{"report_id":"383722e3-274c-4060-8d5b-cebd8a90120b","version":6,"status":"done","tags":["microsoft","phishing","outlook","suspicious"],"date":"2025-02-14T16:50:13Z","url":{"schema":"http","addr":"q2berjupvxdohax90gif.brightnexst.ru/pax6lf1/%23%23nregena.umberger@slurpmail.net","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"104.21.41.104","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"title":"Sign in to your account"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-25T16:50:13Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"ok4static.oktacdn.com","ip":{"addr":"143.204.55.87","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2014-11-11","domain_rank":16592,"first_seen":"2018-06-15T05:36:50Z","last_seen":"2025-02-11T11:34:33.934813Z","alert_count":0,"request_count":4,"received_data":267518,"sent_data":2126,"comment":"","tags":null,"fingerprints":null},{"fqdn":"objects.githubusercontent.com","ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2014-02-06","domain_rank":134060,"first_seen":"2021-11-01T21:34:29Z","last_seen":"2025-02-12T04:57:10.298777Z","alert_count":0,"request_count":1,"received_data":11087,"sent_data":907,"comment":"","tags":null,"fingerprints":null},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.95.41","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":0,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2025-02-12T02:32:29.360585Z","alert_count":0,"request_count":2,"received_data":25354,"sent_data":962,"comment":"","tags":null,"fingerprints":null},{"fqdn":"developers.cloudflare.com","ip":{"addr":"104.16.5.189","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":592034,"first_seen":"2012-09-07T16:49:35Z","last_seen":"2025-02-11T23:54:18.338027Z","alert_count":0,"request_count":1,"received_data":1654,"sent_data":464,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":634,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-02-12T02:23:52.531638Z","alert_count":0,"request_count":2,"received_data":63014,"sent_data":910,"comment":"","tags":null,"fingerprints":null},{"fqdn":"github.com","ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"domain_registered":"2007-10-09","domain_rank":1423,"first_seen":"2016-07-13T12:28:22Z","last_seen":"2025-02-12T02:24:48.267107Z","alert_count":0,"request_count":1,"received_data":4338,"sent_data":472,"comment":"","tags":null,"fingerprints":null},{"fqdn":"get.geojs.io","ip":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-18","domain_rank":17418,"first_seen":"2017-03-30T18:44:25Z","last_seen":"2025-02-08T18:58:41.771649Z","alert_count":0,"request_count":1,"received_data":1459,"sent_data":527,"comment":"","tags":null,"fingerprints":null},{"fqdn":"3zjhubjxdx0admpx1jkzklfwiji22nfaceq4hknxoszjqyxovqjn5ke3w.vividtrackz.ru","ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-22","domain_rank":0,"first_seen":"2025-02-14T16:50:13.610053Z","last_seen":"2025-02-14T16:50:13.610053Z","alert_count":1,"request_count":1,"received_data":1491,"sent_data":719,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":235,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-02-12T01:55:41.567041Z","alert_count":0,"request_count":2,"received_data":30005,"sent_data":952,"comment":"","tags":null,"fingerprints":null},{"fqdn":"q2berjupvxdohax90gif.brightnexst.ru","ip":{"addr":"172.67.146.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-01-09","domain_rank":0,"first_seen":"2025-02-14T16:50:13.615525Z","last_seen":"2025-02-14T16:50:13.615525Z","alert_count":28,"request_count":25,"received_data":5416948,"sent_data":32550,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-14T16:49:54Z","timestamp":1739551794,"ip_dst":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.12","port":46566,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI","source":"{\"timestamp\":\"2025-02-14T16:49:54.391602+0000\",\"flow_id\":270503284760974,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.12\",\"src_port\":46566,\"dest_ip\":\"104.26.0.100\",\"dest_port\":443,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2039595,\"rev\":1,\"signature\":\"ET INFO External IP Address Lookup Domain (get .geojs .io) in TLS SNI\",\"category\":\"Device Retrieving External IP Address Detected\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2022_10_28\"],\"deployment\":[\"Perimeter\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2024_09_19\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_10_28\"]}},\"tls\":{\"sni\":\"get.geojs.io\",\"version\":\"TLS 1.3\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"eb1d94daa7e0344597e756a1fb6e7054\",\"string\":\"771,4865,51-43\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":5,\"bytes_toserver\":789,\"bytes_toclient\":3435,\"start\":\"2025-02-14T16:49:54.385422+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-14","alert":"Sinkholed","trigger":"vividtrackz.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Generic phishing","verdict":"phishing","severity":"medium","comment":"","tags":["phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"82a41b2db2683055c2576f09da84070b","sha1":"b6d51d36f207f47c6abffae349f99d3a5e775067","sha256":"3c89dffe1426f2e6e4664b34face099c25e52b9a074c32ff398094bd95ebfc03","sha512":"a6fcb0922f1d0124561b0e033bf46eda873a8d74d11d8ba31f4a6d440c17bbae5869f7a1c7946e4adf2810f6bd9b6ac815765ae4aa286ddfa2ccbf3adc03f7ac","ssdeep":"","tlshash":"8a41acd9a4f368b258bef2bd274fe5d0373228c7e009ea45390c0d68ff9492543a5e95","size":1891,"data":"","first_seen":"2025-02-14T16:50:15.638456Z","last_seen":"2025-02-14T16:50:15.638456Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"introduction_type":"scriptElement","is_inline":false,"md5":"6c20a2be8ba900bc0a7118893a2b1072","sha1":"ff7766fde1f33882c6e1c481ceed6f6588ea764c","sha256":"b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500","sha512":"8f80ad8adc44845d24e13d56738a2ca2a73ee6fcdc187542ba4aaebbf8817935d053a2acfb0d425b9cc0c582b5091e1c9fe16b90b3aa682187645067c267fc41","ssdeep":"192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj","tlshash":"ce22a58932933026af5391b440bf140af2f69589d45cade8ab29d1e27d7290d46f7f38","size":10245,"data":"","first_seen":"2024-05-30T22:56:13Z","last_seen":"2026-05-07T09:38:29.929397Z","times_seen":52386,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"82daec42b1dc402bf090c94321e2ed3f","sha1":"8c870b47da322c5427da2dcb33ccec5d63a26786","sha256":"526a2a3a9bddd44254267aad26ffa6febe13271c401f63c806d35057a42ba0ec","sha512":"c35d1d6271061c24c3cac855c7a587a92aa61f7d8d3d7864717f08eab11e3d2011fc1982fec6bcd4ba185bdea407c71b079693b448e9282b357899f0b91990ff","ssdeep":"384:MMcZ0FKQMVswsCcGYqAMy3io6UbaES8N0:M1mFK1WbiozlN0","tlshash":"84920b0ed6c94c10d7162db45a64c2331d4bc314d55ac99a78ef7c8b671ae2e3bb82ec","size":20026,"data":"","first_seen":"2025-02-14T16:50:15.639445Z","last_seen":"2025-02-14T16:50:15.639445Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-05-07T09:54:13.554973Z","times_seen":463256,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"99b4c885a81fafc8596bfc3c715098e2","sha1":"5a1c679da18809412ac7cc4339b8f73c81826b6e","sha256":"f3b20715d2034f3cfe180930557ff9ddd0950952dde82cf35b651bc22a45b9ec","sha512":"267e60396a346a6da04699853eb03a98c0fca1fb0cc585626d36e9027db47401e5b4e4490982b9ee6f8f52cbe84bfe56146fec7534398b4cd8976854cd05fa3c","ssdeep":"","tlshash":"f11115ef36459a3e5ecf5e5aa77fc3883d9f0d54bd0a5051088ee92a0918982d87bc12","size":745,"data":"","first_seen":"2025-02-14T16:50:15.640249Z","last_seen":"2025-02-14T16:50:15.640249Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/56NZanc75H2pQ9jlyqRXgql5wjijZOZyxC2m3iVlvZ67102","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1fcbe4aacbe30b67606277e365405928","sha1":"68443d074aeff59a5940e48a91c82268b2c3e30f","sha256":"89feb7dcb6afb24066a555b39d94bbc817a16a597db8a0ca3bbba9eb3ced1f5b","sha512":"c97719c743b0b897549d0190d9b5519663403ac9f6ed13f9a4a96ebe702ad9edd75f95f396b7be13ffff77e5b953494629a4698a3eb5324bb34bf1418d53ebc8","ssdeep":"6144:byhjM/9KIpSIiDhDoZghdXRKDBhIXhLHpDMp+ov3IIshsfD0IdHVgXIIfgCofLH+:i","tlshash":"2d26007314f165807625a5413d1fbf1fd5144bea91c780746cd8fe8cda7d92c800eb54","size":4752044,"data":"","first_seen":"2025-02-12T21:51:37.483324Z","last_seen":"2025-02-28T23:51:26.450098Z","times_seen":4941,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"15a8d4a571284fe8fcdd1abd1242c2c1","sha1":"a8afa9bac51ad595cc4ea88be2aa6f371919dfde","sha256":"d7c0658a05aeabe488e823c751a9ad7859d143bb56be350b756e82feaeab4cca","sha512":"ed41e11c60dfe33275c95d096fac70549f8416a77382e2e6264902c043b552a1c70b48a4aa3c7f2f8557a881f10f1cf591473f91c82b17f44bd0786eeef9d841","ssdeep":"3072:3lxv4bfFb6FkrqGLwbaEV1VKOIR55GDt/7icBmLZLBc:V44RDt/7qLZLBc","tlshash":"16d36d89467e17e89b6a21989f431b0774b86b9774dcdb45120ae523b980c7dcbcf338","size":138800,"data":"","first_seen":"2025-02-14T16:50:15.643032Z","last_seen":"2025-02-14T16:50:15.643032Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","size":48316,"data":"","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-05-07T09:09:45.439721Z","times_seen":151768,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"c95fb9ea393328f6356a9b515def03d5","sha1":"99d5f1dc3730e79e1d374c800d74406574e6b953","sha256":"ff2cf04b5aa373bfb0d80ecba00483a04d5b4bbc15acd7fe500d51faaf55eb81","sha512":"fd9ec0ec99d942876afba8b54d8defe43b75a9630ebf07d05e69d840e6466e92f5a05772fae908a85379edf5a5125951c2b2770c459f016d46c059de116be5c0","ssdeep":"","tlshash":"0b51ced6b061a4bd596dbbbd679ef5d0363f3ec8d051a2413d0c0c18b394919c3a5eb8","size":2185,"data":"","first_seen":"2025-02-14T16:50:15.643927Z","last_seen":"2025-02-14T16:50:15.643927Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":[{"md5":"a85715255859c79d566ceda10210db3a","sha1":"fdb22b76dce53a79fb66c026d493019aaa06fb8c","sha256":"11a9b26fe9846d68a056f72c1b018ae4187bd98802457cddcad2e9633850d01e","sha512":"9d91f32065e1386f9f925c78e10f2d0c10a5e887c423de6816c3a4803fe6280d48607e1383b24eb80f6627997d0121a160f4d493327c42651355c85ed10bc819","ssdeep":"96:VULGi8LGlk8LG47+iZluyzUlMXimHinCHiDi4i6ix5iltcZvJOiyiLJi2:0laQkan7+iZluyzWMXiAi8iDi4i6ix5r","tlshash":"07a1b75b6e970c2187a79e1a3aed57c13c3c670b9882c0dd3d1daa908f58a6174d83dc","size":4873,"data":"","first_seen":"2025-02-14T16:50:15.64475Z","last_seen":"2025-02-14T16:50:15.64475Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"e02c5cea485ebc4c57548fb383b0fe08","sha1":"46ca89bcbd64f2c27cb2147b23ff976c7d93ebeb","sha256":"944a843f8023cf4d833b53d7714e30bdb2aa2625248becc7c38e4de9ebf47071","sha512":"8de123f4ef7a5c0c8f13cbfc3f998a89c3af3b99a9a1206eba2e2201078e0ec2380a4de176a70da4fdc2fa88557048c0c9f5f4612843549df09442b3f967d068","ssdeep":"1536:D18pha1bOB6uru7Z6/tJd21r58VoJPVqZy3ajla+NUdmWb7CAFy1xdpks5wd61T8:DOP5k4D6giKLPGKM0z27+HEQ1gQr8F/","tlshash":"7214a372479c3fc5cd59e900fbb9c62a830514336422e497cb2e3d9c7e9c99ad481e9b","size":198175,"data":"","first_seen":"2025-02-12T21:51:37.491852Z","last_seen":"2025-03-05T21:26:41.946028Z","times_seen":5350,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"7009ac555a3acd068713d62d0d76aeb4","sha1":"ed3175c53460b923c70c75a7217dff228b88bc69","sha256":"0564f2e41ebec7a40fb22ad015e525aa0b71cee7e72e1497780ee521b34b3a15","sha512":"08b56e656c5c0bd29357ae36bf33c5b1c1789040dc6f8274dce97bf9cef1917c1ef3f75b2fe8e950d212b84af2d9e6062ef4350eb9b1afcd5bca5d14f6fa9305","ssdeep":"384:Agb5W7637SNcl1aHgc8iIieMi4ic18G17icIB/W:AQW7JxlQVc18GocD","tlshash":"cd52619a342414708af736f7b2b74284b83161376e80d522f4bcc95d2f719d1a2b7ee9","size":13220,"data":"","first_seen":"2025-02-14T16:50:15.646243Z","last_seen":"2025-02-14T16:50:15.646243Z","times_seen":1,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_j3kdy1s9x2iokjd","sensor_type":"yara","title":"","description":"Private YARA rules","scan_date":"2025-02-14","alert":"Tycoon_AitM_API_Callback","trigger":"javascript.eval.md5:7009ac555a3acd068713d62d0d76aeb4","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"author":"Mike","date":"2025-01-29","description":"Detects API callbacks from Tycoon AitM after successfully completing the Cloudflare Turnstile challenge","rule":"Tycoon_AitM_API_Callback"}}],"urlquery":null}},{"md5":"e9ce3aa8ed1847c1d2e608dcd8445713","sha1":"c9cfe3514bad81fa8149990266572b73e14e2cd1","sha256":"b51043dd7aaa1bc4205fc0f00653c26b8d92f836198668cc92b7902493ba2bf5","sha512":"356622565f8ef4f424d79834c748cd82fa26da42311e837aa0ddd4c158d9d54e4a8d55ae827ad0137629d427feb4e5b1dabf4d4ade69d55710a4e2552d38d890","ssdeep":"3072:/pykJcRR8cr7yRXjc7El8c6odqz+N4wNb6htHOQYGUsnNymSibsmSiTO0S:BykJcRR8cr7yRXjc7El8c6oUgws","tlshash":"51e385411ea08d4e27861a7f3136b0e4f9650b5d3942e995f19cbc9c23e2713f9f28b2","size":148618,"data":"","first_seen":"2025-02-12T21:51:37.489451Z","last_seen":"2025-03-02T04:44:16.586821Z","times_seen":4685,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"write":[{"md5":"70920070149f1958a31bb2801b8982c6","sha1":"f1468bc2e825a83600508f3fb0ebf2ebfe5469dd","sha256":"6fe9d77ebcc2c1ace61c017546f1baf12d55e2531e4c5f68fa06230e7d5a19c7","sha512":"d8022afc41b54f5cd68d9937f3596c04b1ad0aa3e1a45e520c9164a59be567c6458740a43824599a5289a31dd5905c1e37068fb71e94aea18f552ebb4f54dd99","ssdeep":"384:qe27R5pUZOZT2NDovX5lXGOpDksazuuLqqQM1zsl6malNehYo+tyKMM:B+OZOmoh4YYqqndLmalNTv","tlshash":"dba36a7ff216177fa6c2ce9b32a36d1e21223c16d20f8315a45bb723b74237d0956991","size":104167,"data":"","first_seen":"2025-02-14T16:50:15.6482Z","last_seen":"2025-02-14T16:50:15.6482Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"abc733936edd9678a720beb0e311190b","sha1":"447cb2890fd5ac72a1174a61531e3f7443427353","sha256":"6de9edf54e5074050161a6316abf0839135e2427bc7c030fe75b84f74ff7cf22","sha512":"a23cb606b6bca045ae37f88b5905b1467ca788d9f60073b8336c7adae6523f6d30629321b49b6cf76b68cffa9dbdd86fd848d6cde88baffbd1d6def1723b62f6","ssdeep":"96:/3KNzwq67nRbi4kGLGx8LGEk8LGMmeFkQFoi47MutzZsQEgtGa93/1o1RA58:/6atLRb6cCalka7meFtFoi49oetGVnC8","tlshash":"2df1b5865c1a2d5207b07a296bde92d8fc3e07c7ac81824b394c9c44bf7051a17daff9","size":7462,"data":"","first_seen":"2025-02-14T16:50:15.649487Z","last_seen":"2025-02-14T16:50:15.649487Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"md5":"37f1f11f700b412e92a07eb2aa34798e","sha1":"a0cf4dbc0d3732ca0b87b5ceba07483ad8f6cddd","sha256":"a22f41a1a9cf906343050ef3b646f301ce6e504c18e5f84f5bae2acae2411231","sha512":"fbf7cf87bf9fca18e9761fdae425940493114faa41d41bd37268d417bd267befd2c8b2fe707d0c86deac8ed0bcb96e75f9b57e96be4468230e3613ef56c003e3","ssdeep":"1536:HpNdZVnORGP/I1Zxe4nLO+csPRQeiClNj:HpNfARGP/I8+UClNj","tlshash":"9ca3a21a51c6083a41b380f269784b9afe66c64fc70a821875fc93d76ff6c06dd639d8","size":102614,"data":"","first_seen":"2025-02-14T16:50:15.650526Z","last_seen":"2025-02-14T16:50:15.650526Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"http","addr":"challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2025-02-14T16:49:40.544445728Z","timestamp":1739551780544,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\ndate: Fri, 14 Feb 2025 16:49:40 GMT\r\ncontent-length: 0\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public\r\ncross-origin-resource-policy: cross-origin\r\nlocation: /turnstile/v0/b/324d0dcf743c/api.js\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 911e8d845cb5b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T09:57:30.962848Z","times_seen":14780409,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.322Z","timestamp":1739551791322,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Jan 2025 09:16:22 GMT","end":"Thu, 24 Apr 2025 10:16:21 GMT"},"fingerprint":{"sha1":"00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32","sha256":"E1:9E:09:57:22:18:8B:D8:DD:89:2B:13:1E:DE:9E:B5:D9:7F:4E:46:18:C4:8D:2B:07:E4:55:3D:8A:1F:5C:E6"}}},"request":{"raw":"GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 13972\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"61182885-3694\"\r\nlast-modified: Sat, 14 Aug 2021 20:33:09 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 156251\r\nexpires: Wed, 04 Feb 2026 16:49:40 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=2tbLvMscZbJ2QMz5M%2FstGlbmgewzoU4gbu4W7GZu4tv9n2InY3jxzn6FrG5IxvAaLpkymvy3veyzROD3qeIg8Tc4aY3vlPn%2BrQUJHCfxqvky%2B3PY1gAAz44C0VEkNBlpsI8lynDY\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\ncf-ray: 911e8d845e96b527-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13972,"size_decoded":48316,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48316), with no line terminators","md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-05-07T09:09:45.439721Z","times_seen":151768,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/pax6lf1/%23%23nregena.umberger@slurpmail.net","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2025-02-14T16:49:40.685975006Z","timestamp":1739551780685,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /pax6lf1/%23%23nregena.umberger@slurpmail.net HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=DVcfimlVrHT1d07lRb%2BieCBFtJsTBSfOogeGGfKceL7HpKMHHOYD0vdKRlBr6Jt0dIYhAf7njaC10XRPzZQmYud68DZC2tBUQOw07eUX1l8ogwFMN9iA7LR6CvPhSg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik1IVkprcWF4VTE1amwrYTlpRi93YlE9PSIsInZhbHVlIjoiVk5RZUQxMTVaMy8zZDIxellOLzl2K040eEt5TmltdVFFalMzS1N1UXZzYUZFRUgyTkpRZnFUVS9RTjhwaFdEc1FGM09KL0tNbG5GUjVrNFBKbW5YUTN6dXcwOC84VmZPWko3bENncU1ZM3BlOUdzV0F6b2FXdUNpYW1ONWdYcHMiLCJtYWMiOiIxYjFlOGZmOTU4NTZlYjI2NTgwNDQ3YTY5NzNhZWJmM2Q5ZjU5ZGZlMWI2YjdlMjg1MjQwZjM0M2NkNDkyODZkIiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:40 GMT; Max-Age=7200; path=/; secure; samesite=none\nlaravel_session=eyJpdiI6Ilg1SS91V1Q4c090NVJYRW0zdmVMMkE9PSIsInZhbHVlIjoiNWdLcVJFWWpZK2NJQ0lSVHh6Q0VqNGx0Z2lkc1JyVG10Nk94b1hHNjNPcU9OUWIvdGdxdnI3UVQwNURWZ2d2Ym4xMWtYWm5UTkNUNDZIZ1pWTTd6M3R2MEM2REM5NEk0ZnZBZGNSc1NzS1krYmI3aEU3S0dtUjFVZFdvelNGdjAiLCJtYWMiOiIwZGE0NzgwOWE3NjMxNWI5NThjNzY0YzdhZjA3MmJlNWM1NmYzZDRjNjc1MTc2NmIxMTA0Nzc3OWQwYzZiMmVjIiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:40 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none\r\nserver: cloudflare\r\ncf-ray: 911e8d807c8e1bfe-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1300\u0026min_rtt=1145\u0026rtt_var=593\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=1456\u0026delivery_rate=1585980\u0026cwnd=247\u0026unsent_bytes=0\u0026cid=38fd96518ac4c168\u0026ts=123\u0026x=0\", cfL4;desc=\"?proto=TCP\u0026rtt=5997\u0026min_rtt=522\u0026rtt_var=10994\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3205\u0026recv_bytes=1172\u0026delivery_rate=7325463\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=a1dc38541abc2eab\u0026ts=230\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":56564,"size_decoded":374757,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (65295)","md5":"71e0f5bff3a4beae9009c1131d54e55b","sha1":"9d72f4aa87b8ad693789c868d4f4a575521fbc06","sha256":"7f422ddbbc9e8debbca80ffa8bb029775c307114bd7e7d5f2a5f750351d330ce","sha512":"f3660d020460bf112cf0ae9a8cb70a87a85619cab136fb05c0efdb9fe51a798eb936e5d807babd368a13490cb3069c438e991c8f86c20ba9eca4db48b336bcb8","ssdeep":"3072:qJA+7nZboa0xXB8MsW6JA+7nZboa0xXB8MsWqAa:qJA4nZboas+7JA4nZboas+JAa","tlshash":"a1849ade0a1b28735b0c2e62609b674a901b9eda7f324785fc950da5cde065e12cc1ff","first_seen":"2025-02-14T16:50:15.614028Z","last_seen":"2025-02-14T16:50:15.614028Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"http","addr":"developers.cloudflare.com/favicon.png","fqdn":"developers.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.16.5.189","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2025-02-14T16:49:40.845958732Z","timestamp":1739551780845,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /favicon.png HTTP/1.1\r\nHost: developers.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 937\r\ncache-control: public, max-age=0, must-revalidate\r\netag: \"6be7ff94b6151f8cfbf08b53a17e2ac1\"\r\nset-cookie: __cf_bm=yDVJe0mUEbTvVgMGk5Ph.NIDNXdA7udxbAmRsNcenYE-1739551780-1.0.1.1-4HJhAWnhVcFckCo5LrgvNATI8CsVdw_kTMNWCjNGHjM9BKH4PwOCnmaQghtum2gvNjAQFmWfmnl8NspX4IjyqQ; path=/; expires=Fri, 14-Feb-25 17:19:40 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=15552000; preload\r\nx-content-type-options: nosniff\r\naccess-control-allow-origin: *\r\nserver: cloudflare\r\ncf-ray: 911e8d85fef00b31-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":937,"size_decoded":937,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced","md5":"fc3b7bbe7970f47579127561139060e2","sha1":"3f7c5783fe1f4404cb16304a5a274778ea3abd25","sha256":"85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe","sha512":"49fa22de92bebede28bb72f7c7902c01d59e56723811629e40c8a887e34fd0b392a9df169a238bdd8e46d984e76312d75b2644b8611c66a71a559c1b6834de6c","ssdeep":"","tlshash":"2d11b7a7452d00b1d69933639306d88aa21ee848d74308ca38adf38713834d69bc976e","first_seen":"2024-11-14T16:12:41.503532Z","last_seen":"2026-05-06T06:28:43.177471Z","times_seen":18173,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"challenges.cloudflare.com/turnstile/v0/b/324d0dcf743c/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2025-02-14T16:49:41.731751101Z","timestamp":1739551781731,"http_version":"","security_state":"","security_info":null,"request":{"raw":"GET /turnstile/v0/b/324d0dcf743c/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\nlast-modified: Tue, 11 Feb 2025 23:52:12 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 911e8d847cf5b50b-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24480,"size_decoded":48139,"mime_type":"text/plain; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48138)","md5":"59306e15eb43de76a56231e5e426ec80","sha1":"7606b8e4aeace12b393ad6dcebdf6d64bc7240e9","sha256":"69865fe9be4f6cdced3ca8c047a486db063f1179846f5edff395c39a7494fa34","sha512":"99c5ee7567fecb0fd92c4622ee949975972fc46e165aa8e9ff719b3a64472f15e6a79ec83ca533c7305b70b35984b7980ac0552ce1169dbd1dc2c3c1f2d83f4b","ssdeep":"768:nCbU/CNu5h5taq75KvO0fV9/KFeWlzQylfTDjVsgVX2bwDBslY1L8ep7K1oiSJvU:4Nu5h5taq7gGYV9yjcylh2bQs3","tlshash":"f2232b583266797317e980e0617ba74373297a39f94ccc509823c97526acecad133fb9","first_seen":"2025-02-12T12:50:11.006899Z","last_seen":"2025-02-17T12:19:44.484181Z","times_seen":2233,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.298Z","timestamp":1739551791298,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Jun 2024 00:00:00 GMT","end":"Wed, 25 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"CD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5","sha256":"AB:77:AE:8B:01:C3:97:E7:80:17:A2:C0:A0:8D:8A:BE:C9:8A:77:1C:06:8C:B9:64:E1:7B:E5:9F:3B:E7:EC:FA"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 14 Feb 2025 16:49:50 GMT\r\nage: 793448\r\nx-served-by: cache-lga21931-LGA, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 29024\r\nx-timer: S1739551791.564455,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30875,"size_decoded":89501,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-05-07T09:54:13.554973Z","times_seen":463256,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/pax6lf1/%23%23nregena.umberger@slurpmail.net","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2025-02-14T16:49:50.617396053Z","timestamp":1739551790617,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /pax6lf1/%23%23nregena.umberger@slurpmail.net HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IjY0UG5IMW41c2U2dmxnUWlyUitnQ0E9PSIsInZhbHVlIjoiUnlzQ2c5dFpXMC9aVy9ZeXN1anJkVlQ0MDh6WU0vRWUrZi8zU2NabkVaNkI3M3ZBSE5YSmJ1Q1Y1eGhzSjg1eStQOG4rWG11aktXcWYyY1FUcWhVSEg4anQ3WjA3NzZITTM5ZWw3a3k4c2R0ZlpTblFEckFPRlhzT2lORlNrbU0iLCJtYWMiOiJmYTE3MzQzYjcyM2E4NzQ2OWUwOWYxZGI0MjI0ZmEwZjI1NzNkNzE1NzNhYTVjNmQyNDhjYzQ0YWFmNmRhNTkxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitQNWlVNGRHZUxaYWI2UE90STNVN1E9PSIsInZhbHVlIjoiNnoyU3hQSWo1czdnbTZ4VnJwQlQvVHlHMGZlaWRTcmlmOUJyTjB4blB4S09IV2J0bGFaUk1oWCtIcXlhY3c2aUNVWVBnNHVQdlFST05tczJsOXBuaFdIdXAxa05PU2xMSUdZNElQMkluMFUwRm4rYytIcUx4ZzNlbEREajkxVUkiLCJtYWMiOiJmZDI5NGM1Yzg0ZTlhNTVlYjMwMjc1NzcxNTgzNjM5MDc2NjM1NzhjMGZlMzdlZDkzNDcyOTBiNmI1ZTYzZDdjIiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nSec-Fetch-User: ?1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=QqjWFVft%2B7T%2Fgvs92APqFAZv4wmBBYhgJhHLge8298EdVKcRFWNO64prUpdSSZFCmAlkfq54qfLjHxjYSLDomWdoKbMy%2FRbMQHCYu8R12Bvf53sqyCzADYdH0rgDGA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IkZBSWZsa2VudzB6T2xFNXRIY3AzaHc9PSIsInZhbHVlIjoiNThnL2xqK0tqMEI4MkhYaHp3Zy9iMFJjSFVlRk1vZzZmOGI5akgxeXdQS1B1eC8vaWFHRlMwUEVhSlJkZXdwdk5JdDZVZnFQalpQYWpFMG5sUk9Ic3AxMmdKb0lvZzZTKzJvSTcza3BnYk04NjVIZlBKa3o3NGkyZFUveHYwcisiLCJtYWMiOiI5NGNjMjY3NDQzMjAzMTg5OGE4OGNlYTQ0MzU0MmVjNjAzNGMzOWIxNjcwNTlhZDY5MmM2ZWY3OWMxODA5ZTdlIiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:50 GMT; Max-Age=7200; path=/; secure; samesite=none\nlaravel_session=eyJpdiI6Ik1qRkVaZE5uZy8zK011czBXRHo3L0E9PSIsInZhbHVlIjoiekkreDVQWkVpdkpERXVjK2Vqd3BpUHJxdXlTeGpIVVFzTy9lYkxBcWtIVncwcHhJczdJSzZpZE52bVU4ZUJJeWV4Z0pNK3FQV2JEZEx0akgrUDJMUEdGRHBlMi9qSGxSTzF0ajY4TFRRTzNJcisxc1VDL2hWcTBta1lHV0p1ckYiLCJtYWMiOiIwNzBjYTA0ODk4NTlkN2JmYmFjYTBlNDIwOWUyODkxOTJhNzgzOTRmNWM5NWI3NmUzOWY2MGNjYTFiMzI0ODIyIiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:50 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none\r\npriority: u=1,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc1ac0e5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1852\u0026min_rtt=1760\u0026rtt_var=574\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2208\u0026delivery_rate=1637083\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=f04db65c52a14a19\u0026ts=111\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=4747\u0026min_rtt=2312\u0026rtt_var=2663\u0026sent=16\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=5757\u0026recv_bytes=3867\u0026delivery_rate=160\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=10369\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22472,"size_decoded":15336,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (9997), with CRLF line terminators","md5":"c33f2d8d5e3dec35229f6b79461c43bb","sha1":"ca885f14eb59b32c2db3d30b63e72609937bde37","sha256":"c617c90375657b7580718cbe22549628373a2249926df71479d515827a35e297","sha512":"393544f5b1aa9a9f20d18fd04dc99fce723ed3b92a86d6ed9ceec49d27ae505689a3d3a97a92299092d57e117d4a328dfea52aecebb2f67fe168ab32a2ad6259","ssdeep":"384:JHlpDfVg8svCswQeZTX8flr6/tCnlr+lrB:LpDyv/eD8ft6lulr+lrB","tlshash":"6a626cc08b8952610b21ef51ed099d9c23b823ded960c7ddd84b6e959320ef409cbbe9","first_seen":"2025-02-14T16:50:15.618425Z","last_seen":"2025-02-14T16:50:15.618425Z","times_seen":1,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Microsoft Outlook","verdict":"phishing","severity":"medium","comment":"","tags":["phishing","microsoft","outlook"],"meta":null}]}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.322Z","timestamp":1739551791322,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 24 Jan 2025 09:16:22 GMT","end":"Thu, 24 Apr 2025 10:16:21 GMT"},"fingerprint":{"sha1":"00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32","sha256":"E1:9E:09:57:22:18:8B:D8:DD:89:2B:13:1E:DE:9E:B5:D9:7F:4E:46:18:C4:8D:2B:07:E4:55:3D:8A:1F:5C:E6"}}},"request":{"raw":"GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 13972\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"61182885-3694\"\r\nlast-modified: Sat, 14 Aug 2021 20:33:09 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 156262\r\nexpires: Wed, 04 Feb 2026 16:49:51 GMT\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=V19c6cUThBlzle9vW0J8PhxYrc3VVXZnAOQvo%2FGJIQ6AR%2BSn9LmyrHgwf9qgUpdc00uxkkm%2B%2F9sIakvwJsn9MwSF9OJ1Mv3Wu3U8OZ1DO7N%2ByxlshL4FD%2BHiBPdXUISUV8ny1e1N\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\ncf-ray: 911e8dc7a8950b4d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13972,"size_decoded":48316,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48316), with no line terminators","md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-05-07T09:09:45.439721Z","times_seen":151768,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.298Z","timestamp":1739551791298,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Jun 2024 00:00:00 GMT","end":"Wed, 25 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"CD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5","sha256":"AB:77:AE:8B:01:C3:97:E7:80:17:A2:C0:A0:8D:8A:BE:C9:8A:77:1C:06:8C:B9:64:E1:7B:E5:9F:3B:E7:EC:FA"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\nage: 793449\r\nx-served-by: cache-lga21931-LGA, cache-hel1410020-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 29026\r\nx-timer: S1739551791.316235,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30875,"size_decoded":89501,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-05-07T09:54:13.554973Z","times_seen":463256,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":31,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7","fqdn":"ok4static.oktacdn.com","domain":"oktacdn.com","tld":"com"},"ip":{"addr":"143.204.55.87","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.392Z","timestamp":1739551791392,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.oktacdn.com","organization":"Okta, Inc."},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 02 Dec 2024 00:00:00 GMT","end":"Fri, 02 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5","sha256":"71:C0:94:09:81:5A:DD:BE:41:D4:27:16:CB:BB:73:BD:A1:E1:22:3A:D2:6C:C1:26:F0:EC:4B:ED:3D:64:26:3B"}}},"request":{"raw":"GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1\r\nHost: ok4static.oktacdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\ncontent-length: 10796\r\nserver: nginx\r\nlast-modified: Tue, 23 Feb 2021 04:20:08 GMT\r\nstrict-transport-security: max-age=315360000; includeSubDomains\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\ndate: Wed, 29 Jan 2025 00:59:17 GMT\r\nexpires: Thu, 29 Jan 2026 00:59:17 GMT\r\ncache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400\r\netag: \"12bdacc832185d0367ecc23fd24c86ce\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: o_JF4eRczU9B9ovoLJhVU8WU9WlS4RyLuRsrVjQB3iNF_gQD9DMTgA==\r\nage: 1439434\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10796,"size_decoded":10796,"mime_type":"image/png","magic":"PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced","md5":"12bdacc832185d0367ecc23fd24c86ce","sha1":"4422f316eb4d8c8d160312bb695fd1d944cbff12","sha256":"877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0","sha512":"36c319ac7f75202190e7a59f3f3c92892a71d5f17663e672319a745b6574bcfde7c89b35f480cb15a193924dacb9d67f8ca1e1bc2bf33fc5ccbfa152cc7ba2d0","ssdeep":"192:aPzBBDKs07GiH528urXXSjD4/voR3Euri/in9Q28oLaIAQLdCYXQIDeoIdv60:aPVBQ7P5nIyjD+oRnr4inJdANuGdC0","tlshash":"7122af89d5a7d9387f3ff18c00be1fcb46f8a1f9760608b93989875d0641d9c188c499","first_seen":"2023-05-04T21:28:17Z","last_seen":"2026-04-10T13:26:22.651449Z","times_seen":38427,"resource_available":false,"data":null}},"time_used":31,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/qrkx8dSV1fawZUXvAfoFoghmEZ4HpblNGKfMpms45139","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.372Z","timestamp":1739551791372,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /qrkx8dSV1fawZUXvAfoFoghmEZ4HpblNGKfMpms45139 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 892\r\ncontent-disposition: inline; filename=\"qrkx8dSV1fawZUXvAfoFoghmEZ4HpblNGKfMpms45139\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=VZjcZGgnRJoKKP8olnkhkiPbIfLsosqn0rNu8IgPA%2B0mF%2FSwS%2Bb%2B9eMzsJE7WopOIVuOboneed%2Bt%2BZRQyOjupuu4uaaPloKEoIz0bDBxfvO2G3mKXlSPWBbEzKy2hQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7dfbe5687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1552\u0026min_rtt=1534\u0026rtt_var=467\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2822\u0026recv_bytes=2243\u0026delivery_rate=1742478\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=37666d7f8c35917e\u0026ts=84\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2173\u0026min_rtt=970\u0026rtt_var=1359\u0026sent=127\u0026recv=49\u0026lost=0\u0026retrans=0\u0026sent_bytes=98997\u0026recv_bytes=25401\u0026delivery_rate=2652115\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11367\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":892,"size_decoded":892,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"41d62ca205d54a78e4298367482b4e2b","sha1":"839aae21ed8ecfc238fdc68b93ccb27431cd5393","sha256":"20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40","sha512":"82b9806490a0db493da16466738437b9bb54b979075db58c89ca0d192d780ddb5ed888e10ce76a53d48d30d5013791cac7ab468d85b61d32766140dd53dc9044","ssdeep":"","tlshash":"a41120296b6053c8e7156bbc60c11f92ebbdb9124712627782c093366b489c6255c2d2","first_seen":"2025-01-27T17:47:42.408008Z","last_seen":"2025-09-19T23:18:03.480147Z","times_seen":36702,"resource_available":false,"data":null}},"time_used":165,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":165,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/wx99Q7hWiVI78zBcB8pimxOnqrXogamr0j1rFRpwsu34123","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.369Z","timestamp":1739551791369,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /wx99Q7hWiVI78zBcB8pimxOnqrXogamr0j1rFRpwsu34123 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 644\r\ncontent-disposition: inline; filename=\"wx99Q7hWiVI78zBcB8pimxOnqrXogamr0j1rFRpwsu34123\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=MMshNDCMZSlJEP9bN7trP8z6ItAumgZ9oT4ywMM8qKefI%2FOtwE9Xmr9PbIa2L3K7k%2FjUPfckv0d3ELNX6iKFd01TPBJtuzpyLPBezRlbvmiPZWgnyIZ8LThU4FfGjQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7dfb75687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1365\u0026min_rtt=1259\u0026rtt_var=415\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2824\u0026recv_bytes=2246\u0026delivery_rate=2140428\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=2598a80da25dc908\u0026ts=96\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2107\u0026min_rtt=970\u0026rtt_var=1143\u0026sent=132\u0026recv=51\u0026lost=0\u0026retrans=0\u0026sent_bytes=103882\u0026recv_bytes=25492\u0026delivery_rate=244568\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11378\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":644,"size_decoded":644,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"541b83c2195088043337e4353b6fd60d","sha1":"f09630596b6713217984785a64f6ea83e91b49c5","sha256":"2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f","sha512":"b2ae42ba9d3a63d3acb179051b005f2589f147d94f044616ae5dc5705e873f16057c56934262841191263b4c35804ef188bd38cf69cce0f4b2cf76c05f17b8ad","ssdeep":"","tlshash":"f4f00e3613a40b4ce5643ff860d10f03f37c7e22cb17aa66c10082221f049c86c9c2ca","first_seen":"2025-01-27T17:47:42.408787Z","last_seen":"2025-09-19T23:18:03.500571Z","times_seen":37683,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/GDSherpa-bold.woff2","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.339Z","timestamp":1739551791339,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /GDSherpa-bold.woff2 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28000\r\ncontent-disposition: inline; filename=\"GDSherpa-bold.woff2\"\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nlast-modified: Fri, 14 Feb 2025 16:49:51 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=6XNcmjZzp7PhnN31nrujIh3cPLoeZIxRdBDVJn47is3pFK6r37572mS7hpYraDF9TsCVxmNXg1E50q5Slu%2BgcSU8eVJXMFyuMwGgjZ704WWTVR4f6MrroS1nJBaErg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7bf625687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1447\u0026min_rtt=1436\u0026rtt_var=561\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2824\u0026recv_bytes=2241\u0026delivery_rate=1896529\u0026cwnd=244\u0026unsent_bytes=0\u0026cid=77c6ff3b8d9f7e0a\u0026ts=141\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1949\u0026min_rtt=970\u0026rtt_var=730\u0026sent=150\u0026recv=54\u0026lost=0\u0026retrans=0\u0026sent_bytes=123242\u0026recv_bytes=25628\u0026delivery_rate=6652233\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11407\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28000,"size_decoded":28000,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28000, version 1.66","md5":"a4bca6c95fed0d0c5cc46cf07710dcec","sha1":"73b56e33b82b42921db8702a33efd0f2b2ec9794","sha256":"5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f","sha512":"60a058b20fcb4f63d02e89225a49226ccd7758c21d9162d1b2f4b53bba951b1c51d3d74c562029f417d97f1fca93f25fdd2bc0501f215e3c1ef076810b54dd06","ssdeep":"768:NDT1rKvlJOE1AgLlnGj8H58AJUcl5I17ML7FfNHubNIphqb:NDtKvyAhjHeACcl21YL7KNW+","tlshash":"cfc2f1878fd02879a72dfeb80252903197d00de93fea42318d99b70fe683987515e272","first_seen":"2023-04-09T13:59:19Z","last_seen":"2026-05-07T09:46:45.648162Z","times_seen":94944,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js","fqdn":"github.com","domain":"github.com","tld":"com"},"ip":{"addr":"140.82.121.3","port":443,"asn":36459,"as":"GITHUB","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.316Z","timestamp":1739551791316,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"github.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 05 Feb 2025 00:00:00 GMT","end":"Thu, 05 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A","sha256":"B8:BB:81:87:68:33:87:39:42:04:5A:8D:F8:F0:62:19:E0:06:02:EB:CB:43:84:C7:AB:C2:4F:18:37:9C:87:F5"}}},"request":{"raw":"GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1\r\nHost: github.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: GitHub.com\r\ndate: Fri, 14 Feb 2025 16:48:29 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With\r\nlocation: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250214%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250214T164829Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=cc8c0f248f554872ad6570c0cbc70f592b7aea666d1966b7f5c26ca52b3ca744\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Drandexp.min.js\u0026response-content-type=application%2Foctet-stream\r\ncache-control: no-cache\r\nstrict-transport-security: max-age=31536000; includeSubdomains; preload\r\nx-frame-options: deny\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/\r\ncontent-length: 0\r\nx-github-request-id: CE73:38EA8B:28A3E08:299A945:67AF742F\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/octet-stream","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T09:57:30.962848Z","times_seen":14780409,"resource_available":true,"data":null}},"time_used":509,"timings":{"blocked":241,"dns":27,"connect":19,"send":0,"wait":19,"receive":0,"ssl":198},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/opjWPBkGJrsuMPK2A2qSyaRhvPynYFBpQiuvebrVOKgC2AThYvQvXku3BKcd240","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.395Z","timestamp":1739551791395,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /opjWPBkGJrsuMPK2A2qSyaRhvPynYFBpQiuvebrVOKgC2AThYvQvXku3BKcd240 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 9648\r\ncontent-disposition: inline; filename=\"opjWPBkGJrsuMPK2A2qSyaRhvPynYFBpQiuvebrVOKgC2AThYvQvXku3BKcd240\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=oLA21JTtFl4pTx5%2FFhMxTaKQPj1i2so35Lsodm5USLnUf05HrFhtufffVGZwre9tu096Ze0%2BWdSU0oUmjfYHOWrs4X7yASVFRWfpqSNHLkJ8lz4mPBpuGWhmtSplZA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc8081f5687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1732\u0026min_rtt=1510\u0026rtt_var=621\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2262\u0026delivery_rate=1907773\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=6a1745a90aab68af\u0026ts=86\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1850\u0026min_rtt=970\u0026rtt_var=588\u0026sent=191\u0026recv=56\u0026lost=0\u0026retrans=0\u0026sent_bytes=170209\u0026recv_bytes=25720\u0026delivery_rate=3565328\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11440\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9648,"size_decoded":9648,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4946eb373b18d178c93d473489673bb6","sha1":"16477acb73b63ca251d37401249e7e4515febd24","sha256":"666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92","sha512":"f684b90b748dc8399f76c5d8f94af6c4e6869143f18d19ce435b25eaa14e9647b120467bdd0795895676dc0cccdeabf82beb2f46ce2c5bf4c58ed9c134f30c48","ssdeep":"192:gwTgBYruFELhYmwd93mjW0l9OsENOLWcXdN4CLrHZfTtjOZgYM5cWjAaP6:gwTgBxaYmo5mS0l9OsuOL3NNVLlfTtjE","tlshash":"4a12af6f53b87b4cece19e3e4c48d73398fde91606176ac54a81a0c8d3988573a5228e","first_seen":"2025-01-27T17:47:42.409718Z","last_seen":"2025-09-19T23:18:03.495565Z","times_seen":37083,"resource_available":false,"data":null}},"time_used":215,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/uvJ0fW4hhMiAodHB6TTMTovClC1G1cl8tE41zAJh4gMmnF0pejqfKMRbnHlfuRo2bG4u1sTypMOXPiQKC3Vmgh258","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.397Z","timestamp":1739551791397,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /uvJ0fW4hhMiAodHB6TTMTovClC1G1cl8tE41zAJh4gMmnF0pejqfKMRbnHlfuRo2bG4u1sTypMOXPiQKC3Vmgh258 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 17842\r\ncontent-disposition: inline; filename=\"uvJ0fW4hhMiAodHB6TTMTovClC1G1cl8tE41zAJh4gMmnF0pejqfKMRbnHlfuRo2bG4u1sTypMOXPiQKC3Vmgh258\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=sb%2ByQC50qNEYUWqEW1HZZf4Xabw29%2BE9vszNRLlWVQJDqo8XmmvZHugUUiDsRHLScb%2Bb42JGXrGYY0hEpVlDsJha8eZbGZMQDItHNpgYNP24knyr%2BUS%2BeQZd5V6OTw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc8082c5687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1080\u0026min_rtt=1064\u0026rtt_var=327\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2288\u0026delivery_rate=2549295\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=a06c148c18037305\u0026ts=95\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1989\u0026min_rtt=970\u0026rtt_var=867\u0026sent=138\u0026recv=53\u0026lost=0\u0026retrans=0\u0026sent_bytes=109092\u0026recv_bytes=25583\u0026delivery_rate=1576875\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11401\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17842,"size_decoded":17842,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4b52ecdc33382c9dca874f551990e704","sha1":"8f3bf8e41cd4cdddb17836b261e73f827b84341b","sha256":"cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342","sha512":"ac3d3c82bad9147ae5f083ed49c81a744f672ddfbb262135aa3f2c6601f8dffea11d8e323cef025c36d76c6f2515aa6814b622cf504ca01d13346e9ea989048f","ssdeep":"384:EwTZQ74B48VtrMvbt0sAvPTMaf+j5s8OYbqarRbjy5Qg1AR/kf63z/:hTa4B4mtYztAvPTMFhOYb3Rbu571AJa6","tlshash":"6c8218ba77256ca7e25c2bb77afd731b8062d78480681d92740f038aaf3913693901f5","first_seen":"2025-01-27T17:47:42.411749Z","last_seen":"2025-09-19T23:18:03.455649Z","times_seen":36919,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":43,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/GDSherpa-bold.woff","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.343Z","timestamp":1739551791343,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /GDSherpa-bold.woff HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: font/woff\r\ncontent-length: 35970\r\ncontent-disposition: inline; filename=\"GDSherpa-bold.woff\"\r\ncache-control: max-age=14400\r\nlast-modified: Fri, 14 Feb 2025 16:49:51 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=NGWJ0tJaotMyBBh530GcwYfe5Zf9b3K3kNJsuIusQaSmq1PwUVPTxNyVS4nW4crKxCfT8ca5tZpTdFehGpFxz1XXipuV0vdSRBMN2jCO8qvmsnyuLYWSX9E5l3U%2BPw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7cf6a5687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1396\u0026min_rtt=1322\u0026rtt_var=502\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2239\u0026delivery_rate=1751966\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=38e99b92661f8156\u0026ts=178\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1772\u0026min_rtt=970\u0026rtt_var=501\u0026sent=209\u0026recv=60\u0026lost=0\u0026retrans=0\u0026sent_bytes=188568\u0026recv_bytes=25902\u0026delivery_rate=2819091\u0026cwnd=34800\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11478\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35970,"size_decoded":35970,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 35970, version 1.0","md5":"496b7bbde91c7dc7cf9bbabbb3921da8","sha1":"2bd3c406a715ab52dad84c803c55bf4a6e66a924","sha256":"ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798","sha512":"e02b40fea8f77292b379d7d792d9142b32dfcb887655a2d1781441227dd968589bfc5c00691b92e824f7edb47d11eba325ade67ad08a4af31a3b0ddf4bb8b967","ssdeep":"768:GJiLCleIZlcBvahjeheOQKskmCp9sE9gBkGgvU+7aAXDqWOtU:GJo9IgMKsQzJ9gBkZbuAXDqWV","tlshash":"a4f2d09831594c2aacbd58232b71d9df21e38f61ba42029ba193e4cd9c4714dbb1e47f","first_seen":"2023-05-09T17:48:02Z","last_seen":"2026-05-07T08:23:31.71992Z","times_seen":90483,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":296,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/GDSherpa-regular.woff2","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.349Z","timestamp":1739551791349,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /GDSherpa-regular.woff2 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 28584\r\ncontent-disposition: inline; filename=\"GDSherpa-regular.woff2\"\r\ncache-control: max-age=14400\r\nlast-modified: Fri, 14 Feb 2025 16:49:51 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2FrTKBPehe5WBSeS6d4Mda7hTmJltdKWaqJq3NP2y27PpjjJBzIyj5LU3Uhv61FfGgTvrmDeUGcVdGFBN923bY%2BNOMuMbqBVyqmVRv1nFEogM4Ioddsnvnj3VaK1Jpg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7cf7a5687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1143\u0026min_rtt=1134\u0026rtt_var=443\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2822\u0026recv_bytes=2242\u0026delivery_rate=2397350\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=f56d7601cfc7e805\u0026ts=176\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1772\u0026min_rtt=970\u0026rtt_var=501\u0026sent=236\u0026recv=60\u0026lost=0\u0026retrans=0\u0026sent_bytes=220825\u0026recv_bytes=25902\u0026delivery_rate=2819091\u0026cwnd=34800\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11478\u0026x=1\", cfExtPri, cfHdrFlush;dur=1\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28584,"size_decoded":28584,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28584, version 1.66","md5":"17081510f3a6f2f619ec8c6f244523c7","sha1":"87f34b2a1532c50f2a424c345d03fe028db35635","sha256":"2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956","sha512":"e27976f77797ad93160af35714d733fd9e729a9981d8a6f555807981d08d8175e02692aa5ea6e59cebd33895f5f6a3575692565fdd75667630dab158627a1005","ssdeep":"768:8n53CNftp4NM/2qxGvtAG9fvpWYSTvlj6OIqrd1xUseRc:85SNfQS2ntfxvpWYSTcfMERc","tlshash":"b4d2e0ed44d2c62988f7638902690111f27898ffe52d7db3c19da0b27245d7ea3a8b09","first_seen":"2023-04-09T18:51:15Z","last_seen":"2026-05-07T09:48:30.804587Z","times_seen":104178,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":293,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/ghznydYXH70BSxiynbJjRDwmnH7NZpZu2vl9MgvsMtfyoOoMBx12204","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.393Z","timestamp":1739551791393,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /ghznydYXH70BSxiynbJjRDwmnH7NZpZu2vl9MgvsMtfyoOoMBx12204 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/webp\r\ncontent-length: 25216\r\ncontent-disposition: inline; filename=\"ghznydYXH70BSxiynbJjRDwmnH7NZpZu2vl9MgvsMtfyoOoMBx12204\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=wSxom7jfpPMmfL8p7mZr6xLOXxXZx9jIqt9uJE%2BQTFISgEU5LWq4vSo9Fp9Amm5gCsqQKBt14SgelFfDvY1jky7QqX7BMWx7tRh5mu6mnPg8XLIeQ%2BLgAEz%2B21V1wg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc808175687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1019\u0026min_rtt=1001\u0026rtt_var=316\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2822\u0026recv_bytes=2254\u0026delivery_rate=2590339\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=30177fe2b998c98e\u0026ts=133\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1850\u0026min_rtt=970\u0026rtt_var=588\u0026sent=179\u0026recv=56\u0026lost=0\u0026retrans=0\u0026sent_bytes=156130\u0026recv_bytes=25720\u0026delivery_rate=3565328\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11439\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25216,"size_decoded":25216,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f9a795e2270664a7a169c73b6d84a575","sha1":"0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8","sha256":"d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740","sha512":"e17c8d922f52c8ab36d9c0a7dc41d32735cf1680ea653056308c6d23255fdbe40b96c68f0e7f8b3b521b6acb080cd825f94320364b0a70141606a4449d980517","ssdeep":"768:BTwdm3bbEPDrEQT87zOyJ0WsnoU+RBshw:64LQXEN7DJGSRBs","tlshash":"35b2afbf1ad14f30c51a6435a2ef6d51f7cde3186f900ae895b046519b2e9bacf2d80c","first_seen":"2025-01-27T17:47:42.413017Z","last_seen":"2025-09-19T23:18:03.462271Z","times_seen":37027,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/GDSherpa-regular.woff","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.357Z","timestamp":1739551791357,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /GDSherpa-regular.woff HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: font/woff\r\ncontent-length: 36696\r\ncontent-disposition: inline; filename=\"GDSherpa-regular.woff\"\r\ncache-control: max-age=14400\r\nlast-modified: Fri, 14 Feb 2025 16:49:51 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=I9MEvPYej8JU3QtYWdlTCKPLlizO5GGN2ZD%2BV3SrNPs0A6NB1bNc76Lal1MfjH8acwGvoPNZqeKKB2l1Fop8c1a%2FL93TfAabPnpLjh9V46AieaMQH1IkN5OoLMRmcw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7df975687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1170\u0026min_rtt=1123\u0026rtt_var=399\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2243\u0026delivery_rate=2169288\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=ea16d831dff64eb4\u0026ts=182\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1761\u0026min_rtt=970\u0026rtt_var=387\u0026sent=279\u0026recv=63\u0026lost=0\u0026retrans=0\u0026sent_bytes=269139\u0026recv_bytes=26041\u0026delivery_rate=1996230\u0026cwnd=76800\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11490\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":36696,"size_decoded":36696,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 36696, version 1.0","md5":"a69e9ab8afdd7486ec0749c551051ff2","sha1":"c34e6aa327b536fb48d1fe03577a47c7ee2231b8","sha256":"fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf","sha512":"9a0e4297282542b8813f9cc85b2ccb09663ce281f64503f9a5284631881da9aacf7649553bf1423d941f01b97e6bc3ba50ab13e55e4b7b61c5aa0a4adf4d390f","ssdeep":"768:lvJo4KciQZYjebVq19lKPtHAQ/l4rj2bqkiHShpeSUOR4OqWOgaU:lhH3rVq1PKP432tSSh4SUORHqWcU","tlshash":"31f2f15d76443e8cf06a245836ad2dd6a423171247138f8709de72bbd14f120f65aaff","first_seen":"2023-05-09T17:48:02Z","last_seen":"2026-05-07T08:23:31.645695Z","times_seen":90413,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":300,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/GDSherpa-vf.woff2","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.361Z","timestamp":1739551791361,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /GDSherpa-vf.woff2 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 43596\r\ncontent-disposition: inline; filename=\"GDSherpa-vf.woff2\"\r\ncache-control: max-age=14400\r\nlast-modified: Fri, 14 Feb 2025 16:49:51 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=ycJ9CNVVlOeesfzAGhK%2BT5hGfNHF%2BDw1YEqJPc3sXOw%2BhJGwGSJtRgWaYd1hR66JiF9xJRk7sJTODU%2F27lrC0C6olB0bZSmYJx0%2F3wS18d%2BBlVXWUGKoRvPdGI9eQw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7dfa25687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1023\u0026min_rtt=1014\u0026rtt_var=399\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2239\u0026delivery_rate=2654445\u0026cwnd=247\u0026unsent_bytes=0\u0026cid=c5fe161a2da944bb\u0026ts=212\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2057\u0026min_rtt=970\u0026rtt_var=929\u0026sent=321\u0026recv=67\u0026lost=0\u0026retrans=0\u0026sent_bytes=316460\u0026recv_bytes=26224\u0026delivery_rate=2885827\u0026cwnd=76800\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11565\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43596,"size_decoded":43596,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43596, version 1.0","md5":"2a05e9e5572abc320b2b7ea38a70dcc1","sha1":"d5fa2a856d5632c2469e42436159375117ef3c35","sha256":"3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec","sha512":"785ab5585b8a9ed762d70578bf13a6a69342441e679698fd946e3616ef5688485f099f3dc472975ef5d9248afaad6da6779813b88aa1db60abe2cc065f47eb5f","ssdeep":"768:b0nfc/3Osy1fo0tBBFF/GGXfN2ZHKTBUwL+BR49qCow3Z3HuvJ5+xXtTgXHk6/:b0fU3OdhFF/xNOoZc49ow3Z3HO+xX1mf","tlshash":"e2130258592578a9eb43bd49f00c6e64c296b3d8f5832b62334a04f0bff651620fe797","first_seen":"2023-04-18T03:10:28Z","last_seen":"2026-05-07T08:23:31.648817Z","times_seen":91877,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":369,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/GDSherpa-vf2.woff2","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.367Z","timestamp":1739551791367,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /GDSherpa-vf2.woff2 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 93276\r\ncontent-disposition: inline; filename=\"GDSherpa-vf2.woff2\"\r\ncache-control: max-age=14400\r\nlast-modified: Fri, 14 Feb 2025 16:49:51 GMT\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=sRQs5qVeQeWqh8nSon8fRQD%2BcYCDIVn6ey%2BRQiVGwirh%2BZNGZ9wncJDhq6osmQioAg7YTsK28ZyFaNj7nbOQ3xsS7Nh7gy8s0OPmgRrAwkuhKsqFGb%2Fw71icTtG%2Fjw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7dfb35687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1541\u0026min_rtt=1495\u0026rtt_var=593\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2822\u0026recv_bytes=2240\u0026delivery_rate=1937123\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=f897b4f2d6da7b46\u0026ts=227\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2010\u0026min_rtt=970\u0026rtt_var=791\u0026sent=359\u0026recv=68\u0026lost=0\u0026retrans=0\u0026sent_bytes=361998\u0026recv_bytes=26270\u0026delivery_rate=12426597\u0026cwnd=76800\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11574\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":93276,"size_decoded":93276,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 93276, version 1.0","md5":"bcd7983ea5aa57c55f6758b4977983cb","sha1":"ef3a009e205229e07fb0ec8569e669b11c378ef1","sha256":"6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c","sha512":"e868a2702ca3b99e1abbcbd40b1c90b42a9d26086a434f1cbae79dfc072216f2f990fec6265a801bc4f96db0431e8f0b99eb0129b2ee7505b3fdfd9bb9bafe90","ssdeep":"1536:Dy7KSLv+MMqDeeIgDFSxpuQP7ObnKSWBO61LlRzSSAT6YmkSzOu7Be0OB53jIH4I:Dy7JD+net+puI7ObKHVhTSSlYmk4OuWa","tlshash":"d293029c71ec79c19e00616e94c92535f89fdab0f049d3fa9a4ed85b927c369e343b10","first_seen":"2023-05-01T02:20:29Z","last_seen":"2026-05-07T08:23:31.674466Z","times_seen":91712,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":376,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250214%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250214T164829Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=cc8c0f248f554872ad6570c0cbc70f592b7aea666d1966b7f5c26ca52b3ca744\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Drandexp.min.js\u0026response-content-type=application%2Foctet-stream","fqdn":"objects.githubusercontent.com","domain":"objects.githubusercontent.com","tld":"githubusercontent.com"},"ip":{"addr":"185.199.108.133","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.620Z","timestamp":1739551791620,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.github.io","organization":"GitHub, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Fri, 15 Mar 2024 00:00:00 GMT","end":"Fri, 14 Mar 2025 23:59:59 GMT"},"fingerprint":{"sha1":"97:D8:C5:70:0F:12:24:6C:88:BC:FA:06:7E:8C:A7:4D:A8:62:67:28","sha256":"09:01:0C:CE:9B:72:21:55:C7:E6:86:B0:77:39:D3:D2:DC:06:05:DE:A1:A4:98:4A:0B:96:5E:18:77:77:26:B5"}}},"request":{"raw":"GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256\u0026X-Amz-Credential=releaseassetproduction%2F20250214%2Fus-east-1%2Fs3%2Faws4_request\u0026X-Amz-Date=20250214T164829Z\u0026X-Amz-Expires=300\u0026X-Amz-Signature=cc8c0f248f554872ad6570c0cbc70f592b7aea666d1966b7f5c26ca52b3ca744\u0026X-Amz-SignedHeaders=host\u0026response-content-disposition=attachment%3B%20filename%3Drandexp.min.js\u0026response-content-type=application%2Foctet-stream HTTP/1.1\r\nHost: objects.githubusercontent.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/octet-stream\r\nlast-modified: Tue, 07 Dec 2021 16:38:45 GMT\r\netag: \"0x8D9B9A009499A1E\"\r\nserver: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000\r\nx-ms-version: 2023-11-03\r\nx-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT\r\nx-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==\r\nx-ms-lease-status: unlocked\r\nx-ms-lease-state: available\r\nx-ms-blob-type: BlockBlob\r\ncontent-disposition: attachment; filename=randexp.min.js\r\nx-ms-server-encrypted: true\r\nvia: 1.1 varnish, 1.1 varnish\r\nfastly-restarts: 1\r\naccept-ranges: bytes\r\ndate: Fri, 14 Feb 2025 16:49:52 GMT\r\nage: 4133\r\nx-served-by: cache-iad-kiad7000045-IAD, cache-hel1410034-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 11369, 10\r\nx-timer: S1739551792.696645,VS0,VE0\r\ncontent-length: 10245\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10245,"size_decoded":10245,"mime_type":"application/octet-stream","magic":"JavaScript source, ASCII text, with very long lines (10017)","md5":"6c20a2be8ba900bc0a7118893a2b1072","sha1":"ff7766fde1f33882c6e1c481ceed6f6588ea764c","sha256":"b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500","sha512":"8f80ad8adc44845d24e13d56738a2ca2a73ee6fcdc187542ba4aaebbf8817935d053a2acfb0d425b9cc0c582b5091e1c9fe16b90b3aa682187645067c267fc41","ssdeep":"192:LRSvXVHfVj+WdqfkkoKhUBhMAcT6iuvBiFj0gba6qiG2pPj:LQvXVHXiNkMAcT6i+4mgPj","tlshash":"ce22a58932933026af5391b440bf140af2f69589d45cade8ab29d1e27d7290d46f7f38","first_seen":"2024-05-30T22:56:13Z","last_seen":"2026-05-07T09:38:29.929397Z","times_seen":52386,"resource_available":true,"data":null}},"time_used":564,"timings":{"blocked":72,"dns":10,"connect":13,"send":0,"wait":424,"receive":1,"ssl":37},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2","fqdn":"ok4static.oktacdn.com","domain":"oktacdn.com","tld":"com"},"ip":{"addr":"143.204.55.87","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:52.464Z","timestamp":1739551792464,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.oktacdn.com","organization":"Okta, Inc."},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 02 Dec 2024 00:00:00 GMT","end":"Fri, 02 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5","sha256":"71:C0:94:09:81:5A:DD:BE:41:D4:27:16:CB:BB:73:BD:A1:E1:22:3A:D2:6C:C1:26:F0:EC:4B:ED:3D:64:26:3B"}}},"request":{"raw":"GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1\r\nHost: ok4static.oktacdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://q2berjupvxdohax90gif.brightnexst.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://ok4static.oktacdn.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/font-woff2\r\ncontent-length: 20416\r\ndate: Mon, 27 Jan 2025 07:42:18 GMT\r\nserver: nginx\r\nlast-modified: Tue, 07 Nov 2023 18:56:28 GMT\r\netag: \"d99a7377dabb55772ca9f986b0a04b57\"\r\nx-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc\r\nexpires: Tue, 27 Jan 2026 07:42:18 GMT\r\ncache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400\r\nstrict-transport-security: max-age=315360000; includeSubDomains\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: aqokprUNXtmwtRznc5VrrnSRz5drnKZB5lvuMy47d_60PhG0x2RltA==\r\nage: 1588054\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20416,"size_decoded":20416,"mime_type":"application/font-woff2","magic":"Web Open Font Format (Version 2), TrueType, length 20416, version 2.197","md5":"d99a7377dabb55772ca9f986b0a04b57","sha1":"2b5fcd8431953c44e410d0489899e74f6d2cfecc","sha256":"affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149","sha512":"cb80ebc6424029c45e86ddf6c18eb43284605678ede88119301cc6493c21e282cace48fd849fc14e5d73c6aecf83645cc3a58051d5d8e22197e09912a41e3130","ssdeep":"384:e/Apz8weEie675kzn2XOvHNE18xEZJymoDyV+5uxfv3CBi3n9SDonvPsp:eFvhQL2XgE1mBDg+E/CBi39SDoHsp","tlshash":"d592d00d9a200f9581271db08a0b434edbb8e0575e4dedddf083312bde81259d25aafb","first_seen":"2023-04-17T18:58:51Z","last_seen":"2026-04-26T09:26:20.381799Z","times_seen":36473,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/klTOVIxBKjplGT1LRRVfJGajV4LT17OBligTAVSAsiItwynops4PzlHmPFQQDR1HbmRVyz230","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:52.428Z","timestamp":1739551792428,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /klTOVIxBKjplGT1LRRVfJGajV4LT17OBligTAVSAsiItwynops4PzlHmPFQQDR1HbmRVyz230 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:52 GMT\r\ncontent-type: image/webp\r\ncontent-length: 1298\r\ncontent-disposition: inline; filename=\"klTOVIxBKjplGT1LRRVfJGajV4LT17OBligTAVSAsiItwynops4PzlHmPFQQDR1HbmRVyz230\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=O%2Bmod68hmwczlqzl7cE5YnNkxyikT0wP%2F1wfvK7aNMM89G%2FolfteizNm0T5TOuT2zmaBKtuOJB86hJ3Rov1kyYvDpLKy%2F19cP3TRlqN0tbQwiTcv3PSkhgYXGY5ALQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dceabd05687-OSL\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1489\u0026min_rtt=1460\u0026rtt_var=469\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2822\u0026recv_bytes=2272\u0026delivery_rate=1708554\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=6d0143b63b5797fb\u0026ts=83\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1523\u0026min_rtt=687\u0026rtt_var=994\u0026sent=862\u0026recv=130\u0026lost=0\u0026retrans=0\u0026sent_bytes=929810\u0026recv_bytes=32072\u0026delivery_rate=20427\u0026cwnd=153600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=12417\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1298,"size_decoded":1298,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"32ca2081553e969f9fdd4374134521ad","sha1":"7b09924c4c3d8b6e41fe38363e342da098be4173","sha256":"216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587","sha512":"f75749c6344fcd7bf06872a3678bb2eb4cae2ddc31cc5d1ee73efba843705577841667733a83163af4336ec8a32df93e7a36155bd6282d7bb86159644975948c","ssdeep":"","tlshash":"53210aba23a84b4df0121e3016c04b92b7b5b9329ad693938106cf330f964cd7c6c08e","first_seen":"2025-01-27T17:47:42.419846Z","last_seen":"2025-09-19T23:18:03.501321Z","times_seen":33195,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":128,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css","fqdn":"ok4static.oktacdn.com","domain":"oktacdn.com","tld":"com"},"ip":{"addr":"143.204.55.87","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.389Z","timestamp":1739551791389,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.oktacdn.com","organization":"Okta, Inc."},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 02 Dec 2024 00:00:00 GMT","end":"Fri, 02 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5","sha256":"71:C0:94:09:81:5A:DD:BE:41:D4:27:16:CB:BB:73:BD:A1:E1:22:3A:D2:6C:C1:26:F0:EC:4B:ED:3D:64:26:3B"}}},"request":{"raw":"GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1\r\nHost: ok4static.oktacdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx\r\nlast-modified: Thu, 14 Mar 2024 00:03:58 GMT\r\nx-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1\r\nstrict-transport-security: max-age=315360000; includeSubDomains\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ndate: Fri, 31 Jan 2025 02:19:39 GMT\r\nexpires: Sat, 31 Jan 2026 02:19:39 GMT\r\ncache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400\r\netag: W/\"e0d37a504604ef874bad26435d62011f\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: mLf6ZN-0W7I0pu7PxJmVpAvlY2x-gj4jm0EcONBN2cf6VzKeJzkgig==\r\nage: 1261812\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10498,"size_decoded":10498,"mime_type":"text/css","magic":"ASCII text, with very long lines (10450)","md5":"e0d37a504604ef874bad26435d62011f","sha1":"4301f0d2b729ae22adece657d79eccaa25f429b1","sha256":"c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179","sha512":"ef838fd58e0d12596726894ab9418c1fbe31833c187c3323ebfd432970eb1593363513f12114e78e008012cdef15b504d603afe4bb10ae5c47674045acc5221e","ssdeep":"192:x9iW+rIadfLTcaTO5BrwjnwSrQ1kPmqQmMjmtmumobU8:x9KVLbw6jqON","tlshash":"0a22724186196412409b6f13f0dabac27f0a221df52292bffb3d496cddea8561730f39","first_seen":"2024-03-14T18:17:02Z","last_seen":"2026-05-07T08:23:31.670859Z","times_seen":48221,"resource_available":false,"data":null}},"time_used":97,"timings":{"blocked":30,"dns":33,"connect":1,"send":0,"wait":5,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/56NZanc75H2pQ9jlyqRXgql5wjijZOZyxC2m3iVlvZ67102","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.400Z","timestamp":1739551791400,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /56NZanc75H2pQ9jlyqRXgql5wjijZOZyxC2m3iVlvZ67102 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: application/javascript\r\ncontent-disposition: inline; filename=\"56NZanc75H2pQ9jlyqRXgql5wjijZOZyxC2m3iVlvZ67102\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=NORFvt55t4P0%2Fsb7XlT2LqfHQAqdKF5jKF0BSNiICbh%2BdAnF%2F4ddu5AOOTdwnH0KCe3oq%2FI4roeL7FU%2Fdj7IObPJfOyTC7hqIBFx9mN1zX%2Ftn9SiOtaJqGmkIe8YGA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc8083e5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1165\u0026min_rtt=1144\u0026rtt_var=333\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2210\u0026delivery_rate=2481576\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=dcdb33cfa32a0eff\u0026ts=129\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1772\u0026min_rtt=970\u0026rtt_var=501\u0026sent=206\u0026recv=60\u0026lost=0\u0026retrans=0\u0026sent_bytes=186025\u0026recv_bytes=25902\u0026delivery_rate=2819091\u0026cwnd=34800\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11476\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4756466,"size_decoded":4756466,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T09:57:30.962848Z","times_seen":14780409,"resource_available":true,"data":null}},"time_used":600,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":247,"receive":353,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/rsomgnKhzs4mwPWZ0UjAhjxqcEivhRXl7wghVVLxfMY52rIQg4zcNAVPrcd200","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.382Z","timestamp":1739551791382,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /rsomgnKhzs4mwPWZ0UjAhjxqcEivhRXl7wghVVLxfMY52rIQg4zcNAVPrcd200 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/svg+xml\r\ncontent-disposition: inline; filename=\"rsomgnKhzs4mwPWZ0UjAhjxqcEivhRXl7wghVVLxfMY52rIQg4zcNAVPrcd200\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=myq10K0wq9XJ1ACNqZJiMhVB0hwNScjl%2BRFyLm3%2F3%2BiPOB%2BkmRRbF9BVO9cyFNvdwlWkLMOuMs1%2BaNvPXeGO6IgXMq%2BzyXPHItxy5h7qngxfZUxlc3QtFUBdRuIoeQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7fff35687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1184\u0026min_rtt=1161\u0026rtt_var=348\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2261\u0026delivery_rate=2358306\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=b2ce88553419646c\u0026ts=103\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2083\u0026min_rtt=970\u0026rtt_var=906\u0026sent=134\u0026recv=52\u0026lost=0\u0026retrans=0\u0026sent_bytes=105410\u0026recv_bytes=25537\u0026delivery_rate=308264\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11394\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":268,"size_decoded":268,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1318aafc1fb9ded0c623e5b9a557e6df","sha1":"0917cdd7633cd1642b02b2b785416ec7e5106dcc","sha256":"d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4","sha512":"a81f1cfdc923effa9e7afe6899bbe1114bbc25b197db0a282d366f409507714ecbf7c5ead82c86f62115953f11b80ea96da244e42bfb063b7e5c23e538395d2a","ssdeep":"","tlshash":"05d0c2f0a0a0f54d8308e25a16a4a4b025aa749801ee042ca4a2071a21084efb8e4638","first_seen":"2023-09-01T07:29:56Z","last_seen":"2025-04-05T02:13:18.209121Z","times_seen":19072,"resource_available":false,"data":null}},"time_used":179,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/abAjD1gNDraZoLrsRu02gh29","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.333Z","timestamp":1739551791333,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /abAjD1gNDraZoLrsRu02gh29 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: text/css;charset=UTF-8\r\ncontent-disposition: inline; filename=\"abAjD1gNDraZoLrsRu02gh29\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=wIQatPDym06nqNr4y5%2BImhOe878HjkxuD3EucsjIQbRY4AtmCpCceOTL6d4YDY74pYgQideCy8Ust5OTZoe9rG5Xw8IKRqv86eXfcZSHEVYkvXiSZ8qSyZ0EWa%2B%2FHQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7bf555687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1477\u0026min_rtt=1462\u0026rtt_var=579\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2824\u0026recv_bytes=2216\u0026delivery_rate=1827129\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=58c6a8cd3f95583f\u0026ts=96\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2314\u0026min_rtt=970\u0026rtt_var=1437\u0026sent=123\u0026recv=48\u0026lost=0\u0026retrans=0\u0026sent_bytes=95012\u0026recv_bytes=25356\u0026delivery_rate=1429051\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11358\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":35786,"size_decoded":35786,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with CRLF line terminators","md5":"38501e3fbbbd89b56aa5ba35de1a32fe","sha1":"d9b31981b6f834e8480ba28fbc1cff1be772f589","sha256":"a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b","sha512":"1547937aa9b366e76de44933ef48ef60e3d043245e8e3e01c97dfc2981f6b1f61463d9d30992fbcf2ca25fc1b7b32ff808b9789cfb965d74455522fc58e0c08c","ssdeep":"192:hToogIexLQ5WKTCFBwCIZtJ8FtX2+UBRkf1WcrScuH9Ye3YdersR8Q5oqWjfuogF:h0DKAaZtJsOodwuhx5P6mqjDggJkLRn","tlshash":"07f2ac86255066385f3a277bf3ab00aceb6882b347961564b4bcb454cffc6e410d2d9f","first_seen":"2025-01-27T17:47:42.420764Z","last_seen":"2026-01-31T00:55:03.975062Z","times_seen":44016,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":180,"receive":38,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/qzpXiGLk9Y0Gw5QZjm05fL2f3CewyzcaA38FIOD1VP7b5Lsxe","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:52.376Z","timestamp":1739551792376,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"POST /qzpXiGLk9Y0Gw5QZjm05fL2f3CewyzcaA38FIOD1VP7b5Lsxe HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nX-Requested-With: XMLHttpRequest\r\nContent-Length: 55\r\nOrigin: https://q2berjupvxdohax90gif.brightnexst.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:52 GMT\r\ncontent-type: application/json\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=HEAsdlW5QdlDKmfZc3Hz%2Fyr1Kk%2FWVN5Y%2F6cVN0ITJiUNswLSpteZHYSbLggbSuXXDOhpHbVXSr9rPG4%2FrEXrRgTG0J28k1CFq9gquTURz7LlF68Vb3JlI2COobBXtA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IklxZWVaNnhaWjdlQ3BMQzJMV1pQSFE9PSIsInZhbHVlIjoiSHc2eVhGejA1RnRqS1Iwd0UwZ1lkMFZDVm01Ynp5Ukh6dDBobjBvVmU0YloxMTlINGJ2NEdXOFpTUVVZZVRyZFhUQm5tQlp6VXVIY1dOdU03anZRbmppV2ppeXBtelZOZWdCcHV3Ny9rd3lsYngxVTFNclN6NS81OTd0QnBsdGkiLCJtYWMiOiIxYmMwZTYxNDBhMzM2NDIxYTYzNmEzNWI3ZDI5NjE3M2U3YmMzODUyYjEzYjMwMzZiMWIwMjlhNmY2NTk2MzU1IiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:52 GMT; Max-Age=7200; path=/; secure; samesite=none\nlaravel_session=eyJpdiI6IjZzdjQwTXIrMEEzV2o3ZXNNVTUrY1E9PSIsInZhbHVlIjoiS1ZEMi9EQWkwVXBHTXFHTGhOTWppQUFFY0Y3U0xQUGlFdjZ6ZGZFWGlKL3FkVUx2b2dJT3F0aStLVDFJbGovZ3JuRU1mR2pDQ0M3S0JvR0pzMnhVR0JEdWRMNDgvdDBKOElMWUlaT2xKOTV0My9JcGJpQVhJcS9jRWw0aEhkZ2wiLCJtYWMiOiIxZGQ5ZDQyOWE0Mzg3YjRiNWZkZWVhODUwYWYwZDFhM2FkN2E5OTE1YWJhZjVmYTg2Zjk4ZThhZGVlNmIwOTBhIiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:52 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dce5b4d5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1508\u0026min_rtt=1503\u0026rtt_var=575\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2435\u0026delivery_rate=1869593\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=67e70fce44748e49\u0026ts=96\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1622\u0026min_rtt=687\u0026rtt_var=1061\u0026sent=858\u0026recv=129\u0026lost=0\u0026retrans=0\u0026sent_bytes=926892\u0026recv_bytes=32026\u0026delivery_rate=3604994\u0026cwnd=153600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=12380\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2836,"size_decoded":2836,"mime_type":"application/json","magic":"troff or preprocessor input, ASCII text, with very long lines (2849), with no line terminators","md5":"15de793ee8df02ff2f2e1cc883b8326b","sha1":"4fa973ad2b9083398df143d1792a348f32cfd828","sha256":"7033ee1f03a3b1aba7a96be408de95809c4cbe63ba14d2a80e1805c6b5771857","sha512":"d9a68b4abdab90344f89686471561542eaf8053a279de3cae1792d88ce289707c114ae2412722df31bf58c81a165d31425662fcbcb9796949c221157ef0e7f33","ssdeep":"","tlshash":"4c5142264e0b3d038b109d476edd59c51c2c238e7c9701ee845ffa888aad52b68d56fc","first_seen":"2025-02-10T17:02:02.70916Z","last_seen":"2025-02-24T17:08:34.346822Z","times_seen":210,"resource_available":false,"data":null}},"time_used":144,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":142,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/mndtSM0vNa894GDOivuuDIex7qdIwRfggHiPkijHfeMVAZAth27ETDAVsuSkDwWa2TTZbuv220","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:52.424Z","timestamp":1739551792424,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /mndtSM0vNa894GDOivuuDIex7qdIwRfggHiPkijHfeMVAZAth27ETDAVsuSkDwWa2TTZbuv220 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:52 GMT\r\ncontent-type: image/svg+xml\r\ncontent-disposition: inline; filename=\"mndtSM0vNa894GDOivuuDIex7qdIwRfggHiPkijHfeMVAZAth27ETDAVsuSkDwWa2TTZbuv220\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RlUP%2FAwmyG%2BrZAinNklNL4v3suehq4S%2F14ilvzptzXkinFdDUg0mBDRC29I3NQCrfteM8glMJ%2Bjw6sxuHPhRIYt%2BL%2BxekfE8wQK8BEcm0GrVxth8t6imqMMLRCVJcw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dceabc85687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1283\u0026min_rtt=1240\u0026rtt_var=424\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2273\u0026delivery_rate=2026592\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=ae90a23dd8f655fa\u0026ts=89\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1465\u0026min_rtt=687\u0026rtt_var=860\u0026sent=864\u0026recv=131\u0026lost=0\u0026retrans=0\u0026sent_bytes=932017\u0026recv_bytes=32118\u0026delivery_rate=758182\u0026cwnd=153600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=12424\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1864,"size_decoded":1864,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4b5c228b4faba433d06ec569ed855b2d","sha1":"a7d3882b93e332460e7c59510a6a811ef011983f","sha256":"eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed","sha512":"bb88e91a51d760531b2b8349102a757795c6aa66e94ce7aae8edde47485c07a2ae12428ce2b76804a877fd8bc986ca2469bd6302b9904765b52f1110a87050d9","ssdeep":"","tlshash":"b441df1adb15e532ec05c3aeea74cca9311ab1ed6ce944c57dc6c33fa2605fe4688390","first_seen":"2023-05-02T01:14:44Z","last_seen":"2025-04-06T10:50:06.513586Z","times_seen":21399,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":138,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/mncCntPFbxJIhNzqMJCzmENJijzmhsCTwbWg1RLsld3xuGXzse90141","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.375Z","timestamp":1739551791375,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /mncCntPFbxJIhNzqMJCzmENJijzmhsCTwbWg1RLsld3xuGXzse90141 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/svg+xml\r\ncontent-disposition: inline; filename=\"mncCntPFbxJIhNzqMJCzmENJijzmhsCTwbWg1RLsld3xuGXzse90141\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=X2iS1y336hhoGCfoXuMnG2J68EwvkUJqTvShg2gSccwM%2BX%2FzOcWj6TEQwYHRuLQmoqZLP4J3H7fHq7s1lXDKkbG34wNWBxZxZP7Cn0ACoBfvkgdXivwA3hyK3j5ZaA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7efcb5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1161\u0026min_rtt=1140\u0026rtt_var=471\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2822\u0026recv_bytes=2254\u0026delivery_rate=2202281\u0026cwnd=249\u0026unsent_bytes=0\u0026cid=657bbcbd4e283a68\u0026ts=84\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2028\u0026min_rtt=970\u0026rtt_var=1311\u0026sent=131\u0026recv=50\u0026lost=0\u0026retrans=0\u0026sent_bytes=102836\u0026recv_bytes=25446\u0026delivery_rate=1221780\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11375\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":270,"size_decoded":270,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"0c09c5ea7c28d6feb4d124957dde0a0d","sha1":"1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e","sha256":"b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a","sha512":"01161867b3ca0386b132618e04fa09bd0dea1e14a8445001e0683f7a2689deb555bed1c31ec69813d0542284e281cc629c323cb8f56899de0b027e46f651a5ca","ssdeep":"","tlshash":"f0d02bb56358bd4d812ca1d20bd031612147b08cb6ef6038dbcd04243404c7bbda8f38","first_seen":"2023-05-12T00:56:48Z","last_seen":"2025-04-06T09:35:55.879922Z","times_seen":19857,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":173,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css","fqdn":"ok4static.oktacdn.com","domain":"oktacdn.com","tld":"com"},"ip":{"addr":"143.204.55.87","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.387Z","timestamp":1739551791387,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.oktacdn.com","organization":"Okta, Inc."},"issuer":{"commonName":"DigiCert TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 02 Dec 2024 00:00:00 GMT","end":"Fri, 02 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5","sha256":"71:C0:94:09:81:5A:DD:BE:41:D4:27:16:CB:BB:73:BD:A1:E1:22:3A:D2:6C:C1:26:F0:EC:4B:ED:3D:64:26:3B"}}},"request":{"raw":"GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1\r\nHost: ok4static.oktacdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css\r\nserver: nginx\r\nlast-modified: Tue, 14 May 2024 21:48:24 GMT\r\nx-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20\r\nstrict-transport-security: max-age=315360000; includeSubDomains\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\ndate: Wed, 29 Jan 2025 17:13:28 GMT\r\nexpires: Thu, 29 Jan 2026 17:13:28 GMT\r\ncache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400\r\netag: W/\"0329c939fca7c78756b94fbcd95e322b\"\r\nvary: Accept-Encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-C1\r\nx-amz-cf-id: wtLXZuG2InWeYyDNvzYfqjs4eK84Wg4fy58KzvhDS8GvDTCevDyjRA==\r\nage: 1380983\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":222931,"size_decoded":222931,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T09:57:30.962848Z","times_seen":14780409,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":31,"dns":32,"connect":4,"send":0,"wait":3,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/favicon.ico","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:53.167Z","timestamp":1739551793167,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6IklxZWVaNnhaWjdlQ3BMQzJMV1pQSFE9PSIsInZhbHVlIjoiSHc2eVhGejA1RnRqS1Iwd0UwZ1lkMFZDVm01Ynp5Ukh6dDBobjBvVmU0YloxMTlINGJ2NEdXOFpTUVVZZVRyZFhUQm5tQlp6VXVIY1dOdU03anZRbmppV2ppeXBtelZOZWdCcHV3Ny9rd3lsYngxVTFNclN6NS81OTd0QnBsdGkiLCJtYWMiOiIxYmMwZTYxNDBhMzM2NDIxYTYzNmEzNWI3ZDI5NjE3M2U3YmMzODUyYjEzYjMwMzZiMWIwMjlhNmY2NTk2MzU1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjZzdjQwTXIrMEEzV2o3ZXNNVTUrY1E9PSIsInZhbHVlIjoiS1ZEMi9EQWkwVXBHTXFHTGhOTWppQUFFY0Y3U0xQUGlFdjZ6ZGZFWGlKL3FkVUx2b2dJT3F0aStLVDFJbGovZ3JuRU1mR2pDQ0M3S0JvR0pzMnhVR0JEdWRMNDgvdDBKOElMWUlaT2xKOTV0My9JcGJpQVhJcS9jRWw0aEhkZ2wiLCJtYWMiOiIxZGQ5ZDQyOWE0Mzg3YjRiNWZkZWVhODUwYWYwZDFhM2FkN2E5OTE1YWJhZjVmYTg2Zjk4ZThhZGVlNmIwOTBhIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Fri, 14 Feb 2025 16:49:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: max-age=14400\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=vGdrtWm%2BqjqMFf8LgoWAA%2BQsNQj5QqOE1Ml5vre5CcloD5Asccu%2F1LdVwqBqtRds5qV9HMqaM43hRCaGPeg6Zz7d5%2BEYrqxhJhyJnTV5jT%2FiRv9OjOmI2GijKj1Jkw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 3\r\npriority: u=6,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dd34bcb5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1373\u0026min_rtt=1273\u0026rtt_var=678\u0026sent=4\u0026recv=7\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2177\u0026delivery_rate=1394990\u0026cwnd=234\u0026unsent_bytes=0\u0026cid=efba9c42d24b6906\u0026ts=144\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1411\u0026min_rtt=687\u0026rtt_var=755\u0026sent=867\u0026recv=133\u0026lost=0\u0026retrans=0\u0026sent_bytes=933637\u0026recv_bytes=33125\u0026delivery_rate=1167068\u0026cwnd=153600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=13044\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-07T09:57:30.962848Z","times_seen":14780409,"resource_available":true,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"get.geojs.io/v1/ip/geo.json","fqdn":"get.geojs.io","domain":"geojs.io","tld":"io"},"ip":{"addr":"104.26.0.100","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:54.382Z","timestamp":1739551794382,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"geojs.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 31 Dec 2024 05:30:37 GMT","end":"Mon, 31 Mar 2025 06:30:13 GMT"},"fingerprint":{"sha1":"55:74:AA:F3:7A:AF:02:8B:48:DB:6E:73:EB:A1:95:20:EC:13:2D:8E","sha256":"F3:11:CA:7B:EA:10:B5:7F:44:4F:CA:98:D8:B9:99:4B:43:38:32:0B:07:11:72:DA:F3:BD:75:B1:00:D9:D8:F8"}}},"request":{"raw":"GET /v1/ip/geo.json HTTP/1.1\r\nHost: get.geojs.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/javascript, */*; q=0.01\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://q2berjupvxdohax90gif.brightnexst.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:54 GMT\r\ncontent-type: application/json\r\nx-request-id: 7b864c38bba630e4190018bc05fec9fd-ASH\r\nstrict-transport-security: max-age=15552000; includeSubDomains; preload\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\npragma: no-cache\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\ngeojs-backend: ash-01\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=xxdvRHIrvWeJ4xHu6sims%2F%2FgJHVyZcYwJSzEug%2FQYNXLRh%2F96%2FmWHMcKpi7WACqhvm%2FY8LlV5q5gh21teiQptTi8uHSPe8XLsGMEHsk31SgyOF2snMjTB1VvsCOCeg%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 911e8ddb0de67129-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1041\u0026min_rtt=505\u0026rtt_var=1056\u0026sent=8\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=3190\u0026recv_bytes=1151\u0026delivery_rate=6601823\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=4f4cb62cc3e3e585\u0026ts=134\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":336,"size_decoded":336,"mime_type":"application/json","magic":"troff or preprocessor input, ASCII text, with very long lines (394), with no line terminators","md5":"0c7de1334864e507d633f5bc59a5f8f7","sha1":"1f60f61cece5da9ce1dbe2ca32b003b7041e1c8d","sha256":"85e3f08f85f9b332e948d98e7679861e95e26e6564b5a5a4066c37a2c0b679f2","sha512":"60332f4324247d4512f7e2b7240080c4b29333c647407782e8a7f9bc0b931dc3fe992d563ac0c8b27aa27279bb020b4c6ec0b8a4ddd3def3a90ddd604937bda9","ssdeep":"","tlshash":"1ce022abc474df2aec6a0d4e07355d3f25a9e22c80c818000dbcee1c014a030277960a","first_seen":"2025-02-14T14:36:45.881374Z","last_seen":"2025-02-14T18:46:22.537571Z","times_seen":208,"resource_available":false,"data":null}},"time_used":171,"timings":{"blocked":26,"dns":4,"connect":1,"send":0,"wait":118,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-14T16:49:50.962Z","timestamp":1739551790962,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/pax6lf1/%23%23nregena.umberger@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6Im1MYXd1cHdmT0tzOHZxR01aQm5Zemc9PSIsInZhbHVlIjoid0N6RU96TlU0L1kwclNCWnpOdk5Rb2drcy9hY3ZjRmxDZmtaWm15dmFpak9EVVNLTTYydk1LYjZidSttS1Z4d0Z2M3IwS2RjSlhQOFlCNnBuK01hUUpiejZqcTFHd3ZjSS9HV1R4dVp1K21CeGl2L0pMejZGNXN5SEhabkIzT1giLCJtYWMiOiI2NGFlOTk1MWVjYjc1NzM5ZmYxMzYwNGE1OTAwMmM3ZmU0YjY0N2ExNDhhMTUzZDJkNmMyZjA1MzYyMzVhYTY0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlVMVm81YVhWbE81YTR0M3pUdnI4L3c9PSIsInZhbHVlIjoiT2phVkxUUW5JVEpkaDk3V2x3THFEanhsU1F4QlJJeGkyN1Fqa0tRbDJya1ZZY3VDdTlLZ0oyVGZTQVBDT1JQeXV1UDcza0JKT1pKc0VTdlBvZ1praWY1MUk5bGN6OHQ0MlhmYSs5a2NrNWV4Rk55WTR1eTJwSDN5TGUxNHVCVXMiLCJtYWMiOiJhNjc3OTg1NjFhMzhiOTliZjQwN2U0YmNhZmViNWQyMGM2OWRjNjkwYjI3ZDRmODQ4NmJlOTAzZDFiY2QwNDE5IiwidGFnIjoiIn0%3D\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=atNtQprcaSFrQ8s8iERYRBfOle4WA5r%2BaPcpn7MY6uQmKk1U%2FMR6NxON1YA3UH9B1dKjijAoAU6nnVukUtzE9p0685dPISkpyfLP6MnNkHHsNruyCmKfdkQPTOKzwA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:51 GMT; Max-Age=7200; path=/; secure; samesite=none\nlaravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D; expires=Fri, 14-Feb-2025 18:49:51 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none\r\npriority: u=1,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc57add5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1052\u0026min_rtt=1047\u0026rtt_var=305\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2337\u0026delivery_rate=2676524\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=07f074d35a887d75\u0026ts=179\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=5077\u0026min_rtt=1835\u0026rtt_var=3729\u0026sent=33\u0026recv=18\u0026lost=0\u0026retrans=0\u0026sent_bytes=18014\u0026recv_bytes=7064\u0026delivery_rate=1426\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11046\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":150054,"size_decoded":150054,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (52495), with CRLF line terminators","md5":"f74a36ee9ad613a011c6c9060c97990a","sha1":"dbc9cd8ee13b142be028ef119b23b1946197b0ab","sha256":"809d0eb06685aa5c2eb42dbb3c74cc53c53518af2a38f97cb013e387d5c88aa1","sha512":"63d0288997c48b7586cf3cb771b855b59063f98fbba7338f10e0dcdc5b90b1491b5d7a1813c05ef2150071b28cfecf48e7d37843a775d11266a18f480935fcfb","ssdeep":"3072:Elxv4bfFb6FkrqGLwbaEV1VKOIR55GDt/7icBmLZLBR:Y44RDt/7qLZLBR","tlshash":"53e36c88467d57e89b6a219c9f821b0774b8679774dcdb45220ee5237ac0c7ccbcf628","first_seen":"2025-02-14T16:50:15.634637Z","last_seen":"2025-02-14T16:50:15.634637Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":226,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/yzMIIbRSvfBfvrYItDKpBnYYcjxPUopiuh6vJle6d68iwvGZoQu90180","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.380Z","timestamp":1739551791380,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /yzMIIbRSvfBfvrYItDKpBnYYcjxPUopiuh6vJle6d68iwvGZoQu90180 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/svg+xml\r\ncontent-disposition: inline; filename=\"yzMIIbRSvfBfvrYItDKpBnYYcjxPUopiuh6vJle6d68iwvGZoQu90180\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=LBG%2BdlP%2Bab%2BimHFXDuXelxNWmXMxUfQ7IkTuW3Bzwx2KduNYib8ME22bltMbquyxF7T%2BUVXx%2BJN7HsqrC1cw7i9WKfkCwh3VfB9wiuAWPrZ%2BDCw592oDEziTEFHTYQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7efdd5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1124\u0026min_rtt=1068\u0026rtt_var=342\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2824\u0026recv_bytes=2255\u0026delivery_rate=2654445\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=5318f3e216a42b7d\u0026ts=79\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2028\u0026min_rtt=970\u0026rtt_var=1311\u0026sent=129\u0026recv=50\u0026lost=0\u0026retrans=0\u0026sent_bytes=100775\u0026recv_bytes=25446\u0026delivery_rate=1221780\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11369\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2905,"size_decoded":2905,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"e924de0d471df54b6280f3dc8b187cb8","sha1":"857f03226070b502a9e06b4249710ec10be4c9e9","sha256":"24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33","sha512":"cd4e7a7bd510fc76aaa8efe77f8d78db1b4051b7a27ad9d9e23e620d0c51c7f2e2c0446610340040c75b0c82442f92c099d091788a1b783d65e429b141dcb3ee","ssdeep":"","tlshash":"5d51ec770368eede9190e3881b21b21eb3a4896474fb81d08f879d46ec066b7927cd60","first_seen":"2023-05-07T13:54:23Z","last_seen":"2025-04-06T10:50:06.516306Z","times_seen":22460,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"3zjhubjxdx0admpx1jkzklfwiji22nfaceq4hknxoszjqyxovqjn5ke3w.vividtrackz.ru/ccimjechkguujopcxdavMkOEPOGXTLBDOLVSSGUMQFSTGPXFZLUDNOWJQVYRNAPLNFFXFRKKXJGNKrstKqe9JIXH6NuyHe34Dx3wx32","fqdn":"3zjhubjxdx0admpx1jkzklfwiji22nfaceq4hknxoszjqyxovqjn5ke3w.vividtrackz.ru","domain":"vividtrackz.ru","tld":"ru"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:54.617Z","timestamp":1739551794617,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"vividtrackz.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Jan 2025 22:25:39 GMT","end":"Wed, 23 Apr 2025 23:23:13 GMT"},"fingerprint":{"sha1":"66:7D:C2:15:FF:5A:64:58:96:43:59:46:73:0C:E7:3C:96:C1:75:27","sha256":"35:2D:78:F2:FF:2F:BD:0C:96:6F:A8:F7:11:33:C4:B7:A5:38:C4:39:DC:F5:86:F9:F0:7B:97:8F:52:0C:8A:96"}}},"request":{"raw":"POST /ccimjechkguujopcxdavMkOEPOGXTLBDOLVSSGUMQFSTGPXFZLUDNOWJQVYRNAPLNFFXFRKKXJGNKrstKqe9JIXH6NuyHe34Dx3wx32 HTTP/1.1\r\nHost: 3zjhubjxdx0admpx1jkzklfwiji22nfaceq4hknxoszjqyxovqjn5ke3w.vividtrackz.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded; charset=UTF-8\r\nContent-Length: 123\r\nOrigin: https://q2berjupvxdohax90gif.brightnexst.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:55 GMT\r\ncontent-type: text/plain; charset=utf-8\r\nvary: Origin\r\naccess-control-allow-origin: https://q2berjupvxdohax90gif.brightnexst.ru\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=mGkbHIQiH4n1ZoOC%2B%2BpreUmi3QWjidiL%2BG0tvnnxZ0KN2Zm3W7tlpmnBGsKxvkhdd%2Bq8oj2CwGm4bs5p6kCeatmc5yRl1QeJySpq7Hm5R%2B9Hz%2B0FZzJjcOX%2Fw7Q9%2B8rTnKieJ7dU3huYcj6WRBDkhoQtaHq9MwKFfaaWen3yJHWfIEFfZrSFEp4kN9YXAElYFmFU0VTlPW7KwSA%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 911e8ddcbf7a1c0a-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=592\u0026min_rtt=522\u0026rtt_var=167\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3283\u0026recv_bytes=1623\u0026delivery_rate=6745341\u0026cwnd=254\u0026unsent_bytes=0\u0026cid=8c627534a2c70a44\u0026ts=559\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":536,"size_decoded":536,"mime_type":"text/plain; charset=utf-8","magic":"ASCII text, with very long lines (536), with no line terminators","md5":"b700a2408fff4601b18b91dd7b1adf0f","sha1":"294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc","sha256":"23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6","sha512":"7f1c6139275ac268dca430a91a35177adfa7e1e46114a3cf084605db02294b3450e6f9ee4de7ad18353483dbcfdbaa20c83c2cdccac7603024797d5fe53779df","ssdeep":"","tlshash":"fdf075afb211b0845a0d8108c05b9f836d804e311b012fa986d8b32d8d8bed240573bb","first_seen":"2025-01-27T23:50:46.76269Z","last_seen":"2026-05-01T11:27:48.598513Z","times_seen":29676,"resource_available":false,"data":null}},"time_used":665,"timings":{"blocked":62,"dns":39,"connect":1,"send":0,"wait":540,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-14","alert":"Sinkholed","trigger":"vividtrackz.ru","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/56ssdcYp9eBOcdo1x5yL8920","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.326Z","timestamp":1739551791326,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /56ssdcYp9eBOcdo1x5yL8920 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: text/css;charset=UTF-8\r\ncontent-disposition: inline; filename=\"56ssdcYp9eBOcdo1x5yL8920\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=nYPxxR7fPUV%2FSO4iXZdBBKgjiokWiai8ZAcvgV9DUi5FybBG2tK8Xj%2FQldcXUG%2F4TgkvAeTtnyOraZbpBZjT73gpD1QUqKaD8ZVKgQc7GCqwU54WvXy45DkieMPsLA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=2,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7bf455687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1481\u0026min_rtt=1466\u0026rtt_var=423\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2824\u0026recv_bytes=2216\u0026delivery_rate=1938420\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=1a4c214e053a07a9\u0026ts=85\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=2564\u0026min_rtt=970\u0026rtt_var=1784\u0026sent=115\u0026recv=46\u0026lost=0\u0026retrans=0\u0026sent_bytes=87804\u0026recv_bytes=25265\u0026delivery_rate=5354046\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11305\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26765,"size_decoded":26765,"mime_type":"text/css; charset=UTF-8","magic":"ASCII text, with very long lines (26765), with no line terminators","md5":"1a862a89d5633fac83d763886726740d","sha1":"e5ce3aa454c992a13fd406a9647d7afbf831051f","sha256":"5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb","sha512":"3bfab627dc0ebfae1176098c870b4d2747518e7ea91646303276191a4a846d47b2e80bb1ee2fa67271130eccbc8b1152778c99917fc6c63ea45a184bd673bf0d","ssdeep":"768:wC8nBSz2omXX44PL5K9kdY8xbXoEYW+8SX:whnBSz2omXo4PL5K9kdY8xb+Ww","tlshash":"19c2976072003369f127c237b1d26a8e21399592e5b75b7df836b5a8cfe60421b3365f","first_seen":"2025-02-05T01:42:00.41842Z","last_seen":"2025-05-03T07:23:57.60526Z","times_seen":14904,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":131,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"q2berjupvxdohax90gif.brightnexst.ru/ijOPd3LSgKTxce7hclOEKFhYmvyzczLD1JyzsCPfJchcV2wVIRxFunNSb56170","fqdn":"q2berjupvxdohax90gif.brightnexst.ru","domain":"brightnexst.ru","tld":"ru"},"ip":{"addr":"172.67.146.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD","date":"2025-02-14T16:49:51.377Z","timestamp":1739551791377,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"brightnexst.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 10 Jan 2025 20:25:30 GMT","end":"Thu, 10 Apr 2025 21:24:18 GMT"},"fingerprint":{"sha1":"8A:38:FA:93:2C:16:E2:E3:FB:AA:BA:B4:10:91:92:39:E0:65:8F:89","sha256":"FC:0D:2B:82:84:19:A1:2E:8A:7E:37:9C:E2:B7:75:9A:3B:65:9B:90:4F:15:67:54:05:23:FF:E6:A2:0F:DC:43"}}},"request":{"raw":"GET /ijOPd3LSgKTxce7hclOEKFhYmvyzczLD1JyzsCPfJchcV2wVIRxFunNSb56170 HTTP/1.1\r\nHost: q2berjupvxdohax90gif.brightnexst.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://q2berjupvxdohax90gif.brightnexst.ru/OFORLLEEWNQAMZYOpsizzhvbvhfadnslioinpflH346O9HZCTR3B5XIVVXTU0AS?UDPBMIXTBBYCUD\r\nCookie: XSRF-TOKEN=eyJpdiI6ImViWDh5cUdsYjdPZUxZUXlCTmlKMmc9PSIsInZhbHVlIjoiejl6L3lKTHFMemFvMndPTFJoWjZtMjJvWnBqWmdpalg3a0l0bjZKY0Q2aCt2VlhWU3dRaGZwdmZlTzBnOXh4eVdkM3p6TXJDdEUrTm1tSVV2R0c3YU1HRGxLdktWbFRHUDlBVVk3V05mMTF3bXN5WE11WXpwekZJL0taTzBtREgiLCJtYWMiOiI2ZWQxZjgwMTVjYTY5Mzg0ZTg3YWYzMzA0Mzc1ODNkZGU4MzkzNzJhNjQ0NDZjZmNmNWQ2YjkyNjEzYTM5YWQ1IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IllwUzlQYTUzTGI4QkNnRzM3U2phTmc9PSIsInZhbHVlIjoiVkpJa0pGNGVSS2pTSGRSQXZZb1FCaXdEUlFyN3dMUnlaRHZDRFA4OTN6aDlEVXN1MHI1WXBUZFp6L3FjNSttc0RHZUFReWgrdHRuTXhvVHRoUjJ3VWJvZkhzTktzRnVtSGpPbGd3OVJMeG0yUVJjQWFtN1dBL2k2SEhMN0dmb2IiLCJtYWMiOiI4ZTZiMmFhNzNiNTliMzc0ZWMzZWIyMDA0ZTYzMTAxZjIyNzg3OWYwNGEwMGRiM2QwYTYzODFmZDQwYWI2NmJjIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Fri, 14 Feb 2025 16:49:51 GMT\r\ncontent-type: image/svg+xml\r\ncontent-disposition: inline; filename=\"ijOPd3LSgKTxce7hclOEKFhYmvyzczLD1JyzsCPfJchcV2wVIRxFunNSb56170\"\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=XrJ%2FA0mdD4aqhQQ7N1RrG79LO1wqNfbasP2ianujIyUgiStC9Q5ItLJVoaAynTTJZsApqtmVqNTQPpaQUoAUT8LK5CHXD%2BQmECCIuQ6lMbejhLt6oiPObU7w4NxwrQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nvary: accept-encoding\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\ncf-ray: 911e8dc7efcd5687-OSL\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=1065\u0026min_rtt=1025\u0026rtt_var=323\u0026sent=4\u0026recv=8\u0026lost=0\u0026retrans=0\u0026sent_bytes=2823\u0026recv_bytes=2261\u0026delivery_rate=2562831\u0026cwnd=251\u0026unsent_bytes=0\u0026cid=a38962420e3321c9\u0026ts=118\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=1949\u0026min_rtt=970\u0026rtt_var=730\u0026sent=160\u0026recv=54\u0026lost=0\u0026retrans=0\u0026sent_bytes=135242\u0026recv_bytes=25628\u0026delivery_rate=6652233\u0026cwnd=21600\u0026unsent_bytes=0\u0026cid=59237dde8255af83\u0026ts=11408\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7390,"size_decoded":7390,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"bca9b46fee32162356ba5b4783e614dc","sha1":"cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5","sha256":"fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec","sha512":"ae7f8bc5b83d440a727e230138a3a633b7d5a73c123ae0db661081a7f4f13fb4155bc55aaac65ca7dfb0d76c619cf21e99e1a56e876253d67fe8a59c2d0a15ec","ssdeep":"192:8dEMK4RwdEdEMK4RwIwm6xiD7x9m9t6EQ3FabrItDWOO6Dcy:8dEMVwudEMVwIwtxiDHmP6lFeItDWOOe","tlshash":"dbe187d532f9e1e85482bbfd6681f17c3e1339fa7a32d99083d65c18dc8a00c45adca2","first_seen":"2023-05-10T21:54:10Z","last_seen":"2025-04-06T10:50:06.515793Z","times_seen":21752,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Microsoft","verdict":"phishing","severity":"medium","comment":"Resource associated with Microsoft phishing","tags":["microsoft","phishing"],"meta":null}]}}]}