Report - www.google.ae/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=

Report Overview

Visitedpublic

2024-10-29 20:25:43

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-10-23	6.1 kB	345 kB	104.18.95.41
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2024-10-23	444 B	15 kB	104.17.25.14
2xv18x.tionacivenc.com	unknown	2024-10-24	2024-10-29	2024-10-29	2.1 kB	34 kB	172.67.221.139
www.google.ae	23447	unknown	2012-05-22	2024-10-28	1.7 kB	2.6 kB	142.250.74.99
hawaiirealestateclasses.com	unknown	2006-08-30	2017-02-25	2024-10-28	487 B	312 B	192.185.13.171
code.jquery.com	634	2005-12-10	2012-05-21	2024-10-23	416 B	32 kB	151.101.66.137

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-10-29	medium	tionacivenc.com	Sinkholed
2024-10-29	medium	tionacivenc.com	Sinkholed
2024-10-29	medium	tionacivenc.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (48)

	URL	From	Size	First Seen	Last Seen
	2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com	ScriptElement	18 kB	2024-10-29	2024-10-29
URL 2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-29 Last Seen 2024-10-29 Times Seen 1 Size 18 kB (18401 bytes) MD5 5cca06fa2abc2567611f0737c5b259d3 SHA1 2f617f76cc72fccd97c3bf05c1946e9eb1ab1982 SHA256 d69cecf5ea999453e1e44f52a74d3780d6f437616ba1db06b5cf10e4a637a3f9 Format Code Loading...

	code.jquery.com/jquery-3.6.0.min.js	ScriptElement	90 kB	2023-03-07	2025-08-02
URL code.jquery.com/jquery-3.6.0.min.js IP / ASN 151.101.66.137 #54113 FASTLY Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 263440 Size 90 kB (89501 bytes) MD5 8fb8fee4fcc3cc86ff6c724154c49c42 SHA1 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 SHA256 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Format Code Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/	ScriptElement	3.5 kB	2024-10-29	2024-10-29
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/ IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-10-29 Last Seen 2024-10-29 Times Seen 1 Size 3.5 kB (3524 bytes) MD5 70b9e680ca5cf90bc5fef2dd12c71799 SHA1 1b10680c1503ef77f1a35720b86941875b056741 SHA256 257c5b376616bb894c97d564a6009475de436bdfddc95a555200198a0b2d08df Format Code Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da5e4eca8585684&lang=auto	ScriptElement	122 kB	2024-10-29	2024-10-29
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da5e4eca8585684&lang=auto IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-29 Last Seen 2024-10-29 Times Seen 1 Size 122 kB (121842 bytes) MD5 acb1cae57830843c5275eb9845f6727e SHA1 bcd44fca39ca98af53a96ec310e69e11a1cc0648 SHA256 030e0f32fee028087b639a4f98bb3a17254eeaeea74460977b536263d14c0b00 Format Code Loading...

	unknown	ScriptElement	1.4 kB	2024-10-29	2024-10-29
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-29 Last Seen 2024-10-29 Times Seen 1 Size 1.4 kB (1438 bytes) MD5 7c3d7a31866373bce9237387fee718ac SHA1 05ea4f1747f0376c477ab753beae7c5c5f8510f1 SHA256 40f6f624f5a1c92cb1548d9ab4df7bb75e63dd0aff2bb03c3fbcd7ee0b7091b5 Format Code Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?render=explicit	ScriptElement	48 kB	2024-10-21	2024-10-30
URL challenges.cloudflare.com/turnstile/v0/api.js?render=explicit IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-21 Last Seen 2024-10-30 Times Seen 2700 Size 48 kB (47532 bytes) MD5 808a57cae0b6fee71f46efdded44b348 SHA1 dd570a24c8bda1b391aa1ddea6004125818e579a SHA256 5b75ac6f98994352699841dffa6e562725ebbd0005c539946ad3625ec550eb0f Format Code Loading...

	unknown	ScriptElement	192 B	2024-10-04	2024-11-17
URL IP / ASN 0.0.0.0 #0 Introduced by ScriptElement Embedded false Resource Info First Seen 2024-10-04 Last Seen 2024-11-17 Times Seen 3105 Size 192 B (192 bytes) MD5 747fa1f246d4eb2dc6dd8ad78ff300f4 SHA1 1645f0f9e253dac8e2debf75c639fa90c2baa62a SHA256 4ae1b4f0010d32c9662a3e334c2ea6728ee8294ac505bb0425b8bce089e69609 Format Code Loading...

	cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js	ScriptElement	48 kB	2023-03-07	2025-08-02
URL cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js IP / ASN 104.17.25.14 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2023-03-07 Last Seen 2025-08-02 Times Seen 133029 Size 48 kB (48316 bytes) MD5 2ca03ad87885ab983541092b87adb299 SHA1 1a17f60bf776a8c468a185c1e8e985c41a50dc27 SHA256 8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762 Format Code Loading...

	HASH	FROM	Size	First Seen	Last Seen
	5d1c0914f276cc5d5ef9b10f451382d3	DocumentWrite	5.1 kB	2024-10-29	2024-10-29
Introduced by DocumentWrite First Seen 2024-10-29 Last Seen 2024-10-29 Times Seen 1 Size 5.1 kB (5085 bytes) MD5 5d1c0914f276cc5d5ef9b10f451382d3 SHA1 a6d1454d345d5e613d44233fd10b97c6956aea80 SHA256 c61c5823d46ff5794e4d0912d37f90934aa9fb2348af14b154dcdee96d6c213e Format Code Loading...

HTTP Transactions (17)

URL IP Response Size

142.250.74.99

302 Found

340 B

URL

IP / ASN

142.250.74.99

#15169 GOOGLE

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size340 B (340 bytes)

MD5f8b45be24ac4a63bb57a629c54e0b66f

SHA12799a204948a0fd6da86bc64acf34b980b970a95

SHA256cd04b6141d1a095379d3ac16fe24a911360581dee1750515de78267a4769561d

HTTP Headers

GET /url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20= HTTP/1.1
Host: www.google.ae
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
location: https://www.google.ae/amp/hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-qejwEUTCzLtQwPZpb61NCA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Tue, 29 Oct 2024 20:25:17 GMT
server: gws
content-length: 340
x-xss-protection: 0
set-cookie: __Secure-ENID=23.SE=TOP6ZPOi5VfR30InAcLoXpaKT0TYbJD-fdpjSaQ2AODYUjz3lI3JV43aq5LCt42bTSo1g239p5J1P-r8nlCqhTQKZdmRizrkcsewadQaLHWF2Q1pUFNnnFDPiqmnuv7JPiU0dMpREUtsbocaH5AXLvxh8oBiwacgn2MhCjPCuKc3hgd_uN14ZA-sSCiy4rX5VSFG4VfW9A1nfdwcH2v03fsqnz8HqzhW03F6icI; expires=Sat, 29-Nov-2025 12:43:35 GMT; path=/; domain=.google.ae; Secure; HttpOnly; SameSite=lax
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.ae/amp/hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=

142.250.74.99

302 Found

321 B

URL

www.google.ae/amp/hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=

IP / ASN

142.250.74.99

#15169 GOOGLE

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with CRLF, LF line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size321 B (321 bytes)

MD57689e2f3b123b0242d5f8f51376443bc

SHA18339a6a5276c69fbf7d5584300e08a32357dcde1

SHA2569dde3258a728b1cf9bcafa0e662ec28f12da73b9fd4f587d2985ad3bfb4508ee

HTTP Headers

GET /amp/hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20= HTTP/1.1
Host: www.google.ae
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=23.SE=TOP6ZPOi5VfR30InAcLoXpaKT0TYbJD-fdpjSaQ2AODYUjz3lI3JV43aq5LCt42bTSo1g239p5J1P-r8nlCqhTQKZdmRizrkcsewadQaLHWF2Q1pUFNnnFDPiqmnuv7JPiU0dMpREUtsbocaH5AXLvxh8oBiwacgn2MhCjPCuKc3hgd_uN14ZA-sSCiy4rX5VSFG4VfW9A1nfdwcH2v03fsqnz8HqzhW03F6icI
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
location: http://hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=
cache-control: private
x-robots-tag: noindex
content-type: text/html; charset=UTF-8
content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-ViQAShoQ9TZs29D1uAutaw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff
cross-origin-opener-policy: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]}
date: Tue, 29 Oct 2024 20:25:17 GMT
server: gws
content-length: 321
x-xss-protection: 0
x-frame-options: SAMEORIGIN
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=

192.185.13.171

200 OK

0 B

URL

hawaiirealestateclasses.com/crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20=

IP / ASN

192.185.13.171

#19871 NETWORK-SOLUTIONS-HOSTING

Requested byN/A

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606025

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /crafthjfds328jq/jzkhs72783jhwn/TlRNPFfwfPFLEbIxPMjxk/d2lsYmVydC5mbG9yZXNAc2FsZW1sYS5jb20= HTTP/1.1
Host: hawaiirealestateclasses.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 29 Oct 2024 20:25:18 GMT
Server: Apache
refresh: 0;url=https://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Accept-Ranges: none
Content-Length: 0
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

GET code.jquery.com/jquery-3.6.0.min.js

151.101.66.137

200 OK

31 kB

URL

code.jquery.com/jquery-3.6.0.min.js

IP / ASN

151.101.66.137

#54113 FASTLY

Requested byhttps://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65447)

First Seen2023-03-07

Last Seen2025-08-02

Times Seen263440

Size31 kB (30875 bytes)

MD58fb8fee4fcc3cc86ff6c724154c49c42

SHA1b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Certificate Info

IssuerSectigo Limited

Subject*.jquery.com

FingerprintCD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5

ValidityTue, 25 Jun 2024 00:00:00 GMT - Wed, 25 Jun 2025 23:59:59 GMT

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2xv18x.tionacivenc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Tue, 29 Oct 2024 20:25:19 GMT
age: 1250405
x-served-by: cache-lga21931-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 71, 393566
x-timer: S1730233520.884463,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

104.18.95.41

302 Found

0 B

URL

challenges.cloudflare.com/turnstile/v0/api.js?render=explicit

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606025

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2xv18x.tionacivenc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Tue, 29 Oct 2024 20:25:19 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/g/f2bbd6738e15/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 8da5e4eb2948b4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

104.17.25.14

200 OK

14 kB

URL

cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js

IP / ASN

104.17.25.14

#13335 CLOUDFLARENET

Requested byhttps://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (48316), with no line terminators

First Seen2023-03-07

Last Seen2025-08-02

Times Seen133029

Size14 kB (13972 bytes)

MD52ca03ad87885ab983541092b87adb299

SHA11a17f60bf776a8c468a185c1e8e985c41a50dc27

SHA2568e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762

Certificate Info

IssuerGoogle Trust Services

Subjectcdnjs.cloudflare.com

FingerprintE6:47:BB:06:9C:32:48:7E:A6:0A:4B:62:53:7B:F0:35:5D:A9:A3:8A

ValiditySat, 28 Sep 2024 05:35:05 GMT - Fri, 27 Dec 2024 05:35:04 GMT

HTTP Headers

GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2xv18x.tionacivenc.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 29 Oct 2024 20:25:19 GMT
content-type: application/javascript; charset=utf-8
content-length: 13972
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "61182885-3694"
last-modified: Sat, 14 Aug 2021 20:33:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 304033
expires: Sun, 19 Oct 2025 20:25:19 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2fngJYA%2FJoOIQMS06YH%2B59elXn3AcRQL41Xw3a%2FBNLSDWQwM8%2FPnuHeSB2z7adN%2Bag5cCyOxWcKIsLKhR2l5qGiQ0At7TV5cy6iMASo0tsrFpRhJ67Pxo1Gjxl8Shv7a1qe4Y3T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 8da5e4eb4ddf1c16-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

104.18.95.41

200 OK

6.5 kB

URL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com

Resource Info

File typeHTML document, ASCII text, with very long lines (22049)

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size6.5 kB (6508 bytes)

MD51d7dc8cedc35fb3d2dcb0065b0ea4233

SHA18d000016eae568c56c9f8265ce9198181d4a1337

SHA256be57117ba149fbaeb4341f3442f33efe00c20080ea8d2e6104bfb96000a431c4

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2xv18x.tionacivenc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:20 GMT
content-type: text/html; charset=UTF-8
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
document-policy: js-profiling
server: cloudflare
cf-ray: 8da5e4eca8585684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8da5e4eca8585684/1730233520546/0u2Iykk0XWh8ieC

104.18.95.41

200 OK

61 B

URL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8da5e4eca8585684/1730233520546/0u2Iykk0XWh8ieC

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

Resource Info

File typePNG image data, 88 x 43, 8-bit/color RGB, non-interlaced

First Seen2023-05-01

Last Seen2025-05-08

Times Seen65

Size61 B (61 bytes)

MD5d250c372b928d8ce8eabacf8ad969ab2

SHA10ec62a6b8fd0787412028165a5b26096c89716b5

SHA2569da2da97aa8a573942d8c41cda309ee5ddc25fa15403e6ac47d4dfcf73c9a85b

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/i/8da5e4eca8585684/1730233520546/0u2Iykk0XWh8ieC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:22 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 8da5e4fb6d4c5684-OSL
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8da5e4eca8585684/1730233520547/4eba0e4398d7096c973cc41e1dc0ab2ef93823d7eef0a3a1b0aa7d3e558ab831/dtQtFHyu4bYE1C-

104.18.95.41

401 Unauthorized

1 B

URL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8da5e4eca8585684/1730233520547/4eba0e4398d7096c973cc41e1dc0ab2ef93823d7eef0a3a1b0aa7d3e558ab831/dtQtFHyu4bYE1C-

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

Resource Info

File typevery short file (no magic)

First Seen0001-01-01

Last Seen2025-08-02

Times Seen228370

Size1 B (1 bytes)

MD5ff44570aca8241914870afbc310cdb85

SHA158668e7669fd564d99db5d581fcdb6a5618440b5

SHA2566da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/pat/8da5e4eca8585684/1730233520547/4eba0e4398d7096c973cc41e1dc0ab2ef93823d7eef0a3a1b0aa7d3e558ab831/dtQtFHyu4bYE1C- HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Tue, 29 Oct 2024 20:25:22 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gTroOQ5jXCWyXPMQeHcCrLvk4I9fu8KOhsKp9PlWKuDEAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIE66DkOY1wlslzzEHh3Aqy75OCPX7vCjobCqfT5VirgxABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIE66DkOY1wlslzzEHh3Aqy75OCPX7vCjobCqfT5VirgxABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAwOXxuf_YfH60WXLdHNNMi668yTzkAIuksAL2v5Hmho3odFuawAT0cyief1oGo8EaTM_mzmbWK1XdowTDWz2k8-mVmWsgyW3NdrIQwZo-pqOoSiMOVVjpDsnwZmGR_SeoYczHldSUjidO3m4djRGeWR4Iv7sZ131HRg8MZGc0BLoTAJ8WLryDVz1Kp_D_qSxsI1b5cap8Y1yGShRIAZ1O6b3zuooeDoLh9q098fsCdlZbnGh28gTNXgdkiFt_yjyaf5upGTHXcizT4TWTDdmvgSNE19n7ahXuj-_GH_XzP42QLUomcuqNEhu5wSj7XNnyRFURH19l6_sLROivytIY2wIDAQAB", max-age=20
server: cloudflare
cf-ray: 8da5e4fbbdaa5684-OSL
alt-svc: h3=":443"; ma=86400

2xv18x.tionacivenc.com/olYf/

172.67.221.139

200 OK

10 kB

URL

2xv18x.tionacivenc.com/olYf/

IP / ASN

172.67.221.139

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (6833), with CRLF line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size10 kB (10036 bytes)

MD5df8cbbf5c264c23fd750c22958c9e426

SHA1cef882a72420c4f72f0e334c8dbb017ff8fd3a8a

SHA256b05147defc1c056e0309dc3f60f8b84a3287b3e64ce9f406fdc3a2ea5b6df829

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /olYf/ HTTP/1.1
Host: 2xv18x.tionacivenc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 29 Oct 2024 20:25:19 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3Fhc3txcFzDWBX%2BhFPOGjwmIk7Lm%2BCS5bv79BIjFKS8AKRCYmwyRKu1A3CfA8FxhikvrKr0dA8VjCSqdvI07hLsGQ8H2Pwm051tg2TNGNrV64Pa5W7H3VMYaUEPhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6InRKQytHRzBpdXhrMGFqc0VWWDBJM1E9PSIsInZhbHVlIjoicXY0ZVFDejVCZkpmanRQU3V2NUhqZDgvL3UzcVVZMUxSN3RSWHZzUDFDNkJVSUhRRURVRlJnM200Q3NNcjNjYXRXRmUvVGE4bHdhNE1WNnU3bGNwKytxaUxpRTVIcFU4eklyRFR5Yk5TaXhOMHR1OFRNZVBXUkEveCtnb2RkNlgiLCJtYWMiOiI3ZmYyMzY1YzQ5MTNlNWI5YmNlMDBkZjEzNmU5MTMzMTJjZTE5ZTQwZGE4YzczYmI2YzY3NjJkYjVkOTIxYjgwIiwidGFnIjoiIn0%3D; expires=Tue, 29-Oct-2024 22:25:19 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjdneDJLd2ZleGQwRzdLYkN2cmlCSEE9PSIsInZhbHVlIjoiL21ZaUJXY2xud2QwUmlENks2Uy9pdWg3NkNsQWJxWVlzY09wQ29WblBBMDR5cEpnbVN6eFNGMUozWkxYRmVqNnlrZWVVVHlKdm9XTS9XcWhVMi9GaWdML0RrVGJDUWNDNlh2a2RBQmsvT3U4MXBXdXBGWTdEVFhSV1RPcnc1cEUiLCJtYWMiOiJlNTMxNTEzNDA0Mjk2YmY5ZGUzM2I3NTliY2E4YTEyYTdmZWQzY2IzMTE1ODgwZjg0MmM5ODg5N2Q1NTA5OWY3IiwidGFnIjoiIn0%3D; expires=Tue, 29-Oct-2024 22:25:19 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 8da5e4e7fcf55695-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=13944&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1396&delivery_rate=207449&cwnd=252&unsent_bytes=0&cid=31a4ced8adfd686d&ts=97&x=0", cfL4;desc="?proto=TCP&rtt=21850&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3283&recv_bytes=1261&delivery_rate=261026&cwnd=254&unsent_bytes=0&cid=955c6c0f1c825da1&ts=353&x=0"
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1

104.18.95.41

200 OK

61 B

URL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

Resource Info

File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced

First Seen2023-08-25

Last Seen2025-05-14

Times Seen189286

Size61 B (61 bytes)

MD59246cca8fc3c00f50035f28e9f6b7f7d

SHA13aa538440f70873b574f40cd793060f53ec17a5d

SHA256c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:20 GMT
content-type: image/png
content-length: 61
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8da5e4ed69565684-OSL
alt-svc: h3=":443"; ma=86400

POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1939060600:1730230836:ScponhI3aNTvoYt1IFoyYBT34mxXBIXVSBvmLvUJp1o/8da5e4eca8585684/g.NpXckuGJY5RjCdTxfjpCAFZJ2IMqkIHLGCYiYDvKk-1730233520-1.1.1.1-UTEAWoSZ7i8aqJtECG4gYHMSBuhfuDi60EGTGirRla0M7huaq1_jTVmxl6Um91xD

104.18.95.41

200 OK

137 kB

URL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1939060600:1730230836:ScponhI3aNTvoYt1IFoyYBT34mxXBIXVSBvmLvUJp1o/8da5e4eca8585684/g.NpXckuGJY5RjCdTxfjpCAFZJ2IMqkIHLGCYiYDvKk-1730233520-1.1.1.1-UTEAWoSZ7i8aqJtECG4gYHMSBuhfuDi60EGTGirRla0M7huaq1_jTVmxl6Um91xD

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

Resource Info

File typeASCII text, with very long lines (65536), with no line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size137 kB (136824 bytes)

MD5c1757ba6877f94362509df21c1f35ea7

SHA1bd407f3a3212682ab49dd5b6bc7243f6b1ee3fda

SHA25684e99910cc4e4ce81551c20c1cb42aab241fb4a8f8ce74be611c14421d0e2fe2

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1939060600:1730230836:ScponhI3aNTvoYt1IFoyYBT34mxXBIXVSBvmLvUJp1o/8da5e4eca8585684/g.NpXckuGJY5RjCdTxfjpCAFZJ2IMqkIHLGCYiYDvKk-1730233520-1.1.1.1-UTEAWoSZ7i8aqJtECG4gYHMSBuhfuDi60EGTGirRla0M7huaq1_jTVmxl6Um91xD HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: g.NpXckuGJY5RjCdTxfjpCAFZJ2IMqkIHLGCYiYDvKk-1730233520-1.1.1.1-UTEAWoSZ7i8aqJtECG4gYHMSBuhfuDi60EGTGirRla0M7huaq1_jTVmxl6Um91xD
Content-Length: 2725
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:20 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: pOuDExD5uQHhU9CzFPf95ucddj2nRoiUEr5ojkYnuB8VHiEUmndtq49PhWe6NEiLi6us6+YRXbr5Hokj8TjmUkA74odJIuOR3mxyLWRCrbFIFuaxyedufsuGMHbvyyRvHYnAQY2peTFzkmwHUDweGY2nY897Mlp8Xh/Q6gXNyysoWhInXXqH7rsfVovdGPbGWRgy7BasXNSJO1MgOfvGdBh5SRFAawZd/WurdwwnyywS/NVf9lG6CUp+2wokiXfTXohekyluT+7wFvwMvdg327AVVihZUGqK7erwCbVtm6feMJECy3NzRWgLvESOCKK2YHx5TgPXv/6bxwlYRbNwSnp4wexMp2bXN9zZGlNTPNLnD5DEAFvJpxoLGBsJiiH7KrC5C/gMVRPhQhoOzbQdsUe/cl1QqcBNB6foDFSsZKmUiPVgH7v4XediybcwuvjLBT4PgaZWClD1QtdmlA==$Il0YKuk+gMG+8KQ/
server: cloudflare
cf-ray: 8da5e4ef3bfb5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 2xv18x.tionacivenc.com/favicon.ico

172.67.221.139

404 Not Found

0 B

URL

2xv18x.tionacivenc.com/favicon.ico

IP / ASN

172.67.221.139

#13335 CLOUDFLARENET

Requested byhttps://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com

Resource Info

File typeN/A

First Seen0001-01-01

Last Seen2025-08-02

Times Seen5606025

Size0 B (0 bytes)

MD5d41d8cd98f00b204e9800998ecf8427e

SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Certificate Info

IssuerGoogle Trust Services

Subjecttionacivenc.com

Fingerprint5B:06:73:02:42:88:A1:A5:7D:33:45:D7:FE:B0:A0:C7:01:B3:F5:ED

ValidityThu, 24 Oct 2024 23:48:36 GMT - Wed, 22 Jan 2025 23:48:35 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 2xv18x.tionacivenc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://2xv18x.tionacivenc.com/olYf/
Cookie: XSRF-TOKEN=eyJpdiI6InRKQytHRzBpdXhrMGFqc0VWWDBJM1E9PSIsInZhbHVlIjoicXY0ZVFDejVCZkpmanRQU3V2NUhqZDgvL3UzcVVZMUxSN3RSWHZzUDFDNkJVSUhRRURVRlJnM200Q3NNcjNjYXRXRmUvVGE4bHdhNE1WNnU3bGNwKytxaUxpRTVIcFU4eklyRFR5Yk5TaXhOMHR1OFRNZVBXUkEveCtnb2RkNlgiLCJtYWMiOiI3ZmYyMzY1YzQ5MTNlNWI5YmNlMDBkZjEzNmU5MTMzMTJjZTE5ZTQwZGE4YzczYmI2YzY3NjJkYjVkOTIxYjgwIiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IjdneDJLd2ZleGQwRzdLYkN2cmlCSEE9PSIsInZhbHVlIjoiL21ZaUJXY2xud2QwUmlENks2Uy9pdWg3NkNsQWJxWVlzY09wQ29WblBBMDR5cEpnbVN6eFNGMUozWkxYRmVqNnlrZWVVVHlKdm9XTS9XcWhVMi9GaWdML0RrVGJDUWNDNlh2a2RBQmsvT3U4MXBXdXBGWTdEVFhSV1RPcnc1cEUiLCJtYWMiOiJlNTMxNTEzNDA0Mjk2YmY5ZGUzM2I3NTliY2E4YTEyYTdmZWQzY2IzMTE1ODgwZjg0MmM5ODg5N2Q1NTA5OWY3IiwidGFnIjoiIn0%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 29 Oct 2024 20:25:20 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=14400
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t5Qmn%2Bd7je%2BYmQaUIbc3PiZGQkk5QOD9NWitGhHkMSbXNrWnBZeqs3VHBJLSb1HwBIAmWajXmEPSCq5fZzCO73z%2BXEaL5gNAUVHoVNGzsHuYj5d1NhCA1oj%2BUXKzOA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
priority: u=6,i=?0
server: cloudflare
cf-ray: 8da5e4eccf558dab-HEL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=19864&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2823&recv_bytes=2099&delivery_rate=146440&cwnd=248&unsent_bytes=0&cid=ab847ff600702dc6&ts=109&x=0", cfL4;desc="?proto=QUIC&rtt=18014&sent=12&recv=7&lost=0&retrans=0&sent_bytes=4102&recv_bytes=1739&delivery_rate=36635&cwnd=12000&unsent_bytes=0&cid=b5fd82edfe3c286d&ts=681&x=1", cfExtPri, cfHdrFlush;dur=0

GET challenges.cloudflare.com/turnstile/v0/g/f2bbd6738e15/api.js

104.18.95.41

200 OK

48 kB

URL

challenges.cloudflare.com/turnstile/v0/g/f2bbd6738e15/api.js

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://2xv18x.tionacivenc.com/olYf/#Dwilbert.flores@salemla.com

Resource Info

File typeJavaScript source, ASCII text, with very long lines (47531)

First Seen2024-10-21

Last Seen2024-10-30

Times Seen2700

Size48 kB (47532 bytes)

MD5808a57cae0b6fee71f46efdded44b348

SHA1dd570a24c8bda1b391aa1ddea6004125818e579a

SHA2565b75ac6f98994352699841dffa6e562725ebbd0005c539946ad3625ec550eb0f

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /turnstile/v0/g/f2bbd6738e15/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://2xv18x.tionacivenc.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:19 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 18 Oct 2024 17:38:58 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 8da5e4ebdf585684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da5e4eca8585684&lang=auto

104.18.95.41

200 OK

122 kB

URL

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da5e4eca8585684&lang=auto

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

Resource Info

File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size122 kB (121842 bytes)

MD5acb1cae57830843c5275eb9845f6727e

SHA1bcd44fca39ca98af53a96ec310e69e11a1cc0648

SHA256030e0f32fee028087b639a4f98bb3a17254eeaeea74460977b536263d14c0b00

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8da5e4eca8585684&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:20 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8da5e4ed695c5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

104.18.95.41

200 OK

26 kB

URL

IP / ASN

104.18.95.41

#13335 CLOUDFLARENET

Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/

Resource Info

File typeASCII text, with very long lines (26304), with no line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size26 kB (26304 bytes)

MD5112a86e27eca973df77c04d1197192cd

SHA111ed3da34baae171e7c3e966eed10ddb1ad51b65

SHA256467ad58eac1206f5d60ca5c2ce198d90d5946247a42b8e134b7339e143be976d

Certificate Info

IssuerGoogle Trust Services

Subjectchallenges.cloudflare.com

Fingerprint65:75:A9:DF:EC:98:9B:14:E5:F1:43:E6:B9:E2:E3:9C:50:C4:E8:A4

ValidityThu, 05 Sep 2024 16:26:55 GMT - Wed, 04 Dec 2024 17:26:54 GMT

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1939060600:1730230836:ScponhI3aNTvoYt1IFoyYBT34mxXBIXVSBvmLvUJp1o/8da5e4eca8585684/g.NpXckuGJY5RjCdTxfjpCAFZJ2IMqkIHLGCYiYDvKk-1730233520-1.1.1.1-UTEAWoSZ7i8aqJtECG4gYHMSBuhfuDi60EGTGirRla0M7huaq1_jTVmxl6Um91xD HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/hclko/0x4AAAAAAAybuRAl9WxXCg2n/auto/fbE/normal/auto/
Content-type: application/x-www-form-urlencoded
CF-Challenge: g.NpXckuGJY5RjCdTxfjpCAFZJ2IMqkIHLGCYiYDvKk-1730233520-1.1.1.1-UTEAWoSZ7i8aqJtECG4gYHMSBuhfuDi60EGTGirRla0M7huaq1_jTVmxl6Um91xD
Content-Length: 27921
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 29 Oct 2024 20:25:22 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: p5X9Cz7F3OOhVMHMjgYszzWtshD0eBvcGh75Ff4k/4b2tc72sewpelrhjsnIXyKTqCbcqZyxTn/ByFzv$uFnqaxJrvSwDte60
server: cloudflare
cf-ray: 8da5e4fcbf275684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 2xv18x.tionacivenc.com/olYf/

172.67.221.139

200 OK

19 kB

URL

2xv18x.tionacivenc.com/olYf/

IP / ASN

172.67.221.139

#13335 CLOUDFLARENET

Requested byN/A

Resource Info

File typeHTML document, ASCII text, with very long lines (6833), with CRLF line terminators

First Seen2024-10-29

Last Seen2024-10-29

Times Seen1

Size19 kB (18664 bytes)

MD5df8cbbf5c264c23fd750c22958c9e426

SHA1cef882a72420c4f72f0e334c8dbb017ff8fd3a8a

SHA256b05147defc1c056e0309dc3f60f8b84a3287b3e64ce9f406fdc3a2ea5b6df829

Certificate Info

IssuerGoogle Trust Services

Subjecttionacivenc.com

Fingerprint5B:06:73:02:42:88:A1:A5:7D:33:45:D7:FE:B0:A0:C7:01:B3:F5:ED

ValidityThu, 24 Oct 2024 23:48:36 GMT - Wed, 22 Jan 2025 23:48:35 GMT

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /olYf/ HTTP/1.1
Host: 2xv18x.tionacivenc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 29 Oct 2024 20:25:19 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
vary: accept-encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3Fhc3txcFzDWBX%2BhFPOGjwmIk7Lm%2BCS5bv79BIjFKS8AKRCYmwyRKu1A3CfA8FxhikvrKr0dA8VjCSqdvI07hLsGQ8H2Pwm051tg2TNGNrV64Pa5W7H3VMYaUEPhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
set-cookie: XSRF-TOKEN=eyJpdiI6InRKQytHRzBpdXhrMGFqc0VWWDBJM1E9PSIsInZhbHVlIjoicXY0ZVFDejVCZkpmanRQU3V2NUhqZDgvL3UzcVVZMUxSN3RSWHZzUDFDNkJVSUhRRURVRlJnM200Q3NNcjNjYXRXRmUvVGE4bHdhNE1WNnU3bGNwKytxaUxpRTVIcFU4eklyRFR5Yk5TaXhOMHR1OFRNZVBXUkEveCtnb2RkNlgiLCJtYWMiOiI3ZmYyMzY1YzQ5MTNlNWI5YmNlMDBkZjEzNmU5MTMzMTJjZTE5ZTQwZGE4YzczYmI2YzY3NjJkYjVkOTIxYjgwIiwidGFnIjoiIn0%3D; expires=Tue, 29-Oct-2024 22:25:19 GMT; Max-Age=7200; path=/; secure; samesite=none
laravel_session=eyJpdiI6IjdneDJLd2ZleGQwRzdLYkN2cmlCSEE9PSIsInZhbHVlIjoiL21ZaUJXY2xud2QwUmlENks2Uy9pdWg3NkNsQWJxWVlzY09wQ29WblBBMDR5cEpnbVN6eFNGMUozWkxYRmVqNnlrZWVVVHlKdm9XTS9XcWhVMi9GaWdML0RrVGJDUWNDNlh2a2RBQmsvT3U4MXBXdXBGWTdEVFhSV1RPcnc1cEUiLCJtYWMiOiJlNTMxNTEzNDA0Mjk2YmY5ZGUzM2I3NTliY2E4YTEyYTdmZWQzY2IzMTE1ODgwZjg0MmM5ODg5N2Q1NTA5OWY3IiwidGFnIjoiIn0%3D; expires=Tue, 29-Oct-2024 22:25:19 GMT; Max-Age=7200; path=/; secure; httponly; samesite=none
server: cloudflare
cf-ray: 8da5e4e7fcf55695-OSL
content-encoding: br
server-timing: cfL4;desc="?proto=TCP&rtt=13944&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1396&delivery_rate=207449&cwnd=252&unsent_bytes=0&cid=31a4ced8adfd686d&ts=97&x=0", cfL4;desc="?proto=TCP&rtt=21850&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3283&recv_bytes=1261&delivery_rate=261026&cwnd=254&unsent_bytes=0&cid=955c6c0f1c825da1&ts=353&x=0"
X-Firefox-Spdy: h2