GET zqy.cuwsafg.es/GDSherpa-vf.woff2
200 OK 44 kB URL GET zqy.cuwsafg.es/GDSherpa-vf.woff2
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2025 18:13:03 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1gPVhJdmyJBPJcqSdcfNN6bdEV49FzqbwAZ85WnWrlPQFgXk55YKK52ozc9KRtnHrov0j%2F%2F29T9iS1Q%2BfrkHFVIN80EX32ka%2BH4%3D"}]}
cache-control: max-age=14400
cf-ray: 966e9682c94756b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=851&min_rtt=0&rtt_var=132&sent=372&recv=308&lost=0&retrans=0&sent_bytes=263623&recv_bytes=39068&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21050&inflight_dur=201&x=40"
GET zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
200 OK 7.4 kB URL User Request GET zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type HTML document, ASCII text, with very long lines (3084)
Hash 6d8eae6c113c3dc442753678056722b0
b56f22303e19896aef717db1ee97a8d9d1f9fa78
1e4983acd1c3d2b17bc9e98feda9c511656076ab82422edbd4e4ecaf663bd583
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:12:42 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7lLTWZfsGdC9mCh0cw7M5MFZFVjBs0KKnf19BFjJKtFryZUilK75UJJ0RQFMwqea%2F9QtiFG66xVUdaGRyvMnjzXM6W6AZmgKzhc%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6InZ1RkU2eFB0NnFEZ0p5VmNkcTV3MkE9PSIsInZhbHVlIjoiTEJwNnFjbWRYQW02cWlxd21YYm1TUGZkSk4wL09QWDFUbEY5WnI3cVduR3A1Q1N2KzcxZTFnZmdPR0lNSFp5WjYrbTB0UnZybFRGVVJuWUFwZXFrdFVnT1RrWVFGemZWdUp1OEN1L2lnYWppaUlnZTF2M1dMYjFlRUcvSDFnMEoiLCJtYWMiOiIxYWU3ZjY4Y2Q1NzgxMDEwMTcxNDc3N2Y5OWEwYjRkMmQ1Zjg5MWMyMGM5YzVhYTk3MjFhMzQ1ZTNlZWNhN2NkIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:12:42 GMT
laravel_session=eyJpdiI6IjN3VE1UMjRscWdwQ2FwK2Fuc2RqS0E9PSIsInZhbHVlIjoiK09qSFVteGFKc3o5RDJZVWZtUlQ2VGNrQ1FNdm1LUDk0K2VJeWN5cUlaMlluU0NiS25GbExpQm1yMC9TckJDTjVkM2wyamNxeFAwc3FwdmJVQnQ1Vkd0MC83Wk9RK1E5b0V0MzJMR0orc25RYmI4YnVBb1MyWG54OVBMU2VCWmYiLCJtYWMiOiJjZWEwZmRlOWRhNDExODk4MzY3NjJjOTU4OTUyNzE0ZjY0ZWNiNDk5YjY1M2ZjNGY4NmZhMGUzYmMzMzk4ZDlhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:12:42 GMT
cf-ray: 966e95fed8db568b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
200 OK 27 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type HTML document, ASCII text, with very long lines (27004), with no line terminators
Hash 368e4b5da0f86c293b154316ad15ba77
2057beef944e53619a92c7e360ff52615e4f096e
e28681b3dc78cb42b1f1a3a420c15be84a2ee07e451dcd53173e7056d4d6c19c
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:42 GMT
content-type: text/html; charset=UTF-8
content-encoding: br
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-TrVYDSaKf60VbxPG' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e9607ba1156b5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/966e9607ba1156b5/1753812763436/514c229982308a1329b62563173f178a3c456e871ed7bccf574cf73a1f2fd45d/b714utLbB57I1e6
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/966e9607ba1156b5/1753812763436/514c229982308a1329b62563173f178a3c456e871ed7bccf574cf73a1f2fd45d/b714utLbB57I1e6
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/966e9607ba1156b5/1753812763436/514c229982308a1329b62563173f178a3c456e871ed7bccf574cf73a1f2fd45d/b714utLbB57I1e6 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Tue, 29 Jul 2025 18:12:46 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gUUwimYIwihMptiVjFz8XijxFboce17zPV0z3Oh8v1F0AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIFFMIpmCMIoTKbYlYxc_F4o8RW6HHte8z1dM9zofL9RdABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIFFMIpmCMIoTKbYlYxc_F4o8RW6HHte8z1dM9zofL9RdABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArFBSpY0YPcNslVpklXsEb2gfZsCpmIVdQhoS4K7cHrhquWhyk4MLkyi7_s6aWrx_Xf7HlTYTdYhnNJYeSmBvNR-rT9Jr-vgHew2EKxCRkzFMKPiBFgHMw6CQNwFmH4vtDoB7QjzQGuScPRdzh7kPu8509ew2xkFnr9tjB-6n7HM01yE-AK-YLGAsO2pnr7E7uB1wVPOxxon_JAZ3bYOfTUgjOOdXlFNC8lcuocjbz6S74A95qx_Ud-iEvXXfOoBv5KLuG4xndLeZHQmGd8Zt7VxbSldzBAmsB7NLLExZxPD-x71RLAY9HVS2lcMOPbQ3diWMBwpfS95tytYOn-a5rwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e962079ee56b5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET zqy.cuwsafg.es/wxQprH3jgIMvmkDGzYqr5b4GWq8p1xKkmXC12130
200 OK 644 B URL GET zqy.cuwsafg.es/wxQprH3jgIMvmkDGzYqr5b4GWq8p1xKkmXC12130
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wxQprH3jgIMvmkDGzYqr5b4GWq8p1xKkmXC12130 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="wxQprH3jgIMvmkDGzYqr5b4GWq8p1xKkmXC12130"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Q5Gz5P1ncaxoNKZPPCjp9sKM1N3afRWVhQhW8cHyKk4ak1mxxmbEYNIas5rJewVS6PzK%2BQFJB6KvE4eV6AlDUh1%2Bxpaaa89aiAg%3D"}]}
cf-ray: 966e9682d94a56b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1215&min_rtt=0&rtt_var=529&sent=418&recv=317&lost=0&retrans=0&sent_bytes=315725&recv_bytes=39504&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21160&inflight_dur=235&x=40"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:13:02 GMT
age: 1571712
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 582708
x-timer: S1753812783.500239,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash ccfc680398c7d5df2c18876a9f424c76
a7760f5ab19b3f737fc94dc729990298b20ffc90
ffc10a9be3fcc7524cf8297e56455fbb760895d96f20872617b76251b172711f
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:05 GMT
content-type: application/json
server: cloudflare
x-request-id: 9482162a9b6e83652ae532b9da354f06-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=k1JGtNpK4adCNOnWjBG92q2hooQmuB1xEKcFbwazpdGNlsi%2Bcw4PKWwb%2BleLqak1G9tza9VMxN2Y1FuC1vkErQpJ6aTpzuQ%3D"}]}
content-encoding: br
cf-ray: 966e9693aaae712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=966e9607ba1156b5&lang=en
200 OK 140 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=966e9607ba1156b5&lang=en
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 140 kB (140343 bytes)
Hash d58455316c1993040ed9fe9b49a742a3
e5cd53fd82147fcafe875d1ea9858b4ffb0daeb0
efb8184f850f7f5bd8729d1bb55f1f14e4d0b2157592afe335f89a42eb86659a
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=966e9607ba1156b5&lang=en HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:43 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e9608bba956b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
200 OK 30 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (29548), with no line terminators
Hash bee429e8aee4b1b8465d6f9a94a9734d
e2ec16478e3caf11e5b539159330f548b44d1dd8
ec65f092750e8a2ba03a783eba9cdcaf9ae87226eeb35a8acab22ccb7db79076
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
cf-chl: wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34914
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:48 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: ew98qeEqwvOHJjL/groArFGutOU/A0T0/i+4D8E5b7kC7bSxZKVKs0z89ux8znx7$gfbyuQZ+x6wlPebt76Y9xA==
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e9629cff656b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET zqy.cuwsafg.es/uv8uH93rLfMaTCX7aJ3OsmG33YT2OO45ZyJUSOlyxOFuz51kvhXV7ePef260
200 OK 18 kB URL GET zqy.cuwsafg.es/uv8uH93rLfMaTCX7aJ3OsmG33YT2OO45ZyJUSOlyxOFuz51kvhXV7ePef260
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /uv8uH93rLfMaTCX7aJ3OsmG33YT2OO45ZyJUSOlyxOFuz51kvhXV7ePef260 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="uv8uH93rLfMaTCX7aJ3OsmG33YT2OO45ZyJUSOlyxOFuz51kvhXV7ePef260"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=3%2Fl0pyWwPUE86MxfLgBExeqPSEB5y3cLal0Ngc6R20Ql2SyfowAaw4C509gkPZAwZFbhdWzP%2B7NR%2FtdTesLnDTUM4kt9gn9UBNc%3D"}]}
cf-ray: 966e9682f95156b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=931&min_rtt=0&rtt_var=184&sent=410&recv=313&lost=0&retrans=0&sent_bytes=306703&recv_bytes=39305&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21067&inflight_dur=210&x=40"
GET zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
200 OK 38 kB URL User Request GET zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type HTML document, ASCII text, with very long lines (4115), with CRLF line terminators
Hash db725213ff5a8828cc899ce8f946425d
3ca90ea9c85830d3b69af439d1755b24af8c850e
90b47f3b75497d388395268c92bb082ccc65a391c0ba2bb8d1743ebf5a2c477e
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkpRTWErbVRmUTFLdCtGa1JnaUdYenc9PSIsInZhbHVlIjoiditVMGkveVVuN0MxQjNEMlJaRlJ3OXJGd3hqaFI0YU5jdmdhenRyZ1loRy9wdTdZNjZwYWZ2TU1udk9RNDM5QVhLQ0o3SDhvdGltaHVyRGVMdnN5QlUrS1J3d2MvSkZLSG9lYUI2c3JhM2J5RFdTV1lXRFlNZ3NWSFFlMzczSE8iLCJtYWMiOiI5NDZhYTZhYTYwOTZlZDM3OGZkZDljN2IxNzUxZDRjYjljNjhmMWE3YTI1MzI2ZDI5MjNkNzYzNGU0NzYzMjNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVZWmFTYnMwYzA4emVqUzVGRStkYVE9PSIsInZhbHVlIjoibmVIWUd1TkZBeXluRWozUnA3WGlrcnZDbHc3R3hITHZ1U3pweTNvN1FlTHNsRCtCM2hyWlQxVnY1Vktvdk5XTWhpVGxsYzZCL2V2cUp4aEdoZWc1S2NEWjBRaWxLc0RQS2FZak96TEdPNXNRV1NGMWMvOGdrRlFhUlkwczV1U3YiLCJtYWMiOiIzMjk4MGI1MDEyOTdmN2M0ZTIzY2NmYmQwNGU0YWQ2MTFhYTQ1MjIzMGY1MzYwNDM4ZjllNmU0YTVlOWZhYmEyIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:59 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e966e281756b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4sWLyI4CCh8AlIdF0pDzQdeiwGPSSYNIE8daoyDynNB%2BUSL%2Fx6txk5skcN%2FXVoe9kgSWU1gTVMNOBfw2duLnwOSoqXKN495jq4Q%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IlBpMGdNRFltaHArMHN5NWcrU2lWL2c9PSIsInZhbHVlIjoiMGI3VUdwUWN6aGVUOWJ1VnRPL055L0lEY2Uwcmc4WXBkd2dzTjBTVkFER3B2bmhXWFBMNE1VUm1HeFNEcUkrWHNZai90R3U2RkVWVG9UYktmZ1BpVkpvSXdydlhmZkhzRjlSOFgxUzIyMWxmM0xlWG50bmVoYXk1L1pSZDFPQXUiLCJtYWMiOiIzMGVhYjA0ZjQ3ZTY2MDI5MDFkOWJjZDY0ZDE4NTFlYTcxMzU0ZjBlNzJjODEyMTgyMmQyZDUwN2YwNjI0ZWNlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:12:59 GMT
laravel_session=eyJpdiI6Ii9jRC9hcDJpL2s5Wk8xL1FWU3RwdkE9PSIsInZhbHVlIjoiOGdhZHN1QTJSWnM4OC9TclNvbTc4VVhYYWFWUkptNUxZVWp6Z2p2MmFTdDRMSWRpdEVVTU9vMWNpcWxYbWVUTkZpSmt0K1Z4bGw5WHllV0ErcHJyWkRlWDJRRkZ1ZTdYVURGaVdVcFU1R25sMGJ2cDE5aDROSVRLaGdVdjY2aTQiLCJtYWMiOiJhODFjY2JkN2MwYTUyMjEzODZmNjEwNmU2NTExOWY1OWRkMjQwMjVjZmNlNDNiY2Y3OGE3MzFhYTZlZTk0MmExIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:12:59 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2783&min_rtt=540&rtt_var=2547&sent=156&recv=246&lost=0&retrans=0&sent_bytes=14701&recv_bytes=17044&delivery_rate=426750&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=79267e4a1add8b07&ts=17499&inflight_dur=45&x=40"
GET zqy.cuwsafg.es/GDSherpa-regular.woff
200 OK 37 kB URL GET zqy.cuwsafg.es/GDSherpa-regular.woff
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2025 18:13:03 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xmkx9aQo3IE%2FzsBpQtbFOdK9KMvdCb5TLQw4u%2BcINJZPPaMf1SoBQcsqHSaX5a6udsbi9HCwXyViyfBJ%2BVusoy7q%2FHwDNyg7flA%3D"}]}
cache-control: max-age=14400
cf-ray: 966e9682c94656b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=851&min_rtt=0&rtt_var=132&sent=373&recv=308&lost=0&retrans=0&sent_bytes=264477&recv_bytes=39068&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21051&inflight_dur=201&x=40"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash ccfc680398c7d5df2c18876a9f424c76
a7760f5ab19b3f737fc94dc729990298b20ffc90
ffc10a9be3fcc7524cf8297e56455fbb760895d96f20872617b76251b172711f
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: application/json
server: cloudflare
x-request-id: a3199f977a625a7464ff49192a8c9098-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YJhILYw%2FeNKDudQgikl0zVfslj3hL20TgxsRms5urg%2ByS5rGhtutKlM70jcmO8akquA64wNCTND32z9jVkvOaQXNVzs9BLc%3D"}]}
content-encoding: br
cf-ray: 966e96873964712e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:12:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e96063cdd56a3-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 921977
expires: Sun, 19 Jul 2026 18:12:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fkgIqhvYZ6Hvrc7Mi0PqH9dkkdxr4XMHxt0%2BkQCIDVpYGnodJb7UolYQmcINg1AAud1uxKbv0WR9j4gI4sYPXjLW9BMOKRwgVNqEN8N%2F6hCyG0eM23IvfBKZqlwGELFiq4wZTc0s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Sun, 13 Jul 2025 18:07:01 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Mon, 13 Jul 2026 18:07:01 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 c16cb9fc938243bd0209a41893a00da4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: lYHQpd8ndXYDXJ3Pjj4YNEwYO2k3QDMAEscUhMnkE7OnF3-jI0i0Sw==
age: 1382761
X-Firefox-Spdy: h2
GET zqy.cuwsafg.es/34DbReBouiDIm6eOxvijtlzREcUAhVe89110
200 OK 292 kB URL GET zqy.cuwsafg.es/34DbReBouiDIm6eOxvijtlzREcUAhVe89110
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 292 kB (292192 bytes)
Hash 87eef9f14013b064ccbc84f0cda5cf19
612de16a2e18501742a4a928bd45eb183e5e4be0
9f5296d70febb1983e6898f9e90494c01ab6c6571ffcd3d08854130cbc2ecfc7
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /34DbReBouiDIm6eOxvijtlzREcUAhVe89110 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: application/javascript
cf-ray: 966e9683095256b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="34DbReBouiDIm6eOxvijtlzREcUAhVe89110"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=OsUt5ZJNxyikjq9dzSdhVEutDweb%2BhmlQ0%2BTBt8b4B4dRCTgLOmfYZi1VCXv44u7%2B11CCGscl9Ze%2BcCT5nUwg7ZEU%2FM5Cr2o7EA%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1108&min_rtt=0&rtt_var=420&sent=417&recv=316&lost=0&retrans=0&sent_bytes=315100&recv_bytes=39454&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21102&inflight_dur=213&x=40"
GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 29 Jul 2025 18:12:42 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/8359bcf47b68/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 966e96063be0568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
200 OK 4.7 kB URL GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /npm/lz-string@1.4.4/libs/lz-string.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:12:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 1425
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.4.4
x-jsd-version-type: version
etag: W/"126f-tp5wc7wsG8mleq2kxzeZ0YLvg2g"
content-encoding: br
x-served-by: cache-fra-etou8220041-FRA, cache-lga21931-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2041625
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Czg0zrThBABpBJN%2B%2BEj5oq0Y%2B62KwzovNhAEbQCT0b%2FpnQEtdt75k%2Fs%2FG7vPq3YtKGJn7OoTnxJNb81uNLctECNNRGkhuxBf8AYDjBVTyd%2BioGBuMAMgFdPZFOg5x1z1DI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 966e967298105690-OSL
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Sun, 13 Jul 2025 15:12:14 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Mon, 13 Jul 2026 15:12:14 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 c16cb9fc938243bd0209a41893a00da4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: afCrAbyBJwGGaAZzOuPrSnEZL8MfCzqx8AdZfsp04xRA33OsPKJYZg==
age: 1393249
X-Firefox-Spdy: h2
POST zqy.cuwsafg.es/fq3Z8JBo4hEN6TS9gpLiKzne4U1jNve9a
200 OK 20 B URL POST zqy.cuwsafg.es/fq3Z8JBo4hEN6TS9gpLiKzne4U1jNve9a
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /fq3Z8JBo4hEN6TS9gpLiKzne4U1jNve9a HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------289227830518429698231238649794
Content-Length: 1039
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InZ1RkU2eFB0NnFEZ0p5VmNkcTV3MkE9PSIsInZhbHVlIjoiTEJwNnFjbWRYQW02cWlxd21YYm1TUGZkSk4wL09QWDFUbEY5WnI3cVduR3A1Q1N2KzcxZTFnZmdPR0lNSFp5WjYrbTB0UnZybFRGVVJuWUFwZXFrdFVnT1RrWVFGemZWdUp1OEN1L2lnYWppaUlnZTF2M1dMYjFlRUcvSDFnMEoiLCJtYWMiOiIxYWU3ZjY4Y2Q1NzgxMDEwMTcxNDc3N2Y5OWEwYjRkMmQ1Zjg5MWMyMGM5YzVhYTk3MjFhMzQ1ZTNlZWNhN2NkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjN3VE1UMjRscWdwQ2FwK2Fuc2RqS0E9PSIsInZhbHVlIjoiK09qSFVteGFKc3o5RDJZVWZtUlQ2VGNrQ1FNdm1LUDk0K2VJeWN5cUlaMlluU0NiS25GbExpQm1yMC9TckJDTjVkM2wyamNxeFAwc3FwdmJVQnQ1Vkd0MC83Wk9RK1E5b0V0MzJMR0orc25RYmI4YnVBb1MyWG54OVBMU2VCWmYiLCJtYWMiOiJjZWEwZmRlOWRhNDExODk4MzY3NjJjOTU4OTUyNzE0ZjY0ZWNiNDk5YjY1M2ZjNGY4NmZhMGUzYmMzMzk4ZDlhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:59 GMT
content-type: application/json
cf-ray: 966e96696fe456b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4N7dcZNPETEWUSximoRc8EE1z9w%2BfWfLBkIhy2Ww%2FLMjpkBdmUxcD6hS0cv93UEWxAutog%2BaWUSMWl7jWYI6L8dc1uqosPwhC7A%3D"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6IkpRTWErbVRmUTFLdCtGa1JnaUdYenc9PSIsInZhbHVlIjoiditVMGkveVVuN0MxQjNEMlJaRlJ3OXJGd3hqaFI0YU5jdmdhenRyZ1loRy9wdTdZNjZwYWZ2TU1udk9RNDM5QVhLQ0o3SDhvdGltaHVyRGVMdnN5QlUrS1J3d2MvSkZLSG9lYUI2c3JhM2J5RFdTV1lXRFlNZ3NWSFFlMzczSE8iLCJtYWMiOiI5NDZhYTZhYTYwOTZlZDM3OGZkZDljN2IxNzUxZDRjYjljNjhmMWE3YTI1MzI2ZDI5MjNkNzYzNGU0NzYzMjNlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:12:59 GMT
laravel_session=eyJpdiI6InVZWmFTYnMwYzA4emVqUzVGRStkYVE9PSIsInZhbHVlIjoibmVIWUd1TkZBeXluRWozUnA3WGlrcnZDbHc3R3hITHZ1U3pweTNvN1FlTHNsRCtCM2hyWlQxVnY1Vktvdk5XTWhpVGxsYzZCL2V2cUp4aEdoZWc1S2NEWjBRaWxLc0RQS2FZak96TEdPNXNRV1NGMWMvOGdrRlFhUlkwczV1U3YiLCJtYWMiOiIzMjk4MGI1MDEyOTdmN2M0ZTIzY2NmYmQwNGU0YWQ2MTFhYTQ1MjIzMGY1MzYwNDM4ZjllNmU0YTVlOWZhYmEyIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:12:59 GMT
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3065&min_rtt=540&rtt_var=2643&sent=153&recv=244&lost=0&retrans=0&sent_bytes=13308&recv_bytes=16062&delivery_rate=426750&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=79267e4a1add8b07&ts=16982&inflight_dur=42&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e967f0a7756b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333341
expires: Sun, 19 Jul 2026 18:13:01 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSCp0cnCVQfR9yXvIARuJDhJTf3pG%2Fp8TJxyfJe9KHe7pNORVBaZsja5XYbY0LIDfZ3%2FLcar0QpfYv7j%2FLLnkyxigH97r%2BZkeqUfTEMKQfV8dCcqCO%2FYdermfTNk45ob4%2B58Gj3M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/966e9607ba1156b5/1753812763430/MDY_IB0UG1eULzF
200 OK 427 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/966e9607ba1156b5/1753812763430/MDY_IB0UG1eULzF
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 74 x 73, 8-bit/color RGBA, non-interlaced
Hash 590b4490f33fef1e1512ce5d1f1e54c8
550d88b81258664ee4bf8cac6fb87114d814cbe8
a497c7fa791fb23e418a4862392d390da6d74a4f581abd4ee9ecef7d2a277181
GET /cdn-cgi/challenge-platform/h/b/d/966e9607ba1156b5/1753812763430/MDY_IB0UG1eULzF HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:44 GMT
content-type: image/png
content-length: 427
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e96135d7756b5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
200 OK 4.9 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (4944), with no line terminators
Hash bd1d305404bad8186f1984f85ce5eedb
e2cee70e957fe1b1e5a348098985f9a21682d33e
3d0e9cb2cd45e32457b496aea3233d8b8bfe61fe7f47f6e9a7e4809136b208d4
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
cf-chl: wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 44610
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:56 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: nOZNGPYGyaGC6ML8cPVKTiY948O4dSyiHmXav4RPpsmpWWXoAFvcEEVAnZmHzv6/3tpUf9EAeQJSBq4XqO+i3w==$836qDOOImRsES2BGSarVBw==
cf-chl-out-s: WFjvAJVYwyvlP3xuyHMNpLgNrDe7Q38fQnO7oOG7UYPTZh0XHatYZRYYi1LBkk+YQ2C/sCwOu8CYD9ZAp9BN9DDHEZ1a83I9gUyfA3RS5YOVm0jKVqwnv2OXROqEDpb4W7ug41zkazuzTUaGI+qsf5nBXF0x6CtOoGlxDGa8U1Kj3oM4NFscUfHJIfKu8mTxUynixDLQfbhV5Nc6k2E7rSHu+y9CKFlpVhEnHQQmKNwx67j759GYBAgIO4zDBGT5blb1BGtFjGvkPvZ3DxbH4djDDtyIw79f87M0zXl2SelK+u+m/AS/as3Z/mclTaBGUXk00ScXJ8I5rxxiuMLV/Zo7rW88g3ASrjxjPPyiJH7SVykHcRcShqTFvCcjX5QvQLKEmlU9a1gO8iaEuJ61rw/s0Q2Mia6PFriwXaCsdBhSpd8lQTZJZd6n+dLnjZCG8XR0R39QLK7pOfxTsNenYfqmX90CT7haHMvwlrIlHGGWuUjjHHqLlkKFPwBLajVl2mMp1yTitNiK7pN9QHfU8vauEnOYikD2X0uz1eQ8o/55lQHAwmlbpm/lCCUd6J2aL9fvMj0K1prZyIDQsuYAY1Cu90d0w4RIsC9nfdrievfFEd5tBsG+20a0odnOfFw7EK7uzrBuD427olbuC0RKRLit9BT8QzvFlMmrA3uSscf9TWZm54CkOoHkYe6HJZDHhk2Mi83+fhgbvE0TXMkEoVIxjKwCfgf2Lq6JsdGIMF42SfIMvADdPfVsueEu7L7TtYiJGnES9VjlTgzVboh/0HC1+FWDskxLmhs8DdN2QVsMoffuot56fesFCh2VSeuMCcBsc/blcHL3XRvd/f53Tgb9CZp3qaKUpZgfzjhZeJT+AeE2LxnGoLYixQdx96inU8nCdqvUOSuMqOgl8zYU4jfL025fq25WWTAjdiN6gB3CLCMHDVVDbWYAXRY3czELnEDxUkEbVCdCDk5eKs33oIC5ADxOfRYOCwiXhdolnj3//jX4eEsgWCcQCIIli9j/j3Ou3CCFN/zu2+I/AjGKKPXbCTB3O+XbtYDwAWn7dRIaBLPTAUTt6juKR2oiz94YkFg6bUk/WzI4hz0T+B/u5IDrYyRoT90vEXFiODCbdsPrsYoEUeywKvHMAZG+mGERPpBWpr8tiMD7e2J4mKCqYpptTw1R0LjphMFyeDz9dRu2cA/c9nD9+aN53auDy64AJgZD1Edol14oCNNsRo7c5w==$d13+vfiNGDLC9Jvpn6dXNQ==
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e965c3c7356b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:13:00 GMT
age: 1571709
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 582705
x-timer: S1753812780.104362,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
POST zqy.cuwsafg.es/zctk2WlxToS2W9Yt18UFSPRmNqx9FHNsxtkw0pcAHUrqTJwrSa6Akjy
200 OK 415 B URL POST zqy.cuwsafg.es/zctk2WlxToS2W9Yt18UFSPRmNqx9FHNsxtkw0pcAHUrqTJwrSa6Akjy
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
Hash b82803d60e64347a30a1794a5d8e8716
7b46d75b7b08fae315cc9da2db8800275ba370fe
899096dfd8cb09746f82c50d0759a8303b4b90ea68283faf34ea8d8bcb14c624
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /zctk2WlxToS2W9Yt18UFSPRmNqx9FHNsxtkw0pcAHUrqTJwrSa6Akjy HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 36
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IlBpMGdNRFltaHArMHN5NWcrU2lWL2c9PSIsInZhbHVlIjoiMGI3VUdwUWN6aGVUOWJ1VnRPL055L0lEY2Uwcmc4WXBkd2dzTjBTVkFER3B2bmhXWFBMNE1VUm1HeFNEcUkrWHNZai90R3U2RkVWVG9UYktmZ1BpVkpvSXdydlhmZkhzRjlSOFgxUzIyMWxmM0xlWG50bmVoYXk1L1pSZDFPQXUiLCJtYWMiOiIzMGVhYjA0ZjQ3ZTY2MDI5MDFkOWJjZDY0ZDE4NTFlYTcxMzU0ZjBlNzJjODEyMTgyMmQyZDUwN2YwNjI0ZWNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9jRC9hcDJpL2s5Wk8xL1FWU3RwdkE9PSIsInZhbHVlIjoiOGdhZHN1QTJSWnM4OC9TclNvbTc4VVhYYWFWUkptNUxZVWp6Z2p2MmFTdDRMSWRpdEVVTU9vMWNpcWxYbWVUTkZpSmt0K1Z4bGw5WHllV0ErcHJyWkRlWDJRRkZ1ZTdYVURGaVdVcFU1R25sMGJ2cDE5aDROSVRLaGdVdjY2aTQiLCJtYWMiOiJhODFjY2JkN2MwYTUyMjEzODZmNjEwNmU2NTExOWY1OWRkMjQwMjVjZmNlNDNiY2Y3OGE3MzFhYTZlZTk0MmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:00 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e967448a856b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bBUSBcVrTMb0%2FAcVMmP3owfsMabYOLUjr0H76EO3NilM8IcBy6I7HdQ%2FY%2BUxHgQZ%2B%2BshDyxdwTZKrYIBPg1DGFjTlrrqZfVf3xk%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IjVXNWErT3dBUy95N2lNNjNMN2FOV0E9PSIsInZhbHVlIjoidGY2cHRuQkhxQVV6WWNZT2NOeEh1dkpEeHlURitURzduZFBad1p6WU9zOEs1Vi91SFRuajBieFc3ZUdYaGYrcG1vRHU1NWxwMlpmWEE0bm5ZQUpGVzlnL1pFUXFYU01xTk1GSHdsWnhjMU1Xa1FDRG8ydGhRenlQcXMvWHdhdVEiLCJtYWMiOiJkZjkzMmNhYWI2ZTVmZGU4NGI0YzM1ZGZmNWUwMjg2OWY2OGQ5ZDk0ZjcxM2RkMzg1ODE3ZThmZTJhNjk4YzM2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:00 GMT
laravel_session=eyJpdiI6IjQwV2pnV1lCZmFBa2NXNjZKeGg1OFE9PSIsInZhbHVlIjoiNHU1ZkorNms0WjdmdlphZC9rMGl4K1RGNzRnS2dxNTRPY25ZOVRPUHVEVjg5dTkyZ0Rqa0ljMFNPdjZuRHBKMXhlWUVDakczbmNWeEdxcmMwMDRZSjArTlpldXp1TmdOR05DcGdSVmNjVnRLUlUxTW1xQVVuWlh4cXNRQXJwanIiLCJtYWMiOiJhNDkzOWU0ZGIyNmQwODJiYzNhY2QzNzE2ZDNjZWNlOGEzMWJmZjdlZGY0NDczNTZmNDU2NGE1MjAwNmI1OGM1IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:00 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1218&min_rtt=0&rtt_var=1071&sent=179&recv=257&lost=0&retrans=0&sent_bytes=41486&recv_bytes=19387&delivery_rate=7343068&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=79267e4a1add8b07&ts=18476&inflight_dur=119&x=40"
GET zqy.cuwsafg.es/abCIRquaPFpqERvogh30
200 OK 36 kB URL GET zqy.cuwsafg.es/abCIRquaPFpqERvogh30
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /abCIRquaPFpqERvogh30 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: text/css;charset=UTF-8
cf-ray: 966e9682a94256b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="abCIRquaPFpqERvogh30"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=R7U%2Bymmf72S19QUNnma0n77jwIVWDWcEMqAWwKjPpYWuufsjRYScyPDYXxy0gZfBkkne61PrZXPMrOSl4k3von6mvTsUh2k%2B"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=813&min_rtt=0&rtt_var=109&sent=348&recv=305&lost=0&retrans=0&sent_bytes=233185&recv_bytes=38930&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21009&inflight_dur=181&x=40"
GET zqy.cuwsafg.es/kl3e5CUCA49WBBzkueheJuLD1hECabpcdzJGcdidXUsVQQMJH6sO78170
200 OK 7.4 kB URL GET zqy.cuwsafg.es/kl3e5CUCA49WBBzkueheJuLD1hECabpcdzJGcdidXUsVQQMJH6sO78170
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /kl3e5CUCA49WBBzkueheJuLD1hECabpcdzJGcdidXUsVQQMJH6sO78170 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/svg+xml
cf-ray: 966e9682d94c56b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="kl3e5CUCA49WBBzkueheJuLD1hECabpcdzJGcdidXUsVQQMJH6sO78170"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rV7vP4cRY%2FuTNaI%2Fs5cQ6fWPBXwxk%2B5Eu%2Fg766HshuFM7r5FJwVUjSOl4MSi6nHuOfTikcZq4ctzFJvXG7KKJwRXX0Wy0M%2BpHMk%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=956&min_rtt=0&rtt_var=317&sent=387&recv=310&lost=0&retrans=0&sent_bytes=281931&recv_bytes=39161&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21054&inflight_dur=205&x=40"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:12:42 GMT
age: 1571692
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 582692
x-timer: S1753812763.671299,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET zqy.cuwsafg.es/favicon.ico
404 Not Found 0 B URL GET zqy.cuwsafg.es/favicon.ico
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InZ1RkU2eFB0NnFEZ0p5VmNkcTV3MkE9PSIsInZhbHVlIjoiTEJwNnFjbWRYQW02cWlxd21YYm1TUGZkSk4wL09QWDFUbEY5WnI3cVduR3A1Q1N2KzcxZTFnZmdPR0lNSFp5WjYrbTB0UnZybFRGVVJuWUFwZXFrdFVnT1RrWVFGemZWdUp1OEN1L2lnYWppaUlnZTF2M1dMYjFlRUcvSDFnMEoiLCJtYWMiOiIxYWU3ZjY4Y2Q1NzgxMDEwMTcxNDc3N2Y5OWEwYjRkMmQ1Zjg5MWMyMGM5YzVhYTk3MjFhMzQ1ZTNlZWNhN2NkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjN3VE1UMjRscWdwQ2FwK2Fuc2RqS0E9PSIsInZhbHVlIjoiK09qSFVteGFKc3o5RDJZVWZtUlQ2VGNrQ1FNdm1LUDk0K2VJeWN5cUlaMlluU0NiS25GbExpQm1yMC9TckJDTjVkM2wyamNxeFAwc3FwdmJVQnQ1Vkd0MC83Wk9RK1E5b0V0MzJMR0orc25RYmI4YnVBb1MyWG54OVBMU2VCWmYiLCJtYWMiOiJjZWEwZmRlOWRhNDExODk4MzY3NjJjOTU4OTUyNzE0ZjY0ZWNiNDk5YjY1M2ZjNGY4NmZhMGUzYmMzMzk4ZDlhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 29 Jul 2025 18:12:43 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e9607db5856b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=W9soz2xKy9s%2BKJ8RNigIqQeXgLXYwoHBHwUzdLe3IuXEAA07XqYaZlot3z6GnNVNXCAxYGCt9K9JbjrSopYlTqqIkVaUNvPHGY4%3D"}]}
cf-cache-status: MISS
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3356&min_rtt=540&rtt_var=2749&sent=150&recv=241&lost=0&retrans=0&sent_bytes=12608&recv_bytes=13944&delivery_rate=426750&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=79267e4a1add8b07&ts=1604&inflight_dur=40&x=40"
GET zqy.cuwsafg.es/rsvqxK1fhpwXMnYm2gM76AvahVptkTfMLbuv2QdFGbzDtEkMc075Q007nvVcd200
200 OK 268 B URL GET zqy.cuwsafg.es/rsvqxK1fhpwXMnYm2gM76AvahVptkTfMLbuv2QdFGbzDtEkMc075Q007nvVcd200
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /rsvqxK1fhpwXMnYm2gM76AvahVptkTfMLbuv2QdFGbzDtEkMc075Q007nvVcd200 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/svg+xml
cf-ray: 966e9682e94e56b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="rsvqxK1fhpwXMnYm2gM76AvahVptkTfMLbuv2QdFGbzDtEkMc075Q007nvVcd200"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IOBI%2Bf3af5PvKFEClAXjN%2BcLu6NsE47B0pzZrMqRrdjKrjh1QxTLqz6f0JOm8aFaHNpW%2FYMOg%2BEMxixdJYp0D7Dkj0ubEFOcbrE%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=851&min_rtt=0&rtt_var=132&sent=372&recv=308&lost=0&retrans=0&sent_bytes=263623&recv_bytes=39068&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21050&inflight_dur=201&x=40"
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 29 Jul 2025 18:11:53 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: FC96:2AD9C5:25B3577:2679176:68890F2E
X-Firefox-Spdy: h2
GET zqy.cuwsafg.es/ghSe5FeF4V4B9AsN4kzckt7xcRfhrEPnJxyv2BUS7L5ZHUtaQLGpmLef210
200 OK 25 kB URL GET zqy.cuwsafg.es/ghSe5FeF4V4B9AsN4kzckt7xcRfhrEPnJxyv2BUS7L5ZHUtaQLGpmLef210
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ghSe5FeF4V4B9AsN4kzckt7xcRfhrEPnJxyv2BUS7L5ZHUtaQLGpmLef210 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ghSe5FeF4V4B9AsN4kzckt7xcRfhrEPnJxyv2BUS7L5ZHUtaQLGpmLef210"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=jqp545608r84C7osc05CK%2F81OpgwfQ1JM0MwuKDNmLMbbnfkcSQywjUwVglmFOwKabzkQ%2Bs%2FX8oeqvIx%2BoJUtDHCi1RjnU6HcGw%3D"}]}
cf-ray: 966e9682f94f56b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=931&min_rtt=0&rtt_var=184&sent=400&recv=313&lost=0&retrans=0&sent_bytes=296385&recv_bytes=39305&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21066&inflight_dur=209&x=40"
GET release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: release-assets.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 38bb28af-201e-0012-0ee5-f09a85000000
x-ms-version: 2018-11-09
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
age: 3455
date: Tue, 29 Jul 2025 18:13:02 GMT
x-served-by: cache-iad-kiad7000080-IAD, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 24, 0
x-timer: S1753812783.865299,VS0,VE1
content-disposition: attachment; filename=randexp.min.js
content-type: application/octet-stream
content-length: 10245
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e96869ebf56b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 921998
expires: Sun, 19 Jul 2026 18:13:03 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B54C1TdeVEOMpveO4qaW6yfYqaCyIXRrEnSzVQxBRd2hZxU9pM8udDEO2m5HMCYImbG%2BKKSE3IkEeiwrHNg7cxvMTC%2FN3kAdHnl954m%2FbQUPgvsLOJgz3olLAah1OSWAMpRlkuWa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:42 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e96089b7856b5-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e967fcbb056b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 921997
expires: Sun, 19 Jul 2026 18:13:02 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e8UB98CgiE8wngeYgdGc%2BPujgiD2YgtRAScZjnqyeyx%2B1rwEEJieAGLnqs3MmyRdhJXxqzmayU1XfACfmT3IBNvkiPrkJkHQqkZ8HJjJUtmcB81Qe8ScYBubnWqIVJyaP574vYxY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET zqy.cuwsafg.es/yz2xY1QnEwBy9NChtaqf1MiajMwicfcFxPrsXewsahcLbTHdATWw0Pab174
200 OK 2.9 kB URL GET zqy.cuwsafg.es/yz2xY1QnEwBy9NChtaqf1MiajMwicfcFxPrsXewsahcLbTHdATWw0Pab174
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /yz2xY1QnEwBy9NChtaqf1MiajMwicfcFxPrsXewsahcLbTHdATWw0Pab174 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/svg+xml
cf-ray: 966e9682d94d56b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="yz2xY1QnEwBy9NChtaqf1MiajMwicfcFxPrsXewsahcLbTHdATWw0Pab174"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=V0Y1zjSbmXdzXEAYxHugTMkLR6HHNpa15a8PQWcdSD%2FXkpBROlIQRnuO2W1hWUPWRqKg%2B6JFnnEUd6Q85nJBjWy5I8tqpeKql1k%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=931&min_rtt=0&rtt_var=184&sent=400&recv=313&lost=0&retrans=0&sent_bytes=296385&recv_bytes=39305&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21065&inflight_dur=209&x=40"
POST r8iu5epgmndsc4mwyh9wn6lphi4kisooao0lu65ypgmjird0lgd.wcndwjr.es/sfxpcurzczlghwmjcNsIUVVCEXQRPYVTBDAQSHTVTNVIEHRNBYAWQNZTOGSrseEKdudiweZ0LZVjZ120qHk7Czwx31
200 OK 536 B URL POST r8iu5epgmndsc4mwyh9wn6lphi4kisooao0lu65ypgmjird0lgd.wcndwjr.es/sfxpcurzczlghwmjcNsIUVVCEXQRPYVTBDAQSHTVTNVIEHRNBYAWQNZTOGSrseEKdudiweZ0LZVjZ120qHk7Czwx31
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectwcndwjr.es
Fingerprint4B:FE:F0:6A:DC:60:8E:26:7E:A8:7F:B6:FF:19:08:31:26:27:71:E8
ValidityWed, 23 Jul 2025 23:12:15 GMT - Wed, 22 Oct 2025 00:10:58 GMT
File type ASCII text, with very long lines (536), with no line terminators
Hash b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
Quad9 DNS malicious Sinkholed
POST /sfxpcurzczlghwmjcNsIUVVCEXQRPYVTBDAQSHTVTNVIEHRNBYAWQNZTOGSrseEKdudiweZ0LZVjZ120qHk7Czwx31 HTTP/1.1
Host: r8iu5epgmndsc4mwyh9wn6lphi4kisooao0lu65ypgmjird0lgd.wcndwjr.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 115
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:05 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://zqy.cuwsafg.es
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qXbyXbc3oZOdvJclVvf9plIudDjETOhmKv3X1rpL6Jy75e2TGvV8WImjzkm98NDMfbh0iXYJhSuKvR%2FrtQjec3AZENbr9mF47paAKhnyodD9iYhrjJAVW6B5LNeajU%2FlI3%2Fwz78BA%2FbIO9rxTg8n5TAkTQNJNf3p3Qo0Cw%3D%3D"}]}
content-encoding: br
cf-ray: 966e96949ffa56af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET zqy.cuwsafg.es/12a8xVxyp8G8920
200 OK 28 kB URL GET zqy.cuwsafg.es/12a8xVxyp8G8920
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /12a8xVxyp8G8920 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:02 GMT
content-type: text/css;charset=UTF-8
cf-ray: 966e9682994156b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="12a8xVxyp8G8920"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=igffq1eRhZZd1pWzxQ46zRHkf1PL9o9XwJ0hH%2F4OgMYsdWGuKAacruyBTXtaSvzgx8hH5GRPKpyS1DyoKgYuCAaFUc09coJyd44%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=762&min_rtt=0&rtt_var=113&sent=340&recv=302&lost=0&retrans=0&sent_bytes=225951&recv_bytes=38791&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=20695&inflight_dur=158&x=40"
GET zqy.cuwsafg.es/mnwRe5t8hXkU73iktHOMbP2Hqmeij1sUaY2hm9vTk78150
200 OK 270 B URL GET zqy.cuwsafg.es/mnwRe5t8hXkU73iktHOMbP2Hqmeij1sUaY2hm9vTk78150
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /mnwRe5t8hXkU73iktHOMbP2Hqmeij1sUaY2hm9vTk78150 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/svg+xml
cf-ray: 966e9682d94b56b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="mnwRe5t8hXkU73iktHOMbP2Hqmeij1sUaY2hm9vTk78150"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=g3A7ZdLG0x%2FdCQ8hFIYhNmoTSpkY7ERBlo1p9E5q%2FSJDwm%2FnDr9MBopphX8RFnhhdDYt%2BY8UEeW5rXEjdv%2BBM2POQ4X6FiNa5Jc%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=941&min_rtt=0&rtt_var=267&sent=390&recv=311&lost=0&retrans=0&sent_bytes=285023&recv_bytes=39208&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21058&inflight_dur=206&x=40"
GET zqy.cuwsafg.es/qrJWs4SsPa3oIhPBoagLtfdzz1AbohtEY1GB9iQstuYGRFUJrbeVrWxGZrLgh2cd240
200 OK 9.6 kB URL GET zqy.cuwsafg.es/qrJWs4SsPa3oIhPBoagLtfdzz1AbohtEY1GB9iQstuYGRFUJrbeVrWxGZrLgh2cd240
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /qrJWs4SsPa3oIhPBoagLtfdzz1AbohtEY1GB9iQstuYGRFUJrbeVrWxGZrLgh2cd240 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="qrJWs4SsPa3oIhPBoagLtfdzz1AbohtEY1GB9iQstuYGRFUJrbeVrWxGZrLgh2cd240"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cgXa%2FWvi2zxJzC4bo5myK5D8F80MzJXiRPMszW6Vdwinmv38ogqgBxbDks6vS51GGV1taMgi4uOUXKD7431DIoZ1ERcJYGo%2BbOI%3D"}]}
cf-ray: 966e9682f95056b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=926&min_rtt=0&rtt_var=231&sent=392&recv=312&lost=0&retrans=0&sent_bytes=285879&recv_bytes=39255&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21060&inflight_dur=207&x=40"
GET kuvou1.dvlhpbxlmmi.es/loru$nrf99q6p
200 OK 1 B URL GET kuvou1.dvlhpbxlmmi.es/loru$nrf99q6p
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectdvlhpbxlmmi.es
FingerprintBF:C2:FD:81:1D:54:06:0D:DA:BD:3D:3E:FC:1D:5A:B0:78:4D:82:84
ValidityMon, 07 Jul 2025 23:12:55 GMT - Mon, 06 Oct 2025 00:10:19 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /loru$nrf99q6p HTTP/1.1
Host: kuvou1.dvlhpbxlmmi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:12:58 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=V6Ipaziw2kaz9Rm%2FeU6k8NasekTM8CZbFpjrfkAo7uKKz7qm0V1ZGWVSE%2FVPKg8V1AtVxDDIUAhYVHtZcxVeemj54HbhM%2FFpehtLDfyqZt%2FTcyM%3D"}]}
content-encoding: br
cf-ray: 966e9663590b568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
200 OK 242 kB URL User Request GET zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
IP
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type HTML document, ASCII text, with very long lines (52961), with CRLF line terminators
Size 242 kB (242007 bytes)
Hash e0d08313e054a03083dab497e7410cb2
03447ad76399a665d5c84b912dab4222e47cc549
a87c5cffe21e3036af770ab5641be4fa0d05a8c499edbe215f8a02b49119bafd
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IjVXNWErT3dBUy95N2lNNjNMN2FOV0E9PSIsInZhbHVlIjoidGY2cHRuQkhxQVV6WWNZT2NOeEh1dkpEeHlURitURzduZFBad1p6WU9zOEs1Vi91SFRuajBieFc3ZUdYaGYrcG1vRHU1NWxwMlpmWEE0bm5ZQUpGVzlnL1pFUXFYU01xTk1GSHdsWnhjMU1Xa1FDRG8ydGhRenlQcXMvWHdhdVEiLCJtYWMiOiJkZjkzMmNhYWI2ZTVmZGU4NGI0YzM1ZGZmNWUwMjg2OWY2OGQ5ZDk0ZjcxM2RkMzg1ODE3ZThmZTJhNjk4YzM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjQwV2pnV1lCZmFBa2NXNjZKeGg1OFE9PSIsInZhbHVlIjoiNHU1ZkorNms0WjdmdlphZC9rMGl4K1RGNzRnS2dxNTRPY25ZOVRPUHVEVjg5dTkyZ0Rqa0ljMFNPdjZuRHBKMXhlWUVDakczbmNWeEdxcmMwMDRZSjArTlpldXp1TmdOR05DcGdSVmNjVnRLUlUxTW1xQVVuWlh4cXNRQXJwanIiLCJtYWMiOiJhNDkzOWU0ZGIyNmQwODJiYzNhY2QzNzE2ZDNjZWNlOGEzMWJmZjdlZGY0NDczNTZmNDU2NGE1MjAwNmI1OGM1IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:01 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e9678690256b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1Aa3ndrTb16pTJMCUld%2BsKxFjK2J%2B%2BdWpIWLO5UHpH6s5UKDc9CqaMNLLO5gAjhRdJjYa5x55GYHR6aGjyrBWUz%2FmrgzxVvHqfY%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:01 GMT
laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:01 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1160&min_rtt=0&rtt_var=920&sent=183&recv=259&lost=0&retrans=0&sent_bytes=43234&recv_bytes=20491&delivery_rate=7343068&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=79267e4a1add8b07&ts=19155&inflight_dur=120&x=40"
GET challenges.cloudflare.com/turnstile/v0/b/8359bcf47b68/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/b/8359bcf47b68/api.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (48994)
Hash 39577a9d3cb7023280e0668e9959b87a
479979b3f4aa41586123fa9f077ee0383f99462f
41530221326a68dc1f45c285ba6b63b3a56d478d567b0a1da6756361c71b1f0a
GET /turnstile/v0/b/8359bcf47b68/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:42 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 21 Jul 2025 14:54:13 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 966e9606f8c056b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e96861ddb56b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333343
expires: Sun, 19 Jul 2026 18:13:03 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BkfWJYud2kp5mPm%2FqFH2y5L6rn3wJixPfl5nEaXiIfXvqJtP68aIrjMbeVPvsheyNc63ijyB4gZevBjPy96BHX1fa0KgAtUjOeQNPxJXj3vizZ5A%2FrgazCdK%2F8Mx0xszEw%2FsQBLN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e9673f8d656b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333340
expires: Sun, 19 Jul 2026 18:13:00 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=erGCi3512qRw8KdVlc5xFshJj1SNuwAxJSeHjVhl24RElfeKpi6hMBWTe9BlLPq08WhiF1mzrCakMFw4QFeZy8IGrlKFvCR9CCqcgCSrZaYwHcCa9nalDk7o0CdKVMJsbet74rrI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET zqy.cuwsafg.es/GDSherpa-vf2.woff2
200 OK 93 kB URL GET zqy.cuwsafg.es/GDSherpa-vf2.woff2
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2025 18:13:03 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=P4i9nvolGsiPS7HDsqGZVdYDlGWDref0qLX%2F8jPRe2x0C%2FnQaZ%2FWMo6Okbh8P88taAkUbPPTdbJ%2Bu3023qDcBhNV97IfXEl5zgQ%3D"}]}
cache-control: max-age=14400
cf-ray: 966e9682c94956b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=910&min_rtt=0&rtt_var=171&sent=543&recv=341&lost=0&retrans=0&sent_bytes=473612&recv_bytes=44703&delivery_rate=26927750&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=35427&unsent_bytes=0&cid=79267e4a1add8b07&ts=21326&inflight_dur=285&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:02 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e967f6b0c56b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333342
expires: Sun, 19 Jul 2026 18:13:02 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTo%2FJ6OrvybRNBOxF1xZyAHv9iTTs49bHxqgeZ%2Fkiat5XtNGK8%2B3kHrELWSMr6AD1D8i9gBMFDNTsVh25i7nIx%2FNQzCSvYwBBEB%2BgjeBXotDUk3XAKRJu9JPrkUp9CFcO5y9F6A9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST zqy.cuwsafg.es/gk8JpFeKhgvZI0t2mQgIQ1iZpLKH6e7An7bRGIBov9lNJbkA3Vov
200 OK 1 B URL POST zqy.cuwsafg.es/gk8JpFeKhgvZI0t2mQgIQ1iZpLKH6e7An7bRGIBov9lNJbkA3Vov
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /gk8JpFeKhgvZI0t2mQgIQ1iZpLKH6e7An7bRGIBov9lNJbkA3Vov HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 3072
Origin: https://zqy.cuwsafg.es
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e9688397f56b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xihiJFH1s7xClpI6bz%2BvSL4WMrRydNPHxC%2BN2IkewMGBNG1r0IviUkeXtxiZmhVl5hMnLxzZmbUeplxfmCWTufjMtYY2G1UPyF4%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IjdqcmI3UllobFp6Q0kxUHBNSlcveUE9PSIsInZhbHVlIjoidUd2RWY4T0hVK3JlV2FML0hRR2h1dTJSaVd1UnNSblVJUU1PNTYzak9tUEVaaTMrWG9qbFcwNzd4SmtDMkpCdnAxWkVuK05XQThScHhRNXZUcGlBcjR5enhjNEJwNGZVTE1PSG42dzB2c3pWdU9WTGVVbkp0NFRrRS9ORDZybkUiLCJtYWMiOiIwYzJjMTE4ZWVlMzIzZDNjZDc1MjYwNjZjYTA4Yzc0MGM2OGY4MjhmMzBlOTZjNTQwNmJkZjcxMWQ3YzRjYmJlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:03 GMT
laravel_session=eyJpdiI6IjRJSWZSK3BUOHFTOUNUSW43QStYSXc9PSIsInZhbHVlIjoiTnZ3TmN2RUZCd0VxTTNqSHZFZE0xUTNqMmJRNTNOUWU3REZWL2ZVNG1SZHdWVkdUNi80WDZlYjdyMWZ6dVpORmwxMmRBOXVpQ3M2U0hVOFQvNWpKZXdDckI2T0J0K01WTEZVSVZZODRsMmxxelR3UnJucFZFRmcreXNhQ3hMT0MiLCJtYWMiOiI3ZWU4MmQ5Y2I4NTM2YzY1ZGEzMWIwMGYwODkwZDE0ZWZjMDMwYzNlYzYwYTM2MTFkZDM0MmM0ZGY3Yzg4ODNiIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:03 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=953&min_rtt=0&rtt_var=242&sent=581&recv=347&lost=0&retrans=0&sent_bytes=523046&recv_bytes=44975&delivery_rate=26927750&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=35427&unsent_bytes=0&cid=79267e4a1add8b07&ts=21601&inflight_dur=313&x=40"
GET zqy.cuwsafg.es/GDSherpa-bold.woff2
200 OK 28 kB URL GET zqy.cuwsafg.es/GDSherpa-bold.woff2
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2025 18:13:03 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RUNMxS4RZnDmO6bMrydg%2B9WZqeRQ5s8HkhArziDeg5%2Fcw2F32CQYII821D7zd4dEWtF2%2BN2um7jPGgivqWtnFJXwAzEXXG52XF0%3D"}]}
cache-control: max-age=14400
cf-ray: 966e9682a94356b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=813&min_rtt=0&rtt_var=109&sent=349&recv=305&lost=0&retrans=0&sent_bytes=233808&recv_bytes=38930&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21024&inflight_dur=181&x=40"
GET zqy.cuwsafg.es/GDSherpa-bold.woff
200 OK 36 kB URL GET zqy.cuwsafg.es/GDSherpa-bold.woff
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2025 18:13:03 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=PnWRqyB7Ic03qvyruzn1ELK5k%2BDdPRMteN4ueAR17WJV%2BHC%2B93gYW7X31sE%2FnuPISPOyJ9JMyabYOTLkKUYXlIJ5EMr8EGK6"}]}
cache-control: max-age=14400
cf-ray: 966e9682a94456b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=822&min_rtt=0&rtt_var=100&sent=365&recv=307&lost=0&retrans=0&sent_bytes=254029&recv_bytes=39022&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21043&inflight_dur=200&x=40"
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 29 Jul 2025 01:56:32 GMT
expires: Sat, 11 Jul 2026 23:04:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c16cb9fc938243bd0209a41893a00da4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: TQDX186FCEc1rfjr_OdJA6AXJc6TK0J6SrFlQFwdDcutlu0WDLJg5w==
age: 1537725
X-Firefox-Spdy: h2
GET zqy.cuwsafg.es/favicon.ico
404 Not Found 0 B URL GET zqy.cuwsafg.es/favicon.ico
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Cookie: XSRF-TOKEN=eyJpdiI6IjdqcmI3UllobFp6Q0kxUHBNSlcveUE9PSIsInZhbHVlIjoidUd2RWY4T0hVK3JlV2FML0hRR2h1dTJSaVd1UnNSblVJUU1PNTYzak9tUEVaaTMrWG9qbFcwNzd4SmtDMkpCdnAxWkVuK05XQThScHhRNXZUcGlBcjR5enhjNEJwNGZVTE1PSG42dzB2c3pWdU9WTGVVbkp0NFRrRS9ORDZybkUiLCJtYWMiOiIwYzJjMTE4ZWVlMzIzZDNjZDc1MjYwNjZjYTA4Yzc0MGM2OGY4MjhmMzBlOTZjNTQwNmJkZjcxMWQ3YzRjYmJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRJSWZSK3BUOHFTOUNUSW43QStYSXc9PSIsInZhbHVlIjoiTnZ3TmN2RUZCd0VxTTNqSHZFZE0xUTNqMmJRNTNOUWU3REZWL2ZVNG1SZHdWVkdUNi80WDZlYjdyMWZ6dVpORmwxMmRBOXVpQ3M2U0hVOFQvNWpKZXdDckI2T0J0K01WTEZVSVZZODRsMmxxelR3UnJucFZFRmcreXNhQ3hMT0MiLCJtYWMiOiI3ZWU4MmQ5Y2I4NTM2YzY1ZGEzMWIwMGYwODkwZDE0ZWZjMDMwYzNlYzYwYTM2MTFkZDM0MmM0ZGY3Yzg4ODNiIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 29 Jul 2025 18:13:04 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e9690f9c156b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=W9soz2xKy9s%2BKJ8RNigIqQeXgLXYwoHBHwUzdLe3IuXEAA07XqYaZlot3z6GnNVNXCAxYGCt9K9JbjrSopYlTqqIkVaUNvPHGY4%3D"}]}
cf-cache-status: HIT
vary: accept-encoding
age: 20
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=890&min_rtt=0&rtt_var=469&sent=803&recv=374&lost=0&retrans=0&sent_bytes=807067&recv_bytes=47204&delivery_rate=29549716&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=29557&unsent_bytes=0&cid=79267e4a1add8b07&ts=22591&inflight_dur=367&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:12:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e96063ce356a3-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333322
expires: Sun, 19 Jul 2026 18:12:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i3EOglfBawseA%2BEh9NxCIRU77XHPRfczYnsvhYYF75fCByHFAZ2LgkzweNm%2B9aBa65g8SUQlsQ1Sxm99DyfnBJqftP5bShiZlu1SJnQWiMeiO7hpHLd0cxrFhxUSjD02t9BrE2XF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e967f0a7956b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 921996
expires: Sun, 19 Jul 2026 18:13:01 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SR64FQO8xPtIJoGxJ%2BrQKQpVU4CROXlrIPqqoP4%2BPac8ij7GlwDOgy7FKk5cB8LoYSF87g2XpMZdSadkdd26bN4tngfs2m2qHJIU6%2Fz2bwhJq121a8vBRYymtrds8Zza1WZPZ3We"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET zqy.cuwsafg.es/favicon.ico
404 Not Found 0 B URL GET zqy.cuwsafg.es/favicon.ico
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IlBpMGdNRFltaHArMHN5NWcrU2lWL2c9PSIsInZhbHVlIjoiMGI3VUdwUWN6aGVUOWJ1VnRPL055L0lEY2Uwcmc4WXBkd2dzTjBTVkFER3B2bmhXWFBMNE1VUm1HeFNEcUkrWHNZai90R3U2RkVWVG9UYktmZ1BpVkpvSXdydlhmZkhzRjlSOFgxUzIyMWxmM0xlWG50bmVoYXk1L1pSZDFPQXUiLCJtYWMiOiIzMGVhYjA0ZjQ3ZTY2MDI5MDFkOWJjZDY0ZDE4NTFlYTcxMzU0ZjBlNzJjODEyMTgyMmQyZDUwN2YwNjI0ZWNlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9jRC9hcDJpL2s5Wk8xL1FWU3RwdkE9PSIsInZhbHVlIjoiOGdhZHN1QTJSWnM4OC9TclNvbTc4VVhYYWFWUkptNUxZVWp6Z2p2MmFTdDRMSWRpdEVVTU9vMWNpcWxYbWVUTkZpSmt0K1Z4bGw5WHllV0ErcHJyWkRlWDJRRkZ1ZTdYVURGaVdVcFU1R25sMGJ2cDE5aDROSVRLaGdVdjY2aTQiLCJtYWMiOiJhODFjY2JkN2MwYTUyMjEzODZmNjEwNmU2NTExOWY1OWRkMjQwMjVjZmNlNDNiY2Y3OGE3MzFhYTZlZTk0MmExIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 29 Jul 2025 18:13:00 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e9674f8ae56b1-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=W9soz2xKy9s%2BKJ8RNigIqQeXgLXYwoHBHwUzdLe3IuXEAA07XqYaZlot3z6GnNVNXCAxYGCt9K9JbjrSopYlTqqIkVaUNvPHGY4%3D"}]}
cf-cache-status: HIT
vary: accept-encoding
age: 16
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1255&min_rtt=0&rtt_var=1332&sent=177&recv=256&lost=0&retrans=0&sent_bytes=40844&recv_bytes=19341&delivery_rate=7343068&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=79267e4a1add8b07&ts=18103&inflight_dur=117&x=40"
GET zqy.cuwsafg.es/GDSherpa-regular.woff2
200 OK 29 kB URL GET zqy.cuwsafg.es/GDSherpa-regular.woff2
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerGoogle Trust Services
Subjectcuwsafg.es
Fingerprint7F:72:26:19:E0:39:04:10:95:F2:F4:54:67:84:3C:EB:31:D5:BD:C7
ValidityTue, 03 Jun 2025 23:12:58 GMT - Tue, 02 Sep 2025 00:11:47 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: zqy.cuwsafg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ild2c3B3YnIwNk9IMXlDN2p2bUYxbHc9PSIsInZhbHVlIjoiTk5VV2dGVkxscU40L3YweXlPRUUvcWRud2VTTXBPaVFJMWxiUytidDFmNk5Ta1A0YUVRbzI5UzlRTytSR1VvajF3NmZ4cUhJTmY3eUw3SVV2c01KbkFUOGlycFV0QlQ5aGprZ3dnWjF0cE9tczZzekdxbjl0M1puejZuYUd5MFMiLCJtYWMiOiIxMmQ1MTllMmEyNTI1ZGZlYTlkMDVhYWY3ZmNmMWYyYWQzYmE1MmVlOGRmZGI3NzlkMWE1NjNhNmNlNWFlMzJiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkRFN1JqbjQvQlFGcDZtMURDYlBQK0E9PSIsInZhbHVlIjoiajVaTXY0RDhQOVVKd0VGeEdiUmFTdkMxYjZ6V3RnVWQ0RHpqa1kxVnp6eWw1WWFXMmgrdFZuQVdqRnhRYitxSXVoZy9ySVJmSTV0andKYjhFb1FwelhRcTJqMkhIbjU5WEluLzdMcG5rMUMrU2IvZVJWajh1SWRXOTQ0K1lPcU0iLCJtYWMiOiJjMGJlZjQzNzVjYjE5YzhmMTQwMGIwZWYxYTNlNmQ4YzJhMjczMzU4NGNiOWNkYTJiNzgwZjVhMGZiMjEwMDg0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:03 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: MISS
last-modified: Tue, 29 Jul 2025 18:13:03 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=H4arZZy%2FdU1%2FehnnBNF9QKyWMUFWLg5Hyo1kSULEOSF7OzC6dR5BMbKeYNDgyo4RA%2B6eujI8ovUiMiB%2B414OhT1ikWt57zga8rg%3D"}]}
cache-control: max-age=14400
cf-ray: 966e9682a94556b1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=807&min_rtt=0&rtt_var=93&sent=358&recv=306&lost=0&retrans=0&sent_bytes=245615&recv_bytes=38976&delivery_rate=21217483&ss_exit_cwnd=14906&ss_exit_reason=2&cwnd=32993&unsent_bytes=0&cid=79267e4a1add8b07&ts=21028&inflight_dur=198&x=40"
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://zqy.cuwsafg.es/hkw3xyaiuh?id=2a8dd4a780224e32c2-7969d0f89-b0170e64-7a01f53af909-09ebd89f7-459b2e02335844c-49bb9194-d6d1c09f9916-237dc951335c-5cb7ab4eba-123d2c49159cc0507d1
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 08 Jul 2025 22:58:17 GMT
expires: Wed, 08 Jul 2026 22:58:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 c16cb9fc938243bd0209a41893a00da4.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: So6u704WWYKugR2ARNWHsXEBWK2K271ZVR-yXa4i3JVLTO1AE8t_GA==
age: 1797285
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
200 OK 283 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 283 kB (282944 bytes)
Hash 9416795f22b3ec93692918040b13bdc7
dbf7fec21731bb4c7b6adc26934e153dedac9f0f
9b2c265a913119274b6e178f571acf09659718f68167255d59d288bcda9bee04
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/205772295:1753809448:SiB4Yhpq1WEHtEBF7qTX3dA5zZp61MHnz7Nm4bWPn9Y/966e9607ba1156b5/wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/tuv7z/0x4AAAAAABgGv4lWLzpYYVLT/auto/fbE/new/normal/en/
cf-chl: wN5hQzgerfPWRSWXkkOPZ9XomYE0fw1FdxZE31JFcvA-1753812762-1.2.1.1-bvKIMzoFuuIdLJ_ON55EOyFFwVQ5z_a5j98ILVSk5dlSGv5HK3RdoTyiVTEbXhcb
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3436
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:43 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: fCOoFyd7SpZR6LrbOMgzLDmphyYnaoN44c8dlytP8ITYkvhP9q6FIzmxSnT07CNNVTaEmSKfM/BzQH4y6QDghZfdB2jIOXTsZ9vL4D5cj1G2FNLSDuU9bYHbEsm0++pkk0ROQjRZfTWC7m27U0eGD5arKq7czrYd5IzX+378MsDgpyJkouSJ1TYneaHwugSAS3yeuhJ0g46nZlhLOKIm+nkeiygQ4vzSxdtCtgjTAAqzbtoraHLbhykosluHqbQMFAc1rahny+lETqD4zxMFdbc7ITjNCkOrU7tFZtFJC2RmAvrphrxZrcLYc/t2BnH79fy9PTe6NqaShM6WVEhhvNPQoPmG6Q3d+ybvpRd+otdGYrDM3I6WRDvCR/Nu9qI5Tn+s+JucQHrqVyBzLK9caMFgKakRXCEV22tvi0W91xAsbDrSUlQvHe3bCQ57w9AiryvFQVwp1LzWfZBgVUZeJxN9b2Fsf5NP6E30XNILNqkU1VINyiCAvUTWUF8+MkK+t8lzkW4iGvRePni5znXjUC5OsyvoI3gdELMbWMymnOXmCssrYbNLaLIRA/nr8O7/0n9O9x3seXgVpbwTxRv0K1FSe1d09RC9AcagAXNyX3m8JuiQbhvkMeGkUIxOT39DKadPz2ITDaayZ3cCZXUYguEbTqd4cJRv8f6mdHqCJsO1NlFdP21j226jkb8kvRnJn8i/IEL2y4KYtHxxxSBOStPZbJp+3L5lJr64w6MSKkSan7zKmO8kkHeVdZDf7kL16Dq5+Vi01eVhxtsKasPg+Q==$R69NGscySJbrJ6aa8ny1zg==
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e960b5fe856b5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://zqy.cuwsafg.es/lO6igcx!KX6eEh/$Jack.Bendheim@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://zqy.cuwsafg.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:12:59 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e96725dfe56b4-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333339
expires: Sun, 19 Jul 2026 18:12:59 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QDm6pyipmE6vvWnbap%2F3t2W1VT2dwj0aV3E0vPq5TdGyMoEol9gSFv8qkDQgibfdum85sTgOyq%2F5xSv0gE0XAiFCycWRbweXuCZO%2B%2Bjlrfxw0FXxE9TNZuc2%2FqjJY%2FSu4LFw6zc0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
172.67.144.162
151.101.2.137
140.82.121.3