urlscan.io logo urlscan.io
SecurityTrails logo

calm.sa.com Open in urlscan Pro
172.67.166.81  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://therapydischarge.top/dep0.php
Effective URL: https://calm.sa.com/8?ai=xd
Submission Tags: falconsandbox
Submission: On December 19 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 3 domains to perform 13 HTTP transactions. The main IP is 172.67.166.81, located in United States and belongs to CLOUDFLARENET, US. The main domain is calm.sa.com.
TLS certificate: Issued by WE1 on December 16th 2024. Valid for: 3 months.
This is the only time calm.sa.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 185.28.119.8 62005 (BV-EU-AS ...)
7 172.67.166.81 13335 (CLOUDFLAR...)
2 104.18.94.41 13335 (CLOUDFLAR...)
13 4
Apex Domain
Subdomains		 Transfer
7 sa.com
calm.sa.com
81 KB
2 cloudflare.com
challenges.cloudflare.com — Cisco Umbrella Rank: 3147
16 KB
1 therapydischarge.top
therapydischarge.top
354 B
13 3
Domain Requested by
7 calm.sa.com therapydischarge.top
calm.sa.com
2 challenges.cloudflare.com calm.sa.com
challenges.cloudflare.com
1 therapydischarge.top
13 3

This site contains no links.

Subject Issuer Validity Valid
therapydischarge.top
therapydischarge.top		 2024-12-19 -
2034-12-17		 10 years crt.sh
calm.sa.com
WE1		 2024-12-16 -
2025-03-16		 3 months crt.sh
challenges.cloudflare.com
WE1		 2024-11-03 -
2025-02-01		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://calm.sa.com/8?ai=xd
Frame ID: F941CECC44CAD4475BBD5268C3900036
Requests: 10 HTTP requests in this frame

Frame: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/bn67x/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
Frame ID: 3DE187988966D69172CABFB139CE5A92
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Just a moment...

Page URL History Show full URLs

  1. http://therapydischarge.top/dep0.php HTTP 307
    https://therapydischarge.top/dep0.php Page URL
  2. https://calm.sa.com/8?ai=xd Page URL
  3. https://calm.sa.com/8?ai=xd Page URL

Page Statistics

13
Requests

69 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

4
IPs

3
Countries

97 kB
Transfer

192 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://therapydischarge.top/dep0.php HTTP 307
    https://therapydischarge.top/dep0.php Page URL
  2. https://calm.sa.com/8?ai=xd Page URL
  3. https://calm.sa.com/8?ai=xd Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://therapydischarge.top/dep0.php HTTP 307
  • https://therapydischarge.top/dep0.php

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
dep0.php
therapydischarge.top/
Redirect Chain
  • http://therapydischarge.top/dep0.php
  • https://therapydischarge.top/dep0.php
105 B
354 B 		Document
General
Check archive.org
Download Go to
Full URL
https://therapydischarge.top/dep0.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.28.119.8 Warsaw, Poland, ASN62005 (BV-EU-AS BlueVPS OU, EE),
Reverse DNS
Software
LiteSpeed /
Resource Hash
4c34eba10329ee7d5bbf2e5d7d8bc4e37d09a7bf34178cd1b03d063b02f37639

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
gzip
content-length
110
content-type
text/html; charset=UTF-8
date
Thu, 19 Dec 2024 14:53:33 GMT
server
LiteSpeed
vary
Accept-Encoding

Redirect headers

Location
https://therapydischarge.top/dep0.php
Non-Authoritative-Reason
HttpsUpgrades
8
calm.sa.com/ 		10 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://calm.sa.com/8?ai=xd
Requested by
Host: therapydischarge.top
URL: https://therapydischarge.top/dep0.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ab5d16b6690a8d29c15fdfb62fdf07418718954e4ea0a334fb13797a4e95a87b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://therapydischarge.top/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out
9TCpJIIKtHPdjHMQlspcLTEl9Wzegvfvei8HxeCeQqUNrXvIyBVh7gVqxBhyxMAJs+l87ctlWHKEGwT+H23BlOcm31HZQaYlrzjbF0sVhGjdgtuxvQlA7oqaTqzV1NQLUvEhIRl/RCghJD+PZXI6mQ==$s1PP0kgJjo7nAujF0qRH4w==
cf-mitigated
challenge
cf-ray
8f48390acb4a9ae0-MIA
content-encoding
zstd
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 19 Dec 2024 14:53:33 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IK75hTG3JYJ0tcEqPmNkpaOLjOdWdBqKCGAywcRoK33dN6fPui0Wx%2FJlDqXuS6%2BonKOLkhxmsrkQoQjO5%2BYUB8SBILTEYaaq%2BH5ON8FvOeqixNP8xA4Cwn%2FXPovOsg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=30018&min_rtt=29957&rtt_var=11277&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4133&recv_bytes=4368&delivery_rate=95277&cwnd=12000&unsent_bytes=0&cid=f467251bda092118&ts=54&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-content-options
nosniff
x-frame-options
SAMEORIGIN
v1
calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 		98 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f48390acb4a9ae0
Requested by
Host: calm.sa.com
URL: https://calm.sa.com/8?ai=xd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
341525a88c443c8e1bec476c8b88789233f7fcd6e6dd008c64be31a7c1366307

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://calm.sa.com/8?ai=xd&__cf_chl_rt_tk=mqlG_fORUaPYN2nC85uL6hvNo2hnzbPaFWXD1uYrUv4-1734620013-1.0.1.1-BQPCnQqsAWeVkuxJWMC5bHho4J.9D61XenxfoM0NziY

Response headers

cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CmLio8uQkUoOjhqRSdui73MxfaL9X%2BHZ2Bqu2d0HkMqNODEEjfbp3lfFjOSxH7urYU6Pg2MNKsTZ%2FsrFHFFX2jpOHvYItJj2iJ9%2BHvsKWw6aJJI546VClC81oPsP%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f48390b7cb59ae0-MIA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=33646&min_rtt=29686&rtt_var=6403&sent=21&recv=15&lost=0&retrans=0&sent_bytes=13082&recv_bytes=5076&delivery_rate=159208&cwnd=12000&unsent_bytes=0&cid=f467251bda092118&ts=168&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 14:53:33 GMT
content-type
application/javascript; charset=UTF-8
server
cloudflare
priority
u=3,i=?0
164bb144-e5a7-49a7-80b9-6b8395eec8cf
https://calm.sa.com/ Frame 		0
0
api.js
challenges.cloudflare.com/turnstile/v0/b/787bc399e22f/ 		47 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/turnstile/v0/b/787bc399e22f/api.js?onload=WXqDk4&render=explicit
Requested by
Host: calm.sa.com
URL: https://calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f48390acb4a9ae0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.94.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5aac9e52f80011983676c03ad8120e0369e651e6357d0b05054026a3bc8ec32d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://calm.sa.com
Referer

Response headers

server
cloudflare
cache-control
max-age=31536000, stale-if-error=10800, stale-while-revalidate=31536000, public
content-encoding
br
cross-origin-resource-policy
cross-origin
cf-ray
8f48390c8dda25a6-MIA
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 19 Dec 2024 14:53:33 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 10 Dec 2024 17:31:41 GMT
vary
Accept-Encoding
priority
u=3,i=?0
favicon.ico
calm.sa.com/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://calm.sa.com/favicon.ico
Requested by
Host: calm.sa.com
URL: https://calm.sa.com/8?ai=xd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11365cd58a631b03ba76992c9c4c969db83b9ab4cac509cc03c6bd5010abe9fa
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://calm.sa.com/8?ai=xd

Response headers

content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pBlTmxUA4pWvcQjCW4zihFTPwJQ0H2boRkZmXFLK%2F8Q23W0csD7U5kSCit8%2FNNn8imUBsUbOi2y6yMunwAL%2BLeNDedwpoQlBU2J2r0MjqgS3CfEZjLLpJ22t4bjb1w%3D%3D"}],"group":"cf-nel","max_age":604800}
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires
Thu, 01 Jan 1970 00:00:01 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=33216&min_rtt=29686&rtt_var=2211&sent=59&recv=35&lost=0&retrans=0&sent_bytes=54156&recv_bytes=6228&delivery_rate=809050&cwnd=28800&unsent_bytes=0&cid=f467251bda092118&ts=295&x=1", cfExtPri, cfHdrFlush;dur=0
x-content-options
nosniff
date
Thu, 19 Dec 2024 14:53:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
priority
u=3,i
x-frame-options
SAMEORIGIN
cf-mitigated
challenge
cf-chl-out
gpfl0pNN6XTvza9PaZNH0e7hUbV9hjAdQGdmG9mC2d+NZx4IymoXBP7bnvsxXWgmHbN9e0Eq0ZTo6HpRTT1iR4XhsNznIKeNXDhBStQX/uOEZzzG1gs/nns4uS/1ucB1szQwprimQ49dm6gDqX9JJQ==$8X7c0m+DZ+3K3ryHP/yxDw==
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy
same-origin
referrer-policy
same-origin
cf-ray
8f48390c4ddd9ae0-MIA
cross-origin-embedder-policy
require-corp
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster
?1
server
cloudflare
XtYW7Bx1WG9XUObwz4J2GeyJQLDblOOQfinDZZKy3b0-1734620013-1.2.1.1-0TQnChS3ymwL21zE1o548bmVi9.DXS9C.mkPJAxaoXqF6.d7gnGIz6xQDozTR71e
calm.sa.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068453170:1734617547:EDcYKN1bEiiDuv45KHm2ATQi9lmB7OdDlaPNXzD2bI0/8f48390acb4a9ae0/ 		13 KB
9 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://calm.sa.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068453170:1734617547:EDcYKN1bEiiDuv45KHm2ATQi9lmB7OdDlaPNXzD2bI0/8f48390acb4a9ae0/XtYW7Bx1WG9XUObwz4J2GeyJQLDblOOQfinDZZKy3b0-1734620013-1.2.1.1-0TQnChS3ymwL21zE1o548bmVi9.DXS9C.mkPJAxaoXqF6.d7gnGIz6xQDozTR71e
Requested by
Host: calm.sa.com
URL: https://calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f48390acb4a9ae0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
03625a5656ee65c1b4168f0074f33ec9690e11ab4233327b0e13ac1e92b4afa7

Request headers

Referer
https://calm.sa.com/8?ai=xd
CF-Chl-RetryAttempt
0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
CF-Challenge
XtYW7Bx1WG9XUObwz4J2GeyJQLDblOOQfinDZZKy3b0-1734620013-1.2.1.1-0TQnChS3ymwL21zE1o548bmVi9.DXS9C.mkPJAxaoXqF6.d7gnGIz6xQDozTR71e

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kOnXDnyISPEfPEfu2aBW7gvb856WXm91CEYigiy9T%2FryRoOLDs6j0WXwhewRbaHkbd2Rlvj49u7zLM9QJePAjB3U5pVmwwPvznjg%2BptD%2FsbrAiaadbLN1vaXVWg9rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f48390d0ed79ae0-MIA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35009&min_rtt=29686&rtt_var=3177&sent=75&recv=44&lost=0&retrans=0&sent_bytes=68168&recv_bytes=10729&delivery_rate=190526&cwnd=28800&unsent_bytes=0&cid=f467251bda092118&ts=421&x=1", cfExtPri, cfHdrFlush;dur=0
date
Thu, 19 Dec 2024 14:53:33 GMT
content-type
text/plain; charset=UTF-8
cf-chl-gen
thOISRBYTlENIIOd0QxiWj1QV3AIHoRREvjENemF/HMaBVJoKr1+6Bb3r5F0gsAWUykNJDLk8nI=$JDklC5mGQd93oIdw
server
cloudflare
priority
u=1,i
favicon.ico
calm.sa.com/ 		7 KB
7 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://calm.sa.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0320bc555541d0abe21a61db7e5fe077164c4def78fc63930472184226593c3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://calm.sa.com/8?ai=xd

Response headers

content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RdnyfQSU9e%2BVZQ%2B6U5yi9Yl60rWl7xe63Wk5GbaBLnF0CKgZTE146QisDD83P5AyyluE%2Fzbu9AxB0O5zW88twR%2FSKv3wPTR7NbL3YMpjtl74tBBAXhpk1LB90udy5w%3D%3D"}],"group":"cf-nel","max_age":604800}
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
expires
Thu, 01 Jan 1970 00:00:01 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=35009&min_rtt=29686&rtt_var=3177&sent=68&recv=44&lost=0&retrans=0&sent_bytes=61181&recv_bytes=10729&delivery_rate=190526&cwnd=28800&unsent_bytes=0&cid=f467251bda092118&ts=417&x=1", cfExtPri, cfHdrFlush;dur=0
x-content-options
nosniff
date
Thu, 19 Dec 2024 14:53:33 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
priority
u=1,i
x-frame-options
SAMEORIGIN
cf-mitigated
challenge
cf-chl-out
AFQjI+JtBOKGixNntl7ogferA54lVCN0Zls2oYMlEoVzvNb6bjjSrUPnfc5P/RyIGNAOOJpc/xfdEn0ddOV5Z1hOpVpqhvJ3qHB6eSXD7cyQeLWkS6uqsxmjT2ZMlod6WKOdH17b0EJ8DqRJinYCxQ==$4Evo7eI32/ocvJvDDsDaOg==
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cross-origin-opener-policy
same-origin
accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy
same-origin
referrer-policy
same-origin
cf-ray
8f48390d0ee49ae0-MIA
cross-origin-embedder-policy
require-corp
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
origin-agent-cluster
?1
server
cloudflare
98d37bd3-bff1-4401-a6ff-329c6fea2a38
https://calm.sa.com/ Frame 		0
0
/
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/bn67x/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/ Frame 3DE1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/bn67x/0x4AAAAAAADnOjc0PNeA8qVm/light/fbE/normal/auto/
Requested by
Host: challenges.cloudflare.com
URL: https://challenges.cloudflare.com/turnstile/v0/b/787bc399e22f/api.js?onload=WXqDk4&render=explicit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.94.41 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-src https://challenges.cloudflare.com/; base-uri 'self'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8f48390dbc2ab3da-MIA
content-encoding
br
content-security-policy
frame-src https://challenges.cloudflare.com/; base-uri 'self'
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
cross-origin
date
Thu, 19 Dec 2024 14:53:33 GMT
document-policy
js-profiling
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
priority
u=0,i
referrer-policy
same-origin
server
cloudflare
server-timing
cfExtPri
XtYW7Bx1WG9XUObwz4J2GeyJQLDblOOQfinDZZKy3b0-1734620013-1.2.1.1-0TQnChS3ymwL21zE1o548bmVi9.DXS9C.mkPJAxaoXqF6.d7gnGIz6xQDozTR71e
calm.sa.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068453170:1734617547:EDcYKN1bEiiDuv45KHm2ATQi9lmB7OdDlaPNXzD2bI0/8f48390acb4a9ae0/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://calm.sa.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1068453170:1734617547:EDcYKN1bEiiDuv45KHm2ATQi9lmB7OdDlaPNXzD2bI0/8f48390acb4a9ae0/XtYW7Bx1WG9XUObwz4J2GeyJQLDblOOQfinDZZKy3b0-1734620013-1.2.1.1-0TQnChS3ymwL21zE1o548bmVi9.DXS9C.mkPJAxaoXqF6.d7gnGIz6xQDozTR71e
Requested by
Host: calm.sa.com
URL: https://calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f48390acb4a9ae0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b8c89aefb6cb3132ddf51d21601b8d5a1cced871233e8e2d928565bf71cbb9b

Request headers

Referer
https://calm.sa.com/8?ai=xd
CF-Chl-RetryAttempt
0
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
CF-Challenge
XtYW7Bx1WG9XUObwz4J2GeyJQLDblOOQfinDZZKy3b0-1734620013-1.2.1.1-0TQnChS3ymwL21zE1o548bmVi9.DXS9C.mkPJAxaoXqF6.d7gnGIz6xQDozTR71e

Response headers

cf-chl-out
jidJQxo+TZtm/9PWmeTPG0Oo+fStNr9r5jQ32Wb96VdmssmGrLIfRTFM51ve3FoYbfDvUBFFxmOMpuRbvl1AZxXQefTnf2HCtkTo8g3SKQ08JVBcJZfqJWk=$TvvlH03nTbNrZkhv
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
zstd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gr1yv%2BRyVypC4Nt%2BJ3nfeY%2BUiJUJseiKIZK5vLcQiblRGR9h6s%2BIYLi%2BTSgW%2FC6jD9%2FpfRwO306gML4REJsXHycLqa6OlbacLGLIpb3hNmLo%2B0q1ywiZFC9V5gKiqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8f48391429759ae0-MIA
alt-svc
h3=":443"; ma=86400
server-timing
cfL4;desc="?proto=QUIC&rtt=34369&min_rtt=29686&rtt_var=1271&sent=88&recv=57&lost=0&retrans=0&sent_bytes=77962&recv_bytes=15839&delivery_rate=386945&cwnd=28800&unsent_bytes=0&cid=f467251bda092118&ts=1575&x=1", cfExtPri, cfHdrFlush;dur=0
cf-chl-out-s
y4ijflsc6t64aUjCEi6BQCI78hZD3u6F/jS0NFgrmtF8WnCTt9Wml3rXzk6rX6LougS/55yTUm/ln2zBY6/V0OEtwQGMOsuKnjZFpDuqu8vXzJKLdfx+54fv62lEBcN876quD1akSDr1QtiGCFXPIv+FvgtBeuJoQzQLxrTQDcGEy+dtINnjd35cYAzD1gyh9cYIeFqM6W4MAD+70yRjEpAI6AIVYkpO8K7E1qDxxu2oaxs28bqM61T1bryyeHuOKDb33TciuUHCMb5epJFPmT2owLM3NVNclXJwucRi0wMrmmWVHtMDvMnbDmuzrUj5jh8b4uJOICzMjJMtJ6Izzg8JLqePrY8gsE8m/dAEdjpjG7RfCraXwaBOgwI/kR63TPHgaLfVpsgLA79FQMaaTp4i7ji1tuMh0qwGjUXcTRLRu3uRcNRFcTJnhFiDqsZPmL05DEI/zak123tC3tOa/ZoZUsy5Ot9zWU14paENelh2oq06mhBa8iXv9L0XbA3cPtNoFA==$VGOrraesTdNLqhxp
date
Thu, 19 Dec 2024 14:53:34 GMT
content-type
text/html; charset=UTF-8
server
cloudflare
priority
u=1,i
Primary Request 8
calm.sa.com/ 		7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://calm.sa.com/8?ai=xd
Requested by
Host: therapydischarge.top
URL: https://therapydischarge.top/dep0.php
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.166.81 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1ca1da65b325ba5744d03435c5d8af766ec107fad45215bb374fe6581b1f87c
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://calm.sa.com/8?ai=xd
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
alt-svc
h3=":443"; ma=86400
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-chl-out
oiow6jHOkw6BmplXfCTR/qSLnFsAS3vDlUtA7AQKHFHi/xdmkzyHSox4jFRfckmnkmkE46iyWpQW6/xE5HAH4YtT+GL96I53Z+ATA/Yt14hIUiP27oryLmpzOuya7ZeX7bUMw1G3NswAUO6qas3zqw==$qLRfi7fD14Ng5F2aGppGrQ==
cf-mitigated
challenge
cf-ray
8f4839211e539ae0-MIA
content-encoding
zstd
content-type
text/html; charset=UTF-8
critical-ch
Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Thu, 19 Dec 2024 14:53:36 GMT
expires
Thu, 01 Jan 1970 00:00:01 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
origin-agent-cluster
?1
permissions-policy
accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
priority
u=0,i
referrer-policy
same-origin
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SP1swfGNm2GYUtujv6XieCT%2BjDcRzOSYQOCRHj6curVQTADsWfTVHYsHSBpjmee4Zxl%2Fw5BIC%2BcbVsAzJ8gQ81Ja2Dft%2FeECACnvWYPJsyAW%2Fr6V6D7p0zRXUBW8Ig%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
cfL4;desc="?proto=QUIC&rtt=33404&min_rtt=29686&rtt_var=2375&sent=92&recv=60&lost=0&retrans=0&sent_bytes=80941&recv_bytes=16340&delivery_rate=54976&cwnd=28800&unsent_bytes=0&cid=f467251bda092118&ts=3629&x=1" cfExtPri cfHdrFlush;dur=0
vary
Accept-Encoding
x-content-options
nosniff
x-frame-options
SAMEORIGIN
v1
calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
calm.sa.com
URL
blob:https://calm.sa.com/164bb144-e5a7-49a7-80b9-6b8395eec8cf
Domain
calm.sa.com
URL
blob:https://calm.sa.com/98d37bd3-bff1-4401-a6ff-329c6fea2a38
Domain
calm.sa.com
URL
https://calm.sa.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f4839211e539ae0

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _cf_chl_opt

1 Cookies

Domain/Path Name / Value
calm.sa.com/ Name: cf_chl_rc_ni
Value: 1

4 Console Messages

Source Level URL
Text
network error URL: https://calm.sa.com/8?ai=xd
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://calm.sa.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://calm.sa.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://calm.sa.com/8?ai=xd
Message:
Failed to load resource: the server responded with a status of 403 ()