Report - www.google.com.ar/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA==

Report Overview

Visitedpublic

2024-11-15 02:42:31

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com.ar	24055	1999-06-08	2012-05-22	2024-11-14	2.0 kB	2.7 kB	142.250.74.131
nahlaters.com	unknown	unknown	2024-11-12	2024-11-12	591 B	297 B	162.241.114.35
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-11-13	6.2 kB	351 kB	104.18.95.41
f41c67d0.c6095e14ed8d05092d88c121.workers.dev	unknown	2019-02-08	2024-11-14	2024-11-14	1.1 kB	59 kB	188.114.97.1
aus5.mozilla.org	2548	1998-01-24	2015-10-27	2024-11-13	512 B	1.2 kB	35.244.181.201

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-11-15 02:42:08	low	Client IP	188.114.97.1	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Mnemonic Secure DNS

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (42)

	URL	From	Size	First Seen	Last Seen
	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/	ScriptElement	3.5 kB	2024-11-15	2024-11-15
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 2024-11-15 Last Seen 2024-11-15 Times Seen 1 Size 3.5 kB (3518 bytes) MD5 19339989fbb3089796eed28b3ba8774a SHA1 9e08f0ecd86bde16c2666bde1dd986f70430ea81 SHA256 7c74abc9562851bb9f2039363ea4a6575d5231fabdf5910c7522e3f6592acb6a Format Code Loading...

	f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net	ScriptElement	0 B	0001-01-01	2025-08-06
URL f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net IP / ASN 188.114.97.1 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded true Resource Info First Seen 0001-01-01 Last Seen 2025-08-06 Times Seen 5689139 Size 0 B (0 bytes) MD5 d41d8cd98f00b204e9800998ecf8427e SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Format Code Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e2be2e32c2eb505&lang=auto	ScriptElement	120 kB	2024-11-15	2024-11-15
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e2be2e32c2eb505&lang=auto IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-11-15 Last Seen 2024-11-15 Times Seen 1 Size 120 kB (120366 bytes) MD5 26a1fea95e3bcee2404b463f787c9f9c SHA1 4a91e987523f5f2698bd211167c9665a8e650dee SHA256 8046381d6742f11350e224d1714c16d14ba99bce631205eecdb7599615e78aa8 Format Code Loading...

	challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	ScriptElement	48 kB	2024-11-14	2024-11-15
URL challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Introduced by ScriptElement Embedded false Resource Info First Seen 2024-11-14 Last Seen 2024-11-15 Times Seen 57 Size 48 kB (47695 bytes) MD5 47b6207d229c969533252bc55b6ebb77 SHA1 3ee461b3ece882a682e4d65b6ecda6dd41dc58ad SHA256 ce76343a47db86121bc18e6f68714557fb07482edc1e7d9c972d7d85fe40a0d7 Format Code Loading...

HTTP Transactions (15)

	URL	IP	Response	Size
	www.google.com.ar/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA==	142.250.74.131	200 OK	473 B
URL HTTP www.google.com.ar/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== IP / ASN 142.250.74.131 #15169 GOOGLE Requested byN/A Resource Info File typeJavaScript source, ASCII text, with very long lines (652) First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size473 B (473 bytes) MD570ca8ccca06bd892c834a6f38ec581bb SHA15b6f0f86d57d01f0afca09217a352198da1d4223 SHA256032aaf1658395ce61b6b0e77e1bd0be7f44b05d862066ac8048ae22d075d0d32 HTTP Headers GET /url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== HTTP/1.1 Host: www.google.com.ar User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 15 Nov 2024 02:42:06 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, must-revalidate content-type: text/html; charset=UTF-8 strict-transport-security: max-age=31536000 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-hqrwBDj9yXfc26V05wYwWA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other accept-ch: Sec-CH-Prefers-Color-Scheme p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-encoding: br server: gws content-length: 473 x-xss-protection: 0 set-cookie: __Secure-ENID=23.SE=U5gUFO7nogrh5N0PiniCIj3ioIkE5JJzmi0AjbWor94nee4unIH6hiEM4O1kW3ZmeXjDPH-9Suc1kiv1Qf-K6K9mxi9oKP1CJaNFlshFOrySScEkghWqKdLsfOHy854w8goYt-Ag2Znp5nX_fEyTLwCM9AYXwbPGIS_48EO5vLc7oS_9MejQkQ8hl5JmWAe5TztKS6Qblwg-D-sItWDkApUcZ7sEEjMdh5lLEdk; expires=Mon, 15-Dec-2025 19:00:24 GMT; path=/; domain=.google.com.ar; Secure; HttpOnly; SameSite=lax alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	www.google.com.ar/amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA==	142.250.74.131	302 Found	305 B
URL HTTP www.google.com.ar/amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== IP / ASN 142.250.74.131 #15169 GOOGLE Requested byN/A Resource Info File typeHTML document, ASCII text, with CRLF, LF line terminators First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size305 B (305 bytes) MD56eafa52297c66a32c1888421baaea095 SHA1c1072e33a6baa379f794a3784371b615ed6680aa SHA2569df9bee8d1c71bc6d97595059ff402dfb9d80e035150ef5a321c74d1a436a0cf HTTP Headers GET /amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== HTTP/1.1 Host: www.google.com.ar User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://www.google.com.ar/url?sa=https://r20.rs6.net/tns.jsp?f=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjU1vfA9siJAxVNh_0HHcggMUkQFnoECB0QAQ&url=amp/s/nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg; __Secure-ENID=23.SE=U5gUFO7nogrh5N0PiniCIj3ioIkE5JJzmi0AjbWor94nee4unIH6hiEM4O1kW3ZmeXjDPH-9Suc1kiv1Qf-K6K9mxi9oKP1CJaNFlshFOrySScEkghWqKdLsfOHy854w8goYt-Ag2Znp5nX_fEyTLwCM9AYXwbPGIS_48EO5vLc7oS_9MejQkQ8hl5JmWAe5TztKS6Qblwg-D-sItWDkApUcZ7sEEjMdh5lLEdk Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 302 Found location: https://nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== cache-control: private x-robots-tag: noindex content-type: text/html; charset=UTF-8 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-Fd8VqmpYICq3nOMd_2s8cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/fff cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/fff"}]} date: Fri, 15 Nov 2024 02:42:07 GMT server: gws content-length: 305 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

	nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA==	162.241.114.35	200 OK	0 B
URL HTTP nahlaters.com/hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== IP / ASN 162.241.114.35 #19871 NETWORK-SOLUTIONS-HOSTING Requested byN/A Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-06 Times Seen5689139 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /hsjk/7c768204c40159a4d38d77c9b3062a50bc6e7c44/a3Jpc3Rlbi5jZW50cmVAc2x1cnBtYWlsLm5ldA== HTTP/1.1 Host: nahlaters.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com.ar/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache `HTTP/1.1 200 OK Date: Fri, 15 Nov 2024 02:42:07 GMT Server: Apache refresh: 0;url=https://f41c67d0.c6095e14ed8d05092d88c121.workers.dev?qrc=kristen.centre@slurpmail.net Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8`

	GET challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback	104.18.95.41	302 Found	0 B
URL GET HTTPS challenges.cloudflare.com/turnstile/v0/api.js?onload=onloadTurnstileCallback IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net Resource Info File typeN/A First Seen0001-01-01 Last Seen2025-08-06 Times Seen5689139 Size0 B (0 bytes) MD5d41d8cd98f00b204e9800998ecf8427e SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers `GET /turnstile/v0/api.js?onload=onloadTurnstileCallback HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/ Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 302 Found date: Fri, 15 Nov 2024 02:42:08 GMT content-length: 0 access-control-allow-origin: * cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public cross-origin-resource-policy: cross-origin location: /turnstile/v0/g/5cdd008291ae/api.js vary: Accept-Encoding server: cloudflare cf-ray: 8e2be2e24918712e-OSL alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2`

	GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/	104.18.95.41	200 OK	9.5 kB
URL GET HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net Resource Info File typeHTML document, ASCII text, with very long lines (22074) First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size9.5 kB (9504 bytes) MD51bedc8b88d648138d981f76f2bbe6e61 SHA185e5ae5d3453a80fff6a97460b8058dd4bdb49a1 SHA2560cda39cecf7911a44ea564769e489a69d71c0a0c2fd6c6fada4890b60f1a2852 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/ Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: iframe Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:08 GMT content-type: text/html; charset=UTF-8 cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self' cross-origin-embedder-policy: require-corp cross-origin-opener-policy: same-origin cross-origin-resource-policy: cross-origin origin-agent-cluster: ?1 accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA referrer-policy: same-origin document-policy: js-profiling priority: u=4,i=?0 server: cloudflare cf-ray: 8e2be2e32c2eb505-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri

	GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	104.18.95.41	200 OK	61 B
URL GET HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1 IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Resource Info File typePNG image data, 2 x 2, 8-bit/color RGB, non-interlaced First Seen2023-08-25 Last Seen2025-05-14 Times Seen189286 Size61 B (61 bytes) MD59246cca8fc3c00f50035f28e9f6b7f7d SHA13aa538440f70873b574f40cd793060f53ec17a5d SHA256c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:08 GMT content-type: image/png content-length: 61 cache-control: max-age=2629800, public priority: u=4,i=?0 server: cloudflare cf-ray: 8e2be2e42c87b505-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri`

	GET f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net	188.114.97.1	200 OK	52 kB
URL User Request GET HTTPS f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net IP / ASN 188.114.97.1 #13335 CLOUDFLARENET Requested byN/A Resource Info File typeHTML document, ASCII text, with very long lines (1899) First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size52 kB (51771 bytes) MD5ebb8354443fd2e94ddd93c68f06048b4 SHA1da0f70cc796e8def9bd129ec0307b96812a7cf5a SHA2565ae5256e858059a4a7d4213faef3971bf85e3214396c8f16fecc7112eaafc2a7 Certificate Info IssuerGoogle Trust Services Subjectc6095e14ed8d05092d88c121.workers.dev Fingerprint67:A0:2A:74:D9:3B:2B:13:FE:11:F5:C7:B7:78:51:9D:8A:8B:95:DA ValidityMon, 04 Nov 2024 10:19:11 GMT - Sun, 02 Feb 2025 10:19:10 GMT HTTP Headers GET /?qrc=kristen.centre@slurpmail.net HTTP/1.1 Host: f41c67d0.c6095e14ed8d05092d88c121.workers.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Fri, 15 Nov 2024 02:42:08 GMT content-type: text/html report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U7nKQlNaIBnJ0RkU%2BlKI5wNAFH2dtnyQxlOeV6Y%2BgJu8UBYWlpObKg0PGgH2UZThbNTEJnz%2FjSz7HTQW1lEmdv%2FnAlpXQOCBMgw59UBlePh1SyY%2FSjEWhIKjn4KkP6e0VErP%2BVrh57SaWnsZENriqlGPMzqRd2n1d6gz4x1t2E4%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8e2be2e08e3756c4-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=16544&sent=7&recv=10&lost=0&retrans=0&sent_bytes=3349&recv_bytes=1321&delivery_rate=261466&cwnd=253&unsent_bytes=0&cid=697ab9001af6064e&ts=75&x=0" X-Firefox-Spdy: h2

	GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e2be2e32c2eb505/1731638528968/gc4CDCxuYNbW41x	104.18.95.41	200 OK	61 B
URL GET HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8e2be2e32c2eb505/1731638528968/gc4CDCxuYNbW41x IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Resource Info File typePNG image data, 3 x 82, 8-bit/color RGB, non-interlaced First Seen2023-05-23 Last Seen2025-05-05 Times Seen80 Size61 B (61 bytes) MD541d562d845474d8b5e96e1c5ab8a7ae9 SHA124b51f184214765abcda0d98830262c1d72d6977 SHA2567f15dfe3a9400b996bf17fb8c97f5945d500848d302b6d00ee6c71297bc4e4e6 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers GET /cdn-cgi/challenge-platform/h/g/i/8e2be2e32c2eb505/1731638528968/gc4CDCxuYNbW41x HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:09 GMT content-type: image/png content-length: 61 priority: u=4,i=?0 server: cloudflare cf-ray: 8e2be2ec7810b505-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri`

	GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8e2be2e32c2eb505/1731638528970/825a12d323c8267d8713f7bc890bede3426970ce5f1dd7c90a7516e9fc045010/nfjdUvicJX_Dndc	104.18.95.41	401 Unauthorized	1 B
URL GET HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8e2be2e32c2eb505/1731638528970/825a12d323c8267d8713f7bc890bede3426970ce5f1dd7c90a7516e9fc045010/nfjdUvicJX_Dndc IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Resource Info File typevery short file (no magic) First Seen0001-01-01 Last Seen2025-08-06 Times Seen230737 Size1 B (1 bytes) MD5ff44570aca8241914870afbc310cdb85 SHA158668e7669fd564d99db5d581fcdb6a5618440b5 SHA2566da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers GET /cdn-cgi/challenge-platform/h/g/pat/8e2be2e32c2eb505/1731638528970/825a12d323c8267d8713f7bc890bede3426970ce5f1dd7c90a7516e9fc045010/nfjdUvicJX_Dndc HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 401 Unauthorized date: Fri, 15 Nov 2024 02:42:10 GMT content-type: text/plain; charset=utf-8 content-length: 1 www-authenticate: PrivateToken challenge="AAIAAAAAAAAAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20ggloS0yPIJn2HE_e8iQvt40JpcM5fHdfJCnUW6fwEUBAAAAAAAAAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAAAAAAAAAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tIIJaEtMjyCZ9hxP3vIkL7eNCaXDOXx3XyQp1Fun8BFAQAAAAAAAAABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIAAAAAAAAALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIIJaEtMjyCZ9hxP3vIkL7eNCaXDOXx3XyQp1Fun8BFAQAAAAAAAAABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA2ofNYujuBSGe3VokTOshcBYsN3IYqVG1vzSM-oCNQXOis6OMxshBYgGBi7QofI09eX3MiEJXFbY9F5l3e8-_QYq1SaXGxnEUzFLxdxsrqg_HDC1t7FnimSy0L1ex7MmHaWHHFKZvblAZW4u3w1pnvpb9w-jFqacUEW3fpSMZS_Yd7X8ZtgHadv02nmX_vYOfXYz1-xrGqFTGxaoYv67qpr8Z_qEW3JxhCu5bAG07lhyKUQwCjYBaHaw9ts0dop6n4rTO43MDNBGwSB1W3JKJgCrpVXUb1nOd5pPabD8TOMECeRricTImLIJXlsMxbWvR9FO1r0FuE_1vIFSjDDXnaQIDAQAB", max-age=20 priority: u=4,i=?0 server: cloudflare cf-ray: 8e2be2f0c99fb505-OSL alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri

	aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml	35.244.181.201	200 OK	444 B
URL HTTP aus5.mozilla.org/update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml IP / ASN 35.244.181.201 #396982 GOOGLE-CLOUD-PLATFORM Requested byN/A Resource Info File typeXML 1.0 document, ASCII text, with very long lines (332) First Seen2023-10-13 Last Seen2025-06-20 Times Seen185315 Size444 B (444 bytes) MD53b324dec137a87ef7e24a30a65b13dd0 SHA1c0faa95b2f1018e264b3a14aaf50d1003e6c27b3 SHA2566cd0b591d9239fc8564627e92a804fc261951b1cbaf5fa58a8ada3cc13f51463 HTTP Headers `GET /update/3/GMP/111.0a1/20240129201730/Linux_x86_64-gcc3/null/default/Linux%205.15.0-102-generic%20(GTK%203.24.37%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1 Host: aus5.mozilla.org User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Cache-Control: no-cache Pragma: no-cache Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site` HTTP/2 200 OK server: nginx rule-id: unknown rule-data-version: unknown content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/202402/aus.content-signature.mozilla.org-2025-01-01-20-48-31.chain; p384ecdsa=3zNNW5R4XR_xZbVMze3NEFwstiITDcWAnKpj6xpEyqJWE6OXYm3MSsESEzchFrZvp5FgXy3ASeRoyRwhPJoyefk_a_5ouPgeKwSpsUGQj8ovFF2_sQFR9g_uPZUI2fe1 strict-transport-security: max-age=31536000; x-content-type-options: nosniff content-security-policy: default-src 'none'; frame-ancestors 'none' x-proxy-cache-status: MISS content-encoding: gzip via: 1.1 google date: Fri, 15 Nov 2024 02:40:20 GMT content-type: text/xml; charset=utf-8 vary: Accept-Encoding content-length: 444 age: 125 cache-control: public,max-age=90 alt-svc: clear X-Firefox-Spdy: h2

	GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e2be2e32c2eb505&lang=auto	104.18.95.41	200 OK	120 kB
URL GET HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e2be2e32c2eb505&lang=auto IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Resource Info File typeJavaScript source, ASCII text, with very long lines (65536), with no line terminators First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size120 kB (120366 bytes) MD526a1fea95e3bcee2404b463f787c9f9c SHA14a91e987523f5f2698bd211167c9665a8e650dee SHA2568046381d6742f11350e224d1714c16d14ba99bce631205eecdb7599615e78aa8 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8e2be2e32c2eb505&lang=auto HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:08 GMT content-type: application/javascript; charset=UTF-8 cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 priority: u=2,i=?0 server: cloudflare cf-ray: 8e2be2e42c88b505-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri`

	POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/269376537:1731636815:_HljyQLgLDilAJdiUjKbDLwfRNRvHr2QKad8tLeF_sM/8e2be2e32c2eb505/Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY	104.18.95.41	200 OK	140 kB
URL POST HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/269376537:1731636815:_HljyQLgLDilAJdiUjKbDLwfRNRvHr2QKad8tLeF_sM/8e2be2e32c2eb505/Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Resource Info File typeASCII text, with very long lines (65536), with no line terminators First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size140 kB (140428 bytes) MD52e38e8b887f57420916465207d3455ca SHA1aecfc56eec9c6964c643ddbdb2d9613f1a4a8fbe SHA256e54118e44e352c83435d83f6e15281ba23094769147f7f011a80712fdc7b9d26 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers POST /cdn-cgi/challenge-platform/h/g/flow/ov1/269376537:1731636815:_HljyQLgLDilAJdiUjKbDLwfRNRvHr2QKad8tLeF_sM/8e2be2e32c2eb505/Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Content-type: application/x-www-form-urlencoded CF-Challenge: Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY CF-Chl-RetryAttempt: 0 Content-Length: 2794 Origin: https://challenges.cloudflare.com DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:09 GMT content-type: text/plain; charset=UTF-8 cf-chl-gen: h1FfwlAGNStvVEwDlHWumX8QkjeJAIVMR2pKWnM/cM8sw8eQ8CRZ2d0iNpqYkAIKSGoxgyxcpo2z574dlOGdCUukmVnEgzB4FcfWCvTyo+2I2rX4SQD47YuCVavyIE6zp5Li1ZuNCKY6I6Wh133cp4sUkmXwyHccYOPhYBWotGpVy5auNkF/ZTAdShuYtFvVzyb0KM8Eg0jGatV1hu72pF6XNnodBR4cj05XLDwq2/0u5sutawIAKt+bLSXkWG3B0EOIKlHVZI9z8YLAiciWG3uoJEsyoJMA/aC/kaECT5l7xTKB084RsuY2FsIlFovWRHcjHddu0pqRCpY/bD3Sb3wtee9I804haESi9N7ep1IyJrWcI8jQ6zgV4zq5mWHmfM1Ow54wwq5C8zzESznwUoRWV7/AfNeONiT1Bt3DGFRkq2+BsnCq1jl+cInI0VnqOYs+ICaAPDkz744FisXtypQwzL5CJAOVzFHsmDsD1g==$JvFWEFZqx38SD6Yw priority: u=3,i=?0 server: cloudflare cf-ray: 8e2be2e5fd33b505-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri

	GET f41c67d0.c6095e14ed8d05092d88c121.workers.dev/favicon.ico	188.114.97.1	200 OK	5.7 kB
URL GET HTTPS f41c67d0.c6095e14ed8d05092d88c121.workers.dev/favicon.ico IP / ASN 188.114.97.1 #13335 CLOUDFLARENET Requested byhttps://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net Resource Info File typeHTML document, ASCII text, with very long lines (5922), with no line terminators First Seen2024-11-14 Last Seen2024-11-15 Times Seen13 Size5.7 kB (5749 bytes) MD5b5603c167784ff92c305f0cba5742237 SHA13b7c5997f3c7e9f10a0376397be9c825be505413 SHA25669f3d760911228283b63d12a92bb1e953b980c2db9f3ee7900f9b705b5d24121 Certificate Info IssuerGoogle Trust Services Subjectc6095e14ed8d05092d88c121.workers.dev Fingerprint67:A0:2A:74:D9:3B:2B:13:FE:11:F5:C7:B7:78:51:9D:8A:8B:95:DA ValidityMon, 04 Nov 2024 10:19:11 GMT - Sun, 02 Feb 2025 10:19:10 GMT HTTP Headers GET /favicon.ico HTTP/1.1 Host: f41c67d0.c6095e14ed8d05092d88c121.workers.dev User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:08 GMT content-type: text/html priority: u=6,i=?0 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SHiN4QP%2B%2F5J%2FWUr%2FM%2FVEHhj5gznr3hvG02TXwnZmDhZ3hqs144%2Bx88ao4jr0jFlaa6tdBOd4C70h%2BWg4aLl1HgMkjb%2FKszbue3FqeU8uXhm56DJfPlD4C22lCOoelMIZpgBRFy%2FuG081lBeapxyoxA2s3vlApnFuH4ORnD87hq4%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 8e2be2e30f0656aa-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=QUIC&rtt=18822&sent=11&recv=6&lost=0&retrans=0&sent_bytes=4115&recv_bytes=1159&delivery_rate=33470&cwnd=12000&unsent_bytes=0&cid=0b42f7b5b93381d1&ts=348&x=1", cfExtPri, cfHdrFlush;dur=0

	POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/269376537:1731636815:_HljyQLgLDilAJdiUjKbDLwfRNRvHr2QKad8tLeF_sM/8e2be2e32c2eb505/Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY	104.18.95.41	200 OK	26 kB
URL POST HTTPS challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/269376537:1731636815:_HljyQLgLDilAJdiUjKbDLwfRNRvHr2QKad8tLeF_sM/8e2be2e32c2eb505/Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Resource Info File typeASCII text, with very long lines (26336), with no line terminators First Seen2024-11-15 Last Seen2024-11-15 Times Seen1 Size26 kB (26336 bytes) MD53bb87307f10fe8c019df612931a324a3 SHA14567fafcb7fd37be1ace14681ce1f1ebff365284 SHA25643dadb2591c077e561b1eea4c8ac656dc343bfb8381aaa348649d214de31c646 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers POST /cdn-cgi/challenge-platform/h/g/flow/ov1/269376537:1731636815:_HljyQLgLDilAJdiUjKbDLwfRNRvHr2QKad8tLeF_sM/8e2be2e32c2eb505/Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/f111f/0x4AAAAAAA0CE3FLamtYdKDX/auto/fbE/normal/auto/ Content-type: application/x-www-form-urlencoded CF-Challenge: Yp4iRVR3nQ3uD5rN2fFzgk7jEvUcTKo6f5dbgyJKHVQ-1731638528-1.1.1.1-5OAewUQ23d_M0.J1BHj2CDo8sZfrIoP0Fb18BQ45bBGcd0Ezq.sk_sCSkeZQCPEY CF-Chl-RetryAttempt: 0 Content-Length: 27744 Origin: https://challenges.cloudflare.com DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache `HTTP/3 200 OK date: Fri, 15 Nov 2024 02:42:11 GMT content-type: text/plain; charset=UTF-8 cf-chl-gen: u5icpL5rUJUy0UFLEk64RemnO7PsRYnon2Ik4SImaR0jTgBoJx9C8Xwy7J0HoOtZTpRgCbBsPm9JLyRx$1kiG8Vha3VsWnk1c priority: u=3,i=?0 server: cloudflare cf-ray: 8e2be2f52b8fb505-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 server-timing: cfExtPri`

	GET challenges.cloudflare.com/turnstile/v0/g/5cdd008291ae/api.js	104.18.95.41	200 OK	48 kB
URL GET HTTPS challenges.cloudflare.com/turnstile/v0/g/5cdd008291ae/api.js IP / ASN 104.18.95.41 #13335 CLOUDFLARENET Requested byhttps://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/?qrc=kristen.centre@slurpmail.net Resource Info File typeJavaScript source, ASCII text, with very long lines (47694) First Seen2024-11-14 Last Seen2024-11-15 Times Seen57 Size48 kB (47695 bytes) MD547b6207d229c969533252bc55b6ebb77 SHA13ee461b3ece882a682e4d65b6ecda6dd41dc58ad SHA256ce76343a47db86121bc18e6f68714557fb07482edc1e7d9c972d7d85fe40a0d7 Certificate Info IssuerGoogle Trust Services Subjectchallenges.cloudflare.com FingerprintC1:16:CA:AE:53:D5:B8:63:59:BB:EB:73:AB:F0:98:7E:EE:7F:E3:EB ValiditySun, 03 Nov 2024 16:27:50 GMT - Sat, 01 Feb 2025 17:27:46 GMT HTTP Headers `GET /turnstile/v0/g/5cdd008291ae/api.js HTTP/1.1 Host: challenges.cloudflare.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://f41c67d0.c6095e14ed8d05092d88c121.workers.dev/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK date: Fri, 15 Nov 2024 02:42:08 GMT content-type: application/javascript; charset=UTF-8 last-modified: Wed, 13 Nov 2024 21:21:21 GMT cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public access-control-allow-origin: * cross-origin-resource-policy: cross-origin vary: Accept-Encoding server: cloudflare cf-ray: 8e2be2e2792b712e-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2`

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Mnemonic Secure DNS

Quad9 DNS

ThreatFox

JavaScript (42)

HTTP Transactions (15)

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers

HTTP Headers