alawaelafrica.com/.ojnew/tmp/Y3VydC5sYXduaWNraUBkYWlraW5jb21mb3J0LmNvbQ==
65.108.234.151302 Found 119 B URL User Request GET HTTP/1.1 alawaelafrica.com/.ojnew/tmp/Y3VydC5sYXduaWNraUBkYWlraW5jb21mb3J0LmNvbQ==
IP 65.108.234.151:443
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject*.alawaelafrica.com
Fingerprint0C:96:6B:AB:EF:3F:05:6B:41:01:84:52:29:4C:B1:C2:93:64:EB:89
ValidityThu, 18 May 2023 17:04:53 GMT - Wed, 16 Aug 2023 17:04:52 GMT
File type ASCII text, with no line terminators
Hash 31016ead1ee0d139b8f0a5ee9cd5493f
435f98b35bc60026fbe9fd463737c01b7ab1fe1e
1e93cff449dcb80d000503bdd4054889de6868200e6d2d62e4c26819b19646b5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /.ojnew/tmp/Y3VydC5sYXduaWNraUBkYWlraW5jb21mb3J0LmNvbQ== HTTP/1.1
Host: alawaelafrica.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Fri, 26 May 2023 17:35:07 GMT
Server: Apache
Location: https://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
172.67.176.78403 Forbidden 3.7 kB URL User Request GET HTTP/2 0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
IP 172.67.176.78:443
Certificate IssuerGoogle Trust Services LLC
Subjectocupac.ru
Fingerprint55:23:8F:A1:07:E8:A6:35:20:AA:B3:68:A6:24:AE:D8:92:FD:5C:0C
ValidityWed, 10 May 2023 04:25:15 GMT - Tue, 08 Aug 2023 04:25:14 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1790), with CRLF, LF line terminators
Hash f51e2c2f0237ab8f309d02c0917698bd
e74ac302f4f58d6d5286250b1ab28cc7a976d0f8
9665a60ca37da0e3607c04886b9fd7c23c3efcc94173cbda11c23a6eadece803
Analyzer Verdict Alert fortinet Phishing
GET /Mcurt.lawnicki@daikincomfort.com HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 May 2023 17:35:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yjLpB1dSWI53FG%2Ff%2F3O5%2FFVnLlvubhL5KSEOvU5j%2Fe23eTmXN3c3riQ5OYD%2FzOGJAP7uKyUx1a58fxWSGB%2FhLSiXGOOIMgDm0%2Fmkz9GD5afI6Ud96RvI9NvQCf5UnVGhtpLBr1MW%2FQsejP8k0Urj7TET8Pg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7cd7c5d82fa7b4f4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd7c5d82fa7b4f4
172.67.176.78200 OK 42 B URL GET HTTP/1.1 0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd7c5d82fa7b4f4
IP 172.67.176.78:80
Requested by http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cd7c5d82fa7b4f4 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 May 2023 17:35:07 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Last-Modified: Thu, 25 May 2023 08:39:03 GMT
ETag: "646f1ea7-2a"
Server: cloudflare
CF-RAY: 7cd7c5d9fda2fac4-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Expires: Fri, 26 May 2023 19:35:07 GMT
Cache-Control: max-age=7200, public
Accept-Ranges: bytes
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cd7c5d82fa7b4f4
172.67.176.78200 OK 54 kB URL GET HTTP/1.1 0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cd7c5d82fa7b4f4
IP 172.67.176.78:80
Requested by http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
File type ASCII text, with very long lines (65536), with no line terminators
Hash f5c1e6c7bbea7e8dbd9ecefc9df73bc3
73f169a3e6b1fcfaaf44418060528abe798ac8d0
b70655678a54a1edcfff5432fd7456da483ca64c26ae1cc22764c8952c03763f
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cd7c5d82fa7b4f4 HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com?__cf_chl_rt_tk=m4Ego2onzsHTwYdyj51vA9Zr5BAeD6tqG2Fqzi8RWIo-1685122507-0-gaNycGzNBtA
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 May 2023 17:35:07 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cache-control: max-age=0, must-revalidate
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fJQ4XDKFs3iQeJNvZQrj%2FCIKZThyaskjtHfOitOibRl5fve90OpmGFJz5dd90UY1cOnhmdi%2BfbpHe2TbKKQ4hLqWvt4fWeQOGBBaN9c2ddxGmnGzTR539fk9fCVJXEwL2nDMUXY2IxUUHPOrqWLz4GmLpLg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cd7c5d9f8fb067b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
0gpilhhtlb646b2a32a499c.ocupac.ru/favicon.ico
172.67.176.78403 Forbidden 3.7 kB URL GET HTTP/1.1 0gpilhhtlb646b2a32a499c.ocupac.ru/favicon.ico
IP 172.67.176.78:80
Requested by http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1854), with CRLF, LF line terminators
Hash d57099f03c30c65c3b58846b73b67224
0376800ead2a4fa7e9405074c8f9cc4d12f8a695
f35c640cb766de4e90068c4fef4e58aa342d387dd1a4e4187bf1424c2c8a50dc
GET /favicon.ico HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com?__cf_chl_rt_tk=m4Ego2onzsHTwYdyj51vA9Zr5BAeD6tqG2Fqzi8RWIo-1685122507-0-gaNycGzNBtA
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 26 May 2023 17:35:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Cross-Origin-Embedder-Policy: require-corp
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Permissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
Referrer-Policy: same-origin
X-Frame-Options: SAMEORIGIN
cf-mitigated: challenge
Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UbyjEIMI7Kv%2F6XSlrXFD3rjdG%2FUmuTo%2FxSVqMbazgueQyP2YoVW04tFTOfIpSBtXN2zPw9YPxZbvioEcGAlcaTWa3ThnmkqoFpkewmHtcVqjrTpAhewtQU73BGX0ft0M4VyRK4OBh4ZC9taxMy27RnOB1M%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7cd7c5da3922067b-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/457718423:1685120960:RLtvvQvAivwxzluhlSaCTEY8ThRjMD6RtPJTrxZEaJY/7cd7c5d82fa7b4f4/cb68928145c783a
172.67.176.78200 OK 5.6 kB URL POST HTTP/1.1 0gpilhhtlb646b2a32a499c.ocupac.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/457718423:1685120960:RLtvvQvAivwxzluhlSaCTEY8ThRjMD6RtPJTrxZEaJY/7cd7c5d82fa7b4f4/cb68928145c783a
IP 172.67.176.78:80
Requested by http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
File type ASCII text, with very long lines (7400), with no line terminators
Hash 6fb9fc71204c21b6e4ff885272a31d6b
c6b3f9d9a12243c834c94d648813641052334c01
613ac7b0aaa6f55997f689d0a872d1fd0a86d720ef3692dd08874ed0b3048d76
Analyzer Verdict Alert fortinet Phishing
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/457718423:1685120960:RLtvvQvAivwxzluhlSaCTEY8ThRjMD6RtPJTrxZEaJY/7cd7c5d82fa7b4f4/cb68928145c783a HTTP/1.1
Host: 0gpilhhtlb646b2a32a499c.ocupac.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
Content-type: application/x-www-form-urlencoded
CF-Challenge: cb68928145c783a
Content-Length: 1797
Origin: http://0gpilhhtlb646b2a32a499c.ocupac.ru
DNT: 1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 26 May 2023 17:35:08 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
cf-chl-gen: baoYglAd+NqPyvCJm+PO0GCKDkD8RtWVCfezsVSD663Ha1inQ53axN3hbEp+gLmu$p8ZuhTHXDDgu1CsJzPZdHQ==
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Be64ZeuFebaRi203sKK3xrSoypvrjDSem27My7QPm703oNbr92vI%2FwgVCKjieA7XN1JR9r9NURpzeKx2mTLVfiyY0gGh7%2Fn1dPVGpcLX%2FFPESVWLBWm70coYZjc2Cxx8lznILtoyqbdl3567PQZ%2FTcObgBg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7cd7c5db6e97fac4-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
104.18.6.185200 OK 24 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP 104.18.6.185:443
Requested by http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)
Hash 8cbe25127e7847f8dc011f5b5265ab4b
61a1f9ec85ab84c48626116e5f6cad1e0903c404
7b34528597043d73c73d52ad0df2003219069f3476cb47f36a5df7e635982bb6
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:35:08 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7cd7c5dbcab2b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cd7c5dbcab2b512
104.18.6.185200 OK 155 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cd7c5dbcab2b512
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 155 kB (154774 bytes)
Hash 031265cf09707ad35fe80685a0f954f1
367b29e1e3f4b6340bbeef7cf38328efc5e0d46e
aad0a76a5701c4ab5617c31e31bc1e6dff6e0b1ef29d0476766f2efabdce2697
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cd7c5dbcab2b512 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:35:08 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7cd7c5dc7ba7b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cd7c5dbcab2b512/1685122508467/2Y6BapwdyMbnwIm
104.18.6.185200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cd7c5dbcab2b512/1685122508467/2Y6BapwdyMbnwIm
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 84 x 51, 8-bit/color RGB, non-interlaced\012- data
Hash 3f4a7b11be5e69a2c350e9bf200ce0a5
a9f87513aa4bdd7d1f390a39fd3b88c79bb9b417
5567c07eca9b2fc64768c9cefe4c04b177ba095a59677d633e7fab7760e73698
GET /cdn-cgi/challenge-platform/h/b/img/7cd7c5dbcab2b512/1685122508467/2Y6BapwdyMbnwIm HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:35:09 GMT
content-type: image/png
server: cloudflare
cf-ray: 7cd7c5e17c74b512-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/802193593:1685121038:Nk-wxMSCDvHPmt53Qk0w5yA5JbaGF7_d5Dnq8Qy_BAI/7cd7c5dbcab2b512/13c6fb49ff306f9
104.18.6.185200 OK 134 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/802193593:1685121038:Nk-wxMSCDvHPmt53Qk0w5yA5JbaGF7_d5Dnq8Qy_BAI/7cd7c5dbcab2b512/13c6fb49ff306f9
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 134 kB (133516 bytes)
Hash 76de5fe6bb9184306775816c3c9c1d67
86a340be93378d7c8271a99dd381b30b7b6ac122
ec3bcfdb7e986c167ece51d690a98416c12f5dc18a718503863a9a1f8603950b
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/802193593:1685121038:Nk-wxMSCDvHPmt53Qk0w5yA5JbaGF7_d5Dnq8Qy_BAI/7cd7c5dbcab2b512/13c6fb49ff306f9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 13c6fb49ff306f9
Content-Length: 2801
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:35:08 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: VfQMQOP0P2SFWBAiwJEYgSKgWSCXsK8wZgqFC8O0gonIueNIOppxg5vnRKBo3Kv6pQ30ne75VE9ReBPJsueZcURyQwQ794UdtY0cjzoT3sQqMv5Wt+gks/+VNWaYEzUYcaa1ts5IfBJ/jIdMkdb1pX5rwb4IQ2xluGSxdeyZ0i4KZWoTbDlZEolEZUaDUdowmhtIlFMl/1Ezd+RM9igXX5obLfCOBqlHv1AcW1QuqS0vQF9+4x+zwulpUo9sbhuX0acmI3M/Mwqqc8MIXWyNikVjUnGmWKgK269HDmskk3BaSdJSprxtN6xEsK1ioYFKkyE6XvyfSo4wLcDLbRtFCTRZSkmYnL2zcE3/+oBdubE=$/HaX4TP98vgC+1utE+9hSw==
server: cloudflare
cf-ray: 7cd7c5ddde56b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/802193593:1685121038:Nk-wxMSCDvHPmt53Qk0w5yA5JbaGF7_d5Dnq8Qy_BAI/7cd7c5dbcab2b512/13c6fb49ff306f9
104.18.6.185200 OK 13 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/802193593:1685121038:Nk-wxMSCDvHPmt53Qk0w5yA5JbaGF7_d5Dnq8Qy_BAI/7cd7c5dbcab2b512/13c6fb49ff306f9
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (13224), with no line terminators
Hash 29d094941644e7dd3b60586a318d9087
17c935a34df0fc2603492240d09ce2b1e1861a9e
06692661492842149845cfae3d6a19969f0c4a8dcf187093f458e42411ac5f7f
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/802193593:1685121038:Nk-wxMSCDvHPmt53Qk0w5yA5JbaGF7_d5Dnq8Qy_BAI/7cd7c5dbcab2b512/13c6fb49ff306f9 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/c36tu/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 13c6fb49ff306f9
Content-Length: 17865
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 26 May 2023 17:35:09 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: DS2+vJqa9MGsqtaWIzOFd6sXV2Iiz21Eqr45leTtfRi46ap2JmBQJCi/oWnoANy0$2hdRyryXuiXVr+UD63yE1w==
server: cloudflare
cf-ray: 7cd7c5e2cec9b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185200 OK 16 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:443
Requested by http://0gpilhhtlb646b2a32a499c.ocupac.ru/Mcurt.lawnicki@daikincomfort.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (15748)
Hash 2a1262ba5cd32899831d483322a28dd7
3805876db8773ed5820043e1f39b0b6c049f61b2
2e1e45b1d429b2d703676139932fe97b7ffc7986e6d0221653a7404e4c3032f0
GET /turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://0gpilhhtlb646b2a32a499c.ocupac.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 26 May 2023 17:35:07 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cd7c5da9c121bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2