GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95c5f9fd2ab90b3d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 528199
expires: Mon, 29 Jun 2026 07:06:03 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AtuGUZonNG6qTVp%2BEry8EF6R07%2BWEHvP%2FfdNjZqdAxBuS9ZuACZZyC6CjO9UBz5sYwPPHzB3KwFFeVV7%2F6im7jdRXCwj5j9y9oLHTUMvjHUWeSeo4%2Bi2Mo0RZk8Co%2FFzE2k04guC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95c5fa09de7f0b3d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 528201
expires: Mon, 29 Jun 2026 07:06:05 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TSXuJysNO7MFH4e1qr35a1iYFzOaT%2F4EUAfndVtvtsTF3ZNEmt0UsHYTHE%2FbsGc11FhPj1LUmJa0sJ952z%2Fh19dSL8QqCYOxuhhL8X81ifiLJ0y7L7d5NPB7lbhEmRKJUPg091iY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 8mer2.zramvegtm.es/gashti$9lg629
200 OK 1 B URL GET 8mer2.zramvegtm.es/gashti$9lg629
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectzramvegtm.es
FingerprintC2:BB:FA:6D:77:F8:3D:F5:15:EE:33:EB:FE:A5:F3:AA:3E:10:1A:A6
ValidityTue, 01 Jul 2025 23:25:43 GMT - Tue, 30 Sep 2025 00:24:20 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /gashti$9lg629 HTTP/1.1
Host: 8mer2.zramvegtm.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:02 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6B5cOUt5KVgmcYZR0Ik9KU0RBH6mkLZgkLgIlU%2F7%2FbAboR1GygD%2FfVXpm%2BaiYE1dvTZ6%2FJfA8x8tjlK6KO6iCQ3geiOmCkU7TwHw7GiM9uw%3D"}]}
content-encoding: br
cf-ray: 95c5f9edfbc6569f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Sun, 29 Jun 2025 16:32:58 GMT
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Mon, 29 Jun 2026 16:32:58 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
x-cache: Hit from cloudfront
via: 1.1 57d04bb9ff0f23ac1c33e083d49e973e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: mDLyo-TzAy4c1nnDa6wE2DxBWNhYSDWiI9Aqj_HW8f4oTgk97W8KYw==
age: 829988
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/stDytfEk0whFsBplDOkSdZg52bzalVgq1cjkmnXxSCI04K9AQDX2pK7rBK2fCMWwIv4hfptcwZ14ef254
200 OK 18 kB URL GET ptxusb.fodrjf.es/stDytfEk0whFsBplDOkSdZg52bzalVgq1cjkmnXxSCI04K9AQDX2pK7rBK2fCMWwIv4hfptcwZ14ef254
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /stDytfEk0whFsBplDOkSdZg52bzalVgq1cjkmnXxSCI04K9AQDX2pK7rBK2fCMWwIv4hfptcwZ14ef254 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:09 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="stDytfEk0whFsBplDOkSdZg52bzalVgq1cjkmnXxSCI04K9AQDX2pK7rBK2fCMWwIv4hfptcwZ14ef254"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=g6x8ucrT%2BLRv%2BL17kWy3ay3NtjhvsTqvlgpW4fDMEMI4HteV4m9e2P5vFg2j4hpFo88kl8AcE5ors%2BQ1jKrY6UuZmFHeCpH0hcZKWeHXMJs%3D"}]}
cf-ray: 95c5fa0dd97856a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1600&min_rtt=0&rtt_var=924&sent=620&recv=388&lost=0&retrans=0&sent_bytes=516731&recv_bytes=53025&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=22456&inflight_dur=354&x=40"
POST zizkidf40sduam0wek6qjeskkgqt72nxyoi1swzx9rk4p1rm2hpft.eojlpggwfnp.es/5785421689980698729XwULRgXREKWIMKOTFFBNWLBKYDORQOQCDFIBODKQMpqti0MpRyzf00xJuv31
200 OK 536 B URL POST zizkidf40sduam0wek6qjeskkgqt72nxyoi1swzx9rk4p1rm2hpft.eojlpggwfnp.es/5785421689980698729XwULRgXREKWIMKOTFFBNWLBKYDORQOQCDFIBODKQMpqti0MpRyzf00xJuv31
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjecteojlpggwfnp.es
Fingerprint3C:D4:BE:FC:A1:38:9F:1F:2E:5A:E7:80:10:5C:2E:74:C7:D9:66:A3
ValidityThu, 12 Jun 2025 15:30:16 GMT - Wed, 10 Sep 2025 16:27:59 GMT
File type ASCII text, with very long lines (536), with no line terminators
Hash b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
Quad9 DNS malicious Sinkholed
POST /5785421689980698729XwULRgXREKWIMKOTFFBNWLBKYDORQOQCDFIBODKQMpqti0MpRyzf00xJuv31 HTTP/1.1
Host: zizkidf40sduam0wek6qjeskkgqt72nxyoi1swzx9rk4p1rm2hpft.eojlpggwfnp.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 101
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:12 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://ptxusb.fodrjf.es
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FG5a8Lit4aWf%2FKJg6wGhJMZ%2FZCUXH8aT%2BgTU%2BzVOKac3TmiukYicf1EFl8VTQz3SxHtwAyjptiPeYwJbO%2BcLD%2FS8Zkwq2jd13IifIH6VzlD%2Bu6cJ9So16oEu8YIGDrHNulzJzrbwKfrOymDFSOqdQaa5Ekko0CYqD52cWz3jFYb0cw%3D%3D"}]}
content-encoding: br
cf-ray: 95c5fa2f5f5b56b7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 09 Jul 2025 07:06:00 GMT
age: 1361763
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 403735
x-timer: S1752044761.920888,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/opcTjY6y2GkNwguMkBWM46EdeoC7NccBhbxXaPFYApijqRDP4AgJW0CUjddEj5BYbsnoXh8otycd200
200 OK 268 B URL GET ptxusb.fodrjf.es/opcTjY6y2GkNwguMkBWM46EdeoC7NccBhbxXaPFYApijqRDP4AgJW0CUjddEj5BYbsnoXh8otycd200
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opcTjY6y2GkNwguMkBWM46EdeoC7NccBhbxXaPFYApijqRDP4AgJW0CUjddEj5BYbsnoXh8otycd200 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:08 GMT
content-type: image/svg+xml
cf-ray: 95c5fa0dd97456a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opcTjY6y2GkNwguMkBWM46EdeoC7NccBhbxXaPFYApijqRDP4AgJW0CUjddEj5BYbsnoXh8otycd200"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Kb%2BTXiqLVpfxLdPTna5RCsA5gHW9uD0WxOcmPvepUSOVKbrXaDAUmKzr5CeNfrBwSFj2e6B2m91PqLC0cd008MGxnjm6Zvi9nWimdNtUH7Q%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1689&min_rtt=0&rtt_var=994&sent=618&recv=387&lost=0&retrans=0&sent_bytes=515836&recv_bytes=52979&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=21274&inflight_dur=352&x=40"
GET ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
200 OK 26 kB URL User Request GET ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type JavaScript source, ASCII text, with very long lines (24709), with CRLF line terminators
Hash 76ee339ffabce82ffc9cc8ded3405ace
ea519e640650957116f6b18f359b958be0eaecac
3d61bb51297feb7bf5a40f25170a60a5bdb816256e14356341bfd2c67b090348
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImIwaWIvUngwbE5xSVo1SzhhZkxqV2c9PSIsInZhbHVlIjoiN2phTEYwN1RyQlZmbTA5UTBOUUdGMWVNMmtGeFFEdnUrVytoUzk2K1Z3WTJSQTRsc1lYQWdxQWJtUExsd1plL2k0R1RmekNaNW82bS8wRlAybEpXbzU1bTdsSyt1ajNuRnZ6K0ZaWmZEemxheEdXM0NxdE8zUDlYZmgwTXlyZUMiLCJtYWMiOiIxODRhN2ExNzg5Yzc2ZGI0NGZhOTlmODUwYWQ2OGZjMTcyNjcxMTk2ZjQ4Mzc0MWRmZmI1OWY4MTEwMmFlZGU5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Inp5aTJhTFBMUlNWY2hZNTZLR2IxbHc9PSIsInZhbHVlIjoiYU0vcnVEdGc2aXNHSThERFZuRUFjUHI0SVQwQ0ozMGVKTUJXcUo4b211enhsUDBHYTh5UXFKNzhqVW9hd2xXQ25qd1MvWU1JcTVpSldCYi8vRzlXa3ZCVjFBUFdWb2tKV3NQWDYxd3BEaDE0Ynk5a0E1bk0zajdtWjFJR1JwM3YiLCJtYWMiOiJkODZhYjEyYWJhM2E3NmNkMzZlMmZjNWY0OWY5ZTJiMWY1ZWJiNGI5ZTczNDMyYTY1NTMzMTVkYWNmNjlmOGVlIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:03 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9f7a84956a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=DbnXjZ6azv9qUR5fwcswm8k7FBTBbdE8svLecKZujs9%2FLxOU02LD%2Fu8MvoCjyH76jJDnpvo9JogKOXNaTSerOXeLNv%2BHO7dTB2F5QuoENvY%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6InhLcFlIQnNrb1diVFNzR2tnTHAxRGc9PSIsInZhbHVlIjoiY1RWbjVTMnMrVGNXa09uU0pMdjM0czlSYmhoa0lnbTZpaklPRTBOODJ1Snd5QnpBUkg0ZjB4bFdZOE40THR6Q3NvMzJsU0VTT2RxWVVWbTJCdnY2VlFsRHp4bGlGTEpBOGxZWW1PUmVWTVlJMVB4a3dMQUd6aTNWRHJjWFVFeTYiLCJtYWMiOiIzNDhiOWM5YmE4ZWRhMjBkZTE1MjI5ZTdmOTliN2NmYjY3MDg0MjZiNzE5MDU3NWU0Y2M2OGQ4M2I1YTk0MmM5IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:03 GMT
laravel_session=eyJpdiI6Ik1wY3A3QzhoT2R1SDExREhFZUU4Q1E9PSIsInZhbHVlIjoiUWM5anpCbFNNMmg2VDd0K20vb3RiSDQ4a1FYOFFiMEFYbHM1US80b2NWbjBKUDhocGtwUDFhSDVwcU9UWnhYclVIQ0ZGaUFDaW9JTGhZU2NpeDc3aERaTXgyUlVaa3c4elJKblcxTFd2MVE3Wk5KVVB5ZWRZaFp1ZEtReVhvQ3IiLCJtYWMiOiI5ZGYyYjFmYzBjNzhhMTVjMmZjODg2YTlkNzIwYmRlY2ZkZjAwNjkzYTBhN2E0ZTI3MzNiMDkxOTY0YTk5M2VlIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:03 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1340&min_rtt=0&rtt_var=769&sent=216&recv=310&lost=0&retrans=0&sent_bytes=25146&recv_bytes=23420&delivery_rate=22456050&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=16199&inflight_dur=110&x=40"
GET ptxusb.fodrjf.es/GDSherpa-vf.woff2
200 OK 44 kB URL GET ptxusb.fodrjf.es/GDSherpa-vf.woff2
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: MISS
last-modified: Wed, 09 Jul 2025 07:06:07 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=bCzNyY%2BSv48c3M4qW%2FaR5YRduwhJpBqtHOJL%2BOnFxfn%2BrxiyVMg8gGVFX8hj9ZLPDA%2BWeWGo%2BH%2FwrhZO%2BNzazBTxp6e678qil3ubXG4ZX2A%3D"}]}
cache-control: max-age=14400
cf-ray: 95c5fa0d896e56a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1846&min_rtt=0&rtt_var=1478&sent=469&recv=366&lost=0&retrans=0&sent_bytes=325665&recv_bytes=47911&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20424&inflight_dur=303&x=40"
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=astro24Node&render=explicit
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=astro24Node&render=explicit
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=astro24Node&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 09 Jul 2025 07:05:47 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/e7e9d014f96e/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 95c5f997597456c3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/favicon.ico
404 Not Found 0 B URL GET ptxusb.fodrjf.es/favicon.ico
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InBuV21KRUJNcmZLK0pjTUViUUpEbXc9PSIsInZhbHVlIjoiaXg4aHFtb3BsVlFrdFczUzhTTCtoQUt6NWZqc3MwMzFDNzZZUHQ1c3B6VTZqL01QWEZ5ZVM2QzBnc2JQNStTbFM5Z2RvNnVMUHY2V1VJMnBqZ1F1Wjl2OUVqOGpNWWVDUk1NOWl6RU9GNnlkZG9SVWQ0enpxY3J2YmlKeGNMdlQiLCJtYWMiOiJjMGUxODhhNzVkYzNhY2VkYWIwYTNlNzM3YmYyZWNhZWJmNWI0MTc2NThlMTc0MjAzMDEwZmQ4YWNjM2RkMjliIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IldoZEVhcHdXMkd6RUtyN1NtdzJNZEE9PSIsInZhbHVlIjoiV0xob3REbWFCOHJzR0hSOHllUzVhdzQ2S3NCKzN4YSs0K2ZrdGl1aUpjVGtEWGVqY09lMG9aOG5KK0N0ZXhUK3IrTzZsYjgxcG9GcDRIZVNiRUNaaUVseXNJR1JGcDlZMjNaZUs1YjBkR3BBMVVCb0QxWWpLeEk4WFk5K0pkWXEiLCJtYWMiOiI1YzQzMzlmYzJjOTYwN2RkNmI0MjZmMjUyNzhmNGYzMGMxNDczNGEzMmUxNTIxMDU5YmMzY2JkNThjNDk3NTVjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 09 Jul 2025 07:05:48 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9982cda56a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Wicx1ggOMstopjf5NZcHHt70fXqmv3%2F1nOdfZhR12%2BpgNIG0x6U8C10Quvf3akjO1nG00W%2FNbQnipYG%2FoVRFEIWktGA3zM%2BP9gN7hSm8qUQ%3D"}]}
cf-cache-status: MISS
age: 10
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1930&min_rtt=529&rtt_var=1148&sent=199&recv=297&lost=0&retrans=0&sent_bytes=15305&recv_bytes=16859&delivery_rate=635480&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=936&inflight_dur=35&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=95c5f9985e8e5694&lang=auto
200 OK 138 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=95c5f9985e8e5694&lang=auto
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 138 kB (137539 bytes)
Hash ad64a61e41c55178aba0d100beb3d3b2
6ca8bda3bedef4fafe22b86b5ec4812e29e4def8
e8e904ce01595deee12afd6da08b201dc4a57cdd40f8bf7efab8c48b064a364a
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=95c5f9985e8e5694&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:47 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 95c5f9992f835694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
200 OK 30 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (29696), with no line terminators
Hash 050353b64da65366aafd4989868d5129
75c44625f3abc753de9f594630e96957f3803f75
1449a22d8de1291b46e74558d7197f2afedbcc9c924854484e31cd61f4f9d2c0
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
cf-chl: dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34860
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:54 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: HZ9z3/ScXFK8McRs79wapy9IZ+IS7n2dhKtJdkXV+x3ZnThKM7i646Ie9tcjWsQK$+FvqfFPEfEHT3iSpA5oPGw==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95c5f9c0ff565694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ptxusb.fodrjf.es/GDSherpa-regular.woff2
200 OK 29 kB URL GET ptxusb.fodrjf.es/GDSherpa-regular.woff2
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: MISS
last-modified: Wed, 09 Jul 2025 07:06:07 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=UMXoELTF8Ng3XZOEIjHviBXrWVYL%2BjdcMnp4ksiH4qGaGwaUFAYhZKMgHZV8vmO9ko0jV0acGO7XYLoAtdIeVCJXzA%2FAunROYTfCLGp%2B96k%3D"}]}
cache-control: max-age=14400
cf-ray: 95c5fa0d896b56a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1469&min_rtt=0&rtt_var=892&sent=430&recv=362&lost=0&retrans=0&sent_bytes=273541&recv_bytes=46755&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20279&inflight_dur=294&x=40"
GET ptxusb.fodrjf.es/wxRLgYURQgWgco8kZVqredgkyKrAYcM4Yup634130
200 OK 644 B URL GET ptxusb.fodrjf.es/wxRLgYURQgWgco8kZVqredgkyKrAYcM4Yup634130
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wxRLgYURQgWgco8kZVqredgkyKrAYcM4Yup634130 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="wxRLgYURQgWgco8kZVqredgkyKrAYcM4Yup634130"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RFW1lrRyqTMARV%2FM96bet95zODP3HoXm6ZfBuSeCcu%2FYCLSuH%2FiS%2FoxVdRs4%2BfMYM1Tml5SrkXT6HJtS4LQQ4arz9tifnp5DjDAPO8%2FG%2FcQ%3D"}]}
cf-ray: 95c5fa0d997056a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1327&min_rtt=0&rtt_var=506&sent=388&recv=356&lost=0&retrans=0&sent_bytes=222646&recv_bytes=46470&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=19931&inflight_dur=253&x=40"
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 08 Jul 2025 23:00:14 GMT
expires: Wed, 08 Jul 2026 22:58:17 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 57d04bb9ff0f23ac1c33e083d49e973e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: ecOJIHRCYo0blmm3ZaHKtWc3gCZ204qPjuMoiqedy17iPOJfM6-VxQ==
age: 29269
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
date: Mon, 23 Jun 2025 13:02:15 GMT
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
expires: Tue, 23 Jun 2026 13:02:15 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 57d04bb9ff0f23ac1c33e083d49e973e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: qaOqFE-oR19LgIE5ERg-QBpWX3eT1SfUTAH_0i8foGxmsa55eQZb8Q==
age: 1361032
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
200 OK 976 B URL User Request GET ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type HTML document, ASCII text, with very long lines (976), with no line terminators
Hash 5172500ac37316965c6e80f0d1fbe660
aa315b10ba897456587225cf212d686a9d5c9626
221e6ead046f213703e61d2aa477ea10ee7ff5dc2056266c868932f76e913f20
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:05:47 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=s8rrHVkIWa1CnzVjhyAGKTZ87yFL7MJRTuGXWJokNDkApYiYGCprVBqUBGr9In0t98BjzPF9bcTkktL%2BnoCxoOfPRXNLJpYFI06fG163yC0%3D"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6InBuV21KRUJNcmZLK0pjTUViUUpEbXc9PSIsInZhbHVlIjoiaXg4aHFtb3BsVlFrdFczUzhTTCtoQUt6NWZqc3MwMzFDNzZZUHQ1c3B6VTZqL01QWEZ5ZVM2QzBnc2JQNStTbFM5Z2RvNnVMUHY2V1VJMnBqZ1F1Wjl2OUVqOGpNWWVDUk1NOWl6RU9GNnlkZG9SVWQ0enpxY3J2YmlKeGNMdlQiLCJtYWMiOiJjMGUxODhhNzVkYzNhY2VkYWIwYTNlNzM3YmYyZWNhZWJmNWI0MTc2NThlMTc0MjAzMDEwZmQ4YWNjM2RkMjliIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:05:46 GMT
laravel_session=eyJpdiI6IldoZEVhcHdXMkd6RUtyN1NtdzJNZEE9PSIsInZhbHVlIjoiV0xob3REbWFCOHJzR0hSOHllUzVhdzQ2S3NCKzN4YSs0K2ZrdGl1aUpjVGtEWGVqY09lMG9aOG5KK0N0ZXhUK3IrTzZsYjgxcG9GcDRIZVNiRUNaaUVseXNJR1JGcDlZMjNaZUs1YjBkR3BBMVVCb0QxWWpLeEk4WFk5K0pkWXEiLCJtYWMiOiI1YzQzMzlmYzJjOTYwN2RkNmI0MjZmMjUyNzhmNGYzMGMxNDczNGEzMmUxNTIxMDU5YmMzY2JkNThjNDk3NTVjIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:05:46 GMT
cf-ray: 95c5f990adbd0b02-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
200 OK 4.7 kB URL GET cdn.jsdelivr.net/npm/lz-string@1.4.4/libs/lz-string.min.js
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jsdelivr.net
FingerprintA6:DD:A1:61:65:41:D0:8F:18:9A:2F:B3:5C:A4:20:AA:B2:8C:AD:1F
ValidityFri, 25 Apr 2025 00:00:00 GMT - Mon, 04 May 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (4718)
Hash 109c13d75d0b6fc6440d3e98f803d396
b69e7073bc2c1bc9a57aada4c73799d182ef8368
9d1a0ef07a2ea5faa8cd4afb60a0518075e6771e341e5ff4e0e481cefedeecbf
GET /npm/lz-string@1.4.4/libs/lz-string.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 1425
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-jsd-version: 1.4.4
x-jsd-version-type: version
etag: W/"126f-tp5wc7wsG8mleq2kxzeZ0YLvg2g"
content-encoding: br
x-served-by: cache-fra-etou8220041-FRA, cache-lga21931-LGA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 273609
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wyR%2BGRISNC2MqmFdX8kco9cDBkL5Btzf9YSo2fe4%2BMFifeOMNQqjnCNrV%2BwJqeZV46l7EsAbdg2UmKgotMwCh96VKs%2BaFin%2FBquO8wc4reJHr99S%2B8L9l1bCAirH7SEJVlA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 95c5f9fc1fd37127-OSL
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/op9tLpCkEXf3gU6g6IfVt5xeIl8nmQ3DuUeryVJ82zRYoFck12djKxq0mP93LtqP12b2mhZOef238
200 OK 9.6 kB URL GET ptxusb.fodrjf.es/op9tLpCkEXf3gU6g6IfVt5xeIl8nmQ3DuUeryVJ82zRYoFck12djKxq0mP93LtqP12b2mhZOef238
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /op9tLpCkEXf3gU6g6IfVt5xeIl8nmQ3DuUeryVJ82zRYoFck12djKxq0mP93LtqP12b2mhZOef238 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:09 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="op9tLpCkEXf3gU6g6IfVt5xeIl8nmQ3DuUeryVJ82zRYoFck12djKxq0mP93LtqP12b2mhZOef238"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=dlreFc5DMX88vLSuplYiMsj1vIGHdpYVzlR2ejYeR8mZyCJtXzjRtktkM%2FgjgFzKQxqL8QkcscLmKj2yaJRbmaplyWmcbu3%2BH5UC%2Fda4TFc%3D"}]}
cf-ray: 95c5fa0dd97556a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1516&min_rtt=0&rtt_var=861&sent=628&recv=389&lost=0&retrans=0&sent_bytes=526568&recv_bytes=53072&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=22459&inflight_dur=355&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95c5fa14482f0b3d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 528203
expires: Mon, 29 Jun 2026 07:06:07 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VyGd718%2BzbMi4%2Bs%2BtfC4FBzV8oDiyxiv6yTceZZ6ZPWAFqIRqJFkpGqpMUDYYQtN3lew5acSs%2FmtmUS5ZgVnxW1kW4DxoUHUs8qhyavU3NPcf4NQRRtKnXIRQJyZA2jCLbLQsnjt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
200 OK 1.9 kB URL GET aadcdn.msauth.net/shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg
IP
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
GET /shared/1.0/content/images/backgrounds/2_11d9e3bcdfede9ce5ce5ace2d129f1c4.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: image/svg+xml
content-length: 673
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Wed, 24 May 2023 10:11:46 GMT
etag: 0x8DB5C3F47E260FD
x-ms-request-id: e3b4f181-301e-0011-440c-f0664f000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,ETag,Last-Modified,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250709T070607Z-15db5ddb6982hnfchC1SVGb6sg00000002t000000000682y
x-fd-int-roxy-purgeid: 0
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/95c5f9985e8e5694/1752044748111/7abf31f4b039f596ff740db4d5eb95067e1cb8bbe1bf330719002523fe6e8839/VGt2KJn22m0OLO-
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/95c5f9985e8e5694/1752044748111/7abf31f4b039f596ff740db4d5eb95067e1cb8bbe1bf330719002523fe6e8839/VGt2KJn22m0OLO-
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/95c5f9985e8e5694/1752044748111/7abf31f4b039f596ff740db4d5eb95067e1cb8bbe1bf330719002523fe6e8839/VGt2KJn22m0OLO- HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Wed, 09 Jul 2025 07:05:50 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20ger8x9LA59Zb_dA201euVBn4cuLvhvzMHGQAlI_5uiDkAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIHq_MfSwOfWW_3QNtNXrlQZ-HLi74b8zBxkAJSP-bog5ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIHq_MfSwOfWW_3QNtNXrlQZ-HLi74b8zBxkAJSP-bog5ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArFBSpY0YPcNslVpklXsEb2gfZsCpmIVdQhoS4K7cHrhquWhyk4MLkyi7_s6aWrx_Xf7HlTYTdYhnNJYeSmBvNR-rT9Jr-vgHew2EKxCRkzFMKPiBFgHMw6CQNwFmH4vtDoB7QjzQGuScPRdzh7kPu8509ew2xkFnr9tjB-6n7HM01yE-AK-YLGAsO2pnr7E7uB1wVPOxxon_JAZ3bYOfTUgjOOdXlFNC8lcuocjbz6S74A95qx_Ud-iEvXXfOoBv5KLuG4xndLeZHQmGd8Zt7VxbSldzBAmsB7NLLExZxPD-x71RLAY9HVS2lcMOPbQ3diWMBwpfS95tytYOn-a5rwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 95c5f9a9ead35694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
200 OK 4.9 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (4940), with no line terminators
Hash 05c263d4031b419ef9331affe222c524
f59f3a1aeae7b605f8f4ed0d85e2062e154dc894
d6a556497839f54f2972b76487b9752fc5ac6d2d7c5c40fd6936e4d71daa4db1
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
cf-chl: dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 44620
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:59 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: 6BW9tV39GKZGXaAlfWhNSbdgktv/ubFLP5YmLu2lC8fikBZEWeZU+gOq9SC00x/JqrO+CF0RHux10j/x1eliz9ADf5lN2v4aAuP3HrC1hr8EJQDhj0eXZGMnCNIuBpcidArZrf0LwSjG3846iCFTQw25Xptpo/5iV8LZ1vCzve1t5YR1EpN3jxUM/udE4eCU8LSJbJWID41Wx6j0sxbZ98XGSY95ifm9kkjf3ALTYoYS9RMTToZc2d5oxxZxMCDAmX5lVaD651Gf7VkVqBTe60Ce6+EFrkwC/J4OGYL5lCozJ1pTr13O2o9w7PN+G8iqd+Bw6wHQnOE1+W7H/bHNShWFW3Aq/GiowY0FY+1SG9Wofehbt2l6HuWVrX2jf6f14u9A5NFchzU79I5o8Vk3l3mGPhXG1bs3d2CIafkjgyf8HwnEt1fpTYmmltTnj8/QlXjUFcbnnYm3m8pd/ecqmy29gvQMnKzJ+otO2TlUbsDN/se32aJuUDoX0XkAnB/hDwNF6xnxYViaQFg3z4CP3ajjLZCMSqEn43DF0jMvG2aDqzYLb2Xk6Z9qvgPwONQPDj4dkiZgZvrY6K+rLJEBnETUgRMKjTpXD9bjsBzYluCTgpSvgMqP8CK5r6XgZwh2A/4ZC550+A0pPx/Ia+mKdCCZl6K04nuQqS7doSmX+8emXkcoIgbg8raxoWSsGC6JP2iAalXqnPAyKw896W+19Sk9QyrgwDeMnA0/49j1xcVVxPLAFvB41yoYlrB0DjSTnJYaLQ+qLFdOCA9iWHqlulmexKadvNtilx/5c8O289J31S5CeSBqohfGp55FMhRNhuTDTEv8H9Q9Tsr12w4ggzEtVwlpu6tL27bbR7HohtaaHI8v0si5K62TkOyFFKxdUCTBaUfNfFyeuaXTgXVFp0R5DomRmXHMPFyrRFtM51YhMFu7JrFQwUNNmv7trJ6iwQm7lYd8YqX443XxQZ5B92ozLG/bZNdPrJ6z/mPJYyrNy1cWL4MVASUpWegarh2OQ5qDLmZNn4HJDEWqVRxmIi6Kh/RREVEmu08fuL3qaEH3LwbTvSVnJOBYzCVcFf/sVE97M1r+2V86Jq7XieTn8I2ppAKdrW5yTDCmLK6aohUos1W4kK5OhVJfjicVKqyI7iuY4Y9n0bN5c1Hi6K/1/0Dp8besLy7JWlqIhyl7BdvrcNOmZHKo2Esaua2zdgW6U1L+eAzNucGGhp7fqdGPd3rAporCOr5A8WAPOOG7yc9ivoi3bZou5gqG0j1v/Uo4DnwybkeOzX3m2bknsSJ8PMAyiv1UBC3vFEFaS0cwd0c=$uZ8u5W7I/z/HXACd/WJS3g==
cf-chl-out: 86iwXuYGrbhdQg+riIMTziClgQ8O2Iz91/p0Iu+uLgE3jSkzbIBEOh22QOIjqvVK28zV55AjRIUUHp+U6Bp4eQ==$fkW8XwjcuINQxq598KK+fg==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95c5f9e1d96d5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
200 OK 7.3 kB URL User Request GET ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type HTML document, ASCII text, with very long lines (2246), with CRLF line terminators
Hash 9a08d8df3784a9fed11fadbc047def46
5b229890023ac2fbcaed3b4b9d027c57fb95679e
754300fbd7893156dd96b4d7e29466986208c53577e38a17f7ae343e0ec6113c
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Inh2NWJMajJ0dnR3dWRBdC93KzVWTmc9PSIsInZhbHVlIjoiZkw5Z25IUnpHS3JrOVgra1hvVHVmOTBSKzNndzVLOGg2SDB5akVWUTNOWTNwQ3FyVG1iUndaOEk4ZW5WTEwxZk50cnMyOUFlTk9UMk9mRzdoSWF3YTcxN1oxdUVvOVdSUFk1c3YrcFR4VWtIcjlzZXlRV3ZzdkF1MDlqdWpNNEwiLCJtYWMiOiJhMzZjMjJmMWI4MmEyZmE2OGRmNWI5ZTQ1NTg3MTdlMTk0ZjA5Njk1YTE4ZjdjYTU0NGI3ZTFmNDI4ODNhNTgwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlpDcDRZS3ZJcmdOWjNlQW0wSGFKMnc9PSIsInZhbHVlIjoiR0k0Zm9kaEJsNzA2dG44WHFOV0w4bUcwTllxNGJiaG5uN0VGWjFWbXBScldpNjUrbW54MmdncGxiK204ZzdvcHphVlNrTHFWYVNmV2pYS2RaYVJOVndsQWE3RVg5ZG1HeFFpOVFlckhzK25oSE9kT0NBQWtMTHVqODR5dlZDdzAiLCJtYWMiOiJhZTQxZTFmNzE3N2E0NzYxOGI5ZDhlMmMyNTIzMDY1ZjA4Yzk1OTAxZGQyNzkzYTgyODM0NmM0ZWViNzkzNzA5IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:00 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9e7df9a56a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=diQKqN6P9RSvAjNr3FJv%2FkxBVDF9lP3frpe1Xfn9jAnGtvRVGpWQ%2B02nnj5g%2BA1Bc3s2RFdf5Kp7Lj6PWStwyngd9WoMSKFElMoruZUqSaA%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IkxFVEFLeTVpRjkrVnpXM05WcUdFalE9PSIsInZhbHVlIjoiUDZGT0MrVml5QU5OeU5UcWowQVhOWjVTd3B6M2w5Y2ptOXdobDI0M3BMNVFJT2ZoUGoxMllmWStoTDhVVnBPaFJWWXZrUC84RzhBUTZqZnF6MVlvaWY0Sk02SFVBZnJBa0hGZVRRTVNEWkRCOXc2MmFSTjlpYXZhSVlaT1M3R3MiLCJtYWMiOiIzYTgyMzA0MGRiYzcxYTZmOTgyMzc3YmNhMTIyOWM5ZDU3ZjdiZDFkNDNlZWYzYTBiZjFkYjY1NWI1NGQ1NDhhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:00 GMT
laravel_session=eyJpdiI6Ii9IdThmTlJCcHlQbnRLMVRmV2I2ZXc9PSIsInZhbHVlIjoiaHIvOTk5NmdIM0lJek91TWd2aVE0U3RFOHE4QUZnU21yRkR1WEtEK2ZJRGxNdGRkUE0wN0orODBESHREMzJLa0Q1MjErMlVnZUtuZWZ6V3ZBSStOc2kwaEwvVk5QU3pybm13OEpwKzY0NmN1V2EySFdKUTZqZ2taNEJ2Q085bmsiLCJtYWMiOiJjMjkzZGU1ODVjOTc5MmZjY2IyZTQ5ZjE2YmE1NjQzN2FiYzUxZDYwZjk3OGFlNzMyNDNhNWZmNjk5ZjdlODdhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:00 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1751&min_rtt=529&rtt_var=976&sent=205&recv=302&lost=0&retrans=0&sent_bytes=17475&recv_bytes=19996&delivery_rate=635480&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=13584&inflight_dur=60&x=40"
POST ptxusb.fodrjf.es/ugML0wiUq8nJwaBd8Wn3TmfmgxNeckwRCRwlITEZYcn
200 OK 20 B URL POST ptxusb.fodrjf.es/ugML0wiUq8nJwaBd8Wn3TmfmgxNeckwRCRwlITEZYcn
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /ugML0wiUq8nJwaBd8Wn3TmfmgxNeckwRCRwlITEZYcn HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------75991580620532222074182584067
Content-Length: 326
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkxFVEFLeTVpRjkrVnpXM05WcUdFalE9PSIsInZhbHVlIjoiUDZGT0MrVml5QU5OeU5UcWowQVhOWjVTd3B6M2w5Y2ptOXdobDI0M3BMNVFJT2ZoUGoxMllmWStoTDhVVnBPaFJWWXZrUC84RzhBUTZqZnF6MVlvaWY0Sk02SFVBZnJBa0hGZVRRTVNEWkRCOXc2MmFSTjlpYXZhSVlaT1M3R3MiLCJtYWMiOiIzYTgyMzA0MGRiYzcxYTZmOTgyMzc3YmNhMTIyOWM5ZDU3ZjdiZDFkNDNlZWYzYTBiZjFkYjY1NWI1NGQ1NDhhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9IdThmTlJCcHlQbnRLMVRmV2I2ZXc9PSIsInZhbHVlIjoiaHIvOTk5NmdIM0lJek91TWd2aVE0U3RFOHE4QUZnU21yRkR1WEtEK2ZJRGxNdGRkUE0wN0orODBESHREMzJLa0Q1MjErMlVnZUtuZWZ6V3ZBSStOc2kwaEwvVk5QU3pybm13OEpwKzY0NmN1V2EySFdKUTZqZ2taNEJ2Q085bmsiLCJtYWMiOiJjMjkzZGU1ODVjOTc5MmZjY2IyZTQ5ZjE2YmE1NjQzN2FiYzUxZDYwZjk3OGFlNzMyNDNhNWZmNjk5ZjdlODdhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:02 GMT
content-type: application/json
cf-ray: 95c5f9f4d82756a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pv7KfTReETOfqZqfM8AnNgNkeFZs5XTX2u9cfxofw3TYvSqCQj3CD9SurnEisoynC%2BGBqpfsceMI3APy%2BWnxAMNnbmudShktl9w9MeRSNyg%3D"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6ImIwaWIvUngwbE5xSVo1SzhhZkxqV2c9PSIsInZhbHVlIjoiN2phTEYwN1RyQlZmbTA5UTBOUUdGMWVNMmtGeFFEdnUrVytoUzk2K1Z3WTJSQTRsc1lYQWdxQWJtUExsd1plL2k0R1RmekNaNW82bS8wRlAybEpXbzU1bTdsSyt1ajNuRnZ6K0ZaWmZEemxheEdXM0NxdE8zUDlYZmgwTXlyZUMiLCJtYWMiOiIxODRhN2ExNzg5Yzc2ZGI0NGZhOTlmODUwYWQ2OGZjMTcyNjcxMTk2ZjQ4Mzc0MWRmZmI1OWY4MTEwMmFlZGU5IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:02 GMT
laravel_session=eyJpdiI6Inp5aTJhTFBMUlNWY2hZNTZLR2IxbHc9PSIsInZhbHVlIjoiYU0vcnVEdGc2aXNHSThERFZuRUFjUHI0SVQwQ0ozMGVKTUJXcUo4b211enhsUDBHYTh5UXFKNzhqVW9hd2xXQ25qd1MvWU1JcTVpSldCYi8vRzlXa3ZCVjFBUFdWb2tKV3NQWDYxd3BEaDE0Ynk5a0E1bk0zajdtWjFJR1JwM3YiLCJtYWMiOiJkODZhYjEyYWJhM2E3NmNkMzZlMmZjNWY0OWY5ZTJiMWY1ZWJiNGI5ZTczNDMyYTY1NTMzMTVkYWNmNjlmOGVlIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:02 GMT
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1356&min_rtt=0&rtt_var=981&sent=213&recv=308&lost=0&retrans=0&sent_bytes=23751&recv_bytes=22401&delivery_rate=22456050&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=15663&inflight_dur=108&x=40"
POST ptxusb.fodrjf.es/lmM5gaW4DaXt6LlwpjnU4QbwgGEFenKVxj6Qzfw
200 OK 397 B URL POST ptxusb.fodrjf.es/lmM5gaW4DaXt6LlwpjnU4QbwgGEFenKVxj6Qzfw
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
Hash fa35e63f4c9046cd88efc322ee280eec
8af526986d6da9045e0a9a1ecbb375a09f9963e3
4d1c83e2bec0ae040775ec54b4ec16e7ce3aefcbfa477199a04a074c47686d0a
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /lmM5gaW4DaXt6LlwpjnU4QbwgGEFenKVxj6Qzfw HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 31
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InhLcFlIQnNrb1diVFNzR2tnTHAxRGc9PSIsInZhbHVlIjoiY1RWbjVTMnMrVGNXa09uU0pMdjM0czlSYmhoa0lnbTZpaklPRTBOODJ1Snd5QnpBUkg0ZjB4bFdZOE40THR6Q3NvMzJsU0VTT2RxWVVWbTJCdnY2VlFsRHp4bGlGTEpBOGxZWW1PUmVWTVlJMVB4a3dMQUd6aTNWRHJjWFVFeTYiLCJtYWMiOiIzNDhiOWM5YmE4ZWRhMjBkZTE1MjI5ZTdmOTliN2NmYjY3MDg0MjZiNzE5MDU3NWU0Y2M2OGQ4M2I1YTk0MmM5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik1wY3A3QzhoT2R1SDExREhFZUU4Q1E9PSIsInZhbHVlIjoiUWM5anpCbFNNMmg2VDd0K20vb3RiSDQ4a1FYOFFiMEFYbHM1US80b2NWbjBKUDhocGtwUDFhSDVwcU9UWnhYclVIQ0ZGaUFDaW9JTGhZU2NpeDc3aERaTXgyUlVaa3c4elJKblcxTFd2MVE3Wk5KVVB5ZWRZaFp1ZEtReVhvQ3IiLCJtYWMiOiI5ZGYyYjFmYzBjNzhhMTVjMmZjODg2YTlkNzIwYmRlY2ZkZjAwNjkzYTBhN2E0ZTI3MzNiMDkxOTY0YTk5M2VlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:04 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9fdb8be56a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Agmb%2Fy97aTLCHEXib%2FV0FwbFMgvLZLlCbHZO%2FUhH5UjdcU%2BOsMUIjfxKiODZ4hn5G7kIEwAsApP2w0MG75qbJr6eP%2FkUaki0KhVoEs3q1fo%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IkFkdzJRZGNyYWFrdWw5dU91eCs1K2c9PSIsInZhbHVlIjoiYnh0VEdOOElsWXZwdzdmdTYwdEgzTG0yVy9hNHBwa1VqNEQxNDJrYThlb0xrcURXZHVTVDUvMy8zOXRCSEk4UEpFUmMzaFFTUkJ4VGhCb2R6Y2hNcDdiMVRJQVFUM0JQSy9iY3RZMUFIdk8vOC9FTDgvbXk1Q1g4anVuR0xNeTMiLCJtYWMiOiJkNmU3NmJlODEyZGU4ZGY2NDlkOGMwYTJiNDkwNDc4ZmIyYmY4ZDU4MmRmOGRlZjllZTA1MDEyZDA0YjczOTc1IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:04 GMT
laravel_session=eyJpdiI6InNRazRaUi91em14STIrM0Vja2tTR0E9PSIsInZhbHVlIjoiWk4xQktWRUdtK0U1ekE3ZlYvaHhqL0NMbXVTYnJ6UVhVMktkTHQ5OHJvMitRZzJWSEUybjZNZjd4azVTVWV0Q1JMN0hOWmxwWGpGNjFUcGR0b3ZwMjJkUDhWNkM1bVg2VWozYU9RWGpWb1JOMUtRZ3llYUhaUEtTMUxSVUt4UXgiLCJtYWMiOiI3YWFmNjk2YTM1OTRkYzlkZmQyNjM0MDEwMzllODEwYzRkNTUxNGRiN2YzZTk3N2VmMjdlNTRjMzlkZGVmNTkwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:04 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1263&min_rtt=0&rtt_var=486&sent=236&recv=317&lost=0&retrans=0&sent_bytes=46615&recv_bytes=25550&delivery_rate=22456050&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=17091&inflight_dur=157&x=40"
GET ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
200 OK 220 kB URL User Request GET ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
IP
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type HTML document, ASCII text, with very long lines (13584), with CRLF line terminators
Size 220 kB (219455 bytes)
Hash c2560da54251027a1530273c738a9cf0
0f1072ac3776e9ad243b9d03267eb7e17e54dd9c
e000e44c8dbf778cc2e1ad1c79f0be2349af108eddc77ede52f38f84377de0b6
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IkFkdzJRZGNyYWFrdWw5dU91eCs1K2c9PSIsInZhbHVlIjoiYnh0VEdOOElsWXZwdzdmdTYwdEgzTG0yVy9hNHBwa1VqNEQxNDJrYThlb0xrcURXZHVTVDUvMy8zOXRCSEk4UEpFUmMzaFFTUkJ4VGhCb2R6Y2hNcDdiMVRJQVFUM0JQSy9iY3RZMUFIdk8vOC9FTDgvbXk1Q1g4anVuR0xNeTMiLCJtYWMiOiJkNmU3NmJlODEyZGU4ZGY2NDlkOGMwYTJiNDkwNDc4ZmIyYmY4ZDU4MmRmOGRlZjllZTA1MDEyZDA0YjczOTc1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InNRazRaUi91em14STIrM0Vja2tTR0E9PSIsInZhbHVlIjoiWk4xQktWRUdtK0U1ekE3ZlYvaHhqL0NMbXVTYnJ6UVhVMktkTHQ5OHJvMitRZzJWSEUybjZNZjd4azVTVWV0Q1JMN0hOWmxwWGpGNjFUcGR0b3ZwMjJkUDhWNkM1bVg2VWozYU9RWGpWb1JOMUtRZ3llYUhaUEtTMUxSVUt4UXgiLCJtYWMiOiI3YWFmNjk2YTM1OTRkYzlkZmQyNjM0MDEwMzllODEwYzRkNTUxNGRiN2YzZTk3N2VmMjdlNTRjMzlkZGVmNTkwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:05 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5fa01c8f556a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=csHbB%2BF68puZ0u7vzgk%2F0%2Bp35FJxPORHFqxzkxk4vFQK%2FCk%2FtlqBJcR09RidR%2FFLAA4CN0ZtUTg9wEMuBOAVToYE%2Ffh8%2FHtBSnnTBDTeMdg%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:04 GMT
laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:04 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1296&min_rtt=0&rtt_var=430&sent=240&recv=319&lost=0&retrans=0&sent_bytes=48366&recv_bytes=26641&delivery_rate=22456050&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=17959&inflight_dur=159&x=40"
GET ptxusb.fodrjf.es/GDSherpa-regular.woff
200 OK 37 kB URL GET ptxusb.fodrjf.es/GDSherpa-regular.woff
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: MISS
last-modified: Wed, 09 Jul 2025 07:06:07 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0KHWhfXhCIgtV6RBy1aNw4nMBufsqOUOVEn44TgHDH8rxcnJbPUMD%2F6nsdClUmsykTKgH6FX7DKFrlcqx%2BswTE%2F1MH1Mw2soBub2myiK3BM%3D"}]}
cache-control: max-age=14400
cf-ray: 95c5fa0d896d56a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1549&min_rtt=0&rtt_var=975&sent=423&recv=361&lost=0&retrans=0&sent_bytes=263775&recv_bytes=46706&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20261&inflight_dur=292&x=40"
POST ptxusb.fodrjf.es/apIXWvbfdN1gyoeC53N0UNPrsN25EwZTHKteqa0bAPn9471NtNPsQ7mT1Wel
200 OK 1 B URL POST ptxusb.fodrjf.es/apIXWvbfdN1gyoeC53N0UNPrsN25EwZTHKteqa0bAPn9471NtNPsQ7mT1Wel
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /apIXWvbfdN1gyoeC53N0UNPrsN25EwZTHKteqa0bAPn9471NtNPsQ7mT1Wel HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 3072
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:08 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5fa16d9b556a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=j5oTpRUqUp6ApbqhnIMRKKXt1KC0oEHlMf1aAHCFGZjcPe1e8Ioz7YtA4yViq1Fzv97IIzs8scTLUu0euKUYGbGw0QPJi1hEvGu3elsMvdo%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6InoxWHRPcEFvNDc2YnI3cjVHUTRsaFE9PSIsInZhbHVlIjoibExoLzVmeG9uMW8xOVZ6RXRRY3hrZllsRC9LQ0hwZTdlbkpMK011RERSTVhHNlIvUkl4WmVGQ3Jqa21IRXVDVndvaWkzYVVkNHJvdDBDbG5seEI4bjJQbFN6WXZNNjhWMXVBNjBsRUNHOHI4b1ZoUldmaVFNYlE0NDZQY0Q3ZDUiLCJtYWMiOiIzMzM2YjI3YTFjNzhhYTU0YjZlYmI5MzFkZmYxNTljYWQ4MTMzZmM3Y2U4MjgxY2VjNmFmOTA5NmU4MzQ4ZDgyIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:08 GMT
laravel_session=eyJpdiI6IlFmS200QnJ2eTRzZk1iaTV6VDJNUVE9PSIsInZhbHVlIjoidVAvcWpTMTgxRzhlQ2lWTXhjeExEaDR2Q2Y5TmxIR3N2RnNIOU5HNGttTDZGd2dYSzNMUmNScExXbEwzWjh3UVJOZlQwbyszMFhGWGc4TjBUNW5PQk0vOW8zbnJRREUyZzJNNmVuUXJ5Qis1S0RDbnpRY1ZKdCtzS0tFMStwK3EiLCJtYWMiOiI4YTlkZDFlOGRlMTczYzgwZGVmMWM3MDI4OGNlYWM0YTU5N2E5OTA1YzI1YTJkNTEzZjA2MjhmNjMxMzQ5ZGJhIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:08 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1493&min_rtt=0&rtt_var=693&sent=613&recv=385&lost=0&retrans=0&sent_bytes=512589&recv_bytes=52886&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=21097&inflight_dur=346&x=40"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:47 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 95c5f998ef475694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ptxusb.fodrjf.es/xyU31uim6UJpqJ5Xbcd24
200 OK 36 kB URL GET ptxusb.fodrjf.es/xyU31uim6UJpqJ5Xbcd24
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /xyU31uim6UJpqJ5Xbcd24 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:06 GMT
content-type: text/css;charset=UTF-8
cf-ray: 95c5fa0d696856a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="xyU31uim6UJpqJ5Xbcd24"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=sse8ZgHj2MBOXOFzi6A%2BOULOaW7NNdFoEVusk3%2BV6oWBrX93y3M7z9O6afoB8k1NEnsfRIwDcHg5aFujQ6H8EL6cYp%2B6wO06fxG9fVslqP4%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1538&min_rtt=0&rtt_var=770&sent=378&recv=352&lost=0&retrans=0&sent_bytes=214062&recv_bytes=46283&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=19567&inflight_dur=208&x=40"
GET ptxusb.fodrjf.es/klnccN0zg1d6i9c6KZFnSerNNmBLhyZqr1yNwRDptD46OXcxmsvnjshBpfs2oBab228
200 OK 1.3 kB URL GET ptxusb.fodrjf.es/klnccN0zg1d6i9c6KZFnSerNNmBLhyZqr1yNwRDptD46OXcxmsvnjshBpfs2oBab228
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /klnccN0zg1d6i9c6KZFnSerNNmBLhyZqr1yNwRDptD46OXcxmsvnjshBpfs2oBab228 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="klnccN0zg1d6i9c6KZFnSerNNmBLhyZqr1yNwRDptD46OXcxmsvnjshBpfs2oBab228"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=9g1vUkSliXkEMWpQZCdu0aepJLYHn0Y2TqA%2BUaZoNYnfz7dn0SK4lzJH3A7Xp0P1bG4uepUTlD2kC0o4z5Zr%2F5U0HyBVBWZ4uKdXtAdgr%2FE%3D"}]}
cf-ray: 95c5fa1509a156a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1519&min_rtt=0&rtt_var=856&sent=611&recv=384&lost=0&retrans=0&sent_bytes=510595&recv_bytes=52839&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20796&inflight_dur=344&x=40"
POST ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
200 OK 90 B URL User Request POST ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type HTML document, ASCII text, with no line terminators
Hash 7828f7ae07241c0978ce44e5cc4a0a83
a9c93817a15b03507c3c21021fba863d3ac62b7f
a65713ab569fbcda76f7d8cd7827b5cc51b58eb5d1b03b50c91924ba9c785fd9
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
POST /7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 1008
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InBuV21KRUJNcmZLK0pjTUViUUpEbXc9PSIsInZhbHVlIjoiaXg4aHFtb3BsVlFrdFczUzhTTCtoQUt6NWZqc3MwMzFDNzZZUHQ1c3B6VTZqL01QWEZ5ZVM2QzBnc2JQNStTbFM5Z2RvNnVMUHY2V1VJMnBqZ1F1Wjl2OUVqOGpNWWVDUk1NOWl6RU9GNnlkZG9SVWQ0enpxY3J2YmlKeGNMdlQiLCJtYWMiOiJjMGUxODhhNzVkYzNhY2VkYWIwYTNlNzM3YmYyZWNhZWJmNWI0MTc2NThlMTc0MjAzMDEwZmQ4YWNjM2RkMjliIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IldoZEVhcHdXMkd6RUtyN1NtdzJNZEE9PSIsInZhbHVlIjoiV0xob3REbWFCOHJzR0hSOHllUzVhdzQ2S3NCKzN4YSs0K2ZrdGl1aUpjVGtEWGVqY09lMG9aOG5KK0N0ZXhUK3IrTzZsYjgxcG9GcDRIZVNiRUNaaUVseXNJR1JGcDlZMjNaZUs1YjBkR3BBMVVCb0QxWWpLeEk4WFk5K0pkWXEiLCJtYWMiOiI1YzQzMzlmYzJjOTYwN2RkNmI0MjZmMjUyNzhmNGYzMGMxNDczNGEzMmUxNTIxMDU5YmMzY2JkNThjNDk3NTVjIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:00 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9e2af6556a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VKFsivWs0yEH8kt0nmHZrs%2BbNDswZks2ucZIofVfOlalwrAjEEAUio6Uqum9qKBAhxPrkkxAjxm8pEBfRytOiCgnTtisc%2B5Ek3dpHS%2BAC0Y%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6Inh2NWJMajJ0dnR3dWRBdC93KzVWTmc9PSIsInZhbHVlIjoiZkw5Z25IUnpHS3JrOVgra1hvVHVmOTBSKzNndzVLOGg2SDB5akVWUTNOWTNwQ3FyVG1iUndaOEk4ZW5WTEwxZk50cnMyOUFlTk9UMk9mRzdoSWF3YTcxN1oxdUVvOVdSUFk1c3YrcFR4VWtIcjlzZXlRV3ZzdkF1MDlqdWpNNEwiLCJtYWMiOiJhMzZjMjJmMWI4MmEyZmE2OGRmNWI5ZTQ1NTg3MTdlMTk0ZjA5Njk1YTE4ZjdjYTU0NGI3ZTFmNDI4ODNhNTgwIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:00 GMT
laravel_session=eyJpdiI6IlpDcDRZS3ZJcmdOWjNlQW0wSGFKMnc9PSIsInZhbHVlIjoiR0k0Zm9kaEJsNzA2dG44WHFOV0w4bUcwTllxNGJiaG5uN0VGWjFWbXBScldpNjUrbW54MmdncGxiK204ZzdvcHphVlNrTHFWYVNmV2pYS2RaYVJOVndsQWE3RVg5ZG1HeFFpOVFlckhzK25oSE9kT0NBQWtMTHVqODR5dlZDdzAiLCJtYWMiOiJhZTQxZTFmNzE3N2E0NzYxOGI5ZDhlMmMyNTIzMDY1ZjA4Yzk1OTAxZGQyNzkzYTgyODM0NmM0ZWViNzkzNzA5IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Wed, 09 Jul 2025 09:06:00 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1875&min_rtt=529&rtt_var=972&sent=202&recv=300&lost=0&retrans=0&sent_bytes=16017&recv_bytes=18976&delivery_rate=635480&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=13086&inflight_dur=56&x=40"
GET ptxusb.fodrjf.es/34wJweiSBsUJKotwUxywTS6711
200 OK 28 kB URL GET ptxusb.fodrjf.es/34wJweiSBsUJKotwUxywTS6711
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /34wJweiSBsUJKotwUxywTS6711 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: text/css;charset=UTF-8
cf-ray: 95c5fa0d696756a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="34wJweiSBsUJKotwUxywTS6711"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=VMsA6nnAzqpQjbdS%2FALmxDub9IeY%2BTb6U2b5uNRrtUKPGE9ALCjjP3%2BMLLfZChrnF3VrwWXKKmJBTVduedjMSed%2FUPlFgov%2F16ht0svkUcY%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1404&min_rtt=0&rtt_var=672&sent=385&recv=354&lost=0&retrans=0&sent_bytes=220422&recv_bytes=46376&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=19893&inflight_dur=231&x=40"
GET ptxusb.fodrjf.es/efsVy29flPPp6hhrRLJNuvEISlSvWicB9Qs78150
200 OK 270 B URL GET ptxusb.fodrjf.es/efsVy29flPPp6hhrRLJNuvEISlSvWicB9Qs78150
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /efsVy29flPPp6hhrRLJNuvEISlSvWicB9Qs78150 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: image/svg+xml
cf-ray: 95c5fa0d997256a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="efsVy29flPPp6hhrRLJNuvEISlSvWicB9Qs78150"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xERNqvs9u6i3XJzLE1n8CAmMMtWaSd5zlY9GCUfRUF382%2Bk%2FDUQNgDnmhWBIv9d6hFjWKOKQVDAIQnddwuwnuRM9QXj5kyN%2BJ7ZbwMrW8h4%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1753&min_rtt=0&rtt_var=1088&sent=409&recv=359&lost=0&retrans=0&sent_bytes=246245&recv_bytes=46611&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20205&inflight_dur=288&x=40"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash 660f2283cf5d0d13b5569ae9045fd15e
07caff371f67a3344f3716141fc5433c45a3c226
135a6499501750d5fa9e6ec4e79476ffa9a8f2e3df6d4817ab12448897cc371e
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: application/json
server: cloudflare
x-request-id: c165af6282a6691406bada2139bc4cea-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=kLdCYVbFU6L60eZ%2B3BRzd9b4PgJKeVJd%2B5JDWWgaKruznbHYUrRS1C8%2FFwCmZkl%2BoVfGYEBTMGnxWzCFmxQgry5WCwSyNQU%3D"}]}
content-encoding: br
cf-ray: 95c5fa151b2a56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
200 OK 284 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 284 kB (284496 bytes)
Hash 0a08a23d722332f0e035e1e32a9946b8
8ee37d06aae485419c75ec652cb91471d5319ddf
764c8dfc850aba0aec0177b7f3e912d46a1ed5a46d9a576d3b02c7199957b84a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1704745113:1752041494:02H2uEx2T1zKd70gBK8s_oS5_dxvoDbZDuI0den8qoA/95c5f9985e8e5694/dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
cf-chl: dHyGeFEO4RDvp_74.sqjDTfnrTaA.MWqgevAAQllW_4-1752044747-1.2.1.1-oaVLGLN2kFJs3qRVU4cG0HzH_Ab3DAtANIruz58lY6nwUV8sihK6Ncm7XF1XG23K
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3426
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:48 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: V6t4sCcwZi180MCOSbKWwqQ2Sp4a8rCtR6jnCC/IQObDJ8BpmHiRNKTFOWkVG3haM/Ih0gsbMP+nNFeREkouD/M02mDDY0IDsTF+uquCYtLPS3/nFvl9Tpf0Qy/vaaR+8H1LCsqABOB8QgDJ8lmWcvjRRYMWzRsF/7+WNU6bHCSB2B9cFGXh7KE6gHDh/EJCzCq6EeiXg8CO23k8okAFh4D0NU7fKI3agEH1hljW9Pd1Eedsaqd6CJJUQdb2iHtjKcs7TNXednCJh+fImTxDDYl4rhHzk3IE3ijO8Eo8OA1iPLJXdeeaL5RXYfxdlAuaaf7XfpHBqWru0N3aZkxBM2EpDoV0rZwVoql7Up/AuLtm7ETwhvlBnnIzcMAKiADbwqV4Dp5XppOFYlaQuSJkd1p9JXC3w+hMjCbZb5lqstc1D4YDO1mEan4L7CqqcMMjPKs96Sn3IebSSczjCFF00VoOoA9NB5X2BwwQBREZlCEhswCqiov68jrH1i3cH21S3i+BIgB3sk6A9MAdusSBfcjZamue2I0CL7zWJsNhc3Gn/h1XLNd7n/COYFeUseKF7d0nJ7VYhse/8FFfUvcVqKZ0EooI+EmVppBrRWKWDA27NpYwhcIc6aSkgqaj7iTsDH0XkEoY1y8CcH8GoFygiaIFOtPbC7944ZlisoaW5JffFcD7KsVjnNr1CfdKNdktsC18+1j7cizy+CCy98rsNXuP2RnTWA6sY+HzIINo2rcXjacSg9ppcFYq/6n3hT8j/4g46/RsP2WS0NHQN06djA==$TrjK6DDKYZTm7JPmkP/K9Q==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95c5f99b9a825694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 09 Jul 2025 07:06:06 GMT
age: 1361769
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 403744
x-timer: S1752044766.293919,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/56EhK49uLrV0TSOJ0jwilVxijh8mkolKY1ZQivJ89110
200 OK 292 kB URL GET ptxusb.fodrjf.es/56EhK49uLrV0TSOJ0jwilVxijh8mkolKY1ZQivJ89110
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 292 kB (292204 bytes)
Hash 04c1251bae5a4681ad29e5f0846a0ee2
6bd282d27792a21ab43f6210efffabce36c03b07
265d88c373a1f0711c817a8460c9a78512c040047f5ffcb22f380024a629f83a
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /56EhK49uLrV0TSOJ0jwilVxijh8mkolKY1ZQivJ89110 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:09 GMT
content-type: application/javascript
cf-ray: 95c5fa0dd97956a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="56EhK49uLrV0TSOJ0jwilVxijh8mkolKY1ZQivJ89110"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=1dBF8kwSMwqQKXtOlwj8Y3AfK4xYmAgL7yAfeThfGO3oIdE%2BhLt59gY3tEYoriizAB3oyjq3sKpv25O11KYffQfIQ8y1uybGeqpBlNrT"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1353&min_rtt=0&rtt_var=773&sent=647&recv=391&lost=0&retrans=0&sent_bytes=551126&recv_bytes=53169&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=22471&inflight_dur=359&x=40"
GET ptxusb.fodrjf.es/wx3Ivke3gLCviqSYzdVPuSBgF8TopYg7F7sHPBdPiNyYjZ90174
200 OK 2.9 kB URL GET ptxusb.fodrjf.es/wx3Ivke3gLCviqSYzdVPuSBgF8TopYg7F7sHPBdPiNyYjZ90174
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wx3Ivke3gLCviqSYzdVPuSBgF8TopYg7F7sHPBdPiNyYjZ90174 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:08 GMT
content-type: image/svg+xml
cf-ray: 95c5fa0dd97656a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="wx3Ivke3gLCviqSYzdVPuSBgF8TopYg7F7sHPBdPiNyYjZ90174"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Amy3JpfpcuTn1UVusvG8usvKwhqH17EHtw5CvQMbSg5ZJeZA2PEknDLstdvdexvwWxwjV%2Fj1NEzjaB9TEbj56PPKDTSXCC5IHbkbgl1TV9Q%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1778&min_rtt=0&rtt_var=1089&sent=615&recv=386&lost=0&retrans=0&sent_bytes=513963&recv_bytes=52933&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=21265&inflight_dur=351&x=40"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
FingerprintA3:C6:58:F9:E8:49:67:61:59:AC:B4:7D:C8:2F:CB:C3:EC:B2:82:9B
ValidityThu, 26 Jun 2025 06:15:54 GMT - Wed, 24 Sep 2025 07:15:44 GMT
Hash 660f2283cf5d0d13b5569ae9045fd15e
07caff371f67a3344f3716141fc5433c45a3c226
135a6499501750d5fa9e6ec4e79476ffa9a8f2e3df6d4817ab12448897cc371e
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ptxusb.fodrjf.es
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:11 GMT
content-type: application/json
server: cloudflare
x-request-id: a56bf39ad58a45252eacbda15a46fd40-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
x-content-type-options: nosniff
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=L2mAVvO2xtbQR%2BfjE%2BDis2a7y4w3KWK6Vo9qw11I4yhmGIRGPy1y3wdtNOa6GbVlxNQUeY9wU%2BhV1%2F26HnAHP02WHpsV1f0%3D"}]}
content-encoding: br
cf-ray: 95c5fa2e0aac56c5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
200 OK 27 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type HTML document, ASCII text, with very long lines (27005), with no line terminators
Hash 3e8487678b6500cc8b82bb90befce304
a6c17e22db1f4525d735514a481ec9b436b836ef
ac13ed5a79dfc841ee21e910e2e800f65e143406187fd95f0821c11360b00ce8
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:47 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-eO7KViY9nHNYzejY' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 95c5f9985e8e5694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ptxusb.fodrjf.es/GDSherpa-bold.woff2
200 OK 28 kB URL GET ptxusb.fodrjf.es/GDSherpa-bold.woff2
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: MISS
last-modified: Wed, 09 Jul 2025 07:06:06 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zQlyasccC8yL7VPnvb6RB4bdLRl96ZhqNFieo%2BUazQCDuFSnmjXJ7rZxQYueBRE3DcZQLKFmlSMz7AHIF2cu4IyKPyjyJjCZWqGNX8hfaDQ%3D"}]}
cache-control: max-age=14400
cf-ray: 95c5fa0d796956a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1330&min_rtt=0&rtt_var=324&sent=399&recv=358&lost=0&retrans=0&sent_bytes=233657&recv_bytes=46564&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20077&inflight_dur=277&x=40"
GET ptxusb.fodrjf.es/GDSherpa-bold.woff
200 OK 36 kB URL GET ptxusb.fodrjf.es/GDSherpa-bold.woff
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: MISS
last-modified: Wed, 09 Jul 2025 07:06:07 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=cVbsRgU0Bj8OjBwextJ3L%2B%2Ft92NKN4ynW4R%2FJeKzsUjy9h6bjfDcwiYfBIyaNu9ISyrNm0WjSnfWdqaXV81LDOK%2FauxWv4yz%2F4HPQZNX"}]}
cache-control: max-age=14400
cf-ray: 95c5fa0d796a56a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1469&min_rtt=0&rtt_var=892&sent=438&recv=362&lost=0&retrans=0&sent_bytes=284704&recv_bytes=46755&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20281&inflight_dur=294&x=40"
GET challenges.cloudflare.com/turnstile/v0/b/e7e9d014f96e/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/b/e7e9d014f96e/api.js
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type JavaScript source, ASCII text, with very long lines (48827)
Hash 8b98ab0c9c1187379712de2162d133c8
13070544fcfc6954ce563779c26ba54b72271380
73f6150de629bcd8401d4778d9a4f5460cbcce244f913447acbdd25ad50cca25
GET /turnstile/v0/b/e7e9d014f96e/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:05:47 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 03 Jul 2025 10:26:41 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 95c5f99779a456c3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/95c5f9985e8e5694/1752044748111/L2O24X7S5Avh7Z7
200 OK 222 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/95c5f9985e8e5694/1752044748111/L2O24X7S5Avh7Z7
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
FingerprintFC:98:AC:45:6F:F6:41:18:0B:96:F4:70:AB:D7:E3:D4:3D:B4:66:71
ValidityFri, 27 Jun 2025 18:18:48 GMT - Thu, 25 Sep 2025 19:18:44 GMT
File type PNG image data, 41 x 24, 8-bit/color RGBA, non-interlaced
Hash e409244e064f529583758517c888f9bd
40cb813e6f509cb61ccb143032fb8a7cb7652228
e904d1dd0b1e903570f404821c309ee38ec5d0feb740866444364b49ff149f49
GET /cdn-cgi/challenge-platform/h/b/d/95c5f9985e8e5694/1752044748111/L2O24X7S5Avh7Z7 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/nmmyv/0x4AAAAAABhIqYTMx5GMWhlk/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:05:50 GMT
content-type: image/png
content-length: 222
priority: u=4,i=?0
server: cloudflare
cf-ray: 95c5f9a8c97b5694-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ptxusb.fodrjf.es/opQfrfYZGLkLvo8jPsDC7h3ImnnJCquFXKGeBnVMWqVKFznM45134
200 OK 892 B URL GET ptxusb.fodrjf.es/opQfrfYZGLkLvo8jPsDC7h3ImnnJCquFXKGeBnVMWqVKFznM45134
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opQfrfYZGLkLvo8jPsDC7h3ImnnJCquFXKGeBnVMWqVKFznM45134 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: image/webp
content-length: 892
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opQfrfYZGLkLvo8jPsDC7h3ImnnJCquFXKGeBnVMWqVKFznM45134"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=iHjeeG4yj7fRYmmNUZr%2FQZPdS8t2elwT5g0ThTS2bEsgouWrM%2BC1LBQQijRVEUkZ0FWI4w7QFYVL8O9w%2FRe0XNyMM4jbGRknfocr9LF3eb0%3D"}]}
cf-ray: 95c5fa0d997156a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1353&min_rtt=0&rtt_var=607&sent=386&recv=355&lost=0&retrans=0&sent_bytes=221066&recv_bytes=46423&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=19926&inflight_dur=252&x=40"
GET ptxusb.fodrjf.es/kl2WdOXBvSc2301kMlI6nX3for9yzto9lgFDE64RQgpu12l3kxGLBi56170
200 OK 7.4 kB URL GET ptxusb.fodrjf.es/kl2WdOXBvSc2301kMlI6nX3for9yzto9lgFDE64RQgpu12l3kxGLBi56170
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /kl2WdOXBvSc2301kMlI6nX3for9yzto9lgFDE64RQgpu12l3kxGLBi56170 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: image/svg+xml
cf-ray: 95c5fa0da97356a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="kl2WdOXBvSc2301kMlI6nX3for9yzto9lgFDE64RQgpu12l3kxGLBi56170"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2Fbfk%2FNh8hEy5Vw1%2Foa2yeBH8xArFEB1j2JUh4PLWMRI3udyWfAPLbdApoRWfZukATl0tHkXTSZJxWv13iuFSpK2j2LbVy2KOLYEiZKpi6TM%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1340&min_rtt=0&rtt_var=405&sent=389&recv=357&lost=0&retrans=0&sent_bytes=223946&recv_bytes=46517&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=19958&inflight_dur=275&x=40"
GET ptxusb.fodrjf.es/ij3JEXf4Q35ULg3pIpGqXE3oYPfJehmnUnNuA3kKiqjMiRHO112205
200 OK 25 kB URL GET ptxusb.fodrjf.es/ij3JEXf4Q35ULg3pIpGqXE3oYPfJehmnUnNuA3kKiqjMiRHO112205
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ij3JEXf4Q35ULg3pIpGqXE3oYPfJehmnUnNuA3kKiqjMiRHO112205 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:09 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ij3JEXf4Q35ULg3pIpGqXE3oYPfJehmnUnNuA3kKiqjMiRHO112205"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=f4x6DjkanX9rygGu%2BKktptfDEbYIeHo1h3ofyCE92a6mJMKUwpId0iw3Qtq5iaCpFuGrkm8NuRGtGVIn%2BXf98Z82ctwTxO%2Bm6Edw0RpEHI0%3D"}]}
cf-ray: 95c5fa0dd97756a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1442&min_rtt=0&rtt_var=793&sent=636&recv=390&lost=0&retrans=0&sent_bytes=537091&recv_bytes=53121&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=22461&inflight_dur=357&x=40"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 09 Jul 2025 07:06:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95c5f9eb0c680b49-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 528196
expires: Mon, 29 Jun 2026 07:06:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5OfqSNKscqWoMWhIZHMX6pqnzq5XpvS8TltxGGA99Qe6vFCRi5TLrQ2nyX2L17nxw6m%2FRuKceuQFosDKM4NZ6esgYAPtAw%2Fiev2byUIfQg%2BdO16XayITUjmxuDPLxACd84EmNwFc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ptxusb.fodrjf.es/favicon.ico
404 Not Found 0 B URL GET ptxusb.fodrjf.es/favicon.ico
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IkxFVEFLeTVpRjkrVnpXM05WcUdFalE9PSIsInZhbHVlIjoiUDZGT0MrVml5QU5OeU5UcWowQVhOWjVTd3B6M2w5Y2ptOXdobDI0M3BMNVFJT2ZoUGoxMllmWStoTDhVVnBPaFJWWXZrUC84RzhBUTZqZnF6MVlvaWY0Sk02SFVBZnJBa0hGZVRRTVNEWkRCOXc2MmFSTjlpYXZhSVlaT1M3R3MiLCJtYWMiOiIzYTgyMzA0MGRiYzcxYTZmOTgyMzc3YmNhMTIyOWM5ZDU3ZjdiZDFkNDNlZWYzYTBiZjFkYjY1NWI1NGQ1NDhhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii9IdThmTlJCcHlQbnRLMVRmV2I2ZXc9PSIsInZhbHVlIjoiaHIvOTk5NmdIM0lJek91TWd2aVE0U3RFOHE4QUZnU21yRkR1WEtEK2ZJRGxNdGRkUE0wN0orODBESHREMzJLa0Q1MjErMlVnZUtuZWZ6V3ZBSStOc2kwaEwvVk5QU3pybm13OEpwKzY0NmN1V2EySFdKUTZqZ2taNEJ2Q085bmsiLCJtYWMiOiJjMjkzZGU1ODVjOTc5MmZjY2IyZTQ5ZjE2YmE1NjQzN2FiYzUxZDYwZjk3OGFlNzMyNDNhNWZmNjk5ZjdlODdhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 09 Jul 2025 07:06:01 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9ed3fdd56a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Wicx1ggOMstopjf5NZcHHt70fXqmv3%2F1nOdfZhR12%2BpgNIG0x6U8C10Quvf3akjO1nG00W%2FNbQnipYG%2FoVRFEIWktGA3zM%2BP9gN7hSm8qUQ%3D"}]}
cf-cache-status: HIT
age: 13
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1288&min_rtt=0&rtt_var=1125&sent=211&recv=306&lost=0&retrans=0&sent_bytes=23102&recv_bytes=21030&delivery_rate=22456050&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=14023&inflight_dur=86&x=40"
GET ptxusb.fodrjf.es/favicon.ico
404 Not Found 0 B URL GET ptxusb.fodrjf.es/favicon.ico
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InhLcFlIQnNrb1diVFNzR2tnTHAxRGc9PSIsInZhbHVlIjoiY1RWbjVTMnMrVGNXa09uU0pMdjM0czlSYmhoa0lnbTZpaklPRTBOODJ1Snd5QnpBUkg0ZjB4bFdZOE40THR6Q3NvMzJsU0VTT2RxWVVWbTJCdnY2VlFsRHp4bGlGTEpBOGxZWW1PUmVWTVlJMVB4a3dMQUd6aTNWRHJjWFVFeTYiLCJtYWMiOiIzNDhiOWM5YmE4ZWRhMjBkZTE1MjI5ZTdmOTliN2NmYjY3MDg0MjZiNzE5MDU3NWU0Y2M2OGQ4M2I1YTk0MmM5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ik1wY3A3QzhoT2R1SDExREhFZUU4Q1E9PSIsInZhbHVlIjoiUWM5anpCbFNNMmg2VDd0K20vb3RiSDQ4a1FYOFFiMEFYbHM1US80b2NWbjBKUDhocGtwUDFhSDVwcU9UWnhYclVIQ0ZGaUFDaW9JTGhZU2NpeDc3aERaTXgyUlVaa3c4elJKblcxTFd2MVE3Wk5KVVB5ZWRZaFp1ZEtReVhvQ3IiLCJtYWMiOiI5ZGYyYjFmYzBjNzhhMTVjMmZjODg2YTlkNzIwYmRlY2ZkZjAwNjkzYTBhN2E0ZTI3MzNiMDkxOTY0YTk5M2VlIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 09 Jul 2025 07:06:03 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5f9fe68c856a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Wicx1ggOMstopjf5NZcHHt70fXqmv3%2F1nOdfZhR12%2BpgNIG0x6U8C10Quvf3akjO1nG00W%2FNbQnipYG%2FoVRFEIWktGA3zM%2BP9gN7hSm8qUQ%3D"}]}
cf-cache-status: HIT
age: 15
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1306&min_rtt=0&rtt_var=535&sent=234&recv=316&lost=0&retrans=0&sent_bytes=45964&recv_bytes=25506&delivery_rate=22456050&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=14000&unsent_bytes=0&cid=520cc14ddad89d74&ts=16772&inflight_dur=155&x=40"
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 09 Jul 2025 07:04:32 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250709%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250709T070432Z&X-Amz-Expires=1800&X-Amz-Signature=69be7d309f18f702cad48b5830e068281d50cadc954e369d4f29a7400c077492&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 746B:1E8BDD:234A9EC:24892E8:686E14DE
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Tue, 08 Jul 2025 01:48:37 GMT
expires: Wed, 08 Jul 2026 01:41:49 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 57d04bb9ff0f23ac1c33e083d49e973e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: oO-Ja0ghJN6a4xG99Bl9tMmlHTqNCKikuRNrJB0i8eZbUmgTyKhJEQ==
age: 105857
X-Firefox-Spdy: h2
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250709%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250709T070432Z&X-Amz-Expires=1800&X-Amz-Signature=69be7d309f18f702cad48b5830e068281d50cadc954e369d4f29a7400c077492&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250709%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250709T070432Z&X-Amz-Expires=1800&X-Amz-Signature=69be7d309f18f702cad48b5830e068281d50cadc954e369d4f29a7400c077492&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250709%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250709T070432Z&X-Amz-Expires=1800&X-Amz-Signature=69be7d309f18f702cad48b5830e068281d50cadc954e369d4f29a7400c077492&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Wed, 09 Jul 2025 07:06:07 GMT
age: 1712
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410027-HEL
x-cache: HIT, HIT
x-cache-hits: 23045, 1
x-timer: S1752044767.795671,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://ptxusb.fodrjf.es/7VMXOqC5wc!QrNwZKU/*dallison@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 09 Jul 2025 07:06:03 GMT
age: 1361766
x-served-by: cache-lga21931-LGA, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 403741
x-timer: S1752044764.718477,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95c5fa095e290b3d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 528201
expires: Mon, 29 Jun 2026 07:06:05 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qeaOVVearcW9gAp33AvqI0Iq9xYqb3lj0ZqjHYPvZ5NVckim4kLpUrfnGELEs7gIzSkEyeQEv1ESia7mtNUUOlGK2XcvaFUl09Cx1%2FsJbYiptBWvyE8sGPDDW21PeEowctk%2FtWUW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET ptxusb.fodrjf.es/GDSherpa-vf2.woff2
200 OK 93 kB URL GET ptxusb.fodrjf.es/GDSherpa-vf2.woff2
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IkFqdW15a1ZDaE5MZ3kyQkJKZlZqTVE9PSIsInZhbHVlIjoieVo5a1dyM2xVZmd3U0dFK2E0dmprdk4wczlMelFjeXZFTmZ5bXpsdVBtS3Bkb0pKbmFoMVhqSXNvb1FVaVFNamdvd0MzUHF6Z2dEZDRRS1d0Y2tKOGxLcDlPY29JVlJQTFdJdSswL0NuQW5tSDZFTDQ4WlV3NTNXSjlMQm54SDUiLCJtYWMiOiI1NzliZTVmOWJjZDQ3ZjY0Zjk2YjhlODhlYzk2OTdjODM1NGMxODQ0YWIzOGE5ZmFkNGFhY2U3YzZiODRkM2NjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5OOHRPcXpmZ1BBZGVyb1kxUTlyekE9PSIsInZhbHVlIjoiMnByNzhjNEJ5ZXF4dE8vM0k3OWZwVzh5RjlYYjRoQWw3MEVtN3dXNXJKWUtXejcrNG5VSHkzdVZORmNsU2RaWENBVXpOa21XSWttME95bXB0cUx4Q0tGNXdId2pGZzVyZzU3TTd6eDM4SE5md29lQlZFNkpjUGd5T1d0NUJXdTQiLCJtYWMiOiI3ZWE1M2FjMGYyOWY2ODBkN2RmNDJmYzQ1ZmRmODJiNWY5NWI0OTdmMGM1MzI2NjczMDZkYmU3YzQ4Y2RmZjYxIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Wed, 09 Jul 2025 07:06:07 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: MISS
last-modified: Wed, 09 Jul 2025 07:06:07 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qvIMEuyK%2F7OyR95Dh3x%2FPxBJGcRvHy5mSPYHnkFnVTlOCIiIa1B5LIOsXfG9YUGwVxTZoh8FosDs3CM7z6FXtVZfHtv%2BzubZwum%2BqEC9gKw%3D"}]}
cache-control: max-age=14400
cf-ray: 95c5fa0d996f56a8-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1846&min_rtt=0&rtt_var=1478&sent=484&recv=366&lost=0&retrans=0&sent_bytes=346612&recv_bytes=47911&delivery_rate=28070175&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=27521&unsent_bytes=0&cid=520cc14ddad89d74&ts=20429&inflight_dur=312&x=40"
GET ptxusb.fodrjf.es/favicon.ico
404 Not Found 0 B URL GET ptxusb.fodrjf.es/favicon.ico
IP
Requested by https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Certificate IssuerGoogle Trust Services
Subjectfodrjf.es
FingerprintF1:5B:56:AD:CF:C1:8B:7B:D5:5B:D5:1C:C6:84:95:09:FA:2E:E6:4D
ValidityThu, 12 Jun 2025 19:15:24 GMT - Wed, 10 Sep 2025 20:14:12 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: ptxusb.fodrjf.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ptxusb.fodrjf.es/1mrz8ogu09cz?common/oauth2/v2.0/authorize?client_id=5ec652846a61-e2999baf62719-abdcb9907e9c-9d0f675effa5246-ed8f7a79e6f5301-a103f409c&locales=en
Cookie: XSRF-TOKEN=eyJpdiI6InoxWHRPcEFvNDc2YnI3cjVHUTRsaFE9PSIsInZhbHVlIjoibExoLzVmeG9uMW8xOVZ6RXRRY3hrZllsRC9LQ0hwZTdlbkpMK011RERSTVhHNlIvUkl4WmVGQ3Jqa21IRXVDVndvaWkzYVVkNHJvdDBDbG5seEI4bjJQbFN6WXZNNjhWMXVBNjBsRUNHOHI4b1ZoUldmaVFNYlE0NDZQY0Q3ZDUiLCJtYWMiOiIzMzM2YjI3YTFjNzhhYTU0YjZlYmI5MzFkZmYxNTljYWQ4MTMzZmM3Y2U4MjgxY2VjNmFmOTA5NmU4MzQ4ZDgyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlFmS200QnJ2eTRzZk1iaTV6VDJNUVE9PSIsInZhbHVlIjoidVAvcWpTMTgxRzhlQ2lWTXhjeExEaDR2Q2Y5TmxIR3N2RnNIOU5HNGttTDZGd2dYSzNMUmNScExXbEwzWjh3UVJOZlQwbyszMFhGWGc4TjBUNW5PQk0vOW8zbnJRREUyZzJNNmVuUXJ5Qis1S0RDbnpRY1ZKdCtzS0tFMStwK3EiLCJtYWMiOiI4YTlkZDFlOGRlMTczYzgwZGVmMWM3MDI4OGNlYWM0YTU5N2E5OTA1YzI1YTJkNTEzZjA2MjhmNjMxMzQ5ZGJhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Wed, 09 Jul 2025 07:06:10 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95c5fa2a9a5556a8-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Wicx1ggOMstopjf5NZcHHt70fXqmv3%2F1nOdfZhR12%2BpgNIG0x6U8C10Quvf3akjO1nG00W%2FNbQnipYG%2FoVRFEIWktGA3zM%2BP9gN7hSm8qUQ%3D"}]}
cf-cache-status: HIT
age: 22
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=792&min_rtt=0&rtt_var=241&sent=837&recv=414&lost=0&retrans=0&sent_bytes=798986&recv_bytes=55185&delivery_rate=35087719&ss_exit_cwnd=14905&ss_exit_reason=2&cwnd=33704&unsent_bytes=0&cid=520cc14ddad89d74&ts=23840&inflight_dur=432&x=40"
172.67.139.51
140.82.121.4
151.101.2.137