GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://y6twlf4xd.kngmm.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
accept-ranges: bytes
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
date: Mon, 09 Jun 2025 08:53:29 GMT
expires: Tue, 09 Jun 2026 08:53:29 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: K_cEOZTYmK23dFKYr6AzvlHzAm9mIKbF8Vf1TFa1jySggFSF6MP4yg==
age: 715001
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/favicon.ico
404 Not Found 0 B URL GET y6twlf4xd.kngmm.ru/favicon.ico
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95139635ec2b56af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lg1GD9WODEf4p9KBsMhycYXLGKXE7MvLy6qimTh%2ByS6tAxbkgH%2F81NFUhkvE13%2BmOl1VoLu1aT5sn9Jamifr8xCnV10Dtln8spLzPcqQ%2FWE%3D"}]}
cf-cache-status: HIT
age: 20
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1599&min_rtt=587&rtt_var=515&sent=953&recv=437&lost=0&retrans=0&sent_bytes=780109&recv_bytes=49302&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21551&inflight_dur=190&x=80"
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
200 OK 283 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 283 kB (283440 bytes)
Hash 9c18c8d5827ddded8af179ed8e1e4113
ef0df3a98554b12371a5db7e93b205ed5f1f9cd1
6b9b86d6e2667b22e6f2c4efd537eb0d2f3facf887ba735f964d335dd5694dfd
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
cf-chl: xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3415
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:29:51 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: U9Fv6mQsv9j7CIZwA0KZzeOh8ZdFMsOqSZRmnrsebDOhIeWozExU39iit+Pq98dy3SDAnORKKYpWCtXiwavFZKaIkPxSzkptioRYScbdw3N3ALB1AnRYoHxPuZKYPIzD2kaSozmsX0xp9wz8o0LhdPCHrNaHDT47h+WXjzSRIOg7Sd74aG4/m9KGC70WsgBQk7oBcYXExWi/gEDslD5Fav9WuwJgZw2597e9D5lJQVa798LB+M6zW5khI2sCT9NLeJFwZ8UVhzyp+8F2D10kV+IIxWt0W4wL2KqlfVlToreIN7rCx3YQJkoaSGyPufg56D0RhoZzMoc2CFep8LJ0Ss9+V97LrrdhEkDcWftATA42BzDFvZ5xb+2jkGFHT9SWhBe6akdqbMNaXM7y5lc4Ytyt3aBq4wIkglhtnVHIdS8dp07I2isGLIFmhwyOQrip7ne2FA+YbcPLIQKHRCBB4FKG5xc5ZaGQnNMsvaWk+QYVjYsyN8qW39f7xCCW73tS7/d3IOVmhcIS8vfumZAbKRRAnE+G9ghXfiuHNguN3uWYrJFXMFgwXp0aP3CHgEtO23mRAXdeFu/JazpvVYwnORQAnGlx06w2mY601VYXnKt+3t9aYV+01XfMf30D1aWPomETC/jMZCR0Hank6TUW25vsQsps86JewRCx6P7dXfnvgSwmzAC+1GfXAca/u72EMdueVak8acEHx+/pNbc+CqxGHBFcboJgYxOWAsa6XXDp1oX2XEVCGwxnjjjiqF/U/MsMM1LRYjdpE4ewTxgSEw==$6/761F3xwGe9yB+VKAFM/w==
priority: u=3,i=?0
server: cloudflare
cf-ray: 951395b828ab56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
200 OK 15 kB URL User Request GET y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type HTML document, ASCII text, with very long lines (9457), with CRLF line terminators
Hash 00e0d726966358fdd9c08f2c34c459e9
4bd7ec52a97214ae9b80aa0ada9b977c98d4e464
acfb87c00f36fd8e63bd50dd80bf78c633079026dafa72183a6ea376934b0c56
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjFFSjdkNklGWUE5TnkrRE0vd3lObWc9PSIsInZhbHVlIjoiTlNEeWtadzhmK0JSRTNoRXBXY1VwRzlLdzhBbXp4TmJRUy8ySW54U2t2L0d1VGlrdm9KbFE0a3dVQlNUS1hFd2lOL2hjRHNoVnVMYlJzT0pMYmkwYnNZMDEyVjlRNkdCdlpZNlF2M2hxSTV6WUs2Q0FIcWVkKzhOdUM5YldhcVEiLCJtYWMiOiIyYmVkNjBlZWNhNDE3YmQzMDZiMzY3YWM0MDgyNjZhYWMyZWRjMWE5NWE5YmM3ZTFkODNiMjY1OTU4YzdmMjZhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjRvalhnQXduaUFNZUJXTlJ6bXdVb3c9PSIsInZhbHVlIjoidmkxUWw5V05uR1RReTNVd3F3UFpoYzNZdXpLVHorUWJyanFENXZGcjZ1WjlKRWhEekthdmZCckJZQUxYU1IyU3JCdFVjN0FEREo2SC9Fd2NlZGVTTURKSmxCWWZwZmRSbHBQTUo3ZElhWDMyMm80YmZOS2M1bUdtQlFwVzh4cjAiLCJtYWMiOiI4YWRjOWZmZTg4YjFjY2U2ZDJhNmVjN2E4YmUwN2JiMTU0OGNlYzQyNGJmMWI3NDA1Nzk5YTU4NWZkMmJkMWMwIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:08 GMT
content-type: text/html; charset=UTF-8
cf-ray: 951396223b8556af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=a%2BkqS1ZYafEkBu3TfF3sKSJy5oA2RChaflxgRR33zrcoR7%2FUF%2FUEP3TtT0lBpgz4sb4QMcd0ckvkOvIZyzLjeBC%2FvJ9ZfsBKZf6X2pg%2BroE%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6Im8wSjg1V1o2djdjYWVOVXdFbDNCL2c9PSIsInZhbHVlIjoiM25DNjNPTzJETFhBbFFXRDVSZWdDYmVTWUZHZzd0eVZlNzBIVmJBU0pKc1d6NGs3NTNYYlRtaFJYUnoxYlk5VGduZW41QVZGWjZ2STVpdW9OaldPSURoUTRzdkNSOEZKbHNaZHVRQjg3Y3lyZXM2UkwzZEcxemMyR3g5R2pLdEQiLCJtYWMiOiJhYjAxYTIyOWJhMzIzMDA1NzQyNzUxMzc0MTg3MDc0NDNiM2JkOGQ4ZmY3MTNiMjY0OGVlNTZhOTIzNzEyOTMxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:08 GMT
laravel_session=eyJpdiI6IkhUNnFLbWw5WWlCbGRDM2Y4TFUyb2c9PSIsInZhbHVlIjoiTmV3SFdZcGRCbWZhTmR3cTJFWnNRd0hCNXNTSFBDL3ovZFZPNE9lNWxiejhMditHTk5DTWF0TE1MTU9HYjAwYXNHd0RZM01iZHh2M2UwVVFGN2lPSUE2NTRZc0h1bHdSS1dsMzdLdktkR2MxNGg4WUZnclBEdWJ0cjhqMkJhYmQiLCJtYWMiOiIyNjdmMjQ5ZDMxMDNlMmEzMGI5NzJiYjMyYzBhOTYxMDBiNjIyNzM1ODA4NWM1OTMyZTU4NTk2MGY3NGZlNWJiIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:08 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1770&min_rtt=587&rtt_var=663&sent=259&recv=368&lost=0&retrans=0&sent_bytes=19052&recv_bytes=24205&delivery_rate=627537&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=18603&inflight_dur=58&x=80"
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 17 Jun 2025 15:29:50 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/180b6a431d85/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 951395b1ff400b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
200 OK 30 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (29504), with no line terminators
Hash 872e33ac917ef1bfa4966f9f94e511ad
9b8f52d82e1fcf03cc0184723e9d731074a25360
f85fbb7227f7a1f3fbfaf0e205b66a941eb1bab08fb68d8c4118dee33b678c29
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
cf-chl: xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34786
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:29:58 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: ye4Ll52tOtdksDP5YnBclrjr0twC6JTEW5cz/XHFNaRdOHtxf7FmHDgyPgu4ozTC$mdqpfwH2UYXoTqacK8nFiw==
priority: u=3,i=?0
server: cloudflare
cf-ray: 951395e74ab056c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/efqIAmoHCUtIVMyIrswdDaZzklj55uIVSjeJtf490150
200 OK 270 B URL GET y6twlf4xd.kngmm.ru/efqIAmoHCUtIVMyIrswdDaZzklj55uIVSjeJtf490150
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /efqIAmoHCUtIVMyIrswdDaZzklj55uIVSjeJtf490150 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:10 GMT
content-type: image/svg+xml
cf-ray: 9513962b2bc456af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="efqIAmoHCUtIVMyIrswdDaZzklj55uIVSjeJtf490150"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pT94HvO5e1TlgHwkxh9w3A9VVc2Hv73vNfMa5ORDC6BdNxvkYsa5kM1SGlIpOVK9S7ts2ItybTXLXQXCuNAvfC%2BNLCEMZgIq9hZfYh1RMwM%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2193&min_rtt=587&rtt_var=783&sent=691&recv=415&lost=0&retrans=0&sent_bytes=489515&recv_bytes=45530&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20090&inflight_dur=142&x=80"
GET y6twlf4xd.kngmm.ru/opDYorwAsmJYU8J9PwTp2beAibEN3aPDosAsvb12uyRoCdWZNm5sRzjYykBTYkfIvXIEPozcd235
200 OK 9.6 kB URL GET y6twlf4xd.kngmm.ru/opDYorwAsmJYU8J9PwTp2beAibEN3aPDosAsvb12uyRoCdWZNm5sRzjYykBTYkfIvXIEPozcd235
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opDYorwAsmJYU8J9PwTp2beAibEN3aPDosAsvb12uyRoCdWZNm5sRzjYykBTYkfIvXIEPozcd235 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opDYorwAsmJYU8J9PwTp2beAibEN3aPDosAsvb12uyRoCdWZNm5sRzjYykBTYkfIvXIEPozcd235"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=R3eD6I%2B%2FoRsbP9vTKabIvdaj3LcapRcPqsUCiJRvYbGJLUBhN1D0ZuPz8Arv8nKZG6Alvx0eLhVLGj0gj%2BKpOCLeWBEKsdEwzhlg3gayY4E%3D"}]}
cf-ray: 9513962b5bc956af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2210&min_rtt=587&rtt_var=875&sent=713&recv=422&lost=0&retrans=0&sent_bytes=505099&recv_bytes=47722&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21137&inflight_dur=157&x=80"
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
Fingerprint88:B3:65:B8:95:15:9F:37:C6:F0:8D:A3:3B:A4:29:F9:CC:31:E1:BC
ValidityMon, 28 Apr 2025 06:03:21 GMT - Sun, 27 Jul 2025 07:02:58 GMT
Hash 062c1b7698037f3d5989375232dfca49
2d9eeb0b6d995e960cfe91f2f60962edbbed4757
c3793283ac930f16741c27f514589b944e60f78d72cc19cb51e893f4fc947f41
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://y6twlf4xd.kngmm.ru
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 17 Jun 2025 15:30:13 GMT
content-type: application/json
content-encoding: br
x-request-id: 69574c496b7b95840e5e6d671fbdd269-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PAh79fI92tDxHWOGrKjvBKHWT3hdIJ77sJDE1%2BIlqoyyLV2i3KY2LNfjHd3OGuUCbBqP7dPKkFXa9B%2FlkC7urVdzSLpQZAu1%2BTzbRjWbXBcUHbJowq%2BTibkizZeIgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 9513963e9a835687-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=3862&min_rtt=622&rtt_var=3127&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3189&recv_bytes=1127&delivery_rate=6830188&cwnd=254&unsent_bytes=0&cid=41843fc57af57b9c&ts=136&x=0"
X-Firefox-Spdy: h2
GET collider-server-production.herokuapp.com/api/flights/766/linkProxy?flightMatchId=26460&url=https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
302 Found 39 kB URL User Request GET collider-server-production.herokuapp.com/api/flights/766/linkProxy?flightMatchId=26460&url=https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
IP
Certificate IssuerAmazon
Subject*.herokuapp.com
Fingerprint1C:78:53:75:E2:0A:79:3B:68:1F:75:BE:5B:A7:37:60:9B:7E:23:B9
ValidityThu, 30 Jan 2025 00:00:00 GMT - Fri, 27 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/flights/766/linkProxy?flightMatchId=26460&url=https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net HTTP/1.1
Host: collider-server-production.herokuapp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: Cowboy
Report-To: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1750174189&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=9LQkgYXvlPubnlb28SN5EaM%2Bn67DczsoITH%2Fvp%2FQULU%3D"}]}
Reporting-Endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1750174189&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=9LQkgYXvlPubnlb28SN5EaM%2Bn67DczsoITH%2Fvp%2FQULU%3D
Nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
Connection: keep-alive
X-Powered-By: Express
Access-Control-Allow-Origin: *
Location: https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Vary: Accept
Content-Type: text/html; charset=utf-8
Content-Length: 188
Date: Tue, 17 Jun 2025 15:29:49 GMT
Via: 1.1 vegur
GET y6twlf4xd.kngmm.ru/xyUcAKOpp3VpqLHief26
200 OK 36 kB URL GET y6twlf4xd.kngmm.ru/xyUcAKOpp3VpqLHief26
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /xyUcAKOpp3VpqLHief26 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:10 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9513962adbb956af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="xyUcAKOpp3VpqLHief26"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=YEQwlCAdjI6Uduw3535eHgCos9NvLMbMc2SLXrp70SXRFkFY2gmh55IIFEs5vge%2BOzJ%2FgHyZ%2BK9biL332QOrrIOIa1oreetwwu77XNCMLpo%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2126&min_rtt=587&rtt_var=1471&sent=679&recv=412&lost=0&retrans=0&sent_bytes=478504&recv_bytes=45393&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20069&inflight_dur=134&x=80"
GET y6twlf4xd.kngmm.ru/GDSherpa-bold.woff
200 OK 36 kB URL GET y6twlf4xd.kngmm.ru/GDSherpa-bold.woff
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: HIT
last-modified: Tue, 17 Jun 2025 13:31:29 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=K3uhbl%2BJCJmE%2FvAwyYBKbDyKPF19JgVobLCg9fi0Wxn6N0CeoLIF0MnAcgDHvmMH%2BGZNZvB%2B0xh4g%2FIBuGyFADXxVS2NQgicD08GcW0YYWY%3D"}]}
age: 7120
cache-control: max-age=14400
cf-ray: 9513962aebbb56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1243&min_rtt=587&rtt_var=306&sent=427&recv=394&lost=0&retrans=0&sent_bytes=193071&recv_bytes=34481&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=93600&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19796&inflight_dur=99&x=80"
GET y6twlf4xd.kngmm.ru/stLLfkhltMnYdDyM4gheUFByuL8qsyOpnasE4hN2vM4pOI345a5i2NwZWpfaW2n3oB8MfGF0JUmJyTSSIx8ef256
200 OK 18 kB URL GET y6twlf4xd.kngmm.ru/stLLfkhltMnYdDyM4gheUFByuL8qsyOpnasE4hN2vM4pOI345a5i2NwZWpfaW2n3oB8MfGF0JUmJyTSSIx8ef256
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /stLLfkhltMnYdDyM4gheUFByuL8qsyOpnasE4hN2vM4pOI345a5i2NwZWpfaW2n3oB8MfGF0JUmJyTSSIx8ef256 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="stLLfkhltMnYdDyM4gheUFByuL8qsyOpnasE4hN2vM4pOI345a5i2NwZWpfaW2n3oB8MfGF0JUmJyTSSIx8ef256"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zh7yjAJ%2FwX%2FQJm3avzd3knYtwuPC5SaSV4TS%2BnmQILHXhGgSsc%2FB9zGuS8E45hyYtjqZgaRQKzYxKbYsb6hB4mB2Axseikzp%2FNX6uBYubyI%3D"}]}
cf-ray: 9513962b6bcb56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2464&min_rtt=587&rtt_var=767&sent=699&recv=420&lost=0&retrans=0&sent_bytes=493332&recv_bytes=47631&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21109&inflight_dur=153&x=80"
GET challenges.cloudflare.com/turnstile/v0/g/180b6a431d85/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/g/180b6a431d85/api.js
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type JavaScript source, ASCII text, with very long lines (48827)
Hash 37dbac94aef1db73de816d49652909e2
324ec5206208c2c336cfd6f924c4e19b80cc5706
cad4395e83a0a0d66da04e657e32491d430580ce68aeb4bd59031b3e37ab9c99
GET /turnstile/v0/g/180b6a431d85/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 17 Jun 2025 15:29:50 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 16 Jun 2025 16:33:10 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 951395b25fbc0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Mon, 16 Jun 2025 04:30:17 GMT
expires: Tue, 16 Jun 2026 04:25:19 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: eS23g72B2WeYL_kwlfbyNkRfwdhutCB-cpf_b0A_rPYgPZQvWRY8Iw==
age: 126290
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/kljoQp1oxSOnXEcvEdrNB8yaA6DF8YN5FECCpjHp1oZoppjgrNFIHmnhWBBHKKax0N55fep4dFQab230
200 OK 1.3 kB URL GET y6twlf4xd.kngmm.ru/kljoQp1oxSOnXEcvEdrNB8yaA6DF8YN5FECCpjHp1oZoppjgrNFIHmnhWBBHKKax0N55fep4dFQab230
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /kljoQp1oxSOnXEcvEdrNB8yaA6DF8YN5FECCpjHp1oZoppjgrNFIHmnhWBBHKKax0N55fep4dFQab230 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="kljoQp1oxSOnXEcvEdrNB8yaA6DF8YN5FECCpjHp1oZoppjgrNFIHmnhWBBHKKax0N55fep4dFQab230"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=RhBjwCWacqlfSnRD8cv30%2B%2ByH6RWp9%2B%2BbMMZzFR1%2BUDxzCOKHkJU0CrYmB%2FgpTUVS9FbeZ%2Fph5M3jRLJHeAfK9RGWS20BsjwX1QTpqEo8WE%3D"}]}
cf-ray: 951396321c0156af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2349&min_rtt=587&rtt_var=716&sent=697&recv=419&lost=0&retrans=0&sent_bytes=491320&recv_bytes=47585&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21089&inflight_dur=149&x=80"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 951396297bdf56b1-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 755741
expires: Sun, 07 Jun 2026 15:30:09 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h%2B5HzSLaO0%2Bk%2BbrROBQWweTlD2SpXsPhG3qq5tvu9%2FkGzEZjda%2Bc9b3ABg0ctCBTEyVghFVWXcdRaK%2F9T0JSnHGXOaT2kdLlJtq0mmTt%2Bf%2BJO6F6BsQn9D69%2FrNS4JwGkrKTkoZg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:10 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95139631299e56b1-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 755742
expires: Sun, 07 Jun 2026 15:30:10 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PpR5RcXjigUNBay%2B8%2FuABtu5cEc9CflEEi4RBQO8voF4AFGPexcMv5YB9fFdBzgywthamtiZ%2B0zbcXTNtTyeqWw2oBMakZXpPcHvfWLHihjb8%2BAknJFcZrC2AGCGXd4SgR7Vu%2Bk%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=951395b45bd456c6&lang=auto
200 OK 139 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=951395b45bd456c6&lang=auto
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 139 kB (139127 bytes)
Hash c447084ed7bf7d7c957f86852b5a5318
c54c9c9d3e6fc604bee3716cd954c071d4d2c683
d71b8b16377f6f6a39333f1b8896dbf94e205d02e614a23e5cb0d0f81bda4c89
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=951395b45bd456c6&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:29:50 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 951395b53cf356c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 17 Jun 2025 15:30:09 GMT
age: 1903210
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 34432
x-timer: S1750174210.739978,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/GDSherpa-bold.woff2
200 OK 28 kB URL GET y6twlf4xd.kngmm.ru/GDSherpa-bold.woff2
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: HIT
last-modified: Tue, 17 Jun 2025 13:31:29 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=IOrWxuDgGqm2dboynBHQpzibtsxad6jGJ1ZyPork31YaTfKe4sP7CpASjCSpNSM8Ms%2FpBzH%2BWkuS0Elp7RUcir5%2FSeO3AtE55FDOn4QOI1w%3D"}]}
age: 7120
cache-control: max-age=14400
cf-ray: 9513962aebba56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1243&min_rtt=587&rtt_var=306&sent=459&recv=394&lost=0&retrans=0&sent_bytes=230592&recv_bytes=34481&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=93600&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19799&inflight_dur=99&x=80"
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250617%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250617T153000Z&X-Amz-Expires=300&X-Amz-Signature=e426505853f75d48c60cd3e70275cd80e602fe3cf6dc4c6e72b724890e915cd9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250617%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250617T153000Z&X-Amz-Expires=300&X-Amz-Signature=e426505853f75d48c60cd3e70275cd80e602fe3cf6dc4c6e72b724890e915cd9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250617%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250617T153000Z&X-Amz-Expires=300&X-Amz-Signature=e426505853f75d48c60cd3e70275cd80e602fe3cf6dc4c6e72b724890e915cd9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Tue, 17 Jun 2025 15:30:10 GMT
age: 3586
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410031-HEL
x-cache: HIT, HIT
x-cache-hits: 23045, 5
x-timer: S1750174210.129635,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
200 OK 4.8 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (4800), with no line terminators
Hash 66e28bae13d13be869362d2cc6d8e22d
b27e8aef2f53a725df43e5e37dc5305f9fad9c49
73417074485b488ec3267cd52a974f2f0be6834f6b009c4ad4b2d25e8065ba72
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/919564262:1750173295:pqiX1OZuiGopZKNj6HVIsAd9VA_n549pH_1H4-OSH_U/951395b45bd456c6/xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
cf-chl: xKg7Hd44r_tmW8SsA8ydpW9TwFJLyN9Ud4._PopKCys-1750174190-1.2.1.1-A0D4hAoGUCSgL0S4v6wa6rdT4fJFr6OtALtQTEtYh0IW1L7xH95dpJlLjWhaRm1U
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 44204
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:06 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: X43kq8BzKWC+bxa86hs4zt11NlY6owZ+stN5kjdw2aQNdCqGKqnezxHKUY/LjQK0V5fqgvLB0uFNBQhaII0fnA==$2zn8lCmEbxKmqhZXnxPEOw==
cf-chl-out-s: hbFD1DYyhou9eC+aps4ghzLpDHFWUR4Cu3ZTcLguKAQwwQ/a0m3NzzZNP9DDLd2qC8AuD8SzxRkz46too7/5hhM3lNXPu22Q1Sa19rTC0N3VQZ8Roiz8JPJ1b3IG9s5DDt+0IMn2JuHz65/sedzWHo4TK6O93kr9le+oEMpRZWATnwScaTE/UcLIAMHxLzBx7eHbf9bJDAg6AQPnG1ncjWvX7Z79k8f6quYKugFGj5+MVfqLjOvbJXyuT7Je6TLyalkVWL3jpVmWAAa8/EZ9FHhbY/9s/Elr0UyHZvS9Rh6eVr8bn/aw6L2wU9XpF3sQj7Ze4FeQjzPTe9yworeVgccFtNkXXFjvx4XPCaZWhVJU6WrigW9nP9MoOO2ezYWV5HVoLrerD98P5my+W9qwcqIpVCr8/Wgmh5f5J6XKqY6l5rEO71zZQU2xKdjWv3oc51gVjH57en17QigAJ4btePeJQzc2FR3SS4Yqy4ULax7x+G4rmsSJXV6X1zOGIxy/St/YRUONWJU+G66TUh0BN19xxWCVJvcEzvufAnJMVp1M85JXWAlu32K2KtCS6iYVceTF8deJBjzLXYSYwBo2IARuKon0jTqWQdy8kOKSWZ0jcfSBaOcm6EYqOFDTpBrU1OMTBdUAYZhdzaoeObUxOIancdHLnnLeCK3eoq2IHmVV+Tx1y5Oho9qePRImxn5CLeSTJDfETzIRjoRebawtOJ1rUbHPUG8Fy1VXhT8AKGBDrKZNAuZrLHwl19RXaud3xngaAlpBqTWrwGN6h1WN8fz/swBzeTcF+ZzqbGQZqXvQBnuKSsSnt990sR3fbWuSfjxPVYDvjeJYFQ53Y98J0KntzRJIwlVG8RGo8/kOUVHHqXV+B5TrjMrwEjMkgx9dDUTfgEQQujDiVbQ2ZnlLUmK2P7yQW3gsPwUPqJA2Gn43HxYqf/TIdm/23koD6U3OpwlSl6ReiTsWk61c3bIndWhvxmJXMBLtrWWFa/e+Z7XoFUN2bD3HkxdBkuOGdmQonGRIDvk8h+wQK2jJS6rOwMy/f3yIZObnkNG7J9vvdfaFjofyYgu7y+nDT3yvSesMVB39dqpLokYt0kqYR9+1z/bZxtrUtXVii/zPcZ46pqB/JnErGKP0Tpr7VnW3lSRMmeolYmFCPhoYZ9RIM28kcLAoaR2fckBELiZHuGnobPrt8PVIOkmMr9li0e66uEE5ivC673L5htlV06rIU+jOhoULMXheWeFN5U3awEQyYP+NXWtJkv3cRSlFugtfPjR/xNKmqMJz51HQ5XiKRwppdujk7UiuQNgUVHnWlJfILQI=$hnmco0kuVCQwz+D2VG4hKw==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95139618dd1b56c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/opQq9w3Qu4y8JvdZHYqK2sLghyEMoghV7UYdQSte6IkFYi6LCIELuNS4zc5ncd195
200 OK 268 B URL GET y6twlf4xd.kngmm.ru/opQq9w3Qu4y8JvdZHYqK2sLghyEMoghV7UYdQSte6IkFYi6LCIELuNS4zc5ncd195
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opQq9w3Qu4y8JvdZHYqK2sLghyEMoghV7UYdQSte6IkFYi6LCIELuNS4zc5ncd195 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:10 GMT
content-type: image/svg+xml
cf-ray: 9513962b3bc756af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opQq9w3Qu4y8JvdZHYqK2sLghyEMoghV7UYdQSte6IkFYi6LCIELuNS4zc5ncd195"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Fpl%2FD%2Fl2M2VEC3z3lMyucx%2B5NYOZPd24AXCqkoOABtKoPnYHcVCYfBPPK84Smq4xJ76LYBeV3nC8bgwxhH%2BdaCw%2FxjyS%2BHXOsppZHOIcwfg%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2266&min_rtt=587&rtt_var=733&sent=693&recv=416&lost=0&retrans=0&sent_bytes=490374&recv_bytes=45575&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20544&inflight_dur=146&x=80"
POST x2plouxsterxlj4b3wxltieftyqoqts0v62251ptmhsp48wytt69dbydigk.cppppesmelxi.es/454398379171946IFznbBPEMOAPDOYLPWOUQRWXICICXPEVKPXAUNWXQCSGOJHUYLECpqYGXqnesD5WEGuayzhjtAuv40
200 OK 536 B URL POST x2plouxsterxlj4b3wxltieftyqoqts0v62251ptmhsp48wytt69dbydigk.cppppesmelxi.es/454398379171946IFznbBPEMOAPDOYLPWOUQRWXICICXPEVKPXAUNWXQCSGOJHUYLECpqYGXqnesD5WEGuayzhjtAuv40
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectcppppesmelxi.es
FingerprintE2:39:0F:65:8A:33:1D:17:DA:91:3C:A6:9D:9A:C8:EA:B9:D0:34:4B
ValidityThu, 12 Jun 2025 15:13:05 GMT - Wed, 10 Sep 2025 16:11:43 GMT
File type ASCII text, with very long lines (536), with no line terminators
Hash b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
Quad9 DNS malicious Sinkholed
POST /454398379171946IFznbBPEMOAPDOYLPWOUQRWXICICXPEVKPXAUNWXQCSGOJHUYLECpqYGXqnesD5WEGuayzhjtAuv40 HTTP/1.1
Host: x2plouxsterxlj4b3wxltieftyqoqts0v62251ptmhsp48wytt69dbydigk.cppppesmelxi.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 121
Origin: https://y6twlf4xd.kngmm.ru
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 17 Jun 2025 15:30:14 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://y6twlf4xd.kngmm.ru
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=nho3%2BOAn6ibX77b8hi%2FLr9VbbccXO%2FDVhtC1nBvdKQ7L8DUDL7LThHnqcIRh%2FONMzdvnxotZgDJ0Y9NnSQnz44HGBsITbMrwLfiZ%2FqbcbS25ccuIiea%2FVelmATRWIAzu%2B0irxvuTsxjBfkOdkSVgu0UUMHvaYWrsG2pprMRqnophd11%2BhL8%2Fed0%3D"}]}
content-encoding: br
cf-ray: 9513963fe9607127-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/opxUemtCJBz5bJIRyfUQ9kefZRVGwPH0pKhZNP45140
200 OK 892 B URL GET y6twlf4xd.kngmm.ru/opxUemtCJBz5bJIRyfUQ9kefZRVGwPH0pKhZNP45140
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opxUemtCJBz5bJIRyfUQ9kefZRVGwPH0pKhZNP45140 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:10 GMT
content-type: image/webp
content-length: 892
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="opxUemtCJBz5bJIRyfUQ9kefZRVGwPH0pKhZNP45140"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=qo4gHipBeZeCxMuoWSC8hBWIrgF7S92carRkl8hTGmNhTfikNqFvS30nTLyEjupiSkBPTm6MK1P1O7kBM40Cbas9QwcdZTTYVAu09J%2BS"}]}
cf-ray: 9513962b1bc356af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2134&min_rtt=587&rtt_var=1117&sent=686&recv=413&lost=0&retrans=0&sent_bytes=484861&recv_bytes=45439&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20078&inflight_dur=137&x=80"
GET y6twlf4xd.kngmm.ru/ijmtQZFI7kTyUsdzUeGHXecVzB6yzgURScSz8ibswnRlmHzb56170
200 OK 7.4 kB URL GET y6twlf4xd.kngmm.ru/ijmtQZFI7kTyUsdzUeGHXecVzB6yzgURScSz8ibswnRlmHzb56170
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijmtQZFI7kTyUsdzUeGHXecVzB6yzgURScSz8ibswnRlmHzb56170 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:10 GMT
content-type: image/svg+xml
cf-ray: 9513962b2bc556af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ijmtQZFI7kTyUsdzUeGHXecVzB6yzgURScSz8ibswnRlmHzb56170"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Vq2MAgCYQXotOAqCrRX0MMsg%2BVJ5OpPbuh3nazRKFDQi2XOMg7c7GukHcCAUpn5TLLwLtXKWb8GUzaOVXvy6KZBFGUuV8W%2FZRaSzEu84k3w%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2123&min_rtt=587&rtt_var=858&sent=688&recv=414&lost=0&retrans=0&sent_bytes=486423&recv_bytes=45485&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20083&inflight_dur=139&x=80"
GET y6twlf4xd.kngmm.ru/mnQCjHxmSUuQM8kNKc7sKZs3Tym6KfEG4nbpfbklNPjqas6kMEz4MMfIdq52wHuaeIfABTT6wx215
200 OK 1.9 kB URL GET y6twlf4xd.kngmm.ru/mnQCjHxmSUuQM8kNKc7sKZs3Tym6KfEG4nbpfbklNPjqas6kMEz4MMfIdq52wHuaeIfABTT6wx215
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /mnQCjHxmSUuQM8kNKc7sKZs3Tym6KfEG4nbpfbklNPjqas6kMEz4MMfIdq52wHuaeIfABTT6wx215 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: image/svg+xml
cf-ray: 951396320bff56af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="mnQCjHxmSUuQM8kNKc7sKZs3Tym6KfEG4nbpfbklNPjqas6kMEz4MMfIdq52wHuaeIfABTT6wx215"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=0%2FofPU8wyo%2BmaLHPT3biU%2BtaBKpdqUqxxhmXdHiwZyPA6URU8z%2F6wLOwF3GO%2FbY6YKCF9ZJNXYpTKQTvZ51gqOk3spWSGBxwE8DAJJfb8NY%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2336&min_rtt=587&rtt_var=831&sent=707&recv=421&lost=0&retrans=0&sent_bytes=501800&recv_bytes=47676&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21131&inflight_dur=155&x=80"
GET y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
200 OK 39 kB URL User Request GET y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type HTML document, ASCII text, with very long lines (2819)
Hash 6fa52ccdb16fcac18e84eb98e37273d4
c7696688cc15c68cf6e1f6e58209ed0fa2e8cc32
a3bbfbac73056f5a3cc4a2afddffd41f7107e4272fa4d7647b57be5ceba5a676
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 17 Jun 2025 15:29:49 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=rBLRqCpvYhL0ypTXMt1YioXD8ZCOUIOAyBtw1EE0RzqDcjyY5Bsy7EM5GPRMb9wAExLNcr%2BBIWd4QAmgMqYCB8tdMSrbxyFooF0aJ0La"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6IjBmd0xCZjkycDlTcUtLY1lGb1BHaVE9PSIsInZhbHVlIjoiVGJHOHc3bUFGblFtV2czYzhiclVvcTR6dkw5YytnMkU1N0phZUZERk0zR1o5V0xCT0ZDVVhVa3V5dzlPa0Vhd3M0aHIrVFZXQmhxUTZTaXpTcVYyQ1JXZ2YyY1BCQUpIaUZzZ2o1YXB1U1JlUWc0NTF5L0crdFlLYzE1dGJpRC8iLCJtYWMiOiIwZjQ0ODljYzJiNDFjN2RhYzlmNWFlMWMxZjFkZjg1YjRiMTdiNTQ3MGZlY2RkMTA0ZGIzYWY3ZjEwN2RmMjQ2IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:29:49 GMT
laravel_session=eyJpdiI6IjQ5bU5sSHVNdTNNbjJJNTFjUytqOFE9PSIsInZhbHVlIjoiSkJKQmdHOVVwUGEzZTdpQW13Y1hhTm5iNS9ob2ZERVEzaVhPUGY4WnA5NXluUG55WFlSRW4zT1I1ak9hZE9QNEY2eWlvZ2xjVG1YdG1teXBieUdjbm1oOUxaWnNmdTUvTFdTVU5kWm5TT0VGSGVZUnZSWlk0UWQwTnZpdkh0STYiLCJtYWMiOiIwNDAyZjFmOGVmZGRhZWNjNzUyZmU4ODRiYTIxN2JkNWI1ZTM4NjE1YWI1ZTBhMWY3ZDVlOTJhNzRlYzI0NDE1IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:29:49 GMT
cf-ray: 951395ad09011bfe-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST y6twlf4xd.kngmm.ru/tvck3FxbKJF4ZdK1Lnas5zr3slArVChoFoc
200 OK 20 B URL POST y6twlf4xd.kngmm.ru/tvck3FxbKJF4ZdK1Lnas5zr3slArVChoFoc
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /tvck3FxbKJF4ZdK1Lnas5zr3slArVChoFoc HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------2106280932494909734853589146
Content-Length: 1849
Origin: https://y6twlf4xd.kngmm.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjBmd0xCZjkycDlTcUtLY1lGb1BHaVE9PSIsInZhbHVlIjoiVGJHOHc3bUFGblFtV2czYzhiclVvcTR6dkw5YytnMkU1N0phZUZERk0zR1o5V0xCT0ZDVVhVa3V5dzlPa0Vhd3M0aHIrVFZXQmhxUTZTaXpTcVYyQ1JXZ2YyY1BCQUpIaUZzZ2o1YXB1U1JlUWc0NTF5L0crdFlLYzE1dGJpRC8iLCJtYWMiOiIwZjQ0ODljYzJiNDFjN2RhYzlmNWFlMWMxZjFkZjg1YjRiMTdiNTQ3MGZlY2RkMTA0ZGIzYWY3ZjEwN2RmMjQ2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjQ5bU5sSHVNdTNNbjJJNTFjUytqOFE9PSIsInZhbHVlIjoiSkJKQmdHOVVwUGEzZTdpQW13Y1hhTm5iNS9ob2ZERVEzaVhPUGY4WnA5NXluUG55WFlSRW4zT1I1ak9hZE9QNEY2eWlvZ2xjVG1YdG1teXBieUdjbm1oOUxaWnNmdTUvTFdTVU5kWm5TT0VGSGVZUnZSWlk0UWQwTnZpdkh0STYiLCJtYWMiOiIwNDAyZjFmOGVmZGRhZWNjNzUyZmU4ODRiYTIxN2JkNWI1ZTM4NjE1YWI1ZTBhMWY3ZDVlOTJhNzRlYzI0NDE1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:08 GMT
content-type: application/json
cf-ray: 951396209b7f56af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=zdyhB8wU%2Fv6tQHYpwk6tapxhrT%2FeHzNWKdSGQLYdVETPMZqZz1VDxDT5pFwZHNlPfS4PkDDxyKrFEpRtlNNV2u5CJGi4tIMzyIwdjpj1slg%3D"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6IjFFSjdkNklGWUE5TnkrRE0vd3lObWc9PSIsInZhbHVlIjoiTlNEeWtadzhmK0JSRTNoRXBXY1VwRzlLdzhBbXp4TmJRUy8ySW54U2t2L0d1VGlrdm9KbFE0a3dVQlNUS1hFd2lOL2hjRHNoVnVMYlJzT0pMYmkwYnNZMDEyVjlRNkdCdlpZNlF2M2hxSTV6WUs2Q0FIcWVkKzhOdUM5YldhcVEiLCJtYWMiOiIyYmVkNjBlZWNhNDE3YmQzMDZiMzY3YWM0MDgyNjZhYWMyZWRjMWE5NWE5YmM3ZTFkODNiMjY1OTU4YzdmMjZhIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:08 GMT
laravel_session=eyJpdiI6IjRvalhnQXduaUFNZUJXTlJ6bXdVb3c9PSIsInZhbHVlIjoidmkxUWw5V05uR1RReTNVd3F3UFpoYzNZdXpLVHorUWJyanFENXZGcjZ1WjlKRWhEekthdmZCckJZQUxYU1IyU3JCdFVjN0FEREo2SC9Fd2NlZGVTTURKSmxCWWZwZmRSbHBQTUo3ZElhWDMyMm80YmZOS2M1bUdtQlFwVzh4cjAiLCJtYWMiOiI4YWRjOWZmZTg4YjFjY2U2ZDJhNmVjN2E4YmUwN2JiMTU0OGNlYzQyNGJmMWI3NDA1Nzk5YTU4NWZkMmJkMWMwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:08 GMT
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1841&min_rtt=587&rtt_var=696&sent=256&recv=366&lost=0&retrans=0&sent_bytes=17653&recv_bytes=23223&delivery_rate=551319&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=18380&inflight_dur=56&x=80"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 17 Jun 2025 15:30:08 GMT
age: 1903209
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 34429
x-timer: S1750174209.619870,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/uveZL61X89rlZWpJcmqrpKivy0ovdpOZL9c4Gr12125
200 OK 644 B URL GET y6twlf4xd.kngmm.ru/uveZL61X89rlZWpJcmqrpKivy0ovdpOZL9c4Gr12125
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /uveZL61X89rlZWpJcmqrpKivy0ovdpOZL9c4Gr12125 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="uveZL61X89rlZWpJcmqrpKivy0ovdpOZL9c4Gr12125"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=Ea0NDc%2BMYwi71C9GOMeMxhhWpNeGY1%2B6Z83SEqV%2BuFfttXeYm13ieDpofrs%2FO4cNDrd7r9y%2FxqgCN3YFEQXw9Uht0eacrJHKQ23ounPe2fg%3D"}]}
cf-ray: 9513962b1bc156af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1580&min_rtt=587&rtt_var=504&sent=677&recv=411&lost=0&retrans=0&sent_bytes=477185&recv_bytes=45348&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20023&inflight_dur=127&x=80"
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Mon, 16 Jun 2025 04:30:17 GMT
expires: Tue, 16 Jun 2026 04:25:19 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: WHEkC-Usfufq7ehfzHi6_CU-VwoG6l7mIWizL3vEkG25jK2Tkz5AyQ==
age: 126290
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/ijm7hJRg8e2V1PrYGtkXAVCmK69AEbFQ5ZxyCKSICxqKZsHENYxJiOxY6PTVwNOJPFFGef202
200 OK 25 kB URL GET y6twlf4xd.kngmm.ru/ijm7hJRg8e2V1PrYGtkXAVCmK69AEbFQ5ZxyCKSICxqKZsHENYxJiOxY6PTVwNOJPFFGef202
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijm7hJRg8e2V1PrYGtkXAVCmK69AEbFQ5ZxyCKSICxqKZsHENYxJiOxY6PTVwNOJPFFGef202 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ijm7hJRg8e2V1PrYGtkXAVCmK69AEbFQ5ZxyCKSICxqKZsHENYxJiOxY6PTVwNOJPFFGef202"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=w%2Bf5rzOZ8bxtNeuy7hozpAKR6B%2FVa%2BOVRJtB1zR11QPLK5mjp1tmbl8v0f1HnPusYPiPlxgRng2D8ZpoyVeUX9B291I%2FFtNq3HpH6Z%2FgQNc%3D"}]}
cf-ray: 9513962b4bc856af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1975&min_rtt=587&rtt_var=906&sent=728&recv=424&lost=0&retrans=0&sent_bytes=522446&recv_bytes=47814&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21148&inflight_dur=162&x=80"
GET y6twlf4xd.kngmm.ru/favicon.ico
404 Not Found 0 B URL GET y6twlf4xd.kngmm.ru/favicon.ico
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IjBmd0xCZjkycDlTcUtLY1lGb1BHaVE9PSIsInZhbHVlIjoiVGJHOHc3bUFGblFtV2czYzhiclVvcTR6dkw5YytnMkU1N0phZUZERk0zR1o5V0xCT0ZDVVhVa3V5dzlPa0Vhd3M0aHIrVFZXQmhxUTZTaXpTcVYyQ1JXZ2YyY1BCQUpIaUZzZ2o1YXB1U1JlUWc0NTF5L0crdFlLYzE1dGJpRC8iLCJtYWMiOiIwZjQ0ODljYzJiNDFjN2RhYzlmNWFlMWMxZjFkZjg1YjRiMTdiNTQ3MGZlY2RkMTA0ZGIzYWY3ZjEwN2RmMjQ2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjQ5bU5sSHVNdTNNbjJJNTFjUytqOFE9PSIsInZhbHVlIjoiSkJKQmdHOVVwUGEzZTdpQW13Y1hhTm5iNS9ob2ZERVEzaVhPUGY4WnA5NXluUG55WFlSRW4zT1I1ak9hZE9QNEY2eWlvZ2xjVG1YdG1teXBieUdjbm1oOUxaWnNmdTUvTFdTVU5kWm5TT0VGSGVZUnZSWlk0UWQwTnZpdkh0STYiLCJtYWMiOiIwNDAyZjFmOGVmZGRhZWNjNzUyZmU4ODRiYTIxN2JkNWI1ZTM4NjE1YWI1ZTBhMWY3ZDVlOTJhNzRlYzI0NDE1IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 17 Jun 2025 15:29:50 GMT
content-type: text/html; charset=UTF-8
cf-ray: 951395b43fd256af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lg1GD9WODEf4p9KBsMhycYXLGKXE7MvLy6qimTh%2ByS6tAxbkgH%2F81NFUhkvE13%2BmOl1VoLu1aT5sn9Jamifr8xCnV10Dtln8spLzPcqQ%2FWE%3D"}]}
cf-cache-status: EXPIRED
age: 87
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1830&min_rtt=587&rtt_var=899&sent=253&recv=362&lost=0&retrans=0&sent_bytes=16943&recv_bytes=20247&delivery_rate=551319&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=949&inflight_dur=34&x=80"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
200 OK 26 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type HTML document, ASCII text, with very long lines (26535), with no line terminators
Hash d3a9fd1b7d404f821b93a16d739d75da
0654f81ebf8ea23c35de3bc33ec9ba4ead4f37ea
4d8bf07d7255392faf62dae699bf261ebf50600344a15ee599f647156c974f14
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:29:50 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-K7fWuIgBnqTNDnyN' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 951395b45bd456c6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
200 OK 214 kB URL User Request GET y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
IP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type HTML document, ASCII text, with very long lines (7354), with CRLF line terminators
Size 214 kB (214064 bytes)
Hash 890074a17e5db7ffebc5cc7e2a6e8113
bba8fc71ab1afdd8dfbadb23d501c9b04684de7e
80dafeb6df5e6902a18eb57c32663df4916325908c88652d647c0de68d0eddf4
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InVvdTZLK3BMZjNuWVZiVjRtQXFxa2c9PSIsInZhbHVlIjoiUFBxM0o1T0g4bXRsK1pTZGZyMzJhcUNjSTRSZTQ1MEpkWUovM25rb2hVVndMOGVIV1MyY1ZxOXNCSExhWFlGcnNkdUNNYWFaT0drOHFtN3o4NkNLb09sOGdjMlI0VkJudFd3cUJKUDVsdWFtcTJqdktBakQ3d2tmNElnQ0UxNXUiLCJtYWMiOiI3NDY5YTJlNzY3MDczYWYxZTNmMTFhMDY2ZTdlODZjYzQ1MzljYThjNDAyNDljZGI4MzY0YTgwZDljMTk5Nzc0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Iks5T0M2ZGdvbWphaGRTRjcwbEhFelE9PSIsInZhbHVlIjoiTWNIZzRFdHZDbDdDb1hYQ2d5RkpEdGhKbVphOEJsZm5DeFpSdVA0Nk55M21KZDB0VFdKTjNjN0V6TE5hQjhMbEZjUjZaTHZuUUxNU3Y0TjlYcFc4dzN5VDlTVkVIRWZLK3lkeC81VlFsdVk5bFh1Y1lIcmk0cDY1QzNTZGFWNTciLCJtYWMiOiJiMDJlNmQxZDNiNmQ1YjNlY2EwYmI4OGExOGJkZjEyMTBhYTI3ZGVhOWE0ZGI2Y2MxNzA5YzdlMmZiMWQ1Zjg3IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: text/html; charset=UTF-8
cf-ray: 95139626cba356af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=%2BY1iebeFuA7KJIa0fYrVDBXdLuncGkqyvXS0M55mZAOqkq%2BHGAKE%2F5IXptj80oFCnkJsViz034XEBsDHysWy527ZcnfFQYKOCUFT1A8oKmg%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:09 GMT
laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:09 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1514&min_rtt=587&rtt_var=498&sent=278&recv=375&lost=0&retrans=0&sent_bytes=30918&recv_bytes=27322&delivery_rate=7780853&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19366&inflight_dur=65&x=80"
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 17 Jun 2025 15:30:00 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250617%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250617T153000Z&X-Amz-Expires=300&X-Amz-Signature=e426505853f75d48c60cd3e70275cd80e602fe3cf6dc4c6e72b724890e915cd9&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 12B1:2E9D38:1F31CDA:1FC1459:68518A01
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:29:50 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 951395b50c9f56c6-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST y6twlf4xd.kngmm.ru/kfA9jnvUpDY411yPUQE09aKmTGylC0x60D4Rnqq4gew
200 OK 287 B URL POST y6twlf4xd.kngmm.ru/kfA9jnvUpDY411yPUQE09aKmTGylC0x60D4Rnqq4gew
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
Hash 22c0e0d8115042a9a9f00cb494472a82
038aeff706c08a9955c0ab0e69826bb194a1669a
d043a4cdeb8deae914519820c10f6abdfc44c384daf9e2087c003df7f0fc75a9
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /kfA9jnvUpDY411yPUQE09aKmTGylC0x60D4Rnqq4gew HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 34
Origin: https://y6twlf4xd.kngmm.ru
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Im8wSjg1V1o2djdjYWVOVXdFbDNCL2c9PSIsInZhbHVlIjoiM25DNjNPTzJETFhBbFFXRDVSZWdDYmVTWUZHZzd0eVZlNzBIVmJBU0pKc1d6NGs3NTNYYlRtaFJYUnoxYlk5VGduZW41QVZGWjZ2STVpdW9OaldPSURoUTRzdkNSOEZKbHNaZHVRQjg3Y3lyZXM2UkwzZEcxemMyR3g5R2pLdEQiLCJtYWMiOiJhYjAxYTIyOWJhMzIzMDA1NzQyNzUxMzc0MTg3MDc0NDNiM2JkOGQ4ZmY3MTNiMjY0OGVlNTZhOTIzNzEyOTMxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhUNnFLbWw5WWlCbGRDM2Y4TFUyb2c9PSIsInZhbHVlIjoiTmV3SFdZcGRCbWZhTmR3cTJFWnNRd0hCNXNTSFBDL3ovZFZPNE9lNWxiejhMditHTk5DTWF0TE1MTU9HYjAwYXNHd0RZM01iZHh2M2UwVVFGN2lPSUE2NTRZc0h1bHdSS1dsMzdLdktkR2MxNGg4WUZnclBEdWJ0cjhqMkJhYmQiLCJtYWMiOiIyNjdmMjQ5ZDMxMDNlMmEzMGI5NzJiYjMyYzBhOTYxMDBiNjIyNzM1ODA4NWM1OTMyZTU4NTk2MGY3NGZlNWJiIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:08 GMT
content-type: text/html; charset=UTF-8
cf-ray: 951396248b9356af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=tEs7%2FN6z4VYil5KaHbF4Y%2F%2BafCRIzZX0f0HNb5F41oVnxDQQZoTgG7NBc2Lq2U%2B0TA7a2rU%2B29CFd2QrGpn0%2BEYQYHjcTDAQGp2eRa38dkA%3D"}]}
cf-cache-status: DYNAMIC
set-cookie: XSRF-TOKEN=eyJpdiI6InVvdTZLK3BMZjNuWVZiVjRtQXFxa2c9PSIsInZhbHVlIjoiUFBxM0o1T0g4bXRsK1pTZGZyMzJhcUNjSTRSZTQ1MEpkWUovM25rb2hVVndMOGVIV1MyY1ZxOXNCSExhWFlGcnNkdUNNYWFaT0drOHFtN3o4NkNLb09sOGdjMlI0VkJudFd3cUJKUDVsdWFtcTJqdktBakQ3d2tmNElnQ0UxNXUiLCJtYWMiOiI3NDY5YTJlNzY3MDczYWYxZTNmMTFhMDY2ZTdlODZjYzQ1MzljYThjNDAyNDljZGI4MzY0YTgwZDljMTk5Nzc0IiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:08 GMT
laravel_session=eyJpdiI6Iks5T0M2ZGdvbWphaGRTRjcwbEhFelE9PSIsInZhbHVlIjoiTWNIZzRFdHZDbDdDb1hYQ2d5RkpEdGhKbVphOEJsZm5DeFpSdVA0Nk55M21KZDB0VFdKTjNjN0V6TE5hQjhMbEZjUjZaTHZuUUxNU3Y0TjlYcFc4dzN5VDlTVkVIRWZLK3lkeC81VlFsdVk5bFh1Y1lIcmk0cDY1QzNTZGFWNTciLCJtYWMiOiJiMDJlNmQxZDNiNmQ1YjNlY2EwYmI4OGExOGJkZjEyMTBhYTI3ZGVhOWE0ZGI2Y2MxNzA5YzdlMmZiMWQ1Zjg3IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Tue, 17 Jun 2025 17:30:08 GMT
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1538&min_rtt=587&rtt_var=602&sent=274&recv=373&lost=0&retrans=0&sent_bytes=29270&recv_bytes=26275&delivery_rate=7780853&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=18961&inflight_dur=63&x=80"
GET y6twlf4xd.kngmm.ru/GDSherpa-vf2.woff2
200 OK 93 kB URL GET y6twlf4xd.kngmm.ru/GDSherpa-vf2.woff2
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: HIT
last-modified: Tue, 17 Jun 2025 13:31:29 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=x4Ugc0NHzOolAxabC%2FGHR%2FGij40VgLPrB8Gh%2BeucItr0ZxeX27d0GymuFL4CEzoW3sRMkln0%2Fn%2B8bOknQO%2B%2Fj8%2Fuk4bSbn9MIzPPW4YH%2FMc%3D"}]}
age: 7120
cache-control: max-age=14400
cf-ray: 9513962b1bc256af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1428&min_rtt=587&rtt_var=431&sent=586&recv=404&lost=0&retrans=0&sent_bytes=373631&recv_bytes=40414&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19829&inflight_dur=119&x=80"
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/951395b45bd456c6/1750174191411/893da5d782007cd63d1d62c9ea84ca714a2ec53b537cdd25507e4403558a304c/Epe0hu1lU2zzaJk
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/951395b45bd456c6/1750174191411/893da5d782007cd63d1d62c9ea84ca714a2ec53b537cdd25507e4403558a304c/Epe0hu1lU2zzaJk
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/951395b45bd456c6/1750174191411/893da5d782007cd63d1d62c9ea84ca714a2ec53b537cdd25507e4403558a304c/Epe0hu1lU2zzaJk HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Tue, 17 Jun 2025 15:29:56 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20giT2l14IAfNY9HWLJ6oTKcUouxTtTfN0lUH5EA1WKMEwAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIIk9pdeCAHzWPR1iyeqEynFKLsU7U3zdJVB-RANVijBMABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIIk9pdeCAHzWPR1iyeqEynFKLsU7U3zdJVB-RANVijBMABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApfbVKW9jv_cm7VCxn62oVAVC5hFmu-kZjUyoHVY59NkyKyHKMDjFTQQtwRz5WaCrisTztPUBe5IEqngHq_K6n0LVGgP-vP5_EV8Q63SdqECb9NxgQT_jnGDYKP38YIvPHP47CMaQOOm6F4tfy50OTdVLxmir-nwtG4EsjQpjbWt5h0uKnWtYHo0z3T2TGAaak3xueW6uC1Y9XvXRyQ4VLq2YT2Pj5nG5iT9qz95HGc0b9CcuEADcgyRRUmYpFDKa4E7gznEbKSul9XcN8oNCkL49spyNT1stpPVhL9fnQZz0zdIsTIdKR-iKQoy9HKyPEeNpcQhrSF7DgSPJTnR6xwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 951395d75c2c56c6-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:08 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 95139623cc2b56b1-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 755740
expires: Sun, 07 Jun 2026 15:30:08 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f2Ya838rkNcYhNxh7uvBVp2OT1s1qowM4PVteG71NXBqWdAxBkjfTQ58ZXqGDO4h8xMwIffdrFHlEFneFWhHmM5Vt%2FtZU5FnyarJRleBntsT4ElquW4liApZDpVhX5065P5HDO2Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/345KphcdyLHb6720
200 OK 28 kB URL GET y6twlf4xd.kngmm.ru/345KphcdyLHb6720
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /345KphcdyLHb6720 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: text/css;charset=UTF-8
cf-ray: 9513962adbb856af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="345KphcdyLHb6720"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=oaiuVdoISLTuNQ2RUGvVh9WejwG5zoSFQBkum6ZrWCzEpUiS%2F5xjLT3lkaWUOvZNblEY6V7hZ%2B9vP9NboolPr24MJX9vhwt9v9FFBBo8ch8%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1514&min_rtt=587&rtt_var=496&sent=671&recv=410&lost=0&retrans=0&sent_bytes=469999&recv_bytes=45302&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=20016&inflight_dur=125&x=80"
GET y6twlf4xd.kngmm.ru/GDSherpa-vf.woff2
200 OK 44 kB URL GET y6twlf4xd.kngmm.ru/GDSherpa-vf.woff2
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: HIT
last-modified: Tue, 17 Jun 2025 13:31:29 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=wrZtxVxhNDszxKnSYVfNBEhSj94Xi0%2F9fd8SBSXDP14rJDiX2JcyMKLHq2vLvWyhdec6aBzLSdwBihPjCT6k6eCnfhFNTgL%2FyszL7ZpbGM0%3D"}]}
age: 7120
cache-control: max-age=14400
cf-ray: 9513962afbbf56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1472&min_rtt=587&rtt_var=688&sent=517&recv=395&lost=0&retrans=0&sent_bytes=298205&recv_bytes=34529&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=93600&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19807&inflight_dur=107&x=80"
GET y6twlf4xd.kngmm.ru/wxzjKaueunjnzsTzKbkMccjLg7uDRGT1wjjyiVVmnIRIbsJ0wb2bP0m6Gaeab177
200 OK 2.9 kB URL GET y6twlf4xd.kngmm.ru/wxzjKaueunjnzsTzKbkMccjLg7uDRGT1wjjyiVVmnIRIbsJ0wb2bP0m6Gaeab177
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wxzjKaueunjnzsTzKbkMccjLg7uDRGT1wjjyiVVmnIRIbsJ0wb2bP0m6Gaeab177 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: image/svg+xml
cf-ray: 9513962b2bc656af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="wxzjKaueunjnzsTzKbkMccjLg7uDRGT1wjjyiVVmnIRIbsJ0wb2bP0m6Gaeab177"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=pbTufSP5BAh4cjLIJ0FCcNdLIXiehdbSP73nzMVZYW%2B98CA7KxZFmL0XUClr7m6GhE%2BVZd50Biq9HcJu0r4Z1raipCBBXSDrivmiuEmHk1Y%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=2210&min_rtt=587&rtt_var=875&sent=710&recv=422&lost=0&retrans=0&sent_bytes=503218&recv_bytes=47722&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21135&inflight_dur=157&x=80"
GET pm2h00.tvknzupwbdfg.es/shapaki@f90wk9
200 OK 1 B URL GET pm2h00.tvknzupwbdfg.es/shapaki@f90wk9
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjecttvknzupwbdfg.es
Fingerprint6C:46:D9:AC:99:54:94:80:A4:7B:C6:40:86:4B:38:9B:58:B5:9D:35
ValidityTue, 03 Jun 2025 23:15:58 GMT - Tue, 02 Sep 2025 00:14:30 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /shapaki@f90wk9 HTTP/1.1
Host: pm2h00.tvknzupwbdfg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/
Origin: https://y6twlf4xd.kngmm.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 17 Jun 2025 15:30:08 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=imvdNGR%2Bb9AtpJoCtw3ewul4hrw%2FQDvdXiUxzIFotMv0Uv7OsW2T5T7vApLfNWVvMsbatHtuPb%2F%2B%2F7KkIpWi4Tyl6jV%2BQOlLgieDBwVLUDKUpv1Z"}]}
content-encoding: br
cf-ray: 9513961a58d77131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/favicon.ico
404 Not Found 0 B URL GET y6twlf4xd.kngmm.ru/favicon.ico
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6Im8wSjg1V1o2djdjYWVOVXdFbDNCL2c9PSIsInZhbHVlIjoiM25DNjNPTzJETFhBbFFXRDVSZWdDYmVTWUZHZzd0eVZlNzBIVmJBU0pKc1d6NGs3NTNYYlRtaFJYUnoxYlk5VGduZW41QVZGWjZ2STVpdW9OaldPSURoUTRzdkNSOEZKbHNaZHVRQjg3Y3lyZXM2UkwzZEcxemMyR3g5R2pLdEQiLCJtYWMiOiJhYjAxYTIyOWJhMzIzMDA1NzQyNzUxMzc0MTg3MDc0NDNiM2JkOGQ4ZmY3MTNiMjY0OGVlNTZhOTIzNzEyOTMxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhUNnFLbWw5WWlCbGRDM2Y4TFUyb2c9PSIsInZhbHVlIjoiTmV3SFdZcGRCbWZhTmR3cTJFWnNRd0hCNXNTSFBDL3ovZFZPNE9lNWxiejhMditHTk5DTWF0TE1MTU9HYjAwYXNHd0RZM01iZHh2M2UwVVFGN2lPSUE2NTRZc0h1bHdSS1dsMzdLdktkR2MxNGg4WUZnclBEdWJ0cjhqMkJhYmQiLCJtYWMiOiIyNjdmMjQ5ZDMxMDNlMmEzMGI5NzJiYjMyYzBhOTYxMDBiNjIyNzM1ODA4NWM1OTMyZTU4NTk2MGY3NGZlNWJiIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 17 Jun 2025 15:30:08 GMT
content-type: text/html; charset=UTF-8
cf-ray: 951396255b9c56af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=lg1GD9WODEf4p9KBsMhycYXLGKXE7MvLy6qimTh%2ByS6tAxbkgH%2F81NFUhkvE13%2BmOl1VoLu1aT5sn9Jamifr8xCnV10Dtln8spLzPcqQ%2FWE%3D"}]}
cf-cache-status: HIT
age: 17
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1565&min_rtt=587&rtt_var=731&sent=272&recv=372&lost=0&retrans=0&sent_bytes=28623&recv_bytes=26231&delivery_rate=7780853&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=18904&inflight_dur=61&x=80"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 9513962a0d1156b1-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 755741
expires: Sun, 07 Jun 2026 15:30:09 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QTVsQR4ioJbF0%2Fewpbimn84GCjZ6W5cbpZr1NjHgcoSv1OyR5V%2F%2FjNbjYFKsN6iGsNoYhwDBghL%2FBekax4rXDBHGLnpLONXYMLbQ2nRcb23bmdlydUX%2FJ05W3xb3M4SDHMIrKz0t"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/GDSherpa-regular.woff2
200 OK 29 kB URL GET y6twlf4xd.kngmm.ru/GDSherpa-regular.woff2
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: HIT
last-modified: Tue, 17 Jun 2025 13:31:29 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=aYHS%2F5tnPLS0JHI2zEmDzdY9dFLhZOpEiiUo6JAPz%2BQB%2Bc1dd0lOd4MpmdIpjObp5pFno1SV9CvGY7WqBDDZFxoigfWh7JBWcWCD8ieMSBw%3D"}]}
age: 7120
cache-control: max-age=14400
cf-ray: 9513962aebbc56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1487&min_rtt=587&rtt_var=416&sent=557&recv=399&lost=0&retrans=0&sent_bytes=343583&recv_bytes=36531&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19815&inflight_dur=117&x=80"
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 17 Jun 2025 15:29:50 GMT
age: 1903191
x-served-by: cache-lga21931-LGA, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 34413
x-timer: S1750174191.561114,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/951395b45bd456c6/1750174191407/o34y7na3uMqkfHU
200 OK 289 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/951395b45bd456c6/1750174191407/o34y7na3uMqkfHU
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type PNG image data, 77 x 32, 8-bit/color RGBA, non-interlaced
Hash 823e093882bb011f7ea9bdb254bbf0b5
9d100c1f951c2ec369fead1c9c03f605af1b0b6e
81e5defb89e827c3d7e8bc5efa56fa8da6ac0c76df9319689cb81982cee86d6e
GET /cdn-cgi/challenge-platform/h/g/d/951395b45bd456c6/1750174191407/o34y7na3uMqkfHU HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/idco8/0x4AAAAAABdYGXe7lbZbHKYZ/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:29:54 GMT
content-type: image/png
content-length: 289
priority: u=4,i=?0
server: cloudflare
cf-ray: 951395ce689956c6-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET y6twlf4xd.kngmm.ru/GDSherpa-regular.woff
200 OK 37 kB URL GET y6twlf4xd.kngmm.ru/GDSherpa-regular.woff
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:09 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: HIT
last-modified: Tue, 17 Jun 2025 13:31:29 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=AxxP6KvVpaTyGBjefCktJuX%2BhJhb4Gl71fsO8Khiic2tuo0yUl1ffg91ohN5OHOlF4kxQstebWkiqGl0F7rUYj3w8SdPgiKcqC6aC9Lm"}]}
age: 7120
cache-control: max-age=14400
cf-ray: 9513962aebbe56af-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1472&min_rtt=587&rtt_var=688&sent=484&recv=395&lost=0&retrans=0&sent_bytes=259939&recv_bytes=34529&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=93600&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=19805&inflight_dur=103&x=80"
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
date: Sun, 08 Jun 2025 16:31:18 GMT
expires: Mon, 08 Jun 2026 16:31:18 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 dfa43a17d6715f83d8bb6aa560e80366.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P2
x-amz-cf-id: j7OY9wg7WKZ8-7Ddsk-8OSTSkrUJgpbmBQMtVzEL0AOoMD3MvNKZyA==
age: 773931
X-Firefox-Spdy: h2
GET y6twlf4xd.kngmm.ru/34le3oWLCh4vhS7KJPeZijypoJhNzKcgukkwZ89110
200 OK 293 kB URL GET y6twlf4xd.kngmm.ru/34le3oWLCh4vhS7KJPeZijypoJhNzKcgukkwZ89110
IP
Requested by https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Certificate IssuerGoogle Trust Services
Subjectkngmm.ru
Fingerprint04:29:5D:A8:58:05:64:EF:53:C6:0B:D1:BF:80:0E:02:F6:B6:B2:F9
ValidityThu, 15 May 2025 20:26:24 GMT - Wed, 13 Aug 2025 21:23:51 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 293 kB (292748 bytes)
Hash bf1842c2fd860a7809d3fe2e6aa9fd47
f652abd5a6954c760c8df4be1cb8905b36cedab9
c92fb0a9442b9c578002b60e35af1abeb388e5ac5d2731dec1899eca486b18dc
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /34le3oWLCh4vhS7KJPeZijypoJhNzKcgukkwZ89110 HTTP/1.1
Host: y6twlf4xd.kngmm.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/ywojwptefqlqiabqwqaqqzpogmnwusvz0xe4dkkbzdqiez9ekmy?WNPIENRZXXPBWRP
Cookie: XSRF-TOKEN=eyJpdiI6ImU5dWFqYktpaUs4aTNQWlJsSUo3TEE9PSIsInZhbHVlIjoidHlXQWRFTm5HK25aN25NdEpsVVdRc1ZkZDBaaHpCVEJaSFBLNHpqVzZpMVAxd3pzRHBDVTY0V2hBanIrU2NTSkhhMkxWT2Q5bTZiLytwQlUyaDdWL1RraE9rNzAwekI4YWE3UjhoZDhCL29FQ3JKWWc2SFlkZjdRTmZaRC9ZMXMiLCJtYWMiOiI3NDgwNDk1ZjRjZGY5NmZjY2UxYjNlNzQ4OWE0NWEzMDk2NmViODAzZTgwOWJmOTJjY2U2NWM3OWRkMTY4ZTIxIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkoyZ3MxZjZrRTJ5TE1YNkdyUHc5TUE9PSIsInZhbHVlIjoiT0dldndzaEZQUE9wVmh0UWJ5NEFUekZxWnkzTFdTcEM4Yk91VG1ZalpIUGhxTHBqUzJvWlh4T0UyQzRPYU5RSU1GaXpqbmxJS3BUczFsSUo5Ulc3UWk2ZnNmbWQ0dXRmcWo0VElvckNnRTVwUjc3dVZ1cnRXbHhhVXd4ZmdIUXQiLCJtYWMiOiI4OGZiY2NhNmRhNmUxNzcyNTcyNDYxZWVjN2VhZTQ3NDk2NmE3NDI1NDk5ZWJjNjVhMGE0NjdmNmI3NzE5YzE4IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 17 Jun 2025 15:30:11 GMT
content-type: application/javascript
cf-ray: 9513962b6bca56af-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="34le3oWLCh4vhS7KJPeZijypoJhNzKcgukkwZ89110"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=uCIExeep5z1LYVTfkVLdVivBZ29OojNjWIJQ46zIkOrnHpy3HE2Zcz2XcmIEprUd8jHcWUjbmgsgzXAxrmsGxOkj9umz4goNdJRAQohK4JA%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1692&min_rtt=587&rtt_var=564&sent=757&recv=429&lost=0&retrans=0&sent_bytes=552799&recv_bytes=48043&delivery_rate=19865314&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=187200&unsent_bytes=0&cid=7f73d30a64e58ec5&ts=21366&inflight_dur=172&x=80"
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://y6twlf4xd.kngmm.ru/aS1c07pE5gZU@fMg8Z/$kyoungstrom@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://y6twlf4xd.kngmm.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 17 Jun 2025 15:29:50 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 951395b1fbf71c12-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 755722
expires: Sun, 07 Jun 2026 15:29:50 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BQLR%2B6kRFt06NiZbB3ssg%2Fct%2Fppd%2FeCcZ4faYUVFhqUlcEsZXdqCKvXD0Ok52RT4FbOP45AVRGdA6PPrBKTRvyDg8PVKJ4QH5GgiZM300Pjwkv4Rr0oqK%2FmNXxp%2Bv3iomUPH%2BeVV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
3.210.192.5
104.17.24.14
140.82.121.3