| clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= | 216.58.207.238 | | 557 B |
URL clickserve.dartsearch.net/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= IP216.58.207.238:0
File typeHTML document, ASCII text, with very long lines (624) Hash6bbed001a5db69bf3a45657ae03781ec 07e0a73350791ece2de2e03bf6990c8a4d607e8f 28dcfdf571a2faac45d360aead6212be9b52c4db6cf6bd0cc1111a7e336839ee
GET /link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= HTTP/1.1
Host: clickserve.dartsearch.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
location: https://ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E=
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Thu, 25 Apr 2024 17:49:07 GMT
expires: Thu, 25 Apr 2024 17:49:07 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 557
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= | 142.250.74.166 | | 0 B |
URL ad.doubleclick.net/searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= IP142.250.74.166:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /searchads/link/click?&ds_a_cid=78645631&ds_a_caid=16864403479&ds_a_agid=136213635060&ds_a_fiid=&ds_a_lid=kwd-337954311970&&ds_e_adid=592415145315&ds_e_matchtype=search&ds_e_device=c&ds_e_network=g&&ds_url_v=2&dc_eps=AHas8cAWcSu2CE2UYpbAoywAbKsEzKsO3mL4IRHbDY7Tz6XLPlOxJw498iUtYEqldt3XQQ07ptEfeYomK1W7&acs_info=ZmluYWxfdXJsOiAiaHR0cHM6Ly93d3cuc2VjdW1kLm9yZy9wZXJzb25hbC9iYW5raW5nL3RvdGFsLWNoZWNraW5nLXJld2FyZHMvIgo&ds_dest_url=https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= HTTP/1.1
Host: ad.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E=
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Thu, 25 Apr 2024 17:49:07 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: IDE=AHWqTUk_BeFFpAFRo72QIbvyNPbjmH7sj8zo3tz8GDVlkh7SzYl7q05QJ6Kb4IBvfek; expires=Sat, 25-Apr-2026 17:49:07 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
FLC=CPelNRCHpcI9GKn7-o8BKLH8xAIwk6-qsQZwANq4BBoyGDoWChQoMJgX0ezzKpobBgjwspqxBqAbAQ; expires=Thu, 25-Apr-2024 17:49:17 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= | 162.144.4.79 | | 0 B |
URL shoppybu.com/.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= IP162.144.4.79:0 ASN#46606 UNIFIEDLAYER-AS-1
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /.tmp/jtnrml/6yg/___VQZK___/TVN0b3R0QG1mZGEuY2E= HTTP/1.1
Host: shoppybu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:49:08 GMT
server: nginx/1.21.6
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://nutarcom.us/MMStott@mfda.ca
cache-control: max-age=7200
expires: Thu, 25 Apr 2024 19:49:08 GMT
vary: User-Agent
x-generated: t=1714067348062258
x-endurance-cache-level: 2
x-nginx-cache: WordPress
x-server-cache: false
X-Firefox-Spdy: h2
|
|
| nutarcom.us/MMStott@mfda.ca | 172.67.181.52 | 403 Forbidden | 7.6 kB |
URL User Request GET HTTP/3nutarcom.us/MMStott@mfda.ca IP172.67.181.52:443
CertificateIssuerLet's Encrypt Subjectnutarcom.us FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2 ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT
File typeHTML document, ASCII text, with very long lines (16328), with no line terminators Hash9e5ec44c5483bf8a4bcba3df5c9cf4af f9d83f91d99952c81d4b25a497acc6e36371687f b772a1551cc86d34d6a441888466f3a79e60230762332de40771c79d42e5c0f1
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /MMStott@mfda.ca HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 25 Apr 2024 17:49:08 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: ZEPD2fOx0vBqnhxy/v7SnZNiNFv2b2R8kiccERPVuzAzt3vTS4XIfwcZ+SjSYZygp1DK71ktxLZAn01QkKV33n6u02/wBTEtFkGwn5L5kykyUFFBGEzGw2nq7PZIU0f2iZH3UBobCWd7brBJLnIihg==$foqWnRUZWMHLTxBMvadTjw==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bkQpgAR0s60v3Be02DQIlOc%2FfwbyDLfZTdiNKTq589kR8oEmO%2FX4zrEl0pmTJAwK9xzgfPm%2F%2FnwhGfC7yYATU%2BBnVWS3CyA1iKjb7%2BUMyZv6FCvGBSaWHzTiIO60LA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a02b01ee160b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit | 104.17.2.184 | 200 OK | 35 kB |
URL GET HTTP/3challenges.cloudflare.com/turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit IP104.17.2.184:443
Requested byhttps://nutarcom.us/MMStott@mfda.ca CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (42565) Hash65b0a652c40c95d12c4ddb3b4567c1ea c654efa19d01d6553ed4e0f500d350011e023ad1 c6b5cd0b65ebbb519dd845ba2979b40e58b056ca2c90f67a8bfea871d39615a7
GET /turnstile/v0/g/d0ff3ebede6b/api.js?onload=XagHGl3&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://nutarcom.us
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 17:49:09 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a02b036bb456a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced Hash9246cca8fc3c00f50035f28e9f6b7f7d 3aa538440f70873b574f40cd793060f53ec17a5d c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/GLhOioXg0bs57t4qPrORXFsL1%2BWig2mIKbgpVPMu7ZQ%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/tsgfz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:09 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 87a02b05a8b2b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1431884156:1714065512:dHRvxhVfY4OjGbu3FF2H2GxlTtbQ0az1fXUYFCEIXOQ/87a02b05280ab51b/e8ec6a18caceb7a | 104.17.2.184 | | 100 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1431884156:1714065512:dHRvxhVfY4OjGbu3FF2H2GxlTtbQ0az1fXUYFCEIXOQ/87a02b05280ab51b/e8ec6a18caceb7a IP104.17.2.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashf5a1b8cc03f104928e39aa765f90a2a7 dfba2c29551831292008094faf02e2ef6cd2197a 261c36fcffeb6228192c94e31a16a68973e4a2ecb6f7d57b53d6dd2b1b355009
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1431884156:1714065512:dHRvxhVfY4OjGbu3FF2H2GxlTtbQ0az1fXUYFCEIXOQ/87a02b05280ab51b/e8ec6a18caceb7a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/tsgfz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e8ec6a18caceb7a
Content-Length: 3573
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:09 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 9Iyu5FHjIVODqZg2pnWdCrUjOc8OmP7PnrCu8kVMQ8OUcHl4wvm2oyQoI+v7K4y7NqBxAn6BGoYGKPMhWvvoYAIoNA2+TQ0uOrxneFpUholanTOxgmIWPtSAYc2ePyRzb2ZTN28NhR/ga7WaD9abHyo9opXlmbKgs3mtx54c5iSXtI2QzNZBCbl4c/YDnpI8bK2ykafaBt/y3lL0n9QWhsvniHvc7OAcrgbAI1kK4/fswVHvnTVsyxflD4Txn3SGrIbgykXMiNAssXDJHB7SBeEVt6IKlS8xMBJkX7tY1GiMnr8OJShifuUpNGb+VHjuFIWMsQuB2vPH4nts41UNcw5CNshKT1yZDeKxHKQzy/fjY1NFOTlfvQUb5zFDGBe6OefugGTNpB8dAn5Rpc5EUk2JyHT7sssxiSBxVsdd5gk=$p+OEFH0PK9a1NxItD9nyTQ==
vary: accept-encoding
server: cloudflare
cf-ray: 87a02b07aac5b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87a02b05280ab51b/1714067349733/6efda6f9320d557f8c9169d08157292af079fe2843bbaa45584aca1077dc4c10/kOrlgv1fWJES7YQ | 104.17.2.184 | | 1 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87a02b05280ab51b/1714067349733/6efda6f9320d557f8c9169d08157292af079fe2843bbaa45584aca1077dc4c10/kOrlgv1fWJES7YQ IP104.17.2.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/87a02b05280ab51b/1714067349733/6efda6f9320d557f8c9169d08157292af079fe2843bbaa45584aca1077dc4c10/kOrlgv1fWJES7YQ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/tsgfz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Thu, 25 Apr 2024 17:49:11 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gbv2m-TINVX-MkWnQgVcpKvB5_ihDu6pFWErKEHfcTBAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIG79pvkyDVV_jJFp0IFXKSrwef4oQ7uqRVhKyhB33EwQABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87a02b121cd1b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1431884156:1714065512:dHRvxhVfY4OjGbu3FF2H2GxlTtbQ0az1fXUYFCEIXOQ/87a02b05280ab51b/e8ec6a18caceb7a | 104.17.2.184 | | 35 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1431884156:1714065512:dHRvxhVfY4OjGbu3FF2H2GxlTtbQ0az1fXUYFCEIXOQ/87a02b05280ab51b/e8ec6a18caceb7a IP104.17.2.184:0
CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (22312), with no line terminators Hasha37f8f282d3b58ecb9cb845a0fc31ef1 dab750c7656c438417ce1deae45ad3de5dac29dc 8b8ccd16acbc13842568137f72fd3a332355ac0bb314bd1061587b822d977bdc
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1431884156:1714065512:dHRvxhVfY4OjGbu3FF2H2GxlTtbQ0az1fXUYFCEIXOQ/87a02b05280ab51b/e8ec6a18caceb7a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/tsgfz/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: e8ec6a18caceb7a
Content-Length: 28386
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: vZfytAfZSwA1DPTA5ah2f3E22GnqyDYTXyaKPIpfs4dDAbPMlg88Cb1FbfZkJPFs$zLw8CFN6HMYK6TCp/lG0eQ==
vary: accept-encoding
server: cloudflare
cf-ray: 87a02b13be37b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nutarcom.us/MMStott@mfda.ca | 172.67.181.52 | 403 Forbidden | 22 kB |
URL User Request GET HTTP/3nutarcom.us/MMStott@mfda.ca IP172.67.181.52:443
CertificateIssuerLet's Encrypt Subjectnutarcom.us FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2 ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT
File typeHTML document, ASCII text, with very long lines (15816), with no line terminators Hashb007a354beff6f278ebe5df1f908caed e59c636cbff5c83a4b07c568dd41f68fa6d0b6cc bd6af3e0668acbce369ceb4d2637c9501df773526ab8caa614b89f3e4efcc0ba
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Microsoft Outlook |
GET /MMStott@mfda.ca HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
date: Thu, 25 Apr 2024 17:49:19 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: w8dBsxz3rAAvfONjvpI0gZJJD3kassJShHvsIXHQkjt3lcfhHs/E5WK8s2FLAvEtBQURmr4yPEQNUkoJaeporgtsd76wxBye+QgjnsieaVdkWN2jMlzkDb5SQDZVunyCeb5J9ICJ8BgqyavGUPNgFA==$u76SHvUlaizulFPWQ/i4tw==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RyK5yzwGAQNHuEZ%2B%2BKnuw5P2C4TRdsN%2FQ5QIVe4IHEafBOXiTqVOhTOmBgte98BX7dLe9HjaN7Bm3ZRa50R01HB7woZMBpT6rkV8b7xL2i323QMj8zc9Cw6LMbfSRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a02b4588810b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/289797020:1714065187:O9u87rY1xMNsMV0TbQclQQ7ugCLdBZb9kXkkyPkIS_w/87a02b482ba2b51b/580ba08226acf4d | 104.17.2.184 | 200 OK | 99 kB |
URL POST HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/289797020:1714065187:O9u87rY1xMNsMV0TbQclQQ7ugCLdBZb9kXkkyPkIS_w/87a02b482ba2b51b/580ba08226acf4d IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hash810384899ff5a4dc629e4de2853ca05c 49e6ebc8065cd5dbf515d18d6133f2f6a57bb79c 044e1860a31de94ab4ec336bbe1695f49067ac109b264fec405a67b05642d5bb
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/289797020:1714065187:O9u87rY1xMNsMV0TbQclQQ7ugCLdBZb9kXkkyPkIS_w/87a02b482ba2b51b/580ba08226acf4d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 580ba08226acf4d
Content-Length: 3591
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:20 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: LcVJRbPjfXgLV35V+iyOLMeDAhhnimvo8uXdyQBAsAzlA5iEKQGoUeUQDED2lcP1csuX7Anw6+reHcQ3E5UvwBOuwAPELFaDQWsdhPBlmJ/rIea1EnJMLhkAKLz//3XnvUNJN23a5H4opdznSFP24ZZ8ChK9Pt17JAg+qp227T3PYmyaOY5znfA8EAoNsfaVg4X5c8c0w7Ii5hbrMO7mKbhGpiYiCYHVSlScDbCuZv/DJctDtEBaPsZq+7hs7Q2LwyQqDLYTdp2dEtERdiKYVFxTlwF9YE718jM6iIZ/89lcmtK9wkQicId2XV83Tz9PWdXcP192ysm9asFITbOysxJ8FtE1dWRzel7ac0cvXLJSR+XR+lxQvtul0mSVSGjWOwEaYO/5rWUup+mrcaDvpiSGICzt3sjDk5/qY9AZLLs=$x9dQe9R+cPh3dw/V082gzw==
vary: accept-encoding
server: cloudflare
cf-ray: 87a02b4a6e33b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87a02b482ba2b51b/1714067360406/KIzymC6egOqZsTe | 104.17.2.184 | 200 OK | 61 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/87a02b482ba2b51b/1714067360406/KIzymC6egOqZsTe IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typePNG image data, 4 x 83, 8-bit/color RGB, non-interlaced Hashbd9af32c30a808b5aae2cb09e11ceb31 49f6242e752702bfbf79e2a3932db1ef812a4bb3 d7eb613fdd3545479e166a6b99c29ae6e73cea05275717f3b14996231deacca7
GET /cdn-cgi/challenge-platform/h/g/i/87a02b482ba2b51b/1714067360406/KIzymC6egOqZsTe HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:21 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 87a02b536805b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nutarcom.us/favicon.ico | 172.67.181.52 | 403 Forbidden | 16 kB |
IP172.67.181.52:443
Requested byhttps://nutarcom.us/MMStott@mfda.ca CertificateIssuerLet's Encrypt Subjectnutarcom.us FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2 ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT
File typeHTML document, ASCII text, with very long lines (15843), with no line terminators Hash11b519290cebdac3de935061d2212f5c db03d05da9571f926561cd6cf2c4d776ac0ad257 95a1b6e3b51459b381c6544e6342089af53cd123c8deb1c5e2bc949148246592
GET /favicon.ico HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MMStott@mfda.ca?__cf_chl_rt_tk=tv7uTcZk3h3vRSUWfPGSUVLslhY6CLpkLrSHyUDYHac-1714067359-0.0.1.1-1599
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Thu, 25 Apr 2024 17:49:19 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: fUyClBVqBTjLdGZm8Wb8k9UUTD+UnB9nOT6MwhexfP2WYtyTEkOtq41gaGpBF+pnfpEQQkUbdn9tV40k9B7yghsoWmjrNgFJVJnyFlXVT6lKDvz0twXShQBf3IIOxd0NWfiFsJEc1WY6gTabK5HmIQ==$Vg289aE1svBVzSg8b4AOYA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=59L5dQmK2q36TdvKPe%2BxubXu6rUcfYQ9fCS4qLlGF2zBplnqaLoMHb8wRa3p%2BPZqwxszV6kvsFKu4oloUwWNWwcwXkMjfOOjdct47%2Fqojq%2FFvIERxlMwfmtdMbES%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a02b4649de0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal | 104.17.2.184 | 200 OK | 80 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal IP104.17.2.184:443
Requested byhttps://nutarcom.us/MMStott@mfda.ca CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeHTML document, ASCII text, with very long lines (41702) Hash28c3d284cf484c5a95b611efa6d992ed 7b0e2b3eed9b1e30dc5b4c7912a482ce91a95dd9 0f069c6858647daff488342b974fc46c3c0d9d614a427d357e64632bc91e7dbb
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:20 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
cross-origin-opener-policy: same-origin
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
origin-agent-cluster: ?1
cross-origin-embedder-policy: require-corp
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
vary: accept-encoding
server: cloudflare
cf-ray: 87a02b482ba2b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nutarcom.us/favicon.ico | 172.67.181.52 | 403 Forbidden | 16 kB |
IP172.67.181.52:443
Requested byhttps://nutarcom.us/MMStott@mfda.ca CertificateIssuerLet's Encrypt Subjectnutarcom.us FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2 ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT
File typeHTML document, ASCII text, with very long lines (15758), with no line terminators Hash9118b63f28f73f296335735b53aaf39b 429a664e9bf23b3c3bfa35bc22889c09bf80db15 e74e45eb8d5e3fc2f9b27b417280e530d271d98acf84f2f2e3dcf105a02d034e
GET /favicon.ico HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MMStott@mfda.ca
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Thu, 25 Apr 2024 17:49:19 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: IKM0Q8a7pep6vPiJnsw78JE3fO/m9yXVxl8A3XlzGUwAGI53iXdwihsHou2P3xqQCzvJ0S6ehxKl+7Q4fVkjD0J+5wSOeLCZjyjRe9ro6c6XJVEGYMWV/m9FBaXBKxhc7HXDYBFiCZbnONrmo3Y8Uw==$xX+KKJsl6q1BqXgOoYmXNg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GkIvZM7tTOGnPZ7Lm%2FTjIEOvyNKd%2F27oZVjQGIE7S7WKLOGdYNUnMhx7sSarCv6c5R0wd67WRa7d%2BHTGIrAgjheLdUqx2stqvNw9SPduTMOoz4PfwBzv6fxWcG8duA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a02b468a6a0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| nutarcom.us/cdn-cgi/challenge-platform/h/g/flow/ov1/940264537:1714065308:GogvXvcnqZG5UPc9jWI2QbboA9Te5N7xYfvpzi5t7qA/87a02b4588810b41/ab8168e2a85a2fc | 172.67.181.52 | 200 OK | 16 kB |
URL POST HTTP/3nutarcom.us/cdn-cgi/challenge-platform/h/g/flow/ov1/940264537:1714065308:GogvXvcnqZG5UPc9jWI2QbboA9Te5N7xYfvpzi5t7qA/87a02b4588810b41/ab8168e2a85a2fc IP172.67.181.52:443
Requested byhttps://nutarcom.us/MMStott@mfda.ca CertificateIssuerLet's Encrypt Subjectnutarcom.us FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2 ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT
File typeASCII text, with very long lines (16332), with no line terminators Hashf1c116335a63af695a4c9fbee932b373 13a3ca610cb872d74ab7f67096fa1bc45b1f742a fd8c70d2cf4d33836dbaf56f0e8c5f1a78a9d2b79e70cc3f4327a494523aa8cc
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/940264537:1714065308:GogvXvcnqZG5UPc9jWI2QbboA9Te5N7xYfvpzi5t7qA/87a02b4588810b41/ab8168e2a85a2fc HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MMStott@mfda.ca
Content-type: application/x-www-form-urlencoded
CF-Challenge: ab8168e2a85a2fc
Content-Length: 1895
Origin: https://nutarcom.us
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:19 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: IXsBhIjItPiYjF678plQdPSgcr87GgrKogXkCn+SHLRXL2a/eAFIVHL4KmYcdhvw$bTPNvYRn8mmdtdm5J7wh/Q==
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mY3iErA4itQbfEHeAZ9OozvCZpXP3HyyQx%2F6CMmFJwJANoKtaf1Oaj1vEC1iRsGjglSIMylFtrc4NfLYQsJzBslEx6PcVrdmGyzu7gIJNdQ9sfrcVyz4DoP8MrF%2B2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02b475b7e0b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87a02b482ba2b51b/1714067360406/dba8c5d881055eb079056b6fd85fe29e8f0bc4993257e84360e805bf41da3648/npkXHuGF6QsMwLf | 104.17.2.184 | 401 Unauthorized | 1 B |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/87a02b482ba2b51b/1714067360406/dba8c5d881055eb079056b6fd85fe29e8f0bc4993257e84360e805bf41da3648/npkXHuGF6QsMwLf IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/87a02b482ba2b51b/1714067360406/dba8c5d881055eb079056b6fd85fe29e8f0bc4993257e84360e805bf41da3648/npkXHuGF6QsMwLf HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Thu, 25 Apr 2024 17:49:21 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20g26jF2IEFXrB5BWtv2F_ino8LxJkyV-hDYOgFv0HaNkgAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tINuoxdiBBV6weQVrb9hf4p6PC8SZMlfoQ2DoBb9B2jZIABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 87a02b534fe2b51b-OSL
alt-svc: h3=":443"; ma=86400
|
|
| nutarcom.us/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a02b4588810b41 | 172.67.181.52 | 200 OK | 398 kB |
URL GET HTTP/3nutarcom.us/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a02b4588810b41 IP172.67.181.52:443
Requested byhttps://nutarcom.us/MMStott@mfda.ca CertificateIssuerLet's Encrypt Subjectnutarcom.us FingerprintB8:DF:C4:3D:D6:67:7A:4B:4E:4F:BF:9F:BC:54:1B:65:37:38:8C:F2 ValidityTue, 23 Apr 2024 22:24:07 GMT - Mon, 22 Jul 2024 22:24:06 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size398 kB (398417 bytes) Hash88c09515e35a048f999a505971ba3182 4b2aa44ab90824e5fc921d7f557722b51027a249 386d5d33ae1bf470c6563263d512ca6bc7f470e824020285336ad41348c7280b
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=87a02b4588810b41 HTTP/1.1
Host: nutarcom.us
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://nutarcom.us/MMStott@mfda.ca?__cf_chl_rt_tk=tv7uTcZk3h3vRSUWfPGSUVLslhY6CLpkLrSHyUDYHac-1714067359-0.0.1.1-1599
DNT: 1
Connection: keep-alive
Cookie: cf_chl_rc_m=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:19 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eNSTfcxECeAGgSP8MQqjjvZ5hnayoLR2Ikm5xnIhXywdHOFjbvsnYBM2s5EESHKW713VBGfZXS5qlcB%2BHIHWvxPQZsSW1kh9032Pjk2%2BSZemJoayoTXQThRiiCB5Gg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a02b45c8d70b41-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a02b482ba2b51b | 104.17.2.184 | 200 OK | 423 kB |
URL GET HTTP/3challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a02b482ba2b51b IP104.17.2.184:443
Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal CertificateIssuerCloudflare, Inc. Subjectchallenges.cloudflare.com Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators Size423 kB (423306 bytes) Hashe9a2ae8174547bee22e1f4090b970f00 c12b954eb66e01071be285bc9aa7768db78ced06 0feac4d0d61c03547031653cafd5b8450fafb7cf21697c383db3cb5055da99f7
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=87a02b482ba2b51b HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/sqwll/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 17:49:20 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
vary: accept-encoding
server: cloudflare
cf-ray: 87a02b48ac19b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|