{"report_id":"8c6298e9-ade2-4576-9699-33cf6c7ac8c3","version":6,"status":"done","tags":["suspicious","phishing","tycoon"],"date":"2025-03-26T11:52:37Z","url":{"schema":"http","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"172.67.131.243","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"title":"​"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-04T11:52:37Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"pcq.viugbu.ru","ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-26","domain_rank":0,"first_seen":"2025-03-26T11:52:38.081828Z","last_seen":"2025-03-26T11:52:38.081828Z","alert_count":0,"request_count":6,"received_data":4177,"sent_data":2646,"comment":"","tags":null,"fingerprints":null},{"fqdn":"nd3b.rkleor.es","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-03-26T11:52:38.089457Z","last_seen":"2025-03-26T11:52:38.089457Z","alert_count":4,"request_count":2,"received_data":717243,"sent_data":1655,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2025-03-25","alert":"Generic/Spear Phishing","trigger":"nd3b.rkleor.es/oZOLuJ/","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}]},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fa0f1e068487ac04c82126013211405a","sha1":"3618e807187b16c8bd1b9e9b19faea5c2b75b6ef","sha256":"142589bab758ce0867a4879c4dfb037db8fbbb91d4feeb693fc28bfa593cb52e","sha512":"4e245b02b88a45c11c4335aa6909d2f04659ccbdcf37824b18b223f2497618537c6c2c9277f354a04dfe7aaf0351daf39db0ac67691d86dc8c24f5ecee612329","ssdeep":"768:sWaJCe9jbH0J7oen8ffWaJCe9jbH0J7oen8fXLkK9VZLkK9Vh:sxJCC7nen8ffxJCC7nen8fXLBPZLBPh","tlshash":"afe445ee26072133879c2d629467130700278dc57fb16aa1fe650d68eee295e1adc1ff","size":714186,"data":"","first_seen":"2025-03-26T11:52:42.2677Z","last_seen":"2025-03-26T11:52:42.2677Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"3eacfe476a58490caf61af57d89d2341","sha1":"9ab023a5b38a8f35c7003d59b7be938e990158bd","sha256":"ac3f4c2f61669aa71d0d795d29e2e4b6ee881e69151ca9042a820f4733d3a1f1","sha512":"ca4f25440f4037b8d8d956dc59c976ce44379b73f0cefeed0c44867b9f7984e649f34947cd54ee4e603de826e288ebcb8d072ba81782290e5dc292706eae8103","ssdeep":"","tlshash":"c231e187f0726070363672be577f75017b39d1cb20849a34769c1fa07fd764741a2485","size":1749,"data":"","first_seen":"2025-03-26T11:52:42.268766Z","last_seen":"2025-03-26T11:52:42.268766Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a815e02b4a511e4ebab87827a29eece0","sha1":"e4e6145e9f4de758d6c946dc25f281993e87f466","sha256":"bfdd2796ed06a0c946d0666ce373382af1e3ad8ba3d65c901792c383c4b78f18","sha512":"f5470acc55268a1a855213bd9726e5f9477e1d1ad1b5e327bf920bf4930fe4c5cb6be55d2a3ec17053eb3fdf29debf029f71a8a637d6db6486199531fe206e08","ssdeep":"768:fihIVehDsi29qDNxtIhDoDsthTDIfIBYjhDLyhfjfpn/BegDfIBYjhDLyTn/BerO:fihIVehDsi29qDNxtIhDoDsthTDIfIBA","tlshash":"f503007395f51140722261a53c1ffe1fe2655beaa08b80b46ce8fd8cda3dc5d890cb64","size":39417,"data":"","first_seen":"2025-03-26T11:52:42.269931Z","last_seen":"2025-03-26T11:52:42.269931Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"783d3b9b12f8d6dd119a2e0f55ea6af0","sha1":"4ad8ee1827f76b2b14a8025cb4af498fe565f111","sha256":"da3158bdee7240f8ab51949681b9e04791e2875ab5854c97bbcda5a55f4c50dd","sha512":"34ca54ecd6b603d0bd5a0090ef91b970c1b21360bf09817178d8b32670ffe6b71336d1fd16a4b7185ed4d82352a02b37a6133fced1b09da54fd31cd27ddc6356","ssdeep":"6144:HhThwhBIIs32iBfD1BByDpXdM+l3DhsGIYLyNeDy+Sf/IugN3sBdhMJglighDtgd:A","tlshash":"481400b3a0f24084712a50203d0fff4fd10a57e5a19b84b8adc9fe9cda7c96c448eb85","size":205410,"data":"","first_seen":"2025-03-26T11:52:42.270973Z","last_seen":"2025-03-26T11:52:42.270973Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"1251beb898caef38223bbd5bdcebf377","sha1":"27f99a1593a56df39a98f9ff9fb5aef0afb54949","sha256":"e1846cb9ca90e9b875b5bf28532afb2e9a197550ad0f4321dbe5bee634b4c2a4","sha512":"b184ac12ab13da8d5757ebe5675d498c7a81ef2dcdee92cd016dbec595324114bc64590bc445f6bd3d7ae1d42b6ff6f920f10740d9646a60098b31bba5d2547f","ssdeep":"192:MFu78QObXWAobF2IaDQ6Y/XQsKI213iSp4A0iniriIi4p80vpb97uq:MFu78QOrWAo52Ias/pggSp/0iniriIiy","tlshash":"7d02b6278d4b3d11cbb16a0272dd4bd1582c079f68c284edbe1eefc88f1d56661c02d9","size":8587,"data":"","first_seen":"2025-03-26T11:52:42.272Z","last_seen":"2025-03-26T11:52:42.272Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"996cebed84e1aeae305f32cada996e22","sha1":"389ced7f6acd87b176b6461d14ee0b9a33e3e329","sha256":"5069d26203c31e9acfcea70d867d656e632d8f7b43ce1e33d35b46218a590e4d","sha512":"6ae0702fe29910ade63d615b148413384d7fafbcb0368d788ccfd0af85144b4682f49d40609a5bfb3ac16c018ad1c699127c978db5cf2a1bb3433e3be30c2262","ssdeep":"384:BYzYryNRzyFRbl/mgikeBQDXwGrgHD0T3e:BrZmgZDXwGMw3e","tlshash":"be149b7ff512137fa2c2de8b795bad2d10127d9ae10f0784a283b717b746bbc0891855","size":194394,"data":"","first_seen":"2025-03-26T11:52:42.273203Z","last_seen":"2025-03-26T11:52:42.273203Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"pcq.viugbu.ru/tarboz@jy284","fqdn":"pcq.viugbu.ru","domain":"viugbu.ru","tld":"ru"},"ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:24.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"viugbu.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:36:32 GMT","end":"Wed, 28 May 2025 13:34:53 GMT"},"fingerprint":{"sha1":"B4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C","sha256":"AC:6C:D0:47:43:1A:39:5B:BE:5F:27:FA:D7:5B:60:65:C0:D0:B9:0F:99:D4:EA:52:07:87:D1:FD:73:F5:0E:48"}}},"request":{"raw":"GET /tarboz@jy284 HTTP/1.1\r\nHost: pcq.viugbu.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nd3b.rkleor.es/\r\nOrigin: https://nd3b.rkleor.es\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:25 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=oSdB9viZ96nDYsCQKi7bfIFvk9OFgMXTYqxouL4PHUqJTcXMEEGLxwHApIY8AAJfJe2q%2FQz3EI1FTWe%2F0i%2FTYkM5glj3qEw4CVuln9F5qvgp5rx4B9VbbV1huGZc%2FTL4\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 926671133b4dfff8-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=24855\u0026min_rtt=19677\u0026rtt_var=12673\u0026sent=9\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=3191\u0026recv_bytes=1167\u0026delivery_rate=220116\u0026cwnd=234\u0026unsent_bytes=0\u0026cid=d408e9a2019b00a4\u0026ts=735\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-05-01T15:24:18.266911Z","times_seen":108496,"resource_available":true,"data":null}},"time_used":939,"timings":{"blocked":110,"dns":52,"connect":20,"send":0,"wait":719,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pcq.viugbu.ru/tarboz@jy284","fqdn":"pcq.viugbu.ru","domain":"viugbu.ru","tld":"ru"},"ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:24.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"viugbu.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:36:32 GMT","end":"Wed, 28 May 2025 13:34:53 GMT"},"fingerprint":{"sha1":"B4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C","sha256":"AC:6C:D0:47:43:1A:39:5B:BE:5F:27:FA:D7:5B:60:65:C0:D0:B9:0F:99:D4:EA:52:07:87:D1:FD:73:F5:0E:48"}}},"request":{"raw":"GET /tarboz@jy284 HTTP/1.1\r\nHost: pcq.viugbu.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nd3b.rkleor.es/\r\nOrigin: https://nd3b.rkleor.es\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:25 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2FElb5jONUcY9t8rRHeUdJbvJy3Sn8bfDvbesxXh2RoiV7BjXBzZHE9%2BIDrISjLXRHSbdp%2Bg9vJEqsnWdMmcCvzbxAZlTaKZyzxNn1HHw%2FfrUiNex6hCGPZQMuWjpOQPm\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 92667113ac6afff8-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=23134\u0026min_rtt=19607\u0026rtt_var=7937\u0026sent=12\u0026recv=15\u0026lost=0\u0026retrans=0\u0026sent_bytes=3852\u0026recv_bytes=1167\u0026delivery_rate=220675\u0026cwnd=237\u0026unsent_bytes=0\u0026cid=d408e9a2019b00a4\u0026ts=816\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-05-01T15:24:18.266911Z","times_seen":108496,"resource_available":true,"data":null}},"time_used":725,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":725,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pcq.viugbu.ru/tarboz@jy284","fqdn":"pcq.viugbu.ru","domain":"viugbu.ru","tld":"ru"},"ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:28.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"viugbu.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:36:32 GMT","end":"Wed, 28 May 2025 13:34:53 GMT"},"fingerprint":{"sha1":"B4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C","sha256":"AC:6C:D0:47:43:1A:39:5B:BE:5F:27:FA:D7:5B:60:65:C0:D0:B9:0F:99:D4:EA:52:07:87:D1:FD:73:F5:0E:48"}}},"request":{"raw":"GET /tarboz@jy284 HTTP/1.1\r\nHost: pcq.viugbu.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nd3b.rkleor.es/\r\nOrigin: https://nd3b.rkleor.es\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=o7nRy0rmUSxcrT%2Ba8%2Fnjfam3v%2B5fV0%2BUHsZSM%2FzUtyZfWtFIjL6WgS3yaBi9VsIrbBjTojKYgjHXcaUw1KWpnceYG4MXGcpbJ1FANlU64pOiJi4hUJ06LvaEIY0%2BxsU6\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 92667129b93efff8-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=22317\u0026min_rtt=19570\u0026rtt_var=5886\u0026sent=15\u0026recv=18\u0026lost=0\u0026retrans=0\u0026sent_bytes=4339\u0026recv_bytes=1245\u0026delivery_rate=220675\u0026cwnd=237\u0026unsent_bytes=0\u0026cid=d408e9a2019b00a4\u0026ts=4217\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-05-01T15:24:18.266911Z","times_seen":108496,"resource_available":true,"data":null}},"time_used":601,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":600,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pcq.viugbu.ru/tarboz@jy284","fqdn":"pcq.viugbu.ru","domain":"viugbu.ru","tld":"ru"},"ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:28.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"viugbu.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:36:32 GMT","end":"Wed, 28 May 2025 13:34:53 GMT"},"fingerprint":{"sha1":"B4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C","sha256":"AC:6C:D0:47:43:1A:39:5B:BE:5F:27:FA:D7:5B:60:65:C0:D0:B9:0F:99:D4:EA:52:07:87:D1:FD:73:F5:0E:48"}}},"request":{"raw":"GET /tarboz@jy284 HTTP/1.1\r\nHost: pcq.viugbu.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nd3b.rkleor.es/\r\nOrigin: https://nd3b.rkleor.es\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:29 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RR8zcml9BjcMWbVyIeRUWLWvTwGOxLycGt4Ao9DWChltBZWKtr4FeGNJG8nstygNtzG%2Bo8jas1ais4QNxVr1vKQkVXYxDm4GON%2Bd2Use0alfXcd2Sh6zdmiMtkfvdNCK\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9266712b19c4bc8a-AMS\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-05-01T15:24:18.266911Z","times_seen":108496,"resource_available":true,"data":null}},"time_used":743,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":743,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pcq.viugbu.ru/tarboz@jy284","fqdn":"pcq.viugbu.ru","domain":"viugbu.ru","tld":"ru"},"ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:33.085Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"viugbu.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:36:32 GMT","end":"Wed, 28 May 2025 13:34:53 GMT"},"fingerprint":{"sha1":"B4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C","sha256":"AC:6C:D0:47:43:1A:39:5B:BE:5F:27:FA:D7:5B:60:65:C0:D0:B9:0F:99:D4:EA:52:07:87:D1:FD:73:F5:0E:48"}}},"request":{"raw":"GET /tarboz@jy284 HTTP/1.1\r\nHost: pcq.viugbu.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nd3b.rkleor.es/\r\nOrigin: https://nd3b.rkleor.es\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:33 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=VZ0iSowhjCc%2BJQuLxuWlWbUMGhIC6r9z3pN8iF3yZS4Q1V8frn6110MrnYqwt5YGWA%2BFvxi%2BWzf5AdtYpLBLGmWKV75GTuEYZHdKHtSP0iiP09QWA7d713COugfj3Nil\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 92667146ed0fbc8a-AMS\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-05-01T15:24:18.266911Z","times_seen":108496,"resource_available":true,"data":null}},"time_used":536,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":536,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pcq.viugbu.ru/tarboz@jy284","fqdn":"pcq.viugbu.ru","domain":"viugbu.ru","tld":"ru"},"ip":{"addr":"104.21.95.206","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:33.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"viugbu.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:36:32 GMT","end":"Wed, 28 May 2025 13:34:53 GMT"},"fingerprint":{"sha1":"B4:BF:85:1E:BC:4A:98:EF:98:6F:C1:4C:DB:FE:D8:75:DE:97:F0:6C","sha256":"AC:6C:D0:47:43:1A:39:5B:BE:5F:27:FA:D7:5B:60:65:C0:D0:B9:0F:99:D4:EA:52:07:87:D1:FD:73:F5:0E:48"}}},"request":{"raw":"GET /tarboz@jy284 HTTP/1.1\r\nHost: pcq.viugbu.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://nd3b.rkleor.es/\r\nOrigin: https://nd3b.rkleor.es\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:34 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2BJHAxbTEAHIhJ9Y77HXpD1MZB0ZIMfgxsRRPliavT%2FxSYZbLWqTuE2%2FPqDYz%2BqonjOvPgL0rIBlV2plpwByYNkjt8dhMi%2Fy%2FE%2Fhkrnwm5j7vYTSYka%2FUF6JAb7TvcORg\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 926671482d30bc8a-AMS\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-05-01T15:24:18.266911Z","times_seen":108496,"resource_available":true,"data":null}},"time_used":736,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":735,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nd3b.rkleor.es/oZOLuJ/","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-26T11:52:15.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkleor.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Mar 2025 01:03:09 GMT","end":"Sat, 14 Jun 2025 02:01:44 GMT"},"fingerprint":{"sha1":"48:90:3D:F2:36:F9:90:D2:FA:E6:70:17:FF:21:EE:1A:B4:56:EA:23","sha256":"B6:47:23:4F:D3:4A:33:4E:7F:48:DB:47:C5:05:88:A5:10:E7:A6:34:08:6D:B0:57:81:CF:90:2C:3D:B4:07:03"}}},"request":{"raw":"GET /oZOLuJ/ HTTP/1.1\r\nHost: nd3b.rkleor.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 11:52:15 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=vAloX2nNL%2BYibkGLMZEeMq58e3%2FyQ597hwUpmb8aY6GDKcTnCXcAtwcNhxQq3D0VMQp3oG2vv1nj3ukBvhtfVG8BTEN5KXm2MiUuK8g74%2FvVcZm0DQmxbXB1UUvqAw%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IkFQTkhZcjJxNWZPV0pjZ2REbVpyZEE9PSIsInZhbHVlIjoiNlVXL1BMMVdHSzB4U2Q1RVBGLzJjaENkYjBsYS9mZlJMMjhvbXd3S3F5dXk4VnB6Qk9YdUc5L21XU0NuY2lLdUtpYjIvc3hwZ29ldFoxcG1NcytVSVdBSXViTTdJejZCUFZNeDVyYjJlMlNXMk9DbU5TZU1vL0ZobHRLUTU5V2IiLCJtYWMiOiJlMGU5ZjhjMDhkNTMxOGFkMzk4MTc4NTVkOWUwNjQyYTAxZGU3MmY0MTBjY2Q2Mjk1MDMzODE3MWIyMWU3MTJjIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 13:52:15 GMT; Max-Age=7200; path=/; secure; samesite=none\nlaravel_session=eyJpdiI6IjB3Y1lpQTBhZHJod1ppYWJTRmtHYmc9PSIsInZhbHVlIjoiQy9xZWxtaDJwN1JBVHNqUTlzMWhYcW0vYVNZbmdDM08vZ3ZBVW12VGhaNUxIZkY0b2MzUlVoU1huZTlKUkRQKzIwUW9sN0hSYVpmdk95L29zc0FWeEl3alN5K2V0d1pyRVBkZGo4NTNZUjA2cmZWdFErZ05VeURmektHa3RUcFkiLCJtYWMiOiI0YzY4ODU0OWY2NzYxMmVhYWM4MWVlMjVjNjk0OTg0N2U2YTkwYjlhNDhjZjEyNjQ0ZDc5Njg5ZWFlYjVhNTA4IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 13:52:15 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none\r\nserver: cloudflare\r\ncf-ray: 926670d88c2bfeaf-AMS\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=15516\u0026min_rtt=10321\u0026rtt_var=9654\u0026sent=568\u0026recv=143\u0026lost=0\u0026retrans=3\u0026sent_bytes=731782\u0026recv_bytes=22462\u0026delivery_rate=7566418\u0026cwnd=429\u0026unsent_bytes=0\u0026cid=bd65b9abf6e6ef89\u0026ts=182598\u0026x=0\", cfL4;desc=\"?proto=TCP\u0026rtt=24791\u0026min_rtt=19791\u0026rtt_var=12340\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3192\u0026recv_bytes=1131\u0026delivery_rate=219294\u0026cwnd=209\u0026unsent_bytes=0\u0026cid=69ec6ab6c4721ef3\u0026ts=507\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":714203,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65368)","md5":"7dbc679558566a00aab2cbf1ae0460d4","sha1":"a2992b5db0f7e82b43ed2c3bd8f657e768ba0f2b","sha256":"64732f46dd7377c0da37cb9e7f22388d50d4e49dee58aa35658e7eb775198a5a","sha512":"e225914c956c211b93e6e3a9488a58b7883ce72eb10d827c9204ef46ccb8236c8a85997542c784f34429b5c5b89fadd9894404537970ec34080e23c42fad1bae","ssdeep":"768:NWaJCe9jbH0J7oen8ffWaJCe9jbH0J7oen8fXLkK9VZLkK9VL:NxJCC7nen8ffxJCC7nen8fXLBPZLBPL","tlshash":"9fe445ee26072133879c2d629467130700278dc57fb16aa1fe650d68eee295e1adc1ff","first_seen":"2025-03-26T11:52:42.262453Z","last_seen":"2025-03-26T11:52:42.262453Z","times_seen":1,"resource_available":false,"data":null}},"time_used":628,"timings":{"blocked":71,"dns":7,"connect":20,"send":0,"wait":486,"receive":0,"ssl":41},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"","description":"OpenPhish","scan_date":"2025-03-25","alert":"Generic/Spear Phishing","trigger":"nd3b.rkleor.es/oZOLuJ/","verdict":"phishing","severity":"medium","comment":"Generic/Spear Phishing","link":"https://openphish.com","meta":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon"],"meta":null}]}},{"url":{"schema":"https","addr":"nd3b.rkleor.es/favicon.ico","fqdn":"nd3b.rkleor.es","domain":"rkleor.es","tld":"es"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://nd3b.rkleor.es/oZOLuJ/","date":"2025-03-26T11:52:16.422Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"rkleor.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 16 Mar 2025 01:03:09 GMT","end":"Sat, 14 Jun 2025 02:01:44 GMT"},"fingerprint":{"sha1":"48:90:3D:F2:36:F9:90:D2:FA:E6:70:17:FF:21:EE:1A:B4:56:EA:23","sha256":"B6:47:23:4F:D3:4A:33:4E:7F:48:DB:47:C5:05:88:A5:10:E7:A6:34:08:6D:B0:57:81:CF:90:2C:3D:B4:07:03"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: nd3b.rkleor.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://nd3b.rkleor.es/oZOLuJ/\r\nCookie: XSRF-TOKEN=eyJpdiI6IkFQTkhZcjJxNWZPV0pjZ2REbVpyZEE9PSIsInZhbHVlIjoiNlVXL1BMMVdHSzB4U2Q1RVBGLzJjaENkYjBsYS9mZlJMMjhvbXd3S3F5dXk4VnB6Qk9YdUc5L21XU0NuY2lLdUtpYjIvc3hwZ29ldFoxcG1NcytVSVdBSXViTTdJejZCUFZNeDVyYjJlMlNXMk9DbU5TZU1vL0ZobHRLUTU5V2IiLCJtYWMiOiJlMGU5ZjhjMDhkNTMxOGFkMzk4MTc4NTVkOWUwNjQyYTAxZGU3MmY0MTBjY2Q2Mjk1MDMzODE3MWIyMWU3MTJjIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjB3Y1lpQTBhZHJod1ppYWJTRmtHYmc9PSIsInZhbHVlIjoiQy9xZWxtaDJwN1JBVHNqUTlzMWhYcW0vYVNZbmdDM08vZ3ZBVW12VGhaNUxIZkY0b2MzUlVoU1huZTlKUkRQKzIwUW9sN0hSYVpmdk95L29zc0FWeEl3alN5K2V0d1pyRVBkZGo4NTNZUjA2cmZWdFErZ05VeURmektHa3RUcFkiLCJtYWMiOiI0YzY4ODU0OWY2NzYxMmVhYWM4MWVlMjVjNjk0OTg0N2U2YTkwYjlhNDhjZjEyNjQ0ZDc5Njg5ZWFlYjVhNTA4IiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 26 Mar 2025 11:52:16 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: max-age=14400\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2Fm93qFsX1vFRONZDyd8Sn9pKK%2B40HXApekrjipm43ZR8J9b0BRh4R2jpnDf6CWdJR0O5%2Bqi5GHTThiW6iVbqyuwxQnOAaNFkdPRApvJpxysTEzei5CJOXNaGvnkmZQ%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: EXPIRED\r\npriority: u=6,i=?0\r\nserver: cloudflare\r\ncf-ray: 926670deb84afeaf-AMS\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=10709\u0026min_rtt=10321\u0026rtt_var=629\u0026sent=629\u0026recv=166\u0026lost=0\u0026retrans=3\u0026sent_bytes=805845\u0026recv_bytes=23957\u0026delivery_rate=7566418\u0026cwnd=429\u0026unsent_bytes=0\u0026cid=bd65b9abf6e6ef89\u0026ts=183540\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=26778\u0026min_rtt=24514\u0026rtt_var=10810\u0026sent=10\u0026recv=6\u0026lost=0\u0026retrans=0\u0026sent_bytes=3988\u0026recv_bytes=1693\u0026delivery_rate=24230\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=8e61bc8994139d86\u0026ts=912\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-01T16:39:26.747397Z","times_seen":14480732,"resource_available":true,"data":null}},"time_used":441,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":441,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon"],"meta":null}]}}]}