www.lrpcyberai.pt
Authorized security testing endpoint.
TLSv1.3
PQC YES
HSTS ✓
Fwd Secrecy ✓
Headers 6/6
HTTP/2 ✓
Authorized Ethical Testing Notice
This endpoint is part of a controlled and authorized lab. Unknown hostnames are not part of the public lab scope.
Legal & Ethical Use Statement — expand
This environment is operated exclusively as a controlled laboratory for authorized cybersecurity research, education, penetration testing training, and protocol demonstration. Access and use of this system is permitted only within the scope of a written or explicitly agreed authorization.
By accessing this system you acknowledge and agree that:
- Any unauthorized access, exploitation, data exfiltration, denial-of-service, or other offensive activity against this or any third-party system is strictly prohibited and constitutes a criminal offence under applicable law (including but not limited to: Computer Fraud and Abuse Act (USA), Computer Misuse Act (UK), Lei n.º 109/2009 (Portugal), NIS2 Directive (EU), and equivalent national legislation).
- The operators of this system expressly disclaim all liability for any misuse, unauthorized access, illegal or immoral activity, or any direct, indirect, incidental, consequential, or special damages — including but not limited to loss of data, loss of revenue, loss of profit, business interruption, or reputational harm — arising from any unauthorized, abusive, or illegal use of or reliance on this system or its outputs.
- All sessions on this system are monitored and logged. Connection metadata, TLS parameters, and client information are recorded for security research and audit purposes.
- This system provides no warranties of availability, accuracy, completeness, or fitness for any particular purpose. It is provided strictly as-is for laboratory use.
- Any security findings, vulnerabilities discovered, or sensitive information encountered during authorized testing must be handled in accordance with responsible disclosure principles and must not be shared, published, or exploited outside the authorized scope.
If you are not an authorized participant in this lab, disconnect immediately.
Server Time
Current server date and time
2026-05-12 20:38:07 +0100
Timezone
Europe/Lisbon
NTP synchronized
yes
NTP provider detected
ntp/ntpsec
Selected NTP server/source
c2.customer.tej — (DNS timeout)
Candidate NTP server/source list
- time.cloudflare
- time.cloudflare
Client Request
Remote address observed by Apache
216.73.216.158
Remote client port observed by Apache
21686
HTTP Host
www.lrpcyberai.pt
Apache virtual host endpoint
www.lrpcyberai.pt:443
User-Agent
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Client browser / version
Mozilla
TLS Session & Certificate
Connection
Protocol negotiated
TLSv1.3
Cipher suite (full string)
TLS_AES_256_GCM_SHA384
Symmetric key: 256 bits used | algorithm max: 256 bits
Cryptographic Algorithm Breakdown
Key exchange (handshake)
SecP384r1MLKEM1024
Establishes the shared session secret — this is where PQC applies. Negotiated via TLS 1.3 supported_groups extension, separately from the cipher suite.
Server authentication
ecdsa-with-SHA384
Signature algorithm on the server certificate — authenticates the server identity
Symmetric encryption (bulk data)
AES-256-GCM
NIST-approved AEAD — 256-bit key · 128-bit authentication tag — encrypts all application data after the handshake; classical algorithm; quantum-resistant at 256-bit level per NIST SP 800-57.
Key derivation & MAC hash (HKDF)
SHA-384
Used in HKDF for key derivation (RFC 8446 §7.1) and for the Finished MAC
Apache-linked OpenSSL
OpenSSL/3.5.5
TLS SNI hostname
www.lrpcyberai.pt
Session type
Initial
Post-Quantum Key Exchange — This Connection
PQC negotiation status
YES — PQC hybrid KE active: SecP384r1MLKEM1024
Post-quantum key encapsulation confirmed via server-side OpenSSL probe. The negotiated hybrid group combines classical and ML-KEM key exchange.
Client browser — PQC readinessMozillaPQC support for this client is unknown. Minimum versions: Chrome 124+, Edge 124+, Firefox 132+.
Key exchange group — dissected
SecP384r1Classical KENIST P-384 elliptic curve (secp384r1)192-bit classical security · FIPS 186-4 · quantum-vulnerable alone
⊕MLKEM1024PQC KEMML-KEM-1024 — Module-Lattice Key Encapsulation Mechanism (NIST FIPS 203)NIST Level 5 · ~256-bit post-quantum security · highest available strength
TLS probe raw output (debug)
show / hide
CONNECTED(00000003)
---
Certificate chain
0 s:CN=lrpcyberai.pt
i:C=US, O=Let's Encrypt, CN=E7
a:PKEY: EC, (secp384r1); sigalg: ecdsa-with-SHA384
v:NotBefore: May 12 12:26:07 2026 GMT; NotAfter: Aug 10 12:26:06 2026 GMT
1 s:C=US, O=Let's Encrypt, CN=E7
i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID+zCCA4KgAwIBAgISBY6UKTeiUUBHSLJhp1n1nd56MAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NzAeFw0yNjA1MTIxMjI2MDdaFw0yNjA4MTAxMjI2MDZaMBgxFjAUBgNVBAMTDWxy
cGN5YmVyYWkucHQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAS0cHfuXSC0ZnsPnAHi
kfQJPyVhtTJU8kBWqlMMousQlWfEnIFogTzCM13nV/6OTwPqiGNf6K5n+nJZXHWT
+OcVFZU8cDWwzpL3biMr8n5NGz8UsMrxfUbIRiR3IS80EsKjggJzMIICbzAOBgNV
HQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/BAIwADAd
BgNVHQ4EFgQU45x15OHo/ItuDQmfKFNYk4mgbTcwHwYDVR0jBBgwFoAUrkie3Icd
RKBv2qLlYHQEeMKcAIAwMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAChhZodHRw
Oi8vZTcuaS5sZW5jci5vcmcvMHEGA1UdEQRqMGiCDmUtc2VjdXJpdHkudG9wgg1s
cnBjeWJlcmFpLnB0gg1scnBjeWJlcmlhLnB0ghJ3d3cuZS1zZWN1cml0eS50b3CC
EXd3dy5scnBjeWJlcmFpLnB0ghF3d3cubHJwY3liZXJpYS5wdDATBgNVHSAEDDAK
MAgGBmeBDAECATAuBgNVHR8EJzAlMCOgIaAfhh1odHRwOi8vZTcuYy5sZW5jci5v
cmcvMTIzLmNybDCCAQwGCisGAQQB1nkCBAIEgf0EgfoA+AB2AMijxH/Hs625NWsB
P2p6Em3jOk5DpcZG+ZetOXWZHc+aAAABnhxcYyMAAAQDAEcwRQIhAKkLjIdmgq+Z
xAIaZ1SNO9OUNZ5MJQnkuUsKzrBVmZcNAiBN+DA7jTeIK/Sp3tUiVvdtD/46tfz4
aflbG45fsEQvvwB+AEavhj07PuWfpXfeqCRdNrDZ7SKiI/Rhd0EilFLulVBfAAAB
nhxcY1EACAAABQAGZckUBAMARzBFAiBrN4bb5R8MlF4QOGmZ79nN4rICPfbz0g7M
23fX5GmceAIhALaKM141XLn1KSf3ITE2stWG2VezLvQydxfap2tR1exiMAoGCCqG
SM49BAMDA2cAMGQCMGRpUjMU7p3u9R1CrK9KNeaYZLLQ9IRqXfzedAd7NIkxkcZQ
6Lmk6WX+//Q9h9ShqQIwLxjioOwaSKHIffZES9MjFzofleswp7ft3DJ7f3K5gHQ9
RXMuRf6IZcyk+7CIpxYT
-----END CERTIFICATE-----
subject=CN=lrpcyberai.pt
issuer=C=US, O=Let's Encrypt, CN=E7
---
No client certificate CA names sent
Peer signing digest: SHA384
Peer signature type: ecdsa_secp384r1_sha384
Negotiated TLS1.3 group: SecP384r1MLKEM1024
---
SSL handshake has read 4183 bytes and written 1973 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Protocol: TLSv1.3
Server public key is 384 bit
This TLS version forbids renegotiation.
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
HTTP/1.1 200 OK
Date: Tue, 12 May 2026 19:28:57 GMT
Server: Apache/2.4.66 (Ubuntu)
Strict-Transport-Security: max-age=63072000; includeSubDomains
Content-Security-Policy: default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'none'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Referrer-Policy: no-referrer
Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=(), usb=(), bluetooth=(), serial=(), hid=()
Cross-Origin-Resource-Policy: same-origin
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Embedder-Policy: require-corp
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Upgrade: h2
Connection: Upgrade, close
Cache-Control: no-store, max-age=0
Content-Security-Policy: default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'nonce-YwnFZ6jql8j7x9gik6Uzjw'; object-src 'none'; base-uri 'none'; frame-ancestors 'none'; form-action 'none'; upgrade-insecure-requests
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
Protocol : TLSv1.3
Cipher : TLS_AES_256_GCM_SHA384
Session-ID: EFEE6A4C6A797D0E02AAE72021E14EA048015AB872902FB5BCCB21221358C9C9
Session-ID-ctx:
Resumption PSK: B90EB2E4EB5AD7589EFFB9280A53CAB20EA77A2148A609B8EE334A2B8BBDC01BB495482BB5AFB72EAA98D4E943406886
PSK identity: NoneServer PQC Capability
PQC library support
YES — ML-KEM (FIPS 203) native support
Binary: OpenSSL 3.5.5 27 Jan 2026 (Library: OpenSSL 3.5.5 27 Jan 2026)
PQC groups available in OpenSSL
- ML-KEM-512 — ML-KEM-512 (pure KEM) · NIST Level 1 / FIPS 203
- ML-KEM-768 — ML-KEM-768 (pure KEM) · NIST Level 3 / FIPS 203
- ML-KEM-1024 — ML-KEM-1024 (pure KEM) · NIST Level 5 / FIPS 203
- X25519MLKEM768 — X25519 + ML-KEM-768 · NIST Level 3 / ~192-bit PQC
- X448MLKEM1024 — X448 + ML-KEM-1024 · NIST Level 5 / ~256-bit PQC
- SecP256r1MLKEM768 — P-256 + ML-KEM-768 · NIST Level 3 / ~192-bit PQC
- SecP384r1MLKEM1024 — P-384 + ML-KEM-1024 · NIST Level 5 / ~256-bit PQC
PQC hybrid groups configured in Apache (priority order)
- SecP384r1MLKEM1024 — P-384 + ML-KEM-1024 · NIST Level 5 / ~256-bit PQC
- X25519MLKEM768 — X25519 + ML-KEM-768 · NIST Level 3 / ~192-bit PQC
- SecP256r1MLKEM768 — P-256 + ML-KEM-768 · NIST Level 3 / ~192-bit PQC
Classical fallback groups configured in Apache
- P-384
- P-256
Session Security & Forward Secrecy
Forward secrecyYES — every session uses a unique ephemeral keyTLS 1.3 mandates ephemeral key exchange on every handshake
Session fingerprint32fe1bc1b5a4fcf4SHA-256 of protocol · cipher · KE group · cert serial — compare across connections to confirm session isolation.
Session ticketsDISABLEDSSLSessionTickets Off — no ticket key compromise risk; every reconnect negotiates fresh keys.
Server Certificate
Certificate subject
CN=lrpcyberai.pt
Certificate issuer
CN=E7,O=Let's Encrypt,C=US
Validity window
May 12 12:26:07 2026 GMT → Aug 10 12:26:06 2026 GMT
Key algorithm
id-ecPublicKey
Signature algorithm
ecdsa-with-SHA384
Cipher suite
TLS_AES_256_GCM_SHA384
Symmetric strength: 256 bits
Serial number
058E942937A251404748B261A759F59DDE7A
Security Headers
| Header | Value | Requirement |
|---|---|---|
| ✓ HSTS | max-age=63072000; includeSubDomains | max-age ≥ 1 year |
| ✓ X-Frame-Options | DENY | DENY or SAMEORIGIN |
| ✓ X-Content-Type-Options | nosniff | nosniff |
| ✓ Content-Security-Policy | default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'nonce-MBxyVhyAJHL6c0HoTB--WA'; o | present and non-trivial |
| ✓ Referrer-Policy | no-referrer | present |
| ✓ Permissions-Policy | camera=(), microphone=(), geolocation=(), payment=(), usb=(), bluetooth=(), serial=(), hid=() | present |
DNS Certification Authority Authorization (CAA)
- ns1.lrpcyberai.pt.
Quantum Threat Context
Why post-quantum cryptography matters and how this server is protected.
2022 – 2024
NIST PQC Standardization
NIST finalizes FIPS 203 (ML-KEM / Kyber), FIPS 204 (ML-DSA / Dilithium), FIPS 205 (SLH-DSA / SPHINCS+). First post-quantum standards ready for deployment.
2025 – 2026 (now)
Early Hybrid Deployment — This Server
OpenSSL 3.5 ships ML-KEM natively. Chrome 124+, Firefox 132+, and this Apache instance negotiate X25519MLKEM768 / SecP384r1MLKEM1024 hybrid key exchange. Classical + PQC keys are combined — breaking either requires breaking both.
~2030
Harvest Now, Decrypt Later risk materializes
Adversaries may already be archiving encrypted TLS traffic today. If a sufficiently powerful quantum computer becomes available by 2030, any RSA/ECC-only session recorded today could be decrypted retroactively. PQC hybrid KE prevents this.
2030 – 2035 (estimated)
Cryptographically Relevant Quantum Computer (CRQC)
Conservative NIST and NCSC estimates suggest a CRQC capable of breaking RSA-2048 and P-256 ECC within this window. Exact timeline is contested; defensive posture requires acting now.
ML-KEM security basis
Module Learning With Errors (MLWE)
ML-KEM is based on the hardness of MLWE, a lattice problem with no known efficient quantum algorithm. NIST Level 3 (ML-KEM-768) provides ~192-bit post-quantum security. The hybrid approach adds a classical key — even if PQC is somehow broken classically, the classical component still protects.
OWASP Coverage — This Endpoint
OWASP Top 10 (2021)
| ID | Category | Status | Mitigation in place |
|---|---|---|---|
| A01 | Broken Access Control | Mitigated | No writable endpoints; all routes return read-only diagnostic data; default-deny vhost blocks unknown hosts |
| A02 | Cryptographic Failures | Mitigated | TLS 1.3 + PQC hybrid KE; HSTS enforced; ECDSA P-384 cert; AES-256-GCM preferred; no plaintext fallback |
| A03 | Injection | Mitigated | No database, no shell execution of user input; all output escaped via html.escape(); WSGI isolates HTTP from OS |
| A04 | Insecure Design | Mitigated | Security by design: least privilege, defence-in-depth, fail-secure defaults; no sensitive data stored; read-only WSGI app |
| A05 | Security Misconfiguration | Mitigated | Hardened Apache: server tokens off, directory listing off, mod_evasive, custom error pages, security headers enforced |
| A06 | Vulnerable & Outdated Components | Mitigated | Ubuntu 26.04 LTS; OpenSSL 3.5 (ML-KEM native); Apache 2.4 current; no third-party libraries in WSGI app |
| A07 | Identification & Auth Failures | N/A | No authentication mechanism; endpoint is intentionally public read-only within authorized lab scope |
| A08 | Software & Data Integrity | Mitigated | No external package dependencies; no dynamic code execution; WSGI app is self-contained and version-controlled |
| A09 | Security Logging & Monitoring | Mitigated | Apache access/error logs with client port; fail2ban jails; session history recorded; syslog forwarding available |
| A10 | Server-Side Request Forgery | Mitigated | No user-controlled URL parameters; internal probes (TLS probe, headers probe) use hardcoded 127.0.0.1 only |
OWASP API Top 10 (2023)
| ID | Category | Status | Mitigation in place |
|---|---|---|---|
| API1 | Broken Object Level Authorization | N/A | No object-level resources or identifiers exposed |
| API2 | Broken Authentication | N/A | No authentication — public read-only endpoint by design |
| API3 | Broken Object Property Level Auth | N/A | No user-settable properties; all fields server-computed |
| API4 | Unrestricted Resource Consumption | Mitigated | mod_evasive rate limiting; RequestReadTimeout; sysctl SYN cookies; fail2ban; UFW rate limit rules |
| API5 | Broken Function Level Authorization | N/A | Single function: serve diagnostic page. No privileged functions exposed |
| API6 | Unrestricted Sensitive Business Flows | N/A | No business flows; lab endpoint only |
| API7 | Server-Side Request Forgery | Mitigated | Internal probes use static hardcoded addresses; no user input reaches network calls |
| API8 | Security Misconfiguration | Mitigated | Same as A05: hardened Apache, no defaults, minimal attack surface |
| API9 | Improper Inventory Management | Mitigated | Single versioned endpoint per domain; no shadow or undocumented routes |
| API10 | Unsafe Consumption of APIs | Mitigated | No external API calls; internal probes (NTP, DNS, OpenSSL) are read-only diagnostic queries |
Security by Design — Implemented Principles
| Principle | How it is applied here |
|---|---|
| Minimise attack surface | Read-only WSGI app; no file upload, no forms, no database, no shell exec; default-deny vhost drops unknown Host headers |
| Secure defaults | TLS enforced on first connection; HSTS with 2-year max-age; session tickets disabled; PQC groups active without opt-in |
| Least privilege | WSGI daemon runs as www-data; private key mode 0600 root:root; app directory 0755; no root-owned writable paths in WSGI |
| Defence in depth | TLS (transport) + security headers (browser) + mod_evasive (rate) + fail2ban (IP ban) + UFW (network) — multiple independent layers |
| Fail securely | Errors return generic messages; server tokens hidden; directory listing disabled; WSGI exceptions caught and logged, not exposed to client |
| Avoid security by obscurity | Security depends on strong crypto (ML-KEM, AES-256, ECDSA P-384) and correct configuration — not on hiding server identity |
| Separation of duties | Certificate management (local Python script) separated from server hardening (server bash script) separated from application logic (WSGI app) |
| Fix security issues correctly | Configuration generated from validated templates with backup/rollback; each hardening step idempotent and logged |
Session Cipher History — Last 100 HTTPS Connections
Sessions recorded100
PQC adoption100/100 (100%)
Most common cipherTLS_AES_256_GCM_SHA384
Average cipher strength256 bits
Show session log
| Timestamp (UTC) | Protocol | Sym. Cipher ⓘ | Bits | KE Group ⓘ | PQC ⓘ | Fingerprint | User-Agent |
|---|---|---|---|---|---|---|---|
| 2026-05-12 19:38:07 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compat… |
| 2026-05-12 19:38:06 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compat… |
| 2026-05-12 19:37:16 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compat… |
| 2026-05-12 19:37:15 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compat… |
| 2026-05-12 19:35:05 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:35:03 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:35:03 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:35:02 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:35:01 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:34:55 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:34:54 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:34:54 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:34:52 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:34:51 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:34:46 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:48 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:48 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:35 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:34 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:33 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:33 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:32 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:31 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:28 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:28 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:24 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:30:22 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:55 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:53 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:50 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:48 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:13 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:09 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:29:09 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:28:58 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 19:28:58 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | — |
| 2026-05-12 19:28:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | lab-header-probe/1.0 |
| 2026-05-12 19:14:43 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML… |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML… |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 19:14:38 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | — |
| 2026-05-12 19:01:41 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:01:40 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:01:09 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:01:04 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 19:00:14 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 18:59:35 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 18:57:59 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:57:59 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | curl/8.18.0 |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | lab-header-probe/1.0 |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | SecP384r1MLKEM1024 | YES | 32fe1bc1b5a4fcf4 | — |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | — |
| 2026-05-12 18:57:47 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | lab-header-probe/1.0 |
| 2026-05-12 18:46:11 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:46:11 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:46:09 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:46:06 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:46:02 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:45:57 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compat… |
| 2026-05-12 18:45:52 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:45:49 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:45:41 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:45:41 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:45:25 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | curl/8.18.0 |
| 2026-05-12 18:45:25 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | curl/8.18.0 |
| 2026-05-12 18:45:25 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | lab-header-probe/1.0 |
| 2026-05-12 18:45:25 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | lab-header-probe/1.0 |
| 2026-05-12 18:45:25 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | lab-header-probe/1.0 |
| 2026-05-12 18:45:24 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | curl/8.18.0 |
| 2026-05-12 18:45:24 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | lab-header-probe/1.0 |
| 2026-05-12 18:39:32 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML… |
| 2026-05-12 18:39:31 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML… |
| 2026-05-12 18:39:29 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:39:28 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:38:14 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:37:31 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:37:31 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:35:26 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |
| 2026-05-12 18:35:20 UTC | TLSv1.3 | TLS_AES_256_GCM_SHA384 | 256 | not captured by probe | YES* | 17e96a4531c91f8b | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537… |