guatemala_bulk: Cloudflare challenge cannot be circumvented

[jpmckinney]

We need to ask Guatemala to relax the Cloudflare protections around their API endpoints.

It 403s and responds with:

curl -D out https://ocds.guatecompras.gt/files; cat out

HTTP/2 403 
date: Fri, 06 Dec 2024 18:08:26 GMT
content-type: text/html; charset=UTF-8
content-length: 8801
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xTi0I4+F9CySg9eB+q/5CT1Yy2Re/ieQWJtPqGmHB6Vhlc5fRtkIbyUoOEaKqTDdurTtOpUwSLmluqQ0wiydtjKRbIGPtH/KZ8G4LWsge5a/kFDmuvJ1JfCi4LTF3BcrRq1kNNDeoUSQVKlnRQDrWw==$msu7SB9nK/dzUBMM7TA3jA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
set-cookie: __cf_bm=WzSSPkUjx5DrRFZifFS9ukRvbtu9Jj9dpqxal9Vb0Oc-1733508506-1.0.1.1-mq.8jxJJmM4Gh9hlqThmcri1Stk3lJT8YDp4wtg87WO32XtyxzH19IDWrcTWM9WgVwO8d3fJZM2a.W6twKwpLg; path=/; expires=Fri, 06-Dec-24 18:38:26 GMT; domain=.guatecompras.gt; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 8ede38a829678d50-HEL
alt-svc: h3=":443"; ma=86400

---

<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;max-width:60rem;padding-left:1.5rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{font-size:1.5rem;font-weight:500;line-height:2.25rem}@media (width <= 720px){.h2{font-size:1.25rem;line-height:1.5rem}}#challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgMTMgMTNBMTMuMDE1IDEzLjAxNSAwIDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjQjIwRjAzIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}}</style><meta http-equiv="refresh" content="390"></head><body class="no-js"><div class="main-wrapper" role="main"><div class="main-content"><noscript><div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "ocds.guatecompras.gt",cType: 'managed',cRay: '8ede31fd2efaa2c2',cH: 'h2mzox7IftSOv.Ap1Qg2ZALej_VGRhbNRAMfTu8EulU-1733508233-1.2.1.1-Dgk2Lj.Wdlf6SizB4CfEyifVNcVQVMo4Tne6yMkhZgSPzik99v4e.8JBVySFINhM',cUPMDTk: "\/files?__cf_chl_tk=jUKm8GMaCwn3LkpEHEg7L.2bsv29jcfJ0qnYyCHoad4-1733508233-1.0.1.1-DQXBe8dyNr8.lwItbBKzmdHBAoKAwL30NaISMiR_XxM",cFPWv: 'g',cITimeS: '1733508233',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/files?__cf_chl_f_tk=jUKm8GMaCwn3LkpEHEg7L.2bsv29jcfJ0qnYyCHoad4-1733508233-1.0.1.1-DQXBe8dyNr8.lwItbBKzmdHBAoKAwL30NaISMiR_XxM",md: "2WZojQPJRlM7.Uw7I0K8cDD7IgAK6B8Tf.A8XrMkqfs-1733508233-1.2.1.1-Yq2c3wBqbklYr3u.KNmtHGD3Op4riKYVF3do2iy7Y6VpoobY8cAz0Qkx49JMQ9b_378KqsN3XxP5REk.XwsLyzdhBdUf9IY4MW0tp1xUlWldwLk88mrJ1Y1FU6Py0hax0eXaVPyvGRfgnRok1OCpqnPJSImtt3lZXpGoRKEzJb9qWQHnDo3md5gwtY9WG7i5mpX1Te.aF5seqlDUEPJ0baTs1vuOI0Ra5jI7USfCe0Y03fJxtrP_Rc6Vtb7vekxcK1vZFQZhNnhUovQDETErc1N.NyebLzkktem_5RUPddNfHZ738f4PH3wsD_V3GCq4dyxBpVNBUhH32FrBDR933_GC19_sKcK9gIyZEllE7SqckuFTzBzQAGXe_ubJ5XfkUB9QYDq0R7z0hhjst7pn9ZXGoGxBqfbxuiH58ZD832Psz2KlZzEy_hpJhcsgIkUTAYgpS2hTZY5d.AmdzVOgWRN11SUJ9LMKTNZvenH8vGytbAVDsmDpP0CKxgu1bFXQmEB5_8FZU6d_aI9z8q_Y45olJV1bykCzNy11EfS5VvuaJWs5VT3CBiUd7ImISHml4HStj4ZMgL7a5cuVA2j77fpmYAupBn0DHWC0._CCnXeCX_Q6Aj88po7_.l9SVm90dQ01ein5ly79NxlON1t9CNsLY9dd_t1_KUgvA29qSLahBZqshwYjY5VlsVD2phKMfNBIRdVVq6EvJrk1VgiNWFxFCBaX02756QibBGHxzvTXBF5Ekfv48LtgTDQit.Sr01aFPfkoE4dRGEeneGjAwGrdai21o6xDUYDCeHn046NI2lCTpOKRCPlYbU5S1Pp17LGQdu.VB3KWEc37OtcsCc41k8XAUM0q7Dp9lqL2dBfOwQ1s61Run0IhFocF3icSFGyrWjgrlU.mX22XCcGzCK0UiBmTeM2n9O5NHLOEZN6J4enjxcDdO_KArLebrpUHlbiX9cBmqMx5QbclQyHu6x2ESwlhzP87wuaCblLbhr1GAsJfE3BBVOl9cIPsGBVfvMFZylCqaJvpzZ.FMyzb7raWoRYpv0wAOHZedzZ_byi5YoG0k21L0FpK77rIr9Hb7XuA7nPsgSUdFl9tSPwkA4lpWXTJfYE9Q7TXsJfuCQF_z3XdSB6EB3NSRss22_HHoeBUWiw5JJtN5g1Z1_LxlhCavIy7tiPWzxwBahZXRScASqpYHW3wxNXBtA.tzHp2ZfNqopTO6_7LmexCbkzssfMOIwoJsEoO9HW4FIMLZl2X3zvFf3XvAwlvczqeEWnaCzYlJ44qD_fMuKV0JNbBj.iVcwKEKqH6nTABApS9y7vNonbr.rsNJweqdYWxQMHnui7X.1aOwYQvBju802zYIuojqTuHF0jivfuaoGHk2_ecM_EXM5.0D8XCQ_7xkemRJs4rtdbIMYqKh4DJzVrTdXwOoWUbZXueefctrM0Pm1AUFB5_3QC1PsnBzVkCpNA2d6N2DrsrJK69wri6V2_o1Q4iGZErtfomXXwo4WbXJ59FWoI0Uicc2Dq_H_qF_qtCpL2T4LlG1Y5oO9.0lzOh6R8_MK3GIjuQxKTpWm75CxzFqpy.Z5.VFtufo17a_wWBkl4vDPEEVUNvSIwZ8oOyZmLQ.r7E_b49k6ZTXM.wIPw8NpOBuipcKDKob_77oh98DrbH4h6uyNGftfvr42GhQX0TNu3.yhqvyjQdP.DR.gaBBrXkHXOBaZ0tZwBvc8pyPv4_V_hh4P0h6lxBA.d9oJpoDm.PJOxih0gop5i7zj2iFaGZNaY3RyHC1ys7T84_Jg.DulLtOZV3Vgky75Udb6ppibhHA6U80JRe7AHuaA6VYRInJJvw9XMzeZscmbcpE5g8nSeH0YxmILffI1sFmeukQ4JscCTL7qHAzRKgqPHJY.Luied8mLOF5e7HsUcbwk.fZc8wm8txnz0gfQC3Tkq1lVC0YgG0l2n7UNNBOktq9tHt19Tztt5.Vql2cZFkBbzMSBpY2DQSW4ExlEeF5NK8Y3twS4tGJDT09lLiLwyCGBFbgGgLQXDD1jcLDFEvZlX8GTOA5E4t6LzQyqr6V91crQriuvPgrLDPd.n3.cn2v70uGRmRrNB6JGH8u.LrL_SorWXcBP1m7gXbluDLCxQKGaBZ56Zor929McgjtnyCAHDCFBtR9SoIiDy66IaD",mdrd: "WQY_ec7KmQlFyoUuLUE0NBz8LU6XxmCKpTjePijGNJU-1733508233-1.2.1.1-M4IU1TQiMnL.21GU7DvgfS7LY4d52p4tUlxGYw8cZCCtzu5OZYFvlFMOVHKlnNregz_qb0fefCoP9quh1zS6pvYPNBDNcyQU2yamOeFGlCqIHoClrhWrDgOKe5surf783b.6P1m9HcCFxRuwzCJNHAziaVzye.S8aMuGV_FIUGS5DYhyB_TghX6bmQ0ETNK2EeWrcF_NcQ7ugbREM3BVD6U6TNbGnH9EKRQMBTQlFK2_zIX_ERn.CZ8.plSeoJbgymND6h0wa3n9zITtiwGB12xP4aZHdU_r8UyMLq9C.cMJZrjzVfwz7rmNk9d.DPF6b_gKhXxOO_G9_vL7ACLcakxs7MvmeSEnoNLZxR3z1ozX5X4ZC4K1nDlHe5EwawiIG._H8.GR3VuC96p5.xVmGUwk_AVYuvOjvoCyAb2iAi_XVigXUZ2O2BbKSLyjeOQNVjVlgUzevzTZCbqMA1mNvZi.clFmLs5KRXvSFec4BjIrqGArKXI9_VT7mh8WDMd8w5QEYm.uT2BKK3gAjLLDTIUXtm0Udz6SB4NpYBhRWZv1vVG63rZNPn875vfNk6U41_cbHEMOe4MIzSjF2ZdMp5IHnRxV0Pm6I714nH4Mo4Fn0yo_8lgK3kZBl38aPlFNiFc6sFTzpe0g5tcnoBXJ_0Z8mVprXm2.Bgs_mN2xQCui6BNHLbfCMluRxkmrBk2jMlnTgjHCO7r7RwQEhqTzxffhg07YKRTcg4sEA8.xNOYnxkdwBeyA9ntU2PhA5u6KEq.XT4Q2aeAy7hA4QTzXzbUN2zGlLwFG0XYOTnySmA2GTnv44K_Sn.XrNMhfHK1oYFuNyd_0NziR.PFXW.p4IE8KXJ8n9U66BOrwShlnnOWf_JJ.rhT7U26a1eqAGKoPCQuzb2jYMgHmWj4ZjKVK..rZ5WLUmYGd71AGD1UXqSR9sH_jzOZBBzLnjIY4xg3.Fwr1SjsAH2dxp98PUWMmb7G6Qslc3_oi.g.qO_ku12tABJiZ1noBPrdKgbwJ_QV78okh2t_.hqgqKU6mT8OarytohSV_vxN00Uct1.I.0f8tOX2j3gKnO1BlWyAaB6eNmlfi3CALXnUHldNGQogbuWH4eqWG1elA0Xrg4VCcUWQSUmceNjn5ZnWPrithbgx.liLGhzLK5D5szafUe_.W9yk4oqQ8S9spy1v8WXFd01jDSO_Vm8_d2IGJIohICceiY6RyebM4oH_jhFmll87krqjcWKOqtHqXcuSLyZLnkVrudYj0BHpu0AaDowTisJj0tqErXXEv8VQLhMTQHzttYW4gE713XLuWeO8lX8ZQc0Hsj1yR8M3jwQhj8q5s6v5jwEdQkMafTXpv0z58rZbFy5tAmPY8xHykoXJwXvJ7eDf1ydEn4kXtcVRuEry56EOAAbdvXATwvSWalm8AimgL9HqItRGyCGi5wFaZaB3fOapQ_OXhJJ.wUB.p0FPqWN_cTUvq5EBrzDHQUAFx5QtXu7QPDF8L76D2U.cu4J6fYmDI8.eU.hkyta13Mg32met6NqJekv5rv6wwEkI2JiFQXrJLOpQ_Sq3Ff47I9ZHDZvRxRHamGujMEA40TTStxIylP0gBFIH_p4Wbs1THbMhe4dL83wMvwqzjkxqj8Scq8adlB0kN8Zew9jU_SVDP.HJAa_k1rcKRgzHjGkxTCaHWiPj88osuFh2powR7SBHbqiiBQjsMnaVvLK3PRmu0T9ZD69T5_4MKN_zMaOJeTFOaxdD0ZrSH00ltNcgWegsNyMfZfHFPJjpPT7sOIs65xJXH66ot6TDY9PkG3jgENaZCBMVT7MekROLe0A1YwodrLomYhuPr.D1gec5HWTNxjPwPksjChZdazf1t._RZihLe7_VlZ84rkrz7Ds1aLeFpoi0W6E9wkviHrWW_JN1QtrAIcNWTuDlc2XnSOcVR0lTzxMItWykM8QpP.pmomkCNuTrBugLOLyyXD4oLIkLAMcmu2kuYL4FTVZeEz9yvtWxOq1it7Yvec.CMAIowCSyJhIL416xpQODYxLNZyiLprCedXJ_OrPQ6LOWQfj44PHET4TJyhb_Zl.eC3Yon0RBtbfRuHAiPhHVyaDsxe2r.9UfIFAl1poLK44j3s6xXaE1BRzqtudDf1mZXwPPIDrwtjYA"};var cpo = document.createElement('script');cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8ede31fd2efaa2c2';window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;if (window.history && window.history.replaceState) {var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;history.replaceState(null, null, "\/files?__cf_chl_rt_tk=jUKm8GMaCwn3LkpEHEg7L.2bsv29jcfJ0qnYyCHoad4-1733508233-1.0.1.1-DQXBe8dyNr8.lwItbBKzmdHBAoKAwL30NaISMiR_XxM" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>

[fppenna]

Our contacts in Guatemala tested curl -D out https://ocds.guatecompras.gt/files; cat out and received a valid response:

HTTP/1.1 200 OK
server: nginx/1.22.1
date: Thu, 02 Jan 2025 17:06:58 GMT
content-type: application/json; charset=utf-8
transfer-encoding: chunked
server: Guatecompras
x-power-by: DevGC
set-cookie: f25767e8be86831b6e07a3c19e87a35e=be5230197832fed84a1e4d953df7fa79; path=/; HttpOnly; Secure; SameSite=None
cache-control: private

Any idea why we are still receiving a 403 error?

[jpmckinney]

Our output is below. This happens from my machine, from our server, etc.

I'm not surprised that a request from Guatemala works. They need to test with a server outside Latam.

<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;max-width:60rem;padding-left:1.5rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{font-size:1.5rem;font-weight:500;line-height:2.25rem}@media (width <= 720px){.h2{font-size:1.25rem;line-height:1.5rem}}#challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgMTMgMTNBMTMuMDE1IDEzLjAxNSAwIDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjQjIwRjAzIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}}</style><meta http-equiv="refresh" content="390"></head><body class="no-js"><div class="main-wrapper" role="main"><div class="main-content"><noscript><div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: '3',cZone: "ocds.guatecompras.gt",cType: 'managed',cRay: '8fed6175aed83768',cH: 'vyYTj.1u07ez6qp.aOWzOioeDUAoTEozEPHdld3CtN4-1736351819-1.2.1.1-473S3oaUaaKZo8EnaeXYNt3oNGvWD7LTeFfGN22izsJt9QyYRPWiv1rLq5yK8rHj',cUPMDTk: "\/files?__cf_chl_tk=oN9YRxUB5.k45zXJYJz9VsomKn7dVNyeygAS14dV6oA-1736351819-1.0.1.1-uFIafS8oHwafDtJhn9x02Z6Aj4NtLf6KpL.V9WzPOzA",cFPWv: 'g',cITimeS: '1736351819',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/files?__cf_chl_f_tk=oN9YRxUB5.k45zXJYJz9VsomKn7dVNyeygAS14dV6oA-1736351819-1.0.1.1-uFIafS8oHwafDtJhn9x02Z6Aj4NtLf6KpL.V9WzPOzA",md: "ZYU9s2e_ULjc4eYfpm.lUlEdRLRyf417CfyULR6K318-1736351819-1.2.1.1-2CRlQquSWLvaHMsuVabJ0dDCzEhwVpHQb.ccXV_I6yvV9.sRpmatD7dxjEHJZNWzpdF.R_ye5CHx9cycmeBcKHjx4pY5kQ6uw.t89lu1LCjjeTiK9TE7X1uHseefS7afIEovYiGl29unpKJy4oCDW5dQ45Uqv7YNM6mHDCRDgoLE2De7TKi5V6obI2jAt6TNa_lIiWzEIjL9aygPYFhtmF9O1yyEPoVGwn0wogq5JoeSv9W0wjwcAqSZatA8zPge91soPireb9e6b2kLtkuh86RjCXXhEyCxiKZEKVPAjxv3HGKIxy7ACTLlzP5MLIRxA8Aliu8LEeeQ_bY6WwUGrF5IuDDeFvpKJjirJCyceqPCJ6heBBnGbBsNh1FmJxttgSV5aCFcDqL6LbaViCmAqfw33OIiEZgXBlTWQjsoDXddcsZHXjr0SZ65lQI9t3FsOUfrf7V61trxWSfJbBEeOWD.LE_IGO3DWDt4N2NPTegS6hP_2asR0sjasbUh6eURxHFFle9b3QVJMHhZJNh2er.JHNORVedS1UAMBfx5oIqFB9CuxM3HmnPJ0fKzd3vkhuZ1ibY.FUV7AiCqNXlmaovt1F8q1yu2XCbVTLWzNzS0cUMwzSreOIIhtA0AR1UolcFoOu1UQKoSpVJ2x70MX98fmem7isreYUEtVqJbFpL8gqlKP_ZS0phjQi_4c9udTSF0uPF.7e4.6R_.qTctbMlPDCNZDUBxmrwiDKwvyLzUOCqv_qNuPVNLLu8IIoqSM684N3SaOAqwy.5erQPgXLWMGFYb0Gzyfifqlhp4T3q5djEdDaxYJNEdYeVtVJvTke0Q6JMJ1clwSM41SBjwpRADfcTfKRsmRLffYuw_ZBX8kTKP_IUykYjBESUl9d6WfO2AAVb6ux0YucrRdb_d0LsA3KY78amddm1edUYLq7QMzZVB7Qy9XFEpZKtO7rcO4gdqNnnoMtK_gsPwwzWm.9o.LIbsCMHbBmt1nhPo4ygf7is4ycsAyqIhdFqSyjtrbRRqhOefTGGVYr8LeFmyw1qkqzyebpvK26BdxdUQYY0trckuOIIm.pTrIpvCV7l_h137t3R9ZIqPFZhS_fyVytXVC4x2plaAsTjNx9si_u..K1DEEzt._Ot8FnSrlr_moRW7_stH7x6Syd_iBKhFqxsRiM2oxTxbjKR1KboKZYdXOJgqgDm2_MJIdQRjLlBvfHW.TQMm5mxWXAXtyi2N9uR1mLDf9ZWaNvDmjGBnqnE3W0nbLBoIV0sFcP1JSHoApApobjV_bC8a7Qj7XQ_XnMjVFWzWSdQe.Gs3Ze4wkBkbDfSfijRU2Lk8Quw0Sq0d4BF7qQVR14bq7fJfvJURk.FyaXMwWpDx2v9UxVXk8fq_RqH4rmPUr5oOUYfS4Ag0mSQYsKjYUqm4dbf1oEKBxHOcU5fug8O56jRlGBGxQMU8dLf.mf2hyBDirIQdG7loSQrwXPWKsouGRn6Y9Pz4_922BzRxIE88jtbH5Tum.UL5t4EN7O60UMRqYM8TXHN5oFDtfdQuu4UBQXbeZHST24QjYMgb8BbrXH3WHw4ZqKP86WsPmPw__bpuyStpNZwXpsWvjJ7vng3w7LjRxxHYEavJ.iq_AB5MT64kKiNfzTYS5kGxxBO1eAFNZd5InvLYYR_bB3RwlJyPcWCtiSYKVEq_bxdDgeEB2RWCyvIqwydgrYEiMLZB5TviRAyUcaz.xeoxRRTtlcURSrAwtmOVBJbCnUTd0qzdtdP8aYHl18B.26_3mpoplBO_T1Gjj45K4toPi6XI7lFb4JUG2avFdAJAqGpKn6lRfQOhqihRyb7jduLpMGydQ_OHXCalPMwCTIh184Yojg9_9Oc5BqgC.owcCCAquw.b6EIxldE8EQVl4dQpO.hFHCLSD2TtepIRyJeVJzFWc07C2GAB7znfQLr8ysxNcwJt21dIVYPAByUP.FVhBGrzlXOoRv2VcoI1vGaNd5mLOn6rRwY8LV.2jzfGUkgM6KZUOh2GKIuGAWCB1gRfTP7rv8Sg6rJQLiysPoibpnfGC4wIQxM8cQSjKFmN4dxR8wJwl7YlikcKvPruOW7WTA03_olcILMKPWWBERXuhTQ6gcR8Zf.BB7bA2_l.GV6tM9hFK0h08GGKk2Gh0rmqJhaxUSJZ30Kv6jgY4.0NAGFcLnc91u9zsAcNAKAczN145oN4sM0k9UCcZM37m56l2cwfNBvWU6SzjyYYVIPdMzJbG4qvdMdaVODVpA",mdrd: "4EWUECC8Y17ph3v0734eLV8quFjgYbtrkfyhV3BZO6E-1736351819-1.2.1.1-TIpOAJQu7fncUDkpMs16k4Xs0napLn61D0.pSisrwGYDsGC1Yx4rofiJH9EY2RZOqWyZxP0bfxwt9RXMjTGVFYId4CGCzPFco2lTMdH1fm7uOgxFo3efGlU.5wqcLfWWJdSMXPQnBeogqsmkZ283YRBFxUDfoKX9Y1OYYC0V6OlSQoeAz7cT4JIeuWtT_6FvRtXrZxPngaH02vmlu6hjoLHx4SICKh4usNwM3tZJvsQO.kt46iLPTmVL2RjQUWWy9qi6_aFi3krG3x5IzCiXiQPIZybYGCh9V47ngaxYFkpoAS1ApCIACKR9gDZDvpqdJkOT3jeeF7K1b2mAqezypCHnrjZNjx3APsZTo5BABmzZILIInXX03UugV4QJAX8EDYgTXXvB7OemgjRiChcQuAiz5G8H1rJaMQFiMA7wRx7J5RYuJvyMwrCk5bvZ3NOobE6l3inomUHx5tEKLsvVe0go9NiHmn3JCXsuH3na5qNYTua2YXkw8alMayMW8fr1hxcMw7EX56gpTWFeI7UmY9T5r6DUZC01v2Tnsv79IQ4S3CynrreAESvgynf2yOeMb10pIzHH5kPF1m4Ufwq2uUK.8.LJ0limYc2M3lX83SbQTAh0BsDeG_9uEo1xrCooZxGUIN21JLSpX8DkSX3RXRk1BKc6lP1BdGTfo2hkujU3zctJRh6fXuc_Dhof7uLQ6i_f04QWNEggjzOvUhdWEdOmHJelbanU2aOiWLXRhm5YPRi8bxwiBI8mf6kdxsvUKo4i7YTB5hpJ0CA6nrS.uTtS1ph.mB2fECQ.6eA8pLQcH4cetL4kDWoKNDtTKC7jja.JpbUz7rWMptvN6K4NoGvxwzD6T5JAAMFTOt6aj.YVDe2t9CUBXrSsftM1Lu_PBzkPYx4BvSpr9iAzXpQUcjJiTanN266LlITCXxJePWaF2E07GNaBRKX9BNXJhDNhxJnHgsEdmzGbk6Ig_2WRhj7mdKpQcBjBBKhEX9ynQYW6K7Fhg27p8450hk7ALmg2lsCH_8cyDpeSUjoi_fQvfUkqP7qhgl2uWxT.59uinp_0flOTliASQwUaJoXrXdDqxImdJdYDO9v04CRCQK62F2DppapmbvjZXcMY1_oycVcLOfXPjqD51mpWVU3uR3JI98kgNzogX3c23lgPwYYv7K7SUkb6HI.hhAfAs2XUc6OUFJxYfmjb7zxMlY_QF.pA2Rf3zzxJbrE06mby1wbFKQwTE_u6pCQhSWRuTchd3XJ0wz7FudK7HvBy2Qppq6OtQqUe5WGCCVOkFQj2Lnudey1j21tlYSuBZc7ilQ4l6wlMaNSCbq3Fp0djkNQosOQF_jMNy59_e0cmD3nJA6UMYWi_9MjQPpOiiv9nhRzc0VB0ctDFn53QZjatUd_rLF.dtccLQpTM8uaWirBjSasyQch5AgSrokO2_VoxgaNZA5Xy1ruOZ6NHovc3VOWRH4HJGeaMCTWIcogt3sTRw_mM36xwfFoZthUm2xuP30_rfW3pTlJNireOn.ntRbQk8U09JOaZRbFpEs_aFoBBj.y7.BW7NJg0vLtgFZ8MksUZazSezB6SDUtzZBv3eElY4Stw8o2KoMcJCSx.ej05iWv0gnmDm7vloMnFqP9ALjOxBj_XO4fxUWeWBf6vC4NsT5r6jrTTJ7D4nrMHJclfnGQ8zdvDkmbn7xWAPbsgSPPfCjfQbADjiI5ELH1LP3Q0aAw2_a4yOAnUhBAbVJ6GUJVRZdCt.3.U0arIiu3kDUrisCdQsO2XN5k.aiqmrY.8SPtgHlN1fwJsuMTv9Tsv01jQOOYXgk1_K60EosIH_pp2n_6wNhIH1mn1v64mPegbblDIF44Ma5NNvGBXht6XuHT62bBuJku7jYUAl9l18EK0hMj07sCPXMhz4MnlBXlH04H0pw75FyuxeefJt4ouuYS5WeUu_XVAhfUAZ5n5EHR2BEsnvw9kKqbk2.4PsRISGSI16iQlykxxfDuLuK3AEEN3QSRB8FiDTRAcy9sjJKrtpogmklsIJwKcMiK_WWIEXR.NiXO1hjCuhuN.sp9Bcu0YGIGiUKB88jwAewM5q6hG5iBXhYq7SDdKappVeGwNKdalMmYaCkmAaojqhB17htHO_otk85rlD5ih2Um8PIrkXTqIX3.u0Yzg3EHEViCsOyzoOr.D6nJYRrtlpXls6QiVMUnqP14GxZ92OQKB1TjVro.NoWdtz8s.2YmYXidwuPimQooPZIOwCwr89VHZ4ezaHhsZtW4p_uJGaKBvePvKVQtglsaoxzC.E5KtYqacREsnWKPlb544srCgm5xWs8NHGg"};var cpo = document.createElement('script');cpo.src = '/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=8fed6175aed83768';window._cf_chl_opt.cOgUHash = location.hash === '' && location.href.indexOf('#') !== -1 ? '#' : location.hash;window._cf_chl_opt.cOgUQuery = location.search === '' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf('?') !== -1 ? '?' : location.search;if (window.history && window.history.replaceState) {var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;history.replaceState(null, null, "\/files?__cf_chl_rt_tk=oN9YRxUB5.k45zXJYJz9VsomKn7dVNyeygAS14dV6oA-1736351819-1.0.1.1-uFIafS8oHwafDtJhn9x02Z6Aj4NtLf6KpL.V9WzPOzA" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName('head')[0].appendChild(cpo);}());</script></body></html>HTTP/2 403 
date: Wed, 08 Jan 2025 15:56:59 GMT
content-type: text/html; charset=UTF-8
content-length: 8247
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: PU0rKmJYUANMsYYQAswWz/UCblMYYkZ3pwsJ2rcHdIFkk7jfDjeNhmyLI4wcvQagU39RLv5ZEcIdqd3S3Dm6R4zFmBOTfNqAf713A6tr6yghk6nl646Z2sTTlvG3neIz7DoctWNOGltjgYHGLtkx5A==$0z7w42PLcCfrL5Wz7Boryg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
set-cookie: __cf_bm=dWicO8a.8ne3dBkTDUma5hf9YcG8.0JN42E6O2aaD4U-1736351819-1.0.1.1-GpU5oJITLkzVgMq6PnT0NmfEL0vuHPEYhQ_SWEfBgqsNBEL42HcYDXR.PPQQvIlQAbnlr_e_n7nMZJd5jD3Zwg; path=/; expires=Wed, 08-Jan-25 16:26:59 GMT; domain=.guatecompras.gt; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=0
server: cloudflare
cf-ray: 8fed6175aed83768-HEL
alt-svc: h3=":443"; ma=86400

[yolile]

I'm not surprised that a request from Guatemala works. They need to test with a server outside Latam.

Or, outside Guatemala, as it is also not working from Paraguay