kornecta.com/fromf/freedom/e2on2z/ZGF2aWQuYm93ZW5Ad2luY2hlc3RlcmNhcGl0YWwuY29t
0 B URL kornecta.com/fromf/freedom/e2on2z/ZGF2aWQuYm93ZW5Ad2luY2hlc3RlcmNhcGl0YWwuY29t
IP
ASN #46606 UNIFIEDLAYER-AS-1
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /fromf/freedom/e2on2z/ZGF2aWQuYm93ZW5Ad2luY2hlc3RlcmNhcGl0YWwuY29t HTTP/1.1
Host: kornecta.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:45:07 GMT
server: nginx/1.23.4
content-type: text/html; charset=UTF-8
content-length: 0
refresh: 0;url=https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
cache-control: max-age=300
expires: Tue, 03 Oct 2023 13:50:07 GMT
vary: User-Agent
x-endurance-cache-level: 2
x-server-cache: false
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
200 OK 25 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type Unicode text, UTF-8 text, with very long lines (65306)
Hash abe91756d18b7cd60871a2f47c1e8192
7c1c9e0573e5cea8bad3733be2fc63aa8c68ea8d
7633b7c0c97d19e682feee8afa2738523fcb2a14544a550572caeecd2eefe66b
GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0"
content-encoding: br
accept-ranges: bytes
date: Tue, 03 Oct 2023 13:45:10 GMT
age: 9863953
x-served-by: cache-fra-eddf8230097-FRA, cache-bma1638-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 25360
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js
200 OK 34 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/g/dffb14d6/api.js
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (33998)
Hash cc3e43876d80dbb4f1bff1e8b15a9c60
3b43cbd347df372f7c1daf463b1229e4a8849195
06d063d7e58bade3ae244489087afa82f9f7c59276cdd7dcfbb2a9b5b600c5da
GET /turnstile/v0/g/dffb14d6/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:45:10 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 81059fc38fb756cc-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
985s4vtickbz5n0ptk3c.lf7ktpe.ru/favicon.ico
404 Not Found 1.2 kB URL GET HTTP/3 985s4vtickbz5n0ptk3c.lf7ktpe.ru/favicon.ico
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1274), with no line terminators
Hash 8c16945397b2ea2fa974494c910f6d08
87289c714f1955cc0a4b8d0f5319bf0dcf771141
16782bd72a33f1963efb1d59aa17f964a604235a255e51dd4aafe0e0587040c6
GET /favicon.ico HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
Cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: text/html
cache-control: private, no-cache, max-age=0
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DUAppX01kSZs5XDnn1SWVYxukdQn%2BouzD4u27NpNejPQuCBPPs1yaYj%2FFlGuhlu%2B4jVnP2JIDXAEXeFhlml%2BH8fjIq3VqEJcJO4s39%2BC9jx1dQSpdgiOyBRnlYh3s7cxcQjcT%2FnRiAfSt5PkrJ6FBlw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81059fc4e90556c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
985s4vtickbz5n0ptk3c.lf7ktpe.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
302 Found 7.3 kB URL GET HTTP/3 985s4vtickbz5n0ptk3c.lf7ktpe.ru/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 302 Found
date: Tue, 03 Oct 2023 13:45:11 GMT
cache-control: max-age=300, public
vary: accept-encoding
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g8bPswyzPjSEa32sMczq%2FxyoPExGAlmLteeJK1hOTNy8NjHuNZK0hwGfWgGfDsrlczYUnxz7dPBG741SWW12fMtKheo76kfj%2BJucMgTEZ7r5LAeiN9VdIIyCpxsA%2BN2CNR%2BOKTQuqBg3flgXIco2zlwr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81059fc4e90956c7-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=81059fc4ef065690
200 OK 172 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=81059fc4ef065690
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 172 kB (171481 bytes)
Hash 5dac8a3a396513a555644e108ec92de8
b23047cb1ddd42877be708c2643de5e89e1063d9
04ae3ed165fd03127cc61c8b0ac43486eb60e53bc1f158ace31f3493b69fc27a
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=81059fc4ef065690 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 81059fc5cfd55690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1471452382:1696338529:BiwmbvM2TdET5_ROzxTFDN42MdWnnnu16hH65Ll-3YA/81059fc4ef065690/42222566656c83d
200 OK 87 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1471452382:1696338529:BiwmbvM2TdET5_ROzxTFDN42MdWnnnu16hH65Ll-3YA/81059fc4ef065690/42222566656c83d
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash 09055c1b09871ae5a597e84d5403145c
873d9dc9655ef8f149d4ecfd3b9b7a6bef6c1031
2a5894a16aae463427ce8e09a690c924c04108ec4ae77607dc64933764db7fe2
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1471452382:1696338529:BiwmbvM2TdET5_ROzxTFDN42MdWnnnu16hH65Ll-3YA/81059fc4ef065690/42222566656c83d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 42222566656c83d
Content-Length: 2922
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: uZAf+f1zCtrw1V0vBAT2kxPUNntup97gfKdbusTXsCyYewQBriFQY7lc8A2XPg0o45g6NfnTRRHtm5b/8nirxTfYvFqJa236eBCMrCbbivO2AKSWwQImOIZSqQomp2msdOTEHC0WdvD/zEaihGEFocby46Vi7wdxNWR4JGiT685WfKxeWjt7ztxZwzFkT+IeiocqDf9dMk/MfDGT5f+dZFSUyls/WA4DJqLVgdHiNjniwqUl/4gq+v1aer/RccR2yYoS0PAoWXITG3KnL3NMiJxBBBc1iEQz87RMuz36hQUONo7GFGi3W7/P8U/UXQu0Vf5f8BpiPmk4brh9HaV2lEr8N81sEtGr7r9vHmEgVN9yDbwmLDHoUkfLlKUn/+PF$ZqTEavFu39Mfe1KJQ/qt6g==
server: cloudflare
cf-ray: 81059fc799c25690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/81059fc4ef065690/1696340711628/fbSmVUx_USq3apa
200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/81059fc4ef065690/1696340711628/fbSmVUx_USq3apa
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 94 x 73, 8-bit/color RGB, non-interlaced\012- data
Hash a1fe31d973a627959251cd371317a225
c09d17a3f348d468eae1ae6bd45bc8d24eb23fb7
2106a4ec8e043d84f3664ad2001275c2cc6934a7b7293c7035f5f8b420d6c06d
GET /cdn-cgi/challenge-platform/h/g/i/81059fc4ef065690/1696340711628/fbSmVUx_USq3apa HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:15 GMT
content-type: image/png
server: cloudflare
cf-ray: 81059fdd0cf75690-OSL
alt-svc: h3=":443"; ma=86400
985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//5rmlQwqRKgu
200 OK 0 B URL POST HTTP/3 985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//5rmlQwqRKgu
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /o2p1//5rmlQwqRKgu HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
Content-Type: multipart/form-data; boundary=---------------------------34549784342319908315723387790
Content-Length: 748
Origin: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc; cf_clearance=A_yxi02CaQwvc2z4Ay4fHVkXlYRNY71AhY26tOaCiUs-1696340711-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1696340711
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:20 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aZiqbZdCMqu4of5HwWrB6Smq3STctqyaK8z3a4p8Qiv9dAPNWPyQ7gnX%2Ba1jvQRZsACMFlVdoz5MKdkHD85d7GuTZVacck5pOW0BURHCzOjEJKR3Dk1uMUzQ9C%2FY%2BRlJcmDMgxfAsB8NYXC%2FLOPdpEw9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81059fdf08d456c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
0 B URL User Request GET 985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
IP
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /o2p1// HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc; cf_clearance=A_yxi02CaQwvc2z4Ay4fHVkXlYRNY71AhY26tOaCiUs-1696340711-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1696340711
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
985s4vtickbz5n0ptk3c.lf7ktpe.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
200 OK 7.3 kB URL GET HTTP/3 985s4vtickbz5n0ptk3c.lf7ktpe.ru/cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
File type ASCII text, with very long lines (7307), with no line terminators
Hash 428bbf867d79e51d914ce8c4fece20e3
367d7439e9586f448e45ba0f8347c5de0fb6874d
74db9d967d201afa95d66e9d9c701620f6825248a9bd3387034fd0de41ab61e5
GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/dffb14d6/main.js HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4cb14GVACm%2FTiyWkXEuPaTO8aLUqRy4Z%2BTFdZMSECOxLy0aISVokyIV8ckuZ2leYGc7%2F2eOrRopKo6tPLq5FAEOgcmxAOFQKhHNJ0AO4iwtuHf50a69%2BHo%2BH4mMXFg2JVMMKidB%2BjpzonNA4kQNeFX42"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81059fc5295a56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
985s4vtickbz5n0ptk3c.lf7ktpe.ru/cdn-cgi/challenge-platform/h/g/jsd/r/81059fb01f2156a8
200 OK 0 B URL POST HTTP/3 985s4vtickbz5n0ptk3c.lf7ktpe.ru/cdn-cgi/challenge-platform/h/g/jsd/r/81059fb01f2156a8
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/challenge-platform/h/g/jsd/r/81059fb01f2156a8 HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12296
Origin: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru
DNT: 1
Connection: keep-alive
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
Cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: text/plain; charset=UTF-8
set-cookie: cf_clearance=A_yxi02CaQwvc2z4Ay4fHVkXlYRNY71AhY26tOaCiUs-1696340711-0-1-69b0ef05.6b0d8b6b.438cce4a-0.2.1696340711; path=/; expires=Wed, 02-Oct-24 13:45:11 GMT; domain=.lf7ktpe.ru; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xj8ufyRgVyqkxS5KH4FwyQ9BjMrk0DgCDDQAHvGU44g8O42Tfsj8kYL8jAgbO%2FWow5LR%2FKsK5XKuzUoFxbWUBvIFqMf2Lyl8GztcqZNPCtRoI0nQwoud1eu7RHH0IWinxtH6aF%2BlTvfFvesWY6TGrVEK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81059fc6baca56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1471452382:1696338529:BiwmbvM2TdET5_ROzxTFDN42MdWnnnu16hH65Ll-3YA/81059fc4ef065690/42222566656c83d
200 OK 3.5 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1471452382:1696338529:BiwmbvM2TdET5_ROzxTFDN42MdWnnnu16hH65Ll-3YA/81059fc4ef065690/42222566656c83d
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (3512), with no line terminators
Hash 13664874ccd28e483e1f4a3c21fed3a2
d9d47a9afef5bae8782b2e045322806319f7cb8b
14bde7a524306f97c55ca522ef565742f7e00abdf7c626bfe0206c58a4f5412c
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1471452382:1696338529:BiwmbvM2TdET5_ROzxTFDN42MdWnnnu16hH65Ll-3YA/81059fc4ef065690/42222566656c83d HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 42222566656c83d
Content-Length: 25744
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:15 GMT
content-type: text/html; charset=UTF-8
cf-chl-out: fyAdmvktRqVjyXUvnHY1x+qx6CXBqQ9QAQHmmLmambvPwRiOwP4pa4r72gXZt1dZfvBZLHKV5+O/CJA+we61Iz/Vo5HD17nc9rlzhj+Z2gr9cuCWugjyFh7St36QRrEf$/8G63lvwyMHr+3+q1dn2Bg==
cf-chl-out-s: 2RWzAUdrXUJrIkThDrD7GbyCcasIH9tGnF82fBttbtNqq+RxJWQRej3PmpBLj64huuO8S4iXYbn4ZmjGa72QRSOHWd+xcDO9o+QUsxS/PpUX7muPzB/fQUKLKlCHsDVhVspaylDy4Gb7TM2qxYfwUz5jqB62kp8S6uCdPJL5Ao5P8FRolc374C6SSH51p4T6Ik1gvUyWC9KLT4cTWJOoi/7ssZRJosAteSviplZ1X0A3OEEmOE9NyxoQWDflTIFZpuAOHJ4212E5EOYG8jZ3vA==$E97lyAh3sGw6lRNef7mkkQ==
server: cloudflare
cf-ray: 81059fde9e555690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
200 OK 8.4 kB URL User Request GET HTTP/2 985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//
IP
Certificate IssuerGoogle Trust Services LLC
Subjectlf7ktpe.ru
Fingerprint26:26:1E:7E:DB:42:CD:BE:6C:29:BB:9E:8C:E9:99:2A:30:7F:B1:EE
ValidityWed, 13 Sep 2023 20:53:16 GMT - Tue, 12 Dec 2023 20:53:15 GMT
File type HTML document, ASCII text, with very long lines (8360), with no line terminators
Hash 88d36604136867da572093c52c8649f9
6b8e6f930a108eb600e48ed58da686f2a9db67b3
b2868b6cb83dd85f4b19b9f69ab246655ecd3927c2c292dc93f2f10769cf0d1c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /o2p1// HTTP/1.1
Host: 985s4vtickbz5n0ptk3c.lf7ktpe.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 03 Oct 2023 13:45:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: PHPSESSID=rkmuc9g2uri1ojmm7c971d29uc; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vYwocMV0WSM0cpAvGM5Kay73usA7T9piJxvkJSFK67JoDBMRdiSuWZTDVbn6oxEL9AlAjH61cxwJOqVNKKGq5EDnYFKYoM8zvAEwPBzj1yp55nimbbQQPfq2ZHKN8tp1PK2MyDw3fftzXfT3%2FoLmrrW6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 81059fb01f2156a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
200 OK 28 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (14577)
Hash 31e2e2282040e5ee2015703b3be6ec65
95f4367e57bdbcd7055c6f71fa85a67374df0d62
b7aafd211afc9c8b16f8c98aa4575f02622d22e71e993b21ec65489009feb006
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 81059fc4ef065690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/81059fc4ef065690/1696340711627/22b4108daf672958907fbed25f5eaf38d48734303e998002bf1bf0873c941096/D5rOteZtAWejL-O
401 Unauthorized 1 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/81059fc4ef065690/1696340711627/22b4108daf672958907fbed25f5eaf38d48734303e998002bf1bf0873c941096/D5rOteZtAWejL-O
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/81059fc4ef065690/1696340711627/22b4108daf672958907fbed25f5eaf38d48734303e998002bf1bf0873c941096/D5rOteZtAWejL-O HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Tue, 03 Oct 2023 13:45:15 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gIrQQja9nKViQf77SX16vONSHNDA-mYACvxvwhzyUEJYAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAmwecnC9kG_Fj0JIwT3ZpvO_cMGClNgn70CbP_OAQtwOOEcI1r2Po8y80NqJxALuKmNWFbryz6_VdAlXOZboOVMLHCEbOy5q8d_6d0jdvr4gWOR2YS8ZTEnOkoT2a55wMVFQXjZEnncYNLIkkVvnJf6yMVipGTtubyCfc5cpfJd_D1ZgRw1IBDxoldOFSszBBZ4ZnflsRf89fe_8GxaiKG0TJLywsU6KjsU5o26MKfvTBAlpza3foWvE1uvJJ35QHhx3ypQQq1C4t0Px9W2E3TsW4ctYpIkmfm2ZZDRiMVSwZCR_gh44wnfOqUXvRHSKr1-YGAawfDrdFrPembkdRQQIDAQAB, max-age=20
server: cloudflare
cf-ray: 81059fdcdcc85690-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/turnstile/v0/api.js
302 Found 34 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js
IP
Requested by https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/o2p1//#david.bowen@winchestercapital.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://985s4vtickbz5n0ptk3c.lf7ktpe.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Tue, 03 Oct 2023 13:45:10 GMT
location: /turnstile/v0/g/dffb14d6/api.js
vary: accept-encoding
cache-control: max-age=300, public
access-control-allow-origin: *
server: cloudflare
cf-ray: 81059fc36f7a56cc-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U=
200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U=
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced\012- data
Hash 9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/9DKbiDfWH6ZjHxgSNTG3KHa3ucVmP6rj9MHN3bQn2+U= HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/x1dtg/0x4AAAAAAAKLO_StWge4fa_f/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 03 Oct 2023 13:45:11 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 81059fc5bfd15690-OSL
alt-svc: h3=":443"; ma=86400
108.167.181.204
104.17.2.184
0.0.0.0