| Source: 1.6..script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: blob:https://mubudanotavibi.pifazoveju.com/8700f5c... This script demonstrates high-risk behavior by using the `eval()` function to execute dynamic code received from an untrusted source. The use of `eval()` allows for the execution of arbitrary JavaScript, which poses a significant security risk. Additionally, the lack of origin verification and the absence of a message source indicate that this script is vulnerable to cross-origin attacks and could be used to execute malicious code on the client-side. |
| Source: 0.0..script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mubudanotavibi.pifazoveju.com/996575226807... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be a malicious script designed to collect sensitive user data and potentially execute remote code. The combination of these behaviors, along with the use of suspicious domains, indicates a high risk of malicious intent. |
| Source: 1.38..script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://mubudanotavibi.pifazoveju.com/996575226807... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirecting users to potentially malicious domains. The use of `import()` to load an external script, the `XMLHttpRequest` to send data to a server, and the `document.write()` to create a form that redirects the user are all concerning indicators of malicious intent. Additionally, the script appears to be attempting to detect bots and take different actions based on the result, which further suggests suspicious behavior. Overall, this script poses a significant security risk and should be thoroughly investigated. |
| Source: 3.40..script.csv | Joe Sandbox AI: Detected suspicious JavaScript with source url: https://file-connection-all-ez.com/dive-into-the-i... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It also attempts to detect and interact with various cryptocurrency wallets, which could be an indicator of malicious intent. The script redirects the user to a suspicious URL and triggers a delayed alert, further raising concerns about its malicious nature. Overall, this script demonstrates a high level of risk and should be treated with caution. |
| Source: unknown | HTTPS traffic detected: 142.250.9.104:443 -> 192.168.2.7:49704 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.21.6.70:443 -> 192.168.2.7:49706 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.21.6.70:443 -> 192.168.2.7:49705 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49709 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.7:49714 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.7:49719 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.21.6.70:443 -> 192.168.2.7:49720 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.7:49725 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.18.95.41:443 -> 192.168.2.7:49728 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 188.72.236.249:443 -> 192.168.2.7:49746 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.21.16.1:443 -> 192.168.2.7:49749 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.7:49751 version: TLS 1.2 |
| Source: unknown | HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.7:49758 version: TLS 1.2 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 23.199.215.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.18.98.62 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 2.23.227.208 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 204.79.197.203 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 20.189.173.15 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | TCP traffic detected without corresponding DNS query: 173.194.219.94 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: unknown | UDP traffic detected without corresponding DNS query: 1.1.1.1 |
| Source: global traffic | HTTP traffic detected: GET /99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazaw HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazaw HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=92eb1ef2cba46db9 HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mubudanotavibi.pifazoveju.com/99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazaw&__cf_chl_rt_tk=lUscXQOyngMdT976T2cFT4IzEPbGHwBiJcRgrDWzp1I-1744381187-1.0.1.1-PlLjMCyBzTFP77fmNyUirF3WSuwo_mOPcTdD0Y_uTQUAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /turnstile/v0/b/580ba44007a6/api.js?onload=cvpQy6&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveOrigin: https://mubudanotavibi.pifazoveju.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mubudanotavibi.pifazoveju.com/99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazawAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/aroke/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/44573532:1744377291:_g1JDlrrDzHUVqrWPjBh0Sw2lYF8-J9-2lrHurtsB5w/92eb1ef2cba46db9/h.SwKyG1pr_eN0Btzw2p6fKfExDgmxqvk6eUEOWLKMg-1744381187-1.2.1.1-5Q2.P3opc.5SLHljja9wQl_9ICgiu_tu1eRhnsaZpwdSNAaBTS2pjJBjRtyiw_by HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=92eb1f02ff658bb7&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/aroke/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/aroke/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mubudanotavibi.pifazoveju.com/99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazawAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92eb1f02ff658bb7/1744381190928/6eJ63R7Z6Gec-U9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/aroke/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/764520711:1744377175:KuIaDOD0r3BiAnqQEcQi5TyV_YNTHfd_yAKvUmRPm8Q/92eb1f02ff658bb7/Pjj5wVq_Urk650Tceqpu_KJaGq1ERDVuLeutI77Xk5o-1744381189-1.1.1.1-dfJUTlrbB1i736s9JohL7OMJsIuddcawTiR163TvScAzdUvtdtdLG1kc9Qw19Low HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/92eb1f02ff658bb7/1744381190938/6fbec9a3c221f6100df60650c2b673d9ad8731a1f7b7554fe5dec96d521e31bd/GZTIgrC14XRpb2G HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/aroke/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/92eb1f02ff658bb7/1744381190928/6eJ63R7Z6Gec-U9 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/764520711:1744377175:KuIaDOD0r3BiAnqQEcQi5TyV_YNTHfd_yAKvUmRPm8Q/92eb1f02ff658bb7/Pjj5wVq_Urk650Tceqpu_KJaGq1ERDVuLeutI77Xk5o-1744381189-1.1.1.1-dfJUTlrbB1i736s9JohL7OMJsIuddcawTiR163TvScAzdUvtdtdLG1kc9Qw19Low HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/764520711:1744377175:KuIaDOD0r3BiAnqQEcQi5TyV_YNTHfd_yAKvUmRPm8Q/92eb1f02ff658bb7/Pjj5wVq_Urk650Tceqpu_KJaGq1ERDVuLeutI77Xk5o-1744381189-1.1.1.1-dfJUTlrbB1i736s9JohL7OMJsIuddcawTiR163TvScAzdUvtdtdLG1kc9Qw19Low HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-alivesec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua-platform: "Windows"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mubudanotavibi.pifazoveju.com/99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazaw&__cf_chl_tk=lUscXQOyngMdT976T2cFT4IzEPbGHwBiJcRgrDWzp1I-1744381187-1.0.1.1-PlLjMCyBzTFP77fmNyUirF3WSuwo_mOPcTdD0Y_uTQUAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=i2lvFDE8rUaciQQ0ybz_H.6M3w1boqaoJMRTfev57mQ-1744381206-1.2.1.1-bFPpmCgoq4xU7dMTULf.SKg5ym_8cZ8jYmGfIbZzUtAarUw26faEaHBCsppSX2O41lwrchSNsqGxHU7d61cNmT42XLTt8m_4aq4uai9GdA2MLM2qwpyzl52Eg3w9zMxYvkioj4w45zR8MS9QLMlZbOWM0QdcXRDPwB.OPvak_j3RC14.WWJ8rquE4HAirPu9KyKuzNFFqb17DB0uy6J16KM9vydC5QlrCztq.Od.X.duQWSvPQsJVh77Ak4Z0Ecyp8WC0EKVbfZdmRI4epYu5xDnWv05MnF3YHhctJJIr59P4zL4QeSL2egw.pOF03keQ24ND8r7tdNpHAMZGympmQjxX7bs5KyQKiuCdgUonMlM.nFeuraJSxKPJH.sJeIb |
| Source: global traffic | HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/44573532:1744377291:_g1JDlrrDzHUVqrWPjBh0Sw2lYF8-J9-2lrHurtsB5w/92eb1ef2cba46db9/h.SwKyG1pr_eN0Btzw2p6fKfExDgmxqvk6eUEOWLKMg-1744381187-1.2.1.1-5Q2.P3opc.5SLHljja9wQl_9ICgiu_tu1eRhnsaZpwdSNAaBTS2pjJBjRtyiw_by HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9 |
| Source: global traffic | HTTP traffic detected: GET /b.js HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-aliveOrigin: https://mubudanotavibi.pifazoveju.comsec-ch-ua-platform: "Windows"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-mobile: ?0sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "134.0.6998.36"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua-platform-version: "10.0.0"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://mubudanotavibi.pifazoveju.com/99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazawAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=i2lvFDE8rUaciQQ0ybz_H.6M3w1boqaoJMRTfev57mQ-1744381206-1.2.1.1-bFPpmCgoq4xU7dMTULf.SKg5ym_8cZ8jYmGfIbZzUtAarUw26faEaHBCsppSX2O41lwrchSNsqGxHU7d61cNmT42XLTt8m_4aq4uai9GdA2MLM2qwpyzl52Eg3w9zMxYvkioj4w45zR8MS9QLMlZbOWM0QdcXRDPwB.OPvak_j3RC14.WWJ8rquE4HAirPu9KyKuzNFFqb17DB0uy6J16KM9vydC5QlrCztq.Od.X.duQWSvPQsJVh77Ak4Z0Ecyp8WC0EKVbfZdmRI4epYu5xDnWv05MnF3YHhctJJIr59P4zL4QeSL2egw.pOF03keQ24ND8r7tdNpHAMZGympmQjxX7bs5KyQKiuCdgUonMlM.nFeuraJSxKPJH.sJeIb; _subid=19fo3tg69fej2; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NFwiOjE3NDQzODEyMDcsXCIxMTM2XCI6MTc0NDM4MTIwN30sXCJjYW1wYWlnbnNcIjp7XCI1M1wiOjE3NDQzODEyMDcsXCIyXCI6MTc0NDM4MTIwN30sXCJ0aW1lXCI6MTc0NDM4MTIwN30ifQ.dRyiy6ndncUwE3i8CL4DUwGo-_V5ZThJe600oFMOsyI; 936d96e1s2=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiMTEzNiJ9.6cKp7l_MULsZiDIjlRYwZqRbj9sHfrWZ9WjHWumYbMs; 936d96e1s2ip=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiXCI4OS4xODcuMTcxLjE2MVwiIn0.RCqEz6viMc_-oGcODII0KxAxf0LNkE3bik5zhCGBl9o; _token=uuid_19fo3tg69fej2_19fo3tg69fej267f925176dbe79.71711769 |
| Source: global traffic | HTTP traffic detected: GET /mgo.php?q=chat+translator+roblox&s1=19fo3tg69fej2 HTTP/1.1Host: mubudanotavibi.pifazoveju.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "134.0.6998.36"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Chromium";v="134.0.6998.36", "Not:A-Brand";v="24.0.0.0", "Google Chrome";v="134.0.6998.36"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mubudanotavibi.pifazoveju.com/99657522680707099156100393?kuferotowudovikidiwijodipojujemisewiwuvapezezisoritifuniketerulexamepekosiselopupodapolekefigemu=kapulazusarujikojanalalopomajarefolanizanajojakumoziveloretisigepanadujudeparolumogebadalidemerabamuxepilozugipivonexotepegizuzolijomosatalulabikiwivabimivexibotiwigemonoxexazevilabosabezilizinokuvavem&keyword=chat+translator+roblox&tulokakererekuboxavotosidupapegasijagid=dirodiwatexonenadubirivufemixeterapabefosejabedanofuzizolufilujagodezimigibexijerawobonupotijifutefukurabamatazawAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=i2lvFDE8rUaciQQ0ybz_H.6M3w1boqaoJMRTfev57mQ-1744381206-1.2.1.1-bFPpmCgoq4xU7dMTULf.SKg5ym_8cZ8jYmGfIbZzUtAarUw26faEaHBCsppSX2O41lwrchSNsqGxHU7d61cNmT42XLTt8m_4aq4uai9GdA2MLM2qwpyzl52Eg3w9zMxYvkioj4w45zR8MS9QLMlZbOWM0QdcXRDPwB.OPvak_j3RC14.WWJ8rquE4HAirPu9KyKuzNFFqb17DB0uy6J16KM9vydC5QlrCztq.Od.X.duQWSvPQsJVh77Ak4Z0Ecyp8WC0EKVbfZdmRI4epYu5xDnWv05MnF3YHhctJJIr59P4zL4QeSL2egw.pOF03keQ24ND8r7tdNpHAMZGympmQjxX7bs5KyQKiuCdgUonMlM.nFeuraJSxKPJH.sJeIb; _subid=19fo3tg69fej2; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NFwiOjE3NDQzODEyMDcsXCIxMTM2XCI6MTc0NDM4MTIwN30sXCJjYW1wYWlnbnNcIjp7XCI1M1wiOjE3NDQzODEyMDcsXCIyXCI6MTc0NDM4MTIwN30sXCJ0aW1lXCI6MTc0NDM4MTIwN30ifQ.dRyiy6ndncUwE3i8CL4DUwGo-_V5ZThJe600oFMOsyI; 936d96e1s2=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiMTEzNiJ9.6cKp7l_MULsZiDIjlRYwZqRbj9sHfrWZ9WjHWumYbMs; 936d96e1s2ip=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoiXCI4OS4xODcuMTcxLjE2M |
Edit tour
Acrobat.exe (PID: 6252 cmdline: 
AcroCEF.exe (PID: 6712 cmdline: 
chrome.exe (PID: 7332 cmdline: 
