benaturalfitnese.sa.com/new/auth/sf_rand_string_lowercase6/ZXJvZHJpZ3VlekBudXRyYS1tZWQuY29t
162.241.69.179200 OK 0 B URL User Request GET HTTP/1.1 benaturalfitnese.sa.com/new/auth/sf_rand_string_lowercase6/ZXJvZHJpZ3VlekBudXRyYS1tZWQuY29t
IP 162.241.69.179:443
ASN #46606 UNIFIEDLAYER-AS-1
Certificate IssuerLet's Encrypt
Subject*.benaturalfitnese.sa.com
FingerprintF5:B4:8B:5E:FE:26:11:E8:3D:9B:A1:D6:0A:AD:21:4C:05:29:95:20
ValidityThu, 01 Jun 2023 09:13:09 GMT - Wed, 30 Aug 2023 09:13:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /new/auth/sf_rand_string_lowercase6/ZXJvZHJpZ3VlekBudXRyYS1tZWQuY29t HTTP/1.1
Host: benaturalfitnese.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 08 Jun 2023 16:19:10 GMT
Server: Apache
refresh: 0;url=https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d427482cfa21c0a
172.67.212.134200 OK 42 B URL GET HTTP/3 tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d427482cfa21c0a
IP 172.67.212.134:443
Requested by https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Certificate IssuerGoogle Trust Services LLC
Subjectcasagr.ru
Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09
ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7d427482cfa21c0a HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: image/gif
content-length: 42
last-modified: Tue, 30 May 2023 15:20:42 GMT
etag: "6476144a-2a"
server: cloudflare
cf-ray: 7d427483a8e7b4ed-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Thu, 08 Jun 2023 18:19:12 GMT
cache-control: max-age=7200, public
accept-ranges: bytes
tg99cjqxtr647a2a44d78d6.casagr.ru/favicon.ico
172.67.212.134403 Forbidden 7.2 kB URL GET HTTP/3 tg99cjqxtr647a2a44d78d6.casagr.ru/favicon.ico
IP 172.67.212.134:443
Requested by https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Certificate IssuerGoogle Trust Services LLC
Subjectcasagr.ru
Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09
ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7382), with no line terminators
Hash d99f8650938a4a8bec9752514183b235
63a6b7ceb8c781d2a1d49b0207e77abbfef9e56f
ca47d3b4a30e8e2f2719c505679f9df5b5e3636f7de68cd45898f3f60ef199c1
GET /favicon.ico HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com?__cf_chl_rt_tk=uWqbCIThxadZmsfPI5w2f03sMY1tvHsE71rc9qqW1g4-1686241152-0-gaNycGzNDZA
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5N633E%2FlP3KHDR9reDfSVaJ5KaAcL%2FRFqzLvFqKN1bgKuqHYG6sxtceu5UGyef%2BK7YDKmP1TRrj%2FRfk8nmLt8IACfYgi5uA2mXF%2F45y%2FSO8fSpsmQyMOXLVWrOrkZDwBbS90sm8kuW4%2FBsYw3V%2FXwpHnhpk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d427483d943b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
104.18.7.185200 OK 24 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP 104.18.7.185:443
Requested by https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)
Hash 39d9e3f1c81317ce69c1877f3230d21f
0f8445cde02fbde3c4a1d80b8d4bd0e2aa26dd9e
9ec122805b8760e1e8371b1fda506b33d017382abebffec401aef1cf175c979d
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7d4274854f7eb518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/103261460:1686236917:8keodcS2DOXTSB4YDYlPL0_S-VwZghsSVijAIHj1cBg/7d4274854f7eb518/9c03743e79e954a
104.18.7.185200 OK 144 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/103261460:1686236917:8keodcS2DOXTSB4YDYlPL0_S-VwZghsSVijAIHj1cBg/7d4274854f7eb518/9c03743e79e954a
IP 104.18.7.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 144 kB (144236 bytes)
Hash a27a179c53f4b6cfee7888f68454aba8
32f42d9ce7d3c06afb154da31f352e3326b4db67
ac4282c9ba7a2083da507ffbdc4c091c23ca8a492375e4dd889606f7a67391c4
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/103261460:1686236917:8keodcS2DOXTSB4YDYlPL0_S-VwZghsSVijAIHj1cBg/7d4274854f7eb518/9c03743e79e954a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9c03743e79e954a
Content-Length: 2995
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:13 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: uHrm2eH5r4w50PeDtIoSr8BA/QeP2JOfWkVOR9nE+6LaOzck4g02PyrN2sRFrJ/AnPIb6pc+YLXt9Uxfe3O5vvGAw1RBngbeZ9Zhp4MS+73gl6rtcI3BqDIOr6k1h2yQJBFF06QIbF7IxMmT1+q9wWb0UwftOCq8ueuhfDy5/eSLfZbNY+Sx3nJ4Tu/OAbENYSUMeAmxT3CHM2vmXjAx0fIQpLrPCzfFLXIL+jBhQMeNgiZSeVqokuNr2NiZMgOuHxMtEPNb1SGwanCuiwEbYv9sBPqx46VdEIj0ZnRRcNKTLv+8TUiLKp4W4Am96BkZxYO0E4D7Ldz3BJDhOxohRtVCTcuMe/sRkEkvNwQx4jpRnQOJ5KMg0UOynqU3fNgRSEnMdzytmADim78qsKZtqe6R8vtKHhknKa4M4MO14aM=$CTGy+jg+gQNeUcRhvrQ7AQ==
server: cloudflare
cf-ray: 7d427486f990b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/103261460:1686236917:8keodcS2DOXTSB4YDYlPL0_S-VwZghsSVijAIHj1cBg/7d4274854f7eb518/9c03743e79e954a
104.18.7.185200 OK 13 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/103261460:1686236917:8keodcS2DOXTSB4YDYlPL0_S-VwZghsSVijAIHj1cBg/7d4274854f7eb518/9c03743e79e954a
IP 104.18.7.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (13272), with no line terminators
Hash acfea821c2362f692e2d98eed876faa8
d7e7030d3e4dc539a6aa73d93e0af0072b48ce97
c9f92a091bdbcc04269cc97427772eb99ee54d1e49865aec4aa23805c5e5ea38
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/103261460:1686236917:8keodcS2DOXTSB4YDYlPL0_S-VwZghsSVijAIHj1cBg/7d4274854f7eb518/9c03743e79e954a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9c03743e79e954a
Content-Length: 28511
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:16 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: ptY6I+G3JTH6ud+ylY51P7oXkNIUo7g5w4p/rKGMzI3QaM+YFIPLK9tYLnq4jhVB$RjZNy22inZu9dxMcVKwmPA==
server: cloudflare
cf-ray: 7d4274918ea3b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7d427482cfa21c0a
172.67.212.134200 OK 181 kB URL GET HTTP/3 tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7d427482cfa21c0a
IP 172.67.212.134:443
Requested by https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Certificate IssuerGoogle Trust Services LLC
Subjectcasagr.ru
Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09
ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 181 kB (181332 bytes)
Hash c2a9720caa0550d126222dd4439f65ad
249682902ece58b4bd9fffe672d04b995be9a6bb
7a4d5cb504259ebfb4b2f9013ab1a667a709a3fa8a124444b53b927e1070bf6d
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7d427482cfa21c0a HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com?__cf_chl_rt_tk=uWqbCIThxadZmsfPI5w2f03sMY1tvHsE71rc9qqW1g4-1686241152-0-gaNycGzNDZA
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pua5PYkmwugrwTXoBUzbCIzuTgl3TPfBCGPScq%2FZN7JocSuXlPtqpSVvRvP2hXQ5K8IGQsz3MpjtD3f5O0cjcXYhY4UNgtiyGtAF9noHPd99TOc%2FEThliA5hHKVx1C%2BiXV9lZTDS2W0Mxo%2B%2BwUyX6umETkU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d427483b906b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/turnstile/v0/b/5da7637f/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.7.185200 OK 19 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/b/5da7637f/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.7.185:443
Requested by https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (19127)
Hash 47d9ed8b2fddb896e78dbbb2d7e76c90
8a69d2673bb54f4491c241a1d7efa686e6e9a817
2760f96d3b7629100aee1cb3ec7c47a3b6f0dee1152c339dc91a6fd67cb87887
GET /turnstile/v0/b/5da7637f/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tg99cjqxtr647a2a44d78d6.casagr.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d4274844eceb515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1523677691:1686237050:C0fBenM4fnKoGhozJlX-xN3mUQvvNZdFW6KO3APQJto/7d427482cfa21c0a/9bd43a8f465849f
172.67.212.134200 OK 7.7 kB URL POST HTTP/3 tg99cjqxtr647a2a44d78d6.casagr.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/1523677691:1686237050:C0fBenM4fnKoGhozJlX-xN3mUQvvNZdFW6KO3APQJto/7d427482cfa21c0a/9bd43a8f465849f
IP 172.67.212.134:443
Requested by https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Certificate IssuerGoogle Trust Services LLC
Subjectcasagr.ru
Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09
ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT
File type ASCII text, with very long lines (7704), with no line terminators
Hash 866e317abb1514e39d117ad8f9b41a36
c9fa5bf6b52d8ed77efcd4e5589d3a81ad2fd11d
c22d94138be3a39c2c428c954b5899fbb1bde900c657277e7a9d015d2f8a80c1
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/1523677691:1686237050:C0fBenM4fnKoGhozJlX-xN3mUQvvNZdFW6KO3APQJto/7d427482cfa21c0a/9bd43a8f465849f HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
Content-type: application/x-www-form-urlencoded
CF-Challenge: 9bd43a8f465849f
Content-Length: 1823
Origin: https://tg99cjqxtr647a2a44d78d6.casagr.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: yiqxFiuTh3n6c8LhFzyoD4+XCJHrZVkNqASzfHa+MJJrhyvuLTZ6EJD9yqTUHa3j$GDfCx39SDmHdOWRryQEd1A==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7tVYBVRELcVnsnwSqXbrjypq46gAsOXSc2yXRCXHMAOnxM8zfGcyuMa0IbeCfW%2BQvRuz%2FntD3rMbcHPb%2FWm4eOtWbMuJdreU1qiAK9A1i3jCkT%2FBi6LbXhdDWmZN3P%2F4ot6AWrzEV3kM%2BNuKVyQdnbLV94%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d427484da95b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7d4274854f7eb518
104.18.7.185200 OK 183 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7d4274854f7eb518
IP 104.18.7.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 183 kB (182680 bytes)
Hash 27d165aba49c3c921d6cb0c098c6be81
a16227fc5c17cec4ae609092aa31316b1a46cd25
b28de13cd7be004bf9218a255810bff9acf85697d1e3884a6eb552f783bb1f31
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7d4274854f7eb518 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7d427485aff3b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
172.67.212.134403 Forbidden 8.2 kB URL User Request GET HTTP/2 tg99cjqxtr647a2a44d78d6.casagr.ru/Merodriguez@nutra-med.com
IP 172.67.212.134:443
Certificate IssuerGoogle Trust Services LLC
Subjectcasagr.ru
Fingerprint5E:EB:99:7F:EB:19:12:0F:D0:30:78:09:34:F1:37:14:0E:1E:A9:09
ValidityWed, 10 May 2023 10:30:47 GMT - Tue, 08 Aug 2023 10:30:46 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8383), with no line terminators
Hash a151ad0924be7d11ed927c8de2138690
407ffa9a4be8792ab8f975f176d1d9ec95da5e0c
54a07916aff758f7cba2b4724a6d6c2c2a430d303c591401a297215484dcbcf8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /Merodriguez@nutra-med.com HTTP/1.1
Host: tg99cjqxtr647a2a44d78d6.casagr.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Thu, 08 Jun 2023 16:19:12 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKCrHMKyX7Oakd8ggXLY2xFzL1k97oX0lDDBNwAUJeHvyZbyUxKALcBQ50%2FVFjJ2d4kzl0RT3yQbGeWgxNirxvxpgImbnsjR0q9wr6v6rKtGZIYrg2e2Uw5qYW1vBfI8QX2H58vdFJONUJ3g%2BSjQV7gj1Eo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d427482cfa21c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7d4274854f7eb518/1686241153126/DIZjaIt9veohHqC
104.18.7.185200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7d4274854f7eb518/1686241153126/DIZjaIt9veohHqC
IP 104.18.7.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 7 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 7c33eca752303bca428f7e770ea0cdb9
9f249bcd7e27da2a75d319f829ea37046527b657
ddc20070fcfff3de1d6930a3afd220fb905c095ffa9c68ce2630d3e105de4732
GET /cdn-cgi/challenge-platform/h/b/img/7d4274854f7eb518/1686241153126/DIZjaIt9veohHqC HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 08 Jun 2023 16:19:13 GMT
content-type: image/png
server: cloudflare
cf-ray: 7d42748c6854b518-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7d4274854f7eb518/1686241153126/828b8269253dcdd58853fa2f2f355554062f2f864d63cb5b8be98b254ac195a2/I9jBsSm-s5Rknpv
104.18.7.185401 Unauthorized 1 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7d4274854f7eb518/1686241153126/828b8269253dcdd58853fa2f2f355554062f2f864d63cb5b8be98b254ac195a2/I9jBsSm-s5Rknpv
IP 104.18.7.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/7d4274854f7eb518/1686241153126/828b8269253dcdd58853fa2f2f355554062f2f864d63cb5b8be98b254ac195a2/I9jBsSm-s5Rknpv HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/poifm/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Thu, 08 Jun 2023 16:19:14 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20ggouCaSU9zdWIU_ovLzVVVAYvL4ZNY8tbi-mLJUrBlaIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAojBPEhHbcKehbsRgb6MQwTLnz6FfOWY3U7htx8zvI-_YjK6t2DJdiGR2PgLAZTWqUHvv7eW53jhfv6u2qjbB0GhscHTQPn82jBzC5A9LjI7Y6_IOaPVsbnKqPWxPTNAND0HPMBt1t_vRUWrh142sUJwPDLdW4nQ04c-fuBJFSbNk1hDr8_t-WuQKb52Kf7pyde3Nvk_e6oJs_Ebm1EZ_XYcove1AKMrM5Mf0rIsbI8gZRw1qcUtHJZN12i5le0Ocw6qj2gfeojfbTcmwDgUscUtJTnFKFGTMiRrV2rc2F_oAwbqOCH6BSKzO54OWUwWXFfQ8upcvrBhu6JWg-MBRBwIDAQAB, max-age=20
server: cloudflare
cf-ray: 7d42748da9eab518-OSL
alt-svc: h3=":443"; ma=86400