GET rjdl.aaqnjtywnf.es/GDSherpa-bold.woff2
200 OK 28 kB URL GET rjdl.aaqnjtywnf.es/GDSherpa-bold.woff2
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: HIT
last-modified: Tue, 29 Jul 2025 16:29:05 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Izst7hhBQsUZ6XWLo%2Fpv%2BxcJGHW6Gr34zS2NBFTmDCliPcrDATdgCPYc3n8fyZbMTMtJbddOZvpGh%2F8lBpcJ6idimaByyT2mK0ZBFCiavQk%3D"}]}
age: 6259
cache-control: max-age=14400
cf-ray: 966e970d49fa56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=764&min_rtt=0&rtt_var=409&sent=208&recv=118&lost=0&retrans=0&sent_bytes=191581&recv_bytes=19774&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18665&inflight_dur=130&x=40"
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Sun, 13 Jul 2025 18:07:01 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Mon, 13 Jul 2026 18:07:01 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 50c588fd3255d023d9b9021263f5fa0a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: 1p4PQkD2aZGuLERlzSvdLfFK6541u16PNy8qz6M7s7yXSgVhbiC8rg==
age: 1382783
X-Firefox-Spdy: h2
GET rjdl.aaqnjtywnf.es/stWneGLaYUmDvWRuXMAHWoZHVF1rI8HU645lIAlKiX4LAYjQa8iu8y4LA8nUbO06gh257
200 OK 18 kB URL GET rjdl.aaqnjtywnf.es/stWneGLaYUmDvWRuXMAHWoZHVF1rI8HU645lIAlKiX4LAYjQa8iu8y4LA8nUbO06gh257
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /stWneGLaYUmDvWRuXMAHWoZHVF1rI8HU645lIAlKiX4LAYjQa8iu8y4LA8nUbO06gh257 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="stWneGLaYUmDvWRuXMAHWoZHVF1rI8HU645lIAlKiX4LAYjQa8iu8y4LA8nUbO06gh257"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=yvCew1YC2xuz3TUHyWG9FKEgXJAGjrSVTkFvNxydkdKXO3Rsybcm%2B2MHkz46Y8BB61abehrp95UXjx%2F34tPEjky9p4vtI3%2Fw7zm3SY6LZ3A%3D"}]}
cf-ray: 966e970daa1056c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1843&min_rtt=0&rtt_var=1133&sent=450&recv=150&lost=0&retrans=0&sent_bytes=494146&recv_bytes=32219&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19242&inflight_dur=266&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=966e969c3b745689&lang=en
200 OK 141 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=966e969c3b745689&lang=en
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 141 kB (141163 bytes)
Hash 8dcdbf8598ef1d3aa6261fa63535ef7b
df480eef85950068e9a0381d18a9e6cfaa94a92a
f255b31c6460db542def16a3df04e3245d0a1b05217f468de82f6e8ea64bad7b
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=966e969c3b745689&lang=en HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e969cec795689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:13:23 GMT
age: 3129805
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1004967
x-timer: S1753812803.059499,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET rjdl.aaqnjtywnf.es/34DXGPgxL6t6KBYNabkDdSd8920
200 OK 28 kB URL GET rjdl.aaqnjtywnf.es/34DXGPgxL6t6KBYNabkDdSd8920
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /34DXGPgxL6t6KBYNabkDdSd8920 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: text/css;charset=UTF-8
cf-ray: 966e970d39f856c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="34DXGPgxL6t6KBYNabkDdSd8920"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=fet36EgNgHNTc02XG%2FkEdrukfiArk9BtY4DtcserlKhdk8dZH8xXoI53eDjW12L1puTFvjsyneGlL0dS2SsvBu4kKQ861ColJzil9L9j"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2785&min_rtt=0&rtt_var=2320&sent=421&recv=141&lost=0&retrans=0&sent_bytes=467620&recv_bytes=31771&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18925&inflight_dur=208&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e969a5897569a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333346
expires: Sun, 19 Jul 2026 18:13:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4I%2BhI%2BqPdxY42xifYHcs7593paix2PznqffANPeC%2BW%2BPi0GAFCXOu4AAvy%2B4DmJKktGRKHo09ZWdQaiHi3G1K32t5Vr%2B57As%2BuV5N%2Bins8wYHCEnNK5DDpJkG1l1z6P0vU6wga%2Fm"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
200 OK 27 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type HTML document, ASCII text, with very long lines (27004), with no line terminators
Hash 9a4a259c62956741c140e6d775f7edb3
ffd3d4fcd63bc4ce92c8e2bcb709a9cc49c1fa94
5a35c5e8e12378ec0dc3dbc60c3ec234cfff35468aa9658e3f64d68f58dc8d4d
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-RMN9y0ZxRnmgkIY4' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e969c3b745689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/favicon.ico
404 Not Found 0 B URL GET rjdl.aaqnjtywnf.es/favicon.ico
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Im9wclpiV2ZCaWxEaGl1YmN2V1FVbUE9PSIsInZhbHVlIjoiKzFVSkpjeVBhMEUzNUdWZTlkSDVVYkE5bHdvd2dvTE5RVDZhY3hiNzFYV210dmJhekZwMHhmNzJod1k3dkU5ekE4K1hhTzJCamFKSm9idXpvUFFyUkY2c0pEOExkRkhDQTUyWGthbERoV25vY1BEdFpmVHU2clMyZHI5dVArQjgiLCJtYWMiOiJlNTY2ZTYwY2QxNzEwZGNjNDViMjFjYjRiYTUyZWI1YzllMzc5ZWQxY2IyYmUzOGE3MDk4Y2RhOThiOTY3NjI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkY3SDNrNVYwMDE0L3dtelpJZFhrbXc9PSIsInZhbHVlIjoiczRhS1VWMDZ6VGIxMkp5bkZOQ2RBa21uVmRtRG1CWVBVL2haUERkMit1L2s2UTJvd2M5aThxUjc0QTNLMXl5Q3hNYW1xaXFWMkd3UDNpQXFXWHhUQ2lJekNqMFhqK0pKc1cvNlZaNFVMNDhSOGYyNVZKaG5rTXVnMC92UjRsZEMiLCJtYWMiOiI0N2EyZjRiNDZjN2E5MzVhMmYxYjQ5YTFlMTE2NmE5ODdlMDY3YmQ5ZTExYzhjNTM4NzUxNzZlMGRhNjFhY2IwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e969c7c1556c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=B7RDKjS5L%2FiLKitaLGk794FrMpsWmsCAYe5qNtHox9qm3NBmUYTBXLT701lT%2BPKSEF6Y9J7%2FECW6MPYyGVFcaGmfK6sEeUdUPJx3Ry9O"}]}
age: 44
cf-cache-status: EXPIRED
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4438&min_rtt=683&rtt_var=3860&sent=47&recv=71&lost=0&retrans=0&sent_bytes=6985&recv_bytes=5093&delivery_rate=333426&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18070&unsent_bytes=0&cid=0c10dca5c90051d4&ts=967&inflight_dur=32&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/966e969c3b745689/1753812787260/b446749e220588ed40ac3f9439a7dcee39453f59070e5156947a9ed11aaf6ed8/ppV4XEd_fjNapPk
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/966e969c3b745689/1753812787260/b446749e220588ed40ac3f9439a7dcee39453f59070e5156947a9ed11aaf6ed8/ppV4XEd_fjNapPk
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/966e969c3b745689/1753812787260/b446749e220588ed40ac3f9439a7dcee39453f59070e5156947a9ed11aaf6ed8/ppV4XEd_fjNapPk HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Tue, 29 Jul 2025 18:13:08 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gtEZ0niIFiO1ArD-UOafc7jlFP1kHDlFWlHqe0RqvbtgAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tILRGdJ4iBYjtQKw_lDmn3O45RT9ZBw5RVpR6ntEar27YABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tILRGdJ4iBYjtQKw_lDmn3O45RT9ZBw5RVpR6ntEar27YABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArFBSpY0YPcNslVpklXsEb2gfZsCpmIVdQhoS4K7cHrhquWhyk4MLkyi7_s6aWrx_Xf7HlTYTdYhnNJYeSmBvNR-rT9Jr-vgHew2EKxCRkzFMKPiBFgHMw6CQNwFmH4vtDoB7QjzQGuScPRdzh7kPu8509ew2xkFnr9tjB-6n7HM01yE-AK-YLGAsO2pnr7E7uB1wVPOxxon_JAZ3bYOfTUgjOOdXlFNC8lcuocjbz6S74A95qx_Ud-iEvXXfOoBv5KLuG4xndLeZHQmGd8Zt7VxbSldzBAmsB7NLLExZxPD-x71RLAY9HVS2lcMOPbQ3diWMBwpfS95tytYOn-a5rwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e96a6699a5689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/opAS8MaAYyPMJzZJXh3iwSLoSvYmzLRXKbOuvfZGglBeiNuIfDdRYvOqwsw5Cucd192
200 OK 268 B URL GET rjdl.aaqnjtywnf.es/opAS8MaAYyPMJzZJXh3iwSLoSvYmzLRXKbOuvfZGglBeiNuIfDdRYvOqwsw5Cucd192
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opAS8MaAYyPMJzZJXh3iwSLoSvYmzLRXKbOuvfZGglBeiNuIfDdRYvOqwsw5Cucd192 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/svg+xml
cf-ray: 966e970d7a0d56c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opAS8MaAYyPMJzZJXh3iwSLoSvYmzLRXKbOuvfZGglBeiNuIfDdRYvOqwsw5Cucd192"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=K9AfThlOYFofmzLqIsmo8IHlDDGu7Q0mknHisBk6HR8b79kOrq8zD%2F0ayZz1gI1QQodvgYtdoYbSR%2BQy%2FK1KLw1Z63H9z0TneXdcqu7V"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2425&min_rtt=0&rtt_var=1568&sent=429&recv=144&lost=0&retrans=0&sent_bytes=475466&recv_bytes=31917&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19187&inflight_dur=253&x=40"
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
200 OK 29 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (29448), with no line terminators
Hash 92bec541799461a845cc283a2bac7004
5b9b804f5982c6be6c258c413582c8187867adab
d8ed5c6b97223e4e586ae0e6bb6f05e7677122a26e75f840114c109c45e89281
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
cf-chl: Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 35479
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:13 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: /Ha2r7vuRDn0Cw9kemtFupN/MzcAJ7BVLbYFO6CAL/BcXQ/0IpciJe5JvTvHlsUo$BrbqhvhY43X2ZOaZaC8TdQ==
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e96c78bfa5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET zjfv19.pyfao.es/muth@zrjbgrw
200 OK 1 B URL GET zjfv19.pyfao.es/muth@zrjbgrw
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectpyfao.es
FingerprintD5:66:36:C6:6F:FF:F7:BC:D9:3F:59:98:B3:43:DD:25:7D:2A:06:82
ValidityTue, 15 Jul 2025 15:19:30 GMT - Mon, 13 Oct 2025 16:17:42 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /muth@zrjbgrw HTTP/1.1
Host: zjfv19.pyfao.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:21 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cC%2F5MUVFBBiftlIi1xUNvDuXrC8Zpp8sdEqS9pEWQK0HWB821v5X6g95wY%2BR3UuUkewzuSOyR%2FEZazuJVasWqN474BkRYRyWpUt9rII%3D"}]}
content-encoding: br
cf-ray: 966e96f69a4e56c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:13:24 GMT
age: 3129807
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1004970
x-timer: S1753812805.685827,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET rjdl.aaqnjtywnf.es/yzwB6uGRTTProIDskkCGU82U38xnSyPWExAlCMopXtuDdS1iv2lblDYdiHF6Qab171
200 OK 2.9 kB URL GET rjdl.aaqnjtywnf.es/yzwB6uGRTTProIDskkCGU82U38xnSyPWExAlCMopXtuDdS1iv2lblDYdiHF6Qab171
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /yzwB6uGRTTProIDskkCGU82U38xnSyPWExAlCMopXtuDdS1iv2lblDYdiHF6Qab171 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/svg+xml
cf-ray: 966e970d6a0c56c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="yzwB6uGRTTProIDskkCGU82U38xnSyPWExAlCMopXtuDdS1iv2lblDYdiHF6Qab171"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UJIVtNdxjBD0Yd1b4iFEXIFsCfyYOjYQmbxynoSSiz15jZJ3%2FjXFvuN1m%2FWkgApZfxwVRPuZoCfpF61uGYCIthJID1lw4i0UMGeoWCv4"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1928&min_rtt=0&rtt_var=1284&sent=446&recv=149&lost=0&retrans=0&sent_bytes=491422&recv_bytes=32169&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19218&inflight_dur=264&x=40"
GET rjdl.aaqnjtywnf.es/56VBLDDVQuqLFzVmj5tijyC8vjm67fC167107
200 OK 292 kB URL GET rjdl.aaqnjtywnf.es/56VBLDDVQuqLFzVmj5tijyC8vjm67fC167107
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 292 kB (291841 bytes)
Hash fc37c85838877bc16c926e5d17715d7f
df0cb92b98e0767201393e3dabdaf1a47b6b0408
cc0cae30979dd35d1876db154fafa570a9c3c983a39b5d64480a2ca5f13841fe
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /56VBLDDVQuqLFzVmj5tijyC8vjm67fC167107 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: application/javascript
cf-ray: 966e970daa1156c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="56VBLDDVQuqLFzVmj5tijyC8vjm67fC167107"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VgJ8cDGjXrpL4%2B1f8Oq7vPSlGU15%2Bk43Px4LOxaO1w4Wim84%2FCHXBc6HwiJc%2Fg%2B%2BRO9z%2Fl%2BLB3FQSEyhEcjAF2Oda4VyBaSaQxqoP1V8"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2099&min_rtt=0&rtt_var=1257&sent=445&recv=148&lost=0&retrans=0&sent_bytes=490787&recv_bytes=32119&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19213&inflight_dur=262&x=40"
GET rjdl.aaqnjtywnf.es/xySMgvWe1vrsnaOef24
200 OK 36 kB URL GET rjdl.aaqnjtywnf.es/xySMgvWe1vrsnaOef24
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /xySMgvWe1vrsnaOef24 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: text/css;charset=UTF-8
cf-ray: 966e970d49f956c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="xySMgvWe1vrsnaOef24"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qq2BHhA2xNlUm1oucXfSWHMWK6BHKLk6Yakud8FnZixsgC2CnZlRiAfvWYqHopV0Yk5vnZqdm3iS5%2BX6zW6QIJRCboKgGO6hbpN3Oz2N"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2545&min_rtt=0&rtt_var=1770&sent=428&recv=143&lost=0&retrans=0&sent_bytes=474838&recv_bytes=31868&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19142&inflight_dur=232&x=40"
GET rjdl.aaqnjtywnf.es/GDSherpa-regular.woff
200 OK 37 kB URL GET rjdl.aaqnjtywnf.es/GDSherpa-regular.woff
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff"
age: 6259
cf-cache-status: HIT
last-modified: Tue, 29 Jul 2025 15:05:42 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YbjMGTZKWCXKIysrX4vVmXiid5ODzY3ZvHWQdkVZtv8gSPWaynR9TJmONIioT4dSnsMjfJNyJRFx2cWI2O6w7J5LDNxDlGTndUfEYs3p"}]}
cache-control: max-age=14400
cf-ray: 966e970d5a0456c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=942&min_rtt=0&rtt_var=661&sent=250&recv=119&lost=0&retrans=0&sent_bytes=247075&recv_bytes=19819&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18670&inflight_dur=134&x=40"
GET rjdl.aaqnjtywnf.es/mnrDE8NlHdnsFyPhXJ51qmijbz7PZ5RT0Z8Dt7X0pXh78146
200 OK 270 B URL GET rjdl.aaqnjtywnf.es/mnrDE8NlHdnsFyPhXJ51qmijbz7PZ5RT0Z8Dt7X0pXh78146
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /mnrDE8NlHdnsFyPhXJ51qmijbz7PZ5RT0Z8Dt7X0pXh78146 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/svg+xml
cf-ray: 966e970d6a0a56c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="mnrDE8NlHdnsFyPhXJ51qmijbz7PZ5RT0Z8Dt7X0pXh78146"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=inpitF1N8H51%2F%2BXtUWNQ4TiwXdQPNgfsPkiTpidWxKWbVaBuk7Pem0SpXt5L6pYjtdf%2FKprtl%2F%2BGnIX%2FE3%2FCStV0aWx%2FrR9vWuSoYIGNNAs%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1843&min_rtt=0&rtt_var=1133&sent=449&recv=150&lost=0&retrans=0&sent_bytes=493303&recv_bytes=32219&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19233&inflight_dur=266&x=40"
GET rjdl.aaqnjtywnf.es/qrqs5ePQhOj8nmB61sX2wzYme6YLLyFevCef0i2XjoCBJk9o45140
200 OK 892 B URL GET rjdl.aaqnjtywnf.es/qrqs5ePQhOj8nmB61sX2wzYme6YLLyFevCef0i2XjoCBJk9o45140
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /qrqs5ePQhOj8nmB61sX2wzYme6YLLyFevCef0i2XjoCBJk9o45140 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/webp
content-length: 892
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="qrqs5ePQhOj8nmB61sX2wzYme6YLLyFevCef0i2XjoCBJk9o45140"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Mvp01sJpUs3ZTYVKv108NIdlVEpv3qbsAzBMq2u2rqPuiWCY5mxTTs30IWxSx%2B49Tgz%2B3bwcee6pL0I5BqDoStYctxbvRFlCOxO8ozqq%2B%2Bw%3D"}]}
cf-ray: 966e970d6a0756c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2226&min_rtt=0&rtt_var=1338&sent=442&recv=147&lost=0&retrans=0&sent_bytes=487921&recv_bytes=32068&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19209&inflight_dur=260&x=40"
GET rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
200 OK 7.4 kB URL User Request GET rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type HTML document, ASCII text, with very long lines (3108)
Hash 380a1d057b379fe72727c30361423817
1950afabc55e90f2b033ba3cb79936689f315aac
64f3eb60881a5a16f4c67f54c59d9e8179704fcd5ca0f9f032bb4d5b6ec23a33
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /8ed8h2zxY5@4QD/$jreid@slurpmail.net HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=19AozhlTXivrPHIEFR6EDKd0dlFhlt%2BrNDIFS8MeCBt0OLboik3YfE%2BtKJoF3y8kgHlaPQasCMt7CKgoU35BZzSCyMY%2ByOOxkQCryOXx"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6Im9wclpiV2ZCaWxEaGl1YmN2V1FVbUE9PSIsInZhbHVlIjoiKzFVSkpjeVBhMEUzNUdWZTlkSDVVYkE5bHdvd2dvTE5RVDZhY3hiNzFYV210dmJhekZwMHhmNzJod1k3dkU5ekE4K1hhTzJCamFKSm9idXpvUFFyUkY2c0pEOExkRkhDQTUyWGthbERoV25vY1BEdFpmVHU2clMyZHI5dVArQjgiLCJtYWMiOiJlNTY2ZTYwY2QxNzEwZGNjNDViMjFjYjRiYTUyZWI1YzllMzc5ZWQxY2IyYmUzOGE3MDk4Y2RhOThiOTY3NjI1IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:05 GMT
laravel_session=eyJpdiI6IkY3SDNrNVYwMDE0L3dtelpJZFhrbXc9PSIsInZhbHVlIjoiczRhS1VWMDZ6VGIxMkp5bkZOQ2RBa21uVmRtRG1CWVBVL2haUERkMit1L2s2UTJvd2M5aThxUjc0QTNLMXl5Q3hNYW1xaXFWMkd3UDNpQXFXWHhUQ2lJekNqMFhqK0pKc1cvNlZaNFVMNDhSOGYyNVZKaG5rTXVnMC92UjRsZEMiLCJtYWMiOiI0N2EyZjRiNDZjN2E5MzVhMmYxYjQ5YTFlMTE2NmE5ODdlMDY3YmQ5ZTExYzhjNTM4NzUxNzZlMGRhNjFhY2IwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:05 GMT
cf-ray: 966e96954df456c0-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e970b9c615687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 922019
expires: Sun, 19 Jul 2026 18:13:24 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BG1U%2BVjI%2F%2B2pdZOeEW7VJRWoGEwtB%2Brxw66DN%2FVvjvj2fxN9NMe60OfkIgzXSKZArR5xzHRxI4NtsdONAaCBMQSrj3q%2Bf5G2vXPokzZUb61i982wCSi62UamCg6StWDZcc7DrbIq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 29 Jul 2025 18:11:53 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 190B:3260C3:256A294:26302D2:68890F44
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e969ccc485689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/wxYXZDIfiF995yqfggoop5blcLbZnycxUEvaI34130
200 OK 644 B URL GET rjdl.aaqnjtywnf.es/wxYXZDIfiF995yqfggoop5blcLbZnycxUEvaI34130
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wxYXZDIfiF995yqfggoop5blcLbZnycxUEvaI34130 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="wxYXZDIfiF995yqfggoop5blcLbZnycxUEvaI34130"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6h%2BwdlF2tzoaOEeMlh5BFuIDl30YFncxmG8xwM3ymQ3UgMixJaUDjeblr7p%2BHyIlfGdFf5gWktNh7Zp4ESp1v127oyytixFsPaFvxvwfu5w%3D"}]}
cf-ray: 966e970d6a0956c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2226&min_rtt=0&rtt_var=1338&sent=444&recv=147&lost=0&retrans=0&sent_bytes=489497&recv_bytes=32068&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19211&inflight_dur=260&x=40"
GET rjdl.aaqnjtywnf.es/qr8aiLNfNFP7Xi4FZkZX4Wzzyo1gKRMQXW612kizdt9sX9tLYVBGKtoEZsYef236
200 OK 9.6 kB URL GET rjdl.aaqnjtywnf.es/qr8aiLNfNFP7Xi4FZkZX4Wzzyo1gKRMQXW612kizdt9sX9tLYVBGKtoEZsYef236
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /qr8aiLNfNFP7Xi4FZkZX4Wzzyo1gKRMQXW612kizdt9sX9tLYVBGKtoEZsYef236 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="qr8aiLNfNFP7Xi4FZkZX4Wzzyo1gKRMQXW612kizdt9sX9tLYVBGKtoEZsYef236"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=BQOTYOoI8aYfXZg6R9fgPKqhmucRvs3j1GqijadzmlVwxegWvoCVPcJmgv%2BoebEyZBLUsfGLDVJJg7srxyVFX1bNM%2Byul3fnnEAFb%2BMP"}]}
cf-ray: 966e970daa1256c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1185&min_rtt=0&rtt_var=629&sent=522&recv=168&lost=0&retrans=0&sent_bytes=576512&recv_bytes=38164&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=30179&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19826&inflight_dur=297&x=40"
GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 29 Jul 2025 18:13:06 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/8359bcf47b68/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 966e969a597856af-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
200 OK 205 kB URL User Request GET rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
IP
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type HTML document, ASCII text, with very long lines (52953), with CRLF line terminators
Size 205 kB (204754 bytes)
Hash a6391d29e48d4aa7131170329df57198
d07277992de9b85c41f402355ab115f5bd9a4ca7
78d6222028354d2361004b9f15aadacf09ac15f6075143b11c91406b525d1139
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IjNuOUcvd2oweXZSWDJlMXFGRktYL1E9PSIsInZhbHVlIjoiMkJDVzRCVkp0bkQ3M1hpMDczdUZ2SEtkNEZVbXNUc0ZDTnlmNXpDZ09VK1FrZmdVaEZMN1BOVVUwT0MyclhuVEp0N2JSWUhMdVY0eUx3TzZqUjY0eG1GNURkNk1UYXVuYnZzYTEydVVHdjBRLzVkbHl1MTQ0N1BTM0hvaFU1WmQiLCJtYWMiOiJmY2YxMjA2MWY4NTJlMjcyMmM5NDA3OTJjNzg2YWQ0OWY2Y2YwYzUyOWFhNzE5YTQxNThiNGRhZWViZDgxYjQ4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImNNWU5ONHQ1Yk9DQ0RmRlJ6WkdPaHc9PSIsInZhbHVlIjoiR3hpS1pYTFB0WVNmV1pNejhXang0VTlGL3V5bG9QZkYvQ09pZnFOU1kyV2paRjIzT01Jc1ZidjYvd2l2bUlIdmx2a05lYnIwdVdOaG9ralZNZWQ3UWE1dFpLbkV1S055SG4wTFdWRXhPRlRreFlJaE1HWTN5Z0VXdTFvalhraFoiLCJtYWMiOiI2MzllYTdkZjY3N2IyODNlYTIxOTNmZjE5M2Q2YzdkMmU5YjRiYThhYjM3NWMxNzNhZWE0YjU4NThlNDhkMTE4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:23 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e9706696556c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wN5plR11KKzsLXGjo0SYwJnKlyqU4%2BFEwth4Qww%2BQ5hiwz1xAagq3lEB8LtbeS5B1RIsRSzJSH3iDaLm9vpaXuRFxrRWnRYwsY47M9i6"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:23 GMT
laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:23 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2075&min_rtt=0&rtt_var=1941&sent=80&recv=86&lost=0&retrans=0&sent_bytes=37528&recv_bytes=11506&delivery_rate=14994430&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=31185&unsent_bytes=0&cid=0c10dca5c90051d4&ts=17923&inflight_dur=89&x=40"
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e97107c1e5687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 922020
expires: Sun, 19 Jul 2026 18:13:25 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ES9wecEVUEu9VNag8vyiHQJALpwWFIg65PNZdQv1KOVgKGESuMJqIvMc8F8AcdxvQ9ZbguXktI2Xy0jn2aa2eaB2ox23tDCgnIqOmBpqdBQAHeYH9AVJRByrRL1G1CWTsz%2BV33v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/GDSherpa-vf.woff2
200 OK 44 kB URL GET rjdl.aaqnjtywnf.es/GDSherpa-vf.woff2
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf.woff2"
age: 6259
cf-cache-status: HIT
last-modified: Tue, 29 Jul 2025 15:12:07 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=fwkt3%2BHGXhbJGvAR%2FzlBC8qjIDH7WU3IaaWziUSYDJR%2F688uylwysMxzxhL%2FsOvlyX1PpcjPNgg%2B6aMRl6LE1OcE2Q3SWVnKqVl57lhX"}]}
cache-control: max-age=14400
cf-ray: 966e970d5a0656c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=963&min_rtt=0&rtt_var=397&sent=313&recv=130&lost=0&retrans=0&sent_bytes=324283&recv_bytes=28292&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18692&inflight_dur=148&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e97102b945687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333365
expires: Sun, 19 Jul 2026 18:13:25 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f64YoIsyrGt5gMMAi0slvWxs%2FzN2SooxNRV8uJec3hovm7dV5j3YrxCvzRlRs%2BuiCDeDUTL6Qgldh3hiskUKFi4gCkjmEr5TxCBufM6oErzABTaWygVnoKmVKnvOUcZjwjSbnrJI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST rjdl.aaqnjtywnf.es/ye0PRAy4HUhKxNXdQrFKqGyijcspD1EhNKeWGzOiKn6EDm5aGnwUi2cXN254mzJ3UzbxJcm
200 OK 1 B URL POST rjdl.aaqnjtywnf.es/ye0PRAy4HUhKxNXdQrFKqGyijcspD1EhNKeWGzOiKn6EDm5aGnwUi2cXN254mzJ3UzbxJcm
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /ye0PRAy4HUhKxNXdQrFKqGyijcspD1EhNKeWGzOiKn6EDm5aGnwUi2cXN254mzJ3UzbxJcm HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 3072
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e97121a6656c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=E55%2BFeIUaW6CjB20D47Yh6CFrTGIJnyhbHzaweJbq9ZEI9DPO8qTV%2BSuxRefHJGmGIAnLFGHQnTFgtddlXHmetp%2FUZsW1RDHBMm68QcR"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IjZ3NnI2UHZLb0tJa3JxbVNvT2NoS3c9PSIsInZhbHVlIjoibFhWRktnRUxhMERtdWs2MHg1bUFxd0RnYVJCRzlXdkljSjJoeWxpT09wK3BOaHJiUEUxekJzcTRnVjJBQzMzMTdPWWFEK2xDY2Y2VXRNV1NCaWt1em9oV1pVRG1OWldPOGExeU5sV1JkU3BLYmM3TnZ3RGJldlU3bFRHbHJlalgiLCJtYWMiOiJhNmFhOWVhYTJlMjZhOTQwNGE2YTk1MjdmMGEzNGQyOTczNjlhYmUwMjhhZDIzMWI1M2E0MWM2ZWEwNTBlNWQ0IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:25 GMT
laravel_session=eyJpdiI6IjZOZjI0bkZ5ZUp0cktRZkY3SUpETEE9PSIsInZhbHVlIjoicHNnOUtOdnhNYmVja1RwMGhHcU5IRFcxRGl2R2J0TGNiV3hNVmdRU2tTcGhEK1JaUHVuSDlWR1FBQUh3bnQ5RWQ4MEMwdmdrNWVwWlpKeUs5bXZpVGFtZEJaajE2MjdnRURpZWx0RVk1dXhIOGxocWFtZVFLYUhRQThxWUoxd2YiLCJtYWMiOiJjZTQ2MjRhYmVjZGNlNTc5YWM1OTBhOTcyZWUyYjI1NGRhYTRjYjczYzFhMThhZDU4ODNjMDczYzZlNzYxNGQ0IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:25 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1539&min_rtt=0&rtt_var=775&sent=491&recv=163&lost=0&retrans=0&sent_bytes=538916&recv_bytes=37934&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19707&inflight_dur=292&x=40"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash ccfc680398c7d5df2c18876a9f424c76
a7760f5ab19b3f737fc94dc729990298b20ffc90
ffc10a9be3fcc7524cf8297e56455fbb760895d96f20872617b76251b172711f
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:27 GMT
content-type: application/json
server: cloudflare
x-request-id: fc9aa2a648a3ee93089891a0d86db953-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Vns64rMYUtfYsyDxjiRnihj08zVry4CAVvtadU%2FTbBUnd25S%2BIYaMmoSCmjPiqlcfm3qjleOGR9t6l92HPhz03VK6ciabgY%3D"}]}
content-encoding: br
cf-ray: 966e971d7bba5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
200 OK 4.9 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (4944), with no line terminators
Hash a2af326903ec6ea7e39c0a528b00c449
0ff8cb67c75b926a9fff996904892ff94ad595f7
59d632d9a6e7f8598cedd76987541fab6a84aef328865b3e146d6ee3efae441b
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
cf-chl: Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 48162
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:19 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: 7zqfkvuX7uuCnNcA5tFBfs2W3sDmIDC6N+qaWKeoEVH3ToKBP8gwJYy+pQc8Y5TUb0H9Lc7vyisIjmddopvoeCBG8IwxaFefq/pvqg/7TjGm6V78bbTgWkur4XpOGopOg8wBtSf48rFENZeioQTjwPFjp0v8UI9u+NGu6HCm2gZPVjKsdN9eLpefKrq/KiblLjfob4tPe/KJWwh/NEmNfFALYOFCnUoM5hljHO1As+D0wP1E+BW2SfK3dYG9V7QIAVoEJkwUsvjQ7OWOi49mTfqLwTQgmJNA7SaGLJ5J6lfOtceHJowJA/EKN553EYtrfUb8Aovgk/Ft4yVuX2GLwHTameOUwwtQ7g4OQI4YtnbWtsaoppBjZu9splIvOxtqp9SyjF7EdtTIhPrFpfnZkTFsfn4svebTNMPeDErNs8BEEAi2Gf7r9f6kvaGLj2DKe55v0zi7ZBvmA35fK6ib5DSNr4iNV7Yh04y90cpd0BKldC2P+6rxBSmBYfErWYCvVXQhRI52a1HyNhpL/L58b9Z5ATU87ebQwgUymO906QG8VnFa1mDHtXCjEKGre8Nrj4TExo+rJx8BSbQiJGRdzyUYUmUHRFJ3EA++G4x0N0GKJaZOYrqt6iNAuk5EkIEjU22D2US8tZwS3OIS632st77XxCzXfhq5MH41jN0hKiTtZYzpN0dwZh+vey0l8wwJl/eSSC5mgsVPtD2n8AJlCUXt83YSyZXBBljIFO58upq81dTGNOvqCE8rPsUzBeDANuStfXBs1r/qe7CO/cVw/O7tbyyDXqJ9u9GjvXT7TvPIUH/36mrUVNmXBGLe9CTEQKpaOI+Jk0ZHOv+rg9ypT88vdfZ4WXgjpIMDK034D6ABCOHVHPihpwRbGWFWE2OchHL+lH32UNcDP+E8efS+KzdGC/WcAu8V7Uq5LEjtTD+VtrF+fYBBU3nz0yhS4MlHKekDVDj4v/wf3U+MQqsZz6MiVwcxksKuxgNhcKirV3uu+8mX5hfiggaZ/IiHEsLsy90+Cg+t7qjjh8X79C3fX8AX0SM4ex892NLYLgkm+8SAz7wMnGna+Ea1YophUYDjDtCUEBj+win4tn0wPeleqkDszbfKlZjSPeH7G69oO+bTgtYuOb7oNNtjSratYDXbhIa+0fdvxGrBEEsFZOlpFq+dZIjVCZdeUnv9eEGPlPSD40VU8n0sBrZ2B7jNbZXBogk31xlZq6NDZMGYsP3X5vBcK3/16c7ABcrNAkXY3fgDNrwuK0V5fspSpTNL4f5EGugjTHQXGq2ueC/8nxTG320uZfIWdCyG1n8YVxgX82Q=$ALwscozrCsNhiI/KmgOVCQ==
cf-chl-out: COvg+5xZXXgQcYGucpOPR5i/QJ6bEJdDWHJMIiQGvQIEm++uRksuwJONc++G8y8Orv5TVdmF8B8SKyMMtPKq3w==$iPWQTvXUL4/Ig7T3OtE6eA==
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e96ef6a665689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Sun, 13 Jul 2025 15:12:14 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Mon, 13 Jul 2026 15:12:14 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
x-cache: Hit from cloudfront
via: 1.1 50c588fd3255d023d9b9021263f5fa0a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: eTG1Fa4g-PlYxfpVHEzY7Dixt6C_FrA-QYnprPddlh3VoF-mBYYCDg==
age: 1393271
X-Firefox-Spdy: h2
GET rjdl.aaqnjtywnf.es/klOT2xt2gG4wdGglbtVt7LjM9dTsFbXScdxQFKQDlQ4WtJv58pBEpB5mRX078164
200 OK 7.4 kB URL GET rjdl.aaqnjtywnf.es/klOT2xt2gG4wdGglbtVt7LjM9dTsFbXScdxQFKQDlQ4WtJv58pBEpB5mRX078164
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /klOT2xt2gG4wdGglbtVt7LjM9dTsFbXScdxQFKQDlQ4WtJv58pBEpB5mRX078164 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/svg+xml
cf-ray: 966e970d6a0b56c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="klOT2xt2gG4wdGglbtVt7LjM9dTsFbXScdxQFKQDlQ4WtJv58pBEpB5mRX078164"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BAxXqpDqyTHQlQIzc85DFRfJRhnwrbAgjx6Wsv21db82phnV3ClhQ9uMBnPJ0Pq6DTwc2E6hS0ZmGS%2Fd2UBA%2FEP37jxkYAtpBfwXpFYy"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2387&min_rtt=0&rtt_var=1354&sent=438&recv=146&lost=0&retrans=0&sent_bytes=484796&recv_bytes=32017&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19194&inflight_dur=258&x=40"
GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
200 OK 4.7 kB URL GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /npm/lz-string@1.4.4/libs/lz-string.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 1425
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.4.4
x-jsd-version-type: version
etag: W/"126f-tp5wc7wsG8mleq2kxzeZ0YLvg2g"
content-encoding: br
x-served-by: cache-fra-etou8220041-FRA, cache-lga21931-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 2041648
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0Mh6rVWaRAEHCQeaiW%2BRYeI0riEVgkqiTcbB1AiZuFNz%2F29dppo%2BgjFnG1yrLX0TYoN64Gm11wKrFxOUyfNZPugEjvapOL1Oyr6hCu2U7l9ehSz%2FEmjJh6sGPaaFCrEESdc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 966e97022f1f56be-OSL
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
date: Fri, 11 Jul 2025 23:04:17 GMT
access-control-allow-origin: *
content-encoding: gzip
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
etag: W/"e0d37a504604ef874bad26435d62011f"
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
expires: Sat, 11 Jul 2026 23:04:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50c588fd3255d023d9b9021263f5fa0a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: onHg3YtCfTdSaX3tRQTBwr_LDFxWLKouIxblB4fqsU9Wd3d8cLAhsw==
age: 1537747
X-Firefox-Spdy: h2
GET rjdl.aaqnjtywnf.es/GDSherpa-vf2.woff2
200 OK 93 kB URL GET rjdl.aaqnjtywnf.es/GDSherpa-vf2.woff2
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
age: 6257
cf-cache-status: HIT
last-modified: Tue, 29 Jul 2025 15:05:42 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ujd72LwNLDWcfphfwoFG1KIdk3rvWJIP6wYFjF2x0We1UMfFVCh00FKBzsCrcryENP4cuCY5BuiP7KRj3gni430TVE5bguD8n7PGuYe6"}]}
cache-control: max-age=14400
cf-ray: 966e970d6a0856c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=963&min_rtt=0&rtt_var=397&sent=292&recv=130&lost=0&retrans=0&sent_bytes=296536&recv_bytes=28292&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18688&inflight_dur=147&x=40"
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 08 Jul 2025 22:58:17 GMT
expires: Wed, 08 Jul 2026 22:58:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50c588fd3255d023d9b9021263f5fa0a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: xE7e1Q_USUelHkHoehTaXVkvpLoY-or2mima4IdMRYxFhxIuY9bLiQ==
age: 1797307
X-Firefox-Spdy: h2
GET release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET release-assets.githubusercontent.com/github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /github-production-release-asset/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-29T18%3A55%3A07Z&rscd=attachment%3B+filename%3Drandexp.min.js&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-29T17%3A55%3A06Z&ske=2025-07-29T18%3A55%3A07Z&sks=b&skv=2018-11-09&sig=Ua42yP8TU3%2BflyW%2BnxA11Zpq%2FxpPO9Y2yr6qrLB0XTQ%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzgxMzAxMywibmJmIjoxNzUzODEyNzEzLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.JMMJAYWuC90dXlw4RPifXNbK8Bo6O1X2QM7V7qK25YU&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: release-assets.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 38bb28af-201e-0012-0ee5-f09a85000000
x-ms-version: 2018-11-09
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:13:24 GMT
age: 3478
x-served-by: cache-iad-kiad7000080-IAD, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 24, 4
x-timer: S1753812805.980745,VS0,VE0
content-disposition: attachment; filename=randexp.min.js
content-type: application/octet-stream
content-length: 10245
X-Firefox-Spdy: h2
POST w3srwkda1urdonvrsmy82i5o1zzsw4avhcpgyopktu9a9ewal6o.bfaqizsaesf.es/nPKsnJZibkIJvgexxGDyfpBgowaQNMZNCZMBPXAPTSUWXVBRFVSFBHRHOYGBDJDUIPVLSXRYGXrsF11SXcYsyzuWz10e1wx40
200 OK 536 B URL POST w3srwkda1urdonvrsmy82i5o1zzsw4avhcpgyopktu9a9ewal6o.bfaqizsaesf.es/nPKsnJZibkIJvgexxGDyfpBgowaQNMZNCZMBPXAPTSUWXVBRFVSFBHRHOYGBDJDUIPVLSXRYGXrsF11SXcYsyzuWz10e1wx40
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectbfaqizsaesf.es
Fingerprint42:AA:18:55:D2:9B:A4:CA:46:3A:75:20:B2:99:50:F7:BB:57:0F:3B
ValidityThu, 24 Jul 2025 19:14:57 GMT - Wed, 22 Oct 2025 20:13:24 GMT
File type ASCII text, with very long lines (536), with no line terminators
Hash b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
Quad9 DNS malicious Sinkholed
POST /nPKsnJZibkIJvgexxGDyfpBgowaQNMZNCZMBPXAPTSUWXVBRFVSFBHRHOYGBDJDUIPVLSXRYGXrsF11SXcYsyzuWz10e1wx40 HTTP/1.1
Host: w3srwkda1urdonvrsmy82i5o1zzsw4avhcpgyopktu9a9ewal6o.bfaqizsaesf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 105
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:28 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://rjdl.aaqnjtywnf.es
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Us4EqpF%2FqYqIJtC8rLgU0R%2BxOowu9RNwh4xMOsNPAVapWSUG0CA2hT%2F7D5%2FU%2FvSXcmtNTmDo7SpCCjpabOCi2xTDR2WyZTsFliuR4mktHUiirJm1XiebPKPR5mc4eraM7uebTg2OcZHGI%2Fch6qii6IjxpqORlM7OIh5%2Bwd3rxJ4%3D"}]}
content-encoding: br
cf-ray: 966e971e99f3b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/b/8359bcf47b68/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/b/8359bcf47b68/api.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (48994)
Hash 39577a9d3cb7023280e0668e9959b87a
479979b3f4aa41586123fa9f077ee0383f99462f
41530221326a68dc1f45c285ba6b63b3a56d478d567b0a1da6756361c71b1f0a
GET /turnstile/v0/b/8359bcf47b68/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 21 Jul 2025 14:54:13 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 966e969b3a105689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
200 OK 295 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 295 kB (295408 bytes)
Hash 62b2c9033a1eddd13d85ae7371a955e7
b1498e2e09b3dfc9ba0ca0b7f5e55c7d5510c85c
e6bee6b139dcd7be736ae5bcb3e48049b106d17d33c221299fedcc444bd440a8
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/787675678:1753809554:eADfB6GKO6YKLGxKG-qjLWp2UOXMxBkmptgvXPk2_AM/966e969c3b745689/Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
cf-chl: Jce3qiopMYbZRO8jM9KmXs6k39ihy5DZ81qBlzn0jtc-1753812786-1.2.1.1-kvayKN4FG1gzwfBcETlUMrbv_MUJr5ARN0tzRYOIKAfnMTCJH2ls_fTS7FcE9FIC
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3426
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:07 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: bnSGXtSqsYjRMVEbr2TPqj2TSMu279SmZbFIFdO0PVol0koz9kcRFGUHQVRmqRMlSJeQKs6S2Y/3bgMt2FVWTNSQQmcL5AbtKRZ813p0m02G167jemEXOVjqk3vjhlkHlPydr6MDbQPdMJYP15YA+uBDlop6eh19FecDCKlNSnYnXRUy/aHFtYSpmq8rq7Rt8Xgkv9tTnIiPAYNSeOqQHWyQeBb6AxILg63hHiE8/eG+Tmh+iHzUyjmCis+mhXGbrlGmLQls1dAh7kaUwpPWaIy7d/a/ww8KzLjKXxuoKW86jsX6H6dAGLdSakTOJ1s1KTNd5BvQ5LhEvm34ivkgUqN1kKufZs8IKCZ8ofULEEJd9JNXIVgWC1SPgScWxvu3H3efQLJ5JO4Y3Rs338NtEO9Fce8B3U5XL0/OMHDrIqsscg+4ayTc+EZZPS4vVCoL2I0mYJwaX8x76Yf5o5d6aAdoQP66UozTMCWGhO5NIZCjZtBgevxet9Qgwaq/eRUkKHvi3Xtib5/PlYsjqwXVv3oM60tXmUoTKEhXEEy8T/BZZ3Fazatvhqx0GKeIZO56h7Ct1NPhH3W6UCIh2MEQRzbYaFMMo+B6GlRxd+kdFJDzcb5PyF/G7AF0YJSy1qzFNuQCZvNcuAwO+O17nciT2CDXSt1aA+sJ2dTmVSHr5aLjTWR6iiZBmL5d/yMvZIJ0/U+JQ5MZ5NKPgzUchpNJ6y8TeoznuVxhvDlfvBe4Oem2FgEF0p4E8k4QnVaura2Mj/Aw4eXD2lNZUF7yCE8CiynNYOJj9dhRshwWgjVVC3I=$hp1IfXDhOhQrX4OHxHYsQA==
priority: u=3,i=?0
server: cloudflare
cf-ray: 966e96a049005689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
200 OK 38 kB URL User Request GET rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type HTML document, ASCII text, with very long lines (4115), with CRLF line terminators
Hash abb33b6e0a29a1e0b770571531d24b38
ffa5d55a6ff7934462d0aef3b95bd2e7c8334810
c9c640347d596ff2b539fa6e3635d189218c28064e73717ac40265a80c9185e3
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /8ed8h2zxY5@4QD/$jreid@slurpmail.net HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlltTEZvWCttMitrRUk5UlczOHo4dHc9PSIsInZhbHVlIjoicFlWdE9PR0h1S3pEUEd3YmtkeWZIYkJSRFRwdGl5N0xRd3Zrak4zZUFnSGdVUEJ1NlZ1ajE1QzdZVWVKOTBVMnU1djFEN0MwTE9jNHJMaFcwSDFVTndaMEZ6bk5HMmlUNXBGK0FVSHR3cnZKS0RwM2UycjkwVFVKeFZia3ZaL20iLCJtYWMiOiJhNzBiOGExZjUwMWNkMjA2ODExNzhhODI5MDU2MmM4NGRiMjk1MDhlNjY3MzFlNmRmMDcyZTNhODRhNjk1ZTk1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImthRlk2Z3AySkNFeTNPb0dkTnJrQkE9PSIsInZhbHVlIjoiMk1wSGVNZlY4cEVxaDIwMndoU2RqUGxjUmZKSEt5dUJGWjVRS1pEMTA4Yk1iQlBRdWpSbURqMGtqOEVWc1ZuenEweXE0SHpSV21pTGNJQ2VqNDlkVVloT0x2aG9HODk2RTE5dHRGMktpcjNFd1ZvUlp1VjNIS3pNOTZoMUNweTMiLCJtYWMiOiJiOWYxN2M5YWM0M2E4NzViNGUyMGM4NGZhY2M5ODIzMWFhMTE0YmVlYWY0NmQ2MTc3NDg2Njg5ZDJkYzEyYTVmIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:22 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e96fe88fd56c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Y4KFAuVSIJe3JhMpKoyQ3DJXahfKBsYuEV%2BXKCIYNa%2BcgiWbagfS%2Ft%2BoTRoKMMGsjSyg6xiG%2FkelLJf92kLjEPkK8timLTeDE0W1LnT%2F"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6Iml3emlWd0JuZ3hZUTBGUDArWTcxd1E9PSIsInZhbHVlIjoicnlwcDd1ZGY3aDBqeWpXb3AvSFdHdXh0TlpKbXhYOTJsajl4eHBlbTFqeVUwR3F0QjNheGVEdEYvMzlQbTdha0ZEY0tobUJJQ0NiN1BNelFVSjdiTklHQk9nN3gyYmF3Z3V4elJ6czBNalNIMm1rZ3Q4T0dhN3Z4azdVS3p0MzEiLCJtYWMiOiJhYTU2OTljNDIwY2QwOWM1YWNhNWFlNjU4ZDRkOTlkODFhODBkNmYzNzBhYTU1ZDNlYjVlNzdjNzFhNGMwNzkyIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:22 GMT
laravel_session=eyJpdiI6IlY5Q0ZzUFpQbVhTMTZyZXY5dXRJZEE9PSIsInZhbHVlIjoidHJ0L2tsbUJkS3BlY0VSb0VjOGNXdkZna1NyQ1EzalFZUXBrQ3cydE1uQXI0RFJFSlpDUWljclcyRFc1QWZFclYwaGI2OXZVVVNWRG93YjI0aStoazdtSXJvdkdVZVUvalNGMjZJWGRHUHhUN1ZRak91NmtyR0dMR20zS0ltWkkiLCJtYWMiOiJhNjg0ZTBiNWZjMTgyODUxY2U3ODlhZGJiMGUzZTJiZDUwYzQyZDVmYTYwNjVkMDQ0MGY4ZmEwNzk1MjAxN2M2IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:22 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3943&min_rtt=683&rtt_var=3141&sent=54&recv=76&lost=0&retrans=0&sent_bytes=9109&recv_bytes=8207&delivery_rate=580189&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=20142&unsent_bytes=0&cid=0c10dca5c90051d4&ts=16720&inflight_dur=59&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e970b0baf5687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333364
expires: Sun, 19 Jul 2026 18:13:24 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HeTceZvPQIJ%2BW%2BK5yk7wG%2F1jDKaxtTBjnq4vxHwE6Adp84pVuD2%2FeqycHE%2BbJ9oyniX1utV8f%2FDATq5QeZVUHB7Nwp%2FgjZo4q%2FUBe4NmoZNhMeV%2F6%2FUaTIgopHP4EARkyH0fRsXG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e970b0bb45687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 922019
expires: Sun, 19 Jul 2026 18:13:24 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lfd6P8S0WTd5TwZrJoPMulSbgQpqASgkZI5xRQU2vukRs8C69n06Kly3B8MCLF%2FEATuRdZllhdCndJLRb9jjnWPoEFp0fRISfkp7NvRan0wG8Jj2uB8mNiHHnE5NugGatxRVDVVj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/GDSherpa-bold.woff
200 OK 36 kB URL GET rjdl.aaqnjtywnf.es/GDSherpa-bold.woff
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff"
age: 6259
cf-cache-status: HIT
last-modified: Tue, 29 Jul 2025 15:05:42 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KkmpxqnPXzBJa%2BK8VfHj0l8vBnq4w%2F3QhElpEWeBmVDghpqvfLDCd%2BCfc8WRqN14Ap5rx%2F7Aw6u6EDpgTYvsyHEBeine9p68vkqp8kFK"}]}
cache-control: max-age=14400
cf-ray: 966e970d49fb56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=764&min_rtt=0&rtt_var=409&sent=208&recv=118&lost=0&retrans=0&sent_bytes=191581&recv_bytes=19774&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18665&inflight_dur=130&x=40"
GET rjdl.aaqnjtywnf.es/GDSherpa-regular.woff2
200 OK 29 kB URL GET rjdl.aaqnjtywnf.es/GDSherpa-regular.woff2
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff2"
age: 6259
cf-cache-status: HIT
last-modified: Tue, 29 Jul 2025 15:05:42 GMT
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=54wBqtAFMQQIKusyLxOXKXx5fUR62V8ENZ0l6OxUTDdIKVua8Z%2BTwlInPpeerSCk20YDree9OYREAKrrdd0Db05aO8tQQet%2BRw%2BW4zY3"}]}
cache-control: max-age=14400
cf-ray: 966e970d4a0356c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2410&min_rtt=0&rtt_var=1618&sent=399&recv=139&lost=0&retrans=0&sent_bytes=437770&recv_bytes=31673&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=18749&inflight_dur=197&x=40"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Jul 2025 18:13:06 GMT
age: 3129789
x-served-by: cache-lga21931-LGA, cache-hel1410029-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 1004959
x-timer: S1753812786.358842,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
200 OK 4.7 kB URL GET cdnjs.cloudflare.com/ajax/libs/lz-string/1.4.4/lz-string.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /ajax/libs/lz-string/1.4.4/lz-string.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:06 GMT
content-type: application/javascript; charset=utf-8
content-length: 1254
cf-ray: 966e969a68b1569a-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ed4-126f"
last-modified: Mon, 04 May 2020 16:12:04 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 922001
expires: Sun, 19 Jul 2026 18:13:06 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aWGiP3JJkrrDNpL%2BY%2FBisy8vZEPrJdKA6U%2F35zqgOgyOV3gmlbEn5aCMpRx2iY6sQdo1ovlReYntxj7TlLoUhKr%2Bajo3EszWoYxQeAwQDLpQtvANq59Sveox%2ByFDnwotYuhuzAE1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST rjdl.aaqnjtywnf.es/fspqUrIkrXO6hZiaS2c0bKjqp3BLkymtW6mLdrKJdjV2ma6bn
200 OK 20 B URL POST rjdl.aaqnjtywnf.es/fspqUrIkrXO6hZiaS2c0bKjqp3BLkymtW6mLdrKJdjV2ma6bn
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /fspqUrIkrXO6hZiaS2c0bKjqp3BLkymtW6mLdrKJdjV2ma6bn HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------182950140438654502443817716105
Content-Length: 1040
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im9wclpiV2ZCaWxEaGl1YmN2V1FVbUE9PSIsInZhbHVlIjoiKzFVSkpjeVBhMEUzNUdWZTlkSDVVYkE5bHdvd2dvTE5RVDZhY3hiNzFYV210dmJhekZwMHhmNzJod1k3dkU5ekE4K1hhTzJCamFKSm9idXpvUFFyUkY2c0pEOExkRkhDQTUyWGthbERoV25vY1BEdFpmVHU2clMyZHI5dVArQjgiLCJtYWMiOiJlNTY2ZTYwY2QxNzEwZGNjNDViMjFjYjRiYTUyZWI1YzllMzc5ZWQxY2IyYmUzOGE3MDk4Y2RhOThiOTY3NjI1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkY3SDNrNVYwMDE0L3dtelpJZFhrbXc9PSIsInZhbHVlIjoiczRhS1VWMDZ6VGIxMkp5bkZOQ2RBa21uVmRtRG1CWVBVL2haUERkMit1L2s2UTJvd2M5aThxUjc0QTNLMXl5Q3hNYW1xaXFWMkd3UDNpQXFXWHhUQ2lJekNqMFhqK0pKc1cvNlZaNFVMNDhSOGYyNVZKaG5rTXVnMC92UjRsZEMiLCJtYWMiOiI0N2EyZjRiNDZjN2E5MzVhMmYxYjQ5YTFlMTE2NmE5ODdlMDY3YmQ5ZTExYzhjNTM4NzUxNzZlMGRhNjFhY2IwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:22 GMT
content-type: application/json
cf-ray: 966e96fb18d756c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SiAb5FTvSxF2PJZ9AIXt0l70nYluHQNzZCPHaBJsna7owzt%2FfV%2FWop0%2BtQCkOXTjkKcbXmhAw6Du3gsxr6QZGmPvJ7KOqMJIgB87FoJgmuk%3D"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6IlltTEZvWCttMitrRUk5UlczOHo4dHc9PSIsInZhbHVlIjoicFlWdE9PR0h1S3pEUEd3YmtkeWZIYkJSRFRwdGl5N0xRd3Zrak4zZUFnSGdVUEJ1NlZ1ajE1QzdZVWVKOTBVMnU1djFEN0MwTE9jNHJMaFcwSDFVTndaMEZ6bk5HMmlUNXBGK0FVSHR3cnZKS0RwM2UycjkwVFVKeFZia3ZaL20iLCJtYWMiOiJhNzBiOGExZjUwMWNkMjA2ODExNzhhODI5MDU2MmM4NGRiMjk1MDhlNjY3MzFlNmRmMDcyZTNhODRhNjk1ZTk1IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:22 GMT
laravel_session=eyJpdiI6ImthRlk2Z3AySkNFeTNPb0dkTnJrQkE9PSIsInZhbHVlIjoiMk1wSGVNZlY4cEVxaDIwMndoU2RqUGxjUmZKSEt5dUJGWjVRS1pEMTA4Yk1iQlBRdWpSbURqMGtqOEVWc1ZuenEweXE0SHpSV21pTGNJQ2VqNDlkVVloT0x2aG9HODk2RTE5dHRGMktpcjNFd1ZvUlp1VjNIS3pNOTZoMUNweTMiLCJtYWMiOiJiOWYxN2M5YWM0M2E4NzViNGUyMGM4NGZhY2M5ODIzMWFhMTE0YmVlYWY0NmQ2MTc3NDg2Njg5ZDJkYzEyYTVmIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 29 Jul 2025 20:13:22 GMT
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4396&min_rtt=683&rtt_var=2978&sent=49&recv=74&lost=0&retrans=0&sent_bytes=7663&recv_bytes=7229&delivery_rate=333426&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=18722&unsent_bytes=0&cid=0c10dca5c90051d4&ts=16280&inflight_dur=56&x=40"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash ccfc680398c7d5df2c18876a9f424c76
a7760f5ab19b3f737fc94dc729990298b20ffc90
ffc10a9be3fcc7524cf8297e56455fbb760895d96f20872617b76251b172711f
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://rjdl.aaqnjtywnf.es
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: application/json
server: cloudflare
x-request-id: 820051848eac5a828ddfabc3faf3fcb4-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lLm5XPxKPZFsKwZGkL5KKniy276HPwoaSr4oSe6hSOiSsdUAfXwUtNnf6GTp68W1AxDk8z0onrLgmowQL9OuedSR3R%2BQO6k%3D"}]}
content-encoding: br
cf-ray: 966e97111d365687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
200 OK 1.9 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: 6ed37932-a01e-0072-5108-00c419000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250729T181325Z-r187858789bwtvqfhC1SVG3rx400000002hg000000001efg
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/966e969c3b745689/1753812787268/u-WTJJ5d4rGcFPf
200 OK 125 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/966e969c3b745689/1753812787268/u-WTJJ5d4rGcFPf
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 31 x 2, 8-bit/color RGBA, non-interlaced
Hash 86fd8df8cefaa7e16f8334f9fa84c771
82d7fce6ff4154b2663b8c184b461b5c81d42f42
83b61fcc9abf22a3ef604ad917f621d6c250c46e3635bb8fee38ede894188d4e
GET /cdn-cgi/challenge-platform/h/b/d/966e969c3b745689/1753812787268/u-WTJJ5d4rGcFPf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/qrkpv/0x4AAAAAABlY6Dli6x9FtFUb/auto/fbE/new/normal/en/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:12 GMT
content-type: image/png
content-length: 125
priority: u=4,i=?0
server: cloudflare
cf-ray: 966e96c21ab45689-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/ijjIB03zkv9xWoYBf07hIbOU4tVMFHqrUmEMsnAkVSlcVhLdkkCyz222
200 OK 1.3 kB URL GET rjdl.aaqnjtywnf.es/ijjIB03zkv9xWoYBf07hIbOU4tVMFHqrUmEMsnAkVSlcVhLdkkCyz222
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijjIB03zkv9xWoYBf07hIbOU4tVMFHqrUmEMsnAkVSlcVhLdkkCyz222 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ijjIB03zkv9xWoYBf07hIbOU4tVMFHqrUmEMsnAkVSlcVhLdkkCyz222"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=JTixBDSF1ZfV9rPB7qWm8UrEj%2BQWtcWs%2BSTC3a90pHGc%2FPaYBE%2BXOtDEOZxlHzoW%2Fk5TpLCnXk2U1XIqi7sIuDCuXEKtl09LScKdMftW"}]}
cf-ray: 966e97110a5c56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1572&min_rtt=0&rtt_var=944&sent=489&recv=162&lost=0&retrans=0&sent_bytes=536930&recv_bytes=37890&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19524&inflight_dur=290&x=40"
GET rjdl.aaqnjtywnf.es/favicon.ico
404 Not Found 0 B URL GET rjdl.aaqnjtywnf.es/favicon.ico
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6IjZ3NnI2UHZLb0tJa3JxbVNvT2NoS3c9PSIsInZhbHVlIjoibFhWRktnRUxhMERtdWs2MHg1bUFxd0RnYVJCRzlXdkljSjJoeWxpT09wK3BOaHJiUEUxekJzcTRnVjJBQzMzMTdPWWFEK2xDY2Y2VXRNV1NCaWt1em9oV1pVRG1OWldPOGExeU5sV1JkU3BLYmM3TnZ3RGJldlU3bFRHbHJlalgiLCJtYWMiOiJhNmFhOWVhYTJlMjZhOTQwNGE2YTk1MjdmMGEzNGQyOTczNjlhYmUwMjhhZDIzMWI1M2E0MWM2ZWEwNTBlNWQ0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZOZjI0bkZ5ZUp0cktRZkY3SUpETEE9PSIsInZhbHVlIjoicHNnOUtOdnhNYmVja1RwMGhHcU5IRFcxRGl2R2J0TGNiV3hNVmdRU2tTcGhEK1JaUHVuSDlWR1FBQUh3bnQ5RWQ4MEMwdmdrNWVwWlpKeUs5bXZpVGFtZEJaajE2MjdnRURpZWx0RVk1dXhIOGxocWFtZVFLYUhRQThxWUoxd2YiLCJtYWMiOiJjZTQ2MjRhYmVjZGNlNTc5YWM1OTBhOTcyZWUyYjI1NGRhYTRjYjczYzFhMThhZDU4ODNjMDczYzZlNzYxNGQ0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 29 Jul 2025 18:13:26 GMT
content-type: text/html; charset=UTF-8
cf-ray: 966e97172a8b56c4-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=B7RDKjS5L%2FiLKitaLGk794FrMpsWmsCAYe5qNtHox9qm3NBmUYTBXLT701lT%2BPKSEF6Y9J7%2FECW6MPYyGVFcaGmfK6sEeUdUPJx3Ry9O"}]}
age: 19
cf-cache-status: HIT
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=874&min_rtt=0&rtt_var=243&sent=675&recv=186&lost=0&retrans=0&sent_bytes=776176&recv_bytes=39973&delivery_rate=34903143&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27633&unsent_bytes=0&cid=0c10dca5c90051d4&ts=20256&inflight_dur=317&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/8ed8h2zxY5@4QD/$jreid@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e97021d965687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333362
expires: Sun, 19 Jul 2026 18:13:22 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=izh6qyJ%2Fu%2BXvKAx%2FTET8cnIAoeMW4epqXbb9xTS2xZbFSntxZoM58o2hebJmvZk4GouRJLdtsMbUzRezV81uu%2FU5q8RP0resnbPzK2KvJxqE%2FhkabwHkT3Ys%2Bq2HykGCaoPuEH2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint66:D5:51:E0:8E:D7:2C:D1:E3:98:58:99:22:9B:73:C4:6F:32:FD:EC
ValiditySun, 20 Jul 2025 17:08:10 GMT - Sat, 18 Oct 2025 18:08:03 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:24 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 966e970b5c0f5687-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 333364
expires: Sun, 19 Jul 2026 18:13:24 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8NDpBaUQslHgBU0U1GMu8A6so%2BU1FPKHsEiBUD8%2BOnzARdTja2nBFXu8ksxjvFsOf%2FN0YnYNtuzEZyDs8fnveP7OI%2BHbYvFLb462g7BydogZq1NsqiPe2PQa0KgPrun8rdsPazdu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET rjdl.aaqnjtywnf.es/ghUg0fad6Ysp8DUWWK9CyKSXg2b9oVFyBPWN90bc82daklDCilcLOfkUd5t4eMk28S0FcDCrNef210
200 OK 25 kB URL GET rjdl.aaqnjtywnf.es/ghUg0fad6Ysp8DUWWK9CyKSXg2b9oVFyBPWN90bc82daklDCilcLOfkUd5t4eMk28S0FcDCrNef210
IP
Requested by https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Certificate IssuerGoogle Trust Services
Subjectaaqnjtywnf.es
FingerprintE4:38:00:BE:4C:A5:76:A0:F6:11:24:B1:32:C2:E6:7A:2F:00:AC:59
ValidityTue, 15 Jul 2025 15:12:14 GMT - Mon, 13 Oct 2025 16:10:27 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ghUg0fad6Ysp8DUWWK9CyKSXg2b9oVFyBPWN90bc82daklDCilcLOfkUd5t4eMk28S0FcDCrNef210 HTTP/1.1
Host: rjdl.aaqnjtywnf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Android; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rjdl.aaqnjtywnf.es/9aymxs687sx29i6?id=099d2c979c3944b39-eac4b095-c86f7030c2-3b277c66fbe6-64f129f46ac-50bb6cebf2f5de-5f21b74d62eec-7263031330-e857fb6cd7d8d-6bdfa1c3c61756-b0398f63b8f1240973396e
Cookie: XSRF-TOKEN=eyJpdiI6Ik9xci9HQmhwMTdxaXN5WFJnTzJGZnc9PSIsInZhbHVlIjoidU9KamFSMWlEK1k0M1pDTnFxQ2tHaW9IMi8vTUI3MDVhaUsvUTkrVExadHVsU1ZlY2NuVXdLbk5zTFZGaUNHb201cTk4R1hPN2lObXBPTk5VQWhTRnpJbWVwcVBIM3R0OEg1TkxVanJBWGpKeVZIQzRwTFdZaFZ0NnBTdlpsdm4iLCJtYWMiOiIzNGVhOGI0ZDQzZmQ2YmM5Y2M2ZTdjZGEzMjNjMTZhZTdkNWEzYzRkYTQ0NGQwYzUyYWVjMmMzMDFmYjVlOThmIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlNaW9WdWRMRUprSnFNZ2hrZ281U0E9PSIsInZhbHVlIjoiakxrcERJT0FMcmxEb1hNWlIvQS9qWnFLRERGd1VFcm83R2tOSVNVa0NpV0dQdzdKZ1ZUbFFodXFKMDlsMTJkUnkyVVdMeGJkSk1nRXFHM1VUd245QURlUkZKNXEwNTFaNnorVnJvWXdBUCt4akp5Y3MrRWN4R25EenI0amJ4bEoiLCJtYWMiOiIyZDEzOTRkNGQxMDI2ZTg1YjMxOWJkMjBmZjM4YjU5ZTBiOGRkMWNlNGIxOGMwYjAxNThkMTMxNzQ1YjNjOGFhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 29 Jul 2025 18:13:25 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ghUg0fad6Ysp8DUWWK9CyKSXg2b9oVFyBPWN90bc82daklDCilcLOfkUd5t4eMk28S0FcDCrNef210"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=SBMIsD2zHp4RvS%2FSBTxnhHBozIUBIBx%2BNx%2B20zwEQKmdQvgYqB0jUwpq3a1NULykm6lhsRvXr8MGJUVPQZU7No1S6SdDUMF3JpAHxrVm"}]}
cf-ray: 966e970d7a0e56c4-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2425&min_rtt=0&rtt_var=1568&sent=431&recv=144&lost=0&retrans=0&sent_bytes=476351&recv_bytes=31917&delivery_rate=24474200&ss_exit_cwnd=31185&ss_exit_reason=2&cwnd=27747&unsent_bytes=0&cid=0c10dca5c90051d4&ts=19188&inflight_dur=253&x=40"
172.67.138.102
3.167.2.106
140.82.121.3