{"report_id":"3e3994e2-9bfb-4c05-b688-a6c7181bc856","version":6,"status":"done","tags":[],"date":"2025-11-26T05:24:31Z","url":{"schema":"http","addr":"salator.es/sa1at/87702efhttps:/salator.es/sa1at/59e2c23","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"salator.es/login/","fqdn":"salator.es","domain":"salator.es","tld":"es"},"title":"WEB_RAT","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"salator.es/sa1at/87702efhttps:/salator.es/sa1at/59e2c23","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-31T05:24:31Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"www.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"js.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2025-11-23T22:21:53.253409Z","alert_count":0,"request_count":2,"received_data":100253,"sent_data":964,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"www.hcaptcha.com","ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-01-12","domain_rank":84138,"first_seen":"2019-09-05T05:55:07Z","last_seen":"2025-11-21T21:16:52.858187Z","alert_count":0,"request_count":1,"received_data":273435,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"salator.es","ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-02T10:59:36.082745Z","last_seen":"2025-11-24T02:20:20.325887Z","alert_count":36,"request_count":9,"received_data":1143664,"sent_data":4468,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:3.6.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"hCaptcha:1","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-11-23T22:33:46.594107Z","alert_count":0,"request_count":1,"received_data":90781,"sent_data":439,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-23T22:17:41.224107Z","alert_count":0,"request_count":1,"received_data":6902,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"i.imgur.com","ip":{"addr":"199.232.192.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2009-01-09","domain_rank":3309,"first_seen":"2012-05-21T08:09:36Z","last_seen":"2025-11-24T03:47:19.500548Z","alert_count":0,"request_count":4,"received_data":3904,"sent_data":1708,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"js.hcaptcha.com","ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-01-12","domain_rank":44433,"first_seen":"2021-07-30T11:51:37Z","last_seen":"2025-11-24T06:03:06.45617Z","alert_count":1,"request_count":1,"received_data":273750,"sent_data":407,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"641dd14370106e992d352166f5a07e99","sha1":"eda46747c71d38a880bee44f9a439c3858bb8f99","sha256":"a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af","sha512":"a6e981b23351186aa43f32879dd64c6801be6e2af7ef8b0e472cccdeeba52d5d7894de4bcb292a364f1e11e525524077534338140a72687ada4fae62849843a5","ssdeep":"1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH","tlshash":"d193f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","size":89795,"data":"","first_seen":"2023-03-26T04:59:07Z","last_seen":"2026-05-27T12:12:41.19873Z","times_seen":24248,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"58cdfa4e301d3ab9c19e1f0cc9c00ebb","sha1":"023052b833bbe5b7c086fd4e1deee5cd833a698e","sha256":"4d4f55f276f07645d914ce098fb28ea66a9094366b7fad25202534ec01cf107f","sha512":"551377d3797a91d8d04016a88d27f57a285056741c89642a2f87104f480e3bb6be49dfa933aa1d1006491568f6a7a8972cd39be589945cdf593e1cdfe9fe987b","ssdeep":"","tlshash":"cfe05e0b88faa03a2a3370394c0b41066257494790a0a6947bae53a11fc3d349a5a4a8","size":330,"data":"","first_seen":"2025-11-03T17:10:17.141688Z","last_seen":"2026-05-16T23:36:24.127417Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/script.js","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fad8dd2dc6f17b7dcb40e5c4a9b6afe8","sha1":"385f28d87f0ed70593099d980ef196a53657516b","sha256":"434c3e7d832f0adedb05a1c16fa4857ee04e8426da712ce250958e42bf561236","sha512":"5863aaf5e34b59ef059b636efded8e4fb588ee7e691ad0d9b2ac15199a2404ccf5a55856b2c7b733a74c73e3c600134e002a63a0450d187090e64a8c0d08b4a8","ssdeep":"384:ZqdGo351jX3XJ6qPQLZoTXlmlctB5dlT7cxUj2nxB1xt9Jk:ZqdG2735eL+MS8DC","tlshash":"91d25e6ca426021a8933737e8f771908fe26113753018b41bd6d86c83fb596ae276fdd","size":28796,"data":"","first_seen":"2025-11-03T17:10:17.135474Z","last_seen":"2026-01-20T07:38:16.914285Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c24b8c0b90ddbe66379c2eb5458e2d7","sha1":"55e1ecb91d06532e110b7d5262d941caa3c8f9d1","sha256":"0594e1933828cacea3ac52f9538ab0bf66b987841f45241189a9533af688eee4","sha512":"dca55d18707d8645e9983f3f6d2b933171e15c50eb35a251ab04163dcd0e08c226c7ffc7d1cff7a68c429277e5ee270a10f0087a0c1a5d8d9ea63d61a1351806","ssdeep":"768:1hCnhd620Mg5LUU6OMX0skef2w97+Fsg0D5GHmXuHKQPciAsG91C+8APDGDewY8t:1O62dg5LUU6Ov+2k7rIHPCADt","tlshash":"60231a583296387227d980e5617b63437325753af94ccc50e823d936267cdcad237bba","size":49601,"data":"","first_seen":"2025-11-21T10:20:04.556191Z","last_seen":"2025-12-04T15:38:58.928982Z","times_seen":18890,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c133bc0d840e28562c1c75c70173507d","sha1":"20e4a3ab3d32ec4c798261e01dcc4c6196738cf5","sha256":"19a28e2d74e7eee25716e5a9e7bba44191ae28ada05995a5107d7a85cea3054f","sha512":"a7b132da7061298122f72874883b3e18c034b6d79b3aa565dce3b6a16473471b43a0dfd179dc9870715425984c562f0d29174403b9fef4d4cd417fe414866037","ssdeep":"96:Ys1bqBuamdBcALw39jG9zMbfaQa05SiEuoM+P2pWodxZ/wVpWkanK3z:h1bMWg69zMbyQPM5pMU4vnmJz","tlshash":"7fc19539b11cb523479220b555af3507f16aa8527a378934f229cc397c7c78d00abf6a","size":5876,"data":"","first_seen":"2023-03-07T12:57:58Z","last_seen":"2026-05-26T03:35:11.711695Z","times_seen":696,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hcaptcha.com/1/api.js","fqdn":"www.hcaptcha.com","domain":"hcaptcha.com","tld":"com"},"ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"45351728da20205efaed43b51ebe42d6","sha1":"6c2991ca703056310ffde0fec59df1bddbf49607","sha256":"7e884df6803f65db2d5e46af9de704dbfa0d626b487a3ea8bf71dd767629c099","sha512":"86d4ca67adaa17792e7c685e3e6532243bbdddbb88b5e1543d1c500c41dd587b11c326343dc122463969ffe43c828a1bc2d020199935e850ca3da9f4342debb5","ssdeep":"6144:Uw5IwyeiA2Tu+qpX2zFnoJqhg2le9RGM7h:xkuQg","tlshash":"254481be22417abb52e507d1c0ee130b5bf1d81734085498f7a2a8dedc6ca87513db7a","size":272937,"data":"","first_seen":"2025-11-24T17:35:20.07084Z","last_seen":"2025-12-02T17:35:52.715827Z","times_seen":1377,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"www.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"salator.es/fonts/RubikGlitch-Regular.ttf","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /fonts/RubikGlitch-Regular.ttf HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/style.css\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: text/plain\r\nvary: accept-encoding\r\nlast-modified: Thu, 22 Sep 2022 05:27:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"632bf22e-5dd30\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=29Yj15mNHK8I94URpqD8lJe92EvkvhkUe9Ym8jzzGsQuW95%2FZh5rPzQjjyCQ9gvT4jNbagRsgiG4lOpD51ysGV4ipJQl0ah0vEk%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9a46f537dbaab28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":384304,"size_decoded":0,"mime_type":"text/plain","magic":"TrueType Font data, 15 tables, 1st \"pGDE\", 0 names, Unicode, type 16834 string","md5":"64297a3be7b4b1921cb15c982e31d0f1","sha1":"702cd09efc09784fcf3d47904c65619fe4476695","sha256":"bd8c18c7567922311a01bc4eff98901ce54d978e8e220c43b3464583380e9948","sha512":"29a1b013cc2ae674f06705f2f57dea2cfdf55b872b0e6ed772259da00a7dc4bfe4604ed1343923d87004184c041c1dd3eb31f42c12e6c8c991546c05fecc425a","ssdeep":"6144:X+HzYTvLHzrUqSeu8DR0/idsHGkjku0hI6kvxyo:OH6vLHzryeu8tKidUGkYuGI6Yyo","tlshash":"91948106c459efbcd1238f7a1f227589d24aac5d6ba607c4ec4f1eb99d321103d2cda9","first_seen":"2025-10-07T19:51:24.717635Z","last_seen":"2026-05-16T23:36:24.093377Z","times_seen":86,"resource_available":false,"data":null}},"time_used":230,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.42","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.160Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:04 GMT","end":"Mon, 19 Jan 2026 08:35:03 GMT"},"fingerprint":{"sha1":"86:F4:DF:07:D6:8D:EF:68:44:7A:73:C8:39:14:1A:2F:98:5E:A2:40","sha256":"A0:B7:4F:94:25:40:33:52:BC:F7:0A:E1:AD:30:BD:19:C3:E9:BB:25:0B:05:26:7C:F8:BB:F0:59:3B:E7:F2:8D"}}},"request":{"raw":"GET /ajax/libs/jquery/3.6.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31154\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 24 Nov 2025 10:17:58 GMT\r\nexpires: Tue, 24 Nov 2026 10:17:58 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 155171\r\nlast-modified: Tue, 04 Apr 2023 03:27:01 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":89795,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"641dd14370106e992d352166f5a07e99","sha1":"eda46747c71d38a880bee44f9a439c3858bb8f99","sha256":"a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af","sha512":"a6e981b23351186aa43f32879dd64c6801be6e2af7ef8b0e472cccdeeba52d5d7894de4bcb292a364f1e11e525524077534338140a72687ada4fae62849843a5","ssdeep":"1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH","tlshash":"d193f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","first_seen":"2023-03-26T04:59:07Z","last_seen":"2026-05-27T12:12:41.19873Z","times_seen":24248,"resource_available":true,"data":null}},"time_used":634,"timings":{"blocked":297,"dns":1,"connect":15,"send":0,"wait":15,"receive":15,"ssl":284},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.161Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/prefixfree/1.0.7/prefixfree.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2135\r\ncf-ray: 9a46f5356b3f1a30-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03faa-16f4\"\r\nlast-modified: Mon, 04 May 2020 16:15:38 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 349470\r\nexpires: Mon, 16 Nov 2026 05:24:09 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=WZZowI1%2FAIeKPGCtd8%2FhXGd91%2BYhZZD%2F%2FE961oDz1l%2F3hxogQ98E8lO4op%2BfUInAlWu0OQ1Kjz3mGvWrv3%2B6oTjRxkcTT5YmosY8dDPDq9yp3uaIWzlzMm1aeteEI96qPqwAmJOk\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5876,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (5798)","md5":"c133bc0d840e28562c1c75c70173507d","sha1":"20e4a3ab3d32ec4c798261e01dcc4c6196738cf5","sha256":"19a28e2d74e7eee25716e5a9e7bba44191ae28ada05995a5107d7a85cea3054f","sha512":"a7b132da7061298122f72874883b3e18c034b6d79b3aa565dce3b6a16473471b43a0dfd179dc9870715425984c562f0d29174403b9fef4d4cd417fe414866037","ssdeep":"96:Ys1bqBuamdBcALw39jG9zMbfaQa05SiEuoM+P2pWodxZ/wVpWkanK3z:h1bMWg69zMbyQPM5pMU4vnmJz","tlshash":"7fc19539b11cb523479220b555af3507f16aa8527a378934f229cc397c7c78d00abf6a","first_seen":"2023-03-07T12:57:58Z","last_seen":"2026-05-26T03:35:11.711695Z","times_seen":696,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":23,"dns":1,"connect":5,"send":0,"wait":11,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/YGNIDQq.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.192.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.164Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /YGNIDQq.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 15:20:06 GMT\r\netag: \"af93b78d12d5bb5be10ef24c2ee3f8c1\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: rOQVJ2bm-jonkcAKlK3P_eJ-LzkcEyogYDPxlA1TQcl2O01wH3PP6A==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 1291569\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\nx-served-by: cache-iad-kjyo7100111-IAD, cache-hel1410028-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 605, 0\r\nx-timer: S1764134649.232046,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 150\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"af93b78d12d5bb5be10ef24c2ee3f8c1","sha1":"417ced4b61a7138b2635b6df66ca1548499c01c3","sha256":"4580b5daf6b624e6cdfdd14317b14f09b0e5da501e3771f3ba4c333c539d7cef","sha512":"cff6416c19c22a822257f7e0c86ff545d5f5cd18d691c270c4c84a8bc58e1dd43c68ae5c41e088d4ea0122d4a7bf64677e5ba41e8a48a512f537dfee6763784f","ssdeep":"","tlshash":"bec08c9b308c3a34c709d03f630090224ea227e8f49284d842868aad69906888091e16","first_seen":"2025-04-18T14:04:49.057079Z","last_seen":"2025-12-03T19:41:58.227206Z","times_seen":86,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":63,"dns":0,"connect":0,"send":0,"wait":16,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.hcaptcha.com/1/api.js","fqdn":"js.hcaptcha.com","domain":"hcaptcha.com","tld":"com"},"ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hcaptcha.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 21:56:55 GMT","end":"Fri, 23 Jan 2026 22:56:51 GMT"},"fingerprint":{"sha1":"A4:15:32:49:93:6A:E4:9F:0F:65:76:08:3E:04:2C:FA:87:57:7D:90","sha256":"D6:E4:78:68:8D:D7:DF:4D:13:24:4A:8A:E4:4D:E0:CE:80:FC:94:F0:3F:31:79:A4:DD:56:05:89:99:7F:AF:F9"}}},"request":{"raw":"GET /1/api.js HTTP/1.1\r\nHost: js.hcaptcha.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://salator.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\ncf-ray: 9a46f535df40569d-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300\r\netag: W/\"cbca40ccdbc81040f39fcf7ce8d7c650\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Origin, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nset-cookie: __cf_bm=RfcC2WBFd.5KlhTR_mbGAarVJPXpDboHm4yduslp_II-1764134649-1.0.1.1-dtnX5VggHWoE.ayrMU1Xmj1bXkkUse9IrH.cuPmcBaUV3FaP4lvE5njSGSOCVXvUvdEiF1CeCI2efopThNwQn9g3eIdPX3aWpGXCvk0LhhI; path=/; expires=Wed, 26-Nov-25 05:54:09 GMT; domain=.hcaptcha.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]}],"data":{"size":272937,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (41132)","md5":"45351728da20205efaed43b51ebe42d6","sha1":"6c2991ca703056310ffde0fec59df1bddbf49607","sha256":"7e884df6803f65db2d5e46af9de704dbfa0d626b487a3ea8bf71dd767629c099","sha512":"86d4ca67adaa17792e7c685e3e6532243bbdddbb88b5e1543d1c500c41dd587b11c326343dc122463969ffe43c828a1bc2d020199935e850ca3da9f4342debb5","ssdeep":"6144:Uw5IwyeiA2Tu+qpX2zFnoJqhg2le9RGM7h:xkuQg","tlshash":"254481be22417abb52e507d1c0ee130b5bf1d81734085498f7a2a8dedc6ca87513db7a","first_seen":"2025-11-24T17:35:20.07084Z","last_seen":"2025-12-02T17:35:52.715827Z","times_seen":1377,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":3,"connect":1,"send":0,"wait":13,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"js.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/favicon.ico","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.744Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Sat, 06 Jan 2024 17:23:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"65998c7c-3c2e\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0aBbi%2F1QcTIOJDmGnKGA0kmd%2B26U%2Bo8KovJJB5R%2BjvgGq6ZdsZ8mI5VVhG9qEe9LCeEgIryiEl0zQfoIxQLDhjp2AAiioLWIypY%3D\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9a46f538ebb8b28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"fd64809b0b5016081e0b04018fa3f90c","sha1":"0a33ea99ee4a72fd1a2823e5d794eaa7773f8467","sha256":"8809650276d0578346c66471a51d885a55abe3938829b9ff0e442c4d5d75f5db","sha512":"a1396f118b509d36985b557f8744cb1644780c05862753927f90ab53b13e9e340ae353c4b975487e4304eeb8c58ff55dab4963446a36ad448ad1d49bd889e28a","ssdeep":"48:l1IqiJcC3CF4/KAZ8xMUWDV5fpC7iAo6n1v8fRLRmnexy4G/9CS2ZIJ:uJcZF4/T8iUWjgVo6nGfRM6j+9ClIJ","tlshash":"d76272258bc50aa8ca40e730842aef79a307dcab4c51b7d61bf6afd73d363635906941","first_seen":"2025-04-18T14:04:49.06704Z","last_seen":"2026-05-16T23:36:24.094714Z","times_seen":278,"resource_available":false,"data":null}},"time_used":200,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":199,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/fonts/RubikGlitch-Regular.ttf","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.852Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /fonts/RubikGlitch-Regular.ttf HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: text/plain\r\nvary: accept-encoding\r\nlast-modified: Thu, 22 Sep 2022 05:27:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"632bf22e-5dd30\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gzMGg54qTj62mDAMt%2BnacAbH%2FOdX3s95Ts8YbNGq%2FRVd64RSKG5lH244jgvUsaPAtqKLbovrHwDOgTJJHj6qBnlK%2Fpx0oUak49U%3D\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9a46f5399bbeb28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":384304,"size_decoded":0,"mime_type":"text/plain","magic":"TrueType Font data, 15 tables, 1st \"pGDE\", 0 names, Unicode, type 16834 string","md5":"64297a3be7b4b1921cb15c982e31d0f1","sha1":"702cd09efc09784fcf3d47904c65619fe4476695","sha256":"bd8c18c7567922311a01bc4eff98901ce54d978e8e220c43b3464583380e9948","sha512":"29a1b013cc2ae674f06705f2f57dea2cfdf55b872b0e6ed772259da00a7dc4bfe4604ed1343923d87004184c041c1dd3eb31f42c12e6c8c991546c05fecc425a","ssdeep":"6144:X+HzYTvLHzrUqSeu8DR0/idsHGkjku0hI6kvxyo:OH6vLHzryeu8tKidUGkYuGI6Yyo","tlshash":"91948106c459efbcd1238f7a1f227589d24aac5d6ba607c4ec4f1eb99d321103d2cda9","first_seen":"2025-10-07T19:51:24.717635Z","last_seen":"2026-05-16T23:36:24.093377Z","times_seen":86,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/sa1at/87702efhttps:/salator.es/sa1at/59e2c23","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T05:24:08.531Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /sa1at/87702efhttps:/salator.es/sa1at/59e2c23 HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 05:24:08 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST\r\naccess-control-allow-headers: X-Requested-With\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gKxGMhGst67H%2F1bmZV9NZ0jzt43QOLTcsmtgBHfpdBYFwc%2B%2BS3Mp1ONwR666bASqcU2w1d9NRt7DgfBRcxGWaQIq%2FA5Qf3Ds\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a46f5317f0e56bb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":622,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"c90cadf3eeac66b554c972e3b7352c5c","sha1":"9603a879815b33927a38412f57ead3633c696153","sha256":"13afe3162c805020991d6228bffd71a4c946fd1506e0826f552a2cf256a5546b","sha512":"86fd1ea8321a488f67ed908c5fed9f7aef02ab8d817b7d4c8dee3cd89b5561a2bde541da3c9e6a448424931acbe2253d10b240f992f471fa0eae4b5e580ef365","ssdeep":"","tlshash":"2ff02eca5d55615a2b7372398e1b451dd417416740c0e105bfed03540ff3a1c9292fdc","first_seen":"2025-08-18T18:00:28.594994Z","last_seen":"2026-01-11T18:57:18.213261Z","times_seen":72,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":27,"dns":0,"connect":2,"send":0,"wait":207,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.154Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 18:59:09 GMT","end":"Wed, 21 Jan 2026 19:59:05 GMT"},"fingerprint":{"sha1":"62:5E:2A:E5:F4:DE:73:E8:94:15:72:65:28:EB:70:25:A8:D2:E7:61","sha256":"2D:41:D6:2B:6A:BB:89:80:01:28:9F:35:0B:2B:F4:6C:0D:B6:B1:E4:7E:E4:AC:35:2A:E0:69:DB:94:45:F7:D3"}}},"request":{"raw":"GET /turnstile/v0/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-length: 0\r\ncf-ray: 9a46f5355f765685-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public\r\ncross-origin-resource-policy: cross-origin\r\nlocation: /turnstile/v0/b/13c98df4ef2d/api.js\r\nvary: Accept-Encoding\r\nset-cookie: _cfuvid=Td9RZBmgq.i3t5JmwPpgtNrXkV39KKg2Plultq5MIp4-1764134649184-0.0.1.1-604800000; path=/; domain=.challenges.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49601,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T14:18:40.392025Z","times_seen":15778643,"resource_available":true,"data":null}},"time_used":63,"timings":{"blocked":23,"dns":0,"connect":1,"send":0,"wait":10,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/backend/captcha.php","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.857Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"POST /backend/captcha.php HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://salator.es/login/\r\nContent-Type: multipart/form-data; boundary=---------------------------313282289415643307063314753797\r\nContent-Length: 183\r\nOrigin: https://salator.es\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":183,"data":"-----------------------------313282289415643307063314753797\r\nContent-Disposition: form-data; name=\"action\"\r\n\r\ngenerate\r\n-----------------------------313282289415643307063314753797--\r\n"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:10 GMT\r\ncontent-type: application/json\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8OodbnhthkpVOrA226NLmsTxWpTdC96K0P0J2Ddik7A3a8wPRC2KtpfupN9Xa%2B5mpAuvSVCzdwUa6wDBMHMcZf%2FTCmYGjqwvNe8%3D\"}]}\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9a46f5399bbfb28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":289425,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e3f7b037e34a6ea4c0d783b1306a3605","sha1":"99d0f1bfe662a9d4f87cd77fa9b5c2ba2a805131","sha256":"fee08bd65ab88812cabe933544b083bf561eed125c6cd533af06302a7c114503","sha512":"91893f670c36f387a61428ee026198fdb421575b5c1e7e3a290370ca26d8b8c4888795f19745642a8f996a80b80d0810f3ee72206e0e9d456a7d1f294de1daef","ssdeep":"6144:CfIlIhNmxSUHiEhQJfwkD7Tpr6xFBf892lX4qF3g0Y0Uvwk45jx:CfNhw4UrhQxYnHlfFbqIjx","tlshash":"cf5412505f352aaec03894e2f1392f261e1d4ff3509be6759bea20d0d01bb79b639891","first_seen":"2025-11-26T05:24:33.917776Z","last_seen":"2025-11-26T05:24:33.917776Z","times_seen":1,"resource_available":false,"data":null}},"time_used":327,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":174,"receive":153,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T05:24:08.914Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/ HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/sa1at/87702efhttps:/salator.es/sa1at/59e2c23\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vl2CY6vd6xxiWj9TZTWlJ%2B9z%2BcGQLERLXLF5gklrl%2BG89lhwgM5AbVhN4%2FNCtM20f6eEIK56oWE6v4voFpm7F4GpYu0oS0Gm%2FIE%3D\"}]}\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: 9a46f533bb72b28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:3.6.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"hCaptcha:1","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}],"data":{"size":11035,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1024), with CRLF line terminators","md5":"795eb2c436c116ad2dba76b2d03f4715","sha1":"f96efe6f99acebb8d951b35d6f5fc4ae0819eed0","sha256":"3e601e547da7bce8081569a4f3d55ccd8aefb5e7eb90c4e4ff078937d6de751e","sha512":"37b9e90931c2c9c326f0384edf1d1e9723588bd36e485cd688e75c33890b150a5a7b44dac6f8578ca8832950710214fe2ed585587cc418fa05311fa318584cf0","ssdeep":"192:r0/2QFSrLycXVsjFUoXPOIaogERFLuyG9k2DYj1:oTbkVAWI/ekok1","tlshash":"1b32653498c59abe40b381950a712679fe4ec1db86958604b7bc87d37fb3cc4cc8b498","first_seen":"2025-11-03T17:10:17.134035Z","last_seen":"2025-12-03T19:41:58.231537Z","times_seen":63,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hcaptcha.com/1/api.js","fqdn":"www.hcaptcha.com","domain":"hcaptcha.com","tld":"com"},"ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hcaptcha.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 04:55:57 GMT","end":"Mon, 16 Feb 2026 05:55:51 GMT"},"fingerprint":{"sha1":"12:B6:37:0D:E4:B1:D7:DB:48:A2:D6:AF:01:8B:A8:7F:3D:5B:E6:32","sha256":"36:B6:8F:50:8B:8E:B4:B1:18:5E:5E:B7:30:1D:A1:5B:B2:AA:67:83:22:77:31:E9:98:ED:9F:39:D7:9C:6D:56"}}},"request":{"raw":"GET /1/api.js HTTP/1.1\r\nHost: www.hcaptcha.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: text/html\r\ncontent-length: 167\r\nlocation: https://js.hcaptcha.com/1/api.js\r\ncache-control: max-age=3600\r\nexpires: Wed, 26 Nov 2025 06:24:09 GMT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncross-origin-opener-policy: same-origin\r\nserver: cloudflare\r\ncf-ray: 9a46f535697f569b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":272937,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T14:18:40.392025Z","times_seen":15778643,"resource_available":true,"data":null}},"time_used":69,"timings":{"blocked":25,"dns":4,"connect":1,"send":0,"wait":8,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/8IPoQpO.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.192.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /8IPoQpO.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 13:21:10 GMT\r\netag: \"1f0902eabb3cda9a735e8e23f60cb943\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: fyNP1ypVbqRdr1jsx70Y5lHUil2vabtLOZXFX06L79kFN8c6YsizOQ==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 407429\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\nx-served-by: cache-iad-kcgs7200165-IAD, cache-hel1410028-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 387, 0\r\nx-timer: S1764134649.235137,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 145\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":145,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"1f0902eabb3cda9a735e8e23f60cb943","sha1":"4b450a4fb67bed5ceb424168a8df6a930e55c318","sha256":"c5753562cea595ae4551d76360d451424cb046b2b52f205152f2d89a2527a476","sha512":"7448cdff599398379f7c73da4abe05576bca91b9603a7ff2c7b9c88dff67b27fe6d2f173afe3f12468dda907bd164a2ddcdbfd0db41b0625b5c42cfdc5443eb9","ssdeep":"","tlshash":"18c08c9622c93eb88b8582326a0281948d294a9f80b0500c4302607e71cd0cc80a0306","first_seen":"2025-04-18T14:04:49.071109Z","last_seen":"2025-12-03T19:41:58.22624Z","times_seen":86,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":67,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/pu8PwzP.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.192.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /pu8PwzP.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 15:20:21 GMT\r\netag: \"fad0799aa84b08b67c36fcf2d8d68099\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: lT2Rt7Ne2rDlFdsBBkJQtNjQzme2nVM40-kNwhWj26fxjg2R8MDpEQ==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 1286329\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\nx-served-by: cache-iad-kjyo7100075-IAD, cache-hel1410028-HEL\r\nx-cache: Miss from cloudfront, HIT, MISS\r\nx-cache-hits: 978, 0\r\nx-timer: S1764134649.231954,VS0,VE108\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 259\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"fad0799aa84b08b67c36fcf2d8d68099","sha1":"69229b1a1c5c071e5076b525804a9b95addaca31","sha256":"0d3d8390191bd5185e76928ee7f3201460281fba017870e2f05cfa35c3e6ffe0","sha512":"c329a0dde54646d0bd76fa654858d2bcce21d85fe41265f3912bf17c2bf85f20eea7954e0838e9dcd85ff0c9a60a850c105e6e31e0b7359621173bb71c0db8c8","ssdeep":"","tlshash":"29d02bbb9547a824cb5b4a238b506042cc5a1a35c26151b80103c42a71abaac46e1e91","first_seen":"2025-04-18T14:04:49.058009Z","last_seen":"2025-12-03T19:41:58.220425Z","times_seen":86,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":62,"dns":0,"connect":0,"send":0,"wait":121,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/script.js","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/script.js HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 31 Oct 2025 15:44:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"6904d967-707c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=WEIu0LgbcaCr3b4SJD4BZqThoSYChqLUiY5uHoiB4zyFGey%2Fm24MTRXxkFS%2BaECYOoflvTAwjSFAVq1d%2FnlUpKaqPXy7plC6csQ%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9a46f5354b8ab28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28796,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"fad8dd2dc6f17b7dcb40e5c4a9b6afe8","sha1":"385f28d87f0ed70593099d980ef196a53657516b","sha256":"434c3e7d832f0adedb05a1c16fa4857ee04e8426da712ce250958e42bf561236","sha512":"5863aaf5e34b59ef059b636efded8e4fb588ee7e691ad0d9b2ac15199a2404ccf5a55856b2c7b733a74c73e3c600134e002a63a0450d187090e64a8c0d08b4a8","ssdeep":"384:ZqdGo351jX3XJ6qPQLZoTXlmlctB5dlT7cxUj2nxB1xt9Jk:ZqdG2735eL+MS8DC","tlshash":"91d25e6ca426021a8933737e8f771908fe26113753018b41bd6d86c83fb596ae276fdd","first_seen":"2025-11-03T17:10:17.135474Z","last_seen":"2026-01-20T07:38:16.914285Z","times_seen":69,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":194,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/style.css","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/style.css HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\nlast-modified: Mon, 27 Oct 2025 15:23:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"68ff8e6f-2ecf\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qUAOwrEXhKWhSAYcq%2FmoABrpNtpTFELZyYNqbFRoiKGWG7W2gBBNRr5yYD%2BnoWCVafXYiAWZ1y1sRxBMDQjN5Qn8wBrcwJQCvdk%3D\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9a46f5383bb0b28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11983,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with CRLF line terminators","md5":"a22b1dc49946bde6944139591911f0f8","sha1":"4f8358cea9734b0b9d44b0133225ea5c1c6a22d6","sha256":"4e198428260b804e45f252339203fd66e299e02883f2bfb5b7bbf05ac808d58c","sha512":"ec5da9bf61b351c01230c69ce3c447867cfa5e4cdbee7fbdf3a5774a4c282171f3998e905ebb64e8467b118e476b482399813fa2eb9e7d53797524c314a5a010","ssdeep":"96:UnycmycQ25C8uUlnaEnSl1peMJ2pxOPIb9Uo1WU/EWUJl4yXvS7bnvFBw2XxN7z8:NcHcrlHlnjnSLPoHMJ7KjfXxNzWwAnl","tlshash":"e63264add5521113a533e2b67b91d629f7a224a75f4343e9bff41094e2c06bc2226ec8","first_seen":"2025-11-03T17:10:17.131954Z","last_seen":"2026-05-16T23:36:24.107263Z","times_seen":74,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/style.css","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.151Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/style.css HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\nlast-modified: Mon, 27 Oct 2025 15:23:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"68ff8e6f-2ecf\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wgdreEbqp6aREM4O0qjVMaZdUjlNVGmOk%2Bu5so%2BOgT5hcR7d6KaWOlvsfYczI7mHdY%2BzhzCsu%2BbGEKz3kLMzU1qJpBPSGSiqq%2B8%3D\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9a46f5352b88b28a-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11983,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with CRLF line terminators","md5":"a22b1dc49946bde6944139591911f0f8","sha1":"4f8358cea9734b0b9d44b0133225ea5c1c6a22d6","sha256":"4e198428260b804e45f252339203fd66e299e02883f2bfb5b7bbf05ac808d58c","sha512":"ec5da9bf61b351c01230c69ce3c447867cfa5e4cdbee7fbdf3a5774a4c282171f3998e905ebb64e8467b118e476b482399813fa2eb9e7d53797524c314a5a010","ssdeep":"96:UnycmycQ25C8uUlnaEnSl1peMJ2pxOPIb9Uo1WU/EWUJl4yXvS7bnvFBw2XxN7z8:NcHcrlHlnjnSLPoHMJ7KjfXxNzWwAnl","tlshash":"e63264add5521113a533e2b67b91d629f7a224a75f4343e9bff41094e2c06bc2226ec8","first_seen":"2025-11-03T17:10:17.131954Z","last_seen":"2026-05-16T23:36:24.107263Z","times_seen":74,"resource_available":false,"data":null}},"time_used":194,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":193,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/QoZm6IG.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.192.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.162Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /QoZm6IG.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 15:19:33 GMT\r\netag: \"5642df1ef15c36e9a4c8bc6f1e35f155\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: ZT6lH_e4NtEzyGu1uNs2Z4dPQES_13iAwC4N-PhWCZEhpZzwqQ8XJg==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 487296\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\nx-served-by: cache-iad-kiad7000096-IAD, cache-hel1410028-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 87, 0\r\nx-timer: S1764134649.231875,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 334\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":334,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"5642df1ef15c36e9a4c8bc6f1e35f155","sha1":"e78712cdc0072c4016aa1fb488d8d50fdab9478d","sha256":"29d6ecfd18e459cdee0c2bd903b1d73b371e7b5b25e5799ed478848fb3e908bc","sha512":"8444cdd13f1e7695402acf618d7ba536cc3f561334fca2e40d490a446b1eb49987578e25040a3d54efad2c3ff0a209402d4a64892c325f001509019ae59f2278","ssdeep":"","tlshash":"f4e02876d101fc7cdbc923780d27d21063510b42a763b2dc4902243a1470440a8fd53c","first_seen":"2025-04-18T14:04:49.070177Z","last_seen":"2025-12-03T19:41:58.21271Z","times_seen":86,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":65,"dns":12,"connect":13,"send":0,"wait":15,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/b/13c98df4ef2d/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.95.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T05:24:09.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 18:59:09 GMT","end":"Wed, 21 Jan 2026 19:59:05 GMT"},"fingerprint":{"sha1":"62:5E:2A:E5:F4:DE:73:E8:94:15:72:65:28:EB:70:25:A8:D2:E7:61","sha256":"2D:41:D6:2B:6A:BB:89:80:01:28:9F:35:0B:2B:F4:6C:0D:B6:B1:E4:7E:E4:AC:35:2A:E0:69:DB:94:45:F7:D3"}}},"request":{"raw":"GET /turnstile/v0/b/13c98df4ef2d/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://salator.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _cfuvid=Td9RZBmgq.i3t5JmwPpgtNrXkV39KKg2Plultq5MIp4-1764134649184-0.0.1.1-604800000\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 05:24:09 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Thu, 20 Nov 2025 16:30:22 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9a46f5357f865685-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49601,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (49600)","md5":"9c24b8c0b90ddbe66379c2eb5458e2d7","sha1":"55e1ecb91d06532e110b7d5262d941caa3c8f9d1","sha256":"0594e1933828cacea3ac52f9538ab0bf66b987841f45241189a9533af688eee4","sha512":"dca55d18707d8645e9983f3f6d2b933171e15c50eb35a251ab04163dcd0e08c226c7ffc7d1cff7a68c429277e5ee270a10f0087a0c1a5d8d9ea63d61a1351806","ssdeep":"768:1hCnhd620Mg5LUU6OMX0skef2w97+Fsg0D5GHmXuHKQPciAsG91C+8APDGDewY8t:1O62dg5LUU6Ov+2k7rIHPCADt","tlshash":"60231a583296387227d980e5617b63437325753af94ccc50e823d936267cdcad237bba","first_seen":"2025-11-21T10:20:04.556191Z","last_seen":"2025-12-04T15:38:58.928982Z","times_seen":18890,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}