Windows Analysis Report
Jazzsol Audio_Msg.svg

Overview

General Information

Sample name: Jazzsol Audio_Msg.svg
Analysis ID: 1649550
MD5: df2024925e719b7089ac1dc71832c0f2
SHA1: 87e79e6674898e9786eb5031495384bdb832ebee
SHA256: 3bdb77b88fa8fcd06dec1e340ffc4a90042a55046458c97293826176eca7cba6
Infos:

Detection

HTMLPhisher, Invisible JS, Tycoon2FA
Score: 100
Range: 0 - 100
Confidence: 100%

Signatures

AI detected phishing page
Found malware configuration
Yara detected AntiDebug via timestamp check
Yara detected HtmlPhish10
Yara detected Invisible JS
Yara detected Obfuscation Via HangulCharacter
Yara detected Tycoon 2FA PaaS
AI detected suspicious Javascript
Yara detected JavaScript embedded in SVG
Creates files inside the system directory
Deletes files inside the Windows folder
HTML body contains low number of good links
HTML body contains password input but no form action
HTML page contains hidden javascript code
HTML title does not match URL
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Invalid T&C link found
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

AV Detection
barindex
Found malware configuration
Source: 1.17.d.script.csv Malware Configuration Extractor: Tycoon2FA {"otherweburl": "", "websitenames": "[\"godaddy\", \"okta\"]", "bes": "[\"Apple.com\",\"Netflix.com\"]", "pes": "[\"https:\\/\\/t.me\\/\",\"https:\\/\\/t.com\\/\",\"t.me\\/\",\"https:\\/\\/t.me.com\\/\",\"t.me.com\\/\",\"t.me@\",\"https:\\/\\/t.me@\",\"https:\\/\\/t.me\",\"https:\\/\\/t.com\",\"t.me\",\"https:\\/\\/t.me.com\",\"t.me.com\",\"t.me\\/@\",\"https:\\/\\/t.me\\/@\",\"https:\\/\\/t.me@\\/\",\"t.me@\\/\",\"https:\\/\\/www.telegram.me\\/\",\"https:\\/\\/www.telegram.me\"]", "capnum": "1", "appnum": "1", "pvn": "0", "view": "", "pagelinkval": "lZPK", "emailcheck": "avery.moore@jazzsol.com", "webname": "rtrim(/web9/, '/')", "urlo": "/gkRtSUXVo4GMwwPB2wbMA4no4fTwDUtBjLufxydv89EWijA5DsYsxHgnb"}

Phishing
barindex
AI detected phishing page
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS Joe Sandbox AI: Score: 9 Reasons: The brand 'Microsoft' is classified as 'wellknown'., The URL 'zsj.gamnfztl.ru' does not match the legitimate domain 'microsoft.com'., The domain 'gamnfztl.ru' is unrelated to Microsoft and uses a Russian domain extension, which is unusual for Microsoft., The URL contains a subdomain 'zsj' which is not associated with any known Microsoft services., The presence of a seemingly random domain name and unusual domain extension increases the suspicion of phishing. DOM: 1.2.pages.csv
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS Joe Sandbox AI: Score: 7 Reasons: The brand name 'Jazzsolcom' does not directly match any well-known brand., The URL 'zsj.gamnfztl.ru' does not resemble any legitimate domain associated with a known brand., The domain extension '.ru' is unusual for a brand that might be expected to have a more common TLD like '.com'., The URL contains random characters and does not appear to be associated with any known brand., Presence of a password input field on a suspicious domain increases the risk of phishing. DOM: 1.3.pages.csv
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS Joe Sandbox AI: Score: 7 Reasons: The brand 'Jazzsol' is not widely recognized, making it difficult to classify as 'known' or 'wellknown'., The URL 'zsj.gamnfztl.ru' does not match the expected domain for 'Jazzsol'., The domain extension '.ru' is unusual for a brand that might not be associated with Russia, raising suspicion., The URL contains a random string 'gamnfztl', which is a common tactic in phishing URLs to confuse users., The input field requests a Microsoft account password, which is unrelated to the brand 'Jazzsol', indicating a potential phishing attempt. DOM: 1.4.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 1.4.pages.csv, type: HTML
Source: Yara match File source: 1.3.pages.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.6.pages.csv, type: HTML
Source: Yara match File source: 1.2.pages.csv, type: HTML
Yara detected Invisible JS
Source: Yara match File source: 0.0.d.script.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Yara detected Obfuscation Via HangulCharacter
Source: Yara match File source: 0.0.d.script.csv, type: HTML
Source: Yara match File source: 0.5..script.csv, type: HTML
Source: Yara match File source: 1.20..script.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_112, type: DROPPED
Yara detected Tycoon 2FA PaaS
Source: Yara match File source: 1.17.d.script.csv, type: HTML
Source: Yara match File source: 1.12..script.csv, type: HTML
Source: Yara match File source: 0.4.d.script.csv, type: HTML
Source: Yara match File source: 0.10.d.script.csv, type: HTML
Source: Yara match File source: 0.1.d.script.csv, type: HTML
Source: Yara match File source: 0.6.d.script.csv, type: HTML
Source: Yara match File source: 1.13..script.csv, type: HTML
Source: Yara match File source: 1.4.pages.csv, type: HTML
Source: Yara match File source: 1.3.pages.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.6.pages.csv, type: HTML
Source: Yara match File source: 1.2.pages.csv, type: HTML
AI detected suspicious Javascript
Source: 0.2..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/aT2Qm/... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be attempting to execute malicious code and collect sensitive user data, which is a clear indication of malicious intent.
Source: 1.12..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpol... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and aggressive DOM manipulation. It checks for the presence of web automation tools, redirects to a blank page, and intercepts keyboard and clipboard events to prevent common debugging and security analysis actions. Additionally, it includes an interval-based debugger trap that could be used to evade detection. These behaviors strongly indicate malicious intent, warranting a high-risk score.
Source: 1.16..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpol... This script demonstrates several high-risk behaviors, including dynamic code execution via `eval()`, data exfiltration to potentially untrusted domains, and the use of obfuscated code/URLs. The script also exhibits moderate-risk behaviors such as external data transmission and the use of multiple fallback domains. While the script may have some legitimate functionality, the overall risk profile is high due to the presence of multiple malicious indicators.
Source: 0.9..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/aT2Qm/... This script demonstrates several high-risk behaviors, including dynamic code execution, potential data exfiltration, and suspicious redirection. The use of obfuscated code, the presence of a debugger, and the attempt to override the context menu and keyboard events suggest malicious intent. Overall, this script poses a significant security risk and should be treated with caution.
Source: 1.20..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/56iBh9wYpPv2hLE61mp9Ipgij7... This script demonstrates several high-risk behaviors, including dynamic code execution using `eval()`, potential data exfiltration, and the use of obfuscated code. The combination of these factors indicates a high likelihood of malicious intent, warranting a maximum risk score of 10.
Source: 0.5..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/aT2Qm/... This script demonstrates high-risk behavior with the use of the `eval` function to execute dynamic code. The obfuscated string is decoded and then evaluated, which can lead to the execution of malicious code. Additionally, the script uses a `Proxy` object to intercept property access, further increasing the risk of unauthorized code execution. Overall, this script exhibits a high level of risk and should be thoroughly reviewed before execution.
Source: 1.13..script.csv Joe Sandbox AI: Detected suspicious JavaScript with source url: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpol... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It attempts to detect the presence of web automation tools and redirects the user to a different domain, which is highly suspicious. Additionally, the script includes functionality to disable common keyboard shortcuts and context menu, further indicating malicious intent. Overall, this script demonstrates a high level of risk and should be treated with caution.
Yara detected JavaScript embedded in SVG
Source: Yara match File source: Jazzsol Audio_Msg.svg, type: SAMPLE
HTML body contains low number of good links
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Number of links: 0
HTML body contains password input but no form action
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: <input type="password" .../> found but no <form action="...
HTML page contains hidden javascript code
Source: https://zsj.gamnfztl.ru/aT2Qm/#Mavery.moore@jazzsol.com HTTP Parser: Base64 decoded: if (navigator.webdriver || window.callPhantom || window._phantom || navigator.userAgent.includes("Burp")) { window.location = "about:blank";}document.addEventListener("keydown", function (event) { function GTzTwVorcs(event) { co...
HTML title does not match URL
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Title: Login For Account Protection does not match URL
Invalid T&C link found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Terms of use
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Privacy & cookies
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Terms of use
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Privacy & cookies
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Terms of use
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Privacy & cookies
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Terms of use
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Privacy & cookies
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Terms of use
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: Invalid link: Privacy & cookies
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
Source: https://zsj.gamnfztl.ru/aT2Qm/ HTTP Parser: function vgaifdwgqo(){sqbuzjclpq = atob("pcfet0nuwvbfigh0bww+cjxodg1sigxhbmc9imvuij4kpghlywq+ciagpg1ldgegy2hhcnnldd0ivvrgltgipgogidxtzxrhig5hbwu9inzpzxdwb3j0iibjb250zw50psj3awr0ad1kzxzpy2utd2lkdggsigluaxrpywwtc2nhbgu9ms4wij4kica8dgl0bgu+vgvjacbtb2x1dglvbnmglsbjbm5vdmf0aw5nihrozsbgdxr1cmu8l3rpdgxlpgogidxzdhlszt4kicagigjvzhkgewogicagicbmb250lwzhbwlsetogqxjpywwsihnhbnmtc2vyawy7ciagicagigxpbmutagvpz2h0oiaxljy7ciagicagig1hcmdpbjogmdskicagicagcgfkzgluzzogmdskicagicagymfja2dyb3vuzc1jb2xvcjogi2y0zjrmndskicagicagy29sb3i6icmzmzm7ciagicb9ciagicbozwfkzxigewogicagicbiywnrz3jvdw5koiajmda1ytllowogicagicbjb2xvcjogi2zmzjskicagicagcgfkzgluzzogmjbwecawowogicagicb0zxh0lwfsawduoibjzw50zxi7ciagicb9ciagicbozwfkzxigadegewogicagicbtyxjnaw46ida7ciagicagigzvbnqtc2l6ztogmi41cmvtowogicagfqogicagbmf2ihskicagicagymfja2dyb3vuzdogizmzmzskicagicagy29sb3i6icnmzmy7ciagicagihbhzgrpbmc6idewchg7ciagicagihrlehqtywxpz246ignlbnrlcjskicagih0kicagig5hdibhihskicagicagy29sb3i6icnmzmy7ciagicagihrlehqtzgvjb3jhdglvbjogbm9uztskicagicagbwfyz2luoiawide1chg7c...
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: var otherweburl = "";var websitenames = ["godaddy", "okta"];var bes = ["apple.com","netflix.com"];var pes = ["https:\/\/t.me\/","https:\/\/t.com\/","t.me\/","https:\/\/t.me.com\/","t.me.com\/","t.me@","https:\/\/t.me@","https:\/\/t.me","https:\/\/t.com","t.me","https:\/\/t.me.com","t.me.com","t.me\/@","https:\/\/t.me\/@","https:\/\/t.me@\/","t.me@\/","https:\/\/www.telegram.me\/","https:\/\/www.telegram.me"];var capnum = 1;var appnum = 1;var pvn = 0;var view = "";var pagelinkval = "lzpk";var emailcheck = "avery.moore@jazzsol.com";var webname = "rtrim(/web9/, '/')";var urlo = "/gkrtsuxvo4gmwwpb2wbma4no4ftwdutbjlufxydv89ewija5dsysxhgnb";var gdf = "/ij9vpjh3qpdw6mwizr9dwxxsqaxek3plehdaw5cd112";var odf = "/ijuojxq72h4tlgofgge7arwxhtyacqjkpfuqab650";var twa = 0;var currentreq = null;var requestsent = false;var pagedata = "";var redirecturl = "";var useragent = navigator.useragent;var browsername;var userip;var usercountry;var errorcodeexecuted = false;if(useragent....
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: <input type="password" .../> found
Source: https://zsj.gamnfztl.ru/aT2Qm/#Mavery.moore@jazzsol.com HTTP Parser: No favicon
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No favicon
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No favicon
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No favicon
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No favicon
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No favicon
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="author".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="author".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="author".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="author".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="author".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="copyright".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="copyright".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="copyright".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="copyright".. found
Source: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 140.82.112.3:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.11:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.6:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49789 version: TLS 1.2
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View IP Address: 140.82.112.3 140.82.112.3
Source: Joe Sandbox View IP Address: 104.21.32.1 104.21.32.1
Source: Joe Sandbox View IP Address: 104.21.32.1 104.21.32.1
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.57.90.154
Source: unknown TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown TCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown TCP traffic detected without corresponding DNS query: 20.190.151.68
Source: unknown TCP traffic detected without corresponding DNS query: 20.191.45.158
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /aT2Qm/ HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/aT2Qm/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6ImVJd1JZanZuSVpyNUVSWmJpaWNSVXc9PSIsInZhbHVlIjoiNVhuci9kNytMQ0F2VE9MdkNNMTcwWFRjY0lOL1JvWDQ4ck1SenBTakUrczBuNkJIeHE1V0psVHptdEVxdmlCcFNIcnRXLzRrRGpnM2N5eDRnMkpCODRrYU12UW1CMDF1eFNJankxNzhmTEUrUHdLYVNhaE5pZWZHdWwzTnZkZ0MiLCJtYWMiOiJlYzYwMDAwODMzYTgyYzI0OTU1MWVmZDMyMjIwNjY4MjhlNTBkZmQ5NDcxOTBlZjk3MDM1YTVlMmE2N2VkZTllIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjlyWW42dkxjYnVhNGh4cDduT1liZXc9PSIsInZhbHVlIjoiaTRvZVNYa01kU1BUNzNXVVdRWGhYb1M3dVVXV3NPaVJUZ2JnZ2VpMWFOVVBzZXRKbGJNdEN5bHE4MnY4VHJDOUR1QU5uK2JwVGVUY3VlTjBvc3E2MmtRUEx5a3I5ZVYwVEZXU2RIZEZrTTRtSHZkbVFabHl0bFAyNnJUdTU0bG4iLCJtYWMiOiI2NGQ2ZDU0YWE4MWI3NWViYTI2ODMwNDBlY2ZjZWZkOWMxYzg5NjI2ODM0ZmI1YjUxMWYxNDhjMDkyNjFhZTFkIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /chai!yimom9g HTTP/1.1Host: k9ia.nmpjkg.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Origin: https://zsj.gamnfztl.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /chai!yimom9g HTTP/1.1Host: k9ia.nmpjkg.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /aT2Qm/ HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://zsj.gamnfztl.ru/aT2Qm/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Im4xdzBTcXJVYVpWeEN1cnltenl5Z1E9PSIsInZhbHVlIjoiWW83cTZwY1l0TjhiYU52RnNXdUJmQ0VBaFRvTy9rbzN0emdQSGY1ejM0c0pLYzhQUk5sUDJUSXowWFNlRmhnbEhwTmp0M3V1UHFRNm1pOUFUbllRdlRENWlFTG1XclkrRGRRNGwxRGlHUXR3bVJHY0huUzgvV3dXRW9NRm1FcUwiLCJtYWMiOiIwYTAzOTM0ZTBmOGIyZDFkMzFkYTIwZWJjYjBiMTkxNjVlZjE3YmNmODMyZWQ4MmM4YjkzMmRiOWYzZDhiNTVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlgvWUxTRGxrVGJBUnhSSGo5b2Yrc3c9PSIsInZhbHVlIjoiU1RLK0N6K2hQTzRzRXdjMkR0TEl2elBzQTIrbnRoWXJOcFMzSGcyeEtzcWpnb09scm1DY3R2K0NMcU5FZ1lBTFprWE1VUTNrbWZ6RG04WkNkcjVMNGkybzNVTW0weGcxNFlyZE9reXFQeHBFZitWRDNOMEIzcXV0RHlYMHBQSjUiLCJtYWMiOiI4YzRmNThhNDAwYWM2Yjg2YjRiODExNWQ2MDM1NTc4MjA1MWEyM2JhNmZjNzI1YzM2NmI3NWVkMTg2Y2NhYWIzIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /weYNKvdCVZyzSPWb49Sm7m HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Im4xdzBTcXJVYVpWeEN1cnltenl5Z1E9PSIsInZhbHVlIjoiWW83cTZwY1l0TjhiYU52RnNXdUJmQ0VBaFRvTy9rbzN0emdQSGY1ejM0c0pLYzhQUk5sUDJUSXowWFNlRmhnbEhwTmp0M3V1UHFRNm1pOUFUbllRdlRENWlFTG1XclkrRGRRNGwxRGlHUXR3bVJHY0huUzgvV3dXRW9NRm1FcUwiLCJtYWMiOiIwYTAzOTM0ZTBmOGIyZDFkMzFkYTIwZWJjYjBiMTkxNjVlZjE3YmNmODMyZWQ4MmM4YjkzMmRiOWYzZDhiNTVkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlgvWUxTRGxrVGJBUnhSSGo5b2Yrc3c9PSIsInZhbHVlIjoiU1RLK0N6K2hQTzRzRXdjMkR0TEl2elBzQTIrbnRoWXJOcFMzSGcyeEtzcWpnb09scm1DY3R2K0NMcU5FZ1lBTFprWE1VUTNrbWZ6RG04WkNkcjVMNGkybzNVTW0weGcxNFlyZE9reXFQeHBFZitWRDNOMEIzcXV0RHlYMHBQSjUiLCJtYWMiOiI4YzRmNThhNDAwYWM2Yjg2YjRiODExNWQ2MDM1NTc4MjA1MWEyM2JhNmZjNzI1YzM2NmI3NWVkMTg2Y2NhYWIzIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /kfTYoY9zp6MlR0oOcv4avShQqN3UHLvwqI3DINlldnbOZsdfq HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjBGcjJhNUlzMVF1V094ZjVIUUs2TXc9PSIsInZhbHVlIjoiOGhVUk15R2xpci9uNjVtL1dkSWRTcndhbVU1WUgreVljd1Rva2k0VGtEcHlOeW9LSitEVDJJTHJHcVBGUDVWMFYyZjFWbmZXM1d1R0I4VEZVMWJwcGJzSmNkQm5EMGwxLzh2UGQybE5MNWFKWFRIeDZmUVBBbTJERG5VVmNHRmEiLCJtYWMiOiI2NDYzMGJmMzI0M2E5YzhkNjk2YzhhOWEzZDI1ZjY3MGVlNWFlYTc4ZDljMjJkYTMzMDcwMjliZmQzZjMzZGZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlM2bWZha3QzWmYzWVd1U2l0VkRjaUE9PSIsInZhbHVlIjoibWF4cGVBYzZ2QXptell0SHA2YVZlMlAwT01PbFJxN1dZdEpIOFVWNXJ5SHZSNHVLUEliVysyQllRcGkvUHQxR0YxcFVhZUNKZXpYd1RqdVJjWW1jeVJRWHg3bFljaHZLZ3VTS1U2ZFRxR0dHVFNOdHUyL2daeW0ySU5sWWg3UjMiLCJtYWMiOiI4ODk3YmNlZmQ5ZjU0YzY4M2VjZjkwNDk0YWI2YTk1MWNmOGZkOTgyZTU3YmFhOWRlODI1MWNiYWY4Nzk0OTRhIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://zsj.gamnfztl.ru/aT2Qm/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IjBGcjJhNUlzMVF1V094ZjVIUUs2TXc9PSIsInZhbHVlIjoiOGhVUk15R2xpci9uNjVtL1dkSWRTcndhbVU1WUgreVljd1Rva2k0VGtEcHlOeW9LSitEVDJJTHJHcVBGUDVWMFYyZjFWbmZXM1d1R0I4VEZVMWJwcGJzSmNkQm5EMGwxLzh2UGQybE5MNWFKWFRIeDZmUVBBbTJERG5VVmNHRmEiLCJtYWMiOiI2NDYzMGJmMzI0M2E5YzhkNjk2YzhhOWEzZDI1ZjY3MGVlNWFlYTc4ZDljMjJkYTMzMDcwMjliZmQzZjMzZGZkIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IlM2bWZha3QzWmYzWVd1U2l0VkRjaUE9PSIsInZhbHVlIjoibWF4cGVBYzZ2QXptell0SHA2YVZlMlAwT01PbFJxN1dZdEpIOFVWNXJ5SHZSNHVLUEliVysyQllRcGkvUHQxR0YxcFVhZUNKZXpYd1RqdVJjWW1jeVJRWHg3bFljaHZLZ3VTS1U2ZFRxR0dHVFNOdHUyL2daeW0ySU5sWWg3UjMiLCJtYWMiOiI4ODk3YmNlZmQ5ZjU0YzY4M2VjZjkwNDk0YWI2YTk1MWNmOGZkOTgyZTU3YmFhOWRlODI1MWNiYWY4Nzk0OTRhIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /12ZJFM0GxFX7pxyj5n8920 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /abBd4coPek7Vrs6qpgh23 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-bold.woff2 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveOrigin: https://zsj.gamnfztl.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-bold.woff HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveOrigin: https://zsj.gamnfztl.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-regular.woff2 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveOrigin: https://zsj.gamnfztl.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-regular.woff HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveOrigin: https://zsj.gamnfztl.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fent/randexp.js/releases/download/v0.4.3/randexp.min.js HTTP/1.1Host: github.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /GDSherpa-vf.woff2 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveOrigin: https://zsj.gamnfztl.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /GDSherpa-vf2.woff2 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveOrigin: https://zsj.gamnfztl.rusec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /56iBh9wYpPv2hLE61mp9Ipgij7NZ7aJmNLtZJ89110 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvWvCCAu7xUYPr7WbScGqrUSw0brtaCJjM12127 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 HTTP/1.1Host: ok4static.oktacdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /github-production-release-asset-2e65be/2925284/11f3acf8-4ccb-11e6-8ce4-c179c0a212de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20250326%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20250326T211015Z&X-Amz-Expires=300&X-Amz-Signature=05eecb58d495b2c19124cfc263b0f1a2c5727bb82f4538a7892732d7a2299cc0&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3Drandexp.min.js&response-content-type=application%2Foctet-stream HTTP/1.1Host: objects.githubusercontent.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /qrvzEvmaVkT9iUxv3Lmn3ghmNrwhtynu1KfZgx3Lf8Nz45138 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efQfEFbBsA1PWjqjC2AsB3Sf3dRFflrh48dPkl3viW8WDARjIzdLtY2l8Xc590150 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /kldBL4zcpsIGA3RQCE16rvuDk67NRU89NKlVQcuAKOHEZKqFVXUpKwzab225 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /uvWvCCAu7xUYPr7WbScGqrUSw0brtaCJjM12127 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mnM6Ws9omfLxH5gBqh9docIE0yIP8Sho1qHJCINn6klPQrkstcz7hFCBoq7Kuv220 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijV2sMHmHlYU6sScs3cNcduHhH5jc9fLdixgY52he78162 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /qrvzEvmaVkT9iUxv3Lmn3ghmNrwhtynu1KfZgx3Lf8Nz45138 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yz3x3iFQeyzkifPtuQhN76NJOop7WHl7Lgij6SjopLj2ga90176 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /efQfEFbBsA1PWjqjC2AsB3Sf3dRFflrh48dPkl3viW8WDARjIzdLtY2l8Xc590150 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ikg5MFh2aHUwSFZBYW9FT0JCdEY0NWc9PSIsInZhbHVlIjoiQnVWRDhrU05lWUZiVmdHTjVmZndDR2lPc0pEWnFnaFdNSCtLVng2ViswRllGcitpVnUyL1BZUm1qeGlXNkF6TktjVkt5bHpNTDV4eWRFdmxyQ1VQZDZPUFBYL3hNWE5xUkpYeGZINnlGRDd3UEZGcXA2QnFsVWlOM2o1eFBTVm4iLCJtYWMiOiIwM2RiZjQyYzdlY2Y4MWZhNmEwZGEzZWU5ZThlZmQzYTMyYzYwOWU2ZWI2MDE3NmEyMTU1ZThlOWQwOWM0M2IwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IndIRnlkaGxPZG5hSnlCUFM4Sy9RVnc9PSIsInZhbHVlIjoiTkJoVVNEZVV5YWd1WUlXalEzTTFWVlcxRnVNQk9XZ0ZFVDExTHZxQTdmemtLQTBCaEpwVzNwZkZpeU5UajdKNHk1UW9NK3dzR1Rwa1JMYkJOUGVsK3dSK2JZNFJMMDE0d2NXMlNwMWJrSjBnWHJVVURUQmxyTVJMZnA3eDVDT08iLCJtYWMiOiIyMzBjZWY3NDdiYjRlMzZmMTI4MTM1Nzc5NzM1NmRmNzgyYWI1MWUyZTVmNWMzNjdkZDc0YmVjODU1YzM4OTE2IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /rshUXrcuwMcELYpsglH3R1srubjQneijev9aHyrn7AFS5ivHN3uKDYrmNcd198 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /gkRtSUXVo4GMwwPB2wbMA4no4fTwDUtBjLufxydv89EWijA5DsYsxHgnb HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghWnOkFleiFQVUIN2Rokx0mnV6jktMYiINcrOcdA5ygj12205 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /kldBL4zcpsIGA3RQCE16rvuDk67NRU89NKlVQcuAKOHEZKqFVXUpKwzab225 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opsc3k2AIfcggTzvk8JgeYPFlmT012TADl8NCXkcgQtzdORQQIycd237 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /mnM6Ws9omfLxH5gBqh9docIE0yIP8Sho1qHJCINn6klPQrkstcz7hFCBoq7Kuv220 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /sttp9YLQTb0kBgoRyDVkLkm41He23tAEUHREaBoUhPEYXGDCh4ftmnKFGSR5aRz37QbiBO3av59LmmaI08PGLQCtYbgh259 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQSAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /yz3x3iFQeyzkifPtuQhN76NJOop7WHl7Lgij6SjopLj2ga90176 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ijV2sMHmHlYU6sScs3cNcduHhH5jc9fLdixgY52he78162 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Origin: https://zsj.gamnfztl.ruSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rshUXrcuwMcELYpsglH3R1srubjQneijev9aHyrn7AFS5ivHN3uKDYrmNcd198 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /ghWnOkFleiFQVUIN2Rokx0mnV6jktMYiINcrOcdA5ygj12205 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /opsc3k2AIfcggTzvk8JgeYPFlmT012TADl8NCXkcgQtzdORQQIycd237 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /v1/ip/geo.json HTTP/1.1Host: get.geojs.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sttp9YLQTb0kBgoRyDVkLkm41He23tAEUHREaBoUhPEYXGDCh4ftmnKFGSR5aRz37QbiBO3av59LmmaI08PGLQCtYbgh259 HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InlRNnM3aWxzY2Q4NzQzdSt3Z2RlWkE9PSIsInZhbHVlIjoiTFdtdU4vdGhkbzQ3WksxYzhPTlNtVG9hcnphUFk4eW1TeEM4SGEzZ0d1K2U0OEd0ZllUZDZJOWp1NkxZQWJrNzNCZnFiWlRYRng2alVzTi9RbGJZcTYrMDUxTnk5Y3lpVkZoVFJWUFNzVWtZZFlUenhHOHlURFZyaGFucWNyVFkiLCJtYWMiOiI3M2UzNTQxNTk3OGQ5MzZhMjQwMTU3ZjNiYWY4NDA2YmY1ZGQzNWU5NTNlZWU2ZTQzNDJlMTFiODczNjA2YTMwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjhNaWtKcndCT2pwanJwTER3MEJLbXc9PSIsInZhbHVlIjoicU1LQ2JsT2JwUGlWbDVNaVp5M2twVEpHYVlEN3lSejRyQ1gzQVpoVENISXo2dWl3Tnd6UkFjTHJGS2dzd1lEWktIcjUyaFg2SEVEa25zQitQZlljWndHYXRMckdSODRidGF3dDlhSUVVaW9YZjBrenJVYVdDYnpRTGRwYWp6SjgiLCJtYWMiOiJkNTg3ZjE4MzU1YWQyNDJkYzY3NzdiYWIyOTljZjM4YmQ0YjhkYzliMWU0MDZkNDAxMWVjZDJkZmI3YTk4MzI4IiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBMpq7UZygw3g8GdeO34NYwx40 HTTP/1.1Host: olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-gn-5drtokny-zptvcmh7aynavltkuhd9z2gvx9val7y/logintenantbranding/0/bannerlogo?ts=637825606459016657 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: https://zsj.gamnfztl.ru/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /dbd5a2dd-gn-5drtokny-zptvcmh7aynavltkuhd9z2gvx9val7y/logintenantbranding/0/bannerlogo?ts=637825606459016657 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /gkRtSUXVo4GMwwPB2wbMA4no4fTwDUtBjLufxydv89EWijA5DsYsxHgnb HTTP/1.1Host: zsj.gamnfztl.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6InNUYThiT1lPZTNhMDE4YStxOEdLSUE9PSIsInZhbHVlIjoiNXFXTllNOXlNb2ZTYmM4TlUyR2hSZnJIVTEyNzRxeXc3Ukp3b1ZwOTBuY25HQnFrbzhUWUJFcjRPdEdQK2lwREVneFdKRklQdmV1ZDc4ZWtGdzhKMGdTSjRPcGwwUkFxVzNJd21lendKM3ZKeVdBQkFuSG5nV1pFaHMrMEszME4iLCJtYWMiOiIzNzVlOWFlZjllNTc5MjEzNDhlOGI0MGFmZDg3MzY2YWY2YzgyMDQxOGY5OTk2MDcwNTg0ZDZkYTMzNDA1NjI2IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6ImEyaXpwT1kyV0xmbnJXUVR1VjhGWXc9PSIsInZhbHVlIjoiM1E1VTFaTFpMeEQrT1BlUUFCeHNycmd1WUl1SnR3Uk1hbExFOVgxcDROM2R2TTJ1eEkxd21nblRPU0RhcDdSejB3NDBnTm5jNjZIYXpLL3YrRFlYYjVPRU81Qk1DZVVDMWo5SWlseFBDRzdLVy9IQm5rb2F0WnhPZmZUdVVLNTYiLCJtYWMiOiI0YzU3ZTgyZTExYjYyMmZkMmYzNWNlOTdiMGNkZDUzZmExMmJmMjQ0MDY1MjAxMzNhOTc3MDg2YzI4ZjQyYWRlIiwidGFnIjoiIn0%3D
Source: global traffic HTTP traffic detected: GET /lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBMyzJOKqtI38q56usIzCZop50 HTTP/1.1Host: olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBMyzqrxCoLQ78wxIEmCqr42 HTTP/1.1Host: olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBM12jvBQfcXFekV78xC5op44 HTTP/1.1Host: olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.esConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: zsj.gamnfztl.ru
Source: global traffic DNS traffic detected: DNS query: code.jquery.com
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: k9ia.nmpjkg.ru
Source: global traffic DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: github.com
Source: global traffic DNS traffic detected: DNS query: ok4static.oktacdn.com
Source: global traffic DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic DNS traffic detected: DNS query: get.geojs.io
Source: global traffic DNS traffic detected: DNS query: olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es
Source: global traffic DNS traffic detected: DNS query: aadcdn.msauthimages.net
Source: unknown HTTP traffic detected: POST /report/v4?s=vf6Q5AlyAg8Vb0x4RyQEhnQkD5NV2XSf4jMu%2BshNgvccrTUMoEIcDZCWdid8StMraqTmAqhEitdthe2Cb%2BborBZCCICXpsZcAJFiLbYKvYEjvY3I%2FTDHZeYTmvP0nQVzwtC1 HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 424Content-Type: application/reports+jsonOrigin: https://zsj.gamnfztl.ruUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:11:30 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vf6Q5AlyAg8Vb0x4RyQEhnQkD5NV2XSf4jMu%2BshNgvccrTUMoEIcDZCWdid8StMraqTmAqhEitdthe2Cb%2BborBZCCICXpsZcAJFiLbYKvYEjvY3I%2FTDHZeYTmvP0nQVzwtC1"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Vary: Accept-Encodingserver-timing: cfL4;desc="?proto=TCP&rtt=44004&min_rtt=43985&rtt_var=12385&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2163&delivery_rate=64736&cwnd=129&unsent_bytes=0&cid=5c52c1f80fa9628c&ts=411&x=0"Cache-Control: max-age=14400CF-Cache-Status: HITAge: 2Server: cloudflareCF-RAY: 9269a4107f288ae3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=89395&min_rtt=89362&rtt_var=18871&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1894&delivery_rate=34196&cwnd=252&unsent_bytes=0&cid=c452d64d137567c7&ts=2149&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:11:38 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PY8VfYMalv%2FeGh2oI3FySELSAmhjtUJjcojGjnBha3HXN8W4lNPyWBTujpsacCh06fxhF3hw72aLBTP0gGGE7wjG1C8mS5Wc3FJ5MlAVTp5dY6ksH4Rxu0xDPOYfqFwxOSI2"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=42522&min_rtt=42479&rtt_var=11975&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2820&recv_bytes=2038&delivery_rate=66994&cwnd=252&unsent_bytes=0&cid=3cc0dc4167bdfcde&ts=287&x=0"Server: cloudflareCF-RAY: 9269a4411e074261-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=88930&min_rtt=88883&rtt_var=18823&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2821&recv_bytes=1696&delivery_rate=34330&cwnd=252&unsent_bytes=0&cid=eb836a4c306400d8&ts=743&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:11:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareCf-Cache-Status: DYNAMICVary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9LG3wi0ZUvJmHDSwhL1lhDn%2FS7Cpf44Z8ckT4KyY7qQVBfA79ZFne1RvMouvOThJ%2F%2BAEFGOTjMUOrI1JyP4JpWRy7ckspbhNP4M2XnkbnE8pKWzWxwvMYDS%2Fz2bfzKgyBS%2Bn"}],"group":"cf-nel","max_age":604800}Nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server-Timing: cfL4;desc="?proto=TCP&rtt=31671&min_rtt=31526&rtt_var=11926&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2064&delivery_rate=90338&cwnd=128&unsent_bytes=0&cid=e46b83dc7d35f290&ts=405&x=0"CF-RAY: 9269a44f7b7cefa7-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:11:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0zJtmK3EJD4kPa2oR2fdQ5onSQEd0nAm4Jusa7xP%2BUqs6aWNN6f6vhkZThQcGwIGSnvLHqNI8PrpivZKdMStNZ5lt9fQuijc1FEHoFGB40muNpurood7ReFa%2BPsYyJWmaEYm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=44115&min_rtt=43969&rtt_var=16592&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2821&recv_bytes=2072&delivery_rate=64772&cwnd=168&unsent_bytes=0&cid=00118a218b79bf83&ts=233&x=0"Server: cloudflareCF-RAY: 9269a4624ddc8c6d-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=90029&min_rtt=89613&rtt_var=19328&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1731&delivery_rate=34104&cwnd=252&unsent_bytes=0&cid=5d083388a84c4f72&ts=1179&x=0"
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 26 Mar 2025 21:11:57 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closecf-cache-status: DYNAMICvary: accept-encodingReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KTpfwK24z8Pb1yyl8APrUZDrV%2BeJOYpy%2FIN6nGS91334RuP96y2Xfvp8gWB9E0T1HSfF6mSZLe95KdHfetYz1raG09C1FNnTceAbgt3gOUFeD0XfwAcc4qiQzbYYlVb%2BY%2FKv"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}server-timing: cfL4;desc="?proto=TCP&rtt=35258&min_rtt=35239&rtt_var=9944&sent=4&recv=8&lost=0&retrans=0&sent_bytes=2822&recv_bytes=2071&delivery_rate=80622&cwnd=103&unsent_bytes=0&cid=c602174c5dec5513&ts=245&x=0"Server: cloudflareCF-RAY: 9269a4b68b9688c3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=89935&min_rtt=89887&rtt_var=19035&sent=6&recv=9&lost=0&retrans=0&sent_bytes=2823&recv_bytes=1731&delivery_rate=33948&cwnd=252&unsent_bytes=0&cid=f16a27b2606957b3&ts=666&x=0"
Source: chromecache_96.1.dr String found in binary or memory: http://github.com/fent/randexp.js/raw/master/LICENSE
Source: chromecache_96.1.dr String found in binary or memory: https://github.com/fent)
Source: chromecache_100.1.dr String found in binary or memory: https://www.etsy.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49679 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 142.250.81.228:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.6:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 151.101.66.137:443 -> 192.168.2.6:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49712 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49716 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49718 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.17.24.14:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 140.82.112.3:443 -> 192.168.2.6:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.110:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 18.164.124.11:443 -> 192.168.2.6:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 185.199.111.133:443 -> 192.168.2.6:49745 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.6:49766 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.6:49770 version: TLS 1.2
Source: unknown HTTPS traffic detected: 172.67.70.233:443 -> 192.168.2.6:49771 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.6:49773 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49774 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.209.72.31:443 -> 192.168.2.6:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 35.190.80.1:443 -> 192.168.2.6:49789 version: TLS 1.2
Creates files inside the system directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Windows\SystemTemp\scoped_dir5620_936667193 Jump to behavior
Deletes files inside the Windows folder
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File deleted: C:\Windows\SystemTemp\scoped_dir5620_936667193 Jump to behavior
Source: classification engine Classification label: mal100.phis.evad.winSVG@25/78@38/17
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,15750090068326536515,15019451711460223245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Jazzsol Audio_Msg.svg"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2152,i,15750090068326536515,15019451711460223245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2260 /prefetch:3 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Jazzsol Audio_Msg.svg" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected

Malware Analysis System Evasion
barindex
Yara detected AntiDebug via timestamp check
Source: Yara match File source: 1.12..script.csv, type: HTML
Source: Yara match File source: 0.1.d.script.csv, type: HTML
Source: Yara match File source: 1.13..script.csv, type: HTML
Source: Yara match File source: 1.4.pages.csv, type: HTML
Source: Yara match File source: 1.3.pages.csv, type: HTML
Source: Yara match File source: 1.5.pages.csv, type: HTML
Source: Yara match File source: 1.6.pages.csv, type: HTML
Source: Yara match File source: 1.2.pages.csv, type: HTML
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1649550 Sample: Jazzsol Audio_Msg.svg Startdate: 26/03/2025 Architecture: WINDOWS Score: 100 26 Found malware configuration 2->26 28 AI detected phishing page 2->28 30 Yara detected AntiDebug via timestamp check 2->30 32 6 other signatures 2->32 6 chrome.exe 2 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.13 unknown unknown 6->14 16 192.168.2.23 unknown unknown 6->16 18 192.168.2.6, 138, 443, 49681 unknown unknown 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 zsj.gamnfztl.ru 104.21.32.1, 443, 49706, 49707 CLOUDFLARENETUS United States 11->20 22 18.164.124.11, 443, 49744 MIT-GATEWAYSUS United States 11->22 24 16 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.17.24.14
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false
140.82.112.3
 github.com United States
36459 GITHUBUS false
104.21.32.1
 zsj.gamnfztl.ru United States
13335 CLOUDFLARENETUS true
104.21.64.1
 k9ia.nmpjkg.ru United States
13335 CLOUDFLARENETUS false
142.250.81.228
 www.google.com United States
15169 GOOGLEUS false
185.199.111.133
 objects.githubusercontent.com Netherlands
54113 FASTLYUS false
18.164.124.110
 d19d360lklgih4.cloudfront.net United States
3 MIT-GATEWAYSUS false
104.21.112.1
 olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es United States
13335 CLOUDFLARENETUS false
104.21.96.1
 unknown United States
13335 CLOUDFLARENETUS false
172.67.70.233
 get.geojs.io United States
13335 CLOUDFLARENETUS false
151.101.66.137
 code.jquery.com United States
54113 FASTLYUS false
18.164.124.11
 unknown United States
3 MIT-GATEWAYSUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
23.209.72.31
 e329293.dscd.akamaiedge.net United States
20940 AKAMAI-ASN1EU false

Private

IP
192.168.2.6
192.168.2.13
192.168.2.23

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
e329293.dscd.akamaiedge.net 23.209.72.31 true
code.jquery.com 151.101.66.137 true
cdnjs.cloudflare.com 104.17.24.14 true
github.com 140.82.112.3 true
olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es 104.21.112.1 true
zsj.gamnfztl.ru 104.21.32.1 true
get.geojs.io 172.67.70.233 true
www.google.com 142.250.81.228 true
k9ia.nmpjkg.ru 104.21.64.1 true
d19d360lklgih4.cloudfront.net 18.164.124.110 true
objects.githubusercontent.com 185.199.111.133 true
aadcdn.msauthimages.net unknown unknown
ok4static.oktacdn.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://zsj.gamnfztl.ru/abBd4coPek7Vrs6qpgh23 false
  • Avira URL Cloud: safe
 unknown
https://ok4static.oktacdn.com/fs/bcg/4/gfsh9pi7jcWKJKMAs1t7 false
    		high
    https://olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es/lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBMpq7UZygw3g8GdeO34NYwx40 false
    • Avira URL Cloud: safe
    		 unknown
    https://zsj.gamnfztl.ru/aT2Qm/#Mavery.moore@jazzsol.com false
      		unknown
      https://zsj.gamnfztl.ru/weYNKvdCVZyzSPWb49Sm7m false
      • Avira URL Cloud: safe
      		 unknown
      https://code.jquery.com/jquery-3.6.0.min.js false
        		high
        https://zsj.gamnfztl.ru/favicon.ico false
        • Avira URL Cloud: safe
        		 unknown
        https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js false
          		high
          https://zsj.gamnfztl.ru/efQfEFbBsA1PWjqjC2AsB3Sf3dRFflrh48dPkl3viW8WDARjIzdLtY2l8Xc590150 false
          • Avira URL Cloud: safe
          		 unknown
          https://olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es/lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBM12jvBQfcXFekV78xC5op44 false
          • Avira URL Cloud: safe
          		 unknown
          https://zsj.gamnfztl.ru/ijV2sMHmHlYU6sScs3cNcduHhH5jc9fLdixgY52he78162 false
          • Avira URL Cloud: safe
          		 unknown
          https://ok4static.oktacdn.com/assets/js/sdk/okta-signin-widget/7.18.0/css/okta-sign-in.min.css false
            		high
            https://zsj.gamnfztl.ru/sttp9YLQTb0kBgoRyDVkLkm41He23tAEUHREaBoUhPEYXGDCh4ftmnKFGSR5aRz37QbiBO3av59LmmaI08PGLQCtYbgh259 false
            • Avira URL Cloud: safe
            		 unknown
            https://zsj.gamnfztl.ru/56iBh9wYpPv2hLE61mp9Ipgij7NZ7aJmNLtZJ89110 false
            • Avira URL Cloud: safe
            		 unknown
            https://zsj.gamnfztl.ru/ghWnOkFleiFQVUIN2Rokx0mnV6jktMYiINcrOcdA5ygj12205 false
            • Avira URL Cloud: safe
            		 unknown
            https://zsj.gamnfztl.ru/mnM6Ws9omfLxH5gBqh9docIE0yIP8Sho1qHJCINn6klPQrkstcz7hFCBoq7Kuv220 false
            • Avira URL Cloud: safe
            		 unknown
            https://zsj.gamnfztl.ru/GDSherpa-regular.woff false
            • Avira URL Cloud: safe
            		 unknown
            https://zsj.gamnfztl.ru/GDSherpa-vf.woff2 false
            • Avira URL Cloud: safe
            		 unknown
            https://olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es/lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBMyzqrxCoLQ78wxIEmCqr42 false
            • Avira URL Cloud: safe
            		 unknown
            https://zsj.gamnfztl.ru/GDSherpa-regular.woff2 false
            • Avira URL Cloud: safe
            		 unknown
            https://olr31hzyv8aluvblganmmiwdojbb4l3jikidtbavxfjfs5pmvcmcn.caspianxw.es/lncteuojmrodrytseemzgpuKDAIYCFPQXSZOAGPZNDEZBTOWRXZYPDVVZQHLBMyzJOKqtI38q56usIzCZop50 false
            • Avira URL Cloud: safe
            		 unknown
            https://ok4static.oktacdn.com/assets/loginpage/css/loginpage-theme.e0d37a504604ef874bad26435d62011f.css false
              		high
              https://a.nel.cloudflare.com/report/v4?s=KTpfwK24z8Pb1yyl8APrUZDrV%2BeJOYpy%2FIN6nGS91334RuP96y2Xfvp8gWB9E0T1HSfF6mSZLe95KdHfetYz1raG09C1FNnTceAbgt3gOUFeD0XfwAcc4qiQzbYYlVb%2BY%2FKv false
                		high
                https://zsj.gamnfztl.ru/yz3x3iFQeyzkifPtuQhN76NJOop7WHl7Lgij6SjopLj2ga90176 false
                • Avira URL Cloud: safe
                		 unknown
                https://zsj.gamnfztl.ru/GDSherpa-vf2.woff2 false
                • Avira URL Cloud: safe
                		 unknown
                https://zsj.gamnfztl.ru/aT2Qm/ true
                • Avira URL Cloud: safe
                		 unknown
                https://zsj.gamnfztl.ru/12ZJFM0GxFX7pxyj5n8920 false
                • Avira URL Cloud: safe
                		 unknown
                https://zsj.gamnfztl.ru/opsc3k2AIfcggTzvk8JgeYPFlmT012TADl8NCXkcgQtzdORQQIycd237 false
                • Avira URL Cloud: safe
                		 unknown
                https://zsj.gamnfztl.ru/lkyjwphwipbrshfwsqvnwklpolvctsaddgu2swnfw?WNKEBWEJFMOTKLFTWQS true
                  		unknown
                  https://zsj.gamnfztl.ru/qrvzEvmaVkT9iUxv3Lmn3ghmNrwhtynu1KfZgx3Lf8Nz45138 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://zsj.gamnfztl.ru/gkRtSUXVo4GMwwPB2wbMA4no4fTwDUtBjLufxydv89EWijA5DsYsxHgnb false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://zsj.gamnfztl.ru/GDSherpa-bold.woff false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://k9ia.nmpjkg.ru/chai!yimom9g false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://zsj.gamnfztl.ru/kldBL4zcpsIGA3RQCE16rvuDk67NRU89NKlVQcuAKOHEZKqFVXUpKwzab225 false
                  • Avira URL Cloud: safe
                  		 unknown
                  https://get.geojs.io/v1/ip/geo.json false
                    		high
                    https://zsj.gamnfztl.ru/kfTYoY9zp6MlR0oOcv4avShQqN3UHLvwqI3DINlldnbOZsdfq false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://zsj.gamnfztl.ru/rshUXrcuwMcELYpsglH3R1srubjQneijev9aHyrn7AFS5ivHN3uKDYrmNcd198 false
                    • Avira URL Cloud: safe
                    		 unknown
                    https://aadcdn.msauthimages.net/dbd5a2dd-gn-5drtokny-zptvcmh7aynavltkuhd9z2gvx9val7y/logintenantbranding/0/bannerlogo?ts=637825606459016657 false
                      		high
                      https://zsj.gamnfztl.ru/uvWvCCAu7xUYPr7WbScGqrUSw0brtaCJjM12127 false
                      • Avira URL Cloud: safe
                      		 unknown
                      https://zsj.gamnfztl.ru/GDSherpa-bold.woff2 false
                      • Avira URL Cloud: safe
                      		 unknown