GET r7401n.zramvegtm.es/muth$ewzml0fn
200 OK 1 B URL GET r7401n.zramvegtm.es/muth$ewzml0fn
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectzramvegtm.es
FingerprintC2:BB:FA:6D:77:F8:3D:F5:15:EE:33:EB:FE:A5:F3:AA:3E:10:1A:A6
ValidityTue, 01 Jul 2025 23:25:43 GMT - Tue, 30 Sep 2025 00:24:20 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /muth$ewzml0fn HTTP/1.1
Host: r7401n.zramvegtm.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:50 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ttd%2F2As9DQojJUilwZBbC6yyMW9AC2vZ2WFSO7oq6WEZmNz%2FBi41%2BBRpIsMYPONft%2BjE9rXmXkENdLSRaPkM9hCRd6%2B4Tf%2FiB%2FyARwVkmwgZ"}]}
content-encoding: br
cf-ray: 95b892f98cfc5689-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=95b8927ccdac7130&lang=auto
200 OK 140 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=95b8927ccdac7130&lang=auto
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 140 kB (139878 bytes)
Hash 13e7b5393a5fc90395a1dfd1169c79a9
62015f6c5a428157b9ad0bdd29c6e3f593ce72f2
234cc5ae26e0f7fe75612d36021f3ff7b50ab3f4154041d6b5672e6a59a2a223
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=95b8927ccdac7130&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:29 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 95b8927dafdb7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
200 OK 4.9 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (4940), with no line terminators
Hash 44544b6def21f4e9e74b30936b6791fc
caa69abdb67d16f4db992d3e870d1e101dc12e89
10435c32783160b501550f09a1ca468b4c8313c810c2029338ad0904b24eeb67
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
cf-chl: xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 45442
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:47 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: Ymy0JCq7tj7N9ZZ2W5FrzRgM8o2RSyK5CAStHERV/h3csrNCC+7HrYc6ewXagCR02XG7b022utebnWllQHqNWqWtgA02o1pjBgNbNyaDbl0CH3Tsjr12O6TV9avk8dMvU9QqRxxJYn42ik3rKt/ZA/ximJnvK96D8wcg+n9GGxlfgilah4pZz6COk/kf71y/+OvpwDCGhbKznjG8Gf2kr9R9tcEDO/u1fh8/jHJ81KxjBoioguGdD/20LzDAOEbh7nTOAPaVfViDfM8Lt7MsraYI33Ya/aP3kSbUzobp+cPBfYBfT3eEKKHJBeVyO4EyJSCe+QRVBtvUDjH70OiR0PnWTsLaeHMWWSHjA8ILUwIjePYIHSSBNJxha4Mx3QDoteXVb5vkOa9P/l9tTYFXaSSJxhABMgACrhjHwP1XABsdTNC8ThxrBLd92/RvG8JSyUTGCcJsKMoR3ULvgc+E7zCEBI1fGpuZ3M18vnnwRwLJGTCzl/hRKLcYwCu6Y0SZ6vIUpNcGC8Ygj2RyNRf2C0/GzK1ie/n7YpnhpotBROpdnjDOHtoxkKJTNliYJYBpEWFeMqUoCqh1rZJcE+GHap9jXLv6+ZYNsTBYN0qvJtRWpV/loDkpXOxVtKWllNVVgTzWq7gFY/+2dN9yt0FDnx/s/GLNbr9gPnBZQLfFXZ3bJudW9SLoJVOxnDRv4qhznPYgLXt86qJVxOrxqN/3Q8fPnartaMwdS/ZOXouaHWJ9qbfsrj7FM83Amv8EdxyxI5nr0ntG05kYpPM0yP+Ny8WVHSdzixDHDvEhadfZ0toQnPmKfuVMXU0LcvsXzxymoOqzAnYmJg1A7PxMQ60jzWmPqzv2DXdn4kcxkoCUHSs3OCEKTX7Hc8kWB7sgX2jg50thf+6v/0WG/9phga/p93LxkTypXl15H8CjA3gvLzZdE8QU4YjjL7MwiOeQIVGGrHvDD+D2YnLuuX+SEldyplEG8t82jhQz5KZBKR3irHBwKdfEDCBu3+m4qRVpVpU9/Yb/vS5RaOR0ENZSb5d4yohvLZzRxi7mkUrY3hBaByy/qid+2xdWcbF86gcZOS2AXe5kx17VdQsgWPxvNlrJI6nafeIM7F+NC/OBBGVEBtCgiBSPZkt7WPGGS+L9wzgT/2BHjhq65pb8bSsW52bv0tEJ1KG6dMK/d1MMlcACL5XcyCAohfOf0GX7NzGZZyXrJBCijor2Fnnu4JNsamo6GmvtZ5RPWVqUbSNlz02IA32FdCk3ee9bOUX718TMYTEQi+u4BdLCJrKqKIXc5jd6IeUdQ4PHnn1Teah2eu0rV4qODgsGukgiLAN3778phz82s3R2RMXHPdMh6MdusYxpU+XVZZfRu+Wqfe3i4gATJprh8Y8fQN8+1K1+lGG1/8Od$jfMugJu6WsXCg9ztw3c1Hw==
cf-chl-out: 0MqNixBKZpGCPqm00iEB8KuROiDj+o4CLs3VG8dxXoF+IgzcY5BDcJmmuW1o86NalAbswY98Ypl/MqTeuZqM5g==$6dyX5R1nD7R+cZeFhpyk+A==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95b892ece87e7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:51 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95b893076938b512-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387667
expires: Sat, 27 Jun 2026 16:03:51 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1bvRuf1yfDRy0uPMwEVe0xK4lTccMMffOcqwjmE%2B5zzSOIKW1h8SwB1M%2FohnNrIquB3Kkggox1LMlLBk1cPdGkKcMZdGonGogCPAlXpLFPU3ZtftrmqaWG64Qw9ZmPlefh4V%2FLqC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET vwipgs.rvyzrcm.ru/12GWFGBPj8ymPcdoYbMmt6720
200 OK 28 kB URL GET vwipgs.rvyzrcm.ru/12GWFGBPj8ymPcdoYbMmt6720
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /12GWFGBPj8ymPcdoYbMmt6720 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: text/css;charset=UTF-8
cf-ray: 95b89314c9070b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="12GWFGBPj8ymPcdoYbMmt6720"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9dBB7p%2F0simgsNQPTYH%2BR8WrwRErF0KwTclWsbZvOAo83bMHyq2CrKxe7B86x8TL4l%2FpOAlIUk6WeZH%2BfHCzvTCwTWQU91rcoUU%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=632&min_rtt=446&rtt_var=126&sent=196&recv=81&lost=0&retrans=0&sent_bytes=200966&recv_bytes=30865&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6547&inflight_dur=129&x=40"
GET vwipgs.rvyzrcm.ru/efQQd5tz7wT5h9tVgGxQf5uvu1TUWUEOPBPtRKQmaSfkph90150
200 OK 270 B URL GET vwipgs.rvyzrcm.ru/efQQd5tz7wT5h9tVgGxQf5uvu1TUWUEOPBPtRKQmaSfkph90150
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /efQQd5tz7wT5h9tVgGxQf5uvu1TUWUEOPBPtRKQmaSfkph90150 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:56 GMT
content-type: image/svg+xml
cf-ray: 95b89314d9180b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="efQQd5tz7wT5h9tVgGxQf5uvu1TUWUEOPBPtRKQmaSfkph90150"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=OcvK4c4ZXjI%2FgZUjMWo86eulj746WEh2FQQ54N0jpoqkQ312Y2LRkAK27LXxD13lt6g8f71ukGXLh1Ipb4vCB0HcE75dsPMN8vM%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=996&min_rtt=446&rtt_var=255&sent=449&recv=118&lost=0&retrans=0&sent_bytes=525175&recv_bytes=37448&delivery_rate=25828815&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=43133&unsent_bytes=0&cid=420bb8f913cd14a8&ts=9176&inflight_dur=273&x=40"
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
200 OK 30 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (29600), with no line terminators
Hash 6587a62cfe9dfb407e75790aa772e4d1
c4046e76eb5c7ec3d18c825b5fbcf2589e993aa8
061cb1dcbaba7aa4a13c471aaa2ba39ed125772c0be93b74ddc6c8c8149cb319
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
cf-chl: xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 35810
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:38 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: vOrNYogzCgRSnqsBaPI+a/3nDd3YmF+zWuuZ2/c3Qry+veoQm2xpVhdiXV6FGeQO$fHpc51qKLGKXhqdfQeqI4w==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95b892b72ce57130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST vwipgs.rvyzrcm.ru/rp3ZFvCnnX2bEYzb0ogNpAeVHolw
200 OK 20 B URL POST vwipgs.rvyzrcm.ru/rp3ZFvCnnX2bEYzb0ogNpAeVHolw
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /rp3ZFvCnnX2bEYzb0ogNpAeVHolw HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------30977849055200368903604395346
Content-Length: 324
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IklSOTFTMXVWRmJlbnZxdGY4UlJMcEE9PSIsInZhbHVlIjoib1RJelZITGJMSzJwYkFOQnRZa2RqejhlcVg1eTcvY2pSQzdpTnJNejdIc0tHcmRidGtWc0tBdGxhRmlhZ1dUUVVtZUlEN3E0QXc1eWRCQzVaSlg3N2lpcWVlL1dhbEJhUHJCbDlxZ1NNdml0TGRsRjluU1cwK2YycGE3OWMvRysiLCJtYWMiOiI4OWY0MzZjMThhODU0NmI3MDdhMmY4YWIwYzg4YmY1ODBiZGEwNTQ1MThiMjU5ZWE5YWI1NWNhY2FjY2M4NGM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBLMTV2NHNYMUl1SHBVMkVjNHZoQkE9PSIsInZhbHVlIjoia1QxMUlUSjVkZXI2VGhrUTIwUks3QTZkZC9Gc1BiZzhXWnA1SlFxMmFGaDQzaFNpbWlXNGVIc3paUUpKSnpqSmxIeFNYbmthZ3h6VUlib21CVjNGK3BpL1VpcnlIaG9QMnZrOWFycWs4bEliUTA0c3pIMDJKVmZuVzBLbno5d3QiLCJtYWMiOiJlMjA5MmJmM2U4ZTkwMzc2NzliY2VkMmJjMGZhNjE4MGMwYTgwYmQwNzA3NGVjNWY2ZTQ5Y2FiNjM3YjI3MDE5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:50 GMT
content-type: application/json
cf-ray: 95b892ff3e620b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=ni7fP9cOVBPbm11ffUjZmj5ddl0OgxUt3wqdKoWg%2F9s%2FeHJKGpAat5LKOw4CHiu7EmPyU8sVJSXrRoyhTdXrz8Q0JgPWXZI9XtU%3D"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6IkF4WmRXQm9uVkRLNGt6cTl1WUlQc2c9PSIsInZhbHVlIjoicU9mVXRRT1o4b2JSSURxSVAzNG1rbHF3VjBkRUh5OTRkQnVqMG1uQ0xqZmhWdzF2K0ZGZHJoYytHTm9xMmFuVitKSHU4cHJtcVJCdytoZnFxWEFCNkxqeHpXbjlxWHpOOTZaSjFnc3pEeFc3dGE3dlYwM1dSS3Q2UHIvbThtSkIiLCJtYWMiOiI0MGU3Nzc5ZDFiNjBkODAxNGQ2MzAwZGJhMmI5YTlkMmZjZmNiYmZiODU3ZWRjYWRhYzI5MGI1MDQ1ZDhlNzgzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:50 GMT
laravel_session=eyJpdiI6IlY3NEVyQzJMWHdEL3czYmN4N0o0aWc9PSIsInZhbHVlIjoibnk4WHpWZCtGZ1pYay91ZGU5SFI0N1h0bWx0Sis5MFliNXBoZnZGSGtUSFVhWmhuUEVBWmpDL29vVklnQ2I3Q2xzMzdRa2Vac2RCTm5qcWt1aTFOT1AvNGVLakRpaFA0VURPR3VRRkpGaUhkR0NuN0NwVFdWYi84UzM0RFUvMUsiLCJtYWMiOiJkMjhjMzNlMzE2ZDc0OTIyM2FjYTUwOGY5OTY1OWI5YTNlYTM5ZWNjYTNkMjczZjhjNzA1NmM4MmY4NGUzNjA4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:50 GMT
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2668&min_rtt=820&rtt_var=2100&sent=28&recv=17&lost=0&retrans=0&sent_bytes=13012&recv_bytes=6422&delivery_rate=2828448&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=25755&unsent_bytes=0&cid=420bb8f913cd14a8&ts=3120&inflight_dur=34&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95b8931168dcb512-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387669
expires: Sat, 27 Jun 2026 16:03:53 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gi%2FMG0xhOox%2FSHbivXqplar%2B%2FWwOxWRnTu07X3Pq7tVBcp37mzgU9JVe7wrIhDb1xQreczwUc%2Bn2X%2FGwtI55pqhn1cytCiXUso0HLC726kIJ0Qg%2F3CWN82AUpOOF9aOkT1SqRoAe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Mon, 07 Jul 2025 04:37:46 GMT
expires: Wed, 17 Jun 2026 22:58:15 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4cf9c028567cadd1e1afd07523fc03c8.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: 7LXVWsKb9WcUMyai-OhT1u25O89LL13wy72_f4zwL26tC8iV8cKVDQ==
age: 1703138
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 07 Jul 2025 16:03:53 GMT
age: 3633234
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1218671
x-timer: S1751904234.703967,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/GDSherpa-bold.woff2
200 OK 28 kB URL GET vwipgs.rvyzrcm.ru/GDSherpa-bold.woff2
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2025 16:03:54 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Edq2CkDhArH3di5bh5FawUnuqnMomyrByzQ%2FMTyFdRTXzdSU2SFf6nPP%2BxVWE8TFujY0kJ623090ngEP5AJ0D65bfVajuQPnfe8%3D"}]}
cache-control: max-age=14400
cf-ray: 95b89314c9090b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=961&min_rtt=446&rtt_var=223&sent=233&recv=89&lost=0&retrans=0&sent_bytes=240280&recv_bytes=31222&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=7193&inflight_dur=188&x=40"
GET vwipgs.rvyzrcm.ru/GDSherpa-regular.woff2
200 OK 29 kB URL GET vwipgs.rvyzrcm.ru/GDSherpa-regular.woff2
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2025 16:03:54 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=37qqybw6yiw6eWBIKZOHC5kdayJsvFLjBGt9e0jHXtF5%2BFkqrLI5LDctQdHf1wnSMDcsVhexXrLOshrrc7XihOcRT8I7BpDoX%2FI%3D"}]}
cache-control: max-age=14400
cf-ray: 95b89314c90c0b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1100&min_rtt=446&rtt_var=384&sent=255&recv=92&lost=0&retrans=0&sent_bytes=270979&recv_bytes=31360&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=7246&inflight_dur=195&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
200 OK 27 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type HTML document, ASCII text, with very long lines (27005), with no line terminators
Hash 3129cd31eb25d20b7714cc5843047935
e1b1d68036770775c92f04b572729b61daf31462
d13c017fb36ad35773c6669d1d6210a89d5e02e71f9956a19a0cc675d586cd71
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:29 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-ujP96FrQS0F2Xtpi' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 95b8927ccdac7130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/95b8927ccdac7130/1751904210097/jNqwx0erSXVZ_AA
200 OK 342 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/95b8927ccdac7130/1751904210097/jNqwx0erSXVZ_AA
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 74 x 53, 8-bit/color RGBA, non-interlaced
Hash f0fa6cd10657ee50b6ff4b04b27c98d4
23760e8938803a91eba1d4cb623ff7b0af8912dd
f6e440f3df3132e169cc6d2ae2caf3f484b9e415e0d151e7b3698e069cbdcd4c
GET /cdn-cgi/challenge-platform/h/b/d/95b8927ccdac7130/1751904210097/jNqwx0erSXVZ_AA HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:33 GMT
content-type: image/png
content-length: 342
priority: u=4,i=?0
server: cloudflare
cf-ray: 95b8929838ab7130-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
200 OK 26 kB URL User Request GET vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type JavaScript source, ASCII text, with very long lines (24693), with CRLF line terminators
Hash a6c9e763c850bb9f60131c609ed2ec4d
b2bec7274f59f80672d1d349a3075240647dd929
fd447e03cdfe42f05e99417105e259f2152fe91510d9543ab8b0fb8a77d2044e
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ej3t!au3TNf5oJb1/$brandonh@slurpmail.net HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkF4WmRXQm9uVkRLNGt6cTl1WUlQc2c9PSIsInZhbHVlIjoicU9mVXRRT1o4b2JSSURxSVAzNG1rbHF3VjBkRUh5OTRkQnVqMG1uQ0xqZmhWdzF2K0ZGZHJoYytHTm9xMmFuVitKSHU4cHJtcVJCdytoZnFxWEFCNkxqeHpXbjlxWHpOOTZaSjFnc3pEeFc3dGE3dlYwM1dSS3Q2UHIvbThtSkIiLCJtYWMiOiI0MGU3Nzc5ZDFiNjBkODAxNGQ2MzAwZGJhMmI5YTlkMmZjZmNiYmZiODU3ZWRjYWRhYzI5MGI1MDQ1ZDhlNzgzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlY3NEVyQzJMWHdEL3czYmN4N0o0aWc9PSIsInZhbHVlIjoibnk4WHpWZCtGZ1pYay91ZGU5SFI0N1h0bWx0Sis5MFliNXBoZnZGSGtUSFVhWmhuUEVBWmpDL29vVklnQ2I3Q2xzMzdRa2Vac2RCTm5qcWt1aTFOT1AvNGVLakRpaFA0VURPR3VRRkpGaUhkR0NuN0NwVFdWYi84UzM0RFUvMUsiLCJtYWMiOiJkMjhjMzNlMzE2ZDc0OTIyM2FjYTUwOGY5OTY1OWI5YTNlYTM5ZWNjYTNkMjczZjhjNzA1NmM4MmY4NGUzNjA4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:51 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b893021ebb0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oknhDGMFtsch%2F5Whrh9%2BRWQESR%2FfMR%2BfQLvBrwuW1dpwEhY6qpWV3bjC0JeExC0YYQFBMnWTQEcgnSAHAYt88SsflitXPEWNe2A%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IktpUFdZcnd4MnZzZWhZelVKaGdlUmc9PSIsInZhbHVlIjoiTDUyYVlBZEtrRFRFRDhXQXlDaWxsRnpDbTl2RklIQlhDZlNMVE9uSU91eGlPaW1Ibm5vc0pZT3VINGZGcmxqMU9idWE3Zk9ZVkc3eEd1UHZ6cElMZjh2Ti80Z3FuL1pRVTgwNmtMOXlCdGJIb21oNzJYZVpvcGRXVzh6akJEYTMiLCJtYWMiOiI5ODA1NzYzOWM2N2JjNzQ3NWY3NGE0ZDIxN2VlMWI3NDRlNTliMzAzY2RlNzBhNzZlMGYwOTg4NDgwNjVjOGI3IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:51 GMT
laravel_session=eyJpdiI6IlpNTHIyVkxPMGxpclgrZGIyK3orOXc9PSIsInZhbHVlIjoiditrSzM1a043MTI5QVBoeDhXTHQ2Nnk5TDhDUVlBQTVSTHRmaWhNb092T2NRRlhVNVRGWjllMzduZCtNRUl2VVRmVWRwNUJTcEhmV3RQclVlQjJxNXlVOUdQQ0F1OUZjU05PMi9IRFhOQ3lpYWZaM3JHMXROa0xMWjgwaXpnSloiLCJtYWMiOiJmZWM1ZDBkNDI5NGI2OGE4ZjRmYjUxYjgzNWVmMWVlM2UxN2FjOWJiZTI4NGJiMWQwODBiNmEwNzBjYzg1NGI0IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:51 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2486&min_rtt=820&rtt_var=1939&sent=31&recv=19&lost=0&retrans=0&sent_bytes=14394&recv_bytes=7435&delivery_rate=2828448&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=27111&unsent_bytes=0&cid=420bb8f913cd14a8&ts=3627&inflight_dur=36&x=40"
GET vwipgs.rvyzrcm.ru/favicon.ico
404 Not Found 0 B URL GET vwipgs.rvyzrcm.ru/favicon.ico
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IktpUFdZcnd4MnZzZWhZelVKaGdlUmc9PSIsInZhbHVlIjoiTDUyYVlBZEtrRFRFRDhXQXlDaWxsRnpDbTl2RklIQlhDZlNMVE9uSU91eGlPaW1Ibm5vc0pZT3VINGZGcmxqMU9idWE3Zk9ZVkc3eEd1UHZ6cElMZjh2Ti80Z3FuL1pRVTgwNmtMOXlCdGJIb21oNzJYZVpvcGRXVzh6akJEYTMiLCJtYWMiOiI5ODA1NzYzOWM2N2JjNzQ3NWY3NGE0ZDIxN2VlMWI3NDRlNTliMzAzY2RlNzBhNzZlMGYwOTg4NDgwNjVjOGI3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpNTHIyVkxPMGxpclgrZGIyK3orOXc9PSIsInZhbHVlIjoiditrSzM1a043MTI5QVBoeDhXTHQ2Nnk5TDhDUVlBQTVSTHRmaWhNb092T2NRRlhVNVRGWjllMzduZCtNRUl2VVRmVWRwNUJTcEhmV3RQclVlQjJxNXlVOUdQQ0F1OUZjU05PMi9IRFhOQ3lpYWZaM3JHMXROa0xMWjgwaXpnSloiLCJtYWMiOiJmZWM1ZDBkNDI5NGI2OGE4ZjRmYjUxYjgzNWVmMWVlM2UxN2FjOWJiZTI4NGJiMWQwODBiNmEwNzBjYzg1NGI0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Mon, 07 Jul 2025 16:03:51 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b893088f800b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hTpoCBQh8YcQbcjik7tkZHhqHbTi8YxKLpIEVxJbf8QdRrrul%2F9q8BZ%2B712oYWOy2HSwGNliH0Xx4F0GOpmjsNLegmAxuoKO2AU%3D"}]}
cf-cache-status: HIT
vary: accept-encoding
age: 21
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1897&min_rtt=446&rtt_var=1847&sent=50&recv=27&lost=0&retrans=0&sent_bytes=35230&recv_bytes=9613&delivery_rate=7843313&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=420bb8f913cd14a8&ts=4181&inflight_dur=67&x=40"
GET vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
200 OK 216 kB URL User Request GET vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
IP
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type HTML document, ASCII text, with very long lines (12532), with CRLF line terminators
Size 216 kB (216198 bytes)
Hash e2304b8152c4b5f382e08b302c18b16a
c87f7947513e5305228f171f65bac86e44f02ab2
3d2182927b657361cafb54571407ceabf2a94134f482ff334df9a7dcc1047d67
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IkhnZTlha1llRG5xaWN1a3ZhZ2dMNlE9PSIsInZhbHVlIjoid2s4dmlmZVVSc2FmS2hKL0FYaSs4ZVBXaC8vOXErM3JTeC84RWlWbkdhZGgxdzhsT2tlSWw3bVUvSDJiSTlLRTFkbDBDMGswWkhyTWUrc29KUjVDcmU3RW9nc2F6K051R0tNOExCT2VJUkNZOEZPZndPdk1iMGhZZXZnVzlLVmUiLCJtYWMiOiI3MDJkZTc1YjgzYzE1YzY2ZjEwZjkxNGU5N2Y0M2EzODk3ZWM1NGZjZmZmZDg0ZjZhODczNzdiZGJjYzRlNWE1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRXbHRSYW5iWEFZL0haSDlSampIb0E9PSIsInZhbHVlIjoiQk4vMkdSRkhzeUd3TWw2QlJTSnNkVTl0ZGdlYTg4bitzVkZYZk0wZXg1UjhaZEpDUEJEL0pHZGpuMmU4N3Z2TkxFMVZKdnVrTk5JOEZqdEhORnd0N01yblN2alk1cEZCTWloRElPZEZ0YUx5T1d5REp2QUJ1UElIMTM4QjVRbFYiLCJtYWMiOiJjNjY5NDYxMDJjMTNjMTUyOGFjOTMxNGZmNzk0MGEyM2E3MzU5YjUyMWIwYWVlM2NjOTNlZTk1MDU1NTFkMjU4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:52 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b8930b5fdd0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=65cvijUdxywP5CKmrRkGmjt1xpvUtFxPTgELvFIE5IMZZlzqgDdDPQbElDRfahhT6xfjRHpxCwdGDUM88o3BeLiT1VAK7DOWAVA%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:52 GMT
laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:52 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1734&min_rtt=446&rtt_var=1313&sent=56&recv=30&lost=0&retrans=0&sent_bytes=37662&recv_bytes=10780&delivery_rate=7843313&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=420bb8f913cd14a8&ts=5075&inflight_dur=71&x=40"
GET vwipgs.rvyzrcm.ru/ijCOQ4d02mrxLB7uT4UuKC5Zmu1MIkSofxyQLAUnlKD2v4SWeGJ9NNIFIef206
200 OK 25 kB URL GET vwipgs.rvyzrcm.ru/ijCOQ4d02mrxLB7uT4UuKC5Zmu1MIkSofxyQLAUnlKD2v4SWeGJ9NNIFIef206
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijCOQ4d02mrxLB7uT4UuKC5Zmu1MIkSofxyQLAUnlKD2v4SWeGJ9NNIFIef206 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:56 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ijCOQ4d02mrxLB7uT4UuKC5Zmu1MIkSofxyQLAUnlKD2v4SWeGJ9NNIFIef206"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zeikQ5jRt%2BEFqYHYLULP7un4bSTw0Z2NTIfE0fvtORocDBt7Wc2qamPgd7RgKdYWaMvJHpMLlhDAeXU54RgVVTSbSPNhMG72q1c%3D"}]}
cf-ray: 95b89314e91f0b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=979&min_rtt=446&rtt_var=295&sent=442&recv=117&lost=0&retrans=0&sent_bytes=516784&recv_bytes=37399&delivery_rate=25828815&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=43133&unsent_bytes=0&cid=420bb8f913cd14a8&ts=9169&inflight_dur=271&x=40"
GET vwipgs.rvyzrcm.ru/opBj2X89WitZivta4E5AyGF7TBMTWL2Z12MBHOh4RYBs5UcnVuYXAFGKEYuqLjuB9R4cd235
200 OK 9.6 kB URL GET vwipgs.rvyzrcm.ru/opBj2X89WitZivta4E5AyGF7TBMTWL2Z12MBHOh4RYBs5UcnVuYXAFGKEYuqLjuB9R4cd235
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opBj2X89WitZivta4E5AyGF7TBMTWL2Z12MBHOh4RYBs5UcnVuYXAFGKEYuqLjuB9R4cd235 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:56 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opBj2X89WitZivta4E5AyGF7TBMTWL2Z12MBHOh4RYBs5UcnVuYXAFGKEYuqLjuB9R4cd235"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WAz6kF5g%2Bv5OSY0kHMWvnbFFEjRZ5B%2BjlKtwyOfU5NJYLXOBo4ICV17H4wV9WVDx2ytGzgFMxG0ohECjqJcvJ42z9mk3e9Ms"}]}
cf-ray: 95b89314e9200b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=903&min_rtt=446&rtt_var=278&sent=536&recv=126&lost=0&retrans=0&sent_bytes=642065&recv_bytes=37832&delivery_rate=29867998&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=45708&unsent_bytes=0&cid=420bb8f913cd14a8&ts=9257&inflight_dur=281&x=40"
POST vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
200 OK 90 B URL User Request POST vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type HTML document, ASCII text, with no line terminators
Hash 7828f7ae07241c0978ce44e5cc4a0a83
a9c93817a15b03507c3c21021fba863d3ac62b7f
a65713ab569fbcda76f7d8cd7827b5cc51b58eb5d1b03b50c91924ba9c785fd9
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
POST /ej3t!au3TNf5oJb1/$brandonh@slurpmail.net HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1008
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IkVEcHRkamJzT05ab05vcjVsbWRzUUE9PSIsInZhbHVlIjoiR1poM0t4ZFc2U2hmQ0tUMnRBVjJTbTRsZlQ2UUJxL2k3NDEwMDZmRkx1TmNvSVljbXJxMHkxQXNHaWJXQXdMc0hEMVFUL2VUdHhSVHJNdElzWGVZZVBtUThDWXZ3dXU2KytVMkpLWU5MNWNXejdpN1FZL2YvdDBNclF2Tm8zbngiLCJtYWMiOiJjMDQzMmRmZDViMGRmMWQxZjVjYzQxOWYxYTgzOGVjZjIzNDRmZWRlMmIzYzhhODczNzhhYWY1MDQzNGIzNDIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImhDNXRzNWhBdjg4Y3BkTUNmanMzcFE9PSIsInZhbHVlIjoiUklWNDBibElhMzFCSHpjb1Q0UERDWUFUZHFkRStBb2Z6Wk1BcEtQaENtODZYamw4bHo5ZHlxVDdjWWRYdG1qZnlaekgzTmhRZXJKcTNvVnUzVmVIUldNcnFrV1hSNkpad1lmTTJlSTVUcUhOOHdTTnVlbXNVV2pEVGVGUHdOeVEiLCJtYWMiOiJjNDZhZDkzZTZlYWZkZjg3OWQzZDhhMWFhYjAyYTY3NTJlMzU0YzQ0NWQzNTUzNDA3MWQ4ZmQ4MjgyYWM1NGIzIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:48 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b892ee9c350b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=segfmvQGpUT4XWAHCxH0uejN%2BeWT%2FNwvVkUsf2IkFbHqMS7kBTNUpABcaO2y2VuQykk19ReS%2BE6I0YzUQFLKtysP%2FaosNStqbtQ%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6ImROZ2J1MUxZSFZMdUljYndWN2RjQWc9PSIsInZhbHVlIjoiYmNhZFhwdDZuWStRcFBJYVhEOE1MbTNCdmxkOTl0bDczNERqVUhVNFNEbWR6UnhudDY3WFo2WUVZMTN6eUxZdHZUNXVCQVJwbUE0a05jRDNTblN1R1A3anJRSXRiK3JmaFJodS9sM1pRaWFCUThZQ29GZ2NoL3VDUnN5bnFPTG0iLCJtYWMiOiI4Yzc5ODUwNmFiM2E0MjhmOTk3NTQxNDBjN2MyM2VkODJlNDJkYzA0NTkwNzhjNzhiZWU0NGRhMjNjOTI0OGJhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:48 GMT
laravel_session=eyJpdiI6IlJjN0R4TC9PTzc5bU1TeWU3dWpNbWc9PSIsInZhbHVlIjoiNGxKZWh2TmxpYnBjNVJvMWJxNlVHd3pYQlRQK3lwVFU0VVVqVUtobU9tOWRVWDhTUEp0clBQMzM4VG45Y1hhYi9uOFFTTzhEeExQTGhkaWZqZjlDSkhVNlhzNkdCY2VsSkY5SHQyME5CZmFDQUx3Y2licU5kMkVlem1WN2ZqcSsiLCJtYWMiOiI2NDJhMDNmMmQ2ODgzMjUwNzU4MWJmODBhZmQ2ZWI4M2IzMzk2ZTcyZTFhNzNmZGM5NzhhMTM5ZGZhMjAyOGQwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:48 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3955&min_rtt=1092&rtt_var=2454&sent=15&recv=9&lost=0&retrans=0&sent_bytes=5249&recv_bytes=3028&delivery_rate=533073&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18070&unsent_bytes=0&cid=420bb8f913cd14a8&ts=823&inflight_dur=7&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:29 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 95b8927d8f947130-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 07 Jul 2025 16:03:49 GMT
age: 3633229
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1218668
x-timer: S1751904229.036102,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/yzoHrWTpshW1sQe4UwZUHaw64D5FIF2ht3mtgDErsHA7iUL9RJoolDYsXxx2o8EXab180
200 OK 2.9 kB URL GET vwipgs.rvyzrcm.ru/yzoHrWTpshW1sQe4UwZUHaw64D5FIF2ht3mtgDErsHA7iUL9RJoolDYsXxx2o8EXab180
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /yzoHrWTpshW1sQe4UwZUHaw64D5FIF2ht3mtgDErsHA7iUL9RJoolDYsXxx2o8EXab180 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:57 GMT
content-type: image/svg+xml
cf-ray: 95b89314d91c0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="yzoHrWTpshW1sQe4UwZUHaw64D5FIF2ht3mtgDErsHA7iUL9RJoolDYsXxx2o8EXab180"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lxIbrqvM0fYdtKNUCcsTKU6KgqNPELpAQagqgqcCskHZA%2BH2nsrXpeZRGJUA8npS9BZjXF48LlYQUZGH3PsBjYiriW%2FIYjlc"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1038&min_rtt=446&rtt_var=349&sent=646&recv=140&lost=0&retrans=0&sent_bytes=784198&recv_bytes=39460&delivery_rate=29947390&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=47194&unsent_bytes=0&cid=420bb8f913cd14a8&ts=10353&inflight_dur=301&x=40"
GET vwipgs.rvyzrcm.ru/stlNJNj5oRx5GoV2WBmEw9yAc6TCSUYmn46dyOaG5TVEQFVD4jlYvYqyEXwQYyoLyAwgh260
200 OK 18 kB URL GET vwipgs.rvyzrcm.ru/stlNJNj5oRx5GoV2WBmEw9yAc6TCSUYmn46dyOaG5TVEQFVD4jlYvYqyEXwQYyoLyAwgh260
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /stlNJNj5oRx5GoV2WBmEw9yAc6TCSUYmn46dyOaG5TVEQFVD4jlYvYqyEXwQYyoLyAwgh260 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="stlNJNj5oRx5GoV2WBmEw9yAc6TCSUYmn46dyOaG5TVEQFVD4jlYvYqyEXwQYyoLyAwgh260"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6osmzOXtahIQZZiKk1vVB%2FLxsFJmU%2FGLjUk%2FgPWk%2FrfgVtKKLO5PRqQpc7P7mcmGatH5YZJL9T6dKniWtbaEV3M%2B0dsncziLW14%3D"}]}
cf-ray: 95b89314e9220b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=836&min_rtt=446&rtt_var=319&sent=211&recv=84&lost=0&retrans=0&sent_bytes=215010&recv_bytes=30998&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6878&inflight_dur=160&x=40"
GET vwipgs.rvyzrcm.ru/34G0qffbcNpyg7Y1a5ZGghzVxoXOUZzvz89110
200 OK 292 kB URL GET vwipgs.rvyzrcm.ru/34G0qffbcNpyg7Y1a5ZGghzVxoXOUZzvz89110
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 292 kB (292204 bytes)
Hash 04c1251bae5a4681ad29e5f0846a0ee2
6bd282d27792a21ab43f6210efffabce36c03b07
265d88c373a1f0711c817a8460c9a78512c040047f5ffcb22f380024a629f83a
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /34G0qffbcNpyg7Y1a5ZGghzVxoXOUZzvz89110 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:55 GMT
content-type: application/javascript
cf-ray: 95b89314e9240b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="34G0qffbcNpyg7Y1a5ZGghzVxoXOUZzvz89110"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GD2TJXRSt47N0%2BJa1lHU4emdR8xpOpSanaCWyCDYNB2Hb4BvRvkcW3zjZlLk04oINep1J%2FxqaK9DNn%2BABtSI3LhQHrJ6uMicaU4%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1067&min_rtt=446&rtt_var=255&sent=338&recv=106&lost=0&retrans=0&sent_bytes=378267&recv_bytes=36890&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=8088&inflight_dur=214&x=40"
GET challenges.cloudflare.com/turnstile/v0/b/e7e9d014f96e/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/b/e7e9d014f96e/api.js
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (48827)
Hash 8b98ab0c9c1187379712de2162d133c8
13070544fcfc6954ce563779c26ba54b72271380
73f6150de629bcd8401d4778d9a4f5460cbcce244f913447acbdd25ad50cca25
GET /turnstile/v0/b/e7e9d014f96e/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:29 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 03 Jul 2025 10:26:41 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 95b8927bffb956ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
200 OK 6.8 kB URL User Request GET vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type HTML document, ASCII text, with very long lines (2253), with CRLF line terminators
Hash 2a33619ac4382b1fd4320bf334de052e
5216f11fed9ef6e4cc8d2f12ecb410e94f690814
9229a1f293c2e6e3184311fe23dc2e5e977819870326836e06babdd1c848accb
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ej3t!au3TNf5oJb1/$brandonh@slurpmail.net HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6ImROZ2J1MUxZSFZMdUljYndWN2RjQWc9PSIsInZhbHVlIjoiYmNhZFhwdDZuWStRcFBJYVhEOE1MbTNCdmxkOTl0bDczNERqVUhVNFNEbWR6UnhudDY3WFo2WUVZMTN6eUxZdHZUNXVCQVJwbUE0a05jRDNTblN1R1A3anJRSXRiK3JmaFJodS9sM1pRaWFCUThZQ29GZ2NoL3VDUnN5bnFPTG0iLCJtYWMiOiI4Yzc5ODUwNmFiM2E0MjhmOTk3NTQxNDBjN2MyM2VkODJlNDJkYzA0NTkwNzhjNzhiZWU0NGRhMjNjOTI0OGJhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJjN0R4TC9PTzc5bU1TeWU3dWpNbWc9PSIsInZhbHVlIjoiNGxKZWh2TmxpYnBjNVJvMWJxNlVHd3pYQlRQK3lwVFU0VVVqVUtobU9tOWRVWDhTUEp0clBQMzM4VG45Y1hhYi9uOFFTTzhEeExQTGhkaWZqZjlDSkhVNlhzNkdCY2VsSkY5SHQyME5CZmFDQUx3Y2licU5kMkVlem1WN2ZqcSsiLCJtYWMiOiI2NDJhMDNmMmQ2ODgzMjUwNzU4MWJmODBhZmQ2ZWI4M2IzMzk2ZTcyZTFhNzNmZGM5NzhhMTM5ZGZhMjAyOGQwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:48 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b892f3fcef0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JxHVvdF6MVcCsI4izNueTAeCXxrPheftOk6zxP%2BwxrwxOzFQ41G%2Bc9%2F%2FY27B28cG%2BGASwiTpnHNHIRaapEpBtojU8j1oAWyjPyk%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IklSOTFTMXVWRmJlbnZxdGY4UlJMcEE9PSIsInZhbHVlIjoib1RJelZITGJMSzJwYkFOQnRZa2RqejhlcVg1eTcvY2pSQzdpTnJNejdIc0tHcmRidGtWc0tBdGxhRmlhZ1dUUVVtZUlEN3E0QXc1eWRCQzVaSlg3N2lpcWVlL1dhbEJhUHJCbDlxZ1NNdml0TGRsRjluU1cwK2YycGE3OWMvRysiLCJtYWMiOiI4OWY0MzZjMThhODU0NmI3MDdhMmY4YWIwYzg4YmY1ODBiZGEwNTQ1MThiMjU5ZWE5YWI1NWNhY2FjY2M4NGM2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:48 GMT
laravel_session=eyJpdiI6IjBLMTV2NHNYMUl1SHBVMkVjNHZoQkE9PSIsInZhbHVlIjoia1QxMUlUSjVkZXI2VGhrUTIwUks3QTZkZC9Gc1BiZzhXWnA1SlFxMmFGaDQzaFNpbWlXNGVIc3paUUpKSnpqSmxIeFNYbmthZ3h6VUlib21CVjNGK3BpL1VpcnlIaG9QMnZrOWFycWs4bEliUTA0c3pIMDJKVmZuVzBLbno5d3QiLCJtYWMiOiJlMjA5MmJmM2U4ZTkwMzc2NzliY2VkMmJjMGZhNjE4MGMwYTgwYmQwNzA3NGVjNWY2ZTQ5Y2FiNjM3YjI3MDE5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:48 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3683&min_rtt=1092&rtt_var=2385&sent=19&recv=11&lost=0&retrans=0&sent_bytes=6761&recv_bytes=4046&delivery_rate=798123&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=19556&unsent_bytes=0&cid=420bb8f913cd14a8&ts=1325&inflight_dur=9&x=40"
GET vwipgs.rvyzrcm.ru/favicon.ico
404 Not Found 0 B URL GET vwipgs.rvyzrcm.ru/favicon.ico
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IkVEcHRkamJzT05ab05vcjVsbWRzUUE9PSIsInZhbHVlIjoiR1poM0t4ZFc2U2hmQ0tUMnRBVjJTbTRsZlQ2UUJxL2k3NDEwMDZmRkx1TmNvSVljbXJxMHkxQXNHaWJXQXdMc0hEMVFUL2VUdHhSVHJNdElzWGVZZVBtUThDWXZ3dXU2KytVMkpLWU5MNWNXejdpN1FZL2YvdDBNclF2Tm8zbngiLCJtYWMiOiJjMDQzMmRmZDViMGRmMWQxZjVjYzQxOWYxYTgzOGVjZjIzNDRmZWRlMmIzYzhhODczNzhhYWY1MDQzNGIzNDIzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImhDNXRzNWhBdjg4Y3BkTUNmanMzcFE9PSIsInZhbHVlIjoiUklWNDBibElhMzFCSHpjb1Q0UERDWUFUZHFkRStBb2Z6Wk1BcEtQaENtODZYamw4bHo5ZHlxVDdjWWRYdG1qZnlaekgzTmhRZXJKcTNvVnUzVmVIUldNcnFrV1hSNkpad1lmTTJlSTVUcUhOOHdTTnVlbXNVV2pEVGVGUHdOeVEiLCJtYWMiOiJjNDZhZDkzZTZlYWZkZjg3OWQzZDhhMWFhYjAyYTY3NTJlMzU0YzQ0NWQzNTUzNDA3MWQ4ZmQ4MjgyYWM1NGIzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Mon, 07 Jul 2025 16:03:30 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hTpoCBQh8YcQbcjik7tkZHhqHbTi8YxKLpIEVxJbf8QdRrrul%2F9q8BZ%2B712oYWOy2HSwGNliH0Xx4F0GOpmjsNLegmAxuoKO2AU%3D"}]}
cf-cache-status: MISS
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
cf-ray: 95b8927c8d610b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/xy2kayxoEF6MSpq4cd28
200 OK 36 kB URL GET vwipgs.rvyzrcm.ru/xy2kayxoEF6MSpq4cd28
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /xy2kayxoEF6MSpq4cd28 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: text/css;charset=UTF-8
cf-ray: 95b89314c9080b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="xy2kayxoEF6MSpq4cd28"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3YOV1fvvCHud%2FQBfTNbdidJq2QzuhVoWlyKKh%2B2cBMJdX8Xefp5qbnZZACSD7Gnv8U5PMISfQDjzbaNCbXtjWv3wo0%2Fo8lKMYhU%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=814&min_rtt=446&rtt_var=284&sent=221&recv=85&lost=0&retrans=0&sent_bytes=227646&recv_bytes=31043&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6891&inflight_dur=162&x=40"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 07 Jul 2025 16:03:51 GMT
age: 3633232
x-served-by: cache-lga21931-LGA, cache-hel1410033-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1218670
x-timer: S1751904232.581249,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
POST vwipgs.rvyzrcm.ru/kfEohunhwIbYHBlh9qDyj3FzkwgeRREbdOTzICtkgy
200 OK 459 B URL POST vwipgs.rvyzrcm.ru/kfEohunhwIbYHBlh9qDyj3FzkwgeRREbdOTzICtkgy
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
Hash 16e43d7cdd172a52e232cd3eb2191a40
3a59e8bead97d9ca70c685832ce279133ddbddf8
8d67ed96d227b86c368fa3cdb099c5e4e14a7a3259641d2a10e7c85c3efbe3b6
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /kfEohunhwIbYHBlh9qDyj3FzkwgeRREbdOTzICtkgy HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 31
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IktpUFdZcnd4MnZzZWhZelVKaGdlUmc9PSIsInZhbHVlIjoiTDUyYVlBZEtrRFRFRDhXQXlDaWxsRnpDbTl2RklIQlhDZlNMVE9uSU91eGlPaW1Ibm5vc0pZT3VINGZGcmxqMU9idWE3Zk9ZVkc3eEd1UHZ6cElMZjh2Ti80Z3FuL1pRVTgwNmtMOXlCdGJIb21oNzJYZVpvcGRXVzh6akJEYTMiLCJtYWMiOiI5ODA1NzYzOWM2N2JjNzQ3NWY3NGE0ZDIxN2VlMWI3NDRlNTliMzAzY2RlNzBhNzZlMGYwOTg4NDgwNjVjOGI3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpNTHIyVkxPMGxpclgrZGIyK3orOXc9PSIsInZhbHVlIjoiditrSzM1a043MTI5QVBoeDhXTHQ2Nnk5TDhDUVlBQTVSTHRmaWhNb092T2NRRlhVNVRGWjllMzduZCtNRUl2VVRmVWRwNUJTcEhmV3RQclVlQjJxNXlVOUdQQ0F1OUZjU05PMi9IRFhOQ3lpYWZaM3JHMXROa0xMWjgwaXpnSloiLCJtYWMiOiJmZWM1ZDBkNDI5NGI2OGE4ZjRmYjUxYjgzNWVmMWVlM2UxN2FjOWJiZTI4NGJiMWQwODBiNmEwNzBjYzg1NGI0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:52 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b89307df670b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7ZjD3O%2FRbtrYl4nM3jCngy8bDXBXqCy8nqpdRRbT9dMPue0nu%2BlWXBK3p1kixLz7NXHB1R%2BDvnzgguT9monPUcn9tf0D4kzGD0U%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IkhnZTlha1llRG5xaWN1a3ZhZ2dMNlE9PSIsInZhbHVlIjoid2s4dmlmZVVSc2FmS2hKL0FYaSs4ZVBXaC8vOXErM3JTeC84RWlWbkdhZGgxdzhsT2tlSWw3bVUvSDJiSTlLRTFkbDBDMGswWkhyTWUrc29KUjVDcmU3RW9nc2F6K051R0tNOExCT2VJUkNZOEZPZndPdk1iMGhZZXZnVzlLVmUiLCJtYWMiOiI3MDJkZTc1YjgzYzE1YzY2ZjEwZjkxNGU5N2Y0M2EzODk3ZWM1NGZjZmZmZDg0ZjZhODczNzdiZGJjYzRlNWE1IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:51 GMT
laravel_session=eyJpdiI6IjRXbHRSYW5iWEFZL0haSDlSampIb0E9PSIsInZhbHVlIjoiQk4vMkdSRkhzeUd3TWw2QlJTSnNkVTl0ZGdlYTg4bitzVkZYZk0wZXg1UjhaZEpDUEJEL0pHZGpuMmU4N3Z2TkxFMVZKdnVrTk5JOEZqdEhORnd0N01yblN2alk1cEZCTWloRElPZEZ0YUx5T1d5REp2QUJ1UElIMTM4QjVRbFYiLCJtYWMiOiJjNjY5NDYxMDJjMTNjMTUyOGFjOTMxNGZmNzk0MGEyM2E3MzU5YjUyMWIwYWVlM2NjOTNlZTk1MDU1NTFkMjU4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:51 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1793&min_rtt=446&rtt_var=1593&sent=52&recv=28&lost=0&retrans=0&sent_bytes=35870&recv_bytes=9656&delivery_rate=7843313&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=21640&unsent_bytes=0&cid=420bb8f913cd14a8&ts=4482&inflight_dur=68&x=40"
GET vwipgs.rvyzrcm.ru/GDSherpa-vf.woff2
200 OK 44 kB URL GET vwipgs.rvyzrcm.ru/GDSherpa-vf.woff2
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:56 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2025 16:03:55 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YVkCwRa%2FKTD6cr2Z2nw4VFysYEPUhEQ2%2Bfrw%2BeEKDssJVALb8D3AYs98YMX80arEpF93j2%2Fepj6zQV0IpCg0Sua9O9RWMVSu%2F2c%3D"}]}
cache-control: max-age=14400
cf-ray: 95b89314c9130b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1074&min_rtt=446&rtt_var=204&sent=339&recv=107&lost=0&retrans=0&sent_bytes=378894&recv_bytes=36935&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=8601&inflight_dur=235&x=40"
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Mon, 07 Jul 2025 04:37:46 GMT
expires: Wed, 17 Jun 2026 01:41:41 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 4cf9c028567cadd1e1afd07523fc03c8.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: rne7OAIUEN5i7RmqrkqLArXjqam4_YNrLchhpFsttpah4iw-Qzm_zw==
age: 1779732
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
200 OK 973 B URL User Request GET vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type HTML document, ASCII text, with very long lines (973), with no line terminators
Hash 6446a77726e0a189d4302c237c4f9000
f267417c559794afd37fe009cccee025e8da9d7f
bbe1aac809b05427d7c85b1c103b73a97c5ad28736da9d091e04f527fcf51c87
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ej3t!au3TNf5oJb1/$brandonh@slurpmail.net HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:28 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Csl58gm%2BRBJkqDIyvDbCelENMqi1uVSWCv7g%2F5AnUmfXp%2BC6L8WwvDXc86QOUqnXxLDUrkoSifjct39VYAQ7eP2XmzxTvrrmKUs%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IkVEcHRkamJzT05ab05vcjVsbWRzUUE9PSIsInZhbHVlIjoiR1poM0t4ZFc2U2hmQ0tUMnRBVjJTbTRsZlQ2UUJxL2k3NDEwMDZmRkx1TmNvSVljbXJxMHkxQXNHaWJXQXdMc0hEMVFUL2VUdHhSVHJNdElzWGVZZVBtUThDWXZ3dXU2KytVMkpLWU5MNWNXejdpN1FZL2YvdDBNclF2Tm8zbngiLCJtYWMiOiJjMDQzMmRmZDViMGRmMWQxZjVjYzQxOWYxYTgzOGVjZjIzNDRmZWRlMmIzYzhhODczNzhhYWY1MDQzNGIzNDIzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:28 GMT
laravel_session=eyJpdiI6ImhDNXRzNWhBdjg4Y3BkTUNmanMzcFE9PSIsInZhbHVlIjoiUklWNDBibElhMzFCSHpjb1Q0UERDWUFUZHFkRStBb2Z6Wk1BcEtQaENtODZYamw4bHo5ZHlxVDdjWWRYdG1qZnlaekgzTmhRZXJKcTNvVnUzVmVIUldNcnFrV1hSNkpad1lmTTJlSTVUcUhOOHdTTnVlbXNVV2pEVGVGUHdOeVEiLCJtYWMiOiJjNDZhZDkzZTZlYWZkZjg3OWQzZDhhMWFhYjAyYTY3NTJlMzU0YzQ0NWQzNTUzNDA3MWQ4ZmQ4MjgyYWM1NGIzIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:28 GMT
cf-ray: 95b89274f9230b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/ijbeqtzH7xPw0dy9kGFqLOYgv3wxQPzeYGR2yLXa4l56163
200 OK 7.4 kB URL GET vwipgs.rvyzrcm.ru/ijbeqtzH7xPw0dy9kGFqLOYgv3wxQPzeYGR2yLXa4l56163
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijbeqtzH7xPw0dy9kGFqLOYgv3wxQPzeYGR2yLXa4l56163 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: image/svg+xml
cf-ray: 95b89314d91b0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ijbeqtzH7xPw0dy9kGFqLOYgv3wxQPzeYGR2yLXa4l56163"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SaZvzyIRHFTDHUqn%2FPQocTyuXE46L7lH%2BySAMFb%2F5609VDbxXJnjmn%2FeO6F6Fb1evkdE2fmSEkSPojYiY0pwa99nfZwiZa8Y1eM%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=837&min_rtt=446&rtt_var=425&sent=204&recv=83&lost=0&retrans=0&sent_bytes=209481&recv_bytes=30954&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6868&inflight_dur=152&x=40"
GET vwipgs.rvyzrcm.ru/ijzIJWu0UNP9rvAixUKyy8EnlSopZy1ZZ9p2xCjD6suEIEuyz230
200 OK 1.3 kB URL GET vwipgs.rvyzrcm.ru/ijzIJWu0UNP9rvAixUKyy8EnlSopZy1ZZ9p2xCjD6suEIEuyz230
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijzIJWu0UNP9rvAixUKyy8EnlSopZy1ZZ9p2xCjD6suEIEuyz230 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:55 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ijzIJWu0UNP9rvAixUKyy8EnlSopZy1ZZ9p2xCjD6suEIEuyz230"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3XX%2FWZCwHqAl4fvU4%2BSfIE0kM7nP0XtFU%2BGHnodxkqRcWQu6Eh%2BrkVzV%2B7qyWh9TAmvxjBcTNYBB9Owe9xmLxFcporlUSfX7MAQ%3D"}]}
cf-ray: 95b8931c8a5e0b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1035&min_rtt=446&rtt_var=362&sent=334&recv=104&lost=0&retrans=0&sent_bytes=374916&recv_bytes=36800&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=7796&inflight_dur=210&x=40"
POST xldo7mdau0sjtbl5twzlpw7q5tkpnw1a1a6twvn0lunrnxoavcdy.fhpnll.es/23837577340674076950MbcZFIBPTTBHFZLYUKUQOYMFTWQIJVFVHRCARTrsvLtpcjayZCryzvkLJMuv38
200 OK 536 B URL POST xldo7mdau0sjtbl5twzlpw7q5tkpnw1a1a6twvn0lunrnxoavcdy.fhpnll.es/23837577340674076950MbcZFIBPTTBHFZLYUKUQOYMFTWQIJVFVHRCARTrsvLtpcjayZCryzvkLJMuv38
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectfhpnll.es
FingerprintA1:0B:8D:FF:38:34:F8:79:61:7A:42:44:47:77:C6:6F:3F:93:AE:A6
ValidityThu, 12 Jun 2025 15:12:18 GMT - Wed, 10 Sep 2025 16:10:33 GMT
File type ASCII text, with very long lines (536), with no line terminators
Hash b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
Quad9 DNS malicious Sinkholed
POST /23837577340674076950MbcZFIBPTTBHFZLYUKUQOYMFTWQIJVFVHRCARTrsvLtpcjayZCryzvkLJMuv38 HTTP/1.1
Host: xldo7mdau0sjtbl5twzlpw7q5tkpnw1a1a6twvn0lunrnxoavcdy.fhpnll.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 97
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:58 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://vwipgs.rvyzrcm.ru
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QzdYMN0EnVDFu21WPkEIceA6EufglRPabeVO77ZHYjZJRPtl%2F6YOPeeMYXhwLzv0Lz2SGnQuxOopyk4pB3yZotk6Dpc7p18%2Fs%2FhUKEFobqPRcPRgvZ%2FC6dHDr0oRzZ%2FtZtyW%2BagunxykdRFJMo9a0he4AY7fLqiH6OvPkQ%3D%3D"}]}
content-encoding: br
cf-ray: 95b893303aca56c9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Sun, 29 Jun 2025 16:32:58 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Mon, 29 Jun 2026 16:32:58 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 4cf9c028567cadd1e1afd07523fc03c8.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: pYEGQ4rORcyposEsOM6e6MzuK01X0Vc-synKR3W8md4uBq57lX_4yQ==
age: 689455
X-Firefox-Spdy: h2
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250707%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250707T160316Z&X-Amz-Expires=1800&X-Amz-Signature=af42f261e0793e19079d0c8d942f5973d0f03a98f015cfb09b806460f9b9586f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250707%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250707T160316Z&X-Amz-Expires=1800&X-Amz-Signature=af42f261e0793e19079d0c8d942f5973d0f03a98f015cfb09b806460f9b9586f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250707%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250707T160316Z&X-Amz-Expires=1800&X-Amz-Signature=af42f261e0793e19079d0c8d942f5973d0f03a98f015cfb09b806460f9b9586f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 5226
date: Mon, 07 Jul 2025 16:03:54 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 23045, 0
x-timer: S1751904234.160653,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/favicon.ico
404 Not Found 0 B URL GET vwipgs.rvyzrcm.ru/favicon.ico
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IklSOTFTMXVWRmJlbnZxdGY4UlJMcEE9PSIsInZhbHVlIjoib1RJelZITGJMSzJwYkFOQnRZa2RqejhlcVg1eTcvY2pSQzdpTnJNejdIc0tHcmRidGtWc0tBdGxhRmlhZ1dUUVVtZUlEN3E0QXc1eWRCQzVaSlg3N2lpcWVlL1dhbEJhUHJCbDlxZ1NNdml0TGRsRjluU1cwK2YycGE3OWMvRysiLCJtYWMiOiI4OWY0MzZjMThhODU0NmI3MDdhMmY4YWIwYzg4YmY1ODBiZGEwNTQ1MThiMjU5ZWE5YWI1NWNhY2FjY2M4NGM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjBLMTV2NHNYMUl1SHBVMkVjNHZoQkE9PSIsInZhbHVlIjoia1QxMUlUSjVkZXI2VGhrUTIwUks3QTZkZC9Gc1BiZzhXWnA1SlFxMmFGaDQzaFNpbWlXNGVIc3paUUpKSnpqSmxIeFNYbmthZ3h6VUlib21CVjNGK3BpL1VpcnlIaG9QMnZrOWFycWs4bEliUTA0c3pIMDJKVmZuVzBLbno5d3QiLCJtYWMiOiJlMjA5MmJmM2U4ZTkwMzc2NzliY2VkMmJjMGZhNjE4MGMwYTgwYmQwNzA3NGVjNWY2ZTQ5Y2FiNjM3YjI3MDE5IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Mon, 07 Jul 2025 16:03:49 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b892f86d5d0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hTpoCBQh8YcQbcjik7tkZHhqHbTi8YxKLpIEVxJbf8QdRrrul%2F9q8BZ%2B712oYWOy2HSwGNliH0Xx4F0GOpmjsNLegmAxuoKO2AU%3D"}]}
cf-cache-status: HIT
vary: accept-encoding
age: 18
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2897&min_rtt=820&rtt_var=2187&sent=25&recv=15&lost=0&retrans=0&sent_bytes=12348&recv_bytes=5072&delivery_rate=2828448&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=25117&unsent_bytes=0&cid=420bb8f913cd14a8&ts=1614&inflight_dur=32&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95b89311e9c1b512-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387669
expires: Sat, 27 Jun 2026 16:03:53 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=88I38Bo8qGdhf%2FLcX%2B8%2B6HRQRPFZm6rpbkyQ7osgbcgl9YUaTHn6xeqBhqGGkizErkewceA4SkK5O6EZm0V8cWtuDJrYSiXVkTnhxEyc6rhSe%2F0WwDTJM%2Bk8caxK9mq3HCFS9nN%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET vwipgs.rvyzrcm.ru/GDSherpa-bold.woff
200 OK 36 kB URL GET vwipgs.rvyzrcm.ru/GDSherpa-bold.woff
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2025 16:03:54 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uKa2WcNNSqZ3vGpoGObf2bGYoB0r9Sq7JtLpm3V%2Fo5CJypzwsrlWhkk8lgFwEv5EDr%2FqfkY7kBiyG3bocr%2B%2BFY2YQP18MY0Fwrc%3D"}]}
cache-control: max-age=14400
cf-ray: 95b89314c90b0b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1136&min_rtt=446&rtt_var=415&sent=245&recv=91&lost=0&retrans=0&sent_bytes=257025&recv_bytes=31313&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=7240&inflight_dur=193&x=40"
GET vwipgs.rvyzrcm.ru/GDSherpa-regular.woff
200 OK 37 kB URL GET vwipgs.rvyzrcm.ru/GDSherpa-regular.woff
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2025 16:03:54 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VggDdGx2qZpzBujhvHSVnVrqbby4cw4WQTt3u6dU9cISkGY9ftlFnm9GCFfe2x7swjWzDSiG2zn4hvV0wLyKyBWxKQRVw6ED"}]}
cache-control: max-age=14400
cf-ray: 95b89314c9120b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1081&min_rtt=446&rtt_var=407&sent=239&recv=90&lost=0&retrans=0&sent_bytes=248651&recv_bytes=31268&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=7209&inflight_dur=191&x=40"
GET vwipgs.rvyzrcm.ru/GDSherpa-vf2.woff2
200 OK 93 kB URL GET vwipgs.rvyzrcm.ru/GDSherpa-vf2.woff2
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:57 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: MISS
last-modified: Mon, 07 Jul 2025 16:03:56 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=L6gzojTcDDZsbooNzsPwK%2FdNJwoZvtWxyxeynmUIlWGudg007G5wACMw0b2rPPmyydBxiBte6%2BHj77eEZ6qGq1jk%2FvnuLICOtKc%3D"}]}
cache-control: max-age=14400
cf-ray: 95b89314c9140b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=986&min_rtt=446&rtt_var=145&sent=573&recv=132&lost=0&retrans=0&sent_bytes=687586&recv_bytes=38119&delivery_rate=29947390&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=46215&unsent_bytes=0&cid=420bb8f913cd14a8&ts=9533&inflight_dur=290&x=40"
GET vwipgs.rvyzrcm.ru/favicon.ico
404 Not Found 0 B URL GET vwipgs.rvyzrcm.ru/favicon.ico
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IjF2UjErUTFQWUpucFJHSitjZXFTM0E9PSIsInZhbHVlIjoiblZRWHB0OXR6MVBsYlNheE85WkdvaTZUMVhsdzIwdDBvRlJsanIvQ284dzlOVXZOcm1JOGFUTklnNmdDSmgxbG5ic0gvMjFmNFRYdDFlVHJ1Y0VVUm1iZjY3NW9ROTB0czRoazVnRUV3eWJsN0V4TmIvOGtnM1Bhckk1cDE3ay8iLCJtYWMiOiI1NGMwZjhjMWRkMTZlZGQxYjQ4ZGRlNDM2Y2YxNjNjYjZkZWRjNGI4ZWQwZWRlNTBlYzExZmRiZGYxOWFiODUxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik9Qa0ZBcDl5dkZ5Q2E0TEVhTVNyd3c9PSIsInZhbHVlIjoiUEdhODFYbTBUOFpVY285OHg2N3NSQVZUNzNwWUFJQkg5YW1CeWExRnEzaDJiMXU0bHpETFpYZE05ZkVQcFhMMlMvY0dnYkdTbGtZeTR3NUpVaGdZZE13eWkyajI5MlovK3dWTHZMMDJLVTd5ZFV3UTloZk0vM3loRGZnU3o2LzkiLCJtYWMiOiJmZTYzMDM5MTUwYTBjMDA4ZmJiNWY2YjYwNmU3YzRkMWJiNGEyNDM0Mjk4ZTJjY2NhNDc1MjIwMWUzZGQ4N2MyIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Mon, 07 Jul 2025 16:03:57 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b8932b0c400b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=hTpoCBQh8YcQbcjik7tkZHhqHbTi8YxKLpIEVxJbf8QdRrrul%2F9q8BZ%2B712oYWOy2HSwGNliH0Xx4F0GOpmjsNLegmAxuoKO2AU%3D"}]}
cf-cache-status: HIT
vary: accept-encoding
age: 27
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1037&min_rtt=446&rtt_var=346&sent=603&recv=136&lost=0&retrans=0&sent_bytes=726767&recv_bytes=39279&delivery_rate=29947390&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=47194&unsent_bytes=0&cid=420bb8f913cd14a8&ts=9700&inflight_dur=294&x=40"
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=relayBox&render=explicit
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=relayBox&render=explicit
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=relayBox&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 07 Jul 2025 16:03:29 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/e7e9d014f96e/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 95b8927baf4656ae-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/qrSK25pLF86sxwlJCzKIhg8pblK83ICGTAghxrNSVkdKOVlJb67136
200 OK 892 B URL GET vwipgs.rvyzrcm.ru/qrSK25pLF86sxwlJCzKIhg8pblK83ICGTAghxrNSVkdKOVlJb67136
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /qrSK25pLF86sxwlJCzKIhg8pblK83ICGTAghxrNSVkdKOVlJb67136 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: image/webp
content-length: 892
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="qrSK25pLF86sxwlJCzKIhg8pblK83ICGTAghxrNSVkdKOVlJb67136"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0SRPNdv1XshhNnYe8Z1y8%2BU%2FDXzTq7etI%2BaZQS%2BRknIlS6Tbzhf%2FDaYzXinY0OI4PH12r8eehiwmk0qiUYHuCAgsJCm1h7vfZ9o%3D"}]}
cf-ray: 95b89314d9170b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=836&min_rtt=446&rtt_var=319&sent=209&recv=84&lost=0&retrans=0&sent_bytes=213436&recv_bytes=30998&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6878&inflight_dur=155&x=40"
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 07 Jul 2025 16:03:16 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250707%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250707T160316Z&X-Amz-Expires=1800&X-Amz-Signature=af42f261e0793e19079d0c8d942f5973d0f03a98f015cfb09b806460f9b9586f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 417D:D117D:7AA37D:7D3127:686BEFE9
X-Firefox-Spdy: h2
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash b2cd74baf97025a149a0d944ffb0d467
b25941f8b995f5b54d13e5093c04d55909f5b0d5
27cbf76d00382cba1037bf9dd10be18b519a97ae6b1fa0866ada71a66e30d35e
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:55 GMT
content-type: application/json
server: cloudflare
x-request-id: 0ff6987ce4139e01a9a0b6a5de8045fa-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Vv5gL5P%2FaBha7rTrHONGfMrHnz4LgN6WMJhuAEGOM9Txt1ZiIET131VpYpj4oL4KaYkyJsCM6cUYrrLGnACc0lIzH3OEyIo%3D"}]}
content-encoding: br
cf-ray: 95b8931c9dcbb4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
200 OK 1.9 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:55 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: 6a81ce55-301e-002d-4bfd-e47025000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250707T160355Z-17dfff74684mgzrzhC1SVG9pbg00000011u0000000001n57
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash b2cd74baf97025a149a0d944ffb0d467
b25941f8b995f5b54d13e5093c04d55909f5b0d5
27cbf76d00382cba1037bf9dd10be18b519a97ae6b1fa0866ada71a66e30d35e
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:58 GMT
content-type: application/json
server: cloudflare
x-request-id: 5a1194c8af8bd7d0df713c07eedc8d0a-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ve9H8bjQ1mnL9sYxliai%2Fvka9R%2BRyA8HAF2KEG%2FOzPMKDPFtOrGdZa02TTmp7s8cpf48hnpIg375iZnARwWbApcpaWekcwQ%3D"}]}
content-encoding: br
cf-ray: 95b8932f2e81b4ee-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
200 OK 301 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 301 kB (301152 bytes)
Hash ba7a4713020bca47b55aaad0bae9e9a5
308d85a60bc7bde9d53c11beb2872a746cf96bcb
1b38d6d64034bdd37d9307859089525494030d2f7b4804fb51f2563cb120fded
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1881392488:1751901269:h35_VZLcM3a6Ux9243nzp5qdH3KU53X7RlSX3JqYvsg/95b8927ccdac7130/xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
cf-chl: xPzaLI.p11GUNq6u66k1OmLtdBpKL4sWEoFhorwWOb8-1751904209-1.2.1.1-J.vbnCLn05IPr6C9C5ayNPXh2hCshDUioDnUgDG.kjQ5rYBPXjyWrFpduQCFQTUo
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3447
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:30 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: oeGJVGc3ccnR1YF1ftmgrO3/TCHv4K9oSmmvG18H6wmZ8DLWMAaD2nmO1ntOat1jx7ChFo3mOdFUT/O3j4AcFyWWUQgijOxHQaEDwifA9GIhHqUfXbsn7S6HgQWRV4JGZ9v4fA7YKSeXBfxExvzVHVMPLYyB+M3kJFHYbkFdhwF6x+N3qza006IBDr0Mm5W/bhl5pjExFOO3EWbeFioPQZ+/sL9c8v4je2OWOFSzkRCxTqFs1yQxOeNH+B7qqABpXsa6+rxBe0F1Jcbm5U+o6e3PDbD1SCzi28GKsndDXYpXyROWHIeZS/gRjA6nCkZintxkPoz/mdSXwdP0be+yF3PHWhjBu9paitLMN0xzzm6obEXjLPlWKqEczSoD9CYOBUJEZqx3a0J33yMo+Lq8amqSYhzypT0UJbcRi8zz8MOXalgpN684wqMfDNXIroiYuIlNCB5MdndgJSCrn3is1AJfcVIchhyNEa+jjVFXkffCqw9CnugR+21qq8cEbCuyHGAI7kvudBa2qAQ1Qkv7YOlO891YQthw0OInc5uJxaYdFhW8my7VDPzg48pLqnKdAQtbY9zF3bBqicTpCZziwvpt9JdMs+F885sY2LWiQ10NwXdyDd8bYVvKvnyZxPWhefIkLzxiYsKedRr8H7U9xfSnM62RAh5hZcpYGpD55FfiMak6TLDU4SN0mlZW1NiIlA0q5e8SrTqcGzYqRKXC9IFTBTyg0U20JZzE3Gmm6bclipwhCo7YdfxC6IG4vK0FyqZJVy7e/5AWCkmp//RAhxV0D3t/nHJXZxWav8LCyEQC2sXHeH/IqTTF1NJ2pDUJ05qpMzY/HeT1j/QebCsOuw==$MkVGiib+C/bcaeRbHpBoig==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95b89280ff217130-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET vwipgs.rvyzrcm.ru/uvr5287Sxh4yUsgj7E9cEvv5stJKgDP17GX58CHqi8z34130
200 OK 644 B URL GET vwipgs.rvyzrcm.ru/uvr5287Sxh4yUsgj7E9cEvv5stJKgDP17GX58CHqi8z34130
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /uvr5287Sxh4yUsgj7E9cEvv5stJKgDP17GX58CHqi8z34130 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="uvr5287Sxh4yUsgj7E9cEvv5stJKgDP17GX58CHqi8z34130"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VQZ0r%2FX%2BvhyMdGx8H7eenhMcIVYTDYI3k4qDT7E%2FjGYCpnekaawK%2BwKqw4S7Gb0OWIU2PmaSlKSL%2BMBrlskIkprX6uDCTnaH3hA%3D"}]}
cf-ray: 95b89314c9160b65-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=837&min_rtt=446&rtt_var=425&sent=203&recv=83&lost=0&retrans=0&sent_bytes=208186&recv_bytes=30954&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6866&inflight_dur=152&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95b8931b5a48b512-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387670
expires: Sat, 27 Jun 2026 16:03:54 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BqTeUos55inXkJ8k1td2VT9TEBhh15nJE5ClDckvxYknaaL9POHr1f1ZHi0IVCyDkLIeQtaXPqHtCnkLO0z3qJx%2B1JxoQFzEVIOOgaGdDnnGrgh67nH4gK%2BvFKXdI65jT8oeDVX5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 23 Jun 2025 13:02:15 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 23 Jun 2026 13:02:15 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 4cf9c028567cadd1e1afd07523fc03c8.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: iJ6_zYFo5bA-VO-PvNo9Y5Kwhnt3LleY30BS_2NGlBynVg0nIakKcQ==
age: 1220500
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/95b8927ccdac7130/1751904210098/26fa96433f814640510d8b19892ae7bb84592e3c9ccdf2302fb60776180fec06/POqAU-9Ev1ZXtl8
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/95b8927ccdac7130/1751904210098/26fa96433f814640510d8b19892ae7bb84592e3c9ccdf2302fb60776180fec06/POqAU-9Ev1ZXtl8
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/95b8927ccdac7130/1751904210098/26fa96433f814640510d8b19892ae7bb84592e3c9ccdf2302fb60776180fec06/POqAU-9Ev1ZXtl8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/uv5nz/0x4AAAAAABeiJb78edb4ih-b/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Mon, 07 Jul 2025 16:03:34 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gJvqWQz-BRkBRDYsZiSrnu4RZLjyczfIwL7YHdhgP7AYAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tICb6lkM_gUZAUQ2LGYkq57uEWS48nM3yMC-2B3YYD-wGABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tICb6lkM_gUZAUQ2LGYkq57uEWS48nM3yMC-2B3YYD-wGABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArFBSpY0YPcNslVpklXsEb2gfZsCpmIVdQhoS4K7cHrhquWhyk4MLkyi7_s6aWrx_Xf7HlTYTdYhnNJYeSmBvNR-rT9Jr-vgHew2EKxCRkzFMKPiBFgHMw6CQNwFmH4vtDoB7QjzQGuScPRdzh7kPu8509ew2xkFnr9tjB-6n7HM01yE-AK-YLGAsO2pnr7E7uB1wVPOxxon_JAZ3bYOfTUgjOOdXlFNC8lcuocjbz6S74A95qx_Ud-iEvXXfOoBv5KLuG4xndLeZHQmGd8Zt7VxbSldzBAmsB7NLLExZxPD-x71RLAY9HVS2lcMOPbQ3diWMBwpfS95tytYOn-a5rwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 95b892997a9c7130-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 07 Jul 2025 16:03:49 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95b892f73cc756c0-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 387664
expires: Sat, 27 Jun 2026 16:03:49 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FUck5dto2iiXt7Pde2Yqt06AvS3drCYUN3j0yZT6KDBCSf8PqAi4f0UVTgmF4CUkZMM1bFuEHqrxsx71TrMZxhf8hDO9P4vFwTUs8EAy2r3r0fGpI2nAeQ2BGCICUGvDkHexfs2L"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET vwipgs.rvyzrcm.ru/rsUourwQGSqCThBYhNAyj7M2HWfrXghu3h8sXR53nute5YRef197
200 OK 268 B URL GET vwipgs.rvyzrcm.ru/rsUourwQGSqCThBYhNAyj7M2HWfrXghu3h8sXR53nute5YRef197
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /rsUourwQGSqCThBYhNAyj7M2HWfrXghu3h8sXR53nute5YRef197 HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:54 GMT
content-type: image/svg+xml
cf-ray: 95b89314d91d0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="rsUourwQGSqCThBYhNAyj7M2HWfrXghu3h8sXR53nute5YRef197"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=j%2Bmmx8WJJHzQokLheAGY2PyFyHT6IKf1kIl6693dKIXryABS%2B0QfIQ0hnN4NAfuLNeF7cMhSVqZZXQ8xr%2BVd%2BXeqKAuugZsdiUY%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=836&min_rtt=446&rtt_var=319&sent=208&recv=84&lost=0&retrans=0&sent_bytes=212591&recv_bytes=30998&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=6873&inflight_dur=155&x=40"
POST vwipgs.rvyzrcm.ru/vseN3L2evxAW9K20tIbMVboPhkRc7Qzc0an8yf8hj5qPjztpqNJiDaLABAAnEcm
200 OK 1 B URL POST vwipgs.rvyzrcm.ru/vseN3L2evxAW9K20tIbMVboPhkRc7Qzc0an8yf8hj5qPjztpqNJiDaLABAAnEcm
IP
Requested by https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Certificate IssuerGoogle Trust Services
Subjectrvyzrcm.ru
Fingerprint28:E8:6C:CC:66:BE:18:6F:6C:49:74:34:E7:C9:0A:B1:F7:4F:5D:2C
ValidityFri, 23 May 2025 14:25:27 GMT - Thu, 21 Aug 2025 15:24:16 GMT
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /vseN3L2evxAW9K20tIbMVboPhkRc7Qzc0an8yf8hj5qPjztpqNJiDaLABAAnEcm HTTP/1.1
Host: vwipgs.rvyzrcm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 2832
Origin: https://vwipgs.rvyzrcm.ru
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/j3r5864ma52h?common/oauth2/v2.0/authorize?client_id=b9e27087c-58c986242934ec-d7b701c9003a8-8ccd5454748795-6bab15034a3-8a07042cd9d7c76-aa343167ea5b3b-91839af251194e1-0822fc83c18d009&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IlFWaC9GNlY3WlNVb2pCWTNPRXBadlE9PSIsInZhbHVlIjoiNkthVmY3TUExclRNcDJqT056QXNvWndzVmtXai80Mm1UUHFNa2FjMUUyQ3lUdFNlYnVONXkzVnh5YUV0allJSWhwL3VtcnhOZjdTT016Nzk4aTJsT1ByMWEzNUxSL0llVElzUG1Lc3JibDRiZ3VPclpZYjBCc2ZnTk1MS2FlZ1giLCJtYWMiOiJlYWY4MjZkYWZkNTQxYTg3OTVlM2RiODMzOWE4MWZhMmVkZjJhMjY5ZGNiZjFiNGU0OWQxY2ZiZTJlZmIxZGY4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ilhrc0o0UGYvanpPR1RzeEVla04zV3c9PSIsInZhbHVlIjoiMmwrSU15SmMxVk5vajZMbEtzV2FHeGFIa21pNHNUeDV4Vkx0cExrb1Y4Wnp5YWhxSVVLbUFENmkyMCtDRmY4NzM1Yzc1ZjU4T3J4RXJzM3M0Q0cwNlVTaFUzWk9reFV3c1g4M0wrWmdGcFllNDVqOUNONjVJN3BMYk4rQ0FISEEiLCJtYWMiOiJkY2QxZjE2ZmZhNTZhZGU3NmQ4MmUwYmMyYmRkMzNhZDUyYTQzY2E3NTY5ZGQ2MzIxZGJlZTFhZjIwNzk0OGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Mon, 07 Jul 2025 16:03:55 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95b8931d9a7b0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4fOWaRezhKCcciDTZu3ui42I6b0OFSSlHQQQ%2FEN2oy1anchGPVe2bts9CcllgDKvK6xUetSccalbNa1afTMU5sQWsu0QWZa6YWI%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IjF2UjErUTFQWUpucFJHSitjZXFTM0E9PSIsInZhbHVlIjoiblZRWHB0OXR6MVBsYlNheE85WkdvaTZUMVhsdzIwdDBvRlJsanIvQ284dzlOVXZOcm1JOGFUTklnNmdDSmgxbG5ic0gvMjFmNFRYdDFlVHJ1Y0VVUm1iZjY3NW9ROTB0czRoazVnRUV3eWJsN0V4TmIvOGtnM1Bhckk1cDE3ay8iLCJtYWMiOiI1NGMwZjhjMWRkMTZlZGQxYjQ4ZGRlNDM2Y2YxNjNjYjZkZWRjNGI4ZWQwZWRlNTBlYzExZmRiZGYxOWFiODUxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:55 GMT
laravel_session=eyJpdiI6Ik9Qa0ZBcDl5dkZ5Q2E0TEVhTVNyd3c9PSIsInZhbHVlIjoiUEdhODFYbTBUOFpVY285OHg2N3NSQVZUNzNwWUFJQkg5YW1CeWExRnEzaDJiMXU0bHpETFpYZE05ZkVQcFhMMlMvY0dnYkdTbGtZeTR3NUpVaGdZZE13eWkyajI5MlovK3dWTHZMMDJLVTd5ZFV3UTloZk0vM3loRGZnU3o2LzkiLCJtYWMiOiJmZTYzMDM5MTUwYTBjMDA4ZmJiNWY2YjYwNmU3YzRkMWJiNGEyNDM0Mjk4ZTJjY2NhNDc1MjIwMWUzZGQ4N2MyIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Mon, 07 Jul 2025 18:03:55 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1060&min_rtt=446&rtt_var=322&sent=336&recv=105&lost=0&retrans=0&sent_bytes=376899&recv_bytes=36845&delivery_rate=22002630&ss_exit_cwnd=28441&ss_exit_reason=2&cwnd=40694&unsent_bytes=0&cid=420bb8f913cd14a8&ts=8049&inflight_dur=212&x=40"
GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
200 OK 4.7 kB URL GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
IP
Requested by https://vwipgs.rvyzrcm.ru/ej3t!au3TNf5oJb1/$brandonh@slurpmail.net
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint21:17:81:78:41:C6:8F:86:D6:CF:8D:98:CC:74:A8:F1:03:F8:C9:D4
ValidityMon, 02 Jun 2025 15:43:52 GMT - Sat, 04 Jul 2026 15:43:51 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /npm/lz-string@1.4.4/libs/lz-string.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vwipgs.rvyzrcm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.4.4
x-jsd-version-type: version
etag: W/"126f-tp5wc7wsG8mleq2kxzeZ0YLvg2g"
content-encoding: br
accept-ranges: bytes
date: Mon, 07 Jul 2025 16:03:51 GMT
age: 2312518
x-served-by: cache-fra-etou8220041-FRA, cache-hel1410020-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 1425
X-Firefox-Spdy: h2
104.21.96.1
151.101.2.137
140.82.121.3