GET 3zv.hecoesrh.ru/st2Zz3M61OFqarfMe2liNoxztQR62FnYUdKDkwhHGbt45t1DhCqfsi4bQSYiiC04gDdw2rzeUrRHgh260
200 OK 18 kB URL GET 3zv.hecoesrh.ru/st2Zz3M61OFqarfMe2liNoxztQR62FnYUdKDkwhHGbt45t1DhCqfsi4bQSYiiC04gDdw2rzeUrRHgh260
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /st2Zz3M61OFqarfMe2liNoxztQR62FnYUdKDkwhHGbt45t1DhCqfsi4bQSYiiC04gDdw2rzeUrRHgh260 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:04 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
content-disposition: inline; filename="st2Zz3M61OFqarfMe2liNoxztQR62FnYUdKDkwhHGbt45t1DhCqfsi4bQSYiiC04gDdw2rzeUrRHgh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XdRTk37SPjzPJ5TukRVjzxw%2BfAZCFcbM0DL2NqfKo%2BCKn64vBEx0jrGL3Anlt7QCBemg0dRUJmCDTD1DmSYSMG5sdwn98qRLzp7Md016dpNgxTIfGc30a1nU4Jc0ASPihIju"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=444&min_rtt=435&rtt_var=170&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2218&delivery_rate=9296551&cwnd=252&unsent_bytes=0&cid=73ce88ab42034f16&ts=160&x=0"
cf-ray: 91e3d6e1182092f1-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/ijUltqOjX1HBBJB8QVLKsG9u3OXdQcnhin1mYrWQfNjBaLErqrk61QL13IFFo3Qkt2yC5TOEBrP9446ab222
200 OK 1.3 kB URL GET 3zv.hecoesrh.ru/ijUltqOjX1HBBJB8QVLKsG9u3OXdQcnhin1mYrWQfNjBaLErqrk61QL13IFFo3Qkt2yC5TOEBrP9446ab222
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /ijUltqOjX1HBBJB8QVLKsG9u3OXdQcnhin1mYrWQfNjBaLErqrk61QL13IFFo3Qkt2yC5TOEBrP9446ab222 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:02 GMT
content-type: image/webp
content-length: 1298
content-disposition: inline; filename="ijUltqOjX1HBBJB8QVLKsG9u3OXdQcnhin1mYrWQfNjBaLErqrk61QL13IFFo3Qkt2yC5TOEBrP9446ab222"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lnBbxDPOm%2B72B7z7AcddRNXzJLNOCPSqo1OVePZOteDxTtZBXLpsBGZuDPM9EmibAbVXtGnsoBmjFyCCMBPxb6Ef6jZ0Yu%2FzAjqFZtq%2B4Im4wUWDjMe2oXmnm5Ukfsc6K7ig"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e3d6eaa8e292f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16393&min_rtt=16319&rtt_var=6172&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2221&delivery_rate=247809&cwnd=216&unsent_bytes=0&cid=c411544ee92d7051&ts=224&x=0", cfL4;desc="?proto=TCP&rtt=69442&min_rtt=68777&rtt_var=151&sent=349&recv=192&lost=0&retrans=0&sent_bytes=337300&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=15695&x=0"
X-Firefox-Spdy: h2
GET developers.cloudflare.com/favicon.png
200 OK 937 B URL GET developers.cloudflare.com/favicon.png
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjectdevelopers.cloudflare.com
FingerprintE9:3A:C0:6A:2E:64:DE:1B:4E:08:08:AE:18:4B:FF:46:61:C4:C0:78
ValidityTue, 14 Jan 2025 19:23:19 GMT - Mon, 14 Apr 2025 20:23:12 GMT
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Hash fc3b7bbe7970f47579127561139060e2
3f7c5783fe1f4404cb16304a5a274778ea3abd25
85e6223afdbd5badf2c79bcfbaa6fe686acaa781eca52c196647ffabb3be2ffe
GET /favicon.png HTTP/1.1
Host: developers.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:48 GMT
content-type: image/png
content-length: 937
cache-control: public, max-age=0, must-revalidate
etag: "6be7ff94b6151f8cfbf08b53a17e2ac1"
set-cookie: __cf_bm=oCFVR9Rdb9Evy.u5oCjw0CmQ0rZjJT8ionEEaJnw5iI-1741620468-1.0.1.1-iatJYUpN.Dy8yv2ysXJzPXZNjY0gIDOAPpOQDKRVLoUo6Xs6WBXEeQKruMhv_nuKA.bpaXlfLJOsMZccm.7vV.NnFGn3nhjdUKC4XNe8bOQ; path=/; expires=Mon, 10-Mar-25 15:57:48 GMT; domain=.developers.cloudflare.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
access-control-allow-origin: *
server: cloudflare
cf-ray: 91e3d6954e86b511-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 10 Mar 2025 15:27:58 GMT
age: 5374013
x-served-by: cache-lga21931-LGA, cache-osl6525-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 117922
x-timer: S1741620479.624964,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/fLFYJIMv/
200 OK 17 kB URL User Request GET 3zv.hecoesrh.ru/fLFYJIMv/
IP
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type HTML document, ASCII text, with very long lines (12001), with CRLF line terminators
Hash f2b33564e2d5606ebbb980f209f808a5
b54208ce00c20fc37efcf7f5531c56550044547d
2f4fffc58cc342a70c381a63efc72dc72fb970e38b4202f48438fcf262e081e1
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
GET /fLFYJIMv/ HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IlNKcGsvWVloaHNhcHlXQ216SWU4d3c9PSIsInZhbHVlIjoiS2VJemVxMTBjYlNHRU5yM1U4bERkYW95RHRsU21sRXk4ZWQyR05sTkxoTVp1RDlNNCtlZVVONUVQNmpaV1FjSEdLdFF4WlV4alN2QmpSaG9YcTZiblhpNnVhYjhvSWwvVlU5YXBRdGkwMytwWnd6a0RQWFlnTTVHcEYwZytTM3AiLCJtYWMiOiJhOWYyYmY3MDFiMmY1MjE5ZTVmNzA1OTA1NTM4NmEzYzFmMDM5ZjJjM2Q1NmM3M2FjMDlkODI3ZmRkNzU1MGE2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImFRVlRuclpPYncyNGx4OW1Tc3VqWkE9PSIsInZhbHVlIjoiSm5rYU01M0dQQ0dNU1NuUzhBR1ZpNnlobi9UN3RuaTJSTE9uREtwMm53bEdvUy8yZDdLanpoOGxvcEcrWVFYQWR1QnZ1eGx6emE2NEFwOEtzNUh2K0M3NXJ0ZVpsc0VNT1NrRXZFcmlqbURXY1lWb0VjS1JacWI1Y2dQT0J4YlAiLCJtYWMiOiJlMjUwYWFkYWEzZmI3ZTMyOGExZGY1NzUzY2E1ODU4ZjhkM2E5YWU1OGE2N2E3NDMzYTNjMzc3ZGJlYjc1NDY2IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:58 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KQ04DAysxiuw4kmsZ9hRJ0T%2Fj7vNUJ0CNKM%2Fj3wFKSsXJdnBi4LNK%2F%2FQrrsRXGfrhgQmpdWYMLYnVExzf5QMBVMxNMgtm34jCmFgF5emZdVLm819cdxAnHKZo8o%2FHTM%2Fkpdj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InV6UHV3R0FGbUdPVURKS2xMTUVCL0E9PSIsInZhbHVlIjoiQmpQOVBQaklUZXo2b1pFVHZybkhTbUZUMittRE9WZVlzOEJIaDA1anhJTDA0eGFIekY0RGcveWhvWUpWdXE1enNpeXNUcjBtU2J1SUZlb0hYV0h5bVdHMnJDU3BaRXhOdGFRYitUUUxkRXdnenY2bTVTajlabHJtZzFXYlBTTGEiLCJtYWMiOiI1Y2E5ZDk5YjgwMDE1MmEyYjZlMjE5OWRmNzI5Njc0ZmNjMjVhNGFiNDdhMzUxM2VhYjE3MzE2OTE1MjhhYzM2IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:58 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ii81TTZyaE5pRVlNQjc4QTdzYTFJR2c9PSIsInZhbHVlIjoieGY3R2MzTjAwS0U1N3RoekU5dExueDdUUEd4cVJ1dEZkYS8rdHdiazl1ck9zMkQ3T2ZGM1ZOdFNKVUpJMVFneElYMDlSQlVyZTdFYVhsSkczbEF6TEY0dU40SGcyb1hWVHdUSGMvWnZkQUtMNU41bmovUHkzcXc5NmVwMTVvUnQiLCJtYWMiOiJjODBlNGY1ZDI4MWZkN2I0ZGFhYjU0NzVlN2I0MzQ5Yjk0M2JhNGI4MTQzZGJhNjY0ZTExNzU3MjNiODU5MTcwIiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:58 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 91e3d6d46a5392f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=341&min_rtt=330&rtt_var=146&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2145&delivery_rate=9628571&cwnd=252&unsent_bytes=0&cid=67af1662b7603f2c&ts=196&x=0", cfL4;desc="?proto=TCP&rtt=70175&min_rtt=69199&rtt_var=806&sent=45&recv=34&lost=0&retrans=0&sent_bytes=29172&recv_bytes=3592&delivery_rate=207271&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=12069&x=0"
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 10 Mar 2025 15:28:00 GMT
age: 5374014
x-served-by: cache-lga21931-LGA, cache-osl6525-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 117923
x-timer: S1741620480.077241,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/GDSherpa-regular.woff
200 OK 37 kB URL GET 3zv.hecoesrh.ru/GDSherpa-regular.woff
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /GDSherpa-regular.woff HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: font/woff
content-length: 36696
content-disposition: inline; filename="GDSherpa-regular.woff"
last-modified: Mon, 10 Mar 2025 14:11:47 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bwpQ9MTBRkRbea8FS1zIGtdLhkFzub7Rp7v%2F%2BbHrw8fpVHDtjaNzWO92W05I%2BmW1m0ulPlmjnXzNvbcjpxfvWXCBpJQGEeO%2FIwqsVkVCb2pVIyWMs7UncF61o0OjX8lxT722"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 91e3d6e0bf6d92f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=419&min_rtt=405&rtt_var=162&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2193&delivery_rate=9985185&cwnd=252&unsent_bytes=0&cid=ff12a65f68e923d4&ts=18&x=0", cfL4;desc="?proto=TCP&rtt=70936&min_rtt=69065&rtt_var=686&sent=149&recv=90&lost=0&retrans=0&sent_bytes=115325&recv_bytes=8012&delivery_rate=326930&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=14033&x=0"
X-Firefox-Spdy: h2
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250310%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250310T152800Z&X-Amz-Expires=300&X-Amz-Signature=3db9b357396e3f6b16227c0ff6de2bac574ba5151de37e986397884daf73b23f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250310%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250310T152800Z&X-Amz-Expires=300&X-Amz-Signature=3db9b357396e3f6b16227c0ff6de2bac574ba5151de37e986397884daf73b23f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250310%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250310T152800Z&X-Amz-Expires=300&X-Amz-Signature=3db9b357396e3f6b16227c0ff6de2bac574ba5151de37e986397884daf73b23f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
age: 4460
date: Mon, 10 Mar 2025 15:28:01 GMT
x-served-by: cache-iad-kiad7000045-IAD, cache-osl6531-OSL
x-cache: HIT, HIT
x-cache-hits: 27915, 0
x-timer: S1741620481.018115,VS0,VE1
content-length: 10245
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
302 Found 48 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Mon, 10 Mar 2025 15:27:47 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/f3b948d8acb8/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 91e3d6922b7db4ed-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
200 OK 48 kB URL GET challenges.cloudflare.com/turnstile/v0/g/f3b948d8acb8/api.js
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint48:58:3E:CE:54:27:56:6B:A6:33:D4:C8:4B:BF:00:0E:BE:61:60:28
ValiditySat, 01 Mar 2025 17:19:38 GMT - Fri, 30 May 2025 18:19:35 GMT
File type JavaScript source, ASCII text, with very long lines (48238)
Hash 184e29de57c67bc329c650f294847c16
961208535893142386ba3efe1444b4f8a90282c3
dd03ba1dd6d73643a8ed55f4cebc059d673046975d106d26d245326178c2eb9d
GET /turnstile/v0/g/f3b948d8acb8/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:47 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 28 Feb 2025 15:24:08 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 91e3d692ecf6b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
200 OK 150 kB URL User Request GET 3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
IP
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type HTML document, ASCII text, with very long lines (52013), with CRLF line terminators
Size 150 kB (150324 bytes)
Hash ff8899d0b6a17b61ebc459135240aaba
dc145d69cb044e6f3defd88d14112b0702a1eb2f
52fb599e6d014deff76f9ee56c3e7ad64adf443994fcc3e12cab4ef5c038d5df
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
GET /hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/fLFYJIMv/
Cookie: XSRF-TOKEN=eyJpdiI6IlQxd2toekxDdEdMZkQzb2lvNWppZUE9PSIsInZhbHVlIjoiNnRDRzR1dkdOM0Zyelg3cDEwQk9SbnVsRERoVURFckRUWWZPbWJUeUdLZXBWZ1RxRS9TM0Q0c215UzdiRnNPMVFyZUZHRE91aTRNc1IzbVlhS3VwVitsVy9NVTE5VUw1RWkvOUdWYm1FanFpZENseG13anhFa3RzSVhrNzRUWEYiLCJtYWMiOiIwZjk2ODE5MzU3MmFiZjJhMzlkNjY2N2E1ZTA0ZDk4Yzg5Yjg0NmJlZDE4YWE1NTk5Yjk1NWM4MmUzYjIyZTM3IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IitzS3B4a3lLR3B2QkttbnhPOFN1MXc9PSIsInZhbHVlIjoiZ0t4ZkxtbUdReGFEZHF2SXNUL09lRWRaaU5HWFg4T1hqMEtPcHZMTGRscUR5SGJLRUpkb2laY2xJZVR3T1Y4TU5kelBBY2Q2NHA3ZDl5V2V1dHJhbmV3ZE1FWDlZUEhpOUxKUUhoUkMvOXcyWEZmYVdHTTZ0Z3VKcUxka2diZkoiLCJtYWMiOiI1ZmQ5ZjIzNjM3ZGYwNWE1OGRmZjEwNGYxZTYyNWViYjg2ZjY1ZmM5NmE1ZTg0ZWU0M2FlNGMwMjkzZDQ0OGVlIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:59 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HNNlYc7O68fVCSJuFziMuMuYgi4ilXNZWRjZ0ekQIC3lW9Sj8nuS4kIc5%2F5YwKk%2BkWrO0YQ73BzQUxvnSXio2QWms48ie9QE7P5wxPxZGq0W5B3uU68KbEzrwZJ%2BJfJUpf%2BJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:59 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:59 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 91e3d6dc4fb792f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=330&min_rtt=311&rtt_var=154&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2240&delivery_rate=8734341&cwnd=252&unsent_bytes=0&cid=d557491806ff0fc7&ts=209&x=0", cfL4;desc="?proto=TCP&rtt=72183&min_rtt=69199&rtt_var=5271&sent=69&recv=51&lost=0&retrans=0&sent_bytes=42970&recv_bytes=5442&delivery_rate=207271&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=13337&x=0"
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942935-3694"
last-modified: Thu, 22 Jun 2023 10:57:57 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 415953
expires: Sat, 28 Feb 2026 15:28:00 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rSURvObd1RLX9TODVkCSEfLmi6JtD5Aa%2BlINeb9pXkUoiu6oiqYwhx%2FeIR0%2BSSnU4VwMiNm7ihBpmhiNSGNP9gwKWSKU9ukWzH4tojvdj0pKwV1wnpF%2BHc%2BcXh%2Fsv9j8sg5FrNXx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91e3d6e09d5f5688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/klpQx2AR9VpBYzJqjRPUwa0mA6O7qSyogqSSQ4kZBXklJkiFt86DzCxyq1izVmf6w9cdptjUCYewx212
200 OK 1.9 kB URL GET 3zv.hecoesrh.ru/klpQx2AR9VpBYzJqjRPUwa0mA6O7qSyogqSSQ4kZBXklJkiFt86DzCxyq1izVmf6w9cdptjUCYewx212
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type SVG Scalable Vector Graphics image
Hash 4b5c228b4faba433d06ec569ed855b2d
a7d3882b93e332460e7c59510a6a811ef011983f
eb19d76cd1fad39abf0f2778991883a5cf9ff560117ce8f7c64124e71471b4ed
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /klpQx2AR9VpBYzJqjRPUwa0mA6O7qSyogqSSQ4kZBXklJkiFt86DzCxyq1izVmf6w9cdptjUCYewx212 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:02 GMT
content-type: image/svg+xml
content-disposition: inline; filename="klpQx2AR9VpBYzJqjRPUwa0mA6O7qSyogqSSQ4kZBXklJkiFt86DzCxyq1izVmf6w9cdptjUCYewx212"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4vslrgv8wnJztdJPtAd%2FvCZb4LuohMt9Yl6VmAtWNEITiNhNRjleoW4KyMdp5XG3LSd3gw3NiNI45UC3fhNixmhf7y3eIVJwSpAw6q2H6PlKCGz8AuIheNv06Tmlnh6RkdsM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6ea98e092f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16373&min_rtt=16364&rtt_var=6143&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2217&delivery_rate=247127&cwnd=120&unsent_bytes=0&cid=24ac184186af9db3&ts=203&x=0", cfL4;desc="?proto=TCP&rtt=69442&min_rtt=68777&rtt_var=151&sent=347&recv=192&lost=0&retrans=0&sent_bytes=335819&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=15664&x=0"
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3zv.hecoesrh.ru
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
accept-ranges: bytes
date: Mon, 03 Mar 2025 02:11:21 GMT
expires: Tue, 03 Mar 2026 02:11:21 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zgyAyP6RURuDrF89fur6sJYJNTTrkjLcKls03I4NE1Vpq5VPtgNt2g==
age: 652600
X-Firefox-Spdy: h2
POST 3zv.hecoesrh.ru/rqtXy0woJUPOfMV9jbnYrYUEQwq167SsXJUOFU2Jgy
200 OK 286 B URL POST 3zv.hecoesrh.ru/rqtXy0woJUPOfMV9jbnYrYUEQwq167SsXJUOFU2Jgy
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type troff or preprocessor input, ASCII text, with very long lines (303), with no line terminators
Hash 63d36d91c7153c6a44f2a47f860ea1ff
f29214df04117135e8c511e2f5695ae4c49c8449
a834216021860feccf1cbec53a3991d423affc97e75f9e7a8855e8dfde573cbd
POST /rqtXy0woJUPOfMV9jbnYrYUEQwq167SsXJUOFU2Jgy HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 6
Origin: https://3zv.hecoesrh.ru
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/fLFYJIMv/
Cookie: XSRF-TOKEN=eyJpdiI6InV6UHV3R0FGbUdPVURKS2xMTUVCL0E9PSIsInZhbHVlIjoiQmpQOVBQaklUZXo2b1pFVHZybkhTbUZUMittRE9WZVlzOEJIaDA1anhJTDA0eGFIekY0RGcveWhvWUpWdXE1enNpeXNUcjBtU2J1SUZlb0hYV0h5bVdHMnJDU3BaRXhOdGFRYitUUUxkRXdnenY2bTVTajlabHJtZzFXYlBTTGEiLCJtYWMiOiI1Y2E5ZDk5YjgwMDE1MmEyYjZlMjE5OWRmNzI5Njc0ZmNjMjVhNGFiNDdhMzUxM2VhYjE3MzE2OTE1MjhhYzM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii81TTZyaE5pRVlNQjc4QTdzYTFJR2c9PSIsInZhbHVlIjoieGY3R2MzTjAwS0U1N3RoekU5dExueDdUUEd4cVJ1dEZkYS8rdHdiazl1ck9zMkQ3T2ZGM1ZOdFNKVUpJMVFneElYMDlSQlVyZTdFYVhsSkczbEF6TEY0dU40SGcyb1hWVHdUSGMvWnZkQUtMNU41bmovUHkzcXc5NmVwMTVvUnQiLCJtYWMiOiJjODBlNGY1ZDI4MWZkN2I0ZGFhYjU0NzVlN2I0MzQ5Yjk0M2JhNGI4MTQzZGJhNjY0ZTExNzU3MjNiODU5MTcwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:59 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5qfX0UjdqhZizSMY5fgmTYhZBCFtevyQuBT5%2B9edoKhSntlfgQoKOulPPOtA8DwupllLSUaBs5Hp2bPkWpJNuqFSOKrSATfpPsLnaqxC5OFv5WLtSRBjRuyENoFxxXNchZyS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IlQxd2toekxDdEdMZkQzb2lvNWppZUE9PSIsInZhbHVlIjoiNnRDRzR1dkdOM0Zyelg3cDEwQk9SbnVsRERoVURFckRUWWZPbWJUeUdLZXBWZ1RxRS9TM0Q0c215UzdiRnNPMVFyZUZHRE91aTRNc1IzbVlhS3VwVitsVy9NVTE5VUw1RWkvOUdWYm1FanFpZENseG13anhFa3RzSVhrNzRUWEYiLCJtYWMiOiIwZjk2ODE5MzU3MmFiZjJhMzlkNjY2N2E1ZTA0ZDk4Yzg5Yjg0NmJlZDE4YWE1NTk5Yjk1NWM4MmUzYjIyZTM3IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:58 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IitzS3B4a3lLR3B2QkttbnhPOFN1MXc9PSIsInZhbHVlIjoiZ0t4ZkxtbUdReGFEZHF2SXNUL09lRWRaaU5HWFg4T1hqMEtPcHZMTGRscUR5SGJLRUpkb2laY2xJZVR3T1Y4TU5kelBBY2Q2NHA3ZDl5V2V1dHJhbmV3ZE1FWDlZUEhpOUxKUUhoUkMvOXcyWEZmYVdHTTZ0Z3VKcUxka2diZkoiLCJtYWMiOiI1ZmQ5ZjIzNjM3ZGYwNWE1OGRmZjEwNGYxZTYyNWViYjg2ZjY1ZmM5NmE1ZTg0ZWU0M2FlNGMwMjkzZDQ0OGVlIiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:58 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 91e3d6d8385992f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16409&min_rtt=16406&rtt_var=6159&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2257&delivery_rate=246045&cwnd=203&unsent_bytes=0&cid=ce213994dc163bf4&ts=224&x=0", cfL4;desc="?proto=TCP&rtt=75480&min_rtt=69199&rtt_var=11605&sent=62&recv=44&lost=0&retrans=0&sent_bytes=40670&recv_bytes=4497&delivery_rate=207271&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=12740&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/favicon.ico
404 Not Found 0 B URL GET 3zv.hecoesrh.ru/favicon.ico
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/fLFYJIMv/
Cookie: XSRF-TOKEN=eyJpdiI6InV6UHV3R0FGbUdPVURKS2xMTUVCL0E9PSIsInZhbHVlIjoiQmpQOVBQaklUZXo2b1pFVHZybkhTbUZUMittRE9WZVlzOEJIaDA1anhJTDA0eGFIekY0RGcveWhvWUpWdXE1enNpeXNUcjBtU2J1SUZlb0hYV0h5bVdHMnJDU3BaRXhOdGFRYitUUUxkRXdnenY2bTVTajlabHJtZzFXYlBTTGEiLCJtYWMiOiI1Y2E5ZDk5YjgwMDE1MmEyYjZlMjE5OWRmNzI5Njc0ZmNjMjVhNGFiNDdhMzUxM2VhYjE3MzE2OTE1MjhhYzM2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Ii81TTZyaE5pRVlNQjc4QTdzYTFJR2c9PSIsInZhbHVlIjoieGY3R2MzTjAwS0U1N3RoekU5dExueDdUUEd4cVJ1dEZkYS8rdHdiazl1ck9zMkQ3T2ZGM1ZOdFNKVUpJMVFneElYMDlSQlVyZTdFYVhsSkczbEF6TEY0dU40SGcyb1hWVHdUSGMvWnZkQUtMNU41bmovUHkzcXc5NmVwMTVvUnQiLCJtYWMiOiJjODBlNGY1ZDI4MWZkN2I0ZGFhYjU0NzVlN2I0MzQ5Yjk0M2JhNGI4MTQzZGJhNjY0ZTExNzU3MjNiODU5MTcwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 404 Not Found
date: Mon, 10 Mar 2025 15:27:59 GMT
content-type: text/html; charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R9pgRr0%2B008nEHv92Vuj3VwiMZs3B6CnsaAbnH4MHir%2FO0%2FNeft%2BLwCnnKxg15CrjfnZN%2FzWnGRxmx1DkQ54VRKcoV%2B4UolhqN0Wtg22RU64jSOR77FV5NuIErS35hw67maw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
server: cloudflare
cf-ray: 91e3d6d8e98392f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=445&min_rtt=407&rtt_var=180&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2092&delivery_rate=9936117&cwnd=252&unsent_bytes=0&cid=7250293cbca940f7&ts=182&x=0", cfL4;desc="?proto=TCP&rtt=73463&min_rtt=69199&rtt_var=7928&sent=65&recv=47&lost=0&retrans=0&sent_bytes=42272&recv_bytes=4497&delivery_rate=207271&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=12862&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/34Ex7Uu1gNo52i3r8ErjklsSmcCnsY7TP67105
200 OK 4.7 MB URL GET 3zv.hecoesrh.ru/34Ex7Uu1gNo52i3r8ErjklsSmcCnsY7TP67105
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
Size 4.7 MB (4712061 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /34Ex7Uu1gNo52i3r8ErjklsSmcCnsY7TP67105 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:03 GMT
content-type: application/javascript
content-disposition: inline; filename="34Ex7Uu1gNo52i3r8ErjklsSmcCnsY7TP67105"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9CulAIPCkDgCn%2FSVigDBlyNW6yI2yP3DmVbJMhxe6p1CE2Bjk8I9oJdr4Ff19M0ueWCgdvCoVYvX3TOdla3s2Ll250C78GTqHfpGBiI0Eswxu155gJlhlYI2dj2C8LRVkkHr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6e1182292f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=18407&min_rtt=18407&rtt_var=6904&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2154&delivery_rate=219615&cwnd=130&unsent_bytes=0&cid=e29838f728741e6a&ts=196&x=0", cfL4;desc="?proto=TCP&rtt=69863&min_rtt=68777&rtt_var=398&sent=410&recv=227&lost=0&retrans=0&sent_bytes=407333&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=17059&x=0"
X-Firefox-Spdy: h2
POST 3zv.hecoesrh.ru/baRa8zupzYQP4OVvjExgSG3PhMkTHun34RUIORpAz9dsNmti
200 OK 2.5 kB URL POST 3zv.hecoesrh.ru/baRa8zupzYQP4OVvjExgSG3PhMkTHun34RUIORpAz9dsNmti
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2534), with no line terminators
Hash 359a34a0f963b71f67c8eabf317dec52
4a89d3695c4c4fa05dde73954b938363c39901a2
a639922d45556dff9d4d6ff09e4cd2fce0cda7e47ac0fa18531257363ca58205
POST /baRa8zupzYQP4OVvjExgSG3PhMkTHun34RUIORpAz9dsNmti HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://3zv.hecoesrh.ru
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:01 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZKmHORTFNJDR9FUFGc%2BAPvR2ll5HIVzAW192XsQi6Ajq8HaFcyKaKI%2B42AYsfPxhe8%2Bd4d4F0T%2F%2FHhaRhun%2BKYxIhQeXvnJeY9JZCIBzHw30KsZZ1LqX6piKNjZsSMJAqkN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6InU1VVoxWE5TVjZxQlgzaU0vT01ndGc9PSIsInZhbHVlIjoiaWNtYXFjbjNuQ1ExTDJIa1JHZUJaTk1sdlpXL3BESEFvRDdlcCtBQ3AvV3BMUjk4WXN1UG41UGROKzRxT3o4a3NMbHVkeGQxV2kvQStZZlRFNWh3R2lqVlREQ1dZTTgrTlRlT3dZcXdlM0NGMzU5OGE5WkpUaFJoN2JySmlMMUEiLCJtYWMiOiJhOGEzM2M2MzhjYjkwNDRjMzhlYjlhMDQ2MzMwYWUxZjkzZjkxMzhhNjE5ZjFiZWI3YzkwZWMyYjFiY2IzYjg3IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:28:01 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Ik5abVBwdngyVmZHbGN3cmdlc0ZRVXc9PSIsInZhbHVlIjoiMWVWMytFVEgyY01SQld1OXhkOENqS1RjTEpOK0dVOXBSQlFySTUyYklIZU9NMy9pNDNONzlzY1NRWlpnWjE1SjJhMlE4NWdRMDMwS1VLMnBsUDRKY1hGeHRFY1E1SzJabVJKWGJ3TFVzQm5yNER6cDhrekdPMXhPZDhFeHJKRkIiLCJtYWMiOiJiZmE0Nzg2MzE5M2Y3Y2Q5NjhjNmYzODEwMzMyY2RlMWVjNTgyZGFlYTllNzAyNjZiNTU3OGYzNWI0ODc5YmNiIiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:28:01 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6ea586292f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=437&min_rtt=432&rtt_var=165&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2365&delivery_rate=9361111&cwnd=252&unsent_bytes=0&cid=ca790dba2e5a5d73&ts=171&x=0", cfL4;desc="?proto=TCP&rtt=69534&min_rtt=68777&rtt_var=183&sent=342&recv=168&lost=0&retrans=0&sent_bytes=332971&recv_bytes=8511&delivery_rate=752408&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=15557&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/uvzohBLtyagnxwMq6L5AalOYObgjhzmUsttvpTuVEFHXZnNsRel12125
200 OK 644 B URL GET 3zv.hecoesrh.ru/uvzohBLtyagnxwMq6L5AalOYObgjhzmUsttvpTuVEFHXZnNsRel12125
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /uvzohBLtyagnxwMq6L5AalOYObgjhzmUsttvpTuVEFHXZnNsRel12125 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: image/webp
content-length: 644
content-disposition: inline; filename="uvzohBLtyagnxwMq6L5AalOYObgjhzmUsttvpTuVEFHXZnNsRel12125"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OL2vf5J2aSmzYqkjFndzbnsEONfu%2Bf35KAF2%2BlYEr3IKDm6vQNPdreUxOPGQetDrS1swExjhhRwG0aHwX9N%2Bd8RqQSleI8tZjxpr%2F3yrs1BF%2BL9LHZHd4fiCWuMZ3G7pLYhN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e3d6e0bf7392f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16428&min_rtt=16358&rtt_var=6184&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2193&delivery_rate=247218&cwnd=128&unsent_bytes=0&cid=3649b7457421f014&ts=202&x=0", cfL4;desc="?proto=TCP&rtt=69697&min_rtt=68961&rtt_var=361&sent=193&recv=115&lost=0&retrans=0&sent_bytes=161411&recv_bytes=8012&delivery_rate=569848&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=14180&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/op8K2aqTNqPZUAMJ0iwtXbpMiDNi1SHHzP0HzZt95stmD8GgdWk0BGzv6rUTDzTbvrycd236
200 OK 9.6 kB URL GET 3zv.hecoesrh.ru/op8K2aqTNqPZUAMJ0iwtXbpMiDNi1SHHzP0HzZt95stmD8GgdWk0BGzv6rUTDzTbvrycd236
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /op8K2aqTNqPZUAMJ0iwtXbpMiDNi1SHHzP0HzZt95stmD8GgdWk0BGzv6rUTDzTbvrycd236 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:04 GMT
content-type: image/webp
content-length: 9648
content-disposition: inline; filename="op8K2aqTNqPZUAMJ0iwtXbpMiDNi1SHHzP0HzZt95stmD8GgdWk0BGzv6rUTDzTbvrycd236"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kfpuU%2FCY%2B0vmvg2m2sH%2BEjyzjG5qdE%2BJavlH6jn%2FRSUf28yF1qUADpHihL7sjEGWl4ZR4y8A6cr8lQJ%2FBjSvuxlc3gNZ%2FmiTvAk5v01cnjSCH4Nb3B9FgGn%2BmkgQhTFLAJ3r"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e3d6e1181e92f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=451&min_rtt=430&rtt_var=177&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2209&delivery_rate=9404651&cwnd=252&unsent_bytes=0&cid=d0813078c1a84814&ts=170&x=0", cfL4;desc="?proto=TCP&rtt=69845&min_rtt=68777&rtt_var=307&sent=741&recv=291&lost=0&retrans=0&sent_bytes=800776&recv_bytes=8511&delivery_rate=1141382&cwnd=200&unsent_bytes=0&cid=a7fae873044fdd93&ts=18048&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/GDSherpa-vf2.woff2
200 OK 93 kB URL GET 3zv.hecoesrh.ru/GDSherpa-vf2.woff2
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:01 GMT
content-type: font/woff2
content-length: 93276
content-disposition: inline; filename="GDSherpa-vf2.woff2"
last-modified: Mon, 10 Mar 2025 15:28:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BPRGRh8NuwS33tsVCvZFms1O0XSD1iKjg%2BuvoLXXJosDr%2FALsQT1WeoMIanFsGCh3Ya7dSzmIxz%2B5F%2Bw68foxsdG1Q%2BzeT6fLb5FByIsJ%2F3IP2ARqaaY6hlzOPXU1fXJ8eGU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 91e3d6e0bf7092f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=486&min_rtt=427&rtt_var=202&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2190&delivery_rate=9470725&cwnd=252&unsent_bytes=0&cid=c9c3d0783a869563&ts=433&x=0", cfL4;desc="?proto=TCP&rtt=69608&min_rtt=68777&rtt_var=65&sent=265&recv=155&lost=0&retrans=0&sent_bytes=238718&recv_bytes=8511&delivery_rate=752408&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=15430&x=0"
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 22 Feb 2025 06:22:03 GMT
expires: Sun, 22 Feb 2026 06:22:03 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: p3TKhTKKQP5vet28_E8QVuPMqDj5XleecfuA988GvMwijHLD_hvBAw==
age: 1415157
X-Firefox-Spdy: h2
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 10 Mar 2025 15:27:47 GMT
age: 5374002
x-served-by: cache-lga21931-LGA, cache-osl6525-OSL
x-cache: HIT, HIT
x-cache-hits: 500673, 117920
x-timer: S1741620468.523105,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/GDSherpa-vf.woff2
200 OK 44 kB URL GET 3zv.hecoesrh.ru/GDSherpa-vf.woff2
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: font/woff2
content-length: 43596
content-disposition: inline; filename="GDSherpa-vf.woff2"
last-modified: Mon, 10 Mar 2025 14:11:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UGyVXE9oApSKNQKSsUkL2ChDk2rf%2BEuVcjaMhz1uL9S8CEmZDP%2F9BNNoANCKqYmuNj9vTXMhwzdq1KL9ZJS8K0fZ1tlIwqIhBtfgw7kSiZf3feVzdRNWagmapusDNKB3dXyo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 91e3d6e0bf6f92f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=18673&min_rtt=18624&rtt_var=7019&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2191&delivery_rate=217139&cwnd=235&unsent_bytes=0&cid=c2366ae6e141f90c&ts=40&x=0", cfL4;desc="?proto=TCP&rtt=69697&min_rtt=68961&rtt_var=361&sent=196&recv=115&lost=0&retrans=0&sent_bytes=162790&recv_bytes=8012&delivery_rate=569848&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=14184&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/GDSherpa-bold.woff2
200 OK 28 kB URL GET 3zv.hecoesrh.ru/GDSherpa-bold.woff2
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
accept-ranges: bytes
content-disposition: inline; filename="GDSherpa-bold.woff2"
last-modified: Mon, 10 Mar 2025 15:28:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wGnmMmS%2B5PwBZ8HqfC2LUaJ8%2FwXR4IGAOrXl6pP1iYnxlac4ssTJWhUbfwQAWWCzFgyosD%2FYg8F%2BPGc8eM6nIX6zckUrDSYB%2FA%2FlFIo94cB%2BYFyeM%2F8COPOs2Hn7vpgxzDVg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=18716&min_rtt=18711&rtt_var=7026&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2191&delivery_rate=215668&cwnd=166&unsent_bytes=0&cid=926089b43c082cde&ts=464&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 91e3d6e0af6492f1-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
Size 223 kB (222931 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
date: Tue, 25 Feb 2025 03:22:29 GMT
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
etag: W/"0329c939fca7c78756b94fbcd95e322b"
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
expires: Wed, 25 Feb 2026 03:22:29 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: Jp6sK5PvNaY2N7FVeQuNl-0u7taKoyU38Em9GcM4IMmnK_Fs3McVEg==
age: 1166731
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
date: Wed, 05 Mar 2025 01:10:35 GMT
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
etag: "12bdacc832185d0367ecc23fd24c86ce"
expires: Thu, 05 Mar 2026 01:10:35 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy-report-only: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/reportOnly
x-content-type-options: nosniff
accept-ranges: bytes
x-cache: Hit from cloudfront
via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: G1BZK_Ysl7SWfKCVXC_W6wWf1Hlq-iR1J63IcAVU8PMP0iLNazZk5A==
age: 483445
X-Firefox-Spdy: h2
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: GitHub.com
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250310%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250310T152800Z&X-Amz-Expires=300&X-Amz-Signature=3db9b357396e3f6b16227c0ff6de2bac574ba5151de37e986397884daf73b23f&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/
x-github-request-id: A4F0:599FF:C833B7:CBF7AA:67CF0500
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/12IeBuATSywJBabIvT8913
200 OK 27 kB URL GET 3zv.hecoesrh.ru/12IeBuATSywJBabIvT8913
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type ASCII text, with very long lines (26765), with no line terminators
Hash 1a862a89d5633fac83d763886726740d
e5ce3aa454c992a13fd406a9647d7afbf831051f
5c22fd904edb792331a7307ddf4a790e0d1318924f6d8e7362fa6b55d5ab6fbb
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /12IeBuATSywJBabIvT8913 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: text/css;charset=UTF-8
server: cloudflare
content-disposition: inline; filename="12IeBuATSywJBabIvT8913"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MNJ%2Fffc43l2EBijbZ5MoLVJZIk35fs3XhDNKdzcj%2FoR4sYubNStONPKYb6U0X2NBgUK46mAy4pNtqdfngQDDFJ%2Fj4v81ULSM16kdt54%2FSzvNndueFqDWgP%2BeRm1zfDxinAjk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=422&min_rtt=422&rtt_var=159&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2152&delivery_rate=9515294&cwnd=252&unsent_bytes=0&cid=6ff1c357fcd349df&ts=184&x=0"
vary: accept-encoding
cf-ray: 91e3d6e0af5d92f1-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
POST 3zv.hecoesrh.ru/uosj0S42nvqQyzcaL0v6tAO3o
200 OK 20 B URL POST 3zv.hecoesrh.ru/uosj0S42nvqQyzcaL0v6tAO3o
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type troff or preprocessor input, ASCII text, with no line terminators
Hash 0b35866f4a3aa4d34ce5dda2d14c2cd8
d2b80911f09c3106fdf0df9920f983945d644083
493851374626d927bfe1c7d084fa977a0e636c03f163fda258ab6b638edc2f0d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
POST /uosj0S42nvqQyzcaL0v6tAO3o HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/fLFYJIMv/
Content-Type: multipart/form-data; boundary=---------------------------261845483570448334286422846
Content-Length: 902
Origin: https://3zv.hecoesrh.ru
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IjV1OW5JOHh1RzRBNGFOMlpGR3NyRVE9PSIsInZhbHVlIjoidldRcnlrMHpMVEdraXUrZSt1NjZEVFJkQ21hZ3UvUHRxT3BCelpGSjVWWmV6Q2ZIQjM3a0djYTIyRi8rK2RTbGhKWjNjZXpBMkxVZmVDaGhaU0ZlSnBZeVdyTlUxREpCaDVzcCs5ZE5hcUxTRm1maU4vYWVqY0o3VU0xcWU1d2giLCJtYWMiOiIwNWU2NTliZmJmZGNiMGMxNjYzZDk1Y2RiYTViMjhmZGFlOTIyNWNiYzFkNWZlMzBmNjQwYzJiM2RlNjgyMTU2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6Im5xY0FXWWhReWNRenFpZDFkdG4wSUE9PSIsInZhbHVlIjoiQ3VOdk44b2hkdE5pY0JNeGJKOXMzYkZ0aEV1RVBtWTBUYTJKcXlYUitEUDlmRVRJdW03cTQ4Rmhjc0txN0lITTdlYkR0UG94NHhNNUJWb2phWmZJYnJoTmRrVjNYaU5ob3F1MEZ6YUw2TzhiSndtMmpjeGhTNDJ4Nm85eWZhelkiLCJtYWMiOiIyYTNmNzc5MjE2OWM1MjY3NWY0MzczMWZhNzMxNDY4Yjg1NGRiZjBjMmU3Mzg3NmM5Mzc0MmM5MGRmMjMxMTBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:58 GMT
content-type: application/json
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MuuiDmVv8kns13rogWloqbnXEvpNAudlH26GzqiRwjWKjgSxIBlQjIpWq035wLaGttAt9KUQq0ehPcIdw3Jm6Las82RtsnOz6afOb7hYZsssjl8NwrGZ0w6DpwRdmhHfyE2w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IlNKcGsvWVloaHNhcHlXQ216SWU4d3c9PSIsInZhbHVlIjoiS2VJemVxMTBjYlNHRU5yM1U4bERkYW95RHRsU21sRXk4ZWQyR05sTkxoTVp1RDlNNCtlZVVONUVQNmpaV1FjSEdLdFF4WlV4alN2QmpSaG9YcTZiblhpNnVhYjhvSWwvVlU5YXBRdGkwMytwWnd6a0RQWFlnTTVHcEYwZytTM3AiLCJtYWMiOiJhOWYyYmY3MDFiMmY1MjE5ZTVmNzA1OTA1NTM4NmEzYzFmMDM5ZjJjM2Q1NmM3M2FjMDlkODI3ZmRkNzU1MGE2IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:57 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6ImFRVlRuclpPYncyNGx4OW1Tc3VqWkE9PSIsInZhbHVlIjoiSm5rYU01M0dQQ0dNU1NuUzhBR1ZpNnlobi9UN3RuaTJSTE9uREtwMm53bEdvUy8yZDdLanpoOGxvcEcrWVFYQWR1QnZ1eGx6emE2NEFwOEtzNUh2K0M3NXJ0ZVpsc0VNT1NrRXZFcmlqbURXY1lWb0VjS1JacWI1Y2dQT0J4YlAiLCJtYWMiOiJlMjUwYWFkYWEzZmI3ZTMyOGExZGY1NzUzY2E1ODU4ZjhkM2E5YWU1OGE2N2E3NDMzYTNjMzc3ZGJlYjc1NDY2IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:57 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6d15ddd92f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=429&min_rtt=429&rtt_var=161&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=3140&delivery_rate=9404651&cwnd=252&unsent_bytes=0&cid=dea6eb06d5e57e95&ts=178&x=0", cfL4;desc="?proto=TCP&rtt=70375&min_rtt=69199&rtt_var=1186&sent=40&recv=30&lost=0&retrans=0&sent_bytes=27772&recv_bytes=2913&delivery_rate=207271&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=11668&x=0"
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:58 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 91e3d6d76e1b5688-OSL
server: cloudflare
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942935-3694"
last-modified: Thu, 22 Jun 2023 10:57:57 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 415951
expires: Sat, 28 Feb 2026 15:27:58 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tFypphGGRGgeKF5mJz6HgA8L0IeHvJl%2FgkIZc3oDLYdhqWb73tAmrBRgX97wTgORPkasNYVKvwRia3a6i8y1%2BzBxiinmvK9DsAhH84ME%2FzhRSxZwq09thzfHg1%2F%2Fc1WLNpdc18hI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/xyIMTitKpqEwcd30
200 OK 36 kB URL GET 3zv.hecoesrh.ru/xyIMTitKpqEwcd30
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /xyIMTitKpqEwcd30 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: text/css;charset=UTF-8
content-disposition: inline; filename="xyIMTitKpqEwcd30"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2YMj2qW4W5VXRto1ydXqiQqj1iLFkOZJI5FbtiMeY0VnW9nYUGAI50zGB9Urt5Tt3fXpxN%2B4XYr9gZ4nPx3XgyEoxfQOQ9bI3qT7jnNOYUjYqBbBgF2YYQ3DQsSti7oPw9v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6e0af6092f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=407&min_rtt=403&rtt_var=160&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2146&delivery_rate=9211845&cwnd=252&unsent_bytes=0&cid=40d7edbbebf8f9a8&ts=164&x=0", cfL4;desc="?proto=TCP&rtt=70936&min_rtt=69065&rtt_var=686&sent=145&recv=90&lost=0&retrans=0&sent_bytes=111594&recv_bytes=8012&delivery_rate=326930&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=14026&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/GDSherpa-regular.woff2
200 OK 29 kB URL GET 3zv.hecoesrh.ru/GDSherpa-regular.woff2
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:02 GMT
content-type: font/woff2
content-length: 28584
content-disposition: inline; filename="GDSherpa-regular.woff2"
last-modified: Mon, 10 Mar 2025 15:28:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GsEX8QVi80sbFhWXNibX8h5zOF1y2DWDjpRXfmT2K7%2FprbsgMcTkWK6cY8vQKjITn6SynGDr9SrLyRpr6zwjFnXv2hqEhkiWYWvpO5Zj1dFaMYWf7rLOFXTA5mTx4cxHZPwG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
server: cloudflare
cf-ray: 91e3d6e0bf6b92f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16297&min_rtt=16293&rtt_var=6118&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2196&delivery_rate=247672&cwnd=235&unsent_bytes=0&cid=cb0277acd1464e1e&ts=520&x=0", cfL4;desc="?proto=TCP&rtt=69799&min_rtt=68777&rtt_var=458&sent=383&recv=216&lost=0&retrans=0&sent_bytes=375999&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=16471&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/ef4rGbnu5FI9upHr90OrFOlbMklIkXAmnnemcPXJX90147
200 OK 270 B URL GET 3zv.hecoesrh.ru/ef4rGbnu5FI9upHr90OrFOlbMklIkXAmnnemcPXJX90147
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type SVG Scalable Vector Graphics image
Hash 0c09c5ea7c28d6feb4d124957dde0a0d
1b9efde2d8f0e2a3d9d5315117e597c2d622fc5e
b3c39d2c15327b7ae68940502a2d7bf457fe521e075e6e671d0340edc58bcb3a
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /ef4rGbnu5FI9upHr90OrFOlbMklIkXAmnnemcPXJX90147 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:03 GMT
content-type: image/svg+xml
content-disposition: inline; filename="ef4rGbnu5FI9upHr90OrFOlbMklIkXAmnnemcPXJX90147"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6mwLpxRhRhyvn7xsaSCc5K5GeDdes2he0i8EOIjdxjCGvtaNmaPyfKxl%2FgaCve2QijLZwnUWZsdfataN1mlzauE7wq9QybSkDrAjFzFUJNICqg0ZLT154h3q%2B4SyP5IHb64b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6e1181492f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=18404&min_rtt=18401&rtt_var=6903&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2183&delivery_rate=219770&cwnd=178&unsent_bytes=0&cid=01e3322eade2226f&ts=214&x=0", cfL4;desc="?proto=TCP&rtt=69863&min_rtt=68777&rtt_var=398&sent=423&recv=227&lost=0&retrans=0&sent_bytes=420480&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=17074&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/ijUourwQGSqCThBYhNAyj7MwxWfrXkPu3h8sXR53nute5YRJyez78164
200 OK 7.4 kB URL GET 3zv.hecoesrh.ru/ijUourwQGSqCThBYhNAyj7MwxWfrXkPu3h8sXR53nute5YRJyez78164
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type SVG Scalable Vector Graphics image
Hash bca9b46fee32162356ba5b4783e614dc
cc09ee862df9bf86e545f9dfdf2fbd4facfa71f5
fb48e7087def752683bc9a9fe4035acf2419cebbe8b17a16e5c81699a06f6fec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /ijUourwQGSqCThBYhNAyj7MwxWfrXkPu3h8sXR53nute5YRJyez78164 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:03 GMT
content-type: image/svg+xml
content-disposition: inline; filename="ijUourwQGSqCThBYhNAyj7MwxWfrXkPu3h8sXR53nute5YRJyez78164"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=v5Rt4J25DNcH4EjGcA5VyKBTjjQIImZ5QrG%2B9kzuxQ18XJbcJ11EOoGxHWPJPQf55Fvh%2B6bb9B11cV9ssAOuSUa9g8ICrk0x0YTQjb%2Bncnko8i3WhFjxmUCLFMNKqcc4ixU3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6e1181792f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=432&min_rtt=414&rtt_var=168&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2193&delivery_rate=9768115&cwnd=252&unsent_bytes=0&cid=6d274fdc63045fd6&ts=184&x=0", cfL4;desc="?proto=TCP&rtt=69645&min_rtt=68777&rtt_var=175&sent=458&recv=251&lost=0&retrans=0&sent_bytes=457115&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=17547&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/fLFYJIMv/
200 OK 195 kB URL User Request GET 3zv.hecoesrh.ru/fLFYJIMv/
IP
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type HTML document, ASCII text, with very long lines (65364)
Size 195 kB (195227 bytes)
Hash fbdcc43355d9827d6a2fe18e1504db5b
8dcbf4cd49d6c1fb7d4c74348467ef2d86b73722
f91d8dc54faff89acc41a41cb75070491ec4f6c1ab32273daa502b90684399da
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
GET /fLFYJIMv/ HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:46 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RNrCV%2BJmMaAr23U9vAgs5cYhV%2B1Tk3bpXZPfPseWnaTgcmt9VHJ6%2FaTIndBb9sZKTWpLYD6AkxyVZReOiBVv7CEhLdSiTb91ogAARphAXsh6I39ugiqEneR%2B3%2F7diMLBSY5H"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
set-cookie: XSRF-TOKEN=eyJpdiI6IjV1OW5JOHh1RzRBNGFOMlpGR3NyRVE9PSIsInZhbHVlIjoidldRcnlrMHpMVEdraXUrZSt1NjZEVFJkQ21hZ3UvUHRxT3BCelpGSjVWWmV6Q2ZIQjM3a0djYTIyRi8rK2RTbGhKWjNjZXpBMkxVZmVDaGhaU0ZlSnBZeVdyTlUxREpCaDVzcCs5ZE5hcUxTRm1maU4vYWVqY0o3VU0xcWU1d2giLCJtYWMiOiIwNWU2NTliZmJmZGNiMGMxNjYzZDk1Y2RiYTViMjhmZGFlOTIyNWNiYzFkNWZlMzBmNjQwYzJiM2RlNjgyMTU2IiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:46 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6Im5xY0FXWWhReWNRenFpZDFkdG4wSUE9PSIsInZhbHVlIjoiQ3VOdk44b2hkdE5pY0JNeGJKOXMzYkZ0aEV1RVBtWTBUYTJKcXlYUitEUDlmRVRJdW03cTQ4Rmhjc0txN0lITTdlYkR0UG94NHhNNUJWb2phWmZJYnJoTmRrVjNYaU5ob3F1MEZ6YUw2TzhiSndtMmpjeGhTNDJ4Nm85eWZhelkiLCJtYWMiOiIyYTNmNzc5MjE2OWM1MjY3NWY0MzczMWZhNzMxNDY4Yjg1NGRiZjBjMmU3Mzg3NmM5Mzc0MmM5MGRmMjMxMTBhIiwidGFnIjoiIn0%3D; expires=Mon, 10-Mar-2025 17:27:46 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 91e3d68b7c7592f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=16327&min_rtt=16325&rtt_var=6126&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2820&recv_bytes=1408&delivery_rate=247460&cwnd=239&unsent_bytes=0&cid=92c51c85a53df84d&ts=233&x=0", cfL4;desc="?proto=TCP&rtt=75056&min_rtt=69308&rtt_var=21605&sent=8&recv=10&lost=0&retrans=0&sent_bytes=3198&recv_bytes=1133&delivery_rate=53947&cwnd=178&unsent_bytes=0&cid=a7fae873044fdd93&ts=555&x=0"
X-Firefox-Spdy: h2
GET 9vbkeo.biijvi.ru/pani!z6xijrh8
200 OK 1 B URL GET 9vbkeo.biijvi.ru/pani!z6xijrh8
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjectbiijvi.ru
Fingerprint02:EF:A6:97:C6:28:CC:B6:D5:58:DA:02:5D:E7:F2:98:D8:DB:C8:5F
ValidityThu, 27 Feb 2025 12:53:40 GMT - Wed, 28 May 2025 13:51:24 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /pani!z6xijrh8 HTTP/1.1
Host: 9vbkeo.biijvi.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/
Origin: https://3zv.hecoesrh.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:57 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oJn%2FOb2o05b14gEtrezpjsYo8U%2Fl7tZfQ6pJOUFxmKJ7WDjC%2BW4WN6V1VLpvbcXYHbQKOHCjxwfjgoSx%2BspOvt52xUGjff1EEgbl1i9lTqhFRPistvhp7FREp5WXaRrrI4Ok"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e3d6ca4c8c5685-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=56030&min_rtt=55788&rtt_var=9204&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3245&recv_bytes=1222&delivery_rate=66097&cwnd=253&unsent_bytes=0&cid=f925c8565717def9&ts=1072&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/rsH6qHY5ducpjfIdYBtMWQetiaXArpHSUgoN7WyFijmM1Z57FypG4huVref200
200 OK 268 B URL GET 3zv.hecoesrh.ru/rsH6qHY5ducpjfIdYBtMWQetiaXArpHSUgoN7WyFijmM1Z57FypG4huVref200
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type SVG Scalable Vector Graphics image
Hash 1318aafc1fb9ded0c623e5b9a557e6df
0917cdd7633cd1642b02b2b785416ec7e5106dcc
d86660a84daa211b121ec9fe0df83d6b945f61b888384391eabc7d6b4e941dc4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /rsH6qHY5ducpjfIdYBtMWQetiaXArpHSUgoN7WyFijmM1Z57FypG4huVref200 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:04 GMT
content-type: image/svg+xml
content-disposition: inline; filename="rsH6qHY5ducpjfIdYBtMWQetiaXArpHSUgoN7WyFijmM1Z57FypG4huVref200"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=paEp5kK5cYW1WXorzJT5M5DpOpquEkPCCuM1Crib7oX5qNWmhOywLxPR%2Fct82PecjPbp00u7%2BTrvve3mNEXTqs1IwswsMAJWxx7Aj8f%2Bfq1tttC45M2w4kaeSnhhVeZ4aYbR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6e1181a92f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=18439&min_rtt=18436&rtt_var=6916&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2199&delivery_rate=219353&cwnd=246&unsent_bytes=0&cid=25905ac4025f6601&ts=223&x=0", cfL4;desc="?proto=TCP&rtt=69645&min_rtt=68777&rtt_var=330&sent=844&recv=330&lost=0&retrans=0&sent_bytes=922748&recv_bytes=8511&delivery_rate=2740244&cwnd=348&unsent_bytes=0&cid=a7fae873044fdd93&ts=18145&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/op0riJSkcCWo5iQMB8YQkRabDytefihgaLwbchTrlEw367140
200 OK 892 B URL GET 3zv.hecoesrh.ru/op0riJSkcCWo5iQMB8YQkRabDytefihgaLwbchTrlEw367140
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /op0riJSkcCWo5iQMB8YQkRabDytefihgaLwbchTrlEw367140 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:00 GMT
content-type: image/webp
content-length: 892
content-disposition: inline; filename="op0riJSkcCWo5iQMB8YQkRabDytefihgaLwbchTrlEw367140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w8pquSNfb%2F0iBe1G3PuzsG%2FWvmj%2FLwFHStQ4aRmANYBVjbGV36epvQmmEng3kEWVwOlG59xI8b0j4takirfViH0r89WvfPxPMRQ14qzqN0Ga8wK60FoHkYBNuAD3Y%2Bhil96d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e3d6e0bf7692f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=406&min_rtt=404&rtt_var=157&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2186&delivery_rate=9470725&cwnd=252&unsent_bytes=0&cid=aac3f49f3604613c&ts=176&x=0", cfL4;desc="?proto=TCP&rtt=70614&min_rtt=69065&rtt_var=701&sent=181&recv=93&lost=0&retrans=0&sent_bytes=153006&recv_bytes=8012&delivery_rate=326930&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=14102&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/wxfAsqHuLsXFgw6UDvoIUuvHOsf7LZhZuT3HwopS8qIJaFmUD9N38UmiF476dNS90171
200 OK 2.9 kB URL GET 3zv.hecoesrh.ru/wxfAsqHuLsXFgw6UDvoIUuvHOsf7LZhZuT3HwopS8qIJaFmUD9N38UmiF476dNS90171
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type SVG Scalable Vector Graphics image
Hash e924de0d471df54b6280f3dc8b187cb8
857f03226070b502a9e06b4249710ec10be4c9e9
24ce135a31ce83ac3d62471fcc0e1a82ce6f1533c993ee59ca4e110d5f2fae33
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /wxfAsqHuLsXFgw6UDvoIUuvHOsf7LZhZuT3HwopS8qIJaFmUD9N38UmiF476dNS90171 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:03 GMT
content-type: image/svg+xml
content-disposition: inline; filename="wxfAsqHuLsXFgw6UDvoIUuvHOsf7LZhZuT3HwopS8qIJaFmUD9N38UmiF476dNS90171"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nhZ87XOL623x2xAa%2Bh8rmDk5wJ6KO%2Fx9%2BA9VvgwZ6NY%2BpxKRohuzky7WZRBNZmbIxQE8dUlfy43TexTnPOfNzIjrBgl2ON5EbnGwdSj4JhmkPIbT8zJ2u%2B%2BxBaGnzSlmoB%2Bw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: accept-encoding
server: cloudflare
cf-ray: 91e3d6e1181992f1-CPH
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=411&min_rtt=404&rtt_var=165&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2205&delivery_rate=8772234&cwnd=252&unsent_bytes=0&cid=b6854352d4cdd4d8&ts=199&x=0", cfL4;desc="?proto=TCP&rtt=69863&min_rtt=68777&rtt_var=398&sent=407&recv=227&lost=0&retrans=0&sent_bytes=405349&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=17023&x=0"
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/ijVYDcSsnWx1Q6fuNa603sV7rNxyE22GVbNocfp3SkYw12204
200 OK 25 kB URL GET 3zv.hecoesrh.ru/ijVYDcSsnWx1Q6fuNa603sV7rNxyE22GVbNocfp3SkYw12204
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /ijVYDcSsnWx1Q6fuNa603sV7rNxyE22GVbNocfp3SkYw12204 HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:03 GMT
content-type: image/webp
content-length: 25216
content-disposition: inline; filename="ijVYDcSsnWx1Q6fuNa603sV7rNxyE22GVbNocfp3SkYw12204"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYRcKok71qeD95wK5mcIVzpgXq%2BVcQbwE77oDEBq1by%2BAhREfSu%2FZFYJxWmTKfvXbrdsdooGTQAYi8n3A1ol%2Bsa6uMGgzh4Z3OidzZhiaKSoE8TO%2BzqiRxoojcsFU6JPyFYk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 91e3d6e1181b92f1-CPH
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=18463&min_rtt=18455&rtt_var=6937&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2186&delivery_rate=218346&cwnd=162&unsent_bytes=0&cid=01cd9dde6d95f10f&ts=199&x=0", cfL4;desc="?proto=TCP&rtt=69863&min_rtt=68777&rtt_var=398&sent=413&recv=227&lost=0&retrans=0&sent_bytes=409718&recv_bytes=8511&delivery_rate=838278&cwnd=181&unsent_bytes=0&cid=a7fae873044fdd93&ts=17059&x=0"
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://3zv.hecoesrh.ru/fLFYJIMv/
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint00:0E:39:59:53:CF:68:07:90:75:EB:68:26:B9:04:22:44:7D:9A:32
ValidityFri, 24 Jan 2025 09:16:22 GMT - Thu, 24 Apr 2025 10:16:21 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://3zv.hecoesrh.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:27:47 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64942935-3694"
last-modified: Thu, 22 Jun 2023 10:57:57 GMT
cf-cdnjs-via: cfworker/r2
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 415940
expires: Sat, 28 Feb 2026 15:27:47 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXGTs25z%2F8O%2FCmvl96DK%2BNMyIOSv791McYIiamRD7fUe71J71Qo%2B7DeRxT14NN2lTQXc7za9Zo3nR06VaFLn3M2b2J7AF5nYO2elfQbrdBEgaVereQZ8mJ6Ng0tfPo%2BZGMId4FBX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 91e3d6922e1e5688-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET 3zv.hecoesrh.ru/GDSherpa-bold.woff
200 OK 36 kB URL GET 3zv.hecoesrh.ru/GDSherpa-bold.woff
IP
Requested by https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
Certificate IssuerGoogle Trust Services
Subjecthecoesrh.ru
FingerprintFA:05:55:6D:C3:64:93:18:EC:FF:DC:92:9C:5E:C1:AB:08:46:2C:CF
ValidityWed, 19 Feb 2025 22:32:26 GMT - Tue, 20 May 2025 23:30:58 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /GDSherpa-bold.woff HTTP/1.1
Host: 3zv.hecoesrh.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3zv.hecoesrh.ru/hywdhcdlfisezxgzcqdnkrpzxup76rwq9ior7wmizl19k?DKTJCPMOMSDVWJVYQ
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImtmOTNHSlVVTEFaM0xYeVM2Y2c1b3c9PSIsInZhbHVlIjoiVTRkQmpUM3M0cTdrTUhYYnJUR1kyUEZxQWp4QjFuekJaMXUxdWVsZkhwbWZpaml3eXFYUEFjWGFzSXJJd2c4YTNqcjRPaG5kZnFBN2prV3NYSmp4bWV4eTZiMlFnZk9jNjFuL3FMQXhreDNmaUFOWVBVVlVyc092L3hLVWRlUXoiLCJtYWMiOiIzODlhNjk2YWZlYjU0YjA2NzAzYzFmNzFiYTk3ZWFiYjgyNjk0MGNhNmY2NmQyOGViMWQ3YmIxMDNiYzQ3NmI5IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlhoeU1wMExrOG1RL1d3eVJqaWdGMWc9PSIsInZhbHVlIjoiQ3B5SkxnMFF2WE1haVFhc3QyQVBjUnlPb3V1MGpDaWJ3OEp2NURTZTdNMFBtZkdmc0ZVL2hUOXViQU9QbVpvK1Y2dG5IUUYraDY1NWFLa3dXOGpGTktLc01OWDBuTW1DYTNKWk8yZDVRdXVHY3luTnliMlRyczJvQzdsc3A1SS8iLCJtYWMiOiIxOGY4OWM3YjI5Yzc4NWQ5N2ZlZjZmZjc0MWQ5NmMxMjY1ZWUyMzZhZjExZmU0ZjQ3MjVkOTMzNDk5YzE2YjBhIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 10 Mar 2025 15:28:02 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
accept-ranges: bytes
content-disposition: inline; filename="GDSherpa-bold.woff"
last-modified: Mon, 10 Mar 2025 14:11:46 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PHsAxO5mS4VZbu4T6BLjvsTirro%2FMNXD19qnQ8kxAoX7BjSAnwmixCedo3GW7vTw9YgsJbN4FmsOM5rInc5OY4At5%2B98V9xQrbUgm6MMKXk%2B3nOMO%2BVbD8nt4O2LX8KJJnuy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=344&min_rtt=328&rtt_var=156&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2191&delivery_rate=8791304&cwnd=252&unsent_bytes=0&cid=8afab8336f4207de&ts=19&x=0"
cache-control: max-age=14400
cf-cache-status: MISS
cf-ray: 91e3d6e0bf6a92f1-CPH
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
172.67.158.241
151.101.194.137
140.82.121.3