Report - kleenfortecom.compassion.it.com/6NOUr

Report Overview

Visited public
2025-06-27 11:01:17
Tags
microsoft phishing flowerstorm
Submit Tags
URL
kleenfortecom.compassion.it.com/6NOUr
Finishing URL
kleenfortecom.compassion.it.com/6NOUr/
IP / ASN
172.67.199.219
#13335 CLOUDFLARENET
Title
Sign in to your account
Phishing - Microsoft
Phishing - FlowerStorm Phishing Kit

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
6416617147.cfd	unknown	2025-06-12	2025-06-27	2025-06-27	542 B	353 B	69.49.229.131
cdnjs.cloudflare.com	235	2009-02-17	2012-05-23	2025-06-25	515 B	20 kB	104.17.25.14
6416617147-1317754460.cos.ap-tokyo.myqcloud.com	unknown	2013-04-24	2025-05-12	2025-06-18	468 B	560 kB	43.128.240.48
aadcdn.msauth.net	1421	2018-10-25	2018-11-19	2025-06-26	1.0 kB	20 kB	13.107.246.53
stackpath.bootstrapcdn.com	2467	2012-05-25	2018-04-05	2025-06-25	466 B	52 kB	104.18.10.207
aadcdn.msftauth.net	1455	2018-10-25	2018-11-19	2025-06-25	521 B	2.5 kB	95.101.10.97
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18	2025-06-25	509 B	50 kB	104.18.10.207
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2025-06-25	7.2 kB	599 kB	104.18.94.41
code.jquery.com	634	2005-12-10	2012-05-21	2025-06-25	490 B	70 kB	151.101.194.137
kleenfortecom.compassion.it.com	unknown	1992-10-23	2025-06-27	2025-06-27	3.2 kB	15 kB	104.21.90.105
ajax.googleapis.com	12905	2005-01-25	2012-05-22	2025-06-25	460 B	87 kB	142.250.178.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-06-27 11:00:54	low	Client IP	43.128.240.48	ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
2025-06-27 11:00:54	low	Client IP	43.128.240.48	ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-06-27	medium	6416617147.cfd	Sinkholed

ThreatFox

No alerts detected

JavaScript (60)

	URL	From	Size	First Seen	Last Seen
	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 2b5d835110d0f6a2aaaf38328a9736eb c5b9e23855743af041e2011c7db551f9dcf215c7 2cdab1edb2a2cc9bc8f89bf52d035019409a87c169fd9415af04fc5671dd4fc6 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js	ScriptElement	86 kB	2023-03-07	2025-07-18
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js IP 142.250.178.106 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-18 04:55 Times Seen189160 Hash 2f6b11a7e914718e0290410e85366fe9 69bb69e25ca7d5ef0935317584e6153f3fd9a88c 05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash b166f04428cff757a8f0a82bfb931624 44e5a9b257796a3bdac696c17b754a1a3cf41f89 c5f330d8ddf2116be765b15971a5eb8033581746dce9d11a7af3e07faa1fa230 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 1facd565aca3224801a1579323b7e560 5cab9acbe815e5f818a8eb497b02b1f005a2352c 6053c89e8f57b9343f6ccf5e2ea4f1a9bd94e8927298952c610c13367dfeffc5 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash c0fdb1a83d432f2709a746e3a54ca729 64a4f5306c6c15a3b6a3fb5a8d8e623eb54f31e9 2ed5acafbd97dcb0c6286b9887d5e75c7e693f6bf677a26c5bc1439302e57c4d Loading...

	6416617147-1317754460.cos.ap-tokyo.myqcloud.com/bootstrap.min.js	ScriptElement	559 kB	2025-06-27	2025-07-01
Pretty URL 6416617147-1317754460.cos.ap-tokyo.myqcloud.com/bootstrap.min.js IP 43.128.240.48 ASN #132203 Tencent Building, Kejizhongyi Avenue Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-07-01 17:15 Times Seen3 Hash 1e4cbe7c41c423d9ea2d04a8df3b740b 403e9e3467724db7cf36cdcffa9f90f169357413 26cade7b408b79650c642440901a776ddf644b8e107ff9c5f265d3454448db8f Loading...

	stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	ScriptElement	51 kB	2023-03-07	2025-07-18
Pretty URL stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-18 04:35 Times Seen106397 Hash 67176c242e1bdc20603c878dee836df3 27a71b00383d61ef3c489326b3564d698fc1227c 56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4 Loading...

	challenges.cloudflare.com/turnstile/v0/api.js	ScriptElement	49 kB	2025-06-24	2025-07-02
Pretty URL challenges.cloudflare.com/turnstile/v0/api.js IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-24 11:18 Last Seen2025-07-02 11:47 Times Seen14261 Hash cca133e54f2791b0cc3562449fe447b5 56b6d37ab92a7098e7a12612a2a6cee54a3c306a c50b430d25297399159bfcf9ea12b93cd64200082534a6ee3170defa4d694657 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	14 B	2024-12-12	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2024-12-12 23:50 Last Seen2025-07-18 05:13 Times Seen47665 Hash 33ff6022e88df59f8dfc9eb546435e9c 7f2ad96c0a1276fbc858c652a6e2d0b3c9d4d3e4 a1c845cab782ea7dec04543ec72e0b354cb8e9aae23acc02ee02b1832e3acd9a Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash dc738a5622add64856397d13ca053714 32993b9391ee17947bd657f1f802927de9e4dbec ea92f5dc71f5b1906a29b414a69453256d6b3a8858204ef58fe115ce91357624 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash e4034f373c02edec7225faf31a1daa24 3ea061f0d529fb22bdeeb752f6f751b0f38d17bb 50113617ed963a98f0e34c7a22b122b41f9796308281d5515267626cb936ac0d Loading...

	maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	ScriptElement	49 kB	2023-03-07	2025-07-18
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js IP 104.18.10.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-18 05:04 Times Seen83925 Hash 14d449eb8876fa55e1ef3c2cc52b0c17 a9545831803b1359cfeed47e3b4d6bae68e40e99 e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	87 B	2025-06-11	2025-07-17
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-11 01:01 Last Seen2025-07-17 05:15 Times Seen446 Hash 94978e4e4ab36e6c56939096ba40918e bcf46b7981c71b4d8952c4312e35060667ddb159 912bc1c352eda3fb7a5a974901bcc896ae2fb87f3da462f72f6977c9f2ebc55a Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 545c5156bb0c5188f11b59d1afc778b3 2d8b7360b1acc1bd15f99484ce1bc264a822f1f9 666b2a65d1d91714f3c0b8540454b7de891d7cdb53b24493b6c22084fab8acad Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	16 B	2024-12-12	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2024-12-12 23:50 Last Seen2025-07-18 05:13 Times Seen47083 Hash ca897fb253cc8807c5aafc947eb02fb6 25137d68712ada7d3ad424c80bc0d688a696f7bb 57f9c536daa79c4d770534dbafbe2e7b2b2aa48b9eb2617b4e670b8a78a4a4ce Loading...

	kleenfortecom.compassion.it.com/6NOUr/	ScriptElement	751 B	2025-06-27	2025-06-27
Pretty URL kleenfortecom.compassion.it.com/6NOUr/ IP 104.21.90.105 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen2 Hash 0be90e4955359f8bc8e1d66b7a593f1c f8d1d02b459aeba74309efc73d56dd630ce60a7d 118c9e8ea1cdce1b39bf0ff1b7c89b253a54645290205a5916df3575ecc3e3ed Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 756d62dce8de37c70db47e6ab6c337af 38eb9210daf1e39d5820133c1ae5687855db7627 0e69fcdc0ce93b6daf5e8fa99e6da7ddd7477461aee1e8fb544cb22736219e65 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash f58edf78df33cd1948bf2b4f707bbe76 f938d05486a93d7fc895f029341e011936364213 204ec6a460650143e57945aa2c96de1b57bb14454d85d736a1da498231713bad Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 6eb7e9bc21ee3af2a33ba4600746add5 6781c3abb8050af18cc649849efc7a9812007e29 7b3db2f7ae4697813c411c27b84e3872ff1144a3bf463705d48e8a9d6ae9943b Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash cff88b1ed71e133dbe2362703c811b43 6b7706d52d26126788d27c392a9ab99fb8499472 b88ddd57c6f0f522b2fd12c356695d32d55fc7bf989a3f4c7d6902c0399a8371 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash a9681a75cb6ed47cd83430601c4921e4 a20af1dcabb466566846262806dbd0050bdaef2e 8f37b9f196c5e43ae9cef73c65b099e1c19ac14746503471cfd1799ee9a2e797 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 296da78c4a720efe6f7bfad71d1bba31 6ffc403753c8046e0b2543811172e6e276a5255b d797e092f715b235e3576687cd7dc00449f5629c74592a5f667a6d2ca09d81d7 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 869bd9657264a00680661a630636fd3a 2aa7670bd2b0415d791a3a98c86da36ba8d51baa b6d4d90679d0e01c1703e63577262f1a0b2df7c344c2b5dd6f36cbce8d0b21b4 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 9aff74e03e0a3ea3852f937891d76b83 37c74f66e0c4dff75f612cb9411e87e6882a4f48 122d55b1aad3eec025805153e6312e0dca3cbc0703187f901daec3c08342b9d2 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	ScriptElement	3.4 kB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 7ce1f50bd94f05ab46ac5f511dcc5c01 cb9df9c6b2049a828ed3c037af45fc59e459abcb a1490f8e8a5c29f8e5513c7a302f16f6cf7931941ca47a4c3a33969235ae27e2 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=956471166f38b500&lang=auto	ScriptElement	141 kB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=956471166f38b500&lang=auto IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 3bd1a69dfcba738a3bcb9afcb09121cf b2a390ab9667f115b78b9763079f5a06cd8da65d 9087c54428d128e90569cba0033aa81482e99ab0af51ce7178f44c93ac0bb3c6 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash 1d3e5e0c3af7e5dd86b469917667a13a 1b40e116dd5a0fbbfb9eeddfa6d9952461f11e88 cb9d073272aa757bf4af1a21ddd701c1d1704fbe83679ba6ea1355aca88a328d Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	14 B	2024-12-12	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2024-12-12 23:50 Last Seen2025-07-18 05:13 Times Seen47409 Hash ff03fc8f0c3179fb4dcf4389f88a1c16 05ff911d7ddf2d7c14b4316a87fd08f42c618f9f 025229ec6bb50e915572750c5045d22c5fe16851fd077f1411f41b19aa1dfece Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash dcc25ed4694c94031a9122d8ae40083e 277e105bd8c904db16d82b2aa9b32f05c1b1e151 05357c2e4b1aad6283496883d0269d7a46e8740fc631e344c349a9cf3b4118ee Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	1.3 MB	2025-06-27	2025-06-27
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2025-06-27 11:01 Last Seen2025-06-27 11:01 Times Seen1 Hash fcacef38ab47917bd69f5e673d89f64c f2434575c953b5cf2251f4694f3b969682c85afd 0faaba87683089e91f07b5a484d1473a1a62bc1089f73704a8ccd7d7c2c0d1ba Loading...

	cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	ScriptElement	19 kB	2023-03-07	2025-07-18
Pretty URL cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-18 04:35 Times Seen82801 Hash 70d3fda195602fe8b75e0097eed74dde c3b977aa4b8dfb69d651e07015031d385ded964b a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	code.jquery.com/jquery-3.2.1.slim.min.js	ScriptElement	70 kB	2023-03-07	2025-07-18
Pretty URL code.jquery.com/jquery-3.2.1.slim.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-18 04:35 Times Seen64708 Hash 5f48fc77cac90c4778fa24ec9c57f37d 9e89d1515bc4c371b86f4cb1002fd8e377c1829f 9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/	Eval	4 B	2023-03-07	2025-07-18
Pretty URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ IP 104.18.94.41 ASN #13335 CLOUDFLARENET Introduced by eval Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen419979 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

		Size	First Seen	Last Seen
	#1 Write - 086707e4369f60afedcafb16050a7618	39 B	2023-03-07 01:03	2025-07-18 05:23
Pretty Observations First Seen2023-03-07 01:03 Last Seen2025-07-18 05:23 Times Seen108119 Hash 086707e4369f60afedcafb16050a7618 8216b0cc6876cbd44f01c158e7dff3833ceccd41 a7fe83ec64bb23eb28090598db3d166ed98e52e39d1afbbfd74c579553f93e4e Loading...

HTTP Transactions (26)

URL IP Response Size

GET 6416617147-1317754460.cos.ap-tokyo.myqcloud.com/bootstrap.min.js

43.128.240.48

200 OK

559 kB

URL GET
6416617147-1317754460.cos.ap-tokyo.myqcloud.com/bootstrap.min.js
IP
43.128.240.48:443
ASN
#132203 Tencent Building, Kejizhongyi Avenue

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGlobalSign nv-sa
Subject*.cos.ap-tokyo.myqcloud.com
Fingerprint6F:54:5C:76:56:21:E8:24:50:92:46:CD:E8:4C:40:A1:82:85:AC:FC
ValidityTue, 18 Feb 2025 01:41:01 GMT - Sun, 22 Mar 2026 01:41:00 GMT

File type
JavaScript source, ASCII text, with very long lines (65474), with CRLF line terminators
Size
559 kB (559062 bytes)
Hash
1e4cbe7c41c423d9ea2d04a8df3b740b
403e9e3467724db7cf36cdcffa9f90f169357413
26cade7b408b79650c642440901a776ddf644b8e107ff9c5f265d3454448db8f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

GET /bootstrap.min.js HTTP/1.1
Host: 6416617147-1317754460.cos.ap-tokyo.myqcloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 559062
Connection: keep-alive
Accept-Ranges: bytes
Content-Disposition: attachment
Date: Fri, 27 Jun 2025 11:00:55 GMT
ETag: "1e4cbe7c41c423d9ea2d04a8df3b740b"
Last-Modified: Thu, 12 Jun 2025 16:55:03 GMT
Server: tencent-cos
x-cos-force-download: true
x-cos-hash-crc64ecma: 16326204351505896233
x-cos-request-id: Njg1ZTc5ZTdfZjY3MTUzMGJfZTg1Ml81YzUxZDZk

GET aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg

13.107.246.53

200 OK

1.6 kB

URL GET
aadcdn.msauth.net/shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type
SVG Scalable Vector Graphics image
Size
1.6 kB (1592 bytes)
Hash
4e48046ce74f4b89d45037c90576bfac
4a41b3b51ed787f7b33294202da72220c7cd2c32
8e6db1634f1812d42516778fc890010aa57f3e39914fb4803df2c38abbf56d93

HTTP Headers

GET /shared/1.0/content/images/signin-options_4e48046ce74f4b89d45037c90576bfac.svg HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:01:00 GMT
content-type: image/svg+xml
content-length: 621
cache-control: public, max-age=31536000
content-encoding: gzip
last-modified: Tue, 10 Nov 2020 03:41:24 GMT
etag: 0x8D8852A7FA6B761
x-ms-request-id: 3f6762d1-601e-005a-21d1-e4d20e000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250627T110100Z-17dfff74684b5p4rhC1SVG2t3g00000001sg000000009zm3
x-fd-int-roxy-purgeid: 4554691
x-cache-info: L1_T2
x-cache: TCP_HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/b/07af8245c728/api.js

104.18.94.41

200 OK

49 kB

URL GET
challenges.cloudflare.com/turnstile/v0/b/07af8245c728/api.js
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
JavaScript source, ASCII text, with very long lines (48827)
Size
49 kB (48828 bytes)
Hash
cca133e54f2791b0cc3562449fe447b5
56b6d37ab92a7098e7a12612a2a6cee54a3c306a
c50b430d25297399159bfcf9ea12b93cd64200082534a6ee3170defa4d694657

HTTP Headers

GET /turnstile/v0/b/07af8245c728/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kleenfortecom.compassion.it.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:00:37 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 19 Jun 2025 22:00:39 GMT
cache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 956471157a4c569b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

POST challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo

104.18.94.41

200 OK

290 kB

URL POST
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
290 kB (290016 bytes)
Hash
d541697d0a5eb1819ca4a0ede94e41f1
faabfbac655523192596d062d840cc356a52c8a3
fad48816064bf5481ef7eca62ba45feaabcaae476b736fced9f129b04346a0fd

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
cf-chl: ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 3682
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:38 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 7cr6cc3pfmcFX3/XaQzZIdRWdBzqHbHT04/AOwAZMWTQSYd0//y7pXzUByafBlTtlFfrkc4fUgtl8tAg/YMxilSq+Ib3f6ELqn571zPl6V9fKRdqKgbjUUJWWWPuVbw6G7lLdw76x/gLCS/YZZL+TeSzxMAsgAAgAdvGDeTmaQuLro4jtRKOQy/+CF+cBBDvvYXVXTnBEQr0VV6rbLFDALg621ay7Qv56RRdLHsoF67V3xUVtsR3hV8MADWU2TXlURkMZXMVQuSIdQvjN4+b/71ibMbVG0xDawEzgOyFLUGNiNgS6gAoAkrz1xh4+fheEf8lVHTddabQ1KtA3r6M/fC2RLULVZuUIJxDFOpY4zKbafRP9Y79lJxDcSZq7WACZlRjcVGftkyasCk96LhkmeHCbdpDD3gjmj1tLXVaVFZDUOLuZqAeViFj2Bl36vo+7pCoEaQ2hoJ26kAXrZs8iP/qvGDloiQVlNk3MKKqjGRFQze0RVO6EX1tgijOfVqe6nubq7JFD1jfLv6cyLXIKbH2XgZ3E+Y03aPVwwkCc24x/Pc8uFZTQMdC87kav6WxvdYjH+hPkqrxuI3ziRIyLzsYqo+NnL0OW2ZfvipQeeBsemXPHoN1vhpx+XzOc4EtnmMy92lJLXRpqtIg+fBoWf7r5S1VD4WQvLV+IQaMeU4JaNt/8pKI77PqmEFkd+1NlxgqMcYJGYSiohX7oxcr9K8M7UsNw/poAX9EG9mPOVAdl98G2Od1XLHpusYAa20tKqMD3BrS7t/eDd7gTM4Troia0BbP8mjFRE44jd6BMwo2aepV0naUnYxlXGGh/ddA$GxMHaiIVWyaoRz2Hh7VOrQ==
priority: u=3,i=?0
server: cloudflare
cf-ray: 95647119acbbb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/956471166f38b500/1751022038046/b74923cc5003758c8f3668dcf2d832fe44ff3b4c0e1d38e8e19db964044356cb/bH-X-M6DOKbfdVO

104.18.94.41

401 Unauthorized

1 B

URL GET
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/956471166f38b500/1751022038046/b74923cc5003758c8f3668dcf2d832fe44ff3b4c0e1d38e8e19db964044356cb/bH-X-M6DOKbfdVO
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/956471166f38b500/1751022038046/b74923cc5003758c8f3668dcf2d832fe44ff3b4c0e1d38e8e19db964044356cb/bH-X-M6DOKbfdVO HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 401 Unauthorized
date: Fri, 27 Jun 2025 11:00:41 GMT
content-type: text/plain; charset=utf-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gt0kjzFADdYyPNmjc8tgy_kT_O0wOHTjo4Z25ZARDVssAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAscjm_UO_k901rNdCKgLw5bvI4i6M_jDNCIXpfs2LRbtxwLOrUyplqVvML_hVlB5tIDMuj0ihhaOFHose-Y0_UjQnNUGE_vol46VvGgscTMtTjU4xINriap8AMTIygvljEBt6my-nBwkUGhY3U9v5iKC-eWR5bTfvrqFsuIVxafkSfhHqDXB4KLGNjvOOV71GGJ9x4yxA-C2OcULZ1uDDKuvAaMhuiWdF6OzSTXruP9yPg1vmuteavOW1re0YDbCbtK16PhHdSzWym7v_FrvId-2zf26j50FlTd_vl_DcKNDVCgWDoU0uX3cU6V3rSQoVXREEqPr-2ywSGru8ZuXRoQIDAQAB", max-age=20, PrivateToken challenge="AAIAHXNhdC5wYXQtaXNzdWVyLmNsb3VkZmxhcmUuY29tILdJI8xQA3WMjzZo3PLYMv5E_ztMDh046OGduWQEQ1bLABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAsLS4HBnLGydwK-bLQGRCaoyMsrXBRrDgQVmxS06j3UF0nYSd6GdTGCKIu1WV60eg-tJtTttfEVq7wHVQf4vzjYBidmCh88ebzxKv2GB6PESSodf5MsEup9xd5dxpkYScgL1CCJq89kRrOQ_CS61bvkL_oGyZf4ffqG5THgaOsopqj8dFLH6_SMy9yf8EgMYqpyjxfKsD-1_qb1m1DRjJEKPWKIGwmHXIKQJUqsxZFm4_Inwkxx7QMpVP4GyqlTxFVz7stWwJRSkMLHjEM_IWLUYfPhuwIUVqmRjGsY1n8flA1bRfxaWHNDxoi25-M2BKTP9NkNNJBbTKErhrZ9LGywIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tILdJI8xQA3WMjzZo3PLYMv5E_ztMDh046OGduWQEQ1bLABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApfbVKW9jv_cm7VCxn62oVAVC5hFmu-kZjUyoHVY59NkyKyHKMDjFTQQtwRz5WaCrisTztPUBe5IEqngHq_K6n0LVGgP-vP5_EV8Q63SdqECb9NxgQT_jnGDYKP38YIvPHP47CMaQOOm6F4tfy50OTdVLxmir-nwtG4EsjQpjbWt5h0uKnWtYHo0z3T2TGAaak3xueW6uC1Y9XvXRyQ4VLq2YT2Pj5nG5iT9qz95HGc0b9CcuEADcgyRRUmYpFDKa4E7gznEbKSul9XcN8oNCkL49spyNT1stpPVhL9fnQZz0zdIsTIdKR-iKQoy9HKyPEeNpcQhrSF7DgSPJTnR6xwIDAQAB", max-age=20
priority: u=4,i=?0
server: cloudflare
cf-ray: 9564712d59fab500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET code.jquery.com/jquery-3.2.1.slim.min.js

151.101.194.137

200 OK

70 kB

URL GET
code.jquery.com/jquery-3.2.1.slim.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
Fingerprint56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE
ValidityThu, 12 Jun 2025 00:00:00 GMT - Fri, 26 Jun 2026 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (32012)
Size
70 kB (69597 bytes)
Hash
5f48fc77cac90c4778fa24ec9c57f37d
9e89d1515bc4c371b86f4cb1002fd8e377c1829f
9365920887b11b33a3dc4ba28a0f93951f200341263e3b9cefd384798e4be398

HTTP Headers

GET /jquery-3.2.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kleenfortecom.compassion.it.com
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-10fdd"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Fri, 27 Jun 2025 11:00:53 GMT
age: 2084705
x-served-by: cache-lga21963-LGA, cache-hel1410023-HEL
x-cache: HIT, HIT
x-cache-hits: 38, 16170
x-timer: S1751022054.930041,VS0,VE0
vary: Accept-Encoding
content-length: 23856
X-Firefox-Spdy: h2

GET stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

104.18.10.207

200 OK

51 kB

URL GET
stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
JavaScript source, ASCII text, with very long lines (50758)
Size
51 kB (51039 bytes)
Hash
67176c242e1bdc20603c878dee836df3
27a71b00383d61ef3c489326b3564d698fc1227c
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

HTTP Headers

GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:00:53 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "67176c242e1bdc20603c878dee836df3"
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 10/04/2024 02:53:43
cdn-edgestorageid: 1029
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 1
cdn-requestid: c6c8a086d090f1d2baac8a7b0c894894
cdn-cache: HIT
cf-cache-status: HIT
age: 2020913
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9564717cbf8e56a5-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET kleenfortecom.compassion.it.com/6NOUr/

104.21.90.105

200 OK

2.6 kB

URL User Request GET
kleenfortecom.compassion.it.com/6NOUr/
IP
104.21.90.105:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcompassion.it.com
Fingerprint46:1B:48:EF:BF:AA:21:92:42:4C:89:F0:B7:09:CB:0E:1F:3B:80:8D
ValidityTue, 10 Jun 2025 10:36:03 GMT - Mon, 08 Sep 2025 11:34:16 GMT

File type
HTML document, ASCII text
Size
2.6 kB (2629 bytes)
Hash
2a7a32f1a6c528c4c98058c8740d7823
db17c7c36b6d87ff22821169b4dc6230de3619db
6a73d3d1a770a9a37554c2a9e4bed2b9cf443c04395c730b47d40154db28e522

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

GET /6NOUr/ HTTP/1.1
Host: kleenfortecom.compassion.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:00:36 GMT
content-type: text/html; charset=UTF-8
server: cloudflare
x-powered-by: PHP/8.0.30
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
cf-cache-status: DYNAMIC
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=d8co1%2BETYFIqGSxoazkgVJuC5wOkhLZ4mVIUdARp8l6ciBJngVQcxTVkr6dRlwcbUs10RdwsJD3pYpL7wCdc58rg4hDoLvHSWfP4WMd7V%2FEYG8UX2sz23jS2KkaE"}]}
content-encoding: br
set-cookie: PHPSESSID=stv7kr5g2s12vgnke9vc70im6t; Path=/
cf-ray: 95647112f9865697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/turnstile/v0/api.js

104.18.94.41

302 Found

49 kB

URL GET
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type

Size
49 kB (48828 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 27 Jun 2025 11:00:37 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public
cross-origin-resource-policy: cross-origin
location: /turnstile/v0/b/07af8245c728/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 956471154a0a569b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

142.250.178.106

200 OK

86 kB

URL GET
ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP
142.250.178.106:443
ASN
#15169 GOOGLE

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
Fingerprint58:09:05:96:27:31:E2:3D:AB:89:AD:1C:2E:C3:03:82:B0:27:3D:86
ValidityMon, 02 Jun 2025 08:36:37 GMT - Mon, 25 Aug 2025 08:36:36 GMT

File type
JavaScript source, ASCII text, with very long lines (32065)
Size
86 kB (85578 bytes)
Hash
2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e

HTTP Headers

GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jun 2025 22:24:27 GMT
expires: Mon, 22 Jun 2026 22:24:27 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 390987
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET kleenfortecom.compassion.it.com/favicon.ico

104.21.90.105

404 Not Found

196 B

URL GET
kleenfortecom.compassion.it.com/favicon.ico
IP
104.21.90.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectcompassion.it.com
Fingerprint46:1B:48:EF:BF:AA:21:92:42:4C:89:F0:B7:09:CB:0E:1F:3B:80:8D
ValidityTue, 10 Jun 2025 10:36:03 GMT - Mon, 08 Sep 2025 11:34:16 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kleenfortecom.compassion.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/6NOUr/
Cookie: PHPSESSID=stv7kr5g2s12vgnke9vc70im6t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 27 Jun 2025 11:00:55 GMT
content-type: text/html; charset=iso-8859-1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mPL8P%2FgO5It4Sg6kkRDM%2BAGda48v04eAHPt0kPNdlI8SbZfyzvZl4WtjYdUBJGjpiuckGcSiqudv5WVYRc5FcNfLtMT3QNR%2FL1Ufo5u2pTbpd5vpOXj0O6yIaE6hyVc4CRXSI6eO19BRsBW%2BicVSclBq"}],"group":"cf-nel","max_age":604800}
age: 17
cache-control: max-age=14400
cf-cache-status: HIT
content-encoding: br
cf-ray: 956471863db056c1-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3556&min_rtt=700&rtt_var=3206&sent=112&recv=154&lost=0&retrans=0&sent_bytes=11712&recv_bytes=10493&delivery_rate=402671&ss_exit_cwnd=14922&ss_exit_reason=2&cwnd=12000&unsent_bytes=0&cid=432bcb3d0e5ea532&ts=18490&inflight_dur=38&x=44"

GET aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg

95.101.10.97

200 OK

1.9 kB

URL GET
aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
IP
95.101.10.97:443
ASN
#20940 Akamai International B.V.

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerMicrosoft Corporation
Subjectidnaakamaicdn.msftauth.net
FingerprintDC:51:C1:FA:8A:C3:85:DA:8E:3C:1C:06:37:00:90:7A:B4:62:A9:DC
ValidityFri, 27 Dec 2024 18:21:36 GMT - Mon, 22 Dec 2025 18:21:36 GMT

File type
SVG Scalable Vector Graphics image
Size
1.9 kB (1864 bytes)
Hash
bc3d32a696895f78c19df6c717586a5d
9191cb156a30a3ed79c44c0a16c95159e8ff689d
0e88b6fcbb8591edfd28184fa70a04b6dd3af8a14367c628edd7caba32e58c68

HTTP Headers

GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1
Host: aadcdn.msftauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-length: 673
content-type: image/svg+xml
content-encoding: gzip
content-md5: DhdidjYrlCeaRJJRG/y9mA==
last-modified: Wed, 15 Jan 2025 17:54:26 GMT
accept-ranges: bytes
etag: "0x8DD358DA72AAF33"
x-ms-request-id: 57a46c09-a01e-00f8-2e0c-c396d2000000
x-ms-version: 2018-03-28
access-control-expose-headers: Accept-Ranges,Cache-Control,Content-Encoding,Content-Length,Content-MD5,Content-Type,Date,ETag,Last-Modified,Server,x-ms-request-id,x-ms-version
access-control-allow-origin: *
cache-control: public, max-age=30093997
date: Fri, 27 Jun 2025 11:01:00 GMT
vary: Accept-Encoding
akamai-grn: 0.a60a655f.1751022060.3a3597fe
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1

104.18.94.41

200 OK

86 B

URL GET
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
PNG image data, 2 x 2, 8-bit/color RGBA, non-interlaced
Size
86 B (86 bytes)
Hash
70c202196187ab3c11b4e094c20c6de1
9c52b959e74aee9d79cbc9f35d1f9f65a3b8c863
6255b9231d09ebe6aa1ac19ba46bdd81f3df58989c9ef2e11d6cd6e2e7b21643

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:37 GMT
content-type: image/png
content-length: 86
priority: u=4,i=?0
server: cloudflare
cf-ray: 95647116f81bb500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

104.18.94.41

200 OK

30 kB

URL POST
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
ASCII text, with very long lines (29584), with no line terminators
Size
30 kB (29584 bytes)
Hash
196a8f4eb56ebf47ba897b20083e84b6
bde2cf3498a8eda85e65f9ad787077185868bf0d
f1c85d631cecea24f491f900353842ddeec650241768557a3d33ea1024f07e35

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
cf-chl: ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 34860
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:44 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: d+MmN5c2X4DRnl7Yo4HAw79TTOE9rkNXyq8lsWQvbqr1Gcgwrm8TLs46b5lAJNrt$Im66baT5TTYpkhKx6GvzUg==
priority: u=3,i=?0
server: cloudflare
cf-ray: 956471413c89b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST 6416617147.cfd/next.php

69.49.229.131

200 OK

16 B

URL POST
6416617147.cfd/next.php
IP
69.49.229.131:443
ASN
#19871 NETWORK-SOLUTIONS-HOSTING

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerLet's Encrypt
Subject6416617147.cfd
FingerprintB0:58:AB:93:21:35:A6:C4:D0:DF:14:B4:DA:EC:8A:28:38:E0:67:CE
ValidityThu, 12 Jun 2025 15:56:05 GMT - Wed, 10 Sep 2025 15:56:04 GMT

File type
JSON text data
Size
16 B (16 bytes)
Hash
1f57cbd1f1a1ced8f62d34242408414c
52279c54b16f0a88d43d57b4cbb9813ea3cc39ab
c462d460eab61de19f36cc384c99666e5bf65eaeba0c12b8f594c5410c01f220

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /next.php HTTP/1.1
Host: 6416617147.cfd
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://kleenfortecom.compassion.it.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 13
Origin: https://kleenfortecom.compassion.it.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 27 Jun 2025 11:00:55 GMT
Server: Apache
Access-Control-Allow-Origin: https://kleenfortecom.compassion.it.com
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

GET aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico

13.107.246.53

200 OK

17 kB

URL GET
aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
IP
13.107.246.53:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerDigiCert Inc
Subjectaadcdn.msauth.net
Fingerprint38:05:DB:30:B5:83:1A:A0:A9:AD:24:B2:62:0F:E7:F6:60:9B:7C:00
ValidityTue, 29 Oct 2024 00:00:00 GMT - Wed, 29 Oct 2025 23:59:59 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

HTTP Headers

GET /ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico HTTP/1.1
Host: aadcdn.msauth.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:01:00 GMT
content-type: image/x-icon
content-length: 17174
cache-control: public, max-age=604800
last-modified: Fri, 02 Nov 2018 20:25:25 GMT
etag: 0x8D6410152A9D7E1
x-ms-request-id: c4a6bb82-901e-0069-426b-e0fa1a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
x-azure-ref: 20250627T110100Z-17dfff74684b5p4rhC1SVG2t3g00000001sg000000009zm4
x-fd-int-roxy-purgeid: 4554691
x-cache: TCP_HIT
x-cache-info: L1_T2
accept-ranges: bytes
X-Firefox-Spdy: h2

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/956471166f38b500/1751022038049/iIqAhnPfo666RmW

104.18.94.41

200 OK

328 B

URL GET
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/956471166f38b500/1751022038049/iIqAhnPfo666RmW
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
PNG image data, 18 x 65, 8-bit/color RGBA, non-interlaced
Size
328 B (328 bytes)
Hash
ed1997390883ee24e1b64759bc4f21d0
db97cb10d8cbae6850bf0b9a8c03a41bfe24e436
786daff523edb02454f6fe7f243fc171d755631dd334403d9aec7f9bb67e69bf

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/d/956471166f38b500/1751022038049/iIqAhnPfo666RmW HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:43 GMT
content-type: image/png
content-length: 328
priority: u=4,i=?0
server: cloudflare
cf-ray: 9564713b5d54b500-OSL
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

104.18.94.41

200 OK

4.9 kB

URL POST
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
ASCII text, with very long lines (4864), with no line terminators
Size
4.9 kB (4864 bytes)
Hash
b5329238a61ae6d6158e101e2e517e8d
da772656d0ba6f417318a5551c27bf1e45ee92ec
c58ee2989747a6da9415856d50dd983fdaf2ed4f31108c2d17fff60d1bfda0d1

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1984993160:1751019211:BPZvV-wZf6Zj6YoT2ef6_RF8mZ1k40Y6sp5Yr_02HOc/956471166f38b500/ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
cf-chl: ZhPpZYp3hi1Kks_P6CTksGjGHkc9GsMr.IjCR_I1uT0-1751022037-1.2.1.1-e6go3WPFR27HWA3JTwLw0.Pf.SAro99WInqmVJfqT0ofODH16Ux4K9NtIVLy_dCo
cf-chl-ra: 0
Content-Type: text/plain;charset=UTF-8
Content-Length: 44482
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:52 GMT
content-type: text/html; charset=UTF-8
cf-chl-out-s: E2dCxYVYM3gTr4KA2ke2DJgUqYhOWizqriX6Z2WWHlC6ojNo4ohKwTsWQ9oqEXiswYmGfk2En46C8br/MsPkC055p+PJqlzhQl72PHLHhiXI/xL6Fiqk2VOCHfebsmr0+LKP7OD8hZQUUQucYOKFplar79z52HVs9O6YcEHWYgDFJ01jbllnY58MFLqNd4v+r3bkJVUVOXMivdZ+WT/ZArqGtrrJTj/y+rSoYzGDK5pO5vnRXOlZIJmu3Dk0Oss0BEqdezMY7C83Uji2Cv9iRs3BDISh+CWu2p0mFoZqdbtkHduiPRXf8QZkDPO0eP0KVINe3Fyfdh8Nvoki6VksvgZ12QkrKf6m3/jlFj1vj8i3zZj6YaC60Eg3yIW77G7eA7tH7f3UgHVvXloat2/a8njR67GzajY3RytWuz/0vCgOnECpvXz6Wc4GeUUPA+7FAL2c0a9lgsBBOF9Of7epmJUJTshSTfvh2tm3U0DCx7ivFnGYv0tEwoEIQlBkIdAA5fMmOIM+zec9SdRaXtr3kPNN605P0pMw7t80kbxr3YRnl3qMgHCAkM2mzf4GUz9daAxnXn65RPg+zRJz6V+TxqZRB9Bo26a/azboL8+bQddYTM2RZJJPe6ZW6JMNJYO58gOO11HbJnC0FRMLUv5qOSYDFiamp0oLB06N108xZr+0jper6nNjsxwYwP6cwhzfmUEffvD+oSoSsTSQGi+8KZa2POcNw9Tmw0JN5oiKZqeFEhTj1OmZmwsxYPnsvt0bI+KO8aWlthoSdevOvs4UfGGjE6K1KsMJ554VGOtNa9e/A20VbzyILWvHPwPCyjWGkzwEKLQz41ll+uomMYveFlSVSDojhKIhSuOa4ToS2uY5bImwrFellbaX9yOJXaeZHmgmgrLgnzjo94x/YjU3ZMoNI/lbGVRqnSQzsboSjS/6pVtJczqH7dTYu2GCeUuFsHv+8OEmO7CgWGQeB9uUC0yfWXG67t3EMYG07nPxZC/XGwqVPA2REDWJkgCYzwG5mW4kaVLfFrHYJt8APz8EISwuo8W7o13Qe4GW2BEDP+qGzt+murrJXr4GLlfNrOjAzcuaMuuJwh8dtLn7MpMygoQu0Dmrg9hTaBN1DFiiYe36E+Gh6QI22oKgKzqKfRq02/xy9FEV2Q+OfIdyJc24MzaqEn1n9Cz0RVoiG0WTpCTN1JTYucYN13m9ujFiCsMown0kAbPVQswtRMOBgvBjNaXVr3RdDe5GKZMvlmnmw6MPoXw0k2GEjkfukDIdnIfBQAXi+A4wcGHW+mVYzfFLibOyd/IdEp8bA6gbUlHlZOs=$GJR2QVgXUS1plXMDHNUIsw==
cf-chl-out: aY/2oYirQxQ5ae3/Bg3MP33lZYfDsreDfkgCIXL5PEt9kqzLUejEEBq9THX+X8zaxqnRCNjw+5S1E8/uORU3gw==$SsiljHXxCtgRHti1YUnM8w==
priority: u=3,i=?0
server: cloudflare
cf-ray: 956471761e6db500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

POST kleenfortecom.compassion.it.com/6NOUr/

104.21.90.105

200 OK

2.2 kB

URL User Request POST
kleenfortecom.compassion.it.com/6NOUr/
IP
104.21.90.105:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcompassion.it.com
Fingerprint46:1B:48:EF:BF:AA:21:92:42:4C:89:F0:B7:09:CB:0E:1F:3B:80:8D
ValidityTue, 10 Jun 2025 10:36:03 GMT - Mon, 08 Sep 2025 11:34:16 GMT

File type
HTML document, ASCII text
Size
2.2 kB (2174 bytes)
Hash
47127f291ab25c0dffadf467567fa435
2696da97251c0cd09755c5b1277cfd591ba4b46c
6968b88ab9e213c0c27b8399062db1438435fb8aa01e4122902afa2bb8cae137

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

POST /6NOUr/ HTTP/1.1
Host: kleenfortecom.compassion.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 987
Origin: https://kleenfortecom.compassion.it.com
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/6NOUr/
Cookie: PHPSESSID=stv7kr5g2s12vgnke9vc70im6t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:53 GMT
content-type: text/html; charset=UTF-8
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=heJI7S2PQWHrCylWlaY4kIDjE9du9Ezrsb%2FtcAxZZsLq9691uQ%2FJPwBQII1UQJm9QNeh2s%2B2HvzlMp2l%2B3L7coJxfd%2BxFK6gMawWi4Uvct4M%2B4qEvf80YmB5uAzwdpowR8HxHfRWYlw9HMmLuko8eKTx"}],"group":"cf-nel","max_age":604800}
x-powered-by: PHP/8.0.30
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
content-encoding: br
cf-ray: 95647177ed6e56c1-OSL
server: cloudflare
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=3956&min_rtt=700&rtt_var=3210&sent=109&recv=152&lost=0&retrans=0&sent_bytes=9833&recv_bytes=10112&delivery_rate=402671&ss_exit_cwnd=14922&ss_exit_reason=2&cwnd=12000&unsent_bytes=0&cid=432bcb3d0e5ea532&ts=16593&inflight_dur=35&x=44"

GET kleenfortecom.compassion.it.com/6NOUr

104.21.90.105

301 Moved Permanently

2.6 kB

URL User Request GET
kleenfortecom.compassion.it.com/6NOUr
IP
104.21.90.105:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services
Subjectcompassion.it.com
Fingerprint46:1B:48:EF:BF:AA:21:92:42:4C:89:F0:B7:09:CB:0E:1F:3B:80:8D
ValidityTue, 10 Jun 2025 10:36:03 GMT - Mon, 08 Sep 2025 11:34:16 GMT

File type

Size
2.6 kB (2629 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

GET /6NOUr HTTP/1.1
Host: kleenfortecom.compassion.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 27 Jun 2025 11:00:36 GMT
content-type: text/html; charset=iso-8859-1
location: http://kleenfortecom.compassion.it.com/6NOUr/
server: cloudflare
cf-cache-status: DYNAMIC
nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=FVmdDnOVPcB0jr8LuoN1UsKj7tugyTbTVgyNNczl7r5mT9bS5OzcEgCUH%2FIzapU5mvbPQXth8eJKPHHGZfPtb%2FGDw0LGEPReXbOoe1USmPLK2FRVgeJACiDrxpT%2B"}]}
cf-ray: 95647112284d5697-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET kleenfortecom.compassion.it.com/6NOUr/

104.21.90.105

301 Moved Permanently

2.6 kB

URL User Request GET
kleenfortecom.compassion.it.com/6NOUr/
IP
104.21.90.105:80
ASN
#13335 CLOUDFLARENET

File type

Size
2.6 kB (2629 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

GET /6NOUr/ HTTP/1.1
Host: kleenfortecom.compassion.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Jun 2025 11:00:36 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://kleenfortecom.compassion.it.com/6NOUr/
Vary: accept-encoding
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=n02IheJNlDmf9yD3EgLxAzpmc9KwGiq39ZX9%2FUVPvFBoAPbymvV0Dm4xzrtYO9MswzUx0sx%2FaD1u8aKZnCRPZFTM2CYA37MqyUeNXHHlTGYG6BbEPnpijx8QIgT1"}]}
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Server: cloudflare
CF-RAY: 95647112ce0e569b-OSL
alt-svc: h2=":443"; ma=60

GET kleenfortecom.compassion.it.com/favicon.ico

104.21.90.105

404 Not Found

196 B

URL GET
kleenfortecom.compassion.it.com/favicon.ico
IP
104.21.90.105:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectcompassion.it.com
Fingerprint46:1B:48:EF:BF:AA:21:92:42:4C:89:F0:B7:09:CB:0E:1F:3B:80:8D
ValidityTue, 10 Jun 2025 10:36:03 GMT - Mon, 08 Sep 2025 11:34:16 GMT

File type
HTML document, ASCII text
Size
196 B (196 bytes)
Hash
62962daa1b19bbcc2db10b7bfd531ea6
d64bae91091eda6a7532ebec06aa70893b79e1f8
80c3fe2ae1062abf56456f52518bd670f9ec3917b7f85e152b347ac6b6faf880

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Microsoft
urlquery	phishing	Phishing - FlowerStorm Phishing Kit

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: kleenfortecom.compassion.it.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/6NOUr/
Cookie: PHPSESSID=stv7kr5g2s12vgnke9vc70im6t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Fri, 27 Jun 2025 11:00:37 GMT
content-type: text/html; charset=iso-8859-1
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h6iaBzPHLeX0jFtCYI9Sdh8azLxMOochDppJjbwhFVuMzw7AJTWJ6%2BwxAyBldp54XvXI6uBxgabPVJ%2FRv1vr5UY7YDEJeiJtKjaErB9W9x5L4biutm%2BQoJ4yChKwJrtYBF22EQGLZ6tldSN%2B6iAt4y7S"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=14400
cf-cache-status: MISS
content-encoding: br
cf-ray: 95647116598b56c1-OSL
server: cloudflare
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=4400&min_rtt=700&rtt_var=3095&sent=107&recv=149&lost=0&retrans=0&sent_bytes=8936&recv_bytes=8601&delivery_rate=402671&ss_exit_cwnd=14922&ss_exit_reason=2&cwnd=12000&unsent_bytes=0&cid=432bcb3d0e5ea532&ts=661&inflight_dur=14&x=44"

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/

104.18.94.41

200 OK

27 kB

URL GET
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
HTML document, ASCII text, with very long lines (26787), with no line terminators
Size
27 kB (26787 bytes)
Hash
42eff2cc83366268f0abfd8430bc6446
cd55b94ac272ea549e31152090ce30e8aae8e3e1
75d533ae7d3c1d887eb65053a656d6151cea9a28f205c884d01d002ce093d1aa

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/ HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:37 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: default-src 'none'; script-src 'nonce-aFrvrheWFr4QUE5e' 'unsafe-eval'; script-src-attr 'none'; worker-src blob:; style-src 'unsafe-inline'; img-src 'self'; connect-src 'self'; frame-src 'self' blob:; child-src 'self' blob:; form-action 'none'; base-uri 'self'; sandbox allow-same-origin allow-scripts allow-popups allow-forms
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
origin-agent-cluster: ?1
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
referrer-policy: same-origin
document-policy: js-profiling
priority: u=4,i=?0
server: cloudflare
cf-ray: 956471166f38b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=956471166f38b500&lang=auto

104.18.94.41

200 OK

141 kB

URL GET
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=956471166f38b500&lang=auto
IP
104.18.94.41:443
ASN
#13335 CLOUDFLARENET

Requested by
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
Certificate
IssuerGoogle Trust Services
Subjectchallenges.cloudflare.com
Fingerprint66:48:DF:B4:8B:9D:6A:8C:3A:B7:0F:CF:92:C7:AF:56:B9:3D:A2:1C
ValidityTue, 29 Apr 2025 17:49:00 GMT - Mon, 28 Jul 2025 18:48:58 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
141 kB (141023 bytes)
Hash
3bd1a69dfcba738a3bcb9afcb09121cf
b2a390ab9667f115b78b9763079f5a06cd8da65d
9087c54428d128e90569cba0033aa81482e99ab0af51ce7178f44c93ac0bb3c6

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=956471166f38b500&lang=auto HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/witf0/0x4AAAAAABg4D1s6a_7HHJOh/auto/fbE/new/normal/auto/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Fri, 27 Jun 2025 11:00:37 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
priority: u=3,i=?0
server: cloudflare
cf-ray: 956471170844b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri

GET cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

104.17.25.14

200 OK

19 kB

URL GET
cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
IP
104.17.25.14:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectcdnjs.cloudflare.com
Fingerprint4B:06:E9:E2:47:47:F5:3C:33:58:F8:2A:95:70:22:5E:23:19:03:77
ValidityThu, 22 May 2025 14:38:44 GMT - Wed, 20 Aug 2025 15:38:38 GMT

File type
JavaScript source, ASCII text, with very long lines (19015)
Size
19 kB (19188 bytes)
Hash
70d3fda195602fe8b75e0097eed74dde
c3b977aa4b8dfb69d651e07015031d385ded964b
a52f7aa54d7bcaafa056ee0a050262dfc5694ae28dee8b4cac3429af37ff0d66

HTTP Headers

GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kleenfortecom.compassion.it.com
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:00:53 GMT
content-type: application/javascript; charset=utf-8
content-length: 6157
cf-ray: 9564717c8be856a8-OSL
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03fa9-4af4"
last-modified: Mon, 04 May 2020 16:15:37 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1257709
expires: Wed, 17 Jun 2026 11:00:53 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c3CYv0FZQDkfcBsfQ6qFX%2FCw7eP3nWAUZAudDLPurwcRvzvE92kXTe%2FsYS4Lvzc%2Bwm3eN%2F7RZwM%2B8AAdncEHbLGziBQ2arcSg50d1wVt10Smlny5elCDNpDEStIjbp4yLnP%2BJz4v"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

104.18.10.207

200 OK

49 kB

URL GET
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://kleenfortecom.compassion.it.com/6NOUr/
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint73:3E:54:5A:E7:0A:B5:3C:11:79:4A:9F:FE:64:7B:38:B7:15:03:C0
ValidityWed, 14 May 2025 02:01:13 GMT - Tue, 12 Aug 2025 03:00:50 GMT

File type
JavaScript source, ASCII text, with very long lines (48664)
Size
49 kB (48944 bytes)
Hash
14d449eb8876fa55e1ef3c2cc52b0c17
a9545831803b1359cfeed47e3b4d6bae68e40e99
e7ed36ceee5450b4243bbc35188afabdfb4280c7c57597001de0ed167299b01b

HTTP Headers

GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://kleenfortecom.compassion.it.com
DNT: 1
Connection: keep-alive
Referer: https://kleenfortecom.compassion.it.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 27 Jun 2025 11:00:53 GMT
content-type: application/javascript; charset=utf-8
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: public, max-age=31919000
content-encoding: br
etag: "14d449eb8876fa55e1ef3c2cc52b0c17"
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
cdn-cachedat: 03/22/2025 12:19:15
cdn-proxyver: 1.22
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 1048
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requesttime: 0
cdn-requestid: 8a66ba6a883cffd548b6fd23a0c5eb64
cdn-cache: HIT
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 9564717cbce556c4-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (60)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML