pta-palangkaraya.go.id/email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc=
103.139.175.15200 OK 0 B URL User Request GET HTTP/2 pta-palangkaraya.go.id/email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc=
IP 103.139.175.15:443
Certificate IssuerLet's Encrypt
Subjectwebmail.pta-palangkaraya.go.id
FingerprintCC:F5:D4:2C:28:99:B5:E7:07:95:CD:15:D0:4D:F8:7C:D3:96:1F:F8
ValidityWed, 24 May 2023 01:43:10 GMT - Tue, 22 Aug 2023 01:43:09 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /email/verification/sf_rand_string_lowercase6/c3BpbmVAY3JzZC5vcmc= HTTP/1.1
Host: pta-palangkaraya.go.id
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
refresh: 0;url=https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
content-type: text/html; charset=UTF-8
content-length: 0
date: Tue, 30 May 2023 12:56:36 GMT
server: LiteSpeed
vary: User-Agent
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/styles/challenges.css
188.114.96.1200 OK 2.7 kB URL GET HTTP/3 bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/styles/challenges.css
IP 188.114.96.1:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type gzip compressed data, from Unix\012- data
Hash 9816e313faf220ea079ca8d18a8adcbd
e6e12142b69fa0de2595aaf68d6fa46dca8c98b4
a24a05de7d3fe5e71f73eb37ce9f566d60b6398226e7dbc13b917bbc25fa0ba9
GET /cdn-cgi/styles/challenges.css HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:39 GMT
content-type: text/css
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: W/"646f1ea7-19c8"
server: cloudflare
cf-ray: 7cf7237199f5b500-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 May 2023 14:56:39 GMT
cache-control: max-age=7200, public
content-encoding: gzip
challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
104.18.6.185200 OK 16 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit
IP 104.18.6.185:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (15748)
Hash 2a1262ba5cd32899831d483322a28dd7
3805876db8773ed5820043e1f39b0b6c049f61b2
2e1e45b1d429b2d703676139932fe97b7ffc7986e6d0221653a7404e4c3032f0
GET /turnstile/v0/b/938e2b5c/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://bebgwrcinz6447038be816b.thejaq.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf72372883bb51d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/803010435:1685448469:N7DCL8DXpecU3L2oXYApGknRhydXGNQTqlgc_pF3Pho/7cf723703b470b39/c51e9cf514c38e2
188.114.96.1200 OK 7.4 kB URL POST HTTP/3 bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/803010435:1685448469:N7DCL8DXpecU3L2oXYApGknRhydXGNQTqlgc_pF3Pho/7cf723703b470b39/c51e9cf514c38e2
IP 188.114.96.1:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type ASCII text, with very long lines (7400), with no line terminators
Hash f4662dd876f0bb811bbbbaf38f30b12e
b980cf59018bca207e8b6090dc754b3e3e640215
51c766468af9e56f7bd3a17c4bdab9617d07d4f2b7f6501af4aa6a634c5459f5
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/803010435:1685448469:N7DCL8DXpecU3L2oXYApGknRhydXGNQTqlgc_pF3Pho/7cf723703b470b39/c51e9cf514c38e2 HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Content-type: application/x-www-form-urlencoded
CF-Challenge: c51e9cf514c38e2
Content-Length: 1818
Origin: https://bebgwrcinz6447038be816b.thejaq.ru
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 5kwMc0ziTmc8qGXu6YgUXsSKsh2yD488ViaKpaoB7ol1mKVqR8sYO3i+Qg+BEpjX$DFi3o2ABZlzlHJJFsrZUsQ==
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVAEpwx19yExGI3h5v66PHrYIhBAdcoU0x0Zp6td%2BYSSvpmBBHgTQDnVdbqZfcoCFves6W5v6dSB7wcEeZq%2Bbp%2BCN9PdukaCIp33Ug%2Bw3wK2Z2mXo42mcvKpsmJSxReOMTMYZJdCy79Zyuw2lX5%2FWK43B%2F0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cf723731bbeb500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cf7237368c5fab8/1685451400598/TsJpa29LU4tIZEi
104.18.6.185200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/img/7cf7237368c5fab8/1685451400598/TsJpa29LU4tIZEi
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type PNG image data, 46 x 45, 8-bit/color RGB, non-interlaced\012- data
Hash b7b89375437bab325a12df7aa96fc237
e4b497c043e2d732c40d405139d80b9bdf09589d
d57687deb7fd7164360348a6f1581b4eac2526e309be3572f3f2e5b14c8348b4
GET /cdn-cgi/challenge-platform/h/b/img/7cf7237368c5fab8/1685451400598/TsJpa29LU4tIZEi HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:41 GMT
content-type: image/png
server: cloudflare
cf-ray: 7cf7237ccaa8fab8-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8
104.18.6.185200 OK 13 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (13264), with no line terminators
Hash 5e0e776cc7f545b6cc46a334d3f4d84d
fc57fb99a9c2d5e930e25ac36c00dc7fe4c3ba08
0d103452c6a0682c568f758cf14027a4c31762533e99d13f47dd303777aa6f54
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c67bf9ff86c5dd8
Content-Length: 19158
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:41 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: U+7QdzdAN9VZwVg2EqwyHWI+06UCvF/BX7kSI9pz9BhuMCYbeAtUXM+i7eeEe55R$PZjtdCEukGCzwDqPuzc+cw==
server: cloudflare
cf-ray: 7cf7237d9b62fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
bebgwrcinz6447038be816b.thejaq.ru/favicon.ico
188.114.96.1403 Forbidden 7.0 kB URL GET HTTP/3 bebgwrcinz6447038be816b.thejaq.ru/favicon.ico
IP 188.114.96.1:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7199), with no line terminators
Hash 58d36e0010b91b74b38806d872a3ddc5
ff5ed0f0c8112622e050e978a1515088072723cf
3277f5359441b67e2c67a2d548d227aa8ec77f80b62b65508988ff41ebac156d
GET /favicon.ico HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wUw7dZvahqh%2BNgNPp6QnI76sdRN96cQ84xBhJVDdwLS3zkBOm%2F8nx7%2BQNB%2BRjWr8im%2FCA21y5Q%2BngfyqO84lMQQngco%2Fm9NjWCj4zuz3dJ224UZ7xBt71JUkKUjnh82I%2FRHzlqaNoylTi%2BxikH4ayX3nLlQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf723720a7ab500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
bebgwrcinz6447038be816b.thejaq.ru/favicon.ico
188.114.96.1403 Forbidden 7.0 kB URL GET HTTP/3 bebgwrcinz6447038be816b.thejaq.ru/favicon.ico
IP 188.114.96.1:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7199), with no line terminators
Hash 4c37a6bac9c333abb7d215e6f8b08ef9
f4601137723edfdb68d51469be11c0e34433d48d
9cbbc961833a7e93f143a3cc3f7ae7517e10b60433c29ff963bac568db83b490
GET /favicon.ico HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 403 Forbidden
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LiH7yUZOv2v5xN%2FMcWgzdiYV%2F5tnjSClHXGErGC%2Bg0eqrC%2FWlb67iR30V%2BJLBmaVtvD4g%2BdUplaDDy6Z3%2Bj7033exCZDQUHuXHtmDc%2BJVaGVSYrigJa81uzmC4LZDmJcskRXiaydDLiLYlsCbfmKB8B7Cns%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf723726ae0b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
104.18.6.185200 OK 24 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
IP 104.18.6.185:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (10899)
Hash 82bfa27aa1af0db9fa237ef7375dc8f8
f4eecb0bef79f09ac5145a0fe8be6deb88664c85
3a67d4a52679ce8e6956585ec7edaab422a3aa7874dc9627f3a517dbcab0a52f
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate
content-security-policy: frame-src https://challenges.cloudflare.com/; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 7cf7237368c5fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7cf7237368c5fab8/1685451400594/3ee3538735b6fd65b10f3260fc4e807fc098d774f5967fc7753f983f4cab5c42/lteLcxlThKZSKqB
104.18.6.185401 Unauthorized 1 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/7cf7237368c5fab8/1685451400594/3ee3538735b6fd65b10f3260fc4e807fc098d774f5967fc7753f983f4cab5c42/lteLcxlThKZSKqB
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/7cf7237368c5fab8/1685451400594/3ee3538735b6fd65b10f3260fc4e807fc098d774f5967fc7753f983f4cab5c42/lteLcxlThKZSKqB HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Tue, 30 May 2023 12:56:41 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gPuNThzW2_WWxDzJg_E6Af8CY13T1ln_HdT-YP0yrXEIAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEArTdvs2-VOeG1gRYSu6le9W8rphJ9hC05duH2SoyJxZcID7eB4pDegSJtNqv3OQbpK4Q95bHTqsH89BCAXLJI-Vt7ySrpRthX6rEPu-Vj7WesutfG-4HKj1HyDTGqAY6a7ewvPAO1MgMa2r1_gzOPEXZzJhEKT6UdIT2kff2r_Ykjw0jlNmXk5cDvIskrZ85GVfUW-rn9g1PLXw9OFhNDD6DD2EiFfNdypws_NYvMuOAHcmAxJlEJcf3CR8kfcZax5XW2G8thhT80V0huiKzfxYVtQL5b4HVbTcNvo9O7UCIklef8agJz95n7nyDUn68MLaxbYGJ0kAASzeN5eEb55QIDAQAB, max-age=20
server: cloudflare
cf-ray: 7cf723795f5bfab8-OSL
alt-svc: h3=":443"; ma=86400
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39
188.114.96.1200 OK 155 kB URL GET HTTP/3 bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39
IP 188.114.96.1:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 155 kB (155392 bytes)
Hash 1050c55efeb0d1072e32d148182232c9
acbf7f75df8bb78cb7e5bca2e3fa13348a0f8e37
3847cbca9364eca51cd0aa57b20c0b5676359ea352136a5de0a336d3c91c9330
GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=7cf723703b470b39 HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org?__cf_chl_rt_tk=E3TUif.pAk4pPoKnYB0zQYMVT6aaHAAqtKiUXfnMrig-1685451399-0-gaNycGzNDWU
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:39 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k6PFGnHF6PT%2F1wYkOo7d9ylv3QCYi8W4E88LNirC7hk3%2BAvVJ%2BM8v%2B4Ha%2BWtnS2F3tKCSTqrsxrXEkZtPVgcaKePkR2JrOBOyq44i4DYzhijgQZHH02Ishb0IZhGTnIDkVgpwoRE23HpGbRO9sd%2FSyPN9DE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7cf72371da30b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
188.114.96.1403 Forbidden 8.1 kB URL User Request GET HTTP/2 bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
IP 188.114.96.1:443
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8217), with no line terminators
Hash a5d674c1edfa7f80eefda0b3ca98d36f
12dd312d3d19121a3e0d845e206436eac285c489
d6999e0adf4b823334f80eff8a0cd47252782cfeae584abb3901691719aa4576
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /Mspine@crsd.org HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Tue, 30 May 2023 12:56:39 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pNKj4wzHbRz98hSC4YhFXLQoMhkOgftPmnAkcsNimNBY%2F06Lw0zb692qeAHEoO3iqLvPm1ZBf1CYzdWif5Z9LOFOyUf40pjpR%2BaMSHXFx53aaXvEOPX2Axi9ZKQfvuPnsfsYbwPE1f%2B403nUZyPNLHFCE%2F8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7cf723703b470b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8
104.18.6.185200 OK 162 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 162 kB (162457 bytes)
Hash 4b285b219d4fd12d8c43df56f31109d4
a78d58ea481b9754a664b0667a0e83635c1b98b8
e7d9e897099e5c74eaed1dfbc20f98c53ce9d49d029f92ec1ffbfe483f174774
GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=7cf7237368c5fab8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, must-revalidate
server: cloudflare
cf-ray: 7cf72374297efab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8
104.18.6.185200 OK 117 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8
IP 104.18.6.185:443
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5C:7B:D7:57:5A:53:A4:99:8E:1E:5A:C4:58:30:7C:2D:6C:D8:3C:C5
ValiditySun, 18 Sep 2022 00:00:00 GMT - Sun, 17 Sep 2023 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 117 kB (116908 bytes)
Hash acc3f1bda806105f040ab9b9fa7ce0c1
893717ca5074aa2c25fa2aa81f450cba1521f9bb
017c4a0192f00220190a95a87c770056593df9002d53f27b006fdb1e3d688d8a
POST /cdn-cgi/challenge-platform/h/b/flow/ov1/113171649:1685448566:AWodPxm3hr0RuqVC2sQG6SndOxUjrYZ7u1UaNPEXlxI/7cf7237368c5fab8/c67bf9ff86c5dd8 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/840ss/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: c67bf9ff86c5dd8
Content-Length: 2774
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:40 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: QKlFZtC4kiwNBOEjQewlVMTZe4isBoyYNJS0LX62+M/cwEuvKLi0rajuP2snnzw/t4BlatzHLWDrmrWPChkBN/bc3nFXDLCMmvU/8wLJAPwVIOY3SGpCPpXmVPBVTl3JL2VelPIYn9HwhF4hrVE/BoahLzX/xhiGqaY4k5VBx5SRMKRU6gKdRPhR7rzwHCCdXwXTsJhjoDcZGUADFhEKnYBF784iO1f0ogaSKUI/O/AhAGIz4h07Lyb9mz25ixbv3yZv5IoVqTHHdG5Z248wjBLJawGj0FdBu3ipmni3nnYaON1ZtRIk9lbFJPuqoZvxUZMj+zdynFxpcwX0miFvXGSZaXEM6cTSZ0ulM+VnwFi/yHzrYbkkp1HvMRC29HR+5Cuk9UXBtQcpiWm6KkbiVEoXCbJS+1NvWCGVO01LNQtNFJAtTe3s4grOMdBDV/rD9VuHzq98QER53BZAURU5DA==$ASExGRbUvSJOGTz1v4YrAg==
server: cloudflare
cf-ray: 7cf723759b93fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cf723703b470b39
188.114.96.1200 OK 42 B URL GET HTTP/3 bebgwrcinz6447038be816b.thejaq.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cf723703b470b39
IP 188.114.96.1:443
Requested by https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
Certificate IssuerGoogle Trust Services LLC
Subjectthejaq.ru
Fingerprint4A:94:88:8A:22:C0:C5:97:8A:8A:92:81:44:7D:28:E5:8D:03:7E:5D
ValidityThu, 18 May 2023 08:29:58 GMT - Wed, 16 Aug 2023 08:29:57 GMT
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7cf723703b470b39 HTTP/1.1
Host: bebgwrcinz6447038be816b.thejaq.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://bebgwrcinz6447038be816b.thejaq.ru/Mspine@crsd.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Tue, 30 May 2023 12:56:39 GMT
content-type: image/gif
content-length: 42
last-modified: Thu, 25 May 2023 08:39:03 GMT
etag: "646f1ea7-2a"
server: cloudflare
cf-ray: 7cf72371ca18b500-OSL
x-frame-options: DENY
x-content-type-options: nosniff
vary: Accept-Encoding
expires: Tue, 30 May 2023 14:56:39 GMT
cache-control: max-age=7200, public
accept-ranges: bytes