{"report_id":"68c7f286-c4b0-4b8f-9ea8-46176d3d9606","version":6,"status":"done","tags":[],"date":"2025-11-26T11:26:02Z","url":{"schema":"http","addr":"salator.es/sa1at/https:/salator.es/sa1at/e4f3bbba9d1457035f2c19463cbc9ae4f3bbba9d1457035f2c","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"salator.es/login/","fqdn":"salator.es","domain":"salator.es","tld":"es"},"title":"WEB_RAT","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"salator.es/sa1at/https:/salator.es/sa1at/e4f3bbba9d1457035f2c19463cbc9ae4f3bbba9d1457035f2c","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"104.21.19.248","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-31T11:26:02Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"www.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"js.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-23T22:17:41.224107Z","alert_count":0,"request_count":1,"received_data":6890,"sent_data":448,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"i.imgur.com","ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2009-01-09","domain_rank":3309,"first_seen":"2012-05-21T08:09:36Z","last_seen":"2025-11-24T03:47:19.500548Z","alert_count":0,"request_count":4,"received_data":3901,"sent_data":1708,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"js.hcaptcha.com","ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-01-12","domain_rank":44433,"first_seen":"2021-07-30T11:51:37Z","last_seen":"2025-11-24T06:03:06.45617Z","alert_count":1,"request_count":1,"received_data":273750,"sent_data":407,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2025-11-23T22:33:46.594107Z","alert_count":0,"request_count":1,"received_data":90781,"sent_data":439,"comment":"","tags":null,"fingerprints":null},{"fqdn":"challenges.cloudflare.com","ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":11393,"first_seen":"2021-10-20T05:02:03Z","last_seen":"2025-11-23T22:21:53.253409Z","alert_count":0,"request_count":2,"received_data":100253,"sent_data":964,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"salator.es","ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-02T10:59:36.082745Z","last_seen":"2025-11-24T02:20:20.325887Z","alert_count":36,"request_count":9,"received_data":1037271,"sent_data":4539,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:3.6.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"hCaptcha:1","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}]},{"fqdn":"www.hcaptcha.com","ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-01-12","domain_rank":84138,"first_seen":"2019-09-05T05:55:07Z","last_seen":"2025-11-21T21:16:52.858187Z","alert_count":0,"request_count":1,"received_data":273435,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c133bc0d840e28562c1c75c70173507d","sha1":"20e4a3ab3d32ec4c798261e01dcc4c6196738cf5","sha256":"19a28e2d74e7eee25716e5a9e7bba44191ae28ada05995a5107d7a85cea3054f","sha512":"a7b132da7061298122f72874883b3e18c034b6d79b3aa565dce3b6a16473471b43a0dfd179dc9870715425984c562f0d29174403b9fef4d4cd417fe414866037","ssdeep":"96:Ys1bqBuamdBcALw39jG9zMbfaQa05SiEuoM+P2pWodxZ/wVpWkanK3z:h1bMWg69zMbyQPM5pMU4vnmJz","tlshash":"7fc19539b11cb523479220b555af3507f16aa8527a378934f229cc397c7c78d00abf6a","size":5876,"data":"","first_seen":"2023-03-07T12:57:58Z","last_seen":"2026-05-26T03:35:11.711695Z","times_seen":696,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"641dd14370106e992d352166f5a07e99","sha1":"eda46747c71d38a880bee44f9a439c3858bb8f99","sha256":"a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af","sha512":"a6e981b23351186aa43f32879dd64c6801be6e2af7ef8b0e472cccdeeba52d5d7894de4bcb292a364f1e11e525524077534338140a72687ada4fae62849843a5","ssdeep":"1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH","tlshash":"d193f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","size":89795,"data":"","first_seen":"2023-03-26T04:59:07Z","last_seen":"2026-05-27T16:33:31.127182Z","times_seen":24255,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"58cdfa4e301d3ab9c19e1f0cc9c00ebb","sha1":"023052b833bbe5b7c086fd4e1deee5cd833a698e","sha256":"4d4f55f276f07645d914ce098fb28ea66a9094366b7fad25202534ec01cf107f","sha512":"551377d3797a91d8d04016a88d27f57a285056741c89642a2f87104f480e3bb6be49dfa933aa1d1006491568f6a7a8972cd39be589945cdf593e1cdfe9fe987b","ssdeep":"","tlshash":"cfe05e0b88faa03a2a3370394c0b41066257494790a0a6947bae53a11fc3d349a5a4a8","size":330,"data":"","first_seen":"2025-11-03T17:10:17.141688Z","last_seen":"2026-05-16T23:36:24.127417Z","times_seen":74,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/script.js","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fad8dd2dc6f17b7dcb40e5c4a9b6afe8","sha1":"385f28d87f0ed70593099d980ef196a53657516b","sha256":"434c3e7d832f0adedb05a1c16fa4857ee04e8426da712ce250958e42bf561236","sha512":"5863aaf5e34b59ef059b636efded8e4fb588ee7e691ad0d9b2ac15199a2404ccf5a55856b2c7b733a74c73e3c600134e002a63a0450d187090e64a8c0d08b4a8","ssdeep":"384:ZqdGo351jX3XJ6qPQLZoTXlmlctB5dlT7cxUj2nxB1xt9Jk:ZqdG2735eL+MS8DC","tlshash":"91d25e6ca426021a8933737e8f771908fe26113753018b41bd6d86c83fb596ae276fdd","size":28796,"data":"","first_seen":"2025-11-03T17:10:17.135474Z","last_seen":"2026-01-20T07:38:16.914285Z","times_seen":69,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.hcaptcha.com/1/api.js","fqdn":"www.hcaptcha.com","domain":"hcaptcha.com","tld":"com"},"ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"45351728da20205efaed43b51ebe42d6","sha1":"6c2991ca703056310ffde0fec59df1bddbf49607","sha256":"7e884df6803f65db2d5e46af9de704dbfa0d626b487a3ea8bf71dd767629c099","sha512":"86d4ca67adaa17792e7c685e3e6532243bbdddbb88b5e1543d1c500c41dd587b11c326343dc122463969ffe43c828a1bc2d020199935e850ca3da9f4342debb5","ssdeep":"6144:Uw5IwyeiA2Tu+qpX2zFnoJqhg2le9RGM7h:xkuQg","tlshash":"254481be22417abb52e507d1c0ee130b5bf1d81734085498f7a2a8dedc6ca87513db7a","size":272937,"data":"","first_seen":"2025-11-24T17:35:20.07084Z","last_seen":"2025-12-02T17:35:52.715827Z","times_seen":1377,"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"www.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9c24b8c0b90ddbe66379c2eb5458e2d7","sha1":"55e1ecb91d06532e110b7d5262d941caa3c8f9d1","sha256":"0594e1933828cacea3ac52f9538ab0bf66b987841f45241189a9533af688eee4","sha512":"dca55d18707d8645e9983f3f6d2b933171e15c50eb35a251ab04163dcd0e08c226c7ffc7d1cff7a68c429277e5ee270a10f0087a0c1a5d8d9ea63d61a1351806","ssdeep":"768:1hCnhd620Mg5LUU6OMX0skef2w97+Fsg0D5GHmXuHKQPciAsG91C+8APDGDewY8t:1O62dg5LUU6Ov+2k7rIHPCADt","tlshash":"60231a583296387227d980e5617b63437325753af94ccc50e823d936267cdcad237bba","size":49601,"data":"","first_seen":"2025-11-21T10:20:04.556191Z","last_seen":"2025-12-04T15:38:58.928982Z","times_seen":18890,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"salator.es/fonts/RubikGlitch-Regular.ttf","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:40.341Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /fonts/RubikGlitch-Regular.ttf HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/style.css\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: text/plain\r\nvary: accept-encoding\r\nlast-modified: Thu, 22 Sep 2022 05:27:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"632bf22e-5dd30\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PKLIs3qfRz1MW4cYootJ7nFwI8mhUlfsj7O0MpB26YKdkYUBwbYnvqJB3UfJO5KHsA4EqRNZ%2FThfNUd%2BISVEGSN2H6xnoiXa\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9a4906c71c2756c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":384304,"size_decoded":0,"mime_type":"text/plain","magic":"TrueType Font data, 15 tables, 1st \"pGDE\", 0 names, Unicode, type 16834 string","md5":"64297a3be7b4b1921cb15c982e31d0f1","sha1":"702cd09efc09784fcf3d47904c65619fe4476695","sha256":"bd8c18c7567922311a01bc4eff98901ce54d978e8e220c43b3464583380e9948","sha512":"29a1b013cc2ae674f06705f2f57dea2cfdf55b872b0e6ed772259da00a7dc4bfe4604ed1343923d87004184c041c1dd3eb31f42c12e6c8c991546c05fecc425a","ssdeep":"6144:X+HzYTvLHzrUqSeu8DR0/idsHGkjku0hI6kvxyo:OH6vLHzryeu8tKidUGkYuGI6Yyo","tlshash":"91948106c459efbcd1238f7a1f227589d24aac5d6ba607c4ec4f1eb99d321103d2cda9","first_seen":"2025-10-07T19:51:24.717635Z","last_seen":"2026-05-16T23:36:24.093377Z","times_seen":86,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/favicon.ico","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:40.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: image/x-icon\r\nvary: accept-encoding\r\nlast-modified: Sat, 06 Jan 2024 17:23:08 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"65998c7c-3c2e\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VaLFFrkwA9m69bDlb86QkFm4eEoXnGMHmeDpCD6F%2BoDDNGFVAL9BnGSsuEHUZzViTr0OysG%2BgATFi7J4dwDa0IcY9xduqS65\"}]}\r\npriority: u=6,i=?0\r\ncf-ray: 9a4906c8bc3a56c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"fd64809b0b5016081e0b04018fa3f90c","sha1":"0a33ea99ee4a72fd1a2823e5d794eaa7773f8467","sha256":"8809650276d0578346c66471a51d885a55abe3938829b9ff0e442c4d5d75f5db","sha512":"a1396f118b509d36985b557f8744cb1644780c05862753927f90ab53b13e9e340ae353c4b975487e4304eeb8c58ff55dab4963446a36ad448ad1d49bd889e28a","ssdeep":"48:l1IqiJcC3CF4/KAZ8xMUWDV5fpC7iAo6n1v8fRLRmnexy4G/9CS2ZIJ:uJcZF4/T8iUWjgVo6nGfRM6j+9ClIJ","tlshash":"d76272258bc50aa8ca40e730842aef79a307dcab4c51b7d61bf6afd73d363635906941","first_seen":"2025-04-18T14:04:49.06704Z","last_seen":"2026-05-16T23:36:24.094714Z","times_seen":278,"resource_available":false,"data":null}},"time_used":210,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/style.css","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/style.css HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\nlast-modified: Mon, 27 Oct 2025 15:23:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"68ff8e6f-2ecf\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rQLwfpY9q89P6YEMeCnVBCYwpmOqnMKKGVssHvHm1kPXknpQ3dAhrWJGHyKHEJ1b0r1YZqHA3Dj1VHlG8G4ettAopWAw4ERK\"}]}\r\npriority: u=2,i=?0\r\ncf-ray: 9a4906c49c0e56c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11983,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with CRLF line terminators","md5":"a22b1dc49946bde6944139591911f0f8","sha1":"4f8358cea9734b0b9d44b0133225ea5c1c6a22d6","sha256":"4e198428260b804e45f252339203fd66e299e02883f2bfb5b7bbf05ac808d58c","sha512":"ec5da9bf61b351c01230c69ce3c447867cfa5e4cdbee7fbdf3a5774a4c282171f3998e905ebb64e8467b118e476b482399813fa2eb9e7d53797524c314a5a010","ssdeep":"96:UnycmycQ25C8uUlnaEnSl1peMJ2pxOPIb9Uo1WU/EWUJl4yXvS7bnvFBw2XxN7z8:NcHcrlHlnjnSLPoHMJ7KjfXxNzWwAnl","tlshash":"e63264add5521113a533e2b67b91d629f7a224a75f4343e9bff41094e2c06bc2226ec8","first_seen":"2025-11-03T17:10:17.131954Z","last_seen":"2026-05-16T23:36:24.107263Z","times_seen":74,"resource_available":false,"data":null}},"time_used":205,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":204,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.hcaptcha.com/1/api.js","fqdn":"www.hcaptcha.com","domain":"hcaptcha.com","tld":"com"},"ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.959Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.hcaptcha.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 18 Nov 2025 04:55:57 GMT","end":"Mon, 16 Feb 2026 05:55:51 GMT"},"fingerprint":{"sha1":"12:B6:37:0D:E4:B1:D7:DB:48:A2:D6:AF:01:8B:A8:7F:3D:5B:E6:32","sha256":"36:B6:8F:50:8B:8E:B4:B1:18:5E:5E:B7:30:1D:A1:5B:B2:AA:67:83:22:77:31:E9:98:ED:9F:39:D7:9C:6D:56"}}},"request":{"raw":"GET /1/api.js HTTP/1.1\r\nHost: www.hcaptcha.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: text/html\r\ncontent-length: 167\r\nlocation: https://js.hcaptcha.com/1/api.js\r\ncache-control: max-age=3600\r\nexpires: Wed, 26 Nov 2025 12:25:40 GMT\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\ncross-origin-opener-policy: same-origin\r\nserver: cloudflare\r\ncf-ray: 9a4906c50b27783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":272937,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T17:18:43.802994Z","times_seen":15783557,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":49,"dns":4,"connect":5,"send":0,"wait":4,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/prefixfree/1.0.7/prefixfree.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/prefixfree/1.0.7/prefixfree.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 2135\r\ncf-ray: 9a4906c5182c2efa-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03faa-16f4\"\r\nlast-modified: Mon, 04 May 2020 16:15:38 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 371161\r\nexpires: Mon, 16 Nov 2026 11:25:40 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=YK7neXjKX8LZGRN2aMIZJzBUMwKyWwM3KQvlj%2BbzRtZHbrsMmeyBmRrOCjuZ8LXC%2B3muGuJZFTn1R8XIB7YE1A81RNGosJBf6DEEibjqLrGU37DHRlbHmBIwxfY75EUggg7ue0CO\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5876,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (5798)","md5":"c133bc0d840e28562c1c75c70173507d","sha1":"20e4a3ab3d32ec4c798261e01dcc4c6196738cf5","sha256":"19a28e2d74e7eee25716e5a9e7bba44191ae28ada05995a5107d7a85cea3054f","sha512":"a7b132da7061298122f72874883b3e18c034b6d79b3aa565dce3b6a16473471b43a0dfd179dc9870715425984c562f0d29174403b9fef4d4cd417fe414866037","ssdeep":"96:Ys1bqBuamdBcALw39jG9zMbfaQa05SiEuoM+P2pWodxZ/wVpWkanK3z:h1bMWg69zMbyQPM5pMU4vnmJz","tlshash":"7fc19539b11cb523479220b555af3507f16aa8527a378934f229cc397c7c78d00abf6a","first_seen":"2023-03-07T12:57:58Z","last_seen":"2026-05-26T03:35:11.711695Z","times_seen":696,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":50,"dns":2,"connect":4,"send":0,"wait":10,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/pu8PwzP.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /pu8PwzP.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 15:20:21 GMT\r\netag: \"fad0799aa84b08b67c36fcf2d8d68099\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: lT2Rt7Ne2rDlFdsBBkJQtNjQzme2nVM40-kNwhWj26fxjg2R8MDpEQ==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 1308020\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\nx-served-by: cache-iad-kjyo7100075-IAD, cache-hel1410034-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 978, 0\r\nx-timer: S1764156340.030521,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 259\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":259,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"fad0799aa84b08b67c36fcf2d8d68099","sha1":"69229b1a1c5c071e5076b525804a9b95addaca31","sha256":"0d3d8390191bd5185e76928ee7f3201460281fba017870e2f05cfa35c3e6ffe0","sha512":"c329a0dde54646d0bd76fa654858d2bcce21d85fe41265f3912bf17c2bf85f20eea7954e0838e9dcd85ff0c9a60a850c105e6e31e0b7359621173bb71c0db8c8","ssdeep":"","tlshash":"29d02bbb9547a824cb5b4a238b506042cc5a1a35c26151b80103c42a71abaac46e1e91","first_seen":"2025-04-18T14:04:49.058009Z","last_seen":"2025-12-03T19:41:58.220425Z","times_seen":86,"resource_available":false,"data":null}},"time_used":72,"timings":{"blocked":52,"dns":0,"connect":0,"send":0,"wait":19,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.hcaptcha.com/1/api.js","fqdn":"js.hcaptcha.com","domain":"hcaptcha.com","tld":"com"},"ip":{"addr":"104.19.229.21","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:40.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"hcaptcha.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 25 Oct 2025 21:56:55 GMT","end":"Fri, 23 Jan 2026 22:56:51 GMT"},"fingerprint":{"sha1":"A4:15:32:49:93:6A:E4:9F:0F:65:76:08:3E:04:2C:FA:87:57:7D:90","sha256":"D6:E4:78:68:8D:D7:DF:4D:13:24:4A:8A:E4:4D:E0:CE:80:FC:94:F0:3F:31:79:A4:DD:56:05:89:99:7F:AF:F9"}}},"request":{"raw":"GET /1/api.js HTTP/1.1\r\nHost: js.hcaptcha.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://salator.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: application/javascript\r\ncontent-encoding: br\r\ncf-ray: 9a4906c69a37569f-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300\r\netag: W/\"cbca40ccdbc81040f39fcf7ce8d7c650\"\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Origin, accept-encoding\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nset-cookie: __cf_bm=hL35nNS0avNATKxKTAA1gq9WiuvQJJWI_tDmZwfh4XQ-1764156340-1.0.1.1-6OADKY7zZ0yBmLtQUULHOeLBfSPSGTLKTryu4OEmAfchyefUyrwc6jnLjLQefZKkVmSsRf3a.6L4iYcudzFccFTVvLoebR70caXnVv1JUB0; path=/; expires=Wed, 26-Nov-25 11:55:40 GMT; domain=.hcaptcha.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare Bot Management","description":"Cloudflare bot management solution identifies and mitigates automated traffic to protect websites from bad bots.","website":"https://www.cloudflare.com/en-gb/products/bot-management/","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":272937,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (41132)","md5":"45351728da20205efaed43b51ebe42d6","sha1":"6c2991ca703056310ffde0fec59df1bddbf49607","sha256":"7e884df6803f65db2d5e46af9de704dbfa0d626b487a3ea8bf71dd767629c099","sha512":"86d4ca67adaa17792e7c685e3e6532243bbdddbb88b5e1543d1c500c41dd587b11c326343dc122463969ffe43c828a1bc2d020199935e850ca3da9f4342debb5","ssdeep":"6144:Uw5IwyeiA2Tu+qpX2zFnoJqhg2le9RGM7h:xkuQg","tlshash":"254481be22417abb52e507d1c0ee130b5bf1d81734085498f7a2a8dedc6ca87513db7a","first_seen":"2025-11-24T17:35:20.07084Z","last_seen":"2025-12-02T17:35:52.715827Z","times_seen":1377,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":4,"connect":1,"send":0,"wait":20,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"user_akbkyowd9geqr98","sensor_type":"yara","title":"Private YARA rules","description":"Private YARA rules","scan_date":"2025-11-26","alert":"Hunting_JS_WebAssembly","trigger":"js.hcaptcha.com/1/api.js","verdict":"audit","severity":"audit","comment":"","link":"","meta":{"description":"Looking for manual construction of JS wasmCode used in exploits","rule":"Hunting_JS_WebAssembly"},"detection_meta":{"user_id":"akbkyowd9geqr98","detection_id":"01K9VTTZ58QH7V4PSKSDDP3N4H","visibility":"private"}}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/style.css","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:40.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/style.css HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: text/css\r\nvary: accept-encoding\r\nlast-modified: Mon, 27 Oct 2025 15:23:27 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"68ff8e6f-2ecf\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=esB4cXKeiwG228J%2FzqLSndETM1HyKRoTLmz92io5up6QCpn8y89%2FlKvuN9iGpIKu9KrhaDgmdTnoU6slnCrfhrGgI1eL4AAy\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9a4906c8cc3b56c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11983,"size_decoded":0,"mime_type":"text/css","magic":"troff or preprocessor input, Unicode text, UTF-8 text, with CRLF line terminators","md5":"a22b1dc49946bde6944139591911f0f8","sha1":"4f8358cea9734b0b9d44b0133225ea5c1c6a22d6","sha256":"4e198428260b804e45f252339203fd66e299e02883f2bfb5b7bbf05ac808d58c","sha512":"ec5da9bf61b351c01230c69ce3c447867cfa5e4cdbee7fbdf3a5774a4c282171f3998e905ebb64e8467b118e476b482399813fa2eb9e7d53797524c314a5a010","ssdeep":"96:UnycmycQ25C8uUlnaEnSl1peMJ2pxOPIb9Uo1WU/EWUJl4yXvS7bnvFBw2XxN7z8:NcHcrlHlnjnSLPoHMJ7KjfXxNzWwAnl","tlshash":"e63264add5521113a533e2b67b91d629f7a224a75f4343e9bff41094e2c06bc2226ec8","first_seen":"2025-11-03T17:10:17.131954Z","last_seen":"2026-05-16T23:36:24.107263Z","times_seen":74,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/sa1at/https:/salator.es/sa1at/e4f3bbba9d1457035f2c19463cbc9ae4f3bbba9d1457035f2c","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T11:25:39.165Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /sa1at/https:/salator.es/sa1at/e4f3bbba9d1457035f2c19463cbc9ae4f3bbba9d1457035f2c HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 11:25:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST\r\naccess-control-allow-headers: X-Requested-With\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7Ci4sRO5ZzquK9LIGEPyBx7JjHFn4%2FTTbf8sF4kSp5Mx25whGYVpbeCKFMKqAFVYvR8xT%2BWm1bJQMmV0mAJC6TzQJWhqCWZ7lu8%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a4906bffa3f8deb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":622,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"c90cadf3eeac66b554c972e3b7352c5c","sha1":"9603a879815b33927a38412f57ead3633c696153","sha256":"13afe3162c805020991d6228bffd71a4c946fd1506e0826f552a2cf256a5546b","sha512":"86fd1ea8321a488f67ed908c5fed9f7aef02ab8d817b7d4c8dee3cd89b5561a2bde541da3c9e6a448424931acbe2253d10b240f992f471fa0eae4b5e580ef365","ssdeep":"","tlshash":"2ff02eca5d55615a2b7372398e1b451dd417416740c0e105bfed03540ff3a1c9292fdc","first_seen":"2025-08-18T18:00:28.594994Z","last_seen":"2026-01-11T18:57:18.213261Z","times_seen":72,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":27,"dns":4,"connect":1,"send":0,"wait":195,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-26T11:25:39.607Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/ HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/sa1at/https:/salator.es/sa1at/e4f3bbba9d1457035f2c19463cbc9ae4f3bbba9d1457035f2c\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:39 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AddavVL8heTO6wrCSsj6nrtBBvNTGgzDwTCAdhQrSs5bKrglQTPp0KT8RSZIx8A0S4ZvD7LBrX%2F3ai9pzZ2rhbJ3DWHs%2BQ2Z\"}]}\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=1,i=?0\r\ncf-ray: 9a4906c28c0556c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:3.6.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"hCaptcha:1","description":"hCaptcha is an anti-bot solution that protects user privacy and rewards websites.","website":"https://www.hcaptcha.com","common_platform_enumeration":"","icon":"hCaptcha.svg","categories":["Security"]}],"data":{"size":11035,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1024), with CRLF line terminators","md5":"795eb2c436c116ad2dba76b2d03f4715","sha1":"f96efe6f99acebb8d951b35d6f5fc4ae0819eed0","sha256":"3e601e547da7bce8081569a4f3d55ccd8aefb5e7eb90c4e4ff078937d6de751e","sha512":"37b9e90931c2c9c326f0384edf1d1e9723588bd36e485cd688e75c33890b150a5a7b44dac6f8578ca8832950710214fe2ed585587cc418fa05311fa318584cf0","ssdeep":"192:r0/2QFSrLycXVsjFUoXPOIaogERFLuyG9k2DYj1:oTbkVAWI/ekok1","tlshash":"1b32653498c59abe40b381950a712679fe4ec1db86958604b7bc87d37fb3cc4cc8b498","first_seen":"2025-11-03T17:10:17.134035Z","last_seen":"2025-12-03T19:41:58.231537Z","times_seen":63,"resource_available":false,"data":null}},"time_used":291,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":291,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /ajax/libs/jquery/3.6.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 31154\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 21 Nov 2025 19:54:10 GMT\r\nexpires: Sat, 21 Nov 2026 19:54:10 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 401490\r\nlast-modified: Tue, 04 Apr 2023 03:27:01 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":89795,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"641dd14370106e992d352166f5a07e99","sha1":"eda46747c71d38a880bee44f9a439c3858bb8f99","sha256":"a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af","sha512":"a6e981b23351186aa43f32879dd64c6801be6e2af7ef8b0e472cccdeeba52d5d7894de4bcb292a364f1e11e525524077534338140a72687ada4fae62849843a5","ssdeep":"1536:IjjxXUHunxDjoXEZxkMV4PYDt0zxxf6gP3f8cApoEGOzZTBqUsuy8WnKdXwhLQvg:IeeIygP3fulzhsz8jlvaDioQ47GKH","tlshash":"d193f8ddb2c6702247a770ba007f510bf236199d684d8450f269d8e9bc78a4e827bf7d","first_seen":"2023-03-26T04:59:07Z","last_seen":"2026-05-27T16:33:31.127182Z","times_seen":24255,"resource_available":true,"data":null}},"time_used":534,"timings":{"blocked":251,"dns":2,"connect":8,"send":0,"wait":9,"receive":8,"ssl":247},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/QoZm6IG.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /QoZm6IG.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 15:19:33 GMT\r\netag: \"5642df1ef15c36e9a4c8bc6f1e35f155\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: ZT6lH_e4NtEzyGu1uNs2Z4dPQES_13iAwC4N-PhWCZEhpZzwqQ8XJg==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 508986\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\nx-served-by: cache-iad-kiad7000096-IAD, cache-hel1410034-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 87, 0\r\nx-timer: S1764156340.035352,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 334\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":334,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"5642df1ef15c36e9a4c8bc6f1e35f155","sha1":"e78712cdc0072c4016aa1fb488d8d50fdab9478d","sha256":"29d6ecfd18e459cdee0c2bd903b1d73b371e7b5b25e5799ed478848fb3e908bc","sha512":"8444cdd13f1e7695402acf618d7ba536cc3f561334fca2e40d490a446b1eb49987578e25040a3d54efad2c3ff0a209402d4a64892c325f001509019ae59f2278","ssdeep":"","tlshash":"f4e02876d101fc7cdbc923780d27d21063510b42a763b2dc4902243a1470440a8fd53c","first_seen":"2025-04-18T14:04:49.070177Z","last_seen":"2025-12-03T19:41:58.21271Z","times_seen":86,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/YGNIDQq.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /YGNIDQq.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 15:20:06 GMT\r\netag: \"af93b78d12d5bb5be10ef24c2ee3f8c1\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: rOQVJ2bm-jonkcAKlK3P_eJ-LzkcEyogYDPxlA1TQcl2O01wH3PP6A==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 1313260\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\nx-served-by: cache-iad-kjyo7100111-IAD, cache-hel1410034-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 605, 0\r\nx-timer: S1764156340.030117,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 150\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":150,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"af93b78d12d5bb5be10ef24c2ee3f8c1","sha1":"417ced4b61a7138b2635b6df66ca1548499c01c3","sha256":"4580b5daf6b624e6cdfdd14317b14f09b0e5da501e3771f3ba4c333c539d7cef","sha512":"cff6416c19c22a822257f7e0c86ff545d5f5cd18d691c270c4c84a8bc58e1dd43c68ae5c41e088d4ea0122d4a7bf64677e5ba41e8a48a512f537dfee6763784f","ssdeep":"","tlshash":"bec08c9b308c3a34c709d03f630090224ea227e8f49284d842868aad69906888091e16","first_seen":"2025-04-18T14:04:49.057079Z","last_seen":"2025-12-03T19:41:58.227206Z","times_seen":86,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":53,"dns":10,"connect":14,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/backend/captcha.php","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:40.678Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"POST /backend/captcha.php HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://salator.es/login/\r\nContent-Type: multipart/form-data; boundary=---------------------------32551777681083332303019680516\r\nContent-Length: 181\r\nOrigin: https://salator.es\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":181,"data":"-----------------------------32551777681083332303019680516\r\nContent-Disposition: form-data; name=\"action\"\r\n\r\ngenerate\r\n-----------------------------32551777681083332303019680516--\r\n"}},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: application/json\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YSxFH99bTBwgP3FVawW1l%2FdGPJKxasflDkWqT1E0Hb5meb5A2q2EocKtVBFY86k90s0MkcjZXmmEKWMn0zYFQArskmhZ%2Fc2S\"}]}\r\ncontent-encoding: br\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: 9a4906c93c3e56c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":183104,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"f0215de545bf6473c219812ab1281833","sha1":"b67fbbb911315a52874ce8210cc817f99a0d4f85","sha256":"239257b76d72b67a502b03e0fc1cefe80c731112bd3a6f5ffe3e2bc7a1179715","sha512":"460c1b9bf60e7f29c7264484baabcb331d964b28ff7aae93d18b159303a9b744c4dd71b3074f74566622de9160d85925b96cf089f72fce8288735872936b0b5f","ssdeep":"3072:ePD7r8yuSGbTDIa5e5tDVpSVRFguQEe1fiHS+EAjHFRxCWdY3zsk8rviOEjUXZYZ:YnLaMgcVwnzDy+vlK3zZ8ajcZY2hBc","tlshash":"0b04120825709bce906d34d2f9e55cfa0c554afa1a345cb38fffb1a09867631eb13465","first_seen":"2025-11-26T11:26:06.040143Z","last_seen":"2025-11-26T11:26:06.040143Z","times_seen":1,"resource_available":false,"data":null}},"time_used":501,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":223,"receive":278,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/fonts/RubikGlitch-Regular.ttf","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:40.682Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /fonts/RubikGlitch-Regular.ttf HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nCookie: theme=1; logmode=1\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: text/plain\r\nvary: accept-encoding\r\nlast-modified: Thu, 22 Sep 2022 05:27:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"632bf22e-5dd30\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pRTjzJGw7uf0Kdsv6c8sRrAqbqJNtSxJH35mkyWcEzn8Cep5xdiMGADMFSFBb2hPnY0ovSEaVOeQPzvpfb8kZ0xllf9K0NCA\"}]}\r\npriority: u=4,i=?0\r\ncf-ray: 9a4906c94c3f56c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":384304,"size_decoded":0,"mime_type":"text/plain","magic":"TrueType Font data, 15 tables, 1st \"pGDE\", 0 names, Unicode, type 16834 string","md5":"64297a3be7b4b1921cb15c982e31d0f1","sha1":"702cd09efc09784fcf3d47904c65619fe4476695","sha256":"bd8c18c7567922311a01bc4eff98901ce54d978e8e220c43b3464583380e9948","sha512":"29a1b013cc2ae674f06705f2f57dea2cfdf55b872b0e6ed772259da00a7dc4bfe4604ed1343923d87004184c041c1dd3eb31f42c12e6c8c991546c05fecc425a","ssdeep":"6144:X+HzYTvLHzrUqSeu8DR0/idsHGkjku0hI6kvxyo:OH6vLHzryeu8tKidUGkYuGI6Yyo","tlshash":"91948106c459efbcd1238f7a1f227589d24aac5d6ba607c4ec4f1eb99d321103d2cda9","first_seen":"2025-10-07T19:51:24.717635Z","last_seen":"2026-05-16T23:36:24.093377Z","times_seen":86,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 18:59:09 GMT","end":"Wed, 21 Jan 2026 19:59:05 GMT"},"fingerprint":{"sha1":"62:5E:2A:E5:F4:DE:73:E8:94:15:72:65:28:EB:70:25:A8:D2:E7:61","sha256":"2D:41:D6:2B:6A:BB:89:80:01:28:9F:35:0B:2B:F4:6C:0D:B6:B1:E4:7E:E4:AC:35:2A:E0:69:DB:94:45:F7:D3"}}},"request":{"raw":"GET /turnstile/v0/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ndate: Wed, 26 Nov 2025 11:25:39 GMT\r\ncontent-length: 0\r\ncf-ray: 9a4906c4ccc556af-OSL\r\naccess-control-allow-origin: *\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=300, public\r\ncross-origin-resource-policy: cross-origin\r\nlocation: /turnstile/v0/b/13c98df4ef2d/api.js\r\nvary: Accept-Encoding\r\nset-cookie: _cfuvid=kosmMOMHy1o24rc9159ywDJgbx64emswDRpSOw7Xqqc-1764156339980-0.0.1.1-604800000; path=/; domain=.challenges.cloudflare.com; HttpOnly; Secure; SameSite=None\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49601,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-27T17:18:43.802994Z","times_seen":15783557,"resource_available":true,"data":null}},"time_used":61,"timings":{"blocked":13,"dns":1,"connect":1,"send":0,"wait":16,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"salator.es/login/script.js","fqdn":"salator.es","domain":"salator.es","tld":"es"},"ip":{"addr":"172.67.190.135","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"salator.es","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 29 Oct 2025 16:17:20 GMT","end":"Tue, 27 Jan 2026 17:14:52 GMT"},"fingerprint":{"sha1":"FA:F0:40:29:26:D3:23:40:DB:A5:4F:01:AC:F2:4B:E1:55:C1:EB:CD","sha256":"CA:36:CD:F7:B5:7D:4B:0A:69:CA:B6:65:74:CC:CC:14:83:BA:98:25:56:B8:4C:07:ED:DA:9C:3B:20:B3:5A:E3"}}},"request":{"raw":"GET /login/script.js HTTP/1.1\r\nHost: salator.es\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/login/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\nlast-modified: Fri, 31 Oct 2025 15:44:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\netag: W/\"6904d967-707c\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xxyp5fv1Dse8fL0SqQaVC%2FUnOswp63S%2FErfECZeulj4XBbUURIk2mXuFIiCLKZNlm2uWosWBZ1HhZDDFhvm%2BlV7vmAzjGfIR\"}]}\r\npriority: u=3,i=?0\r\ncf-ray: 9a4906c4ac0f56c4-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":28796,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"fad8dd2dc6f17b7dcb40e5c4a9b6afe8","sha1":"385f28d87f0ed70593099d980ef196a53657516b","sha256":"434c3e7d832f0adedb05a1c16fa4857ee04e8426da712ce250958e42bf561236","sha512":"5863aaf5e34b59ef059b636efded8e4fb588ee7e691ad0d9b2ac15199a2404ccf5a55856b2c7b733a74c73e3c600134e002a63a0450d187090e64a8c0d08b4a8","ssdeep":"384:ZqdGo351jX3XJ6qPQLZoTXlmlctB5dlT7cxUj2nxB1xt9Jk:ZqdG2735eL+MS8DC","tlshash":"91d25e6ca426021a8933737e8f771908fe26113753018b41bd6d86c83fb596ae276fdd","first_seen":"2025-11-03T17:10:17.135474Z","last_seen":"2026-01-20T07:38:16.914285Z","times_seen":69,"resource_available":true,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-26","alert":"Sinkholed","trigger":"salator.es","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.imgur.com/8IPoQpO.png","fqdn":"i.imgur.com","domain":"imgur.com","tld":"com"},"ip":{"addr":"199.232.196.193","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.imgur.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 29 Jan 2025 00:00:00 GMT","end":"Sat, 14 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E4:72:56:8F:0D:0E:0B:E1:47:1E:79:39:7A:0F:AB:05:30:AF:2A:2D","sha256":"B2:9B:23:54:25:04:8F:9E:C6:BC:84:54:20:8B:AB:34:8C:F1:7E:8A:57:AD:55:F3:C9:40:C3:4E:8B:E5:30:6F"}}},"request":{"raw":"GET /8IPoQpO.png HTTP/1.1\r\nHost: i.imgur.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://salator.es/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/png\r\nlast-modified: Sun, 03 Dec 2023 13:21:10 GMT\r\netag: \"1f0902eabb3cda9a735e8e23f60cb943\"\r\nx-amz-server-side-encryption: AES256\r\nx-amz-cf-pop: IAD89-P1\r\nx-amz-cf-id: fyNP1ypVbqRdr1jsx70Y5lHUil2vabtLOZXFX06L79kFN8c6YsizOQ==\r\ncache-control: public, max-age=31536000\r\naccept-ranges: bytes\r\nage: 429120\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\nx-served-by: cache-iad-kcgs7200165-IAD, cache-hel1410034-HEL\r\nx-cache: Miss from cloudfront, HIT, HIT\r\nx-cache-hits: 387, 0\r\nx-timer: S1764156340.030528,VS0,VE1\r\nstrict-transport-security: max-age=300\r\naccess-control-allow-methods: GET, OPTIONS\r\naccess-control-allow-origin: *\r\nserver: cat factory 1.0\r\nx-content-type-options: nosniff\r\ncontent-length: 145\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":145,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"1f0902eabb3cda9a735e8e23f60cb943","sha1":"4b450a4fb67bed5ceb424168a8df6a930e55c318","sha256":"c5753562cea595ae4551d76360d451424cb046b2b52f205152f2d89a2527a476","sha512":"7448cdff599398379f7c73da4abe05576bca91b9603a7ff2c7b9c88dff67b27fe6d2f173afe3f12468dda907bd164a2ddcdbfd0db41b0625b5c42cfdc5443eb9","ssdeep":"","tlshash":"18c08c9622c93eb88b8582326a0281948d294a9f80b0500c4302607e71cd0cc80a0306","first_seen":"2025-04-18T14:04:49.071109Z","last_seen":"2025-12-03T19:41:58.22624Z","times_seen":86,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":57,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"challenges.cloudflare.com/turnstile/v0/b/13c98df4ef2d/api.js","fqdn":"challenges.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.18.94.41","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://salator.es/login/","date":"2025-11-26T11:25:39.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"challenges.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 18:59:09 GMT","end":"Wed, 21 Jan 2026 19:59:05 GMT"},"fingerprint":{"sha1":"62:5E:2A:E5:F4:DE:73:E8:94:15:72:65:28:EB:70:25:A8:D2:E7:61","sha256":"2D:41:D6:2B:6A:BB:89:80:01:28:9F:35:0B:2B:F4:6C:0D:B6:B1:E4:7E:E4:AC:35:2A:E0:69:DB:94:45:F7:D3"}}},"request":{"raw":"GET /turnstile/v0/b/13c98df4ef2d/api.js HTTP/1.1\r\nHost: challenges.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://salator.es/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: _cfuvid=kosmMOMHy1o24rc9159ywDJgbx64emswDRpSOw7Xqqc-1764156339980-0.0.1.1-604800000\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 26 Nov 2025 11:25:40 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-encoding: br\r\nlast-modified: Thu, 20 Nov 2025 16:30:22 GMT\r\ncache-control: max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 9a4906c50d3856af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":49601,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (49600)","md5":"9c24b8c0b90ddbe66379c2eb5458e2d7","sha1":"55e1ecb91d06532e110b7d5262d941caa3c8f9d1","sha256":"0594e1933828cacea3ac52f9538ab0bf66b987841f45241189a9533af688eee4","sha512":"dca55d18707d8645e9983f3f6d2b933171e15c50eb35a251ab04163dcd0e08c226c7ffc7d1cff7a68c429277e5ee270a10f0087a0c1a5d8d9ea63d61a1351806","ssdeep":"768:1hCnhd620Mg5LUU6OMX0skef2w97+Fsg0D5GHmXuHKQPciAsG91C+8APDGDewY8t:1O62dg5LUU6Ov+2k7rIHPCADt","tlshash":"60231a583296387227d980e5617b63437325753af94ccc50e823d936267cdcad237bba","first_seen":"2025-11-21T10:20:04.556191Z","last_seen":"2025-12-04T15:38:58.928982Z","times_seen":18890,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":10,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}