GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95999973eb880b31-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 62872
expires: Tue, 23 Jun 2026 21:50:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hXZWm53UGuYlSELSqQbWCa%2BmtJmZfdpOVD%2BVnbTurWF60FPDGp1r%2BIZlQNsvFmykYvJYK5F9j6jn9WBD4QPwOpiZaFhvVECxP65EmVrBN%2FRQDOVnW%2F8bnDT35exjg2UpaczGW5nh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 9599998a59ee568e-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 62875
expires: Tue, 23 Jun 2026 21:50:39 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SlOLMcP3u2H%2BJKkVF0a5d88N3MqCty%2F7h89kCIVe5jdBRc4TC%2BKbB9EiAfELjz0o5u8xrCnz4TEVhOSwSVvbYCT4Cy%2Bz1y7%2BxBvoyGHrtbedKrpiT0aXF1JIEC2klddf0mOVf%2Fam"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
200 OK 209 kB URL User Request GET hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
IP
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type HTML document, ASCII text, with very long lines (11507), with CRLF line terminators
Size 209 kB (209102 bytes)
Hash 93210222b71c9d9ea91005b201f05f76
eb0befc2f2c3affd66de0e1c0b94617ebe1830a7
be5642a745b3fc2d2aad31b70c5e55ca86834fb20fe4326435f67c246e0e63a2
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6ImdWTmtuZ3M5TmtQdmZVR0ZXM0JDVXc9PSIsInZhbHVlIjoiVnVwaEc1azVhaUJ2VUlrczA4bmpqWS9EY05nTDVTaFc4SHNXWDVKRnhlS3RoR0MvTVcvSjJHQTlyMHJrVWpGdWo0S0prZFVlWkJPTnIxUG1wUXExd3J1ZnB2cnVWNWIrTzhjb3lBQWpoWk56UDFMZElRQjFwdCs1b2ZxOFVqekEiLCJtYWMiOiJmM2Q0MDNhNzYxMTY1YjMyN2FmYWMxZTQzNzUyNmVkNTA3YTZlY2ZmMWI0YWViMDY4NjA4ZTBhMDMzMTU2YmNkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InlWOEVEazdsLzBnYXd5Q0VNSGliY2c9PSIsInZhbHVlIjoiUjRwRENiTkNkV2ZDRVZMR2oyaDgxVkNnQlFIZVQyNDhrdWROVHZXSDNhOFF5VmVuc0M3ZjBOYzhmb01yV0srcHFCNkJuZkFIQTcvdGNXNGw2czVMYUZvclorNlFNUGE5OGhWVk1jeHlDQ3VocDljSFRaWkxtU28rczB1Ukw1NlciLCJtYWMiOiIxZjUxNDQ0MzBmNTM4MTU0ZjFjNjEwM2Y2ZTYwZDRlODYzMDkxNzdkMTA2ZjhhMmFmZTljNzRiNmE0MWQyY2VmIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:42 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95999991cca70b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=halle93R9V8c0i9b56uQZlFlaKOCwF9iEb%2FmDzrAXEIiZwrrPnAshaublBCbnK3ctgb16AP2YzHT91tGH67o%2FumZ1nAAHmlwiq%2FiI1L4"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:42 GMT
laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:42 GMT
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1266&min_rtt=0&rtt_var=1163&sent=196&recv=244&lost=0&retrans=0&sent_bytes=46988&recv_bytes=22567&delivery_rate=2080840&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=25841&inflight_dur=129&x=40"
POST hfwedgas.xaerosqdi.es/yentDWNoG1KZUGCvwJyeiB0sRa6Sh7Uvcwy9vZf8IhHIPsd6lFiYfCC94ssg2vcm
200 OK 1 B URL POST hfwedgas.xaerosqdi.es/yentDWNoG1KZUGCvwJyeiB0sRa6Sh7Uvcwy9vZf8IhHIPsd6lFiYfCC94ssg2vcm
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /yentDWNoG1KZUGCvwJyeiB0sRa6Sh7Uvcwy9vZf8IhHIPsd6lFiYfCC94ssg2vcm HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 2832
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:45 GMT
content-type: text/html; charset=UTF-8
cf-ray: 959999a59d6d0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QEp89i172RKYDHdyCyiJ6WGK01POlBF9cbf0Dt%2FLnM%2B6DQ9g3ObN%2BauOyGyYlwco3YQrDnobR5FGeCROqgYWcWqQ5YHAeCqxejznskqX"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjBvcEdmL1QvckNtS1hEczQ3MVpadlE9PSIsInZhbHVlIjoib3g0T3owWjkzbGw3K1RoNEFLUmt3dmdrS2hvSlRKbHMrb1lKWFpkZS9YZlRXK0pUNEF2aXNZbXloeFoxR01GdVJJYkdmSE53ZDdCbDR6SXZ6VjdSUVdZLzZqdUNPMFdnZFhsdXZNTmRXci9iczQyUEh6cDltRDVlVnVaZWdCdXMiLCJtYWMiOiIxMGE4NTAxY2IwYWE0Mzc0MzEwMTRjYzAwM2YxOTQ3Y2VjMTVmNDgyM2QwYzdhMzJiNjNkMTUxNGI5YmVhYWMxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:44 GMT
laravel_session=eyJpdiI6IktEKzJHNWhrLy9XendBZkVyOG9UWnc9PSIsInZhbHVlIjoickpDc1BMRTVqeEh0Wk9JV25FRDREaUpqbXRiOCtBUmg5OGFWdzhxcDlsWlUxRCtsR2hwaGx1SmttcmJqbzNkM0k4MWQrZ3VNb09zOUdYRkZRaWJRdFY3aEJla3hDa1lMQjZMSjhHRDVWNUVUK29aSU5kUVVKZXNYT3dZS25Cc00iLCJtYWMiOiI5MDU3MTk2MzE3MTczZGI5NjkyZmFhMWE1Zjc2NTYyYTIzMDhjNzUwYTNlZWJjMDFlMThiYTU3NjBlOTg4MDgwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:44 GMT
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=2088&min_rtt=0&rtt_var=656&sent=594&recv=343&lost=0&retrans=1&sent_bytes=519026&recv_bytes=51524&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=28625&inflight_dur=405&x=40"
GET du1o.kzvjz.es/sunel!826a
200 OK 1 B IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectkzvjz.es
Fingerprint15:21:C0:91:BA:5D:4E:D0:F8:C6:4C:52:B9:4C:9B:77:A4:97:B9:BA
ValidityTue, 03 Jun 2025 23:13:04 GMT - Tue, 02 Sep 2025 00:10:24 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /sunel!826a HTTP/1.1
Host: du1o.kzvjz.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:37 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HRNuKshl%2FvxY71z1xLc82bWeJabTBFuToZ%2BVO4KlwjtoDGfrU1%2Fo5%2BxTmqQakCYP404EPyaXCJ2xmMnvFIUdBB38sX89xbH1pr4c"}]}
content-encoding: br
cf-ray: 95999976ad665684-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 9599999b3eed568e-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 62878
expires: Tue, 23 Jun 2026 21:50:42 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A1N9JPCULRQcDU6Gs6vncgj3FuVe%2BUrAT4UDOPpeGiE%2FRFQ1dUP0vhJGL08PTaaiCp53PSElZrs9YvzdpvYdCDxh81aQPO0osoDj3KT%2FZ0pf97XiWlXPYIlkrddeZaNvU6UivXnB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET hfwedgas.xaerosqdi.es/GDSherpa-bold.woff2
200 OK 28 kB URL GET hfwedgas.xaerosqdi.es/GDSherpa-bold.woff2
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=LVPjFS%2FcOu8LjZnZdJ7wsTSOmUofJRemr9OpKB9QmVWrcYqAfX7Rv%2BJb1kbtYRLuXAOs1glijsgXAg61FZsVgbEBgzYuRAbS2OSKM2rd"}]}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 03 Jul 2025 21:50:43 GMT
vary: accept-encoding
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c4d170b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1588&min_rtt=0&rtt_var=1151&sent=387&recv=313&lost=0&retrans=1&sent_bytes=268450&recv_bytes=45161&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27242&inflight_dur=274&x=40"
GET hfwedgas.xaerosqdi.es/GDSherpa-bold.woff
200 OK 36 kB URL GET hfwedgas.xaerosqdi.es/GDSherpa-bold.woff
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DgGu3AVLH8ySWj%2BAWvQHdyb55cye0j9GdgJ57RwLzHothZF%2Fq1u%2FQcTrvGwAjzrgM5ZqzAOcYSDBts0dnQaVyRbr9WIaox7Ig0TdsYoc"}]}
content-disposition: inline; filename="GDSherpa-bold.woff"
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 03 Jul 2025 21:50:43 GMT
vary: accept-encoding
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c4d180b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1659&min_rtt=0&rtt_var=1679&sent=348&recv=310&lost=0&retrans=1&sent_bytes=221664&recv_bytes=45021&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27203&inflight_dur=248&x=40"
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Mon, 16 Jun 2025 04:25:19 GMT
expires: Tue, 16 Jun 2026 04:25:19 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: qokt9HyarOccjbo9m4EGkMwuYyNdJGa7AZ1l4_Xi0D1q5eqAfgmStw==
age: 1531523
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/favicon.ico
404 Not Found 0 B URL GET hfwedgas.xaerosqdi.es/favicon.ico
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IjBvcEdmL1QvckNtS1hEczQ3MVpadlE9PSIsInZhbHVlIjoib3g0T3owWjkzbGw3K1RoNEFLUmt3dmdrS2hvSlRKbHMrb1lKWFpkZS9YZlRXK0pUNEF2aXNZbXloeFoxR01GdVJJYkdmSE53ZDdCbDR6SXZ6VjdSUVdZLzZqdUNPMFdnZFhsdXZNTmRXci9iczQyUEh6cDltRDVlVnVaZWdCdXMiLCJtYWMiOiIxMGE4NTAxY2IwYWE0Mzc0MzEwMTRjYzAwM2YxOTQ3Y2VjMTVmNDgyM2QwYzdhMzJiNjNkMTUxNGI5YmVhYWMxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IktEKzJHNWhrLy9XendBZkVyOG9UWnc9PSIsInZhbHVlIjoickpDc1BMRTVqeEh0Wk9JV25FRDREaUpqbXRiOCtBUmg5OGFWdzhxcDlsWlUxRCtsR2hwaGx1SmttcmJqbzNkM0k4MWQrZ3VNb09zOUdYRkZRaWJRdFY3aEJla3hDa1lMQjZMSjhHRDVWNUVUK29aSU5kUVVKZXNYT3dZS25Cc00iLCJtYWMiOiI5MDU3MTk2MzE3MTczZGI5NjkyZmFhMWE1Zjc2NTYyYTIzMDhjNzUwYTNlZWJjMDFlMThiYTU3NjBlOTg4MDgwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 03 Jul 2025 21:50:46 GMT
content-type: text/html; charset=UTF-8
cf-ray: 959999b60dd30b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lSQrDA2ydzXLWbipOkOADuKNrySAZir%2BUsgLGjADRdQKhl3YDHmHLf%2BN6vHs7zjwduJX4X%2FQR1HQ7Car083inS%2BN1leCExVEl6%2BhiSdK"}]}
vary: accept-encoding
age: 29
cache-control: max-age=14400
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1069&min_rtt=0&rtt_var=242&sent=805&recv=371&lost=0&retrans=1&sent_bytes=795994&recv_bytes=53824&delivery_rate=27779982&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=26949&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=30315&inflight_dur=467&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=959998fbcc7756c1&lang=auto
200 OK 143 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=959998fbcc7756c1&lang=auto
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 143 kB (142941 bytes)
Hash e30c370acba731bcf040a74af8e02f66
ef9effef2c700ac481d09fbbbbeaf76019378a06
ed49243a534c4161361a6e2374c287c1eb8f9719c29f40ef415f0c9c1755722b
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=959998fbcc7756c1&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:17 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 959998fcadca56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Mon, 16 Jun 2025 04:25:19 GMT
expires: Tue, 16 Jun 2026 04:25:19 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: a69FQNI2uT3pGDLZaZ4EZubTDcwF_vYBNhPbhE1rh2qnZwPutwFKTQ==
age: 1531523
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/ghjcpYXWOEFi3k2nDqQEaEoAQwkHJmh1rMpkl1hzU9bUizSmfwYgNQDofaN12208
200 OK 25 kB URL GET hfwedgas.xaerosqdi.es/ghjcpYXWOEFi3k2nDqQEaEoAQwkHJmh1rMpkl1hzU9bUizSmfwYgNQDofaN12208
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /ghjcpYXWOEFi3k2nDqQEaEoAQwkHJmh1rMpkl1hzU9bUizSmfwYgNQDofaN12208 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:45 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=js8Q5inVJzqHf%2FpkKqQMqzA758zk5FSNWMHgxZu2%2Bjb7jZdt7GgxC5D93AyiX8wFe3HgjxtuWH86Z4bDifkoWbY%2BxuubY%2BJ7L2Mx3pOd"}]}
content-disposition: inline; filename="ghjcpYXWOEFi3k2nDqQEaEoAQwkHJmh1rMpkl1hzU9bUizSmfwYgNQDofaN12208"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999cbd240b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=2065&min_rtt=0&rtt_var=813&sent=588&recv=342&lost=0&retrans=1&sent_bytes=510637&recv_bytes=51480&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=28599&inflight_dur=402&x=40"
POST hfwedgas.xaerosqdi.es/ugR4TAgHzyOU2Ghu6x8Aw7OfwqbVbPoyPYpJwdJgQ4GRlh
200 OK 20 B URL POST hfwedgas.xaerosqdi.es/ugR4TAgHzyOU2Ghu6x8Aw7OfwqbVbPoyPYpJwdJgQ4GRlh
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /ugR4TAgHzyOU2Ghu6x8Aw7OfwqbVbPoyPYpJwdJgQ4GRlh HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Content-Type: multipart/form-data; boundary=---------------------------10243958302916650121198189955
Content-Length: 324
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InVRNlZsUlZzWXp0ZTg2c3dTZGs3b1E9PSIsInZhbHVlIjoiaTV6dS9wekJ6YVJGeisyV1pvSjFSQU82UG5OM21wWmRjTUJKNkIxa3lxdlk4VGZOd2cwYzRYOCtMSjdOK1gyaDFuSDZPQ3BibEp1Uy8rZHZFY0tQd0FsUHJnN1FpVjRQVE5sZ2gyMFBrSytjdUxYcmd5S0tkQ2kxN0NtTnoySDEiLCJtYWMiOiI4MDBlN2IwN2I3YjU1OWYzODdkMzgxZTY3NWUyMjc1YzhhOWY2N2FlYTE4ZDYxYTI5MDMwYTNlOGQwYTk3NjFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkZKaXZjVlR2aEFGb1NnRi9UZHlnOVE9PSIsInZhbHVlIjoibStLdDNWTkVMOVlzczRMTUdwTmFzT3AyS0ZTeWE4Ums4enpGT081TG40dnJCdW1rbzZLRHpVdlJjN09DQ0piQVpDK0lvancxMVVxdURrSkVBSWRzaENsc0prOTBaOW9ZSnVia1g5ME54Q0N3V09TYWJIbW1GSGJFS1NnTUNjdXkiLCJtYWMiOiJhNTU3ZDhkNGQwMzE1ZTE4MjZhYzU2NDU2OTMyZWM0OTY3ZWY4NTE0ODQxNzQ5M2FiNWM2YmMzMWRmYzAzMDg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:38 GMT
content-type: application/json
cf-ray: 9599997c1b3a0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FOqyiPchTdZainhyaBV1CYmUoHJ4J8bVDzcs4jqCoTrdDLzbh%2F5smr44uI2nspp39%2F0DYERBrb3Pqg8u%2FOPmqcKzjt59zqaPiPuViCSa"}]}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IjhSQUYxelN6YzRzNXZoZEV2bkZwVlE9PSIsInZhbHVlIjoicE1hVXd1NUFIc2ZXVWphSDd1MDhiYXpqZFpLUjByYVQ0UjQ2azNXWEJySFp4bC81YmlIRG9LcVNQQjZpcEtrRUtqNlNadUdNVzZWeVJrS2dtcWRNVXZxdTJLU3hZOU9nUHdNd1dPY2RWRmRoRGZ1SDV0ZEhNd2c5eEJmQXlMamkiLCJtYWMiOiI2YmUwMGEwYTBlM2M1ODlkMmVkYWFjZGIwMmIwNDJiZTRjOTA2OTkwY2JkNjY5YjM5YzQ3MjE3ZmY2NmFmNGJlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:38 GMT
laravel_session=eyJpdiI6ImU2QkU4VzVFUGxiVFBySzQ2a1hrbGc9PSIsInZhbHVlIjoicDFwN0MzS2RKK280b2dJZ0hyT0UrKzNoam9PUnVGckNrSkRoaG4ySStjUjJoL3VHTUhGdXdaazZVVlBoVldaZmp0ZDhjNTNnWCt4NG9zaUdYRGRrYmhtU1BRdVNiWGo5a1YzRVdyQkdZRGkzRG4veC9NUG5IUTR4eDFkR0lNSGMiLCJtYWMiOiIyZjU2Nzc1ZGVjMWI4ZjA2YWM0ZjJhMjVjNmVlYTA2NmQ0Mjg5NTI3Mzc2ZjExYzg4YjZmYWM0MWMxZGRhMjY2IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:38 GMT
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1682&min_rtt=0&rtt_var=1326&sent=169&recv=230&lost=0&retrans=0&sent_bytes=22048&recv_bytes=18215&delivery_rate=1331735&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=21891&inflight_dur=86&x=40"
GET hfwedgas.xaerosqdi.es/56wFS9ftrYggNBhvru5FzKuSjR7Vij1R9jianlv3Vv89109
200 OK 292 kB URL GET hfwedgas.xaerosqdi.es/56wFS9ftrYggNBhvru5FzKuSjR7Vij1R9jianlv3Vv89109
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 292 kB (292204 bytes)
Hash 04c1251bae5a4681ad29e5f0846a0ee2
6bd282d27792a21ab43f6210efffabce36c03b07
265d88c373a1f0711c817a8460c9a78512c040047f5ffcb22f380024a629f83a
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /56wFS9ftrYggNBhvru5FzKuSjR7Vij1R9jianlv3Vv89109 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:46 GMT
content-type: application/javascript
cf-ray: 9599999ccd270b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=MDIe51Vq8WyXGTVgbN0CzHyzNVeKkAG8DpOgblVJjdLstrFle6nYIfloAsfRKtmQHHbCzZj7H8NGNR7Nk2t3RgmH1iLiEAKvGsHPTRfs"}]}
content-disposition: inline; filename="56wFS9ftrYggNBhvru5FzKuSjR7Vij1R9jianlv3Vv89109"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1917&min_rtt=0&rtt_var=1322&sent=635&recv=352&lost=0&retrans=1&sent_bytes=569758&recv_bytes=51938&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=29842&inflight_dur=425&x=40"
GET hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
200 OK 1.2 kB URL User Request GET hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
IP
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type HTML document, ASCII text
Hash efcd0c80dd94a13e7a71e34b5cee5a5a
d95ddcf62cc6f1ed74aede689ec2a2bbabbe3678
4d3e4d6dd4d6895e421379b0dbd202d697614ed0b3d83f57e29b8431595747a2
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /OdeGZs5!4KH3wog/ HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:16 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=M2UCEfnL%2BY6KgKUhYSlybwHxIaDI1MeT1oCWATJS6Z8iFTpuOy1oNIMYkQYP6a%2BRJGEErgt3RSTB4Y5zA2gVzT9Xaa3AMPpT%2BIPXDwUN"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IlcvNVlHT2xBQXAvOFJZY0tFWTUwNGc9PSIsInZhbHVlIjoieitHR1BuNXBxMldYYUpKVEh6c1hXQkI4eUpPMlE5WW1ndEVuSnI3WitEcTdYVVZMT2Qvd28rWExzbms5aEE3aU9RVFJiODFoZXhPdG1mNXNFd1JFMzJkcktiR3NyeDFaSHVPczY1UjhyVDBkSjlPRTM5MWpkV2l1QTJIYmF0QysiLCJtYWMiOiIyNjRkZjVmYjgyYmE5NzJjYjc1NWMwNWZiOWJiZTlkMDFmMmZkMjRiMDNiNDQwMDU0NGQ1NWQyY2FjYWQ3YjRiIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:16 GMT
laravel_session=eyJpdiI6IkU0UnI2bmJINmVZYnV2WFZ5RENDNFE9PSIsInZhbHVlIjoiNHBhejY2SjdGZzBTM00rVVBVS2JjRGtqMmNPRGhIN09LbjdKRm1sSHFvWTJhZ2JlSkRkMU1KNVY1VDFoVnNuS201MDMxMUdqSS93TFBZdGFKV1VtT2RwSGFtQlVMTnJxN01FRDhzN2xMczR0dktqTnNoOS8ycnJTNVpQWnUwWXUiLCJtYWMiOiIwNzRiYjFkZjhiZjY2ZmNiNTJmNjI1ZGU5MjlhMDA5YTU2ZTc5ZTllYzMyYmVjZWU2ZGFiMDQ1NzY5NjI4OTAwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:16 GMT
cf-ray: 959998f07914b517-OSL
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/favicon.ico
404 Not Found 0 B URL GET hfwedgas.xaerosqdi.es/favicon.ico
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6InVRNlZsUlZzWXp0ZTg2c3dTZGs3b1E9PSIsInZhbHVlIjoiaTV6dS9wekJ6YVJGeisyV1pvSjFSQU82UG5OM21wWmRjTUJKNkIxa3lxdlk4VGZOd2cwYzRYOCtMSjdOK1gyaDFuSDZPQ3BibEp1Uy8rZHZFY0tQd0FsUHJnN1FpVjRQVE5sZ2gyMFBrSytjdUxYcmd5S0tkQ2kxN0NtTnoySDEiLCJtYWMiOiI4MDBlN2IwN2I3YjU1OWYzODdkMzgxZTY3NWUyMjc1YzhhOWY2N2FlYTE4ZDYxYTI5MDMwYTNlOGQwYTk3NjFjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkZKaXZjVlR2aEFGb1NnRi9UZHlnOVE9PSIsInZhbHVlIjoibStLdDNWTkVMOVlzczRMTUdwTmFzT3AyS0ZTeWE4Ums4enpGT081TG40dnJCdW1rbzZLRHpVdlJjN09DQ0piQVpDK0lvancxMVVxdURrSkVBSWRzaENsc0prOTBaOW9ZSnVia1g5ME54Q0N3V09TYWJIbW1GSGJFS1NnTUNjdXkiLCJtYWMiOiJhNTU3ZDhkNGQwMzE1ZTE4MjZhYzU2NDU2OTMyZWM0OTY3ZWY4NTE0ODQxNzQ5M2FiNWM2YmMzMWRmYzAzMDg1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 03 Jul 2025 21:50:36 GMT
content-type: text/html; charset=UTF-8
cf-ray: 959999756af90b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lSQrDA2ydzXLWbipOkOADuKNrySAZir%2BUsgLGjADRdQKhl3YDHmHLf%2BN6vHs7zjwduJX4X%2FQR1HQ7Car083inS%2BN1leCExVEl6%2BhiSdK"}]}
vary: accept-encoding
age: 19
cache-control: max-age=14400
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1821&min_rtt=0&rtt_var=1396&sent=165&recv=228&lost=0&retrans=0&sent_bytes=21346&recv_bytes=16859&delivery_rate=1331735&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=19982&inflight_dur=85&x=40"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 03 Jul 2025 21:50:39 GMT
age: 896442
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 145997
x-timer: S1751579440.755376,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/ijcLRiZy0HyJ4CDRIqccuzZuyzkCYbKB77FrruYTOwYQ56170
200 OK 7.4 kB URL GET hfwedgas.xaerosqdi.es/ijcLRiZy0HyJ4CDRIqccuzZuyzkCYbKB77FrruYTOwYQ56170
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijcLRiZy0HyJ4CDRIqccuzZuyzkCYbKB77FrruYTOwYQ56170 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: image/svg+xml
cf-ray: 9599999cad210b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=NoKwbT94Qp8J7jjnWOGcZke8rzfSf0FxUJdCWw4M5JQXLOz1a5XVAXBgef5HeH33QSwPSNiNs%2BMe5ZzjGeoE4msVjnD4p0%2Ftzgk2lh43"}]}
content-disposition: inline; filename="ijcLRiZy0HyJ4CDRIqccuzZuyzkCYbKB77FrruYTOwYQ56170"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1338&min_rtt=0&rtt_var=495&sent=468&recv=323&lost=0&retrans=1&sent_bytes=369481&recv_bytes=45641&delivery_rate=16091265&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24395&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27282&inflight_dur=302&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/959998fbcc7756c1/1751579417595/9a5e589a58f15553217657480462ea9a839b360efbed78fd423b839e31489a62/wZwdm4DgwUV7GWi
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/959998fbcc7756c1/1751579417595/9a5e589a58f15553217657480462ea9a839b360efbed78fd423b839e31489a62/wZwdm4DgwUV7GWi
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/959998fbcc7756c1/1751579417595/9a5e589a58f15553217657480462ea9a839b360efbed78fd423b839e31489a62/wZwdm4DgwUV7GWi HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Thu, 03 Jul 2025 21:50:19 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gml5YmljxVVMhdldIBGLqmoObNg777Xj9QjuDnjFImmIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIJpeWJpY8VVTIXZXSARi6pqDmzYO--14_UI7g54xSJpiABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIJpeWJpY8VVTIXZXSARi6pqDmzYO--14_UI7g54xSJpiABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArFBSpY0YPcNslVpklXsEb2gfZsCpmIVdQhoS4K7cHrhquWhyk4MLkyi7_s6aWrx_Xf7HlTYTdYhnNJYeSmBvNR-rT9Jr-vgHew2EKxCRkzFMKPiBFgHMw6CQNwFmH4vtDoB7QjzQGuScPRdzh7kPu8509ew2xkFnr9tjB-6n7HM01yE-AK-YLGAsO2pnr7E7uB1wVPOxxon_JAZ3bYOfTUgjOOdXlFNC8lcuocjbz6S74A95qx_Ud-iEvXXfOoBv5KLuG4xndLeZHQmGd8Zt7VxbSldzBAmsB7NLLExZxPD-x71RLAY9HVS2lcMOPbQ3diWMBwpfS95tytYOn-a5rwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 9599990caa6656c1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 03 Jul 2025 21:50:42 GMT
age: 896445
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 146000
x-timer: S1751579443.597424,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/qryWbXHybnVqY0qmbXljBbNjlGIfAZgK4k9HUj868TIuviIrTl7Dvyvo3LVoVzH0Xam8aV9JoXfiwp4xjzdcd235
200 OK 9.6 kB URL GET hfwedgas.xaerosqdi.es/qryWbXHybnVqY0qmbXljBbNjlGIfAZgK4k9HUj868TIuviIrTl7Dvyvo3LVoVzH0Xam8aV9JoXfiwp4xjzdcd235
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /qryWbXHybnVqY0qmbXljBbNjlGIfAZgK4k9HUj868TIuviIrTl7Dvyvo3LVoVzH0Xam8aV9JoXfiwp4xjzdcd235 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:45 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s1jOki9naP9W6eG%2BCaVylCQ8gwaSeJTeWRkTGdQms9cZ%2BnXmaZ5RYSWJgHz9dV5qiN%2FqG10EX6%2FpLwCNWGD8uu67aenEpPzxdKa8vz2O"}]}
content-disposition: inline; filename="qryWbXHybnVqY0qmbXljBbNjlGIfAZgK4k9HUj868TIuviIrTl7Dvyvo3LVoVzH0Xam8aV9JoXfiwp4xjzdcd235"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999ccd250b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1655&min_rtt=0&rtt_var=760&sent=610&recv=347&lost=0&retrans=1&sent_bytes=538446&recv_bytes=51706&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=28776&inflight_dur=411&x=40"
GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
200 OK 1.9 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:44 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: 8f437342-e01e-0036-594f-e73999000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250703T215044Z-17dfff74684dc7c6hC1SVGgwms000000049g000000005wk2
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=hexonWrap&render=explicit
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=hexonWrap&render=explicit
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=hexonWrap&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 03 Jul 2025 21:50:16 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/e7e9d014f96e/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 959998fa98b15697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/efBsH4ex8Q3EjZz8SAVrUuvQi4UNNDZpXjZxas378150
200 OK 270 B URL GET hfwedgas.xaerosqdi.es/efBsH4ex8Q3EjZz8SAVrUuvQi4UNNDZpXjZxas378150
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /efBsH4ex8Q3EjZz8SAVrUuvQi4UNNDZpXjZxas378150 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: image/svg+xml
cf-ray: 9599999c9d200b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uzHULfKRXhbF9sfIooaiHR7v3U10YumW9pl%2BwmB6Iy712IwHpQuAmQa5ssnNl4hdwrHDvcPZLExZylo%2Fct%2BC6jqJCFoRoY8tP5eCe2UA"}]}
content-disposition: inline; filename="efBsH4ex8Q3EjZz8SAVrUuvQi4UNNDZpXjZxas378150"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1282&min_rtt=0&rtt_var=483&sent=487&recv=324&lost=0&retrans=1&sent_bytes=394389&recv_bytes=45692&delivery_rate=16091265&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24395&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27284&inflight_dur=304&x=40"
GET hfwedgas.xaerosqdi.es/yzPTjoCOxNvcjL3AKTMsWhmHgKrFGdx1P01TMoppM9vxh6bpiyWMlosjyMmPab177
200 OK 2.9 kB URL GET hfwedgas.xaerosqdi.es/yzPTjoCOxNvcjL3AKTMsWhmHgKrFGdx1P01TMoppM9vxh6bpiyWMlosjyMmPab177
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /yzPTjoCOxNvcjL3AKTMsWhmHgKrFGdx1P01TMoppM9vxh6bpiyWMlosjyMmPab177 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:45 GMT
content-type: image/svg+xml
cf-ray: 9599999cad220b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=GK1ofIAVFgrIWruor4QBq%2Bw9mOEO3t6PFtD4BArYgR0aGZPNNoTxdj8qPbbjYy2jImFYsXaGkKLlBg6FpcNaL5xYDiucrl06j9kyWHZQ"}]}
content-disposition: inline; filename="yzPTjoCOxNvcjL3AKTMsWhmHgKrFGdx1P01TMoppM9vxh6bpiyWMlosjyMmPab177"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1939&min_rtt=0&rtt_var=1706&sent=633&recv=351&lost=0&retrans=1&sent_bytes=567907&recv_bytes=51892&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=29240&inflight_dur=423&x=40"
POST hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
200 OK 90 B URL User Request POST hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
IP
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type HTML document, ASCII text, with no line terminators
Hash 7828f7ae07241c0978ce44e5cc4a0a83
a9c93817a15b03507c3c21021fba863d3ac62b7f
a65713ab569fbcda76f7d8cd7827b5cc51b58eb5d1b03b50c91924ba9c785fd9
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /OdeGZs5!4KH3wog/ HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1008
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6IlcvNVlHT2xBQXAvOFJZY0tFWTUwNGc9PSIsInZhbHVlIjoieitHR1BuNXBxMldYYUpKVEh6c1hXQkI4eUpPMlE5WW1ndEVuSnI3WitEcTdYVVZMT2Qvd28rWExzbms5aEE3aU9RVFJiODFoZXhPdG1mNXNFd1JFMzJkcktiR3NyeDFaSHVPczY1UjhyVDBkSjlPRTM5MWpkV2l1QTJIYmF0QysiLCJtYWMiOiIyNjRkZjVmYjgyYmE5NzJjYjc1NWMwNWZiOWJiZTlkMDFmMmZkMjRiMDNiNDQwMDU0NGQ1NWQyY2FjYWQ3YjRiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkU0UnI2bmJINmVZYnV2WFZ5RENDNFE9PSIsInZhbHVlIjoiNHBhejY2SjdGZzBTM00rVVBVS2JjRGtqMmNPRGhIN09LbjdKRm1sSHFvWTJhZ2JlSkRkMU1KNVY1VDFoVnNuS201MDMxMUdqSS93TFBZdGFKV1VtT2RwSGFtQlVMTnJxN01FRDhzN2xMczR0dktqTnNoOS8ycnJTNVpQWnUwWXUiLCJtYWMiOiIwNzRiYjFkZjhiZjY2ZmNiNTJmNjI1ZGU5MjlhMDA5YTU2ZTc5ZTllYzMyYmVjZWU2ZGFiMDQ1NzY5NjI4OTAwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:34 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95999963aa5e0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DSZ%2BQXr5fp1GJoc1uG15n8a%2BtoGff7O2UgMJ7wdtck1kYZ09q7dkH3prZS%2BdFzM1jggiNCJWgKMKl6DjQ9qOTumCVondaPr6ddnzig6b"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6IkFMNURYR0JpVjBpVzdyaytIU3lTN3c9PSIsInZhbHVlIjoicC9RRHpocWk1ZFV1aFdnaXpnOUdUejhKWHdDNDZWVEpvd0VBaS95OUJZcWh0Y2VNTnhpbWtRQ0ROcjR3bi9rci81UDF3VEpJdU82K1lXQyt2R2VSQUdZcFVmRWxURGFad1VlNTdZR2t3VzVtSFBlb1ZNTklNa3Y1Vjg1aG5kdXMiLCJtYWMiOiIwYWJlN2I5MzI2YWYxNjBlZDA2ZWI5YjMxNDljNDRiMjZhYTRlNTY4MmQ5ZTgwMmM3YWExYTIxZDU1ZjY3ZmE0IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:34 GMT
laravel_session=eyJpdiI6IlB4UDFrNmo0bHc3a2JLYzVRd2pBQXc9PSIsInZhbHVlIjoiNGprc0gzbW5qUlVVSHpsRVFxQ0NXWTdydm1IWUxEeXFWTU0yNjJQV2Npa21hQVhtdWhmbi9QS2VwcEM4UHkySURsbExkblNiTGhOQ0NzMDFEbllUa3dtOEh0RXg4WVA4NVEzemx2aHFoTDhsK3IxYVdkbTJ0MzNtRHlhTDV2cFIiLCJtYWMiOiJhNGQxMjhjNDg4YTgwZTgxOTBhOGJjYzk4MjBiNTAwM2E3MTEzZDc3ODE5NjM2N2I0Yjg1MWQ5ZTI2MWU2NjhkIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:34 GMT
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=2332&min_rtt=554&rtt_var=2184&sent=157&recv=222&lost=0&retrans=0&sent_bytes=13537&recv_bytes=14863&delivery_rate=472016&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=18343&inflight_dur=36&x=40"
GET hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
200 OK 8.2 kB URL User Request GET hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
IP
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type HTML document, ASCII text, with very long lines (375), with CRLF line terminators
Hash be69d586b466f6224bccbc2b582577a5
c412097771785b726be7fbe7ba65e9a2f793261a
47fb45f6a254363a9c6341c30c475832ad1518b7c222df8ea3acdff439e1604b
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /OdeGZs5!4KH3wog/ HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6IkFMNURYR0JpVjBpVzdyaytIU3lTN3c9PSIsInZhbHVlIjoicC9RRHpocWk1ZFV1aFdnaXpnOUdUejhKWHdDNDZWVEpvd0VBaS95OUJZcWh0Y2VNTnhpbWtRQ0ROcjR3bi9rci81UDF3VEpJdU82K1lXQyt2R2VSQUdZcFVmRWxURGFad1VlNTdZR2t3VzVtSFBlb1ZNTklNa3Y1Vjg1aG5kdXMiLCJtYWMiOiIwYWJlN2I5MzI2YWYxNjBlZDA2ZWI5YjMxNDljNDRiMjZhYTRlNTY4MmQ5ZTgwMmM3YWExYTIxZDU1ZjY3ZmE0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlB4UDFrNmo0bHc3a2JLYzVRd2pBQXc9PSIsInZhbHVlIjoiNGprc0gzbW5qUlVVSHpsRVFxQ0NXWTdydm1IWUxEeXFWTU0yNjJQV2Npa21hQVhtdWhmbi9QS2VwcEM4UHkySURsbExkblNiTGhOQ0NzMDFEbllUa3dtOEh0RXg4WVA4NVEzemx2aHFoTDhsK3IxYVdkbTJ0MzNtRHlhTDV2cFIiLCJtYWMiOiJhNGQxMjhjNDg4YTgwZTgxOTBhOGJjYzk4MjBiNTAwM2E3MTEzZDc3ODE5NjM2N2I0Yjg1MWQ5ZTI2MWU2NjhkIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:36 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9599996bcab20b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=QNdrihF17QpQ1SmD7qfmrMsqYBzzBU%2BFHeMMGKzIBPhAWI3dti82IMZ%2Bm4%2B0kI2SlU6BmDYqD%2FSNcmUZePbPy71sSBVqKiFVHpaVv3K3"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6InVRNlZsUlZzWXp0ZTg2c3dTZGs3b1E9PSIsInZhbHVlIjoiaTV6dS9wekJ6YVJGeisyV1pvSjFSQU82UG5OM21wWmRjTUJKNkIxa3lxdlk4VGZOd2cwYzRYOCtMSjdOK1gyaDFuSDZPQ3BibEp1Uy8rZHZFY0tQd0FsUHJnN1FpVjRQVE5sZ2gyMFBrSytjdUxYcmd5S0tkQ2kxN0NtTnoySDEiLCJtYWMiOiI4MDBlN2IwN2I3YjU1OWYzODdkMzgxZTY3NWUyMjc1YzhhOWY2N2FlYTE4ZDYxYTI5MDMwYTNlOGQwYTk3NjFjIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:36 GMT
laravel_session=eyJpdiI6IkZKaXZjVlR2aEFGb1NnRi9UZHlnOVE9PSIsInZhbHVlIjoibStLdDNWTkVMOVlzczRMTUdwTmFzT3AyS0ZTeWE4Ums4enpGT081TG40dnJCdW1rbzZLRHpVdlJjN09DQ0piQVpDK0lvancxMVVxdURrSkVBSWRzaENsc0prOTBaOW9ZSnVia1g5ME54Q0N3V09TYWJIbW1GSGJFS1NnTUNjdXkiLCJtYWMiOiJhNTU3ZDhkNGQwMzE1ZTE4MjZhYzU2NDU2OTMyZWM0OTY3ZWY4NTE0ODQxNzQ5M2FiNWM2YmMzMWRmYzAzMDg1IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:36 GMT
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=2226&min_rtt=554&rtt_var=1850&sent=159&recv=224&lost=0&retrans=0&sent_bytes=14960&recv_bytes=15843&delivery_rate=472016&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=19633&inflight_dur=58&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:42 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 9599999aee64568e-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 62878
expires: Tue, 23 Jun 2026 21:50:42 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rLpEshy4IIpTRHl7chaMVMm6veBwkPvNJh2a8m7rKzZIWQHpE21SI%2BUVIAqrsCOHWE08%2BDK7V%2BN2l8xOc4sqBku7J4CJSGZOvKlTUVuVgv90Gut7brWcRWSPx7CODFsl7F%2FVJwas"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET hfwedgas.xaerosqdi.es/de3e5CUCA49WBBzkueheJuLD1hECabppizJGcdidXUsVQQMJH6sOXpC9IGwW0KFnikwmmnqUc6nhPYtMdfIjLQMlO9wvbk7odb2Aq1dutzxcAi4JUGilTbdd86ZwgQEESk9wVx2RymIwSYhwYhbpmRi3DAkb6FJoGop665
200 OK 4.6 kB URL GET hfwedgas.xaerosqdi.es/de3e5CUCA49WBBzkueheJuLD1hECabppizJGcdidXUsVQQMJH6sOXpC9IGwW0KFnikwmmnqUc6nhPYtMdfIjLQMlO9wvbk7odb2Aq1dutzxcAi4JUGilTbdd86ZwgQEESk9wVx2RymIwSYhwYhbpmRi3DAkb6FJoGop665
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4e60aa2de553e4705cbf57ec3e0fa2f0
91b69ed3809086b0fc7e25231b71fa3a8a80a099
5c3f2d6bc58270cf0932f6902e094855e8b1c7534f9360eea615b10060128764
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /de3e5CUCA49WBBzkueheJuLD1hECabppizJGcdidXUsVQQMJH6sOXpC9IGwW0KFnikwmmnqUc6nhPYtMdfIjLQMlO9wvbk7odb2Aq1dutzxcAi4JUGilTbdd86ZwgQEESk9wVx2RymIwSYhwYhbpmRi3DAkb6FJoGop665 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: image/webp
content-length: 4622
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IPrq0rXM5vxx%2BCZKUQhHFZmfYu9FXvr1bCm2im4GQZd6C6qHYi4GyrNUiNMeOlcRiTAvIFSfa4NQX3Eoutb3rzUmXaaz8T2%2BKRyc8dJO"}]}
content-disposition: inline; filename="de3e5CUCA49WBBzkueheJuLD1hECabppizJGcdidXUsVQQMJH6sOXpC9IGwW0KFnikwmmnqUc6nhPYtMdfIjLQMlO9wvbk7odb2Aq1dutzxcAi4JUGilTbdd86ZwgQEESk9wVx2RymIwSYhwYhbpmRi3DAkb6FJoGop665"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c7d1d0b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1381&min_rtt=0&rtt_var=762&sent=426&recv=317&lost=0&retrans=1&sent_bytes=317370&recv_bytes=45349&delivery_rate=16091265&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24395&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27250&inflight_dur=282&x=40"
GET hfwedgas.xaerosqdi.es/uvNl1CXRHWC4FL5uTJefstiIvZvV2Loi34130
200 OK 644 B URL GET hfwedgas.xaerosqdi.es/uvNl1CXRHWC4FL5uTJefstiIvZvV2Loi34130
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /uvNl1CXRHWC4FL5uTJefstiIvZvV2Loi34130 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:44 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=61MhtWSgM4wjvbS%2BCl5kWNjhXiL72ihS3I8yMeSTHgpTmqBqib6gO6VKPvkdoHro4LdoGBH7IVagHV5sPrpGJvnEK5Dnl1nHoZTw2k4f"}]}
content-disposition: inline; filename="uvNl1CXRHWC4FL5uTJefstiIvZvV2Loi34130"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c9d1e0b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1970&min_rtt=0&rtt_var=1473&sent=584&recv=339&lost=0&retrans=1&sent_bytes=506497&recv_bytes=51345&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27809&inflight_dur=353&x=40"
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
200 OK 290 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 290 kB (289480 bytes)
Hash d58682b52cc94c80093f81791dc21530
c258e1df004566ba4ee8169a6fbbbf1b53d1f3cf
4662fe51f9e94224b60605e6c9dfc8556b9ec4cca4411d57f68532eef76ba482
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
cf-chl: f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3447
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:17 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: aNk0wFuz/lqaR5XyJl4XhRyQAafQSiRIa4qhgMAUb2YU0Er/2y4kfMuq2xLCwAojLXDdXBgtBcKRYd1IU7zz7Fq4ZG4NQqSpDnZLci6H04VANVEPhmN1cCOPi4O5FsPofLyNbAfGrz1QCBAu+GCbHqQrJ5k3v5oVupT6JvLbCGOsMyBVUkvq2d7X4CTlheurx/6l50oGFryrqjaR0m0lBn07FjKVkB/OFoIXizFEDFylN2bdXDoJsTSv15Wx8KgeS5OY2jUBMwsCPRQjn118I3ILT5puZbyACnV4HPwYtdOB9fuvScPJ8cd4JwAZNemiUujoPBBLFYnjIhPZovR7aNK8pKheIF969A4q/I2lHIOSNve/wIqT8j2cTImxfbWAacFZu90dNjk1S88hAWsz/OqnujSj0NCRckJNGlgJyZ2D7X8gd6jU4uOYgbEmy2ok4DCbwOV8ttwBPAcZnvJsy0UiS4Fs3b3rMXjRhN4HhqLxLPh6uRcLXiq9ozf3CFvp+z9FzpGTsAOSOQnrjED5Mi1owkUXhYr2g7v0h/03ScRLYGHYgBVGvZZZ6hlE2cfHO1K9A6Ql90+Yh+IJ9TS9xpKT8320+35jupwfyvYODaPV5aJieSyK5TNgPLxyxrVYC/GZKexEHPPADgV2GgovlAsMfeng+vI9YlBjKvu2pBWNynn80oHm/SO5TkkpKSPfPs6FQe3mLOiAWF3wUsMTLJjXhv9UBrlgicS0oD/VEqjcJjSe2FKK1yigWr5mxoXNgmo/4q2TCB4JppCtDuYTlaSAtdNxI0U8OeLcow/IqEgkKwN6Ra7ieXrLR2QMlRA2$WqPzy5+Mzsd795xHIVtcmw==
priority: u=3,i=?0
server: cloudflare
cf-ray: 959998ffd99156c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/959998fbcc7756c1/1751579417601/yZHlaGXxsZpDZTC
200 OK 252 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/959998fbcc7756c1/1751579417601/yZHlaGXxsZpDZTC
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 2 x 57, 8-bit/color RGBA, non-interlaced
Hash 97721ff3d8e12146f344ac1d195656a7
be675150ad6b4e993febd719d01117dad809aabb
40610289528c069aea51d2cb3bfa8e57a1246e57f54f6e6d0fbb1e81d520aa1b
GET /cdn-cgi/challenge-platform/h/b/d/959998fbcc7756c1/1751579417601/yZHlaGXxsZpDZTC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:24 GMT
content-type: image/png
content-length: 252
priority: u=4,i=?0
server: cloudflare
cf-ray: 9599992bdc0156c1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST hfwedgas.xaerosqdi.es/kfYLTTRnUphmEbu9qOmtkLVo52RLmKFT29TNMwBew
200 OK 524 B URL POST hfwedgas.xaerosqdi.es/kfYLTTRnUphmEbu9qOmtkLVo52RLmKFT29TNMwBew
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
Hash b1afc812c0fbd81fa57565e0ca0e532a
d27f53e292efe4aef5085d8b6d66b3c30be357de
46e07b547e856d2835859f473e32da8fb96c455119c1c08513174e8ea5e328d2
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /kfYLTTRnUphmEbu9qOmtkLVo52RLmKFT29TNMwBew HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6Ik1sMDNaZHZaaHcvaU9QVUZnM0VQL0E9PSIsInZhbHVlIjoiOHl3Mnd1T3psOTc4L1YxWXpkMnBpaTRiWTN1Y0ZxazJvc3dHaENHQTlsT3ZXTUN1NTFRWEpyN1JuRzlIZGJmVGFRUkVqRHlHTmVkK0hxZUVpUWk5czgvY2dXdE1KbU4vZWxMcitDVTlBNlVla2l2T3JsWnZsU1FVdCtoK2N6ZmwiLCJtYWMiOiJkZTRmZGYyOTQ0MjVlZDdmZTg1M2MwMDBiMDdkNDk5OTQ4MTRlNzY5YzkwMTJhZDE1ZjhiMTAwYjVlZTdiMDZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZBZk0yblV4Ty9jMWpzMXdHTDhzS1E9PSIsInZhbHVlIjoiN0tYcFZJTkkvNkxDT21lNnUrQkVHMmJIVHZPMWxkQk9IRkVxOXlFdGtQMnZhT0x3OVc0VGxoNjQyMlEzSllUcU1wV3IzL3EzK0xITkFRYkphNGVPWlNjZkpPRzFMSndwU1FBelVudTBWOHBBZXoxSmxjdXo0aTdueXVFRHNxYnQiLCJtYWMiOiI0NGM0NTE1M2U5YTRjOTEyNzlkZTdiMDZkOGVkYWRmZWU5MDdiNzk2NGU5ZTE3MmVmM2E4ODI1MDM1ZTZhYTcwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:40 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9599998b0c6b0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=q17V1jYWMMdW3y4lb5y5K7kh1Jsfb8mqbOLm2E4xErvp79sW%2BRt41ZIDt6xLiq4aFxE3pj7z0MmpD%2Fk9dJTfexFDA%2F5tpv0pQYMF22JA"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6ImdWTmtuZ3M5TmtQdmZVR0ZXM0JDVXc9PSIsInZhbHVlIjoiVnVwaEc1azVhaUJ2VUlrczA4bmpqWS9EY05nTDVTaFc4SHNXWDVKRnhlS3RoR0MvTVcvSjJHQTlyMHJrVWpGdWo0S0prZFVlWkJPTnIxUG1wUXExd3J1ZnB2cnVWNWIrTzhjb3lBQWpoWk56UDFMZElRQjFwdCs1b2ZxOFVqekEiLCJtYWMiOiJmM2Q0MDNhNzYxMTY1YjMyN2FmYWMxZTQzNzUyNmVkNTA3YTZlY2ZmMWI0YWViMDY4NjA4ZTBhMDMzMTU2YmNkIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:40 GMT
laravel_session=eyJpdiI6InlWOEVEazdsLzBnYXd5Q0VNSGliY2c9PSIsInZhbHVlIjoiUjRwRENiTkNkV2ZDRVZMR2oyaDgxVkNnQlFIZVQyNDhrdWROVHZXSDNhOFF5VmVuc0M3ZjBOYzhmb01yV0srcHFCNkJuZkFIQTcvdGNXNGw2czVMYUZvclorNlFNUGE5OGhWVk1jeHlDQ3VocDljSFRaWkxtU28rczB1Ukw1NlciLCJtYWMiOiIxZjUxNDQ0MzBmNTM4MTU0ZjFjNjEwM2Y2ZTYwZDRlODYzMDkxNzdkMTA2ZjhhMmFmZTljNzRiNmE0MWQyY2VmIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:40 GMT
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1339&min_rtt=0&rtt_var=1357&sent=192&recv=242&lost=0&retrans=0&sent_bytes=45149&recv_bytes=21432&delivery_rate=2080840&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=24326&inflight_dur=127&x=40"
GET hfwedgas.xaerosqdi.es/abc8LfF7dIpqXef30
200 OK 36 kB URL GET hfwedgas.xaerosqdi.es/abc8LfF7dIpqXef30
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /abc8LfF7dIpqXef30 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9599999c4d160b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xDyrbEn92vHOmnfbbUe1uZQzOEP2L5gNLvTcbxPPwo2%2BUxzE%2F0Yh85Ie2Olr8s1Mc2bax%2B8Xo4QOJC73hjRw5LC0XTuD1FET9OyXicMN"}]}
content-disposition: inline; filename="abc8LfF7dIpqXef30"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1221&min_rtt=0&rtt_var=1071&sent=341&recv=309&lost=0&retrans=1&sent_bytes=212706&recv_bytes=44976&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27179&inflight_dur=242&x=40"
GET hfwedgas.xaerosqdi.es/qrwVr26rwDGhgMO5Oj7ghLMUCVbhNrBkKGR45140
200 OK 892 B URL GET hfwedgas.xaerosqdi.es/qrwVr26rwDGhgMO5Oj7ghLMUCVbhNrBkKGR45140
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /qrwVr26rwDGhgMO5Oj7ghLMUCVbhNrBkKGR45140 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: image/webp
content-length: 892
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9S4xLOTXCrva8YDM3%2BWOAwyctgmTPEbl6viIvvJiFF1Jay6hvLSbV2%2FCfBKY5gtBJ6E7PafOLYfog0MGohMLb%2Fzxi8XAQ322lNIj0mdX"}]}
content-disposition: inline; filename="qrwVr26rwDGhgMO5Oj7ghLMUCVbhNrBkKGR45140"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c9d1f0b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1387&min_rtt=0&rtt_var=707&sent=448&recv=321&lost=0&retrans=1&sent_bytes=344035&recv_bytes=45544&delivery_rate=16091265&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24395&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27277&inflight_dur=299&x=40"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash 4e8a7ef85ac5902750bd4725e8e940e5
5a1ae01b91d670b506533a032dd0d2b43f76fa3b
cb5695d265c3249cd2e6359ddb9224fc0569bb9b47ceb8f1d1304a2b4c1dccc5
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:44 GMT
content-type: application/json
server: cloudflare
x-request-id: c0b1bf54e3dadf1be8f98363ffc16db9-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=veoMHkHevlUZOYoXEIlG70nXDOgz%2B4qv4Ya7ODjA8abrHN%2BYxIBEDMJWJQvvBHNSpK7uoS7Eo%2Bt2nytOQKgb2ulhOBSZhCg%3D"}]}
content-encoding: br
cf-ray: 959999a48c5c5696-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/favicon.ico
404 Not Found 0 B URL GET hfwedgas.xaerosqdi.es/favicon.ico
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6IlcvNVlHT2xBQXAvOFJZY0tFWTUwNGc9PSIsInZhbHVlIjoieitHR1BuNXBxMldYYUpKVEh6c1hXQkI4eUpPMlE5WW1ndEVuSnI3WitEcTdYVVZMT2Qvd28rWExzbms5aEE3aU9RVFJiODFoZXhPdG1mNXNFd1JFMzJkcktiR3NyeDFaSHVPczY1UjhyVDBkSjlPRTM5MWpkV2l1QTJIYmF0QysiLCJtYWMiOiIyNjRkZjVmYjgyYmE5NzJjYjc1NWMwNWZiOWJiZTlkMDFmMmZkMjRiMDNiNDQwMDU0NGQ1NWQyY2FjYWQ3YjRiIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkU0UnI2bmJINmVZYnV2WFZ5RENDNFE9PSIsInZhbHVlIjoiNHBhejY2SjdGZzBTM00rVVBVS2JjRGtqMmNPRGhIN09LbjdKRm1sSHFvWTJhZ2JlSkRkMU1KNVY1VDFoVnNuS201MDMxMUdqSS93TFBZdGFKV1VtT2RwSGFtQlVMTnJxN01FRDhzN2xMczR0dktqTnNoOS8ycnJTNVpQWnUwWXUiLCJtYWMiOiIwNzRiYjFkZjhiZjY2ZmNiNTJmNjI1ZGU5MjlhMDA5YTU2ZTc5ZTllYzMyYmVjZWU2ZGFiMDQ1NzY5NjI4OTAwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 03 Jul 2025 21:50:17 GMT
content-type: text/html; charset=UTF-8
cf-ray: 959998fb8de70b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lSQrDA2ydzXLWbipOkOADuKNrySAZir%2BUsgLGjADRdQKhl3YDHmHLf%2BN6vHs7zjwduJX4X%2FQR1HQ7Car083inS%2BN1leCExVEl6%2BhiSdK"}]}
vary: accept-encoding
age: 12
cache-control: max-age=14400
cf-cache-status: MISS
alt-svc: h3=":443"; ma=86400
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=2494&min_rtt=554&rtt_var=2479&sent=154&recv=219&lost=0&retrans=0&sent_bytes=12826&recv_bytes=12780&delivery_rate=472016&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=672&inflight_dur=34&x=40"
GET hfwedgas.xaerosqdi.es/favicon.ico
404 Not Found 0 B URL GET hfwedgas.xaerosqdi.es/favicon.ico
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Cookie: XSRF-TOKEN=eyJpdiI6Ik1sMDNaZHZaaHcvaU9QVUZnM0VQL0E9PSIsInZhbHVlIjoiOHl3Mnd1T3psOTc4L1YxWXpkMnBpaTRiWTN1Y0ZxazJvc3dHaENHQTlsT3ZXTUN1NTFRWEpyN1JuRzlIZGJmVGFRUkVqRHlHTmVkK0hxZUVpUWk5czgvY2dXdE1KbU4vZWxMcitDVTlBNlVla2l2T3JsWnZsU1FVdCtoK2N6ZmwiLCJtYWMiOiJkZTRmZGYyOTQ0MjVlZDdmZTg1M2MwMDBiMDdkNDk5OTQ4MTRlNzY5YzkwMTJhZDE1ZjhiMTAwYjVlZTdiMDZlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZBZk0yblV4Ty9jMWpzMXdHTDhzS1E9PSIsInZhbHVlIjoiN0tYcFZJTkkvNkxDT21lNnUrQkVHMmJIVHZPMWxkQk9IRkVxOXlFdGtQMnZhT0x3OVc0VGxoNjQyMlEzSllUcU1wV3IzL3EzK0xITkFRYkphNGVPWlNjZkpPRzFMSndwU1FBelVudTBWOHBBZXoxSmxjdXo0aTdueXVFRHNxYnQiLCJtYWMiOiI0NGM0NTE1M2U5YTRjOTEyNzlkZTdiMDZkOGVkYWRmZWU5MDdiNzk2NGU5ZTE3MmVmM2E4ODI1MDM1ZTZhYTcwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 03 Jul 2025 21:50:39 GMT
content-type: text/html; charset=UTF-8
cf-ray: 9599998bbc7b0b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lSQrDA2ydzXLWbipOkOADuKNrySAZir%2BUsgLGjADRdQKhl3YDHmHLf%2BN6vHs7zjwduJX4X%2FQR1HQ7Car083inS%2BN1leCExVEl6%2BhiSdK"}]}
vary: accept-encoding
age: 22
cache-control: max-age=14400
cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1415&min_rtt=0&rtt_var=1605&sent=190&recv=241&lost=0&retrans=0&sent_bytes=44500&recv_bytes=21387&delivery_rate=2080840&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=23548&inflight_dur=126&x=40"
GET hfwedgas.xaerosqdi.es/op7OYMmjdV2ZZbdmAEo5kHcWk8wBQOf4NPwYnghSddH0B3VcIDGovgk6L2Jo2v7ef200
200 OK 268 B URL GET hfwedgas.xaerosqdi.es/op7OYMmjdV2ZZbdmAEo5kHcWk8wBQOf4NPwYnghSddH0B3VcIDGovgk6L2Jo2v7ef200
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /op7OYMmjdV2ZZbdmAEo5kHcWk8wBQOf4NPwYnghSddH0B3VcIDGovgk6L2Jo2v7ef200 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:44 GMT
content-type: image/svg+xml
cf-ray: 9599999cad230b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=WTwJXqJaomGcsxKweGtVwlrzN9wXiFKIgcGTDee8zVBwd%2Fs7OoZNCGNNadVYQulP9I9lACcpzenTEcLAsugKrrYYVv50CH44W%2BgxlL6u"}]}
content-disposition: inline; filename="op7OYMmjdV2ZZbdmAEo5kHcWk8wBQOf4NPwYnghSddH0B3VcIDGovgk6L2Jo2v7ef200"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1981&min_rtt=0&rtt_var=1125&sent=585&recv=340&lost=0&retrans=1&sent_bytes=507780&recv_bytes=51390&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27929&inflight_dur=375&x=40"
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250703%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250703T214926Z&X-Amz-Expires=1800&X-Amz-Signature=b37321562ba05a9825589d0076942b349610aa13e0ec28e1ce22b1fba75edc85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250703%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250703T214926Z&X-Amz-Expires=1800&X-Amz-Signature=b37321562ba05a9825589d0076942b349610aa13e0ec28e1ce22b1fba75edc85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250703%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250703T214926Z&X-Amz-Expires=1800&X-Amz-Signature=b37321562ba05a9825589d0076942b349610aa13e0ec28e1ce22b1fba75edc85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Thu, 03 Jul 2025 21:50:43 GMT
age: 749
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 23045, 2
x-timer: S1751579443.928583,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
200 OK 30 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (29544), with no line terminators
Hash 78b96b0ba7281acbb0ba40d729c1ca78
f3381c2497f70dd3545d40987ff6314114576184
8aa684160ea2a14b48a61e0ff3d18b5367702cc2c26821c85d30e44036897552
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
cf-chl: f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34935
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:25 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: OXfqMEvpK+Rl8sIsrcQxWaIt6gpT7UsnseGWxpLAgnm/xjYMcUSWwME+xicZuSat$4owLi2oXFF250GhGPsZ4Vg==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95999932dcb556c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 03 Jul 2025 21:49:26 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250703%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250703T214926Z&X-Amz-Expires=1800&X-Amz-Signature=b37321562ba05a9825589d0076942b349610aa13e0ec28e1ce22b1fba75edc85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: E67A:1299:4DD033:5062DB:6866FB32
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 959999a368e7568e-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 62879
expires: Tue, 23 Jun 2026 21:50:43 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MCFF3Ki131jk1NN651FG5f1iPGeSewevpvfWyJOriZLi0S787C4phuCilL9DcmTLkdbzMtys022IpNx4WGtKtfLpFvu91y90Buy8QWo8AwAd7W0J7hr4JYSu593MlIpDpBAIT%2F8r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 03 Jul 2025 21:50:36 GMT
age: 896439
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 145996
x-timer: S1751579436.265095,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
200 OK 26 kB URL User Request GET hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
IP
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type JavaScript source, ASCII text, with very long lines (25049), with CRLF line terminators
Hash 26151a5ca754b58eff3ce2f2f97ede7a
720d733496d4a8168d48cb39212f7a345571721c
9482ab3f36142c66bec702285bb8f57f124f0beebe0d5a04e75ebd45bd67f9e0
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /OdeGZs5!4KH3wog/ HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjhSQUYxelN6YzRzNXZoZEV2bkZwVlE9PSIsInZhbHVlIjoicE1hVXd1NUFIc2ZXVWphSDd1MDhiYXpqZFpLUjByYVQ0UjQ2azNXWEJySFp4bC81YmlIRG9LcVNQQjZpcEtrRUtqNlNadUdNVzZWeVJrS2dtcWRNVXZxdTJLU3hZOU9nUHdNd1dPY2RWRmRoRGZ1SDV0ZEhNd2c5eEJmQXlMamkiLCJtYWMiOiI2YmUwMGEwYTBlM2M1ODlkMmVkYWFjZGIwMmIwNDJiZTRjOTA2OTkwY2JkNjY5YjM5YzQ3MjE3ZmY2NmFmNGJlIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImU2QkU4VzVFUGxiVFBySzQ2a1hrbGc9PSIsInZhbHVlIjoicDFwN0MzS2RKK280b2dJZ0hyT0UrKzNoam9PUnVGckNrSkRoaG4ySStjUjJoL3VHTUhGdXdaazZVVlBoVldaZmp0ZDhjNTNnWCt4NG9zaUdYRGRrYmhtU1BRdVNiWGo5a1YzRVdyQkdZRGkzRG4veC9NUG5IUTR4eDFkR0lNSGMiLCJtYWMiOiIyZjU2Nzc1ZGVjMWI4ZjA2YWM0ZjJhMjVjNmVlYTA2NmQ0Mjg5NTI3Mzc2ZjExYzg4YjZmYWM0MWMxZGRhMjY2IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:39 GMT
content-type: text/html; charset=UTF-8
cf-ray: 959999818b570b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=XyasYCgtMtQSXk4tEhgHvLDz9uzhIpkXfzWr%2FPxStEhvJ4T60PV%2Flvi7Xrr5Mrcmt0Z4QboQrD9JttLPwOpHwdk1e7qRrfXhi2Ka0CIL"}]}
cache-control: no-cache, private
vary: accept-encoding
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6Ik1sMDNaZHZaaHcvaU9QVUZnM0VQL0E9PSIsInZhbHVlIjoiOHl3Mnd1T3psOTc4L1YxWXpkMnBpaTRiWTN1Y0ZxazJvc3dHaENHQTlsT3ZXTUN1NTFRWEpyN1JuRzlIZGJmVGFRUkVqRHlHTmVkK0hxZUVpUWk5czgvY2dXdE1KbU4vZWxMcitDVTlBNlVla2l2T3JsWnZsU1FVdCtoK2N6ZmwiLCJtYWMiOiJkZTRmZGYyOTQ0MjVlZDdmZTg1M2MwMDBiMDdkNDk5OTQ4MTRlNzY5YzkwMTJhZDE1ZjhiMTAwYjVlZTdiMDZlIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:39 GMT
laravel_session=eyJpdiI6IjZBZk0yblV4Ty9jMWpzMXdHTDhzS1E9PSIsInZhbHVlIjoiN0tYcFZJTkkvNkxDT21lNnUrQkVHMmJIVHZPMWxkQk9IRkVxOXlFdGtQMnZhT0x3OVc0VGxoNjQyMlEzSllUcU1wV3IzL3EzK0xITkFRYkphNGVPWlNjZkpPRzFMSndwU1FBelVudTBWOHBBZXoxSmxjdXo0aTdueXVFRHNxYnQiLCJtYWMiOiI0NGM0NTE1M2U5YTRjOTEyNzlkZTdiMDZkOGVkYWRmZWU5MDdiNzk2NGU5ZTE3MmVmM2E4ODI1MDM1ZTZhYTcwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 03 Jul 2025 23:50:39 GMT
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=1546&min_rtt=0&rtt_var=1267&sent=172&recv=232&lost=0&retrans=0&sent_bytes=23439&recv_bytes=19199&delivery_rate=1331735&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=23176&inflight_dur=88&x=40"
GET hfwedgas.xaerosqdi.es/34ScU3ZeGM5xyMsDy6r6720
200 OK 28 kB URL GET hfwedgas.xaerosqdi.es/34ScU3ZeGM5xyMsDy6r6720
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /34ScU3ZeGM5xyMsDy6r6720 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9599999c3d140b65-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uxOnnhByQyFoCMZWtFqUN2uwRCxpf2eS9uiCA8TQjaQKXWz97c%2FCsnqmGFor3XNicRmzwj7CetZmdMjuz4Jt%2Bj19o7HroSWeJqZoJN1f"}]}
content-disposition: inline; filename="34ScU3ZeGM5xyMsDy6r6720"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
vary: accept-encoding
content-encoding: br
server-timing: cfL4;desc="?proto=QUIC&rtt=639&min_rtt=0&rtt_var=100&sent=333&recv=307&lost=0&retrans=0&sent_bytes=204848&recv_bytes=44886&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27132&inflight_dur=196&x=40"
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hfwedgas.xaerosqdi.es
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 23 Jun 2025 13:02:15 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 23 Jun 2026 13:02:15 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: et3Nsm-zVtjPn7FIrSOvxOj6ZwCIulEqjG9HHtRRVLsFkAT3HkbKAQ==
age: 895708
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/b/e7e9d014f96e/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/b/e7e9d014f96e/api.js
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (48827)
Hash 8b98ab0c9c1187379712de2162d133c8
13070544fcfc6954ce563779c26ba54b72271380
73f6150de629bcd8401d4778d9a4f5460cbcce244f913447acbdd25ad50cca25
GET /turnstile/v0/b/e7e9d014f96e/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:16 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 03 Jul 2025 10:26:41 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 959998fac8e45697-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
200 OK 27 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type HTML document, ASCII text, with very long lines (27005), with no line terminators
Hash 6fe656c9022e44f03c2e1b94d60245f7
aaf483ac81c13dfce9511dc92ee518e821316885
5346094547f3e434e318440de7d32831896477a4fd09d121d1a0ca594b0692f7
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:16 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-Sx2PYA0ii9Z6Xgcv' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 959998fbcc7756c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:17 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 959998fc8da056c1-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
200 OK 4.9 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (4940), with no line terminators
Hash 9921f298c6a9878cfce02752c6b6ea17
95d45b5213859a8a9c036a0bf78551bb330e0c38
2155f5d07da426fa363014dd03235df99e27a3710785224a8331945fc0e951cd
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1166302198:1751577414:-qh_a4TTTwOYD84-EwNgztIuHI5pTbIfRzEkcV4luv4/959998fbcc7756c1/f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/sbtde/0x4AAAAAABids-RwE0pssIPt/auto/fbE/new/normal/auto/
cf-chl: f_a7Le5kxax.xgpT5dDtCZSRWvuG8ih1eKiegZG9wFs-1751579416-1.2.1.1-vtoqxyLY24fJXAUtToAb.7T4rA2cSHRaE_BtxWUKze8lrMD3MfX.4_vmDY7OtDuf
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 47778
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:33 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: 9CXB2PcsKVo8fUVcCrHP+EQvwg2bMKBIxH4jAWKNdTl74VrCv6C47jJXHHD1aiDLZEMGLX6fZ4pzVOB0iGPr/2sUqbHpBvBt8EPPlUyg3VOFUdl96Y3Y9RqjnU8Z2ZaHsHnzC/lxpP2tDKre19oZW3UBJVOKYzgYbDfRrlgO15yyX8znEos/FSWkoHi1yQ8iAbQVRCIzxCgctFroqZuT1jFmmS8Z8uI8VmSHsn+YtM1QYnDw1Zab3fZj1aDTIp0n1o4eoM7lrvL814BnCSFFEFGseXhjyVz4nVRLqhVBT65uqyX+xF5xzMy5vHWt2fgroWX32P2G73yu/2whctb1pS5ov2a4i4aod2TMmTYhLStqp4wCGM0TY5MdFOHyc7LLFsVicHQH3eJZj3LYhbjHomEfYSJYYBr39j5sDV/CCJRyfuw+U5OAWwg7omlLyXahLPow0+RSE3Ge7Mm4xZin4e+8XxpPjMyUoVbWRjzY5Pj3sRRVRQxNcIm5D5jh7F1wTAN8PrfY7/YEIcmK3F3J7fMYXRiWEf2Uw2x6cFHcT4aixJrLQeIgtqUpRAoFTs7HgsIDGddseTpJTDcCkAsxIr5v/f2qC+XXDKyejjgq6eFTluvs7zdY+DH2glc2a1xYHFtTuM91M4gMrU4nz9OifTy38OzoIcM43nlM1L2B4GwIU4XN1Y4EXQOOyIbdtcXJ1bzy7okCLUMXDoAOqP8iXFwYLoEiAY6P3F/XrQWB3M0sFK+p29WH76leUex5/nS9iH8MZiSNdeCAyC08rytIGwcZ+ASxk/x8PpuIwneqxUrvxtFjpHljrwW8xXgofSgQOiULeSlNmmxm2MPLB+D5xHRX1c+KKRs519mDPU9KWoB2PhYje+9OQAMMzb41PhzaLzr0Lo4jLhr4NBZlJ3EII5paCY2zZwp0YXcWXiyft8uF8VXwVykjOuHfZd0op3OJnbfg0Br/C2NkNMnPqx4BsJb5Pi9qj63aal/SPftP+hQZbtzPRp947NJRl9b7DovMzFWtkE0jRpl2YM1neLVGoWFV8zqN3xP56iRemnLNmtoSdKr32T1hZPEKey3TkHgklUSdp4aCFbIzNSNsWA7or4g8Nucxt0cP2Lc/h5UaM68ePyLk9MvDQiQINTAbHnZ/uIoig1YccCS46GyC/rn94JyfG/hqCGNqFBGuJ1xhr+bW0gbXEqKUMQmFcMQvVWvJSc8VpIRgJqGX2z77fl+WAeMO3wwC0kSEI7B9bKp3vY/1JHvpqZRxERMN4OpMBdLSVbVT8bW4h+lta3m2cr5L7zy/23ucv4VAnv47XE7Gxd8=$7eT4jkSOIWxTCoyQ08kVJQ==
cf-chl-out: 01Aw5SkipxUdsQp71t5r0VDyPu+oFo0Z6hFLDXD39XZllHzXaBw8vugAg4sqMBCPdbEPx6jMskbT7L3Lm7WLhQ==$Z2ZBAzmozrNHzlZxiel7NQ==
priority: u=3,i=?0
server: cloudflare
cf-ray: 959999625cc756c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET hfwedgas.xaerosqdi.es/GDSherpa-regular.woff2
200 OK 29 kB URL GET hfwedgas.xaerosqdi.es/GDSherpa-regular.woff2
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tEqq%2BDMs6aiC9UhLHEJ68WeRDe9spIMZo0bhm5M4itu2Oq8hDM6N5gpwBmYVzgxOghNdI7VaaeeY8WIGx%2BLAEzMDuim%2F6PYiDzVTJr9Y"}]}
content-disposition: inline; filename="GDSherpa-regular.woff2"
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 03 Jul 2025 21:50:43 GMT
vary: accept-encoding
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c4d190b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1659&min_rtt=0&rtt_var=1679&sent=342&recv=310&lost=0&retrans=1&sent_bytes=213334&recv_bytes=45021&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27202&inflight_dur=248&x=40"
GET hfwedgas.xaerosqdi.es/GDSherpa-vf.woff2
200 OK 44 kB URL GET hfwedgas.xaerosqdi.es/GDSherpa-vf.woff2
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zURFgrPHfEG%2BYPiBkgV4TNmI3lz8xYRrMiCU5GzdtIC9cP6fBkhHGKjfg4abGCD6Ub675Fo0N%2F%2Fx7h7UVWIs1z5gU3ub3FV5Fjofec6O"}]}
content-disposition: inline; filename="GDSherpa-vf.woff2"
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 03 Jul 2025 21:50:43 GMT
vary: accept-encoding
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c6d1b0b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1588&min_rtt=0&rtt_var=1151&sent=372&recv=313&lost=0&retrans=1&sent_bytes=249089&recv_bytes=45161&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27239&inflight_dur=274&x=40"
GET hfwedgas.xaerosqdi.es/stnlquEaJr1fzuwErTqekil0KItmvjKlOguOTlqmUO2TOJj9OmnpS6bYH5ypv0lXsvlFXBZ7ciNUYx8Hgh260
200 OK 18 kB URL GET hfwedgas.xaerosqdi.es/stnlquEaJr1fzuwErTqekil0KItmvjKlOguOTlqmUO2TOJj9OmnpS6bYH5ypv0lXsvlFXBZ7ciNUYx8Hgh260
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /stnlquEaJr1fzuwErTqekil0KItmvjKlOguOTlqmUO2TOJj9OmnpS6bYH5ypv0lXsvlFXBZ7ciNUYx8Hgh260 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:45 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HwyKGGWDRC5enpt%2FQOiY8Ho%2Fxdig7i9SeHkg8FHJFgJTKl6I0WSombXkcsZv%2BklgS6i7m9cH01%2BPxwnyeUxpcIoWji9Fpicqy5yd5fip"}]}
content-disposition: inline; filename="stnlquEaJr1fzuwErTqekil0KItmvjKlOguOTlqmUO2TOJj9OmnpS6bYH5ypv0lXsvlFXBZ7ciNUYx8Hgh260"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999ccd260b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1534&min_rtt=0&rtt_var=812&sent=618&recv=348&lost=0&retrans=1&sent_bytes=548977&recv_bytes=51753&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=28828&inflight_dur=413&x=40"
GET hfwedgas.xaerosqdi.es/ijglFn1QXNDFUuxVzt7GCjG8m0Cy97zU0Kd89jvxXAwhID5ZMj7lVcwljJOrdPEbsBfkyz223
200 OK 1.3 kB URL GET hfwedgas.xaerosqdi.es/ijglFn1QXNDFUuxVzt7GCjG8m0Cy97zU0Kd89jvxXAwhID5ZMj7lVcwljJOrdPEbsBfkyz223
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijglFn1QXNDFUuxVzt7GCjG8m0Cy97zU0Kd89jvxXAwhID5ZMj7lVcwljJOrdPEbsBfkyz223 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:44 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KKpCqQVYdxPQJRbT0cC6Gh3ebYPCkoQb1e%2FewF4oQZfoJO%2BiaEsUZxio%2FfFDnAwHfDa3UWDCkWHuQM6hYOByEcobywqM3%2BAvFNXCI3d3"}]}
content-disposition: inline; filename="ijglFn1QXNDFUuxVzt7GCjG8m0Cy97zU0Kd89jvxXAwhID5ZMj7lVcwljJOrdPEbsBfkyz223"
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400
cf-ray: 959999a4bd680b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1978&min_rtt=0&rtt_var=850&sent=586&recv=341&lost=0&retrans=1&sent_bytes=508637&recv_bytes=51435&delivery_rate=17464077&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24026&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=28491&inflight_dur=397&x=40"
GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
200 OK 4.7 kB URL GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
IP
Requested by https://hfwedgas.xaerosqdi.es/OdeGZs5!4KH3wog/
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /npm/lz-string@1.4.4/libs/lz-string.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 03 Jul 2025 21:50:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 1425
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.4.4
x-jsd-version-type: version
etag: W/"126f-tp5wc7wsG8mleq2kxzeZ0YLvg2g"
content-encoding: br
x-served-by: cache-fra-etou8220041-FRA, cache-lga21981-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 31406449
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ojUqsgPXsIbDoZicVSTvWi7185i0O1Xu0W5lqIhq25TvZ8a%2BJDoqpwwIv7rU5%2FmW2yBBsvb4sQB9%2Fk4%2B9Fspf%2F4vru93fxjR%2BW5dSvBRUle%2B%2F9LnBRMKEMON4nUNF9pLO00%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 95999989ece25696-OSL
X-Firefox-Spdy: h2
GET hfwedgas.xaerosqdi.es/GDSherpa-regular.woff
200 OK 37 kB URL GET hfwedgas.xaerosqdi.es/GDSherpa-regular.woff
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rAa429ainRUviuaedo%2FMWrEZNv6Y%2BWuRbUretQAcKLQVK9u3JSDbOvsgyT9VhFjjIO9k5i3oUPjtsumuL3epoNPX3TOcaZ7P5ABnhx2G"}]}
content-disposition: inline; filename="GDSherpa-regular.woff"
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 03 Jul 2025 21:50:43 GMT
vary: accept-encoding
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c5d1a0b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1588&min_rtt=0&rtt_var=1151&sent=372&recv=313&lost=0&retrans=1&sent_bytes=249089&recv_bytes=45161&delivery_rate=13458374&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=19361&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27240&inflight_dur=274&x=40"
GET hfwedgas.xaerosqdi.es/GDSherpa-vf2.woff2
200 OK 93 kB URL GET hfwedgas.xaerosqdi.es/GDSherpa-vf2.woff2
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerGoogle Trust Services
Subjectxaerosqdi.es
Fingerprint03:83:3C:F5:AA:41:1B:0F:73:08:BD:57:0B:E7:10:91:3D:EB:6E:B4
ValidityThu, 26 Jun 2025 19:14:24 GMT - Wed, 24 Sep 2025 20:12:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: hfwedgas.xaerosqdi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ilpwd1dHUUl6alZQdHJKSEptM3Q5cUE9PSIsInZhbHVlIjoibWE0dmhjTVNZSGMxYzNYNk1TdnF5bTRRaW1uZktHZzNnRzhUcE9Jc2pmV1hTcVg1bDZOUVYxM2RlTWg4d2dYelBTWVh3c3YwbElEYnJlaFVUQmdhdTBRNk0vVUtWczJzcENQMzA3WEt5ZVFoOGlrdWJVUFdpcHBTcUJLU1lIblMiLCJtYWMiOiI4Yzk5Yjc2ODM4ZDQzNmY3NzUzNzNlNzZhOTI3Y2Y5YThmYWI4MmU3ZDk0YWU3MTc3ODVjZTk3ZTEwMDgzODhjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InZINDgyWnBDS1E5ek0wUTdGcGJDOVE9PSIsInZhbHVlIjoiV2NGVXdjcExwSndPQzFUdmdObkthODRSVnFTaVN5OHJuTnR6UHNteTQwUEJaNkR1OW1OcTFjNHFuVXVvdDRCSmp4c3VYYzFVTElhTVQ3ZmZnTnZoOHZpRUQ5NW0zYXc4RTh2N3VTUGVFekcvNmVOSzl6RXUvYlA2dUk1Q3UvRHoiLCJtYWMiOiI5YmE2OTk3YjIzNWRjMGFlZGZiMjczNmNiODNjOGYyYTc1ZTdlM2I5ZDgyOWQ2YjFjMzVhOWJhMGVjN2UzNzgzIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 03 Jul 2025 21:50:43 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=54GVUDYwwatXJfPitTTQYSE4QdNEt5Ron0jkPTnPazC1zpyI3w9OXpckWF8XueYkZ3ia8%2FvAQsT4jotUE6E1WuSmwCRgWCzuSatqPQoD"}]}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cache-control: max-age=14400
cf-cache-status: MISS
last-modified: Thu, 03 Jul 2025 21:50:43 GMT
vary: accept-encoding
alt-svc: h3=":443"; ma=86400
cf-ray: 9599999c6d1c0b65-OSL
server-timing: cfL4;desc="?proto=QUIC&rtt=1381&min_rtt=0&rtt_var=762&sent=426&recv=317&lost=0&retrans=1&sent_bytes=317370&recv_bytes=45349&delivery_rate=16091265&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=24395&unsent_bytes=0&cid=5bec3cc6873bbb92&ts=27253&inflight_dur=282&x=40"
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://hfwedgas.xaerosqdi.es/uwlsam4dd5?common/oauth2/v2.0/authorize?client_id=dcae845748-e1cee291-bacedd4f66e01-14958dfe61f5e-5724ce35245-5a1de5b26bff4ef-52b6619566a-7ed84c3bcab70d-d777aad91b-e12262a2e3c2-0a578969b2d654-6a79d9c4df-5c46668bd74a2&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://hfwedgas.xaerosqdi.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Sun, 29 Jun 2025 16:32:58 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Mon, 29 Jun 2026 16:32:58 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 3ecfca26003921b3f6dfb1a287300c24.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: gwSQF7yrnZRjKNXCDqdL4YJr7puG5p3N5rFfa8b-E24ryItbUQskkA==
age: 364664
X-Firefox-Spdy: h2
104.21.96.1
185.199.108.133
140.82.121.4