Report - adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Tax_Review.fmhjhctk.ru/aNAtEaDInodo/%23Ylauren.hinett@slurpmail.net

Report Overview

Visitedpublic

2025-03-14 14:16:05

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-03-12	477 B	49 kB	104.17.24.14
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-03-12	964 B	97 kB	104.18.95.41
code.jquery.com	634	2005-12-10	2012-05-21	2025-03-12	898 B	180 kB	151.101.130.137
developers.cloudflare.com	592034	2009-02-17	2012-09-07	2025-03-12	472 B	1.7 kB	104.16.3.189
adclick.g.doubleclick.net	4971	1996-01-16	2012-07-02	2025-03-13	816 B	193 kB	216.58.211.2
6iik0b.zvaznx.ru	unknown	2025-02-26	2025-03-14	2025-03-14	498 B	823 B	104.21.112.1
2025_notificationx1tax_review.fmhjhctk.ru	unknown	2025-02-19	2025-03-14	2025-03-14	3.2 kB	215 kB	104.21.48.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net	ScriptElement	7.7 kB	2025-03-14	2025-03-14
URL 2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net IP / ASN 104.21.48.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-03-14 Last Seen 2025-03-14 Times Seen 1 Size 7.7 kB (7690 bytes) MD5 cedacf273a2f78cdcc1a71240aff8723 SHA1 09d229e4a3ecc354a23dd67e576a40c2161faca9 SHA256 a02ac84b8e1086f1a40b9419375f3804a41e9bd9d5fda0c5dcd3a0bef6822f1b Format Code Loading...

	2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net	ScriptElement	17 kB	2025-03-14	2025-03-14
URL 2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net IP / ASN 104.21.48.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2025-03-14 Last Seen 2025-03-14 Times Seen 1 Size 17 kB (16992 bytes) MD5 c3bf18b7eb0d289d24a1bf5d4ebe244d SHA1 1ac9e851f0a0f5e06cf7f3242f089c474352e942 SHA256 fc8061c7f0889092387c81326dc92620b00772d0f29433a3946a30f681167eff Format Code Loading...

	2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net	Eval	1.7 kB	2025-03-14	2025-03-14
URL 2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net IP / ASN 104.21.48.1 #13335 CLOUDFLARENET Introduced by Eval Embedded false Resource Info First Seen 2025-03-14 Last Seen 2025-03-14 Times Seen 1 Size 1.7 kB (1743 bytes) MD5 3ae5aa37ce1ee40faa50001a86fb86b4 SHA1 cd5f1e675ffd0517b2c1effd538f716d6381dfa7 SHA256 b058682c724bfd8c0cec1b4a66b214c4c9744492ab41803b9a2a6c141ad4f5aa Format Code Loading...

	2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net	ScriptElement	39 kB	2025-03-14	2025-03-14
URL 2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net IP / ASN 104.21.48.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-03-14 Last Seen 2025-03-14 Times Seen 1 Size 39 kB (38790 bytes) MD5 bf08f4e7519c716e7a10b54fa73ef917 SHA1 7e530c0c9decdaa0fab4e920e935b5971da18908 SHA256 55f60e0d880cacd8325c4b0a7d6fd356d14d518d88e8168a96a2081c7c51e834 Format Code Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-08-09
URL code.jquery.com/jquery-3.6.0.min.js IP / ASN 151.101.130.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 269090 Size 90 kB (89501 bytes) MD5 8fb8fee4fcc3cc86ff6c724154c49c42 SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Format Code Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	48 kB	2025-03-04	2025-03-19
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2025-03-04 Last Seen 2025-03-19 Times Seen 5728 Size 48 kB (48239 bytes) MD5 184e29de57c67bc329c650f294847c16 SHA1 961208535893142386ba3efe1444b4f8a90282c3 SHA256 dd03ba1dd6d73643a8ed55f4cebc059d673046975d106d26d245326178c2eb9d Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-08-09
URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP / ASN 104.17.24.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-09 Times Seen 136989 Size 48 kB (48316 bytes) MD5 2ca03ad87885ab983541092b87adb299 SHA1 1a17f60bf776a8c468a185c1e8e985c41a50dc27 SHA256 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	5b3b7e9559563e779a24bc5effbfe1c4	DocumentWrite	9.0 kB	2025-03-14	2025-03-14
Introduced by DocumentWrite First Seen 2025-03-14 Last Seen 2025-03-14 Times Seen 1 Size 9.0 kB (8968 bytes) MD5 5b3b7e9559563e779a24bc5effbfe1c4 SHA1 f55aee922e297e3eb71eee0dc9ba923a81c7b1b3 SHA256 d733602ec8433239fef1b176961ac624685e7044806f425cb2bf63e6bec4882d Format Code Loading...

	95ee1f9275b4f043931764ffd517bf24	DocumentWrite	59 kB	2025-03-14	2025-03-14
Introduced by DocumentWrite First Seen 2025-03-14 Last Seen 2025-03-14 Times Seen 1 Size 59 kB (59048 bytes) MD5 95ee1f9275b4f043931764ffd517bf24 SHA1 7c030d9a0a48bc6ffb1f355e9a84eb1e7deb17d8 SHA256 131a3c63ef56c04ec09fc008cd877f1fad0a584abf6a30ddc00918b7ae8968f8 Format Code Loading...

HTTP Transactions (11)

URL IP Response Size

GET 6iik0b.zvaznx.ru/gando@ild13h

104.21.112.1

200 OK

1 B

URL GET HTTPS

6iik0b.zvaznx.ru/gando@ild13h

IP / ASN

104.21.112.1

#13335 CLOUDFLARENET

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typevery short file (no magic)

First Seen2023-03-07

Last Seen2025-08-09

Times Seen55302

Size1 B (1 bytes)

MD5cfcd208495d565ef66e7dff9f98764da

SHA1b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

SHA2565feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9

Certificate Info

IssuerGoogle Trust Services

Subjectzvaznx.ru

Fingerprint35:60:0C:9E:19:7C:68:C2:C7:2B:72:F5:1D:14:D3:7F:31:F7:6A:A7

ValidityThu, 27 Feb 2025 12:55:47 GMT - Wed, 28 May 2025 13:53:08 GMT

HTTP Headers

GET /gando@ild13h HTTP/1.1
Host: 6iik0b.zvaznx.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
Origin: https://2025_notificationx1tax_review.fmhjhctk.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:16:02 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gAqQu93%2BkxGANx5TgSgI6gcuK73sLYKKQinXszFoSFMnNMgbr1u8AmZdJCqp4yY%2B4cSWelNyEGlFdxn%2FjU%2BrlrYw5rmbD6hP3KiLzh%2FfYNt6W9%2B40mCsZgive%2F3OkrVx8YbZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 920462f1eef5fff6-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=83350&min_rtt=81943&rtt_var=13705&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3171&recv_bytes=1130&delivery_rate=44711&cwnd=87&unsent_bytes=0&cid=400f9fe8173362cb&ts=1210&x=0"
X-Firefox-Spdy: h2

POST 2025_notificationx1tax_review.fmhjhctk.ru/fqLuG2y0rLjx1OmMtMoHws

104.21.48.1

200 OK

20 B

URL POST HTTPS

2025_notificationx1tax_review.fmhjhctk.ru/fqLuG2y0rLjx1OmMtMoHws

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typetroff or preprocessor input, ASCII text, with no line terminators

First Seen2023-04-05

Last Seen2025-04-06

Times Seen31862

Size20 B (20 bytes)

MD50b35866f4a3aa4d34ce5dda2d14c2cd8

SHA1d2b80911f09c3106fdf0df9920f983945d644083

SHA256493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d

Certificate Info

IssuerGoogle Trust Services

Subjectfmhjhctk.ru

FingerprintC0:78:59:3B:25:57:74:73:68:E0:31:08:16:22:5F:A6:68:8D:FB:A9

ValidityWed, 19 Feb 2025 22:28:41 GMT - Tue, 20 May 2025 23:27:04 GMT

HTTP Headers

POST /fqLuG2y0rLjx1OmMtMoHws HTTP/1.1
Host: 2025_notificationx1tax_review.fmhjhctk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/
Content-Type: multipart/form-data; boundary=---------------------------14703507953338211885486213423
Content-Length: 919
Origin: https://2025_notificationx1tax_review.fmhjhctk.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6Im5iNHhPR2dkK044MVZadlpKcjl6cnc9PSIsInZhbHVlIjoicmdTUzRFdmd4NkVENmdTcjRiYW9BMTZvZll1L0VlbTJmSjV0T0I3UkM1SXAxTmdtNTAxODZjOUc3aU8yNHNXTmtlOG4rZzF0R21HdmQwSjRERERnTkJkd0lSQXVQT1hCNElGL0hEWEV0NWdxVWQ5RWJoenhKcm1SYWVQQXVMVGYiLCJtYWMiOiI1MmY5OTA2YjQ4MDIwYTM4NzZiMTc4M2Q4ZTdmZDEyYTZjMzA1OTNiMTgyNDc3MWFiNjMxZmJkNmIyNjdmODY3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlJmZzAzU3oyQ3FFVWh5eFpROXdoMmc9PSIsInZhbHVlIjoieGVRSzJCaXBFYTJjTTIzT0NvWDNLZkFkd25RMFJIelZXbVdMWFY5d2ZXc1lDTTd2MUlzdXBHOHhERlZxZ08rZm92d2VQVE00Y2c4NGJKSGMwcUpuckIzZnhQNFcraWprWnZVQnY3Y3FDeFB2RGxFOGN5MWJmRE9vYUlCeFJUZ0EiLCJtYWMiOiI4OWVhNDVkODkxZjg5MzA0NGEzMjkxNzUwOTQyODY3N2JjNTU5NWQ4NzgzMDFlODI1ZDk5MzhjNmEzOGUwZDMxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:16:03 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dZi%2Fhyo5R4JDSvJ%2FzWKM%2Boesgw3njRZ0SsCdvx4N8S%2BdwU2H4S3dOBuJwpUdXSkeIRB%2FNOx5lHiGasxLvjMe5mU%2F7FMe00GNMD85o3crvU5qdU4AakCxxCw2l2Oa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkFMbTJSVXd3Z1pPdUx6RXFMVk9FaFE9PSIsInZhbHVlIjoiMUcydDRRNUExazcxTmFTSFlkUTZpRUtzY0xZYXQxRWdzUzFkNzRCc29URS9jVUxCdHZVMXVnWVhSVGtRVjdiUmgwY3U5VmNRRUoyUWNZTEhFOHIyTVB1MXdXdExPeHRYQ1lDUWx1NmErRHpkb0pBWEl6SitNQ2dhUXR2L0dhbUciLCJtYWMiOiIyMTE5MDQ1ZGFjM2RlZGU0M2NkOTFhNDgxNWQxZThkZmFmYTgwMjQzMmZjZDUxYzI5OTI2OWU2ZGQ4NGZhMTNjIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 16:16:03 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjVJVzc0UWFLQTd2eUZPTTRQaDZEbWc9PSIsInZhbHVlIjoiVVhKaENHK1dKS3pSSXJlT0RpWE0weUNBNTZmSnFlUlIxUVRYUUR6RlFFOXd5R2VHNFU5eHRFZlE2aTRHc0pDdTdqY2ZWUS9VYnpBZ1l3blpSRGUxNlVJWWxlWmlqOUdsUzBDL0x4enNOeCtEOFRQSitLL2YwOUlmSlNOd09PaUkiLCJtYWMiOiI1N2MxMzBiNGZkMWI4ZjNhNGI1MTdiMjQ1OWEwZjYzMzFiY2EwMTNmM2I3NzczZmZkZTJiY2NkM2UwNTQxOWFjIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 16:16:03 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
server: cloudflare
cf-ray: 920462f9aa25fe9e-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=938&min_rtt=880&rtt_var=290&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2825&recv_bytes=3230&delivery_rate=4468508&cwnd=253&unsent_bytes=0&cid=4395bce21a243844&ts=237&x=0", cfL4;desc="?proto=TCP&rtt=82317&min_rtt=78060&rtt_var=1896&sent=47&recv=35&lost=0&retrans=0&sent_bytes=27144&recv_bytes=2993&delivery_rate=250871&cwnd=154&unsent_bytes=0&cid=4cbd5cb581fb1aa0&ts=18779&x=0"
X-Firefox-Spdy: h2

GET 2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

104.21.48.1

200 OK

17 kB

URL User Request GET HTTPS

2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (12005), with CRLF line terminators

First Seen2025-03-14

Last Seen2025-03-14

Times Seen1

Size17 kB (17056 bytes)

MD5bf67467b2e7b62ad55f59816415eee74

SHA16989e139f2eaf7310548f11209a494bd351d329c

SHA256f8fc4dbe691bf2dc297e1abd692da91331c6d784c9695eeea72eb30ca2579f25

Certificate Info

IssuerGoogle Trust Services

Subjectfmhjhctk.ru

FingerprintC0:78:59:3B:25:57:74:73:68:E0:31:08:16:22:5F:A6:68:8D:FB:A9

ValidityWed, 19 Feb 2025 22:28:41 GMT - Tue, 20 May 2025 23:27:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /aNAtEaDInodo/ HTTP/1.1
Host: 2025_notificationx1tax_review.fmhjhctk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFMbTJSVXd3Z1pPdUx6RXFMVk9FaFE9PSIsInZhbHVlIjoiMUcydDRRNUExazcxTmFTSFlkUTZpRUtzY0xZYXQxRWdzUzFkNzRCc29URS9jVUxCdHZVMXVnWVhSVGtRVjdiUmgwY3U5VmNRRUoyUWNZTEhFOHIyTVB1MXdXdExPeHRYQ1lDUWx1NmErRHpkb0pBWEl6SitNQ2dhUXR2L0dhbUciLCJtYWMiOiIyMTE5MDQ1ZGFjM2RlZGU0M2NkOTFhNDgxNWQxZThkZmFmYTgwMjQzMmZjZDUxYzI5OTI2OWU2ZGQ4NGZhMTNjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjVJVzc0UWFLQTd2eUZPTTRQaDZEbWc9PSIsInZhbHVlIjoiVVhKaENHK1dKS3pSSXJlT0RpWE0weUNBNTZmSnFlUlIxUVRYUUR6RlFFOXd5R2VHNFU5eHRFZlE2aTRHc0pDdTdqY2ZWUS9VYnpBZ1l3blpSRGUxNlVJWWxlWmlqOUdsUzBDL0x4enNOeCtEOFRQSitLL2YwOUlmSlNOd09PaUkiLCJtYWMiOiI1N2MxMzBiNGZkMWI4ZjNhNGI1MTdiMjQ1OWEwZjYzMzFiY2EwMTNmM2I3NzczZmZkZTJiY2NkM2UwNTQxOWFjIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:16:04 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QHyjp3aFLbupNfd7NFrZT%2FBn1EvXmt1Jd74NVgeneR2ROYZ9mvq%2F2fXHjzu1dPxw0aMgE4pfIDuhUN%2BkAeIBOpFT2pl%2B0atTWHaSr3waKMIfB9f2neX2p9BnpVy8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IkFEejR1SVpIYVFRRm0rUVF4MTNEMVE9PSIsInZhbHVlIjoidVJpcmVxaFVlNElueTVZZVJhTjIxTzdPR0Q0UFFlT2tLZE1IbzQxUit4cDR5VTdraUg0L3ZMMXBMVWpZN20zQzlpVWd6K3R1YnR3OTFUYVJqWXU0UXBYUHJiRlNNSlBsV3ZJYVMxdHd2NmZ2TjNNRjlnaUlPN1BMRWNqd1p6OWkiLCJtYWMiOiI0NGE5ZWQ3MzYwMGM1MzQzNmIwYzQzMTQxNzc4ZjI2NTkzN2U2ZmFlNDFmNmRlZTc0MzhhYzcyMWVjOWI3ZDI3IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 16:16:03 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjdjNHZacFEzMzdVUDZrOWhiZHhibEE9PSIsInZhbHVlIjoib0VLM2pIc0MvL2RHdHNtTzNrYVd5Uy9GKytPWkI1cmxWWnk5Y0ZOOW8zeis2VjBWN0I4ZGIyek1JK2J4YWdZQSs5RnI3NlRodXJDUldZZCt5Mk9sK1Z0YmxiRnkxVXQrRTZMOFRaem50NVkxSjhna1dmR3ArVVU1MmN4SThpbGsiLCJtYWMiOiJlNTM1M2RkOWQ0ZmUwNzZmOGE5MGY1NDI3NDQ1YmViZTgzYTJkZmNlMDI1NmMyNThjZWM2NzA1MWMyNmQ2OGM5IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 16:16:03 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 920462fdab63fe9e-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=952&min_rtt=936&rtt_var=292&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2827&recv_bytes=2163&delivery_rate=4007928&cwnd=252&unsent_bytes=0&cid=3c2c8260a7f0b462&ts=508&x=0", cfL4;desc="?proto=TCP&rtt=81130&min_rtt=78060&rtt_var=2010&sent=52&recv=39&lost=0&retrans=0&sent_bytes=28559&recv_bytes=3684&delivery_rate=250871&cwnd=154&unsent_bytes=0&cid=4cbd5cb581fb1aa0&ts=19537&x=0"
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.24.14

200 OK

48 kB

URL GET HTTPS

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

IP / ASN

104.17.24.14

#13335 CLOUDFLARENET

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators

First Seen2023-03-07

Last Seen2025-08-09

Times Seen136989

Size48 kB (48316 bytes)

MD52ca03ad87885ab983541092b87adb299

SHA11a17f60bf776a8c468a185c1e8e985c41a50dc27

SHA2568e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32

ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:15:45 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 44189
expires: Wed, 04 Mar 2026 14:15:45 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zw3HzQFFOEcb3TOasUBIdG6SdPwZSNm7oUzl%2FFWzwFULmT3nYHaQ28%2FmbuKYrXqDpNP9xUUZXUHfcITVnXHbretpcSqFVeoefFcSMIWaJWrzijlm8O8ututUiPuDxBXKDqaSB0Dw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 920462906fab56b4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js

104.18.95.41

200 OK

48 kB

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48238)

First Seen2025-03-04

Last Seen2025-03-19

Times Seen5728

Size48 kB (48239 bytes)

MD5184e29de57c67bc329c650f294847c16

SHA1961208535893142386ba3efe1444b4f8a90282c3

SHA256dd03ba1dd6d73643a8ed55f4cebc059d673046975d106d26d245326178c2eb9d

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28

ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT

HTTP Headers

GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:15:46 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 28 Feb 2025 15:24:08 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 920462911e835687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

200 OK

90 kB

URL GET HTTPS

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.130.137

#54113 FASTLY

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-09

Times Seen269090

Size90 kB (89501 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 14 Mar 2025 14:15:45 GMT
age: 5715280
x-served-by: cache-lga21931-LGA, cache-osl6541-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 144028
x-timer: S1741961746.976466,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

104.18.95.41

302 Found

48 kB

URL GET HTTPS

challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738507

Size48 kB (48239 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28

ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT

HTTP Headers

GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 14 Mar 2025 14:15:45 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/f3b948d8acb8/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 920462906d425687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET developers.cloudflare.com/favicon.png

104.16.3.189

200 OK

937 B

URL GET HTTPS

developers.cloudflare.com/favicon.png

IP / ASN

104.16.3.189

#13335 CLOUDFLARENET

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typePNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced

First Seen2024-11-14

Last Seen2025-07-08

Times Seen18111

Size937 B (937 bytes)

MD5fc3b7bbe7970f47579127561139060e2

SHA13f7c5783fe1f4404cb16304a5a274778ea3abd25

SHA25685e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe

Certificate Info

IssuerGoogle Trust Services

Subjectdevelopers.cloudflare.com

FingerprintE9:3A:C0:6A:2E:64:DE:1B:4E:08:08:AE:18:4B:FF:46:61:C4:C0:78

ValidityTue, 14 Jan 2025 19:23:19 GMT - Mon, 14 Apr 2025 20:23:12 GMT

HTTP Headers

GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:15:46 GMT
content-type: image/png
content-length: 937
cf-cache-status: HIT
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=QeLwV0PIlidG8KeN2jnZDfe_wuoLImw3WAPQY1j8Fdc-1741961746-1.0.1.1-zw296xDxokLtfAGO.F0dou.ptSiWW9J6iEVXOhjGtISXcRpmrX1ef5suGiZSo5hV_3T2h2f.5o7ut5wxzyWEJKRiqtqkwIKi9pMpX_pfi4g; path=/; expires=Fri, 14-Mar-25 14:45:46 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 920462935eb5569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET code.jquery.com/jquery-3.6.0.min.js

151.101.130.137

90 kB

URL GET HTTPS

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.130.137

#54113 FASTLY

Requested byhttps://2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-09

Times Seen269090

Size90 kB (89501 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2025_notificationx1tax_review.fmhjhctk.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

GET adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Tax_Review.fmhjhctk.ru/aNAtEaDInodo/%23Ylauren.hinett@slurpmail.net

216.58.211.2

302 Found

192 kB

URL User Request GET HTTPS

IP / ASN

216.58.211.2

#15169 GOOGLE

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-09

Times Seen5738507

Size192 kB (191819 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subject*.g.doubleclick.net

FingerprintAA:7E:43:94:65:8C:82:E3:08:A8:1D:79:38:AF:94:DE:86:A0:FA:B1

ValidityWed, 26 Feb 2025 15:32:54 GMT - Wed, 21 May 2025 15:32:53 GMT

HTTP Headers

GET /pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&token={{RANDOM_STRING}}&adurl=https://adclick.g.doubleclick.net/pcs/click?ref={{RANDOM_STRING}}&id=Y41515N2435yMX419snVO7695-2024-McWAN324SCAN&adurl=https://2025_Notificationx1Tax_Review.fmhjhctk.ru/aNAtEaDInodo/%23Ylauren.hinett@slurpmail.net HTTP/1.1
Host: adclick.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cache-control: private
location: https://2025_Notificationx1Tax_Review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 14 Mar 2025 14:15:44 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUlxmBQLdeN4SV-4u1fA5Gm4gYpm3nxHb5p4lSXHJn4E1OHxjC8FO0vmdHrW; expires=Sun, 14-Mar-2027 14:15:44 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

104.21.48.1

200 OK

192 kB

URL User Request GET HTTPS

2025_notificationx1tax_review.fmhjhctk.ru/aNAtEaDInodo/#Ylauren.hinett@slurpmail.net

IP / ASN

104.21.48.1

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (65356)

First Seen2025-03-14

Last Seen2025-03-14

Times Seen1

Size192 kB (191819 bytes)

MD50f31f8ed86d586ce0efa9b9792384ba7

SHA16c2bd000e0e77c0c105d98a37346c7023575dce9

SHA256282ad484cbc4f47bc808de5aac7d741bb8e315e36d492356d3787efaf4ec18d6

Certificate Info

IssuerGoogle Trust Services

Subjectfmhjhctk.ru

FingerprintC0:78:59:3B:25:57:74:73:68:E0:31:08:16:22:5F:A6:68:8D:FB:A9

ValidityWed, 19 Feb 2025 22:28:41 GMT - Tue, 20 May 2025 23:27:04 GMT

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /aNAtEaDInodo/ HTTP/1.1
Host: 2025_notificationx1tax_review.fmhjhctk.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 14 Mar 2025 14:15:45 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UHmuN9JAFmhMnJETnuc2QudzZczOBWeeAVKVvW8l6JzCPtRJ8BnYGnFOgcWTXoV799HsStmfIv6%2BgSrH1Vn2waaHsLsNXTkXR6%2FlJ98P%2FlQ94MbJwZ6rbtPEQNc%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6Im5iNHhPR2dkK044MVZadlpKcjl6cnc9PSIsInZhbHVlIjoicmdTUzRFdmd4NkVENmdTcjRiYW9BMTZvZll1L0VlbTJmSjV0T0I3UkM1SXAxTmdtNTAxODZjOUc3aU8yNHNXTmtlOG4rZzF0R21HdmQwSjRERERnTkJkd0lSQXVQT1hCNElGL0hEWEV0NWdxVWQ5RWJoenhKcm1SYWVQQXVMVGYiLCJtYWMiOiI1MmY5OTA2YjQ4MDIwYTM4NzZiMTc4M2Q4ZTdmZDEyYTZjMzA1OTNiMTgyNDc3MWFiNjMxZmJkNmIyNjdmODY3IiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 16:15:45 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlJmZzAzU3oyQ3FFVWh5eFpROXdoMmc9PSIsInZhbHVlIjoieGVRSzJCaXBFYTJjTTIzT0NvWDNLZkFkd25RMFJIelZXbVdMWFY5d2ZXc1lDTTd2MUlzdXBHOHhERlZxZ08rZm92d2VQVE00Y2c4NGJKSGMwcUpuckIzZnhQNFcraWprWnZVQnY3Y3FDeFB2RGxFOGN5MWJmRE9vYUlCeFJUZ0EiLCJtYWMiOiI4OWVhNDVkODkxZjg5MzA0NGEzMjkxNzUwOTQyODY3N2JjNTU5NWQ4NzgzMDFlODI1ZDk5MzhjNmEzOGUwZDMxIiwidGFnIjoiIn0%3D; expires=Fri, 14-Mar-2025 16:15:45 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 920462884eacfe9e-AMS
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=947&min_rtt=938&rtt_var=280&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2826&recv_bytes=1426&delivery_rate=4122324&cwnd=252&unsent_bytes=0&cid=283cccb959a6668f&ts=308&x=0", cfL4;desc="?proto=TCP&rtt=84341&min_rtt=78420&rtt_var=20922&sent=8&recv=11&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1153&delivery_rate=47418&cwnd=151&unsent_bytes=0&cid=4cbd5cb581fb1aa0&ts=710&x=0"
X-Firefox-Spdy: h2