twitterrcxvdrhtjvirtuecm.plsener.com/anJldHRpY2hAdmlydHVlY20uY29t
124 B URL twitterrcxvdrhtjvirtuecm.plsener.com/anJldHRpY2hAdmlydHVlY20uY29t
IP
ASN #46606 UNIFIEDLAYER-AS-1
File type HTML document, ASCII text
Hash 30eda0abfaa7cb2a3f3edbf13e83bce8
97ea4a111b44ddc1544e394e40ef5c16cd886fcf
0a75bc4787ed814eb92f26404563ef57864badd45c26a2c4e600a7f63eaa5418
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /anJldHRpY2hAdmlydHVlY20uY29t HTTP/1.1
Host: twitterrcxvdrhtjvirtuecm.plsener.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: PHPSESSID=5a216034c79852dfa5cf952fdc7487b8; path=/
vary: Accept-Encoding
content-encoding: gzip
content-length: 124
content-type: text/html; charset=UTF-8
date: Thu, 14 Dec 2023 16:16:40 GMT
server: Apache
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.6.0.min.js
200 OK 31 kB URL GET HTTP/2 code.jquery.com/jquery-3.6.0.min.js
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File type ASCII text, with very long lines (65447)
Hash 8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 14 Dec 2023 16:16:40 GMT
age: 1967983
x-served-by: cache-lga21931-LGA, cache-hel1410032-HEL
x-cache: HIT, HIT
x-cache-hits: 67, 1244810
x-timer: S1702570601.827795,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2
czqe.kbdsd.ru/web6/assets/css/pages-okta.css?cb=21
200 OK 0 B URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/css/pages-okta.css?cb=21
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/css/pages-okta.css?cb=21 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/css
content-length: 0
last-modified: Wed, 08 Nov 2023 20:47:39 GMT
etag: "0-609aa32aa0b88"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 304
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nWuWjv2KKlH7JtsYb6zhnJWkzgYs79RS334qvFm%2B1INST6RY0Mro%2BBOc1HmN%2BVDqEf2JEhJ9ipMOHUHAedEWc5d5G4jvL1WzMAQLlhJy920fUAECjoii2MslEUaDfs8zoK4K%2Fwfe%2BL0n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b20dd756be-OSL
czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-bold.woff2
200 OK 28 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-bold.woff2
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type Web Open Font Format (Version 2), TrueType, length 28000, version 1.66
- data
Hash a4bca6c95fed0d0c5cc46cf07710dcec
73b56e33b82b42921db8702a33efd0f2b2ec9794
5a51d246af54d903f67f07f2bd820ce77736f8d08c5f1602db07469d96dbf77f
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/fonts/GDSherpa-bold.woff2 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/30GbYz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: font/woff2
content-length: 28000
last-modified: Thu, 24 Aug 2023 14:00:16 GMT
etag: "6d60-603aba5c97c00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hDTf1PNzFPRoe%2FDDgqBRN9nyfKYJcJ6dNOX9l4LytLHDs78R10TbYnKm3%2F1PCPfS08BSO1RDEu78VUZJ%2BJpcHjLc9plQyDoRFw4fuhYDDvq6cmzTclUGdp%2Fev0%2FWzrh4V8G2VJ1MV0JB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b20ddc56be-OSL
czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-bold.woff
200 OK 36 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-bold.woff
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type Web Open Font Format, TrueType, length 35970, version 1.0
- data
Hash 496b7bbde91c7dc7cf9bbabbb3921da8
2bd3c406a715ab52dad84c803c55bf4a6e66a924
ae40a04f95df12b0c364f26ab691dc0c391d394a28bcdb4aeacfaca325d0a798
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/fonts/GDSherpa-bold.woff HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/30GbYz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: font/woff
content-length: 35970
last-modified: Thu, 24 Aug 2023 14:00:22 GMT
etag: "8c82-603aba6250980"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M4ykb1p%2FOmW88mpu9AXOUxu0qiMzPMqkP37fQkn1JzyBSENgUXnt4%2BKbNl4ef5WdCc8byWrXTF6ENxCak%2Bqc%2BlSivBi0w5Gk49Db6rUkbc5EAe%2BAT0F9RPmewzP16GeIhoA3gSgALu%2FA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b20ddd56be-OSL
czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-regular.woff2
200 OK 29 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-regular.woff2
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type Web Open Font Format (Version 2), TrueType, length 28584, version 1.66
- data
Hash 17081510f3a6f2f619ec8c6f244523c7
87f34b2a1532c50f2a424c345d03fe028db35635
2c7292014e2ef00374aeb63691d9f23159a010455784ee0b274ba7db2bcca956
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/fonts/GDSherpa-regular.woff2 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/30GbYz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: font/woff2
content-length: 28584
last-modified: Thu, 24 Aug 2023 14:00:24 GMT
etag: "6fa8-603aba6438e00"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DNVWOtLxR0NF55N%2F%2FWgJkFlRTSm2MiSYWLksngL22rjAvZAy8sqKljWUxOw3rXq2%2Bl52oUfA3hoM4cMaqGT3QJta1ppp4LZoiHbZNk7kRoJ5F9dMhYS4kPNqIwOeuBtWvhWOFPKs5Pe7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b21de156be-OSL
czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-regular.woff
200 OK 37 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-regular.woff
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type Web Open Font Format, TrueType, length 36696, version 1.0
- data
Hash a69e9ab8afdd7486ec0749c551051ff2
c34e6aa327b536fb48d1fe03577a47c7ee2231b8
fd78a1913db912221b8ead1e62fad47d1ff0a9fa6cd88d3b128a721ad91d2faf
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/fonts/GDSherpa-regular.woff HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/30GbYz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: font/woff
content-length: 36696
last-modified: Thu, 24 Aug 2023 14:00:28 GMT
etag: "8f58-603aba6809700"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3754
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yq6wLeNHU01rFMlJevnA8WGH9KWyiY4ZaIrShP6Y3YybXsXmK3BYzD92sdF1sxS3LRtrz01Ux8sw00%2FbWqGAx8weNNuvoHOMDHRBoyUsjGWwK4QPx7gecu2Ha40ymocWEemys%2FVOAIvj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b21de256be-OSL
czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-vf.woff2
200 OK 44 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-vf.woff2
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type Web Open Font Format (Version 2), TrueType, length 43596, version 1.0
- data
Hash 2a05e9e5572abc320b2b7ea38a70dcc1
d5fa2a856d5632c2469e42436159375117ef3c35
3efcb941aaddaf4aea08dab3fb97d3e904aa1b83264e64b4d5bda53bc7c798ec
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/fonts/GDSherpa-vf.woff2 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/30GbYz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: font/woff2
content-length: 43596
last-modified: Thu, 24 Aug 2023 14:00:36 GMT
etag: "aa4c-603aba6faa900"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2LNimOpRWUBOiSIzI7SFIz1KoyjKFHgvxhXUyZTswkzAkBRMHzOIu%2F38ge2Ighx6xk%2F2LIt55hydS%2FypIcHr0PC7x40A%2Fn1lMk39VPuJ9GkF01ivnAKNDujqCumuObU8QJUKlcrXTeyM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b21de356be-OSL
czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-vf2.woff2
200 OK 93 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/fonts/GDSherpa-vf2.woff2
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type Web Open Font Format (Version 2), TrueType, length 93276, version 1.0
- data
Hash bcd7983ea5aa57c55f6758b4977983cb
ef3a009e205229e07fb0ec8569e669b11c378ef1
6528a0bf9a836a53dfd8536e1786ba6831c9d1faa74967126fddf5b2081b858c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/fonts/GDSherpa-vf2.woff2 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/30GbYz/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: font/woff2
content-length: 93276
last-modified: Thu, 24 Aug 2023 14:00:32 GMT
etag: "16c5c-603aba6bda000"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3753
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ga5GIKpovoFJzUpFGxe59CPqqp1mszA19qTo9XGOT2%2FFj3gZyzEnKxQPs6pI0t70atbSxxVrLxf2cGbFIxZ9y83srgEgW4HlhFZWaFA9JC5bnllTv6lKOgQNJgCKxT4%2B%2BgubgUY3E%2BxG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
accept-ranges: bytes
server: cloudflare
cf-ray: 8357c0b21de456be-OSL
czqe.kbdsd.ru/web6/assets/cloudfavicon.ico
200 OK 34 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/cloudfavicon.ico
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
- data
Hash 88415acda09a4cbd9d87543c3ba78180
2dec4705e9ab399efdc6eef36e079aa31d1df8d9
20cccc47c1bac9d2ef36b6a1c58af58c5c169ad5ca084080f0392b86f949641c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/cloudfavicon.ico HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 16 Aug 2023 01:22:46 GMT
etag: W/"86be-6030022068580"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3wkfMfTotNE70tGmuOnTEYiVMQPw2QPc9uCuPunQF1CPthae5qS6twG3BtsvyCVj%2FfhRZOKw8iYh93T6EB%2FnOfZxS5iQCzPVms14OEj%2FkmJa3zK89K6QULC6XqDt9QxE3eGZySwosWY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8357c0b10cae56be-OSL
content-encoding: br
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1086725726:1702566501:_0hNpR3wNivCgGFwFHT2c6FbyiCVTRUEtc-gvtAmQ_s/8357c0b2a9d2712a/0d81cb3f27d215c
200 OK 85 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1086725726:1702566501:_0hNpR3wNivCgGFwFHT2c6FbyiCVTRUEtc-gvtAmQ_s/8357c0b2a9d2712a/0d81cb3f27d215c
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Hash d393948b3c5459c2063e6cceb699d735
0c186a8da5b5774e649d2b3a3dd7920a2c328d76
66245ba34b1f3d7140dce7a4dc44136fb60cc2009aa2d696e3a05c73c035d011
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1086725726:1702566501:_0hNpR3wNivCgGFwFHT2c6FbyiCVTRUEtc-gvtAmQ_s/8357c0b2a9d2712a/0d81cb3f27d215c HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0d81cb3f27d215c
Content-Length: 2350
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: RaQ0U3nyOQFcKdH+h391AJ4ajFM05xlzsB5CLF1LiWa7RcgQZpB1Pie6f6BGDeWsGsqHVNkL1yb/LMBrGeOr5Z6+s0YcI8TYvmaE02/HulFnuWX8zx5ySRFgbAM0CxqDm18XwDlXJ66smJBr8cYL1kW2Ah36h6jFyYSMv4TNZ6rv+2HbJvwVX7P60GSwQBogMAu5G1Wlb5yWMJrFLYx5UWycxH5q83tfqI4jjfv4ZdJ3LN2IUpiT6MrgsPuM7tOnMM1A/lbD76kBEVvXb7/D+Ch7pHsorzi5TKKt10J4/Al3qjuHi3NoAaSbzxdo1VUvAREMu6mXOGrZw4SODQkL0GWQPHW6Qnh8V0s7G2x9MLI=$l+Yn7oSXBLKbKM4GZC3BZA==
server: cloudflare
cf-ray: 8357c0b54ca8712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
czqe.kbdsd.ru/web6/assets/js/pages-head-top-web.min.js?cb=1702570601583
200 OK 2.5 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/js/pages-head-top-web.min.js?cb=1702570601583
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type ASCII text, with very long lines (2661), with no line terminators
Hash 562825da6450692cd08765f4b6c4799f
4e71cdde531495c8158fd3bb612fbe9d0f631b01
e9e5be06cc48310b88d79985e4ac7260e7ddb22c4bc90822f9f8790bdf572fe5
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/js/pages-head-top-web.min.js?cb=1702570601583 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/javascript
last-modified: Thu, 14 Dec 2023 00:17:28 GMT
etag: W/"9af-60c6d357a3d81-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DixJj4toxcZ2h%2B%2BewbPCanF9mL9fBtb%2BCQ9LYV%2FonU4FUc5a0dQt%2FioYTa9sTJOI4cKk5y5sBpTIXozbPFaA5Yg203wNi2fDu3GXk5un1t3gDPgdHA85WgWgmR2SXGnReDRwWT%2BU5kyB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: MISS
server: cloudflare
cf-ray: 8357c0b04c1856be-OSL
content-encoding: br
czqe.kbdsd.ru/web6/assets/pages/NC01.css?cb=1702570601852
200 OK 1.1 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/pages/NC01.css?cb=1702570601852
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type ASCII text, with very long lines (1164), with no line terminators
Hash 65e0573b1d7b11f8cb2870e600055a80
a391668d136753e7f4d81e51f6d12cc1c61237dd
0f1934383ad7770ce8d632d793ac71875e1d1c23a3323495f6d1514df584e469
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/pages/NC01.css?cb=1702570601852 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/css
last-modified: Thu, 30 Nov 2023 21:29:53 GMT
etag: W/"461-60b655a3d665c-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLA938RW23h%2F1tnvsiYJq7xLiX%2BqhJ1JmTH4GjMnsBLtAYWy%2BZ%2FWlVpAb84rkUm9%2BiBtdXWlDky2DzkQG%2Bo5JWgHDqWZlkf1a50z7cfKHCfPJ5gBv0VJCi%2B4kHrgu2MtmGTFCmclbnhp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: MISS
server: cloudflare
cf-ray: 8357c0b1fdc156be-OSL
content-encoding: br
czqe.kbdsd.ru/web6/assets/js/pages-head-web.min.js?cb=21
200 OK 9.8 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/js/pages-head-web.min.js?cb=21
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type ASCII text, with very long lines (9854), with no line terminators
Hash adb8f356f0a2254475fa29cb3fcbdaff
ca9138464b38f8ef9ddf19527e0cdc626ca644a4
f6121cdeea486a46ee2ed3653f7954c97ad5116d2215067d2dc5b5c66e995618
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/js/pages-head-web.min.js?cb=21 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/javascript
last-modified: Tue, 12 Dec 2023 15:06:46 GMT
etag: W/"2653-60c51662d687e-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qs0f0EBBBACVXOTaImRVPXCUHIZnFA0xz1VitPym4nbR4V6MFO6VhZAMDCkmZaHXcbf6MBk9MKWv9FtrmbE00ffGmLqSDKW8YOFtqi%2Be%2B7subJKIhzcNwLpZJb7tUbfUzNqljfRmebuV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8357c0b20ddb56be-OSL
content-encoding: br
czqe.kbdsd.ru/web6/assets/cloudfavicon.ico
200 OK 34 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/cloudfavicon.ico
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel
- data
Hash 88415acda09a4cbd9d87543c3ba78180
2dec4705e9ab399efdc6eef36e079aa31d1df8d9
20cccc47c1bac9d2ef36b6a1c58af58c5c169ad5ca084080f0392b86f949641c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/cloudfavicon.ico HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: image/vnd.microsoft.icon
last-modified: Wed, 16 Aug 2023 01:22:46 GMT
etag: W/"86be-6030022068580"
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 3755
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i3wkfMfTotNE70tGmuOnTEYiVMQPw2QPc9uCuPunQF1CPthae5qS6twG3BtsvyCVj%2FfhRZOKw8iYh93T6EB%2FnOfZxS5iQCzPVms14OEj%2FkmJa3zK89K6QULC6XqDt9QxE3eGZySwosWY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8357c0b3ffde56be-OSL
content-encoding: br
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1086725726:1702566501:_0hNpR3wNivCgGFwFHT2c6FbyiCVTRUEtc-gvtAmQ_s/8357c0b2a9d2712a/0d81cb3f27d215c
200 OK 18 kB URL POST HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1086725726:1702566501:_0hNpR3wNivCgGFwFHT2c6FbyiCVTRUEtc-gvtAmQ_s/8357c0b2a9d2712a/0d81cb3f27d215c
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (18320), with no line terminators
Hash 8262f9e9104a76714e0107ad333e4c92
f826e4ffb0a34d8978249e8f4c63e886eb856301
ae0164efd97fddee09de28ef04c187a0669a9f472328b898c35da50caed244fd
POST /cdn-cgi/challenge-platform/h/g/flow/ov1/1086725726:1702566501:_0hNpR3wNivCgGFwFHT2c6FbyiCVTRUEtc-gvtAmQ_s/8357c0b2a9d2712a/0d81cb3f27d215c HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Content-type: application/x-www-form-urlencoded
CF-Challenge: 0d81cb3f27d215c
Content-Length: 24760
Origin: https://challenges.cloudflare.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:43 GMT
content-type: text/plain; charset=UTF-8
cf-chl-gen: 3ywuaeH1C/EbpOifKWPQKg1LxmS+XBJULGESO8EXz2H4A947VEoRhu6OtuVlhTcM$CBamhCeqI5FUDn5sbuzOSg==
server: cloudflare
cf-ray: 8357c0bf1f7b712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
200 OK 662 B URL User Request GET HTTP/2 IP
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type HTML document, ASCII text, with very long lines (706), with no line terminators
Hash 0e3768726f3fc136250debfc5a775668
8388553b8911455b05774ed98f001cb3831484d4
bfaa144fe3a6b0548a9d17b269ec2bc6856d0099c6539fc00f53dc050e2df80c
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
OpenPhish phishing Office365
GET /30GbYz/ HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://twitterrcxvdrhtjvirtuecm.plsener.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 14 Dec 2023 16:16:40 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jEil8v9LKpLs47V%2FTA5MxXP9CO%2F2wXlkATJoWyAf%2FTo%2B9YJGhkiHs57DaQ015qXawkClOpQh2UEwyXhsUn%2ByT5XQNzS48YILvUdeboPysqBtqp6KCJvDpzo53JmF1SCl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8357c0ac6d5bb517-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
302 Found 35 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/api.js?render=explicit
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 14 Dec 2023 16:16:40 GMT
location: /turnstile/v0/g/74bd6362/api.js?render=explicit
cache-control: max-age=300, public
access-control-allow-origin: *
vary: accept-encoding
server: cloudflare
cf-ray: 8357c0af692b56ab-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
czqe.kbdsd.ru/web6/assets/css/pages.min.css?cb=21
200 OK 17 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/css/pages.min.css?cb=21
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type ASCII text, with very long lines (17014), with no line terminators
Hash 4d38e2ffc538c11f0dca9cb2ad6ca08a
400ca5c484a88f9a91a1d1439e5f51a621ad3eaa
6b14e6f4239ef85c9180a099263a041df2b82bd65a245e72cca365cbd5e88fa8
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/css/pages.min.css?cb=21 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/css
last-modified: Wed, 08 Nov 2023 20:47:39 GMT
etag: W/"4276-609aa32a97ee8-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 304
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f4nXziCONcM8sOvQX0EQJVaKvigrkInJZcEPf0Fw60AGUJUpZywiJfdZ5NIvk7GdBv765zHj%2FD0pUwCSu%2FdmKpJKXYonspdB5z3w1xgBHP4%2B%2FWwwPU9c5mcSzsBP9%2F6yk4SZlpHkO3my"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8357c0b20dce56be-OSL
content-encoding: br
czqe.kbdsd.ru/web6/assets/css/pages-godaddy.css?cb=21
200 OK 38 kB URL GET HTTP/3 czqe.kbdsd.ru/web6/assets/css/pages-godaddy.css?cb=21
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
File type ASCII text, with very long lines (1437), with CRLF line terminators
Hash 0a40b289b9ecb589387f31cbd2807033
dbb02f7d438a952b55cab142749c648cd6417af5
c17e32e67edc46c2720b01a4a716996809ad8335c875f6980319a1440de6c245
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /web6/assets/css/pages-godaddy.css?cb=21 HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/css
last-modified: Wed, 08 Nov 2023 20:47:39 GMT
etag: W/"954d-609aa32a9dca8-gzip"
vary: Accept-Encoding
access-control-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-frame-options: DENY
content-security-policy: frame-ancestors 'none'
age: 304
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o97D0ocIyYQuoSnlq%2BSnBTvZK%2FBPaAvNyrIgqY%2Flu021InmL3bETwaP3v1b5VotVBMQ2sCDetXnZEcCkIZRjovPSM%2Fp%2BjzLRCREjNTOnh3pnogVsgkx3Rq77U1yjC%2BYT7lI81JgHveQM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
cache-control: max-age=14400
cf-cache-status: HIT
server: cloudflare
cf-ray: 8357c0b20dd456be-OSL
content-encoding: br
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D
200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced
- data
Hash 9246cca8fc3c00f50035f28e9f6b7f7d
3aa538440f70873b574f40cd793060f53ec17a5d
c07d7d29e3c20fa6ca4c5d20663688d52bad13e129ad82ce06b80eb187d9dc84
GET /cdn-cgi/challenge-platform/h/g/cmg/1/ew4g0I%2FZYomJh1e75pupA0WLfHDXy%2FQKEyLTEDfnNN8%3D HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: image/png
cache-control: max-age=2629800, public
server: cloudflare
cf-ray: 8357c0b32a57712a-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/turnstile/v0/g/74bd6362/api.js?render=explicit
200 OK 35 kB URL GET HTTP/2 challenges.cloudflare.com/turnstile/v0/g/74bd6362/api.js?render=explicit
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (35161)
Hash c5be9ddec1fb2d060cd25e1d339e9fb2
8bacc1dd0464a204dccf9e925fc72e1d04f2c4e7
fd9ac3177195b3d9537e0cf71222057ec70de67715715b570a80287ba78c8d3d
GET /turnstile/v0/g/74bd6362/api.js?render=explicit HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://czqe.kbdsd.ru/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 14 Dec 2023 16:16:40 GMT
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=31536000
vary: Accept-Encoding
server: cloudflare
cf-ray: 8357c0af996c56ab-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
czqe.kbdsd.ru/30GbYz/myscr972580.js
200 OK 77 kB URL GET HTTP/3 czqe.kbdsd.ru/30GbYz/myscr972580.js
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerLet's Encrypt
Subjectkbdsd.ru
FingerprintCA:1B:25:15:E7:43:FD:7D:F3:BC:AF:A5:14:7A:76:E7:12:B3:B6:18
ValidityWed, 01 Nov 2023 14:29:21 GMT - Tue, 30 Jan 2024 14:29:20 GMT
Hash b70e7583853dd1d95628b5d67947b25b
96a9ed223f2b7d06c1aafba8f7d754e287505f80
8f8e799c7075f83a4eed649d4fcd080a0cb198fdbc5cfde5562dc6ae61722456
Analyzer Verdict Alert urlquery phishing Phishing - Microsoft Outlook
GET /30GbYz/myscr972580.js HTTP/1.1
Host: czqe.kbdsd.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/30GbYz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:40 GMT
content-type: text/javascript
last-modified: Mon, 11 Dec 2023 10:00:38 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3754
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7uU1ai0yg8d70t4ECb30LOz9YndqxaZjLksGGjVf1jS7SasM7xZLgLztclAAPI8E6nvuhewSoeeWdGlAyvHSVn8AmyHu9O9L79FqNHqeOljyJWE046l3N4nL0V8VKAlk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8357c0ae5a6156be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
200 OK 75 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type HTML document text
- HTML document text
- HTML document text
- HTML document text
- HTML document text
- exported SGML document, ASCII text, with very long lines (40811)
Hash fe0d03a1539eb91d91255b1d1ec5b2f0
bc78511ecddf73e2bd21b01d8e21ba41f911d320
071cde93fb6f9be20c424f754e2bf5bd660da4351c92abe8f032213f7657ad86
GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: text/html; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
document-policy: js-profiling
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
server: cloudflare
cf-ray: 8357c0b2a9d2712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn.socket.io/4.6.0/socket.io.min.js
200 OK 46 kB URL GET HTTP/2 cdn.socket.io/4.6.0/socket.io.min.js
IP
Requested by https://czqe.kbdsd.ru/30GbYz/#jrettich@virtuecm.com
Certificate IssuerAmazon
Subjectcdn.socket.io
FingerprintBB:7D:4E:26:70:F6:06:2A:12:E9:92:A8:F1:9F:CD:82:0B:BF:48:ED
ValiditySun, 22 Oct 2023 00:00:00 GMT - Sun, 17 Nov 2024 23:59:59 GMT
File type ASCII text, with very long lines (45667)
Hash 80f5b8c6a9eeac15de93e5a112036a06
f7174635137d37581b11937fc90e9cb325077bce
0401de33701f1cad16ecf952899d23990b6437d0a5b7335524edf6bdfb932542
GET /4.6.0/socket.io.min.js HTTP/1.1
Host: cdn.socket.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://czqe.kbdsd.ru/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-disposition: inline; filename="socket.io.min.js"
content-encoding: gzip
date: Sun, 10 Dec 2023 06:15:59 GMT
etag: W/"80f5b8c6a9eeac15de93e5a112036a06"
server: Vercel
strict-transport-security: max-age=63072000
x-vercel-cache: HIT
x-vercel-id: lhr1::vttzq-1702188959544-7aadbf18ff0e
x-cache: Hit from cloudfront
via: 1.1 0d795eafd076030e534112fa223d138a.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN54-C1
x-amz-cf-id: YdDvKlVjtMlolYM1LwuK-UgT6oe9ZEK0UNeo_IsNiffF9TIiGFbufQ==
age: 10710559
X-Firefox-Spdy: h2
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8357c0b2a9d2712a
200 OK 173 kB URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8357c0b2a9d2712a
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 173 kB (172563 bytes)
Hash 473e16668df8fedc7975774793664d1f
9a5885bd88e09f915dfa468556e8ea8cbaa722c1
9b23ddf6d42b42f0c4a92372461c3a74f7c148ba1bcdbaaab30c8cc464ded7f5
GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=8357c0b2a9d2712a HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:41 GMT
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
server: cloudflare
cf-ray: 8357c0b32a68712a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8357c0b2a9d2712a/1702570601817/9N-YK56dXs9RX_R
200 OK 61 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/8357c0b2a9d2712a/1702570601817/9N-YK56dXs9RX_R
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type PNG image data, 17 x 28, 8-bit/color RGB, non-interlaced
- data
Hash c9f63c48390d01f34f2b25a8174366c6
8758574e95410288295dd2207804ce76827f4fb5
a6224b59322098a4b8b58a70335863198298e80e24d7f502904f0912b530a3e0
GET /cdn-cgi/challenge-platform/h/g/i/8357c0b2a9d2712a/1702570601817/9N-YK56dXs9RX_R HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 14 Dec 2023 16:16:42 GMT
content-type: image/png
server: cloudflare
cf-ray: 8357c0b88fcf712a-OSL
alt-svc: h3=":443"; ma=86400
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8357c0b2a9d2712a/1702570601819/400f44c21f603a15fb02052a3fa8818ce6c7e5f0555ea6d247e41aa74f76c8c0/SpAEmbYabQv21l4
401 Unauthorized 1 B URL GET HTTP/3 challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/8357c0b2a9d2712a/1702570601819/400f44c21f603a15fb02052a3fa8818ce6c7e5f0555ea6d247e41aa74f76c8c0/SpAEmbYabQv21l4
IP
Requested by https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
Certificate IssuerCloudflare, Inc.
Subjectchallenges.cloudflare.com
Fingerprint5F:E4:AA:8C:2E:24:D2:B1:69:9D:13:28:31:5C:65:FA:97:2A:E9:6E
ValidityFri, 18 Aug 2023 00:00:00 GMT - Sat, 17 Aug 2024 23:59:59 GMT
File type very short file (no magic)
Hash ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/g/pat/8357c0b2a9d2712a/1702570601819/400f44c21f603a15fb02052a3fa8818ce6c7e5f0555ea6d247e41aa74f76c8c0/SpAEmbYabQv21l4 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/8j59a/0x4AAAAAAAOa82KLtkH60ZOT/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 401 Unauthorized
date: Thu, 14 Dec 2023 16:16:43 GMT
content-type: text/plain; charset=UTF-8
www-authenticate: PrivateToken challenge=AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gQA9Ewh9gOhX7AgUqP6iBjObH5fBVXqbSR-Qap092yMAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAi81viqm8HF2343klM9RTAylthIKjJih8APXOluTDLxIZuMjO04XRqsQ1oQhgjFF6Ym3fInAHu2nm6kQ5qUIELtj3yYs6t5Bl-cJk6uE-LptDrBDjf5I2Wea8UIQSCl0YHv9xE1U7e7bOaFZaiLgroLwNMcrf0auwADPUbrUiJgSX1r8AyXsDbu19GHI1X3PaoFXyzQOLyKu3jnTmREhe7q1qnQi9ZHu5SAknKHjRdArvwma3tWftzV3YRbdnUZbF62HT3dsSdvM8iEGT3eXYYwTOeu5CPa9f9qbH3jxpDGxA7Vqz6QdMItnzsoxvMFNOnKHa5udN8ETzPJZiJFrSfwIDAQAB, max-age=20, PrivateToken challenge=AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tIEAPRMIfYDoV-wIFKj-ogYzmx-XwVV6m0kfkGqdPdsjAABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t, token-key=MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEAyAcIyqXWj0XAym0z5V844rFA0WOzLVwj0uCwmVj6zC4qOH40oBiGHrMNMBnDyk95jvnBAuHeEs855e7nA4l4DPJ4jUWKZbua8BxGAzjn74A1BV81a52F1zvBPUm-VEJXPAPXQehXphSv51uR7HKtfcM5oaS33TGDSy-6xv0r84xjMuTBvwPgXGehxpi1MCGGE5yWkzKN5Zzllk7m6Nkiv6learV-Uz7tzaoPbdZkBk1bFXxm2q07jWavoBZ-JEuEJyjQ00PSTz2Zjpbct6AlR3eCS9sbmXtb5XxSs7JMsvoa8uojD7a5m2SEJIwaf8xKL6wtxkaPonUfvsLj4JoJZQIDAQAB, max-age=20
server: cloudflare
cf-ray: 8357c0bd9da8712a-OSL
alt-svc: h3=":443"; ma=86400
192.185.147.63
104.17.2.184
0.0.0.0