| 0 | var config={LOCAL:{apiUrl:"http://localhost:3000",appUrl:"http://localhost:4200",providerAppUrl:"htt… | HTTP request targets loopback address (local IPC) |
| 0 | var cherryImage="assets/images/brand_cherry_red.svg",cherryImage2="assets/images | Any script file |
| 2552 | …"stylesheet" type="text/css" href="${chrome.runtime.getURL("lib/bootstrap_4_modified/bootstrap.mi… | Uses core chrome.* namespace APIs |
| 4289 | …style>\n`;function addFonts(t){let e=`\n\t\t@font-face {\n\t\t\tfont-family: 'Poppins-Regular';\n… | Has code execution capability |
| 5198 | … font-family: 'obviously-narrow';\n src: url(${chrome.runtime.getURL(obviouslyFo… | DOM script src literal |
| 0 | var popUpData=void 0,bgColor="#ed1b24",loaderText=`\n <div class="brandImgHider | High ratio of digit characters (junk padding) |
| 781 | …06.77 635.77 C 534.16 623.04 553.78 610.08 575.75 589.75 C 597.72 569.42 611.77 550.91 626.23 525… | Regex component marker |
| 10822 | …>\n </g>\n </svg>\n </div>\n <img id="animated-image" src="${chrome.runtime.getURL(cher… | Has code execution capability |
| 11313 | … <div class="col">\n <img class="brandImg" src="${chr… | DOM script src literal |
| 12519 | …main-outer-container ml-0 mr-0 custom-client-class" id="loaderExtPage">\n <div cla… | -client suffix |
| 18443 | …MessageExtPage").on("click",(function(t){redirection?self.open(n.link):self.location.href=n.link}))} | window.location host marker |
| 0x0 | 43723234030000001d05000012ac040a | Cr24............ | Chrome Web Store extension archive |
| 0x10 | a60230820122300d06092a864886f70d | ..0.."0...*.H... | |
| 0x20 | 01 | . |
| 1 | { | Extension locale name message |
| 2 | "extName": { | |
| 3 | "message": "Chrisco Travel" |
| 0 | [{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2h | JSON data format |
Objectives
hostile severity, 95% confident.
exfiltration
Sensitive data exfiltration (JS)
notable severity, 90% confident.
anti-static/obfuscation/string
Dense concatenated string fragments
notable severity, 90% confident.
impact/ui
Reassigns link href value
notable severity, 86% confident.
supply-chain/metadata-anomaly/permissions
Extension can schedule alarms
Micro-behaviors
notable severity, 90% confident.
browser-extension
Chrome tabs API usage
notable severity, 95% confident.
browser-extension/host-access
Granted host access to all-urls
notable severity, 95% confident.
browser-extension/permission
Declares "scripting" permission
notable severity, 88% confident.
communications/http/client
Assigns external stylesheet URL
notable severity, 85% confident.
communications/ipc
Window/worker postMessage event listener
notable severity, 90% confident.
data/db
Chrome storage API usage
notable severity, 90% confident.
data/decode
JavaScript base64 decode via atob()
notable severity, 92% confident.
os/clipboard
Browser clipboard write API
notable severity, 90% confident.
process/inject
Chrome scripting API usage
notable severity, 90% confident.
time/schedule
Chrome alarm creation
notable severity, 84% confident.
ui/window/manage
Creates iframe DOM element
Metadata
notable severity, 90% confident.
encoded-payload
Encoded payload detected: url
notable severity, 95% confident.
library
jQuery version string
20 of 104 traits shown
Identity
| SHA-256 | 4726d4dde63192cc353a8e609a379b1169d0dec01770888f78762c8cc2caff74 |
|---|---|
| Canonical SHA-256 | 023fbaae762d9791cc41070f647501b4e850c26a4178a48b367205a34760aa05 |
| Filename | mehkfdegkedenmmfnhefkjjpfggopien.crx |
| Package | mehkfdegkedenmmfnhefkjjpfggopien |
Origin
| Source | harvest |
|---|---|
| Feed | chromewebstore.google.com |
| Ecosystem | chrome |
| Domain | google.com |
Timeline
| First seen | 11 Jun 2026 19:37 UTC |
|---|---|
| First analyzed | 14 Jun 2026 05:36 UTC |
| Last analyzed | 14 Jun 2026 05:36 UTC |
| Last updated | 14 Jun 2026 05:36 UTC |
Labeling
| Label | unknown |
|---|---|
| Label source | harvest |
| Traits version | c7b65 |
Not seeing what you expected? Let us know