GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
200 OK 28 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type HTML document, ASCII text, with very long lines (22244)
Hash fa94a8627f1c9f7f142637537f8a2b85
54272ea9f2d7dd7d6ad7fd1e01ff8bb8aebf061c
9ac080e65d9c6d2f9e23772b156e5b152f64761cb5d208586b9bdd1bf52a9c62
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:26 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-lUzOqhZ9Atun27lO' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 94ea2a92bf6056a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST 12xgi.wjibkh.es/vesDE2xapo3MyWo7Li3idwP0XU1LR6A3xGcx
200 OK 20 B URL POST 12xgi.wjibkh.es/vesDE2xapo3MyWo7Li3idwP0XU1LR6A3xGcx
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
Hash 5820854f62a6eb3d38ba7ba0d1b3ea75
639df0b84fe699b4a290a713fd6b9a94bd4deb95
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
POST /vesDE2xapo3MyWo7Li3idwP0XU1LR6A3xGcx HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Content-Type: multipart/form-data; boundary=---------------------------232591230735124283693223878206
Content-Length: 1863
Origin: https://12xgi.wjibkh.es
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6InF0eUxhdFRRQ0x5UHdDV0crTUZvZWc9PSIsInZhbHVlIjoiYTJpRjFJZk9Tc1I4UmVBZi81emtiRnZ6RVBwd0Vsb1dMc0VaMW5uRDhNMXE4ejEwTGFWQmkwVzdpMENjS3pvQmNVKy9RZGFPTGE3QnhMU1NSNXVicE9xYndOSGdaZWNhVG5aOHZWRFNhSDFjNEkrcjBkdUhsa1JFR2kwN2FvbmwiLCJtYWMiOiJkYmZlNWM4NDg5ZmJmOGZmZjRmNTExZjQ2Y2M1MjcwODhhOTMxZjk3ZjEwZGE1Zjg4NzlmMTNkNWNiMjhlZTZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlA2d0trbTJTU0tIZGZkR2hmMis0K2c9PSIsInZhbHVlIjoiSHVyUVR2V3BJTEpRb2NQZE1PY2RLN25hQ29hNm4rUUxwczAyU1V2dmIycitvNm1zMHo2UzFOb204VHJGSFVQM2tORmVYNUlZL2FiTE4wUGdJWmZRRG5sZC83MEMyaWcyRTl2ems4MFJsT1pEUzU5cTVEbVI3KzVsS3RQbzlSQ28iLCJtYWMiOiIwNWMyZjZmNGJiOTVlMzkwNWM3NDYzNGVlYzFjYzI2ZjM0OWI4OWRlOTYyNzA2NGE3OWM2Y2NjNDU5ZDRiMTMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:38 GMT
content-type: application/json
cf-ray: 94ea2ad8fa21712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=xe1ASL8bfEdyPJUEVTNMHfcpyvfXAXb%2BxLtqJAosx4z4eIMy15ysn5qITBF3g%2FhbFLVOTfZZWDYgcmM6VbtVIo8cPoJduB1P00p1Ionf"}]}
set-cookie: XSRF-TOKEN=eyJpdiI6IllHTzlUWHhMbDV4WmtmVS9rUzl6MXc9PSIsInZhbHVlIjoiWGhEd2tXb01rU0lrTkxNMSt2Nyt3NDV0M2V6cUMyYjMxeDJIN1JmaWlVdW4rU1NwZmVDTUJzNTBmZlhvZzdOMWlLSDZDQ1gweVZNQVpkL2tkaFlTYkUzNnNzbXFTNmJ3bjFQRWdYeE5WVTZ3Nk5tNzhwbEIwSUt6ZTFubGxOcHoiLCJtYWMiOiJmYWMzZTYxNGQ3MTFkZjM0M2U2MWUzYjhiOTgyNjhiMTlkNWE5MjA0MGNmOTQ5MDQwOTBjNmFmNGIxZmE2YmMzIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 12 Jun 2025 16:51:38 GMT
laravel_session=eyJpdiI6InROYUxvN0d0QWU5MVJVTis1aU9rNUE9PSIsInZhbHVlIjoiZ2VBTTd6b3d1MUNvazZrbFh2MUZCcitJSlJrYTk2ckgzeFg4bHc0RUNKTXVkVVJLeFpyRVBIVS9PaE1OWnUrd0VSU3lNUVdaOXN2bVdqZ2RnL1RXWjBkSG9BTThRamlOc3hzVzVuYU5ZekhwNks5U0xvZUFTZDIxWkdmZDlDYW4iLCJtYWMiOiJiZjk5YjA1NmUzODQwMzNlZmUxYzA2MDNlNmY1NThhNWM0N2QwYTMyYzU4NDVmOTg2MmQyMjRkNmVmZmVmMzM4IiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 12 Jun 2025 16:51:38 GMT
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3964&min_rtt=672&rtt_var=2419&sent=147&recv=217&lost=0&retrans=0&sent_bytes=11689&recv_bytes=15447&delivery_rate=462785&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=421206b176f33a1e&ts=12351&inflight_dur=62&x=80"
GET 12xgi.wjibkh.es/GDSherpa-vf2.woff2
200 OK 93 kB URL GET 12xgi.wjibkh.es/GDSherpa-vf2.woff2
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf2.woff2 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:41 GMT
content-type: font/woff2
content-length: 93276
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-vf2.woff2"
cf-cache-status: MISS
last-modified: Thu, 12 Jun 2025 14:51:41 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7%2BHa5D2Harwikk7rY9SkNGvhLP%2FUVpP%2FtSO1rZNwX8j2157iyqpEHRQ09EIXc%2Bcfz%2B%2B3VF3oELeOeGg7yFDBrKG4XOAznMDSoYDQKFVx"}]}
cache-control: max-age=14400
cf-ray: 94ea2ae71aa2712e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1796&min_rtt=672&rtt_var=1127&sent=471&recv=277&lost=0&retrans=0&sent_bytes=334520&recv_bytes=40032&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=15550&inflight_dur=147&x=80"
POST wsx9hljjvcnuv8zfvs9r501ziq24slnkzwy2zzfvlotgi9wmdr.vkkiig.es/sXiCVjEUTSJYKarjobPOaOMAswADPXDCRXKVVBXTABUXRAURBMZBGGQCMOKBpqiWdpNt605xIboqUU34hYq8uv31
200 OK 536 B URL POST wsx9hljjvcnuv8zfvs9r501ziq24slnkzwy2zzfvlotgi9wmdr.vkkiig.es/sXiCVjEUTSJYKarjobPOaOMAswADPXDCRXKVVBXTABUXRAURBMZBGGQCMOKBpqiWdpNt605xIboqUU34hYq8uv31
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectvkkiig.es
Fingerprint1F:06:FB:7B:21:63:15:70:55:53:9D:62:AD:BF:72:B7:0B:1B:A2:25
ValiditySat, 31 May 2025 15:14:04 GMT - Fri, 29 Aug 2025 16:12:50 GMT
File type ASCII text, with very long lines (536), with no line terminators
Hash b700a2408fff4601b18b91dd7b1adf0f
294a42cbff29c06fe6bff0cc3d5d6b93f7fda3dc
23731d6f86bfade6b1fd1acf5985785e9e1cb0f155f662cf89464d7a6f2c04b6
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
Quad9 DNS malicious Sinkholed
POST /sXiCVjEUTSJYKarjobPOaOMAswADPXDCRXKVVBXTABUXRAURBMZBGGQCMOKBpqiWdpNt605xIboqUU34hYq8uv31 HTTP/1.1
Host: wsx9hljjvcnuv8zfvs9r501ziq24slnkzwy2zzfvlotgi9wmdr.vkkiig.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 103
Origin: https://12xgi.wjibkh.es
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 12 Jun 2025 14:51:44 GMT
content-type: text/plain; charset=utf-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
vary: Origin
access-control-allow-origin: https://12xgi.wjibkh.es
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=7JQtFZGpcep%2FwPhRs%2BR1NMu9u3RiAgDy3n%2F2vb%2BHqm7dCyHNw9%2BysOS3C%2BAjmNOGizFZEqTCTD3n3BsDOjdwYgmIaBSfbQEUUL3XgRSdhoGQGzzRTtMKTcxe8DJi8vj3XjtYU3qTZeB4fEEQsCgnu3D5iTDEIYD4bYU%3D"}]}
content-encoding: br
cf-ray: 94ea2b01fcb556bd-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/94ea2a92bf6056a2/1749739886986/114bfa0d370183a6de496c1efb8a03f0dbdc756017bc89512ba1480e6a256f7e/eXHPZhzDgE-aHqb
401 Unauthorized 1 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/94ea2a92bf6056a2/1749739886986/114bfa0d370183a6de496c1efb8a03f0dbdc756017bc89512ba1480e6a256f7e/eXHPZhzDgE-aHqb
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/94ea2a92bf6056a2/1749739886986/114bfa0d370183a6de496c1efb8a03f0dbdc756017bc89512ba1480e6a256f7e/eXHPZhzDgE-aHqb HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Thu, 12 Jun 2025 14:51:28 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gEUv6DTcBg6beSWwe-4oD8NvcdWAXvIlRK6FIDmolb34AGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIBFL-g03AYOm3klsHvuKA_Db3HVgF7yJUSuhSA5qJW9-ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIBFL-g03AYOm3klsHvuKA_Db3HVgF7yJUSuhSA5qJW9-ABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApfbVKW9jv_cm7VCxn62oVAVC5hFmu-kZjUyoHVY59NkyKyHKMDjFTQQtwRz5WaCrisTztPUBe5IEqngHq_K6n0LVGgP-vP5_EV8Q63SdqECb9NxgQT_jnGDYKP38YIvPHP47CMaQOOm6F4tfy50OTdVLxmir-nwtG4EsjQpjbWt5h0uKnWtYHo0z3T2TGAaak3xueW6uC1Y9XvXRyQ4VLq2YT2Pj5nG5iT9qz95HGc0b9CcuEADcgyRRUmYpFDKa4E7gznEbKSul9XcN8oNCkL49spyNT1stpPVhL9fnQZz0zdIsTIdKR-iKQoy9HKyPEeNpcQhrSF7DgSPJTnR6xwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 94ea2a9d8a6f56a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 12 Jun 2025 14:51:38 GMT
age: 1468898
x-served-by: cache-lga21931-LGA, cache-hel1410021-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 88936
x-timer: S1749739899.604256,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET 12xgi.wjibkh.es/favicon.ico
404 Not Found 0 B URL GET 12xgi.wjibkh.es/favicon.ico
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IjBDZWx4dnVqTTBScFEvdGNicmN2dFE9PSIsInZhbHVlIjoiS1A3Q3JleHZXWTdFajZ4QktHanNqVzVOVCsySWIwR1diT2g2WXVPbXpybXZySUk0SlViOHdSL1l3dDRTUEdlWlI3K3NUd1pWUkNVQzNycDEzVnJNUzZuUFdKNzdWNEdqcW03SExQakFNV1YzWWJWTFpNQjBHUElReHpMcWQzMlQiLCJtYWMiOiI4NTFjMzliMWZlMzkwY2I0YTQ2NWIyMWFhZjc0N2UzZjNkMzBiN2MwOWFhNWY3MmNiODNkMDkyNTFlZTE0YmJhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InlQU2NkSk9GUDAzWkdXWFN2UlVUZGc9PSIsInZhbHVlIjoiRDhZWnBJUklXOVU5Wkp2Mk5nVmpjR2kzdlRhYXdyNkhLVmtxQ2xXTXl2c0hGbWhjZCtTT21DQTdLVUg4TU84MmVUd0t0d2w5YVB3dWQ5QXcxaW9XYmg1Q0Fsa2k3emt1M1ZKVXkwRGh0VXhORG5JTTh6eWg4bmdMQ0psMnRSMUMiLCJtYWMiOiJjODRhMjA1ODg1ODdlMDc3OTAzODdiZWNhNTY1ZmM0OTZkYTIyNjQ2NWEzMGJiY2FiNzMyN2Y1NmY0ZmEwZmZjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 12 Jun 2025 14:51:38 GMT
content-type: text/html; charset=UTF-8
cf-ray: 94ea2adf7a47712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6I%2FqTdAiTfXIL4KUsT7qTs0XjSDboNW1ytAhnIOn4xmSBoLMRdDhm41q%2BN34GBkjMRXe9rXBGjaRvaItTm7GMgifO21HK%2FJ6dBr0HtHf"}]}
cf-cache-status: HIT
age: 12
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3141&min_rtt=672&rtt_var=2201&sent=165&recv=223&lost=0&retrans=0&sent_bytes=22938&recv_bytes=18408&delivery_rate=4590675&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=421206b176f33a1e&ts=12979&inflight_dur=66&x=80"
GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
302 Found 10 kB URL GET github.com/fent/randexp.js/releases/download/v0.4.3/randexp.min.js
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerSectigo Limited
Subjectgithub.com
FingerprintE4:33:71:DD:D6:91:4A:75:B6:1F:9E:4F:74:6D:9B:F0:DD:26:FC:3A
ValidityWed, 05 Feb 2025 00:00:00 GMT - Thu, 05 Feb 2026 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 12 Jun 2025 14:50:27 GMT
content-type: text/html; charset=utf-8
content-length: 0
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250612%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250612T145027Z&X-Amz-Expires=300&X-Amz-Signature=78334340d8f9bb736d311c15c930b9ac1f59085b4d7e3e1c56103ffa2363f330&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
cache-control: no-cache
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
x-github-request-id: 076E:23FC69:1962D10:19D9551:684AE97C
X-Firefox-Spdy: h2
GET 12xgi.wjibkh.es/yzFkOaZK1M2pU5qu3ulB2s3brsdbB3CvL1xdcB5NATS2v90172
200 OK 2.9 kB URL GET 12xgi.wjibkh.es/yzFkOaZK1M2pU5qu3ulB2s3brsdbB3CvL1xdcB5NATS2v90172
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type SVG Scalable Vector Graphics image
Hash fe87496cc7a44412f7893a72099c120a
a0c1458c08a815df63d3cb0406d60be6607ca699
55ce3b0ce5bc71339308107982cd7671f96014256ded0be36dc8062e64c847f1
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /yzFkOaZK1M2pU5qu3ulB2s3brsdbB3CvL1xdcB5NATS2v90172 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:42 GMT
content-type: image/svg+xml
cf-ray: 94ea2ae72aa7712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="yzFkOaZK1M2pU5qu3ulB2s3brsdbB3CvL1xdcB5NATS2v90172"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=z4WxdFxSoUuqupVaE1ZUAERImw2z9pEyYNKb25i3VfqwUgBgRBBPtvWZZUpE6I26%2Ft1qALnQrwzavbc00Lg2uU4IrXaCcO7rdTpNlclU"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1408&min_rtt=672&rtt_var=380&sent=570&recv=286&lost=0&retrans=0&sent_bytes=446839&recv_bytes=40449&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=16568&inflight_dur=162&x=80"
GET 12xgi.wjibkh.es/stqYqC19pUfIRc9WMJP06b43rCefijV8YqoaIDZ67F7ryCVPgiLNbKAtzdy7fsgvZGNm1za0gTD8jZwSgh260
200 OK 18 kB URL GET 12xgi.wjibkh.es/stqYqC19pUfIRc9WMJP06b43rCefijV8YqoaIDZ67F7ryCVPgiLNbKAtzdy7fsgvZGNm1za0gTD8jZwSgh260
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4b52ecdc33382c9dca874f551990e704
8f3bf8e41cd4cdddb17836b261e73f827b84341b
cce050cc3b150c0b370751021bb15018ee2b64ac369e230fe3b571a9b00d4342
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /stqYqC19pUfIRc9WMJP06b43rCefijV8YqoaIDZ67F7ryCVPgiLNbKAtzdy7fsgvZGNm1za0gTD8jZwSgh260 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:43 GMT
content-type: image/webp
content-length: 17842
server: cloudflare
content-disposition: inline; filename="stqYqC19pUfIRc9WMJP06b43rCefijV8YqoaIDZ67F7ryCVPgiLNbKAtzdy7fsgvZGNm1za0gTD8jZwSgh260"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Pbnj7K1e121RnhBSyKOndUYeJSyedhQjnBnbTSHRROIK1xI0hfYZdJ5iA68TlyM421V1ShbdtmQGvGAdPhYxtV05VZaj5ulcxO4XACk0i6mUsHzmAbKrTmAYsZiI7vjO8JHs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12814&min_rtt=12802&rtt_var=3622&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=2198&delivery_rate=314512&cwnd=252&unsent_bytes=0&cid=c146ef5897842599&ts=176&x=0", cfL4;desc="?proto=QUIC&rtt=1307&min_rtt=672&rtt_var=251&sent=705&recv=302&lost=0&retrans=0&sent_bytes=591464&recv_bytes=41205&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=17801&inflight_dur=223&x=80"
cf-ray: 94ea2ae73aab712e-OSL
alt-svc: h3=":443"; ma=86400
GET 12xgi.wjibkh.es/abRKnn6nrsUoCcd26
200 OK 36 kB URL GET 12xgi.wjibkh.es/abRKnn6nrsUoCcd26
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type ASCII text, with CRLF line terminators
Hash 38501e3fbbbd89b56aa5ba35de1a32fe
d9b31981b6f834e8480ba28fbc1cff1be772f589
a1ca6b381cb01968851c98512c6e7f6c5309a49f7a16b864813135cbff82a85b
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /abRKnn6nrsUoCcd26 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: text/css;charset=UTF-8
cf-ray: 94ea2ae6fa9c712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="abRKnn6nrsUoCcd26"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=J96Iu6%2BjsOPp6hZZT%2BHcCunS7FJedjGiGQcFqNegkQPzFl%2B%2FVEXi3qonhWLvEDmoWszWwiq5pQlUFq076Q88mobDTLwRbf%2BUopoqQVYOHBI%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1332&min_rtt=672&rtt_var=359&sent=333&recv=262&lost=0&retrans=0&sent_bytes=180509&recv_bytes=37490&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14600&inflight_dur=114&x=80"
GET 12xgi.wjibkh.es/GDSherpa-bold.woff
200 OK 36 kB URL GET 12xgi.wjibkh.es/GDSherpa-bold.woff
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: font/woff
content-length: 35970
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff"
cf-cache-status: MISS
last-modified: Thu, 12 Jun 2025 14:51:40 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=EATjw7rLjZDcqra5oqjuHrsViFR2mB7MNXBpwchMkgKzOZPgopSu0vIv5x0ojyJfvYj%2FVPl9cAeg1YWIMxyK1xl%2BCOM1kzvtHeOJzEuYQ04%3D"}]}
cache-control: max-age=14400
cf-ray: 94ea2ae6fa9e712e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1287&min_rtt=672&rtt_var=122&sent=395&recv=269&lost=0&retrans=0&sent_bytes=250465&recv_bytes=37811&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14863&inflight_dur=127&x=80"
GET 12xgi.wjibkh.es/GDSherpa-regular.woff
200 OK 37 kB URL GET 12xgi.wjibkh.es/GDSherpa-regular.woff
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: font/woff
content-length: 36696
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff"
cf-cache-status: MISS
last-modified: Thu, 12 Jun 2025 14:51:40 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ooy5JQe%2FGHvVFsk0U7fyrzjIyE0QtvROBXxzR2scWQ2XCDznUKhxUhGV8TCEUk26UlPEvdzv%2FSJNe9IB6PNxOevJCR7XHOIwrhbiyWjWiEhW6PWfsEZtXkFc%2FWrCT%2B7LSbDJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=309&min_rtt=297&rtt_var=136&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2156&delivery_rate=10186397&cwnd=252&unsent_bytes=0&cid=3d8278acc81c204b&ts=419&x=0", cfL4;desc="?proto=QUIC&rtt=1286&min_rtt=672&rtt_var=162&sent=384&recv=268&lost=0&retrans=0&sent_bytes=238020&recv_bytes=37763&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14834&inflight_dur=125&x=80"
cache-control: max-age=14400
cf-ray: 94ea2ae71aa0712e-OSL
alt-svc: h3=":443"; ma=86400
GET 12xgi.wjibkh.es/favicon.ico
404 Not Found 0 B URL GET 12xgi.wjibkh.es/favicon.ico
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InF0eUxhdFRRQ0x5UHdDV0crTUZvZWc9PSIsInZhbHVlIjoiYTJpRjFJZk9Tc1I4UmVBZi81emtiRnZ6RVBwd0Vsb1dMc0VaMW5uRDhNMXE4ejEwTGFWQmkwVzdpMENjS3pvQmNVKy9RZGFPTGE3QnhMU1NSNXVicE9xYndOSGdaZWNhVG5aOHZWRFNhSDFjNEkrcjBkdUhsa1JFR2kwN2FvbmwiLCJtYWMiOiJkYmZlNWM4NDg5ZmJmOGZmZjRmNTExZjQ2Y2M1MjcwODhhOTMxZjk3ZjEwZGE1Zjg4NzlmMTNkNWNiMjhlZTZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlA2d0trbTJTU0tIZGZkR2hmMis0K2c9PSIsInZhbHVlIjoiSHVyUVR2V3BJTEpRb2NQZE1PY2RLN25hQ29hNm4rUUxwczAyU1V2dmIycitvNm1zMHo2UzFOb204VHJGSFVQM2tORmVYNUlZL2FiTE4wUGdJWmZRRG5sZC83MEMyaWcyRTl2ems4MFJsT1pEUzU5cTVEbVI3KzVsS3RQbzlSQ28iLCJtYWMiOiIwNWMyZjZmNGJiOTVlMzkwNWM3NDYzNGVlYzFjYzI2ZjM0OWI4OWRlOTYyNzA2NGE3OWM2Y2NjNDU5ZDRiMTMwIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 12 Jun 2025 14:51:26 GMT
content-type: text/html; charset=UTF-8
cf-ray: 94ea2a926f1c712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6I%2FqTdAiTfXIL4KUsT7qTs0XjSDboNW1ytAhnIOn4xmSBoLMRdDhm41q%2BN34GBkjMRXe9rXBGjaRvaItTm7GMgifO21HK%2FJ6dBr0HtHf"}]}
cf-cache-status: EXPIRED
age: 9
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4206&min_rtt=672&rtt_var=2581&sent=145&recv=213&lost=0&retrans=0&sent_bytes=11011&recv_bytes=12473&delivery_rate=462785&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=421206b176f33a1e&ts=889&inflight_dur=39&x=80"
GET 12xgi.wjibkh.es/GDSherpa-regular.woff2
200 OK 29 kB URL GET 12xgi.wjibkh.es/GDSherpa-regular.woff2
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-regular.woff2 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: font/woff2
content-length: 28584
server: cloudflare
content-disposition: inline; filename="GDSherpa-regular.woff2"
cf-cache-status: MISS
last-modified: Thu, 12 Jun 2025 14:51:40 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HZMa0bHYYgtwA6C4NeIV8LhrO23T4e%2FFSQHTlhIoxjRo%2Be%2Bit%2FZIBvs5WuZ9BXgIfqEaP2HxkcLjcEYmG46L4iYiI7svaA%2F44YNBPnQjc%2FhTOYTlXNuO1Jm9c9QHZs27daZo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=357&min_rtt=344&rtt_var=122&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=2157&delivery_rate=9361111&cwnd=252&unsent_bytes=0&cid=f696b5c211925b00&ts=284&x=0", cfL4;desc="?proto=QUIC&rtt=1278&min_rtt=672&rtt_var=303&sent=341&recv=264&lost=0&retrans=0&sent_bytes=188191&recv_bytes=37579&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14700&inflight_dur=117&x=80"
cache-control: max-age=14400
cf-ray: 94ea2ae71a9f712e-OSL
alt-svc: h3=":443"; ma=86400
GET 12xgi.wjibkh.es/ij5f8FXSJyBv6seEmEd1bOXxwxe6FIsvwVz67QZPMZfUXUSsqO56170
200 OK 7.4 kB URL GET 12xgi.wjibkh.es/ij5f8FXSJyBv6seEmEd1bOXxwxe6FIsvwVz67QZPMZfUXUSsqO56170
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type SVG Scalable Vector Graphics image
Hash b59c16ca9bf156438a8a96d45e33db64
4e51b7d3477414b220f688adabd76d3ae6472ee3
a7ee799dd5b6f6dbb70b043b766362a6724e71458f9839306c995f06b218c2f8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ij5f8FXSJyBv6seEmEd1bOXxwxe6FIsvwVz67QZPMZfUXUSsqO56170 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:42 GMT
content-type: image/svg+xml
cf-ray: 94ea2ae72aa6712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="ij5f8FXSJyBv6seEmEd1bOXxwxe6FIsvwVz67QZPMZfUXUSsqO56170"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=mA0obufEc6y0q5eW1iTg%2FVvWhHIQwsejbTiMLGP65t4%2BeRqw%2Bk2F29cWaRX17NEkGetxVulRKA36iLIvgoYZtavs%2FlHMsJClkt7r1v%2BW"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1469&min_rtt=672&rtt_var=617&sent=554&recv=283&lost=0&retrans=0&sent_bytes=430833&recv_bytes=40305&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=16315&inflight_dur=156&x=80"
GET 12xgi.wjibkh.es/ijWzr3gXo87ttFMT6blm1H1QlrAciC7FzHRKdUWJqrL5mLFeYQubBnfFio5Dab230
200 OK 1.3 kB URL GET 12xgi.wjibkh.es/ijWzr3gXo87ttFMT6blm1H1QlrAciC7FzHRKdUWJqrL5mLFeYQubBnfFio5Dab230
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type RIFF (little-endian) data, Web/P image
Hash 32ca2081553e969f9fdd4374134521ad
7b09924c4c3d8b6e41fe38363e342da098be4173
216fc342a469aa6a005b2eacc24622095e5282d3e9f1ae99ce54c27b92ec3587
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ijWzr3gXo87ttFMT6blm1H1QlrAciC7FzHRKdUWJqrL5mLFeYQubBnfFio5Dab230 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:41 GMT
content-type: image/webp
content-length: 1298
server: cloudflare
content-disposition: inline; filename="ijWzr3gXo87ttFMT6blm1H1QlrAciC7FzHRKdUWJqrL5mLFeYQubBnfFio5Dab230"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LfZ2EkN0rh427dBRKEaaYCsoKHHi1P3zbLeZJhuUNy5nxXJGg50Kd%2B8ua5ZJ5z7IX40sf6j3rPLKLVs2larGEHe%2B19FM8lcYyMlXjQc4ypK2jclDkj8evI9AeusOIvhGwen"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=398&min_rtt=382&rtt_var=136&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2178&delivery_rate=8868421&cwnd=252&unsent_bytes=0&cid=332751884674129a&ts=176&x=0", cfL4;desc="?proto=QUIC&rtt=1972&min_rtt=672&rtt_var=1437&sent=466&recv=275&lost=0&retrans=0&sent_bytes=330945&recv_bytes=39943&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=15494&inflight_dur=143&x=80"
cf-ray: 94ea2aed6adc712e-OSL
alt-svc: h3=":443"; ma=86400
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 12 Jun 2025 14:51:26 GMT
age: 1468886
x-served-by: cache-lga21931-LGA, cache-hel1410021-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 88927
x-timer: S1749739886.232791,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/b/f9574c83b4d7/api.js
200 OK 49 kB URL GET challenges.cloudflare.com/turnstile/v0/b/f9574c83b4d7/api.js
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type JavaScript source, ASCII text, with very long lines (48827)
Hash 07d7e441d19f6cd2a3e35a26fa189ea1
b8556ae8944c4a1ca014a9da02757e2766873395
ce9705a34c906e586c84cc609659751ffb55f8e2ba3d087e69c5591662a226a0
GET /turnstile/v0/b/f9574c83b4d7/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 06 Jun 2025 13:42:22 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
priority: u=2,i=?0
vary: Accept-Encoding
server: cloudflare
cf-ray: 94ea2a90ed4d56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET llaow.tvknzupwbdfg.es/loru@1v0h3
200 OK 1 B URL GET llaow.tvknzupwbdfg.es/loru@1v0h3
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjecttvknzupwbdfg.es
Fingerprint6C:46:D9:AC:99:54:94:80:A4:7B:C6:40:86:4B:38:9B:58:B5:9D:35
ValidityTue, 03 Jun 2025 23:15:58 GMT - Tue, 02 Sep 2025 00:14:30 GMT
File type very short file (no magic)
Hash cfcd208495d565ef66e7dff9f98764da
b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
GET /loru@1v0h3 HTTP/1.1
Host: llaow.tvknzupwbdfg.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/
Origin: https://12xgi.wjibkh.es
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 12 Jun 2025 14:51:37 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
access-control-allow-origin: *
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=EVXFAEmsQl9IS22N1xn1s99j4Ifj5BznJFCrqVVarvZTBMNrT2jouKwmYDBMHud6P6ROC389eMJOGTYoTdaGut4jcnyLKvSvzZ0pRBzV93jcjIY%3D"}]}
content-encoding: br
cf-ray: 94ea2ad1ca11b500-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
200 OK 20 kB URL GET ok4static.oktacdn.com/assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type Web Open Font Format (Version 2), TrueType, length 20416, version 2.197
Hash d99a7377dabb55772ca9f986b0a04b57
2b5fcd8431953c44e410d0489899e74f6d2cfecc
affdba1620552b12a1a8a04467136aeb408c03fa337d20e9c38374d682d4d149
GET /assets/loginpage/font/assets/proximanova-reg-webfont.353416ed0ff540352235.woff2 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://12xgi.wjibkh.es
DNT: 1
Connection: keep-alive
Referer: https://ok4static.oktacdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/font-woff2
content-length: 20416
accept-ranges: bytes
server: nginx
last-modified: Tue, 07 Nov 2023 18:56:28 GMT
x-amz-meta-sha1sum: 2b5fcd8431953c44e410d0489899e74f6d2cfecc
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
date: Mon, 09 Jun 2025 08:53:29 GMT
expires: Tue, 09 Jun 2026 08:53:29 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "d99a7377dabb55772ca9f986b0a04b57"
x-cache: Hit from cloudfront
via: 1.1 6d0d5e4a1f04a37b69fcdf5d00294d0a.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: g7vA4sKx2tOOPj_4VvaPWbKM4wmI-U8QHuc__Yrv8yOzu3Tcp3KUzA==
age: 280692
X-Firefox-Spdy: h2
POST 12xgi.wjibkh.es/rq2zFAEken3LNoCeaTFjY4IOgjKsTEnwgCp6fPyfvPZ7hX8UfcDjy
200 OK 285 B URL POST 12xgi.wjibkh.es/rq2zFAEken3LNoCeaTFjY4IOgjKsTEnwgCp6fPyfvPZ7hX8UfcDjy
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
Hash 5493ab174bd2cfed1faeb6a6e565feb4
62aa1267f86e64d4c94a1f29c81bdad07909b02e
d8d5b72af4d28457ae6c21d44d383cf02d11eebcf55b7cd50e96a13160ff1f1e
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
POST /rq2zFAEken3LNoCeaTFjY4IOgjKsTEnwgCp6fPyfvPZ7hX8UfcDjy HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 27
Origin: https://12xgi.wjibkh.es
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6IjBDZWx4dnVqTTBScFEvdGNicmN2dFE9PSIsInZhbHVlIjoiS1A3Q3JleHZXWTdFajZ4QktHanNqVzVOVCsySWIwR1diT2g2WXVPbXpybXZySUk0SlViOHdSL1l3dDRTUEdlWlI3K3NUd1pWUkNVQzNycDEzVnJNUzZuUFdKNzdWNEdqcW03SExQakFNV1YzWWJWTFpNQjBHUElReHpMcWQzMlQiLCJtYWMiOiI4NTFjMzliMWZlMzkwY2I0YTQ2NWIyMWFhZjc0N2UzZjNkMzBiN2MwOWFhNWY3MmNiODNkMDkyNTFlZTE0YmJhIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InlQU2NkSk9GUDAzWkdXWFN2UlVUZGc9PSIsInZhbHVlIjoiRDhZWnBJUklXOVU5Wkp2Mk5nVmpjR2kzdlRhYXdyNkhLVmtxQ2xXTXl2c0hGbWhjZCtTT21DQTdLVUg4TU84MmVUd0t0d2w5YVB3dWQ5QXcxaW9XYmg1Q0Fsa2k3emt1M1ZKVXkwRGh0VXhORG5JTTh6eWg4bmdMQ0psMnRSMUMiLCJtYWMiOiJjODRhMjA1ODg1ODdlMDc3OTAzODdiZWNhNTY1ZmM0OTZkYTIyNjQ2NWEzMGJiY2FiNzMyN2Y1NmY0ZmEwZmZjIiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:39 GMT
content-type: text/html; charset=UTF-8
cf-ray: 94ea2adeca3f712e-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8TtiUoeNzn04sRyUikcELxMsmoM3kV%2B0gmWt8U65ZlJBcmIrnxlI%2BC1tQCDI9Vdbspg8hi7Mzvrx4BIfu8M5yK7DskIZBhDXF4uq%2FmmJOc%2FcDC6SKp5cdpNf%2Fwy4EpUqvNWu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12841&min_rtt=12827&rtt_var=3617&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2272&delivery_rate=315075&cwnd=252&unsent_bytes=0&cid=d14b624f6763d7f1&ts=188&x=0", cfL4;desc="?proto=QUIC&rtt=2902&min_rtt=672&rtt_var=2128&sent=167&recv=224&lost=0&retrans=0&sent_bytes=23580&recv_bytes=18453&delivery_rate=4590675&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=421206b176f33a1e&ts=13185&inflight_dur=67&x=80"
set-cookie: XSRF-TOKEN=eyJpdiI6InhIZ0trZENuNlg1bnVkRkY2REJtYVE9PSIsInZhbHVlIjoiMit0V3crT1lHWTIvNXRoUjkyTmdQWFlnY0lVN0V6eHpOUWFLSFE5aTJkZVBlNW9ldC85bU5KUkdYVG9OU3ZzemNIa0hGcy9NaFpvSXNSRWlnRHNEeEhRYWVIV1NVdnNqQTZldWorN3lmOGNGSldRMjVBOXU4SkdYVUxEbUlZWEIiLCJtYWMiOiIxMmM2Yzg1M2NjMWRhMDEyMjJmYmZhNzM2YzFhNGRhMzIwNDU4YzQxYzhlMDhkZTBkNjU2Yjg1YzA2OTZmZWU0IiwidGFnIjoiIn0%3D; expires=Thu, 12-Jun-2025 16:51:38 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IkwwdnhFYnhmL0IrdnYwc0xoelN1c3c9PSIsInZhbHVlIjoibDNRNlpYN085ZzVqblRoQzJoVVR4Y1UxSDVrb21DQklCRmd5RG1sVUE5cHIwck9rK3NVS21XaURvTjNGS2FMVXhwQkE2QXFDRGxTK2hnZlNiL3RMb0RJYUhOeFZNclZ5WEY4bjRCcG0xZ2J0aHR2SlVOUnRyL1dFbkI3bmU4dXAiLCJtYWMiOiI2MWFjNTE3MTI5NDRjNzdhMWJjY2YwMGVjYWY1ZjVjODg5MjliZDUwOTdiODM4ZTk3ZWQ3NjFmMzAwZTBmNmNlIiwidGFnIjoiIn0%3D; expires=Thu, 12-Jun-2025 16:51:38 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET 12xgi.wjibkh.es/56MoHauBFlKabIKjQs6719
200 OK 28 kB URL GET 12xgi.wjibkh.es/56MoHauBFlKabIKjQs6719
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type ASCII text, with very long lines (28186), with no line terminators
Hash a1606fe4c64f4a7649b295a56b8d4b47
ffea9bddd62c0ddfe5f3c314f885da0bc2cf8a1e
8734d2dcfa9c93df3e755660ba1c6bb54ed5fb2a7bfac1b0410d017f11129746
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /56MoHauBFlKabIKjQs6719 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: text/css;charset=UTF-8
cf-ray: 94ea2ae6ea9b712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="56MoHauBFlKabIKjQs6719"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=4SP9a3LnykHaekQNihW4LlUpWzCD0NRq4GMGYTV42cHZkBAhAP7rzMWDmyNtG8Fk16eEt7qZ8SJFZJftpBN1TcYrNvn4DbswMe8FyA1DWdQ%3D"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1269&min_rtt=672&rtt_var=245&sent=351&recv=265&lost=0&retrans=0&sent_bytes=199320&recv_bytes=37625&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14723&inflight_dur=119&x=80"
GET 12xgi.wjibkh.es/GDSherpa-vf.woff2
200 OK 44 kB URL GET 12xgi.wjibkh.es/GDSherpa-vf.woff2
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-vf.woff2 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:42 GMT
content-type: font/woff2
content-length: 43596
server: cloudflare
content-disposition: inline; filename="GDSherpa-vf.woff2"
cf-cache-status: MISS
last-modified: Thu, 12 Jun 2025 14:51:42 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vptKVj62Xw2VwgYZKcGm9UaG9d0uebnhjHqSs%2FZ9LI%2B8jEzdsedZskFizb2T5FoH2hsX67YpFRMM9%2BkQkfQYk7wytyeUIDPZyGLw7WZHJohcJh5IVKNMqPrRv164XzPzEGms"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server-timing: cfL4;desc="?proto=TCP&rtt=12503&min_rtt=12407&rtt_var=3564&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2152&delivery_rate=325106&cwnd=252&unsent_bytes=0&cid=2519946b62d2a01e&ts=436&x=0", cfL4;desc="?proto=QUIC&rtt=1395&min_rtt=672&rtt_var=472&sent=560&recv=285&lost=0&retrans=0&sent_bytes=435708&recv_bytes=40401&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=16557&inflight_dur=159&x=80"
cache-control: max-age=14400
cf-ray: 94ea2ae71aa1712e-OSL
alt-svc: h3=":443"; ma=86400
GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
200 OK 11 kB URL GET ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced
Hash 12bdacc832185d0367ecc23fd24c86ce
4422f316eb4d8c8d160312bb695fd1d944cbff12
877ae491d9aac5c6ef82a8430f9f652ace8a0dbc7294bd112aad49bd593769d0
GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: image/png
content-length: 10796
accept-ranges: bytes
server: nginx
last-modified: Tue, 23 Feb 2021 04:20:08 GMT
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-security-policy: default-src 'none'; img-src 'self'; require-trusted-types-for 'script'; report-uri https://oktacsp.report-uri.com/r/t/csp/enforce
x-content-type-options: nosniff
date: Sun, 08 Jun 2025 16:31:18 GMT
expires: Mon, 08 Jun 2026 16:31:18 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: "12bdacc832185d0367ecc23fd24c86ce"
x-cache: Hit from cloudfront
via: 1.1 6d0d5e4a1f04a37b69fcdf5d00294d0a.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: tgd4GL_ENwWkgCTeFFLLBDE3wELtRFRiAe3kIDibcvj7z9IGxnN9WQ==
age: 339622
X-Firefox-Spdy: h2
GET 12xgi.wjibkh.es/ghQKX2HoHYbFDCbUpqrdlWWQVNZshxyhwPe4gSw7ejn2fmeTsCA12210
200 OK 25 kB URL GET 12xgi.wjibkh.es/ghQKX2HoHYbFDCbUpqrdlWWQVNZshxyhwPe4gSw7ejn2fmeTsCA12210
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type RIFF (little-endian) data, Web/P image
Hash f9a795e2270664a7a169c73b6d84a575
0fbb60ab27ab88c064eb347d0722c8ed4cf5e8b8
d00203b2eea6e418c31baafa949ada5349a9f9b7e99fa003aec7406822693740
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ghQKX2HoHYbFDCbUpqrdlWWQVNZshxyhwPe4gSw7ejn2fmeTsCA12210 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:43 GMT
content-type: image/webp
content-length: 25216
server: cloudflare
content-disposition: inline; filename="ghQKX2HoHYbFDCbUpqrdlWWQVNZshxyhwPe4gSw7ejn2fmeTsCA12210"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KvkMPKzKgf31OQo2GYQ7%2FiveV%2FA6ZuFe2sYeKeenUG%2FH9zP65SPmT41OVqZV5pD6IGE9GhlL%2F3NfV3OLrco39zymJIcbJXzqQkMMM2cYtVEaK5xbMqYfdn8tQMqDWqjSp6lp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=295&min_rtt=255&rtt_var=96&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2169&delivery_rate=13045161&cwnd=252&unsent_bytes=0&cid=59980057ebd44369&ts=168&x=0", cfL4;desc="?proto=QUIC&rtt=1537&min_rtt=672&rtt_var=321&sent=604&recv=291&lost=0&retrans=0&sent_bytes=483176&recv_bytes=40688&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=17393&inflight_dur=175&x=80"
cf-ray: 94ea2ae73aa9712e-OSL
alt-svc: h3=":443"; ma=86400
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
200 OK 86 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Hash 70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643
GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:26 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 94ea2a935ff156a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 12xgi.wjibkh.es/mnKSvEssRVk4uHuNqb4OLzL1Eh5diWcZ556M8wZpqVQTH17Cabj95OSMv6PHuKuv220
200 OK 1.9 kB URL GET 12xgi.wjibkh.es/mnKSvEssRVk4uHuNqb4OLzL1Eh5diWcZ556M8wZpqVQTH17Cabj95OSMv6PHuKuv220
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type SVG Scalable Vector Graphics image
Hash bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /mnKSvEssRVk4uHuNqb4OLzL1Eh5diWcZ556M8wZpqVQTH17Cabj95OSMv6PHuKuv220 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:41 GMT
content-type: image/svg+xml
cf-ray: 94ea2aed6adb712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="mnKSvEssRVk4uHuNqb4OLzL1Eh5diWcZ556M8wZpqVQTH17Cabj95OSMv6PHuKuv220"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=TfXvGZ6jS9DgEaXwM3%2B7yJZAMLa89Gf8urmCEWiDdGWenrBmw%2BwyBE%2FDOJcgWrj6TGKyG1AGXyhWDifpupEQsr3gg9QVRI9wxP4YUzJv"}]}
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1905&min_rtt=672&rtt_var=1210&sent=468&recv=276&lost=0&retrans=0&sent_bytes=333118&recv_bytes=39988&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=15531&inflight_dur=145&x=80"
GET 12xgi.wjibkh.es/favicon.ico
404 Not Found 0 B URL GET 12xgi.wjibkh.es/favicon.ico
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /favicon.ico HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Thu, 12 Jun 2025 14:51:43 GMT
content-type: text/html; charset=UTF-8
cf-ray: 94ea2affcb59712e-OSL
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=6I%2FqTdAiTfXIL4KUsT7qTs0XjSDboNW1ytAhnIOn4xmSBoLMRdDhm41q%2BN34GBkjMRXe9rXBGjaRvaItTm7GMgifO21HK%2FJ6dBr0HtHf"}]}
cf-cache-status: HIT
age: 17
vary: accept-encoding
cache-control: max-age=14400
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1418&min_rtt=672&rtt_var=311&sent=856&recv=314&lost=0&retrans=0&sent_bytes=759362&recv_bytes=42669&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=18153&inflight_dur=244&x=80"
GET 12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
200 OK 9.4 kB URL User Request GET 12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type HTML document, ASCII text
Hash 5e4daf1179fee239b366e9c5e897bf0d
0a0c7c365b3bca88d6b125a4f0bfe8e52d0f10c1
c70cd12e9f564fa52dc43473a0ed946054f41be56819161fe2c4525e500b9180
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /chbpN8kJI780S!6/$dave@slurpmail.net HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 12 Jun 2025 14:51:25 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cache-control: no-cache, private
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=KjCqqY28bxWPeqpQN8KqHrE8DIJnbTYRd8YnQgVNA6xUvTEly9l%2FSFij3OuUg0Thck72erpyMmsgLNTTSdqM2hWj1g53vabcTxftrX7O"}]}
cf-cache-status: DYNAMIC
content-encoding: br
set-cookie: XSRF-TOKEN=eyJpdiI6InF0eUxhdFRRQ0x5UHdDV0crTUZvZWc9PSIsInZhbHVlIjoiYTJpRjFJZk9Tc1I4UmVBZi81emtiRnZ6RVBwd0Vsb1dMc0VaMW5uRDhNMXE4ejEwTGFWQmkwVzdpMENjS3pvQmNVKy9RZGFPTGE3QnhMU1NSNXVicE9xYndOSGdaZWNhVG5aOHZWRFNhSDFjNEkrcjBkdUhsa1JFR2kwN2FvbmwiLCJtYWMiOiJkYmZlNWM4NDg5ZmJmOGZmZjRmNTExZjQ2Y2M1MjcwODhhOTMxZjk3ZjEwZGE1Zjg4NzlmMTNkNWNiMjhlZTZkIiwidGFnIjoiIn0%3D; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 12 Jun 2025 16:51:25 GMT
laravel_session=eyJpdiI6IlA2d0trbTJTU0tIZGZkR2hmMis0K2c9PSIsInZhbHVlIjoiSHVyUVR2V3BJTEpRb2NQZE1PY2RLN25hQ29hNm4rUUxwczAyU1V2dmIycitvNm1zMHo2UzFOb204VHJGSFVQM2tORmVYNUlZL2FiTE4wUGdJWmZRRG5sZC83MEMyaWcyRTl2ems4MFJsT1pEUzU5cTVEbVI3KzVsS3RQbzlSQ28iLCJtYWMiOiIwNWMyZjZmNGJiOTVlMzkwNWM3NDYzNGVlYzFjYzI2ZjM0OWI4OWRlOTYyNzA2NGE3OWM2Y2NjNDU5ZDRiMTMwIiwidGFnIjoiIn0%3D; HttpOnly; SameSite=None; Secure; Path=/; Max-Age=7200; Expires=Thu, 12 Jun 2025 16:51:25 GMT
cf-ray: 94ea2a8bdd505699-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
302 Found 49 kB URL GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 12 Jun 2025 14:51:26 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/f9574c83b4d7/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 94ea2a905fd50b31-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 94ea2ae42d63568d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 321431
expires: Tue, 02 Jun 2026 14:51:39 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rmSJu%2BwZz1cqrop8%2FqIhDP6RMK3qy07dcTCqr6xEsC9lD0neY7hh9VOmU5E45zuQSP5fh5YT3rKgFk3b8Jx42hUN4JSvGOVSZsbDZyT8BM0e2Y7QkWMSxy2BB2%2FOsgFQM8EwNlBd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 12xgi.wjibkh.es/34icpSGYddHgEP8WbBh8unjqRrYLklSVUmwJ6Ig89109
200 OK 293 kB URL GET 12xgi.wjibkh.es/34icpSGYddHgEP8WbBh8unjqRrYLklSVUmwJ6Ig89109
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 293 kB (292748 bytes)
Hash bf1842c2fd860a7809d3fe2e6aa9fd47
f652abd5a6954c760c8df4be1cb8905b36cedab9
c92fb0a9442b9c578002b60e35af1abeb388e5ac5d2731dec1899eca486b18dc
Analyzer Verdict Alert urlquery phishing Phishing - Tycoon Phishing Kit
GET /34icpSGYddHgEP8WbBh8unjqRrYLklSVUmwJ6Ig89109 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:43 GMT
content-type: application/javascript
cf-ray: 94ea2ae73aac712e-OSL
server: cloudflare
content-disposition: inline; filename="34icpSGYddHgEP8WbBh8unjqRrYLklSVUmwJ6Ig89109"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9Fwh%2BGy7NXo5N4asHXuQCGWqCCVgVYDIPdk61KfEBjxCtehQ534%2FBZOOL%2BiMMrCgkmAK37qHCtuTgAQ%2F1omLzzNzW8%2B3IKrb%2BkR9bwRPHr87IpJdOF%2FUcPr7xLyLqy4lfC50"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12754&min_rtt=12744&rtt_var=3603&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2121&delivery_rate=315888&cwnd=252&unsent_bytes=0&cid=115dde8eddab2bf4&ts=191&x=0", cfL4;desc="?proto=QUIC&rtt=1496&min_rtt=672&rtt_var=258&sent=618&recv=293&lost=0&retrans=0&sent_bytes=496484&recv_bytes=40784&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=17441&inflight_dur=179&x=80"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:38 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 94ea2ade2d5b568d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 321430
expires: Tue, 02 Jun 2026 14:51:38 GMT
accept-ranges: bytes
priority: u=2,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yXWmClFRDG%2FphAsAl6G21aaQFMWSP6CqrT1Q5ag9ylUZFrPbELFsTKYeHEynL3yEK1mHFV1rtKbJvonCO%2BpvyoF05TnjQdrevKrUeBMAyjTGMIEQVITGL6KRz665lqMs08HmP0RT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 12xgi.wjibkh.es/rs3F0H0QPR3ooUcNJFaQfwdHRR0jseF29DBuvygQHp71AIBtSi35ZxuJGLVef198
200 OK 268 B URL GET 12xgi.wjibkh.es/rs3F0H0QPR3ooUcNJFaQfwdHRR0jseF29DBuvygQHp71AIBtSi35ZxuJGLVef198
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type SVG Scalable Vector Graphics image
Hash 59759b80e24a89c8cd029b14700e646d
651b1921c99e143d3c242de3faacfb9ad51dbb53
b02b5df3ecd59d6cd90c60878683477532cbfc24660028657f290bdc7bc774b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /rs3F0H0QPR3ooUcNJFaQfwdHRR0jseF29DBuvygQHp71AIBtSi35ZxuJGLVef198 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:43 GMT
content-type: image/svg+xml
cf-ray: 94ea2ae72aa8712e-OSL
server: cloudflare
content-disposition: inline; filename="rs3F0H0QPR3ooUcNJFaQfwdHRR0jseF29DBuvygQHp71AIBtSi35ZxuJGLVef198"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TRxypju98SQjMXTpj5K7GdeK4TlRdTn%2FywRSPbT7Eu9nvM56YZ0pZpwg5hBphV7HYKgZ%2BsPM%2FB9bl3l5VN0IzPQBesTP%2F5E1d%2BArziZYtMEWxZ3A61K6e%2FmQrI02GwtEOYs0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12499&min_rtt=12489&rtt_var=3532&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2177&delivery_rate=322333&cwnd=249&unsent_bytes=0&cid=4333c466d1b6796e&ts=178&x=0", cfL4;desc="?proto=QUIC&rtt=1531&min_rtt=672&rtt_var=253&sent=615&recv=292&lost=0&retrans=0&sent_bytes=494376&recv_bytes=40738&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=17427&inflight_dur=177&x=80"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
200 OK 10 kB URL GET ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (10450)
Hash e0d37a504604ef874bad26435d62011f
4301f0d2b729ae22adece657d79eccaa25f429b1
c39ff65e2a102e644eb0bf2e31d2bad3d18f7afb25b3b9ba7a4d46263a711179
GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Thu, 14 Mar 2024 00:03:58 GMT
x-amz-meta-sha1sum: 4301f0d2b729ae22adece657d79eccaa25f429b1
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 24 May 2025 19:27:50 GMT
expires: Sun, 24 May 2026 19:27:50 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"e0d37a504604ef874bad26435d62011f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6d0d5e4a1f04a37b69fcdf5d00294d0a.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: HxYm2WZty8PyWhISzpa9V1fM4CBV2PV1Nn_cxDtbVk_ZmSR3Qg3fZg==
age: 1625030
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=94ea2a92bf6056a2&lang=auto
200 OK 128 kB URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=94ea2a92bf6056a2&lang=auto
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 128 kB (128289 bytes)
Hash fe4c5d2799ab82f0487ee9c377503004
d05b9235a259ed74f13c641132b22a0dd9ac8020
4202de689ab9b37d0646f011364db88ab907aaacb84b08c8766e20eb8c2b88b6
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=94ea2a92bf6056a2&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:26 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 94ea2a93781656a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
200 OK 30 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (29692), with no line terminators
Hash 6a4d8a1cef6c0b83f676dfe80aa2deec
7815cf867ffae0e9b9ab3839e7bcf36d901b9d68
4b0d9d350e13008aedd68c4bdc8bb7aec79746e07b49b6ff6caa730f20796c3d
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
cf-chl: C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34413
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:32 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 707fNuvXbcsQLrBiQG94hjzkvhJW+n4I0yGWdjAFJBqAnBEzLZYRTGiscwXBtbQQ$fF+JG82CpMaDtq3rLdDftQ==
priority: u=3,i=?0
server: cloudflare
cf-ray: 94ea2ab4dbcb56a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 12xgi.wjibkh.es/wxpkzuiW9EgpIYybYSopJdzOsJzs6TQ3gjRZ1Kf834122
200 OK 644 B URL GET 12xgi.wjibkh.es/wxpkzuiW9EgpIYybYSopJdzOsJzs6TQ3gjRZ1Kf834122
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type RIFF (little-endian) data, Web/P image
Hash 541b83c2195088043337e4353b6fd60d
f09630596b6713217984785a64f6ea83e91b49c5
2658b8874f0d2a12e8726df78ac8954324c3bbe4695e66bdef89195fde64322f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /wxpkzuiW9EgpIYybYSopJdzOsJzs6TQ3gjRZ1Kf834122 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: image/webp
content-length: 644
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="wxpkzuiW9EgpIYybYSopJdzOsJzs6TQ3gjRZ1Kf834122"
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=edd1rv0jwNDg2y0lpKJzUsNAUaVtrpr%2B1yD5h5EV3YuvaNDVCu7DXLM%2BSnbHuZjKb9QZIPcH1uYIOV%2F6qcAFQrgkTqzeiwDeN9R9aH9rG10%3D"}]}
cf-ray: 94ea2ae71aa3712e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1316&min_rtt=672&rtt_var=301&sent=339&recv=263&lost=0&retrans=0&sent_bytes=186872&recv_bytes=37535&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14607&inflight_dur=116&x=80"
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
200 OK 4.8 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (4792), with no line terminators
Hash 64d2c31bcab0ab4c5f2faa832aaa1f87
55f94369b96ba194188b39b3d07462e6e3d582a0
013179c1f1c3a82051fc7cdcbed9e6b6a36fce8bf039adfc708c7ab4b545cc62
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
cf-chl: C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 46491
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:36 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: hIlrNY4aiPpq3Z1zFqpKqhnHkmfj0GcRuuKqWTaVPvQNocwMxAUFIZpsXNxNq9WrIN9vCVHGuvbuv6uM19rx6HP2QP5AJ5Wi8zmvlJkcmIQ=$f8xYKtR9cmu02wl2ZJQD8A==
cf-chl-out-s: 3dAO6fKHhzgoAllrfIQB+3ZMgZWoT1m8ae7U1Y6bF8tq9c6OuwfUold8H2ts11tcCqr70z/pJ3aDTIcWxAqSmghOG2S7G0Bsn48IY78BiDcPVo8h5xAxsnaHHVlf6PJiZjSr0i7jcGKRebVpHnaV+t4zCgegmmxJnWFlyl5sWgPNpnDW05YyGYR9937Ajdl9cUDg2ip1jCVFqVFv8dOCy+w2+YQ2ey9yuE6KUg4P4vo/KHR3nl9csNeFOw4f3N+wtwqN2ibSGsLua0sG217GgQj4v7QkQpt+gYS+SdvZh1+E2gSGjlLPv9VU/fg7GpHE3g8R+b+7wXg71KOk/sMOUL9YV0WF4siByBnF5yxnP1G+HkN4Wzn9tybv8OhWQcRPTOO/iXBtzI22V63kSehCiiDXw7KbjsAFDJ9V1oRTbClHnu5xmDtbcodGnCuwuTnBuWExIXaE0GoJiHcFdrK/0IfSndGToNmem/nNRYxUr9LxL9v/kUgJqBhLC9F7aC6LowBEk28KTRbL/e1SI8RZ7EeVy9wswq5dBPYuC2l0zRnUSnSCIonNgLx1XAN48SEk+xlWRlfcexakKjlUcHLLI1NF3lYfefYYiMzSpYEtmkghVUW8fVGaTOl1a2iwGTo/g48DksJcLj5PK0lbNBD9dH7rXX+FeFJwL5r4VZ2+co3rLafMyV4sf9nAb8fGKqQceDY3SiHdSkzfNBFGXaMeV1c00aqeQpwWUuM3kpPrH9a8rGZ0SJAyT8EChtY+q3wpqJbLpAXO2iqbyJ+I8+4Tj4rZBIJJ2BU69NvUR1+eQ9uaDR/CKc1ICbOf/fSAHfdWUDuRfbBQuPinYM8XQPYEFjC58Dy2XOwIFeM+rtMImXHk0YaPTdVHGrXuByWwq9AqV9Y9Fz82FiWcaIeAGwQUdVWF5AfPIUVbnKb9OnD8Llsivv9lfx8cIzIAIGd6ouY1k91a4uay74qOPrERmMyzrTMvYfKrmVPDD6HJ4i/kjEvofRENOGkYIVBBGBnB6CmrrD/GBc+cswgL03t5+/nitPTXrvrkFJLUb+OPsmNLh9Pq5jQBWMrlw5HhFcuDSW+8AiXt1DpwHCoorVjMd0xG0U3FFGvvjKSERvEtRIoTZZVUV2iUdqDKV2uukszUpb5R5URayt7o0Kf/4LE94PBlWG0DMXewETiKBR9NC1g6ZKhJv0nUii7iTLh5mVho9adhr6ak4J+a7X6pfFyAMyz19EqsVrexYWK1aD7qJo+YydM=$lEVercR0tcXnSC/KPTckTA==
priority: u=3,i=?0
server: cloudflare
cf-ray: 94ea2ad1195256a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET 12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
200 OK 198 kB URL User Request GET 12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
IP
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type HTML document, ASCII text, with very long lines (15115), with CRLF line terminators
Size 198 kB (197869 bytes)
Hash 4da4172ac118803bfe934432506600c4
c8fe79b3abf6b2194494f17fd31f0295a15d0c4a
fc816e9e80c7606364ca03846d5ef1c952f7e42ffe1cb71a01a33ae09928a672
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Cookie: XSRF-TOKEN=eyJpdiI6InhIZ0trZENuNlg1bnVkRkY2REJtYVE9PSIsInZhbHVlIjoiMit0V3crT1lHWTIvNXRoUjkyTmdQWFlnY0lVN0V6eHpOUWFLSFE5aTJkZVBlNW9ldC85bU5KUkdYVG9OU3ZzemNIa0hGcy9NaFpvSXNSRWlnRHNEeEhRYWVIV1NVdnNqQTZldWorN3lmOGNGSldRMjVBOXU4SkdYVUxEbUlZWEIiLCJtYWMiOiIxMmM2Yzg1M2NjMWRhMDEyMjJmYmZhNzM2YzFhNGRhMzIwNDU4YzQxYzhlMDhkZTBkNjU2Yjg1YzA2OTZmZWU0IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkwwdnhFYnhmL0IrdnYwc0xoelN1c3c9PSIsInZhbHVlIjoibDNRNlpYN085ZzVqblRoQzJoVVR4Y1UxSDVrb21DQklCRmd5RG1sVUE5cHIwck9rK3NVS21XaURvTjNGS2FMVXhwQkE2QXFDRGxTK2hnZlNiL3RMb0RJYUhOeFZNclZ5WEY4bjRCcG0xZ2J0aHR2SlVOUnRyL1dFbkI3bmU4dXAiLCJtYWMiOiI2MWFjNTE3MTI5NDRjNzdhMWJjY2YwMGVjYWY1ZjVjODg5MjliZDUwOTdiODM4ZTk3ZWQ3NjFmMzAwZTBmNmNlIiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:39 GMT
content-type: text/html; charset=UTF-8
cf-ray: 94ea2ae1ba65712e-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kzp4297bSImrcdXeXnmv%2BmEQUumQbsC%2F%2BH2Vxfw5rIZO9ECzYb%2F36ib8rgK0LJ2146srmgoR54NIzTJ26eCb7uNgpmVoKDvGOUEGpF0DhpxYlv6%2FM3pmWgykBCcZDh7s9BM7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=353&min_rtt=345&rtt_var=112&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2242&delivery_rate=10422680&cwnd=252&unsent_bytes=0&cid=0b29b23b82368917&ts=224&x=0", cfL4;desc="?proto=QUIC&rtt=2778&min_rtt=672&rtt_var=1845&sent=171&recv=226&lost=0&retrans=0&sent_bytes=25411&recv_bytes=19489&delivery_rate=4590675&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=421206b176f33a1e&ts=13677&inflight_dur=70&x=80"
set-cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; expires=Thu, 12-Jun-2025 16:51:39 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D; expires=Thu, 12-Jun-2025 16:51:39 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 12 Jun 2025 14:51:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 94ea2a905c6bb517-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 321418
expires: Tue, 02 Jun 2026 14:51:26 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SJw3r8Oyezrv6Js59bc0Ra%2FHdKi4ydrg0Z141hfufq%2FNFrNko96Zoet%2B2Gmrn0pTo5tQnySQMVkVQE4KnNhogogfzmfzju8bqjbCWwiTPZmRz2O%2B7i5OUR2kdjUtYUzOOlBf3Iib"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET 12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
200 OK 15 kB URL User Request GET 12xgi.wjibkh.es/chbpN8kJI780S!6/$dave@slurpmail.net
IP
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type HTML document, ASCII text, with very long lines (9469), with CRLF line terminators
Hash 74e19e3acfc01b49e8bc42dfe067ed6f
b5cd93840d0d54593fc99b362e2b71229868abad
824ccee965594e549c83ec9678b738d242c77000bc8244cc4b805ff7c131324c
Analyzer Verdict Alert urlquery suspicious Suspicious - Anti-debugging code
urlquery phishing Phishing - Tycoon Phishing Kit
GET /chbpN8kJI780S!6/$dave@slurpmail.net HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6IllHTzlUWHhMbDV4WmtmVS9rUzl6MXc9PSIsInZhbHVlIjoiWGhEd2tXb01rU0lrTkxNMSt2Nyt3NDV0M2V6cUMyYjMxeDJIN1JmaWlVdW4rU1NwZmVDTUJzNTBmZlhvZzdOMWlLSDZDQ1gweVZNQVpkL2tkaFlTYkUzNnNzbXFTNmJ3bjFQRWdYeE5WVTZ3Nk5tNzhwbEIwSUt6ZTFubGxOcHoiLCJtYWMiOiJmYWMzZTYxNGQ3MTFkZjM0M2U2MWUzYjhiOTgyNjhiMTlkNWE5MjA0MGNmOTQ5MDQwOTBjNmFmNGIxZmE2YmMzIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InROYUxvN0d0QWU5MVJVTis1aU9rNUE9PSIsInZhbHVlIjoiZ2VBTTd6b3d1MUNvazZrbFh2MUZCcitJSlJrYTk2ckgzeFg4bHc0RUNKTXVkVVJLeFpyRVBIVS9PaE1OWnUrd0VSU3lNUVdaOXN2bVdqZ2RnL1RXWjBkSG9BTThRamlOc3hzVzVuYU5ZekhwNks5U0xvZUFTZDIxWkdmZDlDYW4iLCJtYWMiOiJiZjk5YjA1NmUzODQwMzNlZmUxYzA2MDNlNmY1NThhNWM0N2QwYTMyYzU4NDVmOTg2MmQyMjRkNmVmZmVmMzM4IiwidGFnIjoiIn0%3D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:38 GMT
content-type: text/html; charset=UTF-8
cf-ray: 94ea2adbba30712e-OSL
server: cloudflare
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JS3S%2FWOw4hJRPKdlXXh0eRs5PqLgoxTeKJ76PTM5ygkp0I7AVKNL6adYtTcveVmS73DA1RJ4ivS40JzoAsv1dZm8i0OorntFRlq0iEmizvGuyEXHDH7MlWg9iibAHx%2FWXhoI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12533&min_rtt=12501&rtt_var=3558&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2135&delivery_rate=319658&cwnd=252&unsent_bytes=0&cid=e9799b0f779d6e20&ts=199&x=0", cfL4;desc="?proto=QUIC&rtt=3605&min_rtt=672&rtt_var=2532&sent=152&recv=219&lost=0&retrans=0&sent_bytes=13133&recv_bytes=16417&delivery_rate=832602&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=12000&unsent_bytes=0&cid=421206b176f33a1e&ts=12707&inflight_dur=63&x=80"
set-cookie: XSRF-TOKEN=eyJpdiI6IjBDZWx4dnVqTTBScFEvdGNicmN2dFE9PSIsInZhbHVlIjoiS1A3Q3JleHZXWTdFajZ4QktHanNqVzVOVCsySWIwR1diT2g2WXVPbXpybXZySUk0SlViOHdSL1l3dDRTUEdlWlI3K3NUd1pWUkNVQzNycDEzVnJNUzZuUFdKNzdWNEdqcW03SExQakFNV1YzWWJWTFpNQjBHUElReHpMcWQzMlQiLCJtYWMiOiI4NTFjMzliMWZlMzkwY2I0YTQ2NWIyMWFhZjc0N2UzZjNkMzBiN2MwOWFhNWY3MmNiODNkMDkyNTFlZTE0YmJhIiwidGFnIjoiIn0%3D; expires=Thu, 12-Jun-2025 16:51:38 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6InlQU2NkSk9GUDAzWkdXWFN2UlVUZGc9PSIsInZhbHVlIjoiRDhZWnBJUklXOVU5Wkp2Mk5nVmpjR2kzdlRhYXdyNkhLVmtxQ2xXTXl2c0hGbWhjZCtTT21DQTdLVUg4TU84MmVUd0t0d2w5YVB3dWQ5QXcxaW9XYmg1Q0Fsa2k3emt1M1ZKVXkwRGh0VXhORG5JTTh6eWg4bmdMQ0psMnRSMUMiLCJtYWMiOiJjODRhMjA1ODg1ODdlMDc3OTAzODdiZWNhNTY1ZmM0OTZkYTIyNjQ2NWEzMGJiY2FiNzMyN2Y1NmY0ZmEwZmZjIiwidGFnIjoiIn0%3D; expires=Thu, 12-Jun-2025 16:51:38 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET 12xgi.wjibkh.es/GDSherpa-bold.woff2
200 OK 28 kB URL GET 12xgi.wjibkh.es/GDSherpa-bold.woff2
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /GDSherpa-bold.woff2 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
DNT: 1
Connection: keep-alive
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: font/woff2
content-length: 28000
server: cloudflare
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
content-disposition: inline; filename="GDSherpa-bold.woff2"
cf-cache-status: MISS
last-modified: Thu, 12 Jun 2025 14:51:40 GMT
accept-ranges: bytes
vary: accept-encoding
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=HhR0TeiNi6y86FfZaU0YHlJfdAQxrYQNl1kCptyKXkfX8%2FQuNyrOXmdBKIH4UoCMW6aTyhajXsqpK4nG%2Beb3q%2BPAtVebnUthSuO9XBwc"}]}
cache-control: max-age=14400
cf-ray: 94ea2ae6fa9d712e-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=1296&min_rtt=672&rtt_var=190&sent=373&recv=267&lost=0&retrans=0&sent_bytes=225535&recv_bytes=37716&delivery_rate=18658097&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=14816&inflight_dur=124&x=80"
GET 12xgi.wjibkh.es/opUQ6Orlc7xuQgWcYlBAqViojmkfQHsxQ81JqDSOlstnAwJvMkE5kY34tjWZUzodKEsef236
200 OK 9.6 kB URL GET 12xgi.wjibkh.es/opUQ6Orlc7xuQgWcYlBAqViojmkfQHsxQ81JqDSOlstnAwJvMkE5kY34tjWZUzodKEsef236
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type RIFF (little-endian) data, Web/P image
Hash 4946eb373b18d178c93d473489673bb6
16477acb73b63ca251d37401249e7e4515febd24
666bc574c9f3fb28a8ac626fa8105c187c2a313736494a06bd5a937473673c92
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /opUQ6Orlc7xuQgWcYlBAqViojmkfQHsxQ81JqDSOlstnAwJvMkE5kY34tjWZUzodKEsef236 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:44 GMT
content-type: image/webp
content-length: 9648
server: cloudflare
content-disposition: inline; filename="opUQ6Orlc7xuQgWcYlBAqViojmkfQHsxQ81JqDSOlstnAwJvMkE5kY34tjWZUzodKEsef236"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=e3x%2FucbsVGwmwM06q09uMa8mJZ%2B2eJA8QRiZczAyxHjVBRX6L8cBpkT6y4ghQ%2FMJ3sfKTvi6lAIXOyiL9d663PLC0cyqGq7mRUN%2FYvxAcUrru8LuRRfiz1stBVP6JXnN%2FO0A"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=364&min_rtt=304&rtt_var=118&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2185&delivery_rate=11049180&cwnd=252&unsent_bytes=0&cid=a46e13c934521553&ts=158&x=0", cfL4;desc="?proto=QUIC&rtt=1652&min_rtt=672&rtt_var=876&sent=858&recv=316&lost=0&retrans=1&sent_bytes=760605&recv_bytes=42759&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=18451&inflight_dur=289&x=80"
cf-ray: 94ea2ae73aaa712e-OSL
alt-svc: h3=":443"; ma=86400
GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
200 OK 223 kB URL GET ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerDigiCert Inc
Subject*.oktacdn.com
Fingerprint3E:D7:C7:A6:35:70:74:E4:BF:45:2E:A1:D5:A3:25:88:24:76:B3:B5
ValidityMon, 02 Dec 2024 00:00:00 GMT - Fri, 02 Jan 2026 23:59:59 GMT
File type ASCII text, with very long lines (51734)
Size 223 kB (222931 bytes)
Hash 0329c939fca7c78756b94fbcd95e322b
7b5499b46660a0348cc2b22cae927dcc3fda8b20
0e47f4d2af98bfe77921113c8aaf0c53614f88ff14ff819be6612538611ed3d1
GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1
Host: ok4static.oktacdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css
server: nginx
last-modified: Tue, 14 May 2024 21:48:24 GMT
x-amz-meta-sha1sum: 7b5499b46660a0348cc2b22cae927dcc3fda8b20
strict-transport-security: max-age=315360000; includeSubDomains
access-control-allow-origin: *
content-encoding: gzip
date: Sat, 24 May 2025 19:27:50 GMT
expires: Sun, 24 May 2026 19:27:50 GMT
cache-control: max-age=31536000, public,max-age=31536000,s-maxage=1814400
etag: W/"0329c939fca7c78756b94fbcd95e322b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6d0d5e4a1f04a37b69fcdf5d00294d0a.cloudfront.net (CloudFront)
x-amz-cf-pop: HEL51-P3
x-amz-cf-id: CkvfRpge_EZ2rhMQth_o_y7nYaNUxMqc5UUwS-NFWIptNq2dmD7A4w==
age: 1625030
X-Firefox-Spdy: h2
POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
200 OK 286 kB URL POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 286 kB (285640 bytes)
Hash 81967800374149d06e7f1a3c50f0e161
b7844ec488f8cd3eee31c57bd68cba4c2ca40d24
dac10d7ab750e6e2229f057c02b510b197d4128b8d0b96656c678f0a21877336
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/883021314:1749737826:1SQiBE3UQs4DBd77Jcx5ZTi1aWP4J9PZJE6W6gKeUOw/94ea2a92bf6056a2/C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
cf-chl: C4z2U3818WyAhWw4VrBKY46r3UZS9oBEuEV2ylIFMeg-1749739886-1.2.1.1-u9kDVIL9otueEisu6KsH.HMVbvoYhadlaaXnFSbZy3V5jrEb0xmiW6rsBdm7ZRoZ
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3261
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:27 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: K7PkF2quy1qQa7jkGlYCXkgvCyRZ5OhDejPwpZd4nrE/epjlfAolrmRYDuIzIE68YB3fmQONqflJtc8Ki98FXUdSQ8jCpjzvXkMVsQeiLnrUQTwYJhvrKiWpW6v1kUZHA2EZuxjjw+wIdiiYxwovCaEcrzh6SOodPEA+KAfPsUy4uslNGP1uuXVncXlsjl8UDDP14dWsbxn01LFydevM7CIWALdLIlOqDeH1PwUSVSWCDAZg6ZTalVgZSSAX/dDQxz8LKq01nU1zSraMXLq+KheKm46NmniWGTXe76sLbAsGCduyojPFWPsautHFm8KhVdDeSgCrIAE4Tv1+AAj0nnUS9sXxWWhm2kq2/dS4vySf0E9z/PNMApkJPxuxwWfPfMGyjJEvp2NM9iUza21EEEHVQCeHYRtJ00PTYm4zL+TIHp5DXdCtrD0TezODDzqPEI8b8wIzrXGWjOymg4BKRn+z9eyYSlGNUg9L3epBUo1LkSSyST9sOxCGTRsIGUuhstBOViTkqzjFStYP/b8C5+zknS/Eq6Ro+VPNOMi9iayEE+zR/nfOhNF9h8PAdbbeQhDRuc6aX0e9HerMjbm2homiiFV2Ad7Uzs91+moASZDZq5gYUcN1IEuoXHuHSdtrGiMrKihUEbStO/LQ3/Kqg+eQNlqlDtyEk9NdRbV05FrwEJ+rCdR/o/tnx1ubFBHhlJkgj2k7HUF8my51p6kD2GMfTBOFESuIngumVlgZMAp+vsIiZSXqr1fs0oGKveZHDp6wS9RZ7j9LYpf314556Q==$pJxalMqsSiD6EhytSAKvZA==
priority: u=3,i=?0
server: cloudflare
cf-ray: 94ea2a959a1456a2-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET code.jquery.com/jquery-3.6.0.min.js
200 OK 90 kB URL GET code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5
ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 12 Jun 2025 14:51:39 GMT
age: 1468900
x-served-by: cache-lga21931-LGA, cache-hel1410021-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 88937
x-timer: S1749739900.995842,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
GET 12xgi.wjibkh.es/efFSZKTMRbOuNPLMVXlohjLJOvl6wklepklklvAiEb0oSe3KXleKAIo90141
200 OK 270 B URL GET 12xgi.wjibkh.es/efFSZKTMRbOuNPLMVXlohjLJOvl6wklepklklvAiEb0oSe3KXleKAIo90141
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type SVG Scalable Vector Graphics image
Hash 40eb39126300b56bf66c20ee75b54093
83678d94097257eb474713dec49e8094f49d2e2a
765709425a5b9209e875dccf2217d3161429d2d48159fc1df7b253b77c1574f4
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /efFSZKTMRbOuNPLMVXlohjLJOvl6wklepklklvAiEb0oSe3KXleKAIo90141 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:43 GMT
content-type: image/svg+xml
cf-ray: 94ea2ae72aa5712e-OSL
server: cloudflare
content-disposition: inline; filename="efFSZKTMRbOuNPLMVXlohjLJOvl6wklepklklvAiEb0oSe3KXleKAIo90141"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VymCwq6RZaHExlLkia28shT1rXcsJrUlXpOqYk8QcTrFh3Kn%2BsHjKKbTqeH8FBvj4gZF3SD7KaPRmFiVXJi%2Fvv4KnAU%2BEdW2F5yFMfJuPEW6auPFpfKXgWs1J%2BvFA2ed507e"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12756&min_rtt=12699&rtt_var=3624&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2819&recv_bytes=2173&delivery_rate=314512&cwnd=249&unsent_bytes=0&cid=97e94f9308883599&ts=184&x=0", cfL4;desc="?proto=QUIC&rtt=1496&min_rtt=672&rtt_var=258&sent=617&recv=293&lost=0&retrans=0&sent_bytes=495451&recv_bytes=40784&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=17429&inflight_dur=179&x=80"
vary: accept-encoding
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET 12xgi.wjibkh.es/qrEHvdn1lma3Z8sOdlltAtMcHGgh9cMcDgEVOl1ox6FVZ67140
200 OK 892 B URL GET 12xgi.wjibkh.es/qrEHvdn1lma3Z8sOdlltAtMcHGgh9cMcDgEVOl1ox6FVZ67140
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectwjibkh.es
Fingerprint6A:23:D1:F6:37:25:80:DB:E4:EF:77:8A:B9:BE:4D:8A:F4:23:1B:A5
ValiditySat, 26 Apr 2025 23:13:03 GMT - Sat, 26 Jul 2025 00:11:52 GMT
File type RIFF (little-endian) data, Web/P image
Hash 41d62ca205d54a78e4298367482b4e2b
839aae21ed8ecfc238fdc68b93ccb27431cd5393
20a4a780db0bcc047015a0d8037eb4eb58b3e5cb338673799c030a3e1b626b40
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft
urlquery phishing Phishing - Tycoon Phishing Kit
GET /qrEHvdn1lma3Z8sOdlltAtMcHGgh9cMcDgEVOl1ox6FVZ67140 HTTP/1.1
Host: 12xgi.wjibkh.es
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Cookie: XSRF-TOKEN=eyJpdiI6ImpQRTI3MXF6VTlnd2JuTG9YUnVLdmc9PSIsInZhbHVlIjoiQUIvbHNCYnM5RGlTT1hlcXpEM3JiUEVEMWl6UEo2ZmVEUzdzc2srS3IrZG5RV09ZOHNzSTdRL1NXSGxjTWdlRXBzZUFMd3hTRHgrLzMzNjRrc3NicWZpOWJMZzJFa2JibnAxTDNkNW9sK25xTWJNOXBVVnp3Qkd3SXJpQS9JbWIiLCJtYWMiOiI3ZGU1NmQxNzViOTc0OGZhYjBkZTdjYTQzMTZjMGRjOWUzNzY5MGFiYjViYzEzODQyYTEzNjVkYjMxZjQ1YTAyIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6InVlQmJxdC9vK3ppMmFEUkJNSmoycXc9PSIsInZhbHVlIjoiSkFKTUFvdUdMQTNuMDBpK3FFNFROcjcydWVFME9RVmV0akN0Nm1CNDQrZGN0WUVONUY2WWJDWUVzcDFiaUpwdzZSZSs4dFkyNlZvQ05OYmtsVnFyQlRheFRORG1sT3lPNmFHRVdhSm1zK1EraitFWDl5bm82TkJQTEkrM2pzMVciLCJtYWMiOiI1ZTQ2MTFjMmQ5NDkzYTM3Mjc0ZDA5MzQ1OGEyODYzMDMzNjRhODdlM2ViZjBjNjQ4OWY4OGJkYTA5NzY5MjE0IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:42 GMT
content-type: image/webp
content-length: 892
server: cloudflare
content-disposition: inline; filename="qrEHvdn1lma3Z8sOdlltAtMcHGgh9cMcDgEVOl1ox6FVZ67140"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2HmUZp%2BLBz7TF1Cz5mtCyaEOWa5o7fL2%2F83zKEARW4BkMUyR8lyII3IxfkVvLXbGBnM3CS75cmD7tkPiSC2P7D8O044xAMb3YRGhGB53JF0z8Mi%2B4jyD%2Fro9VvkQDsFd2HaX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server-timing: cfL4;desc="?proto=TCP&rtt=12492&min_rtt=12486&rtt_var=3524&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2163&delivery_rate=323028&cwnd=252&unsent_bytes=0&cid=e1b8779284ea7702&ts=190&x=0", cfL4;desc="?proto=QUIC&rtt=1423&min_rtt=672&rtt_var=556&sent=558&recv=284&lost=0&retrans=0&sent_bytes=433949&recv_bytes=40353&delivery_rate=24688486&ss_exit_cwnd=0&ss_exit_reason=0&cwnd=60000&unsent_bytes=0&cid=421206b176f33a1e&ts=16378&inflight_dur=157&x=80"
cf-ray: 94ea2ae72aa4712e-OSL
alt-svc: h3=":443"; ma=86400
GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250612%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250612T145027Z&X-Amz-Expires=300&X-Amz-Signature=78334340d8f9bb736d311c15c930b9ac1f59085b4d7e3e1c56103ffa2363f330&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
200 OK 10 kB URL GET objects.githubusercontent.com/github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250612%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250612T145027Z&X-Amz-Expires=300&X-Amz-Signature=78334340d8f9bb736d311c15c930b9ac1f59085b4d7e3e1c56103ffa2363f330&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerSectigo Limited
Subject*.github.io
Fingerprint8C:FF:59:E5:8E:C4:FA:76:FE:AF:2D:C5:C0:D4:13:6A:77:2D:F9:91
ValidityFri, 07 Mar 2025 00:00:00 GMT - Sat, 07 Mar 2026 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (10017)
Hash 6c20a2be8ba900bc0a7118893a2b1072
ff7766fde1f33882c6e1c481ceed6f6588ea764c
b1c42acd0288c435e95e00332476781532ed002cac6f3dcee9110ced30b31500
GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250612%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250612T145027Z&X-Amz-Expires=300&X-Amz-Signature=78334340d8f9bb736d311c15c930b9ac1f59085b4d7e3e1c56103ffa2363f330&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1
Host: objects.githubusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/octet-stream
last-modified: Tue, 07 Dec 2021 16:38:45 GMT
etag: "0x8D9B9A009499A1E"
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: d91f6eaf-e01e-0032-2f18-13e122000000
x-ms-version: 2023-11-03
x-ms-creation-time: Tue, 17 Aug 2021 14:57:31 GMT
x-ms-blob-content-md5: bCCivoupALwKcRiJOisQcg==
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
content-disposition: attachment; filename=randexp.min.js
x-ms-server-encrypted: true
via: 1.1 varnish, 1.1 varnish
fastly-restarts: 1
accept-ranges: bytes
date: Thu, 12 Jun 2025 14:51:40 GMT
age: 2131
x-served-by: cache-iad-kiad7000045-IAD, cache-hel1410034-HEL
x-cache: HIT, HIT
x-cache-hits: 23045, 2
x-timer: S1749739900.352552,VS0,VE0
content-length: 10245
X-Firefox-Spdy: h2
GET get.geojs.io/v1/ip/geo.json
200 OK 335 B URL GET get.geojs.io/v1/ip/geo.json
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectgeojs.io
Fingerprint88:B3:65:B8:95:15:9F:37:C6:F0:8D:A3:3B:A4:29:F9:CC:31:E1:BC
ValidityMon, 28 Apr 2025 06:03:21 GMT - Sun, 27 Jul 2025 07:02:58 GMT
Hash 0bd55c018ed1ca9bd6ca7792cda9cb84
ad3406d113aaed387e7d57de526f399d376743ad
85e80ebc0079ebc24d94921e864f88061ff7110a9490ae6cfab94bef0c96e98f
GET /v1/ip/geo.json HTTP/1.1
Host: get.geojs.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://12xgi.wjibkh.es
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 12 Jun 2025 14:51:44 GMT
content-type: application/json
content-encoding: br
x-request-id: 8aef84bbfdeb23b6509cd71422921173-ASH
strict-transport-security: max-age=15552000; includeSubDomains; preload
access-control-allow-origin: *
access-control-allow-methods: GET
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
geojs-backend: ash-01
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wbKd0O846AyKYOfCNXRBpgjsJP%2FY0WpsGgR0qTaLF19dnwKTqXvQR89EaRJyKMII%2BmmrQ3AavYLot%2BAC4EWHp4TX4GcguBsPqSSbruteixiBBUKGWSBJFaXBZoTCaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
cf-ray: 94ea2b008fb8569f-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=TCP&rtt=693&min_rtt=492&rtt_var=417&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3265&recv_bytes=1246&delivery_rate=7040518&cwnd=254&unsent_bytes=0&cid=8dcce86e32a2c928&ts=142&x=0"
X-Firefox-Spdy: h2
GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/94ea2a92bf6056a2/1749739886989/f-3gnsIHuziLIRQ
200 OK 432 B URL GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/94ea2a92bf6056a2/1749739886989/f-3gnsIHuziLIRQ
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
Certificate IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT
File type PNG image data, 5 x 84, 8-bit/color RGBA, non-interlaced
Hash d3b62e563f56b595ceb3174cc151a531
b4b1af8ac8fdd424377598db4642978b56355171
660c6e3487e00d3359b50b04012960439129f15be2f58c3bba3e2889c9b4114f
GET /cdn-cgi/challenge-platform/h/b/d/94ea2a92bf6056a2/1749739886989/f-3gnsIHuziLIRQ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/25tca/0x4AAAAAABUA-ktP5tH3qFAy/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:29 GMT
content-type: image/png
content-length: 432
priority: u=4,i=?0
server: cloudflare
cf-ray: 94ea2aa6ac5756a2-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
200 OK 48 kB URL GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js
IP
Requested by https://12xgi.wjibkh.es/ktgkmgncnupvjfzzxeH8Y8Q7HAMJ6DX2IJ39248MIS8?GHIBEVKQKUAKDQMPWHXULZUA
Certificate IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT
File type JavaScript source, ASCII text, with very long lines (48316), with no line terminators
Hash 2ca03ad87885ab983541092b87adb299
1a17f60bf776a8c468a185c1e8e985c41a50dc27
8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762
GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://12xgi.wjibkh.es/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 12 Jun 2025 14:51:40 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
cf-ray: 94ea2aec9921568d-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 321432
expires: Tue, 02 Jun 2026 14:51:40 GMT
accept-ranges: bytes
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dHu55QMcmawbGOl5azpj7sV%2FGfAMLdMKJFYS4bDL8x%2B55EbetglMjYMVCzI5asoxhVd26jXxsvaIOKD5Dn2klxbdgwRo%2F9KiZoXN5l%2Bp%2BwtZlKUi1Sb4QI7tTgXcIapv0ipP2iYV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
104.21.39.250
151.101.130.137
140.82.121.3