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 62 6c 20 7b 0a 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 61 6c 6c 2c 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 62 6f 74 74 6f 6d 2c 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 72 69 67 68 74 2c 0a 2e 75 69 2d 63 6f 72 6e 65 72 2d 62 72 20 7b 0a 09 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 20 34 70 78 3b 0a 7d 0a 0a 20 4f 76 65 72 6c 61 79 73 20 Data Ascii: {border-top-right-radius: 4px;}.ui-corner-all,.ui-corner-bottom,.ui-corner-left,.ui-corner-bl {border-bottom-left-radius: 4px;}.ui-corner-all,.ui-corner-bottom,.ui-corner-right,.ui-corner-br {border-bottom-right-radius: 4px;} Overlays

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://selfcare.firma-remota.it/asmonitor/panel/login

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 194

Chrome Cache Entry: 195

Chrome Cache Entry: 196

Chrome Cache Entry: 197

Chrome Cache Entry: 198

Chrome Cache Entry: 199

Chrome Cache Entry: 200

Chrome Cache Entry: 201

Windows Analysis Report
https://selfcare.firma-remota.it/asmonitor/panel/login

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:12 UTC	727	OUT	GET /asmonitor/javax.faces.resource/cookiebot.css.xhtml?ln=css HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:12 UTC	773	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:12 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:12 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"682-1704450954000" Content-Length: 682 Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/css
2024-07-03 12:36:12 UTC	682	IN	Data Raw: 2f 2a 0a 54 6f 20 63 68 61 6e 67 65 20 74 68 69 73 20 6c 69 63 65 6e 73 65 20 68 65 61 64 65 72 2c 20 63 68 6f 6f 73 65 20 4c 69 63 65 6e 73 65 20 48 65 61 64 65 72 73 20 69 6e 20 50 72 6f 6a 65 63 74 20 50 72 6f 70 65 72 74 69 65 73 2e 0a 54 6f 20 63 68 61 6e 67 65 20 74 68 69 73 20 74 65 6d 70 6c 61 74 65 20 66 69 6c 65 2c 20 63 68 6f 6f 73 65 20 54 6f 6f 6c 73 20 7c 20 54 65 6d 70 6c 61 74 65 73 0a 61 6e 64 20 6f 70 65 6e 20 74 68 65 20 74 65 6d 70 6c 61 74 65 20 69 6e 20 74 68 65 20 65 64 69 74 6f 72 2e 0a 2a 2f 0a 0a 23 43 79 62 6f 74 43 6f 6f 6b 69 65 62 6f 74 44 69 61 6c 6f 67 20 23 43 79 62 6f 74 43 6f 6f 6b 69 65 62 6f 74 44 69 61 6c 6f 67 48 65 61 64 65 72 20 7b 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 20 7d 0a 23 43 79 62 6f 74 43 6f 6f 6b Data Ascii: /To change this license header, choose License Headers in Project Properties.To change this template file, choose Tools \| Templatesand open the template in the editor./#CybotCookiebotDialog #CybotCookiebotDialogHeader { display: none; }#CybotCook

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:12 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-07-03 12:36:13 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=99146 Date: Wed, 03 Jul 2024 12:36:12 GMT Content-Length: 55 Connection: close X-CID: 2
2024-07-03 12:36:13 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:13 UTC	712	OUT	GET /asmonitor/javax.faces.resource/popper.min.js.xhtml?ln=js HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:13 UTC	791	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:13 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:13 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"20456-1704450954000" Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: application/javascript content-length: 20456
2024-07-03 12:36:13 UTC	3252	IN	Data Raw: 2f 2a 0a 20 43 6f 70 79 72 69 67 68 74 20 28 43 29 20 46 65 64 65 72 69 63 6f 20 5a 69 76 6f 6c 6f 20 32 30 31 38 0a 20 44 69 73 74 72 69 62 75 74 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 28 6c 69 63 65 6e 73 65 20 74 65 72 6d 73 20 61 72 65 20 61 74 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 29 2e 0a 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 27 6f 62 6a 65 63 74 27 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 27 66 75 6e 63 74 69 6f 6e 27 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e Data Ascii: /* Copyright (C) Federico Zivolo 2018 Distributed under the MIT License (license terms are at http://opensource.org/licenses/MIT). */(function(e,t){'object'==typeof exports&&'undefined'!=typeof module?module.exports=t():'function'==typeof define&&defin
2024-07-03 12:36:13 UTC	4048	IN	Data Raw: 73 3d 67 28 65 29 2c 64 3d 67 28 6f 29 2c 61 3d 6e 28 65 29 2c 66 3d 74 28 6f 29 2c 6d 3d 70 61 72 73 65 46 6c 6f 61 74 28 66 2e 62 6f 72 64 65 72 54 6f 70 57 69 64 74 68 2c 31 30 29 2c 68 3d 70 61 72 73 65 46 6c 6f 61 74 28 66 2e 62 6f 72 64 65 72 4c 65 66 74 57 69 64 74 68 2c 31 30 29 3b 69 26 26 27 48 54 4d 4c 27 3d 3d 3d 6f 2e 6e 6f 64 65 4e 61 6d 65 26 26 28 64 2e 74 6f 70 3d 51 28 64 2e 74 6f 70 2c 30 29 2c 64 2e 6c 65 66 74 3d 51 28 64 2e 6c 65 66 74 2c 30 29 29 3b 76 61 72 20 75 3d 63 28 7b 74 6f 70 3a 73 2e 74 6f 70 2d 64 2e 74 6f 70 2d 6d 2c 6c 65 66 74 3a 73 2e 6c 65 66 74 2d 64 2e 6c 65 66 74 2d 68 2c 77 69 64 74 68 3a 73 2e 77 69 64 74 68 2c 68 65 69 67 68 74 3a 73 2e 68 65 69 67 68 74 7d 29 3b 69 66 28 75 2e 6d 61 72 67 69 6e 54 6f 70 3d 30 Data Ascii: s=g(e),d=g(o),a=n(e),f=t(o),m=parseFloat(f.borderTopWidth,10),h=parseFloat(f.borderLeftWidth,10);i&&'HTML'===o.nodeName&&(d.top=Q(d.top,0),d.left=Q(d.left,0));var u=c({top:s.top-d.top-m,left:s.left-d.left-h,width:s.width,height:s.height});if(u.marginTop=0
2024-07-03 12:36:13 UTC	4048	IN	Data Raw: 3d 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 70 6f 73 69 74 69 6f 6e 46 69 78 65 64 3f 27 66 69 78 65 64 27 3a 27 61 62 73 6f 6c 75 74 65 27 2c 65 3d 4e 28 74 68 69 73 2e 6d 6f 64 69 66 69 65 72 73 2c 65 29 2c 74 68 69 73 2e 73 74 61 74 65 2e 69 73 43 72 65 61 74 65 64 3f 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 6f 6e 55 70 64 61 74 65 28 65 29 3a 28 74 68 69 73 2e 73 74 61 74 65 2e 69 73 43 72 65 61 74 65 64 3d 21 30 2c 74 68 69 73 2e 6f 70 74 69 6f 6e 73 2e 6f 6e 43 72 65 61 74 65 28 65 29 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 50 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6f 3d 65 2e 6e 61 6d 65 2c 6e 3d 65 2e 65 6e 61 62 6c 65 64 3b 72 65 74 75 72 6e 20 6e 26 26 6f 3d 3d 3d 74 7d 29 7d 66 75 6e Data Ascii: =this.options.positionFixed?'fixed':'absolute',e=N(this.modifiers,e),this.state.isCreated?this.options.onUpdate(e):(this.state.isCreated=!0,this.options.onCreate(e))}}function P(e,t){return e.some(function(e){var o=e.name,n=e.enabled;return n&&o===t})}fun
2024-07-03 12:36:13 UTC	4048	IN	Data Raw: 27 62 6f 74 74 6f 6d 27 3d 3d 3d 64 26 26 28 70 2e 6c 65 66 74 2b 3d 6f 5b 30 5d 2c 70 2e 74 6f 70 2b 3d 6f 5b 31 5d 29 2c 65 2e 70 6f 70 70 65 72 3d 70 2c 65 7d 66 6f 72 28 76 61 72 20 58 3d 4d 61 74 68 2e 6d 69 6e 2c 4a 3d 4d 61 74 68 2e 66 6c 6f 6f 72 2c 51 3d 4d 61 74 68 2e 6d 61 78 2c 5a 3d 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 27 75 6e 64 65 66 69 6e 65 64 27 21 3d 74 79 70 65 6f 66 20 64 6f 63 75 6d 65 6e 74 2c 24 3d 5b 27 45 64 67 65 27 2c 27 54 72 69 64 65 6e 74 27 2c 27 46 69 72 65 66 6f 78 27 5d 2c 65 65 3d 30 2c 74 65 3d 30 3b 74 65 3c 24 2e 6c 65 6e 67 74 68 3b 74 65 2b 3d 31 29 69 66 28 5a 26 26 30 3c 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 64 65 78 4f 66 28 24 5b 74 Data Ascii: 'bottom'===d&&(p.left+=o[0],p.top+=o[1]),e.popper=p,e}for(var X=Math.min,J=Math.floor,Q=Math.max,Z='undefined'!=typeof window&&'undefined'!=typeof document,$=['Edge','Trident','Firefox'],ee=0,te=0;te<$.length;te+=1)if(Z&&0<=navigator.userAgent.indexOf($[t
2024-07-03 12:36:13 UTC	4048	IN	Data Raw: 69 74 68 52 65 66 65 72 65 6e 63 65 26 26 28 69 3d 58 28 70 5b 6f 5d 2c 6e 5b 65 5d 2d 28 27 72 69 67 68 74 27 3d 3d 3d 65 3f 70 2e 77 69 64 74 68 3a 70 2e 68 65 69 67 68 74 29 29 29 2c 73 65 28 7b 7d 2c 6f 2c 69 29 7d 7d 3b 72 65 74 75 72 6e 20 69 2e 66 6f 72 45 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 2d 31 3d 3d 3d 5b 27 6c 65 66 74 27 2c 27 74 6f 70 27 5d 2e 69 6e 64 65 78 4f 66 28 65 29 3f 27 73 65 63 6f 6e 64 61 72 79 27 3a 27 70 72 69 6d 61 72 79 27 3b 70 3d 64 65 28 7b 7d 2c 70 2c 73 5b 74 5d 28 65 29 29 7d 29 2c 65 2e 6f 66 66 73 65 74 73 2e 70 6f 70 70 65 72 3d 70 2c 65 7d 2c 70 72 69 6f 72 69 74 79 3a 5b 27 6c 65 66 74 27 2c 27 72 69 67 68 74 27 2c 27 74 6f 70 27 2c 27 62 6f 74 74 6f 6d 27 5d 2c 70 61 64 64 69 6e 67 3a Data Ascii: ithReference&&(i=X(p[o],n[e]-('right'===e?p.width:p.height))),se({},o,i)}};return i.forEach(function(e){var t=-1===['left','top'].indexOf(e)?'secondary':'primary';p=de({},p,s[t](e))}),e.offsets.popper=p,e},priority:['left','right','top','bottom'],padding:
2024-07-03 12:36:13 UTC	1012	IN	Data Raw: 72 69 67 68 74 3a 4a 28 69 2e 72 69 67 68 74 29 7d 2c 63 3d 27 62 6f 74 74 6f 6d 27 3d 3d 3d 6f 3f 27 74 6f 70 27 3a 27 62 6f 74 74 6f 6d 27 2c 75 3d 27 72 69 67 68 74 27 3d 3d 3d 6e 3f 27 6c 65 66 74 27 3a 27 72 69 67 68 74 27 2c 62 3d 57 28 27 74 72 61 6e 73 66 6f 72 6d 27 29 3b 69 66 28 64 3d 27 62 6f 74 74 6f 6d 27 3d 3d 63 3f 2d 66 2e 68 65 69 67 68 74 2b 68 2e 62 6f 74 74 6f 6d 3a 68 2e 74 6f 70 2c 73 3d 27 72 69 67 68 74 27 3d 3d 75 3f 2d 66 2e 77 69 64 74 68 2b 68 2e 72 69 67 68 74 3a 68 2e 6c 65 66 74 2c 61 26 26 62 29 6d 5b 62 5d 3d 27 74 72 61 6e 73 6c 61 74 65 33 64 28 27 2b 73 2b 27 70 78 2c 20 27 2b 64 2b 27 70 78 2c 20 30 29 27 2c 6d 5b 63 5d 3d 30 2c 6d 5b 75 5d 3d 30 2c 6d 2e 77 69 6c 6c 43 68 61 6e 67 65 3d 27 74 72 61 6e 73 66 6f 72 6d Data Ascii: right:J(i.right)},c='bottom'===o?'top':'bottom',u='right'===n?'left':'right',b=W('transform');if(d='bottom'==c?-f.height+h.bottom:h.top,s='right'==u?-f.width+h.right:h.left,a&&b)m[b]='translate3d('+s+'px, '+d+'px, 0)',m[c]=0,m[u]=0,m.willChange='transform

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:13 UTC	714	OUT	GET /asmonitor/javax.faces.resource/cookiepolicy.js.xhtml?ln=js HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:14 UTC	789	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:13 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:13 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"8752-1704450954000" Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: application/javascript content-length: 8752
2024-07-03 12:36:14 UTC	3253	IN	Data Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 69 3b 65 2e 63 6f 6f 6b 69 65 73 44 69 72 65 63 74 69 76 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 73 3d 65 2e 65 78 74 65 6e 64 28 7b 65 78 70 6c 69 63 69 74 43 6f 6e 73 65 6e 74 3a 21 31 2c 70 6f 73 69 74 69 6f 6e 3a 22 62 6f 74 74 6f 6d 22 2c 64 75 72 61 74 69 6f 6e 3a 30 2c 6c 69 6d 69 74 3a 30 2c 63 6f 6f 6b 69 65 53 63 72 69 70 74 73 3a 6e 75 6c 6c 2c 70 72 69 76 61 63 79 50 6f 6c 69 63 79 55 72 69 3a 7b 69 74 3a 22 70 72 69 76 61 63 79 2e 68 74 6d 6c 22 7d 2c 69 6e 6c 69 6e 65 41 63 74 69 6f 6e 3a 21 30 2c 6c 61 6e 67 3a 22 69 74 22 2c 73 63 72 69 70 74 57 72 61 70 70 65 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 66 6f 6e 74 46 61 6d 69 6c 79 3a 22 68 65 6c 76 65 74 69 63 61 22 2c 66 Data Ascii: !function(e){var i;e.cookiesDirective=function(a){var s=e.extend({explicitConsent:!1,position:"bottom",duration:0,limit:0,cookieScripts:null,privacyPolicyUri:{it:"privacy.html"},inlineAction:!0,lang:"it",scriptWrapper:function(){},fontFamily:"helvetica",f
2024-07-03 12:36:14 UTC	4048	IN	Data Raw: 61 20 7a c3 ad 73 6b 61 c5 a5 20 c4 8f 61 6c c5 a1 69 65 20 69 6e 66 6f 72 6d c3 a1 63 69 65 20 6f 20 70 6f 75 c5 be c3 ad 76 61 6e c3 ad 20 73 c3 ba 62 6f 72 6f 76 20 63 6f 6f 6b 69 65 2c 20 61 6c 65 62 6f 20 61 6b 20 63 68 63 65 74 65 20 7a 72 75 c5 a1 69 c5 a5 20 73 76 6f 6a 20 73 c3 ba 68 6c 61 73 20 73 20 70 6f 75 c5 be 69 74 c3 ad 6d 20 73 c3 ba 62 6f 72 6f 76 20 63 6f 6f 6b 69 65 2c 20 6b 6c 69 6b 6e 69 74 65 2c 20 70 72 6f 73 c3 ad 6d 20 22 7d 2c 6d 65 73 73 61 67 65 32 3a 7b 69 74 3a 22 43 6c 69 63 63 61 6e 64 6f 20 73 75 20 22 2c 65 6e 3a 22 42 79 20 63 6c 69 63 6b 69 6e 67 20 6f 6e 20 22 2c 65 73 3a 22 41 6c 20 68 61 63 65 72 20 63 6c 69 63 20 65 6e 20 22 2c 66 72 3a 22 45 6e 20 63 6c 69 71 75 61 6e 74 20 73 75 72 20 22 2c 70 6c 3a 22 4b 6c 69 Data Ascii: a zska alie informcie o pouvan sborov cookie, alebo ak chcete zrui svoj shlas s pouitm sborov cookie, kliknite, prosm "},message2:{it:"Cliccando su ",en:"By clicking on ",es:"Al hacer clic en ",fr:"En cliquant sur ",pl:"Kli
2024-07-03 12:36:14 UTC	1451	IN	Data Raw: 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 30 30 3b 22 3e 27 2c 6c 2b 3d 27 3c 64 69 76 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 77 69 64 74 68 3a 39 30 25 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 61 75 74 6f 3b 22 3e 27 2c 6c 2b 3d 61 2e 6d 65 73 73 61 67 65 5b 69 5d 2c 6c 2b 3d 27 20 3c 61 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 27 2b 61 2e 6c 69 6e 6b 43 6f 6c 6f 72 2b 22 3b 22 2c 6c 2b 3d 22 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 2b 61 2e 66 6f 6e 74 46 61 6d 69 6c 79 2b 22 3b 66 6f 6e 74 2d 73 Data Ascii: ext-align:center;z-index:100000;">',l+='<div style="position:relative;height:auto;width:90%;padding:10px;margin-left:auto;margin-right:auto;">',l+=a.message[i],l+=' <a style="color:'+a.linkColor+";",l+="font-weight:bold;font-family:"+a.fontFamily+";font-s

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:14 UTC	781	OUT	GET /asmonitor/javax.faces.resource/logo-aruba-pec.png.xhtml?ln=images HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:14 UTC	776	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:14 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Expires: Wed, 10 Jul 2024 12:36:14 GMT Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT ETag: W/"4570-1704450954000" Content-Length: 4570 Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: image/png
2024-07-03 12:36:14 UTC	4048	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 be 00 00 00 2c 08 03 00 00 00 ec 04 f2 e7 00 00 02 f7 50 4c 54 45 00 00 00 8d 8d 8d 8f 8f 8f 91 91 91 7f 74 73 91 91 91 82 81 81 91 91 91 7a 7a 7a 80 72 71 7a 79 79 7a 79 79 84 84 84 7a 79 79 8e 8e 8e 92 92 92 7b 7a 7a 7c 7b 7b 7a 78 78 7b 7a 7a 91 91 91 78 77 77 94 94 94 94 94 94 7d 7b 7b 7c 7c 7c 91 91 91 95 95 95 94 94 94 7e 7e 7e 95 95 95 92 92 92 92 92 92 96 96 96 90 90 90 90 90 90 7a 79 79 95 95 95 7d 7c 7c 8f 8f 8f 7b 7a 7a 93 93 93 90 90 90 93 93 93 78 78 78 8f 8f 8f 8f 8f 8f 7c 7c 7c 91 91 91 91 91 91 96 96 96 92 92 92 7b 7a 7a 92 92 92 7e 7d 7d 7a 79 79 92 92 92 7b 7a 7a 7b 7a 7a 7b 7a 7a 90 90 90 de 1f 17 80 08 07 92 92 92 79 78 78 7b 7b 7b 94 94 94 94 94 94 92 92 92 7b 79 79 90 90 90 d4 Data Ascii: PNGIHDR,PLTEtszzzrqzyyzyyzyy{zz\|{{zxx{zzxww}{{\|\|\|~~~zyy}\|\|{zzxxx\|\|\|{zz~}}zyy{zz{zz{zzyxx{{{{yy
2024-07-03 12:36:14 UTC	522	IN	Data Raw: d1 88 6a 8c a2 6e c8 a0 24 34 eb 80 8d 01 82 91 28 48 78 c8 d0 f5 a2 13 b2 24 e9 16 87 9c 52 a5 65 9e 12 a6 0b 0e 0b 1c 5f 7b f7 73 75 ba 72 e3 e6 eb db 4f 1e 5c be fc e0 c9 ed eb 8f a6 75 dc bf 59 7b fa e1 f3 2e 58 07 e9 5c 3e 79 d0 70 b5 ac 64 02 f9 07 3b 58 b8 1d 10 92 d3 65 90 39 a0 73 16 39 9a a3 b7 18 86 ae 06 f2 b0 70 a9 89 b3 cc ee 09 02 dd a0 52 0b da ce fc fe c9 38 1f 41 a4 b4 75 a2 47 ae 95 6b c2 47 27 0a 4b 75 06 55 60 c0 00 95 51 01 f1 00 1a 61 18 27 1d d3 30 b2 8e ad cb 5e 26 ab 18 57 ba d6 d7 c3 86 7a d0 b5 4d 58 e4 e8 d5 77 1b bf de 9a ae 9c 3d 7b e9 de a3 47 f7 2e ad ac d4 61 7f 7f 6d e3 b7 7d 9b b7 2e 94 9d 9e 88 58 40 8d 2a 31 e2 8a a8 31 e6 24 52 40 23 a9 d6 03 cd 07 8f aa 55 6a 74 62 42 03 40 44 d8 98 b2 52 f1 b4 92 79 1d 46 dc 88 68 Data Ascii: jn$4(Hx$Re_{surO\uY{.X\>ypd;Xe9s9pR8AuGkG'KuU`Qa'0^&WzMXw={G.am}.X@*11$R@#UjtbB@DRyFh

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:14 UTC	747	OUT	GET /asmonitor/images/04_sm_info.png HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:15 UTC	758	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:14 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Accept-Ranges: bytes ETag: W/"1122-1704450954000" Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT Content-Length: 1122 Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: image/png
2024-07-03 12:36:15 UTC	1122	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 23 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 30 20 37 39 2e 31 36 30 34 35 31 2c 20 32 30 31 37 2f 30 35 2f 30 36 2d 30 31 3a 30 38 3a 32 31 20 20 Data Ascii: PNGIHDRw=tEXtSoftwareAdobe ImageReadyqe<#iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:15 UTC	481	OUT	GET /asmonitor/images/04_sm_info.png HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:16 UTC	758	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:16 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Accept-Ranges: bytes ETag: W/"1122-1704450954000" Last-Modified: Fri, 05 Jan 2024 10:35:54 GMT Content-Length: 1122 Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: image/png
2024-07-03 12:36:16 UTC	1122	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 18 00 00 00 18 08 06 00 00 00 e0 77 3d f8 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 41 64 6f 62 65 20 49 6d 61 67 65 52 65 61 64 79 71 c9 65 3c 00 00 03 23 69 54 58 74 58 4d 4c 3a 63 6f 6d 2e 61 64 6f 62 65 2e 78 6d 70 00 00 00 00 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 36 2d 63 31 34 30 20 37 39 2e 31 36 30 34 35 31 2c 20 32 30 31 37 2f 30 35 2f 30 36 2d 30 31 3a 30 38 3a 32 31 20 20 Data Ascii: PNGIHDRw=tEXtSoftwareAdobe ImageReadyqe<#iTXtXML:com.adobe.xmp<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:18 UTC	682	OUT	GET /favicon.ico HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://selfcare.firma-remota.it/asmonitor/login.xhtml Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:18 UTC	564	IN	HTTP/1.1 404 Not Found Date: Wed, 03 Jul 2024 12:36:18 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Content-Length: 209 Connection: close Content-Type: text/html; charset=iso-8859-1
2024-07-03 12:36:18 UTC	209	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /favicon.ico was not found on this server.</p></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:21 UTC	805	OUT	GET /asmonitor/informazioni-profilo.xhtml?faces-redirect=true HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:21 UTC	695	IN	HTTP/1.1 404 404 Date: Wed, 03 Jul 2024 12:36:21 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Content-Language: en Content-Length: 431 Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/html;charset=utf-8
2024-07-03 12:36:21 UTC	431	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 48 54 54 50 20 53 74 61 74 75 73 20 34 30 34 20 e2 80 93 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 62 6f 64 79 20 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 54 61 68 6f 6d 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 68 31 2c 20 68 32 2c 20 68 33 2c 20 62 20 7b 63 6f 6c 6f 72 3a 77 68 69 74 65 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 32 35 44 37 36 3b 7d 20 68 31 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 32 70 78 3b 7d 20 68 32 20 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 7d 20 68 33 20 7b 66 6f 6e 74 2d 73 69 Data Ascii: <!doctype html><html lang="en"><head><title>HTTP Status 404 Not Found</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-si

Timestamp	Bytes transferred	Direction	Data
2024-07-03 12:36:24 UTC	782	OUT	GET /asmonitor/recupero-username.xhtml HTTP/1.1 Host: selfcare.firma-remota.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: JSESSIONID=0E2AA5CDB988993C344E52EBA46B8FC7; cookiesession1=678B29B0B77372E1DE818E66860C1CF1
2024-07-03 12:36:24 UTC	675	IN	HTTP/1.1 200 200 Date: Wed, 03 Jul 2024 12:36:24 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Frame-Options: deny X-Content-Type-Options: nosniff X-Permitted-Cross-Domain-Policies: none Referrer-Policy: strict-origin-when-cross-origin Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: unsafe-none Cross-Origin-Resource-Policy: same-origin Content-Security-Policy: base-uri 'self' Clear-Site-Data: * Content-Security-Policy: img-src 'self' data: https://.serving-sys.com https://.cloudfront.net https://*.usabilla.com Connection: close Content-Type: text/html;charset=UTF-8 content-length: 10335
2024-07-03 12:36:24 UTC	3368	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 20 69 64 3d 22 6a 5f 69 64 74 31 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 73 65 72 6e 61 6d 65 20 72 65 63 6f 76 65 72 79 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 61 73 79 6e 63 3d 22 74 72 75 65 22 20 64 65 66 65 72 3d 22 74 72 75 65 22 20 73 72 63 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 2e 6a 73 3f 6f 6e 6c 6f 61 64 3d 72 65 6e 64 65 72 52 65 43 61 70 74 63 68 61 43 61 6c 6c 62 61 63 6b 26 61 6d 70 3b 72 65 6e 64 65 72 3d 65 78 70 6c 69 63 69 74 26 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html><head id="j_idt1"> <title>Username recovery</title> <script async="true" defer="true" src="//www.google.com/recaptcha/api.js?onload=renderReCaptchaCallback&render=explicit&
2024-07-03 12:36:24 UTC	4048	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 69 61 6c 6f 67 49 44 29 2e 64 69 61 6c 6f 67 28 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6d 6f 64 61 6c 3a 20 74 72 75 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 77 69 64 74 68 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 68 65 69 67 68 74 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 6f 73 65 4f 6e 45 73 63 61 70 65 3a 20 66 61 6c 73 65 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 70 65 6e 3a 20 66 75 6e 63 74 69 6f 6e 20 28 65 76 65 6e 74 2c 20 75 69 29 20 7b 0a 20 Data Ascii: $(dialogID).dialog({ modal: true, width: width, height: height, closeOnEscape: false, open: function (event, ui) {
2024-07-03 12:36:24 UTC	2919	IN	Data Raw: 3d 22 70 61 67 65 2d 63 6f 6e 74 61 69 6e 65 72 20 70 78 2d 33 20 70 78 2d 73 6d 2d 35 20 70 79 2d 33 20 6d 62 2d 35 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 63 6c 61 73 73 3d 22 6d 74 2d 33 22 3e 55 73 65 72 6e 61 6d 65 20 72 65 63 6f 76 65 72 79 3c 2f 68 32 3e 0a 3c 66 6f 72 6d 20 69 64 3d 22 72 65 63 75 70 65 72 6f 55 73 65 72 6e 61 6d 65 46 6f 72 6d 22 20 6e 61 6d 65 3d 22 72 65 63 75 70 65 72 6f 55 73 65 72 6e 61 6d 65 46 6f 72 6d 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 20 61 63 74 69 6f 6e 3d 22 2f 61 73 6d 6f 6e 69 74 6f 72 2f 72 65 63 75 70 65 72 6f 2d 75 73 65 72 6e 61 6d 65 2e 78 68 74 6d 6c 22 20 65 6e 63 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f Data Ascii: ="page-container px-3 px-sm-5 py-3 mb-5"> <h2 class="mt-3">Username recovery</h2><form id="recuperoUsernameForm" name="recuperoUsernameForm" method="post" action="/asmonitor/recupero-username.xhtml" enctype="applicatio