{"report_id":"dcb99897-304d-4dfd-b452-c22ab2849548","version":6,"status":"done","tags":["suspicious","phishing","tycoon"],"date":"2025-03-26T16:52:59Z","url":{"schema":"http","addr":"bakambi.com/redirect.php?v=fb27c341ff537c4","fqdn":"bakambi.com","domain":"bakambi.com","tld":"com"},"ip":{"addr":"74.124.194.57","port":0,"asn":22611,"as":"INMOTION","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"title":"​"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-06-04T16:52:59Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"4lru.fdprai.ru","ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-26","domain_rank":0,"first_seen":"2025-03-26T16:52:59.932514Z","last_seen":"2025-03-26T16:52:59.932515Z","alert_count":3,"request_count":2,"received_data":566089,"sent_data":1667,"comment":"","tags":null,"fingerprints":null},{"fqdn":"3ilf9.tzgozx.ru","ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-26","domain_rank":0,"first_seen":"2025-03-26T16:52:59.936724Z","last_seen":"2025-03-26T16:52:59.936724Z","alert_count":0,"request_count":6,"received_data":4993,"sent_data":2652,"comment":"","tags":null,"fingerprints":null},{"fqdn":"bakambi.com","ip":{"addr":"74.124.194.57","port":443,"asn":22611,"as":"INMOTION","country":"United States","country_code":"US"},"domain_registered":"2024-09-14","domain_rank":0,"first_seen":"2025-03-26T16:52:59.932955Z","last_seen":"2025-03-26T16:52:59.932955Z","alert_count":0,"request_count":1,"received_data":563469,"sent_data":510,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"1f998e7aec92d77abfa971edce6596ce","sha1":"8153a58c915c12848fe12a80677582b7ac2b926b","sha256":"427b66952f2b36e2cba340dd7059e653416a7a9915025a8e9874d05b96a80b3f","sha512":"a74c9493e433837aafe005d827e74868ee94605afaed03f00ce1f3c52c1888451ac9a2916be2e416e36080ddac48e06f5bbd4bd08de81f947561c186a387684c","ssdeep":"192:H2wD7251VPanQg6Gh0ksiniriIiwV8tnpbQ7Hl:WwD7251VPauksiniriIiwVenp0","tlshash":"30d1c7279ec72d114732a90746df8bd27c1d07afb8c2949a7e4eea488f0d56564d02fc","size":6225,"data":"","first_seen":"2025-03-26T16:53:02.956773Z","last_seen":"2025-03-26T16:53:02.956773Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"1a9bfda4d22bcc5c52c37db74750cbb0","sha1":"72d1a9c18419f98702031f26f71b6e637050d62e","sha256":"716fb68f2b2bbf4c076403d9cf7a3cda0dc914f123166b5ccd16aff797663178","sha512":"33cb57509d93393cd7a39c9644cbb8ae5068290fd6aac255710798031b8e277472af1f25929be349b0b06a99c4539359ac8a01e7646e2fc38d3238940cc26348","ssdeep":"768:+E+JCe9jbH0J7oen8yL2E+JCe9jbH0J7oen8ykLkK961SLkK96p:+zJCC7nen8yKzJCC7nen8ykLBMcLBMp","tlshash":"ffc446ee26072133879c2d629467130700278dc57fb16aa1ff650d68eee295e1ad81ff","size":563034,"data":"","first_seen":"2025-03-26T16:53:02.957861Z","last_seen":"2025-03-26T16:53:02.957861Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"78fd4619fc8a7c6de8dc4c3cd2f7d3e2","sha1":"2086bc1c79579ca56806c84fc86cb1119e8b1bc7","sha256":"f39baa7d8c070e3870b2845172c8e77b47ed2d173e8d0c0e4a853194b71b73ef","sha512":"8cccb8d0b8fbf9e2e5f8b48ca7efd878096b6a69cb3edb3a5d33f8aefb6b875012081734e839c868002a7a03cc7724e6961895d6dd7c78f0c0d998ebf9d44b84","ssdeep":"","tlshash":"9831b19ab0b750303672b17e177f66043a3692d7709586343a1c0f75bfe169b43a7584","size":1749,"data":"","first_seen":"2025-03-26T16:53:02.958786Z","last_seen":"2025-03-26T16:53:02.958786Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd41774e10578fac9529d4553680bf26","sha1":"871fc7dca1fa5ebb62ff69367f319e9e56cb8056","sha256":"907fc406d352e21d0d66cb098e54953a01a2025dfe1cfddafe286f76aa7b20ae","sha512":"2c13dad2f05c854d4e763dc49b3b3a55307a001c3d09d1568f3090be44fd12e562607f66d28d918e5772e434c01a356c73a3010357a1bcad3feed9dca9815d77","ssdeep":"768:XihIVehDsi29qDNxtIhDoDsthTDIfIBYjhDLyhfjfpn/BegDfIBYjhDLyTn/Bers:XihIVehDsi29qDNxtIhDoDsthTDIfIB2","tlshash":"fb03007b90f258047526a0623c5ffe0fd66947eaa08b81b11ec8fd9cca3dd1c440cb58","size":39417,"data":"","first_seen":"2025-03-26T16:53:02.959581Z","last_seen":"2025-03-26T16:53:02.959581Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"88e61fcabb13296e8e68baa27beec0ae","sha1":"517b2e7c3b6bc865851bd8937aa605ca54ad4d06","sha256":"9d2d4392c45348eb233da929b947dbb9b24591246780694bc5962753b96adb25","sha512":"bf52f8a9724387ea0d8289d14c6d6cb754d17a5c96c80c56272099b96e863a7ea0e13c2622baaf791a6f14fa3acc115ca2eaa1d0d4a65e315c9e23c3cdfffec7","ssdeep":"3072:HhThwhBIDXhMdUlDDXXdMshIhdf7IYLyNeDy+Sf/IugN3sBdhMJglighDtgXXsy/:HhThwhBIDXhMdUlDDXXdMshIhdf7IYLn","tlshash":"dfe300b3a0f24084712a50203d0fff4fd10a57e5a19b84b8adc9fe9cda7c96c448eb85","size":148722,"data":"","first_seen":"2025-03-26T16:53:02.960356Z","last_seen":"2025-03-26T16:53:02.960356Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"76f3dcd06e7c1327732962af7d43d89f","sha1":"16a160d96a70d280cc2e4cfec98b686d8ef50b1b","sha256":"286c742acb362946f0db6ccf1591f5a95a306631cfafbce72f602cf28bfbd63e","sha512":"8e16193b9761d8e68cedfe36e88dab975568454601f17b05964859c71af0ed5560f67f0d4565af607e07b6b6a71f3a35200ed2d898848f4748e4ff8d367dc191","ssdeep":"384:cYzYryNRzyFRbl/mgikeBQDXwGrgHD0Tue:crZmgZDXwGMwue","tlshash":"75e3be7ff512137fa2c2de8b799bad2d10127d9ae10f0784a283b717b746bbc0891855","size":154388,"data":"","first_seen":"2025-03-26T16:53:02.961611Z","last_seen":"2025-03-26T16:53:02.961611Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"4lru.fdprai.ru/hEoDuptUnDsi/","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-26T16:52:37.570Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fdprai.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:44:12 GMT","end":"Wed, 28 May 2025 13:42:53 GMT"},"fingerprint":{"sha1":"21:11:94:31:B2:98:6E:82:42:BB:A6:4C:2D:01:89:13:AB:2A:C8:AF","sha256":"39:EF:0A:66:71:AF:F3:D9:34:7E:90:B5:CA:7F:C7:21:4C:BF:92:F5:C5:45:7A:38:54:BE:AE:4B:D7:49:2B:38"}}},"request":{"raw":"GET /hEoDuptUnDsi/ HTTP/1.1\r\nHost: 4lru.fdprai.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":451,"data":"{\"cid\":null,\"uuid\":\"adf359ae-6fd6-4c32-aa48-e515c7f6e28a\",\"ref\":\"direct\",\"landing\":\"https://www.nationwidefireprotection.com/wp-admin/AA/linkedinVerify/fee7a2e3f3d1047e927a8b6882ae1d5b/\",\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"record_pageview\":true,\"swaps\":[\"8007507313=\"],\"all_formats\":true,\"ids\":[535009027],\"google_content_cookies\":\"\",\"perf\":{\"dns\":1,\"conn\":17,\"tls\":22,\"wait\":197,\"recv\":1}}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:38 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: no-cache, private\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=zjKDVy32njrUQdJ3zgaIeyuMpd3HceywL%2BoU81EoNdQeZLVTS4mWTETgZLFPr6ELHWJmxYWGGkNavKFJtIo4IHLyUkxry9xj6vi6eVC9%2BpmQNqxFRxSzFMJ1gz2sTA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nalt-svc: h3=\":443\"; ma=86400\r\nset-cookie: XSRF-TOKEN=eyJpdiI6Ik9MREdqaitHcUZZN0JCcEFHN2dSRUE9PSIsInZhbHVlIjoieHZ3K2dsNml3V0VwaVZwaWNaNDJxaXlYMDgvM2VVMHNQcDZWUEFtQytsdnJmL0lrNGtEa3Ixc3VnM3A5cy9kVjk0ZlFHYjkrU3k1OXZEeGdBdXE4VkFOY3J2emVSaEM2SjVybDNDdzVLSDVQN3Z3UG1pUHgwMmVmZmZ6WkpQbU0iLCJtYWMiOiJjMDYxM2NiODFiODFkODVkZjVlMDc5NDExOTJhOTZlZjM0ZTQ5MDRlNTkyMTJjOTcwYzQ1OWE1NjdkZGRlNTU4IiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 18:52:38 GMT; Max-Age=7200; path=/; secure; samesite=none\nlaravel_session=eyJpdiI6ImNSTVA2eHQ4YXRuNjJFSjNoWnc3ekE9PSIsInZhbHVlIjoiQXAzNUc4L2Uzbkh2KzgvRXlsZnZIUGJPVWx5WkQrQzliMEVCaFRjNCtYNEFYRldFa0kwc3A0UzJVeFhreTJMTElxOXFJd1R2NXl1aVBtV3VGdWpoR0JKTGJ2SUZYVTZ1dHB1V3FaSXlVMFhDQVZaU1VUSFB2WEtRRjNuSVpSYVUiLCJtYWMiOiI1NjNmZmMwZDlmMzlkMTRhYWQ4ZWM2Nzg5Y2RjNTMxNzFhMzJiZjM4NTRjZGRhMTI0MjQ4YjdmZDQ5YTc2ZWEzIiwidGFnIjoiIn0%3D; expires=Wed, 26-Mar-2025 18:52:38 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none\r\nserver: cloudflare\r\ncf-ray: 926828d7a86857f0-AMS\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=500006\u0026min_rtt=328273\u0026rtt_var=75615\u0026sent=76\u0026recv=79\u0026lost=0\u0026retrans=1\u0026sent_bytes=80966\u0026recv_bytes=18828\u0026delivery_rate=54451\u0026cwnd=54\u0026unsent_bytes=0\u0026cid=5230fa62ec0428d5\u0026ts=52874\u0026x=0\", cfL4;desc=\"?proto=TCP\u0026rtt=25373\u0026min_rtt=19729\u0026rtt_var=13346\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3269\u0026recv_bytes=1262\u0026delivery_rate=211119\u0026cwnd=202\u0026unsent_bytes=0\u0026cid=af84f65317bb5407\u0026ts=1332\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":563051,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (65360)","md5":"64dd62e2515c2eac48ea353408070832","sha1":"72239b15e33afbbc78d863f90729e5e8177fee75","sha256":"6de7c49322ccac56c84baa1518f10a836dbee5cb826affc0cfd1fbd8bc98940c","sha512":"0c43538e7484e35bd16c97c057ac0d72e28e46a019dab051e92cd86a742c2c88c67281a4e73b9d533889e5a48ea8f2fd6ed9c228485750a978ab9538ab1011d2","ssdeep":"768:TE+JCe9jbH0J7oen8yL2E+JCe9jbH0J7oen8ykLkK961SLkK96D:TzJCC7nen8yKzJCC7nen8ykLBMcLBMD","tlshash":"8ac446ee26072133878c2d629467130700278dc57fb16aa1ff650d68eee295e1ad81ff","first_seen":"2025-03-26T16:53:02.954162Z","last_seen":"2025-03-26T16:53:02.954162Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1537,"timings":{"blocked":119,"dns":43,"connect":20,"send":0,"wait":1300,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Suspicious - Anti-debugging code","verdict":"suspicious","severity":"low","comment":"","tags":["suspicious"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon"],"meta":null}]}},{"url":{"schema":"https","addr":"4lru.fdprai.ru/favicon.ico","fqdn":"4lru.fdprai.ru","domain":"fdprai.ru","tld":"ru"},"ip":{"addr":"104.21.3.67","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:39.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fdprai.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:44:12 GMT","end":"Wed, 28 May 2025 13:42:53 GMT"},"fingerprint":{"sha1":"21:11:94:31:B2:98:6E:82:42:BB:A6:4C:2D:01:89:13:AB:2A:C8:AF","sha256":"39:EF:0A:66:71:AF:F3:D9:34:7E:90:B5:CA:7F:C7:21:4C:BF:92:F5:C5:45:7A:38:54:BE:AE:4B:D7:49:2B:38"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 4lru.fdprai.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://4lru.fdprai.ru/hEoDuptUnDsi/\r\nCookie: XSRF-TOKEN=eyJpdiI6Ik9MREdqaitHcUZZN0JCcEFHN2dSRUE9PSIsInZhbHVlIjoieHZ3K2dsNml3V0VwaVZwaWNaNDJxaXlYMDgvM2VVMHNQcDZWUEFtQytsdnJmL0lrNGtEa3Ixc3VnM3A5cy9kVjk0ZlFHYjkrU3k1OXZEeGdBdXE4VkFOY3J2emVSaEM2SjVybDNDdzVLSDVQN3Z3UG1pUHgwMmVmZmZ6WkpQbU0iLCJtYWMiOiJjMDYxM2NiODFiODFkODVkZjVlMDc5NDExOTJhOTZlZjM0ZTQ5MDRlNTkyMTJjOTcwYzQ1OWE1NjdkZGRlNTU4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImNSTVA2eHQ4YXRuNjJFSjNoWnc3ekE9PSIsInZhbHVlIjoiQXAzNUc4L2Uzbkh2KzgvRXlsZnZIUGJPVWx5WkQrQzliMEVCaFRjNCtYNEFYRldFa0kwc3A0UzJVeFhreTJMTElxOXFJd1R2NXl1aVBtV3VGdWpoR0JKTGJ2SUZYVTZ1dHB1V3FaSXlVMFhDQVZaU1VUSFB2WEtRRjNuSVpSYVUiLCJtYWMiOiI1NjNmZmMwZDlmMzlkMTRhYWQ4ZWM2Nzg5Y2RjNTMxNzFhMzJiZjM4NTRjZGRhMTI0MjQ4YjdmZDQ5YTc2ZWEzIiwidGFnIjoiIn0%3D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1395,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":510,\"startTime\":1743007923837,\"versions\":{\"fl\":\"2025.1.0\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"950178ff-97eb-4781-8886-650a9f8f612f\",\"location\":\"https://bzzcare.help/Bin/ScreenConnect.Client.application24owsClient.exe\",\"nt\":\"navigate\",\"serverTimings\":[{\"name\":\"cfCacheStatus\",\"dur\":0,\"desc\":\"BYPASS\"},{\"name\":\"cfL4\",\"dur\":0,\"desc\":\"?proto=TCP\u0026rtt=25339\u0026min_rtt=19990\u0026rtt_var=13012\u0026sent=8\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3276\u0026recv_bytes=1284\u0026delivery_rate=215156\u0026cwnd=255\u0026unsent_bytes=0\u0026cid=7519eddf8fd7cc31\u0026ts=131\u0026x=0\"}],\"timingsV2\":{\"unloadEventStart\":0,\"unloadEventEnd\":0,\"domInteractive\":459,\"domContentLoadedEventStart\":604,\"domContentLoadedEventEnd\":610,\"domComplete\":611,\"loadEventStart\":612,\"loadEventEnd\":612,\"type\":\"navigate\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h2\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":37,\"domainLookupStart\":38,\"domainLookupEnd\":39,\"connectStart\":39,\"connectEnd\":115,\"secureConnectionStart\":62,\"requestStart\":115,\"responseStart\":213,\"responseEnd\":214,\"transferSize\":4779,\"encodedBodySize\":3892,\"decodedBodySize\":3892,\"name\":\"https://bzzcare.help/Bin/ScreenConnect.Client.application24owsClient.exe\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":612},\"siteToken\":\"52c9bac2354b4b0a990765aa3d0ac729\",\"st\":2}"}},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 26 Mar 2025 16:52:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncache-control: max-age=14400\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=5REU0xBRkeXqbFgsm%2FkJpy%2B5U5q0Znbabys%2Fjj%2FVRtHmO3mDGHrCQNSDrXzK1uWqWSVGWrqKaqg8E5FHuUMKzaBFvoarASfY6%2FHZWgw46TXygfJfOnzm1QpI3rPgwA%3D%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nage: 7968\r\npriority: u=6,i=?0\r\nserver: cloudflare\r\ncf-ray: 926828e30bf9d8d0-AMS\r\ncontent-encoding: br\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=45440\u0026min_rtt=42342\u0026rtt_var=9803\u0026sent=13\u0026recv=17\u0026lost=0\u0026retrans=0\u0026sent_bytes=5914\u0026recv_bytes=6913\u0026delivery_rate=133809\u0026cwnd=4\u0026unsent_bytes=0\u0026cid=00eaebfb671241a0\u0026ts=154534\u0026x=0\", cfL4;desc=\"?proto=QUIC\u0026rtt=23027\u0026min_rtt=22086\u0026rtt_var=8954\u0026sent=11\u0026recv=6\u0026lost=0\u0026retrans=0\u0026sent_bytes=4041\u0026recv_bytes=1698\u0026delivery_rate=26894\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=99d48fa84bcdbb28\u0026ts=516\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":34,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Tycoon Phishing Kit","verdict":"phishing","severity":"high","comment":"","tags":["phishing","tycoon"],"meta":null}]}},{"url":{"schema":"https","addr":"3ilf9.tzgozx.ru/jawari$hrqw","fqdn":"3ilf9.tzgozx.ru","domain":"tzgozx.ru","tld":"ru"},"ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:44.448Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzgozx.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:33:44 GMT","end":"Wed, 28 May 2025 13:30:58 GMT"},"fingerprint":{"sha1":"38:C9:91:9F:52:2A:E3:4C:02:18:97:6C:E7:42:4C:42:DF:CA:F2:CF","sha256":"53:2E:97:21:C2:03:6C:E8:19:22:86:24:5C:A0:99:00:44:2D:0B:F8:66:34:22:89:C3:D4:5B:60:B8:01:9F:9C"}}},"request":{"raw":"GET /jawari$hrqw HTTP/1.1\r\nHost: 3ilf9.tzgozx.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4lru.fdprai.ru/\r\nOrigin: https://4lru.fdprai.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":4496,"data":"Waw8f7Q6ndwHkA3QCxBJwkxau+xzxY8waQvx48JauAvxJ28-kxLfxe8H4w7UwxW7Rw4x+cxZNnx18eixNpIxQbk8H93x$oQ3mwnwnQrxWw3xBSzVxAw8eqxG84uMlqO8QLxB+w7xs8Q9Uh8ZlBJd4x-OLnN9wx+Skx6p8xn2lTgpL+yZlBC85MqAQMmMDkyWaV4Or3qxuiyJPwxdpVgSCowAkxEJoxz8QGGfGHV884$5qnjx77xd4xRf-OxQCkxxmhh8QMG0pbxAaxj8Q7xekxHfbYqUox75Aq0d8wIZ2L$Us+VcGTtqL7HbgOQN3q4xdS$puoNWr8T3Eh$7xEJx57eWmdP1iuPR9JZSUJnHHrLuoE1Lf8QFw+kTGkJlBD$AJlxCYLt4LyuLrk1QuOzuldxlx73Nf8xeS52+eOf2eW598u2jGT9Ue6qZ$IZwnOrN5Vn3$pu34-ae9dc$3h2+En+kw$1ubGJsFiad2+B-aHdPSJP2i3qd$5392ZwC5E37dpRxsnwwvrlA4f-SbilG67keqfuif-$n+8BwoNuWiAxfL84daaddpWkf2u2RrU-q4eVFn$b-tctjG6JfWwdLE6uQEAILZdGravx93e6DQq$eEP76$uWQ7CvZrbuVYdr1-qe2wEhnYd8r4OOetb5Wlx5-w4DlnY-$k89bOS1w$UwkaebFZ3r86T98$DoHN72nK84lZrfmWUGuOu3dN+3aOjse6tskww1jw-8d+qi7VjRxO3GZeid+m7wJQvwo0QsHnzG7iJGji98p8NWaPxdWwwnse6a0xnoELOWOjQR-8i+CJAOLhlHOLx9a6$Kn4vuClHwfpWwZIVd8ed$Zo6uLZnzod-$4CHZomfpioPukiJaLIdo4S8iabfZl80uax3huVeHvukx8qIARx8LmR3E81Zw77H7IQNUhn$NTdaKfm7oSJk7Zrjvlht$NeirjzeIf7kJoULO7wzskuA7xsw4TIEu3rj3Hn4dRZn+1Z78afZlH$+IZ3c8YZw7oL-amLTdaSQvuim81JTc7Bu3qo1Rkix3Znbfp7PtmHJoWuOWwgLGAx0Mq7w-Gh1377BeiUf79+3oNi3w8dwktNOAkCL7eiSubdapjvZo77Ohn67aWk1faH6Z44eHSxP63Fuleikx4-wWxNios5zioVLk76qoVeV$4sZnt+Id8TItJojubui5QEiSwL7ZowfVG87sC-oh8nZn++iAx4pBe69tJ-$KjYlnzGGW8SlMs3h7GdwCjt-Zm49kwZ4LiojuqO85uw56HNpWkhjMu3SQ$Ak67CRkcfTd8-n1uiFxV-q5Qe9kp8qN3Fx4-op8YL4kQ3Zd6xNlHzGkTnCLxGwcf+Hk4p3Hkq+zCaNjAHnW9Ji3b8Rww+NxL4Sq37p$LiRkGjYx34CmWwhQAJnaLax3ujRA4rsHda4nYA7-$swoi4nww$fN8OKdsdHPxFdamNpHk$+mwwKjz-a4wReqcu97Db8wiaxklx3pLt3J7skZwcSY-+2R97wSe4eLTIYA4kxnAiq4nZ3Kd8-Y5AG7wkuCi76uxOnMkexYFbj87C7wEoMQdupRqdoHQJx0DqHOQ6exw8NxfNiwEyOtoPQv7i--kHhuB88xxlPURw-qkHfxV79e6R3k8otduxfOJn0xZIcpn7MA4JQ0x$u24u2+W8mIHd4uOJa0xN8OxFuHJVzQyxxnN7P-+-wyQSulxoR3Ax3LNQUA4-wo8cjJLo72hVsxjoN7BJ3Ek3xyxOxYHOw4yoJfwuU1DeiHoq42RTdUt5HQyxennZQ7aUxSHCLBdHd8JkJLGfc7nd8Exp8fLkxBuVo8vSEuxMB74R4etKukH4H6TnVsEuS8MW8o8p8HQ37hx3ALd4quZ7mZ3q8FxYdjwLtHKOE5vj3RDAxyS4SmfZuxlHZcq$zubRUi1k80xHf9QnHnZ4YoOuU5diaWITIPubxR37T8UjSuHInuxxaC8f7BxolHBw4dPCC7LeqDoz$mLOjoA4jwEjExlHonow4PQCSJ4BeitV7xpjJRD76JaFx47kA6WfJw1jUfleq-nJkWxsfbQoHk-Dt4SfBRKH8k8QI6ukQ8AxxIlxDQRRDZ368O8sfpHHi7Tnp5Ku+7k2DwqF$FQ8uvZww$y6ajRxZx6kHhJO8TNhn4Eo8Ok7UOUZwy+YoaHVAB-8lnto+NqAd2oxae457IqD2o68h85QM7ZeOjq-$Puc7Qfxlrg8hjv7Jq6dx6QG7GeEAkqmwNLQwxo-qqiNsUsVu8ezwaw8EfGR4-aHootk8p8o-orjSwpfdImeqT8GQ-xd7CQiRn4dGxlRDWkrIKwS1keLWWyxTIQ7CQmA$Z47I7uxjfw4QwzopjA-478t4+IIxVu3u6jkt4FfslWL8y47$D$ls8uxycJQ8sOuaqvTotIAsBhQ7wrQF$mjzHkWaqrdIGsLQMecqTt9CuZxZd8RkgjcsG7CdkyxmHGlCeSo8kHz$GxvtqJui4$jGQRxodwtPH4vxToneITQSwrfBu378A8fQ1uCRU-+JwYxYuLQ8eZFni4c437LR3Jwi4k7gzvpnqnKjTC9-DJa7ktqTLyOOuiixONlxnHUdkyoKGSfkewuBKOQIz7CRCAq$VC8kQwRS087rQIkLmHI-aex2RM-LVhsikHvxPfae6-wEkr8kfZHn-FHaNjL7hH4uo04HIKQw7ITeRnppGsTeq7468WQ-xsuohztoWQ3QAe4R3RnHISuCRqdk04p8SfnyUPaRnWnalV7yZwDonME5R7ml8sUq$bf9xGW4b4c8quaetkkix-otq3H4H1EkpjDhC7aCndxTqHfHHoo8zxpnYxVukH8y4orb7GQnWwk8+4ufbRwQ0zovVH8su8H6ZxCHn8rIMRkiU8j3QEQMJGWMsJDJB7LxG5VNEmfVdHeqQxqoW2UM4eiyoHwa7O5dA404q$qBBxECoQxUjb5tRP-oyr8V5xYHk76Sx4w7lkeWhfT8N8$uzdifiTnSx5QtHyO6$8hxrjEeI37-iZ6aQvyPuiE4V89+GHJ76sxMQTh4McJoe8Y$t7HQHQm$6GQkLaGhiar4c8HYU5TT8CnhxNucuxuiGoa8UE4eDCGz326BQ17Zuit1gDKonH3WwqNT6SdKi3wwGoHz67BRUuoq84j4zBRw-+Ha58a7FCon46oFxbvhedRxJnG87CmRneLsxK8hLHR2HbMkvQLQEuV4OdpHdzukjdcwHaqIU7KtLWaHZlxfRmHneiZxKjaoRA6JosfYoUw4ewZnkEjQcGF2Px8oog8uLTHOwaTndI27oB6JnZRwIyMgjhLv4812KxFHOxGSo7opLHRDeHrkMQtQ8HkioZgV8$CCsix6ufHO4uybLAxJwz$EukHnWwzoWxnLaRqWQw48kODiQUuot4toBxU8bRxiIbx1VFfvWkdoV8TfTHnHjeVu0t6HUeLRHA9omRUewxfxMHF+muxRtRCuiRB7CQmxu5L7+QmxIbYeSuxQKjv7ZewQf$RtL7helQ5V3Q4e8qHuG5KAUA6RD7iA47CQG7C7LukeqQvRoW+uaRCRIf3QventxuveL7q7qL8eV$xRUR4HQ8Gq87O-C7Fg4A7qOlaeqRUxZxGROJOdku8ABH7IVtCHPxoQVlax$7TMoNqdx7qRwAHQZx8xq-w$xR4Oc5qen$xuoVY1OHHu8ROu87MQkuNHOu3HHuZ+hRqe6QZ7ZRURB7LQHRCe+gZsFuYtqQe$2H3RDGyOmBL$momxA$PLmxBeL7zGbLCuI4GHkRP7iAUHAMgAWvAjdOUROQk7MRHRBRUMURnHnxFj08Bu+5kqnHHQkA95q$xRFQne4H6-BuvAUAOHOx+uroZ7CJ8QMlMwBdxQzN81V7i-AwMxm4nL8RijGRi-nR4Haq8AZZUx7zO7qQZROAi$xxltj4GsaeVHmOkeO$xuOeLHUA4AU7cl87ml8H8AyIPAOH8xxRSws8WIxFjh$AEJQJQwsbxqxF8aHCjix$$HwLejoqxqxaQbjjoaxcHTkF8U6I8$xvxnSheJxPxKFe6$6nQ8Q1uAQdxH8a6nxxQ9xxzoqqSLh7oHTl8AwRCu2bIuUABuk7LRqQHLhQmumfIBKIsAvewQvQTsNgHAee4AUukukRwQLi3uOHHQmeLRUuDgo7CuP1kIV5dRUuiHwHn7LeVxouO7+RVe0A3dZQ7LieOGPivW4RHevLPiuZBHOHaxxQVoxrkUWwsx9FtUx5QLQo$SQSxn+TGPxhsJQ2xFjq+i+cxxQLyo6SA$Zox3I8JarLq8taOx63+3Y4D333L3C3M3mhwi+oHiFO6iCiMigxZi2kQiSi5i9iOxyiOxli1i2i33a3Yxq343P3j3M3h353hodiPk0Ox3+8wO+8Hkaq$iaHZ4GozxkqQxAkwaG8rJd2E$T8uAQk8xxfzwgJgZeQgZUug-CO-Z-W---ZG5vf37IAR72dj52daxyWA+yZgWg-giKd-l-w2Wdu3QRQOAx2MWRWwGxx"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=bxgJdUWRZvsdQdYwYsNUpsPe%2BzUmND15JpLn1qnhpBUelRpfgqKshNRGilTdqarKHzRjMYIF9fkrM6wDE78%2BYrpIVb5jeG6EH2ftdLSfMNOr87q8KlMWcWDYqo1uXS9jiw8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 92682902a8c9fea4-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=22172\u0026min_rtt=20633\u0026rtt_var=3460\u0026sent=10\u0026recv=12\u0026lost=0\u0026retrans=0\u0026sent_bytes=3906\u0026recv_bytes=1295\u0026delivery_rate=209915\u0026cwnd=229\u0026unsent_bytes=0\u0026cid=c923b322c9ae47b8\u0026ts=865\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-05T14:39:18.148491Z","times_seen":104920,"resource_available":true,"data":null}},"time_used":1090,"timings":{"blocked":123,"dns":55,"connect":21,"send":0,"wait":844,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3ilf9.tzgozx.ru/jawari$hrqw","fqdn":"3ilf9.tzgozx.ru","domain":"tzgozx.ru","tld":"ru"},"ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:55.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzgozx.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:33:44 GMT","end":"Wed, 28 May 2025 13:30:58 GMT"},"fingerprint":{"sha1":"38:C9:91:9F:52:2A:E3:4C:02:18:97:6C:E7:42:4C:42:DF:CA:F2:CF","sha256":"53:2E:97:21:C2:03:6C:E8:19:22:86:24:5C:A0:99:00:44:2D:0B:F8:66:34:22:89:C3:D4:5B:60:B8:01:9F:9C"}}},"request":{"raw":"GET /jawari$hrqw HTTP/1.1\r\nHost: 3ilf9.tzgozx.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4lru.fdprai.ru/\r\nOrigin: https://4lru.fdprai.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1698,"data":"e=37dfbd8ee84e00126eedc735ed4e8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f6749868b8c077f361eff7d7e57d56f8962ce513005709306035b34065bc0ed6f1a77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2e1579025da48a2d352f00a3af1b718cfea42e98e45f7a1b78ffaff1c29d75becfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709aa3831ffd2413af090bb28d044aa58e1da07d053d99b2ad632348a8b658d34d38db6e185ece21a36e47ca4b1e8572e26a0c13182be40af570350c5575e99c293cfc5fb9520cf3a90c6f5c836ae7d7174dc38089285b74929dbaa3ce907ea9c4e9d7bed32004557c030b401d9d5ad7abfc7768710e49bd7de6498524961bd06545f3e073ec2af42ba4ed3c0910fa3de3dbddf6c94c2edfe5c81bbe05370558ea9060494f7471a12faacba0da73b99f655efe02eae7da0319553c815d7a83ecf0626e4ae9164233e600329034013b6fc8d6eda1eaa46464435e5b749db84050afcb8c3a7bb6dc3f1f9fb87fcb3ec4d4f3de75a80b65d039f51315e8e374f7b7ef765ae711dc1ebc1648365d63bdeab50accf5690265255546b7d4efe80f6c72e3810c34c579fc1d8a5b1cd57069eb0ba7493ce6d38a0da565908bef18a2574d066e629ff08ff2ddf57829c01f2a833fc9a8fd69b4762e8e93e629c22ee88f9cb56ca33404c40e1310435f0b1439dae549c8b91a339d195c57757254dbe21b951fb11e3fd36c56307781e641f2ab603d1df215fbb73d2f3a077cbc54e8d776fbd51217d8de2d01648ae2ca0cc02d004300356ae7b71c0bddd68d74561d9d642b3d5dce3921d990e006007f87424518082531fe97ef5f4c1319d8aba5b4f76a376325947dd1d55e69aee1c0d8220358ad1954b9791e69314\u0026cri=JM98E4BEFg\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5007\u0026mo=0\u0026pn=6863\u0026spn=1856\u0026fp=1071\u0026snt=1"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=YPlpITW75dBdeehBKGrw1ZaBKiuSDoV7CrQb3fdY3kjB%2FmBQqZgBBW6P%2BOuqgRYEA404aIZM9psEnklKoNl8bOP0JIcIELlspnA7LjgENwLLeGrZwW0sVEgrsXOV2rwVmsE%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 92682945b933fff9-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=27932\u0026min_rtt=25792\u0026rtt_var=11407\u0026sent=15\u0026recv=9\u0026lost=0\u0026retrans=0\u0026sent_bytes=4801\u0026recv_bytes=1692\u0026delivery_rate=760\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=43de27b052f07abd\u0026ts=6673\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-05T14:39:18.148491Z","times_seen":104920,"resource_available":true,"data":null}},"time_used":780,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":780,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3ilf9.tzgozx.ru/jawari$hrqw","fqdn":"3ilf9.tzgozx.ru","domain":"tzgozx.ru","tld":"ru"},"ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:55.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzgozx.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:33:44 GMT","end":"Wed, 28 May 2025 13:30:58 GMT"},"fingerprint":{"sha1":"38:C9:91:9F:52:2A:E3:4C:02:18:97:6C:E7:42:4C:42:DF:CA:F2:CF","sha256":"53:2E:97:21:C2:03:6C:E8:19:22:86:24:5C:A0:99:00:44:2D:0B:F8:66:34:22:89:C3:D4:5B:60:B8:01:9F:9C"}}},"request":{"raw":"GET /jawari$hrqw HTTP/1.1\r\nHost: 3ilf9.tzgozx.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4lru.fdprai.ru/\r\nOrigin: https://4lru.fdprai.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:56 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=wK6rXCK8%2BZdAXiDn2fssZcZfABwfFcRM%2BgDGhgWGZascTkmOOR7vQ0kUg9qM0oLq5Z6u3F2uKoFill%2FY%2FM5npcAqA3X6toLz44bT2XXtom6vrRwB8yMOeg2juYULswiU8%2Bg%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 926829470be9fff9-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=29462\u0026min_rtt=25792\u0026rtt_var=11613\u0026sent=16\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=5455\u0026recv_bytes=1736\u0026delivery_rate=818\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=43de27b052f07abd\u0026ts=7165\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-05T14:39:18.148491Z","times_seen":104920,"resource_available":true,"data":null}},"time_used":1069,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":1069,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bakambi.com/redirect.php?v=fb27c341ff537c4","fqdn":"bakambi.com","domain":"bakambi.com","tld":"com"},"ip":{"addr":"74.124.194.57","port":443,"asn":22611,"as":"INMOTION","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"","requested_by":"","date":"2025-03-26T16:52:36.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cpanel.bakambi.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Tue, 25 Feb 2025 02:37:56 GMT","end":"Mon, 26 May 2025 02:37:55 GMT"},"fingerprint":{"sha1":"C5:49:27:A4:35:6E:18:65:86:05:80:01:78:CB:0E:B8:08:B7:24:92","sha256":"54:60:3B:A1:91:C9:1C:C9:DD:DD:94:F3:15:21:45:2E:19:2B:DC:A1:AB:CE:99:38:A6:B6:FA:9A:B9:3D:C7:22"}}},"request":{"raw":"GET /redirect.php?v=fb27c341ff537c4 HTTP/1.1\r\nHost: bakambi.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nx-powered-by: PHP/7.4.33\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nset-cookie: PHPSESSID=fd5c9c23827f87f6d534efe3a3db5195; path=/\r\nlocation: https://4Lru.fdprai.ru/hEoDuptUnDsi/\r\nvary: User-Agent\r\ncontent-length: 0\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 26 Mar 2025 16:52:37 GMT\r\nserver: Apache\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":563051,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T14:47:06.668895Z","times_seen":13379084,"resource_available":true,"data":null}},"time_used":1202,"timings":{"blocked":407,"dns":94,"connect":150,"send":0,"wait":388,"receive":0,"ssl":160},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3ilf9.tzgozx.ru/jawari$hrqw","fqdn":"3ilf9.tzgozx.ru","domain":"tzgozx.ru","tld":"ru"},"ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:44.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzgozx.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:33:44 GMT","end":"Wed, 28 May 2025 13:30:58 GMT"},"fingerprint":{"sha1":"38:C9:91:9F:52:2A:E3:4C:02:18:97:6C:E7:42:4C:42:DF:CA:F2:CF","sha256":"53:2E:97:21:C2:03:6C:E8:19:22:86:24:5C:A0:99:00:44:2D:0B:F8:66:34:22:89:C3:D4:5B:60:B8:01:9F:9C"}}},"request":{"raw":"GET /jawari$hrqw HTTP/1.1\r\nHost: 3ilf9.tzgozx.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4lru.fdprai.ru/\r\nOrigin: https://4lru.fdprai.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1349,"data":"{\"memory\":{},\"resources\":[],\"referrer\":\"\",\"eventType\":1,\"firstPaint\":0,\"firstContentfulPaint\":809.18,\"startTime\":1743007895101.48,\"versions\":{\"fl\":\"2025.1.0\",\"js\":\"2024.6.1\",\"timings\":2},\"pageloadId\":\"552cdc7c-e13d-41cb-b705-cade3bc8d133\",\"location\":\"https://keyauth.cc/panel/sni_galib/Sniper/N\",\"nt\":\"navigate\",\"serverTimings\":[{\"name\":\"cfL4\",\"dur\":0,\"desc\":\"?proto=TCP\u0026rtt=20033\u0026min_rtt=19784\u0026rtt_var=32\u0026sent=129\u0026recv=109\u0026lost=0\u0026retrans=0\u0026sent_bytes=173244\u0026recv_bytes=1346\u0026delivery_rate=4392897\u0026cwnd=272\u0026unsent_bytes=0\u0026cid=af00bac71e1c8ff0\u0026ts=233\u0026x=0\"}],\"timingsV2\":{\"unloadEventStart\":0,\"unloadEventEnd\":0,\"domInteractive\":795.78,\"domContentLoadedEventStart\":841.14,\"domContentLoadedEventEnd\":846.18,\"domComplete\":860.04,\"loadEventStart\":860.06,\"loadEventEnd\":860.38,\"type\":\"navigate\",\"redirectCount\":0,\"initiatorType\":\"navigation\",\"nextHopProtocol\":\"h2\",\"workerStart\":0,\"redirectStart\":0,\"redirectEnd\":0,\"fetchStart\":110.5,\"domainLookupStart\":110.5,\"domainLookupEnd\":110.5,\"connectStart\":110.5,\"connectEnd\":110.5,\"secureConnectionStart\":110.5,\"requestStart\":112.3,\"responseStart\":140.06,\"responseEnd\":150.92,\"transferSize\":168326,\"encodedBodySize\":165535,\"decodedBodySize\":443582,\"name\":\"https://keyauth.cc/panel/sni_galib/Sniper/N\",\"entryType\":\"navigation\",\"startTime\":0,\"duration\":860.38},\"siteToken\":\"f0071e5e7ac24a969916922cf1ca7999\",\"st\":2}"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:45 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=droqxU1mI9lcZD8D9n6ow8Un2CM1m1U0npNOPiYYPsii7sUOrNWNE7V6u3cVAXX0KNYBLx5tS5EBj8yiqI%2B1B0Cf2LG4XiATW1yCjh1OKNxkTyqmF4VF7ql70eBPMjbsfA8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 9268290309a3fea4-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=22383\u0026min_rtt=21871\u0026rtt_var=4050\u0026sent=7\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=3247\u0026recv_bytes=1295\u0026delivery_rate=198537\u0026cwnd=226\u0026unsent_bytes=0\u0026cid=c923b322c9ae47b8\u0026ts=722\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-05T14:39:18.148491Z","times_seen":104920,"resource_available":true,"data":null}},"time_used":643,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":643,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3ilf9.tzgozx.ru/jawari$hrqw","fqdn":"3ilf9.tzgozx.ru","domain":"tzgozx.ru","tld":"ru"},"ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:49.390Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzgozx.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:33:44 GMT","end":"Wed, 28 May 2025 13:30:58 GMT"},"fingerprint":{"sha1":"38:C9:91:9F:52:2A:E3:4C:02:18:97:6C:E7:42:4C:42:DF:CA:F2:CF","sha256":"53:2E:97:21:C2:03:6C:E8:19:22:86:24:5C:A0:99:00:44:2D:0B:F8:66:34:22:89:C3:D4:5B:60:B8:01:9F:9C"}}},"request":{"raw":"GET /jawari$hrqw HTTP/1.1\r\nHost: 3ilf9.tzgozx.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4lru.fdprai.ru/\r\nOrigin: https://4lru.fdprai.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":1698,"data":"e=37dfbd8ee84e00126eedc735ed4e8f9c9225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d56118a6d2217071a10acf9f29f6749868b8c077f361eff7d7e57d56f8962ce513005709306035b34065bc0ed6f1a77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2e1579025da48a2d352f00a3af1b718cfea42e98e45f7a1b78ffaff1c29d75becfc248b5038e523d65cceb92a9e471d280f061856b4a95b98a260709aa3831ffd2413af090bb28d044aa58e1da07d053d99b2ad632348a8b658d34d38db6e185ece21a36e47ca4b1e8572e26a0c13182be40af570350c5575e99c293cfc5fb9520cf3a90c6f5c836ae7d7174dc38089285b74929dbaa3ce907ea9c4e9d7bed32004557c030b401d9d5ad7abfc7768710e49bd7de6498524961bd06545f3e073ec2af42ba4ed3c0910fa3de3dbddf6c94c2edfe5c81bbe05370558ea9060494f7471a12faacba0da73b99f655efe02eae7da0319553c815d7a83ecf0626e4ae9164233e600329034013b6fc8d6eda1eaa46464435e5b749db84050afcb8c3a7bb6dc3f1f9fb87fcb3ec4d4f3de75a80b65d039f51315e8e374f7b7ef765ae711dc1ebc1648365d63bdeab50accf5690265255546b7d4efe80f6c72e3810c34c579fc1d8a5b1cd57069eb0ba7493ce6d38a0da565908bef18a2574d066e629ff08ff2ddf57829c01f2a833fc9a8fd69b4762e8e93e629c22ee88f9cb56ca33404c40e1310435f0b1439dae549c8b91a339d195c57757254dbe21b951fb11e3fd36c56307781e641f2ab603d1df215fbb73d2f3a077cbc54e8d776fbd51217d8de2d01648ae2ca0cc02d004300356ae7b71c0bddd68d74561d9d642b3d5dce3921d990e006007f87424518082531fe97ef5f4c1319d8aba5b4f76a376325947dd1d55e69aee1c0d8220358ad1954b9791e69314\u0026cri=JM98E4BEFg\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026tb=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3004\u0026mo=0\u0026pn=4860\u0026spn=1856\u0026fp=1071\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=%2BXeUvkW0Gck8Mx%2Fc2R%2BG6yy1bSfsCMWT8Xh%2BWVq6PpZF40hpesAZI3C8aik76LAtrbPU1DNyUa9ZzWRpXJsSTZkFk2KK6QpIMhHXokWK3O5dTqGNdQs2LHqbbvrz7VPNpuo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 92682920c840fea4-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=TCP\u0026rtt=22080\u0026min_rtt=20633\u0026rtt_var=2780\u0026sent=13\u0026recv=14\u0026lost=0\u0026retrans=0\u0026sent_bytes=4426\u0026recv_bytes=1372\u0026delivery_rate=209915\u0026cwnd=229\u0026unsent_bytes=0\u0026cid=c923b322c9ae47b8\u0026ts=5479\u0026x=0\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-05T14:39:18.148491Z","times_seen":104920,"resource_available":true,"data":null}},"time_used":638,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":637,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"3ilf9.tzgozx.ru/jawari$hrqw","fqdn":"3ilf9.tzgozx.ru","domain":"tzgozx.ru","tld":"ru"},"ip":{"addr":"172.67.169.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"https://4lru.fdprai.ru/hEoDuptUnDsi/","date":"2025-03-26T16:52:49.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tzgozx.ru","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 27 Feb 2025 12:33:44 GMT","end":"Wed, 28 May 2025 13:30:58 GMT"},"fingerprint":{"sha1":"38:C9:91:9F:52:2A:E3:4C:02:18:97:6C:E7:42:4C:42:DF:CA:F2:CF","sha256":"53:2E:97:21:C2:03:6C:E8:19:22:86:24:5C:A0:99:00:44:2D:0B:F8:66:34:22:89:C3:D4:5B:60:B8:01:9F:9C"}}},"request":{"raw":"GET /jawari$hrqw HTTP/1.1\r\nHost: 3ilf9.tzgozx.ru\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://4lru.fdprai.ru/\r\nOrigin: https://4lru.fdprai.ru\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET","post_data":{"size":492,"data":"{\"cid\":null,\"uuid\":\"6f38ab87-e69c-42fe-bd48-79cf846c7033\",\"ref\":\"direct\",\"landing\":\"https://www.nationwidefireprotection.com/home/nationmastergoog/public_html/wp-admin/AA/linkedinVerify/4b25a107ad03b092193e8a37d9b13f12/single/\",\"user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"record_pageview\":true,\"swaps\":[\"8007507313=\"],\"all_formats\":true,\"ids\":[535009027],\"google_content_cookies\":\"\",\"perf\":{\"dns\":0,\"conn\":18,\"tls\":22,\"wait\":143,\"recv\":0}}"}},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 26 Mar 2025 16:52:50 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=9kCC2GhUOFYZJLPPVpiMCn9AFyYd2aKPQSJN5A9dGmi%2FjVPBIwwrq2ThSeLS8nhv8OAESqpqa4pabFgpLijO%2BysgD1bFkVolaXazzZrW7j5nZI3MbvA7xzXP5jWdFuS9cRA%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 926829221872fff9-AMS\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=26048\u0026min_rtt=25792\u0026rtt_var=10185\u0026sent=12\u0026recv=6\u0026lost=0\u0026retrans=0\u0026sent_bytes=4056\u0026recv_bytes=1096\u0026delivery_rate=21133\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=43de27b052f07abd\u0026ts=932\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"very short file (no magic)","md5":"c4ca4238a0b923820dcc509a6f75849b","sha1":"356a192b7913b04c54574d18c28d46e6395428ab","sha256":"6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b","sha512":"4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a","ssdeep":"","tlshash":"c70000000c000000c00000300000000000000000000000000000000000000000000030","first_seen":"2023-03-07T01:10:09Z","last_seen":"2026-04-05T14:39:18.148491Z","times_seen":104920,"resource_available":true,"data":null}},"time_used":748,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":746,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}