Report - cumulus.sherweb.com/

Report Overview

Submitted URL
cumulus.sherweb.com/
IP
199.244.76.105
ASN
#36354 SHERWEB-AS36354
Submitted
2024-05-08 04:15:18
Access
public
Website Title
Sign in
Final URL
cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Tags
salesforce phishing
urlquery detections
Phishing - Salesforce

Detections

urlquery
10
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cdn.segment.com	1618	1998-07-06	2014-04-11	2024-05-07	3.8 kB	103 kB	143.204.48.96
status.geotrust.com	3662	1999-04-04	2017-12-01	2024-05-06	331 B	642 B	192.229.221.95
cumulus.sherweb.com	unknown	1998-08-06	2018-04-23	2023-06-30	12 kB	114 kB	199.244.76.105
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-05-07	549 B	16 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-05-07	448 B	12 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0	0 B	2023-03-07	2024-05-19
Pretty URL cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0 IP 199.244.76.105 ASN #36354 SHERWEB-AS36354 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 22:31:01 Times Seen37845560 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	cdn.segment.com/analytics.js/v1/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/analytics.min.js	105 kB	2024-05-01	2024-05-08
Pretty URL cdn.segment.com/analytics.js/v1/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/analytics.min.js IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 23:56:21 Last Seen2024-05-08 06:15:19 Times Seen4 Hash 43594d9cce60d11c21892383791991e7 a2127f83fd53d67be1de8a539e11fe168f420e52 dafcf5d711965819e577f82074a3cb14b87c61501e239946e961cc328a18d511 Loading...

	cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js	9.3 kB	2024-04-17	2024-05-19
Pretty URL cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-17 16:53:47 Last Seen2024-05-19 20:26:28 Times Seen346 Hash 00e9c65cbba11c07c4bf4a6e2727b8ea ac1a5d9b6ffcde916a82169cd74c9a734bdf4a39 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6 Loading...

	cumulus.sherweb.com/oidc/bundles/js/placeholders.js?v=Zg5BSN9_bYMiX7uZdfRD2B1BDz4	4.3 kB	2024-05-01	2024-05-08
Pretty URL cumulus.sherweb.com/oidc/bundles/js/placeholders.js?v=Zg5BSN9_bYMiX7uZdfRD2B1BDz4 IP 199.244.76.105 ASN #36354 SHERWEB-AS36354 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 23:56:21 Last Seen2024-05-08 06:15:19 Times Seen4 Hash d12daa8636bb931d27888f15c5be35bb e3212e3cbdfdfbee8b2a9432e8d514d26a014d0f 09e991d11b5c8b840ce682ee41f9a436665585a1309b2abcc08dbe87274a1412 Loading...

	cumulus.sherweb.com/oidc/bundles/js/segment.js?v=fuBRp82R_hoPj3RLHM2nI-19H1Y	1.5 kB	2024-05-01	2024-05-08
Pretty URL cumulus.sherweb.com/oidc/bundles/js/segment.js?v=fuBRp82R_hoPj3RLHM2nI-19H1Y IP 199.244.76.105 ASN #36354 SHERWEB-AS36354 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 23:56:21 Last Seen2024-05-08 06:15:19 Times Seen4 Hash 5e091be570147293883880b9ec2b5c80 722f6159940206b4826494a6b9cadda4ea5583b1 721f5907274fadb86b4cabd28f50314958e5170c9ea0af78f1d68042bd96e559 Loading...

	cumulus.sherweb.com/oidc/bundles/js/ui-toolkit-components.js?v=UUV0Gh-FAD__lL1JpmTGwfdrOk0	31 kB	2024-05-01	2024-05-08
Pretty URL cumulus.sherweb.com/oidc/bundles/js/ui-toolkit-components.js?v=UUV0Gh-FAD__lL1JpmTGwfdrOk0 IP 199.244.76.105 ASN #36354 SHERWEB-AS36354 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 23:56:21 Last Seen2024-05-08 06:15:19 Times Seen4 Hash 7310f1ef57f41199d47cc1d7306de732 c036c90826373b72d6cf281e29e6beb0d17dd9da 7ce24074a235f9d56533c2bd6bbb98c5b377a69503bfa393c0435d0f71a844b4 Loading...

	cumulus.sherweb.com/oidc/bundles/js/jquery.js?v=Pp9TSvCi-BPI5wca6g4jZYz8MK8	90 kB	2024-05-01	2024-05-08
Pretty URL cumulus.sherweb.com/oidc/bundles/js/jquery.js?v=Pp9TSvCi-BPI5wca6g4jZYz8MK8 IP 199.244.76.105 ASN #36354 SHERWEB-AS36354 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-01 23:56:21 Last Seen2024-05-08 06:15:19 Times Seen4 Hash 6ad78f34c09ca15d6aed2a9f3722a839 f6b0c9812395e79863904d689248bc7c95dce03e 00e3ab53755f83aa6f04fc5a1c29f9a9f161d587283cf7d3f4f84eb23dc40ca8 Loading...

	cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz	5.1 kB	2024-04-19	2024-05-17
Pretty URL cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 15:57:58 Last Seen2024-05-17 11:13:38 Times Seen34 Hash 6776a6e921e6eeeb1a9ec550d5bd98f4 fc974754f92811898ffd94d589942c2f6710a894 e9fda204818eb76752b45ba07f2a3357507dfbd1ffac18a8badebda6f96feab7 Loading...

	cdn.segment.com/next-integrations/integrations/visual-tagger/0.3.5/visual-tagger.dynamic.js.gz	46 kB	2024-04-16	2024-05-19
Pretty URL cdn.segment.com/next-integrations/integrations/visual-tagger/0.3.5/visual-tagger.dynamic.js.gz IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 11:19:33 Last Seen2024-05-19 00:53:48 Times Seen46 Hash 4fe5e51c081c22eda111911dc950a52b 9f3c892363770f80748c2b957732c6765d78a12a 3999ddde00a86aa8cac52ba54aa3cbf69ccd2ff81a1ecbf5d179eeee6ac835c1 Loading...

	cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz	72 kB	2024-04-12	2024-05-19
Pretty URL cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-12 02:43:18 Last Seen2024-05-19 20:26:31 Times Seen435 Hash a6378a93e23b431232f76fc74dca8b18 51c28e605abfb910d4c836f58e96723141e28b30 265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd Loading...

	cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js	1.6 kB	2024-03-24	2024-05-19
Pretty URL cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-24 14:10:54 Last Seen2024-05-19 20:26:29 Times Seen382 Hash 3867b2388b619ff7fddc29ef359fc9aa 511bed0c4d3d57ab4cf1b1d7596fb845ecfba6ac 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a Loading...

	cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz	16 kB	2024-04-14	2024-05-19
Pretty URL cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz IP 143.204.48.96 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-14 17:35:06 Last Seen2024-05-19 20:01:41 Times Seen131 Hash 0e6c238c4491ba0be60ff1ba0021c299 6f676de2a7d8f5a5a4855101a256ce3fd0e29443 86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff Loading...

	cumulus.sherweb.com/oidc/sandbox%20eval%20code	147 B	2023-04-11	2024-05-19
Pretty URL cumulus.sherweb.com/oidc/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 22:24:58 Times Seen350839 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-19
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 22:24:58 Times Seen350324 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

HTTP Transactions (20)

URL IP Response Size

status.geotrust.com/

192.229.221.95

471 B

URL
status.geotrust.com/
IP
192.229.221.95:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e1572d637a8ee479d89aeca601e3fa0c
17aa72c0ec2e25e24895668af8914602a2c103b9
53316e5c266ebaea257bda3fd9a443c5ba4c562924dfe36acd1006b2275ca215

HTTP Headers

POST / HTTP/1.1
Host: status.geotrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Type: application/ocsp-response
Date: Wed, 08 May 2024 04:14:53 GMT
Server: ECAcc (amb/6B53)
Content-Length: 471

cumulus.sherweb.com/

199.244.76.105

302 Found

0 B

URL User Request GET HTTP/1.1
cumulus.sherweb.com/
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET / HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Length: 0
Location: https://cumulus.sherweb.com/oidc/connect/authorize?client_id=xtkl.accesscontrol.nexus.sw&redirect_uri=https%3A%2F%2Fcumulus.sherweb.com%2Fnexus%2FoidcRedirectCallback&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5&state=CfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0
Server: Kestrel
Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8JbKeVtJ6_1OgLUpRYg2oQeQg9vvcBSHc_JSVRo4JpYGPzS_KDXwbg8wo2U1p7CUSybaYNktfAyN5Iuny0CbPDl918h5QLrTbOFjhErNE1CF4RWW_Ymp0uxVsjKi55usHOictSY8zXW9Uov6zdCNMP_5DZrC511NWPppsgy0AauXhyf1QruNoWl6xVBraL3E_eCxUdjZB36oEZ7Op1eNEUYITIkmpsSYCqhcTClBCH7X8KChHwFap-GXmDzBwq1eOJyOpYazWCcWLPbCMQJgwHo=N; expires=Wed, 08 May 2024 04:29:53 GMT; path=/nexus/oidcRedirectCallback; secure; httponly
.AspNetCore.Correlation.OpenIdConnect.0Q3LCOMst__rGD-mlMemcYmvDG5elcn8z6sNXRMNNAw=N; expires=Wed, 08 May 2024 04:29:53 GMT; path=/nexus/oidcRedirectCallback; secure; httponly
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:53 GMT

cumulus.sherweb.com/oidc/connect/authorize?client_id=xtkl.accesscontrol.nexus.sw&redirect_uri=https%3A%2F%2Fcumulus.sherweb.com%2Fnexus%2FoidcRedirectCallback&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5&state=CfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0

199.244.76.105

302 Found

0 B

URL User Request GET HTTP/1.1
cumulus.sherweb.com/oidc/connect/authorize?client_id=xtkl.accesscontrol.nexus.sw&redirect_uri=https%3A%2F%2Fcumulus.sherweb.com%2Fnexus%2FoidcRedirectCallback&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5&state=CfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/connect/authorize?client_id=xtkl.accesscontrol.nexus.sw&redirect_uri=https%3A%2F%2Fcumulus.sherweb.com%2Fnexus%2FoidcRedirectCallback&response_type=id_token&scope=openid%20profile&response_mode=form_post&nonce=638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5&state=CfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL&x-client-SKU=ID_NET461&x-client-ver=5.3.0.0 HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Content-Length: 0
Location: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Strict-Transport-Security: max-age=2592000
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:53 GMT

cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0

199.244.76.105

200 OK

4.3 kB

URL User Request GET HTTP/1.1
cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (4069), with CRLF line terminators
Size
4.3 kB (4338 bytes)
Hash
6edc5be256f31435e6f967f98436bba7
5e93b68b60bbb37095b7095eb1db0c47d9f230f3
21cb919311672b7d61a14f4a7c510378341655a59ab7852b3a0886a3fb79941e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0 HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Set-Cookie: .AspNetCore.Antiforgery.U50SxYfDo7Y=CfDJ8NjX395COPxFqRVA2e3wAvikR_5rRlJ7-rvLcpI_K4BxujMnmLbmii7I5KFcV_-8AeCTDKimuPpWGUsDwnv4dsTEGjWO8q85_RPnKTqFmxvbS221JVzW0pngUcPEodR6Puqo5Wgf1aS35moUWIFdL-4; path=/oidc; samesite=strict; httponly
Strict-Transport-Security: max-age=2592000
Content-Security-Policy: frame-ancestors 'self'
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

cumulus.sherweb.com/oidc/bundles/css/site.css?v=lA-K0mOxGEJmre8R8lt-gep4g4w

199.244.76.105

200 OK

43 kB

URL GET HTTP/1.1
cumulus.sherweb.com/oidc/bundles/css/site.css?v=lA-K0mOxGEJmre8R8lt-gep4g4w
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (65301)
Size
43 kB (42572 bytes)
Hash
489e5111b28521f0c967c053a75377fd
223e92aa846a11597f2b4e603be842e044491b6f
e695313147e24029cfb66dc78ba068c080066220329871c89783ff104a587c84

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/bundles/css/site.css?v=lA-K0mOxGEJmre8R8lt-gep4g4w HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Cookie: .AspNetCore.Antiforgery.U50SxYfDo7Y=CfDJ8NjX395COPxFqRVA2e3wAvikR_5rRlJ7-rvLcpI_K4BxujMnmLbmii7I5KFcV_-8AeCTDKimuPpWGUsDwnv4dsTEGjWO8q85_RPnKTqFmxvbS221JVzW0pngUcPEodR6Puqo5Wgf1aS35moUWIFdL-4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000,immutable
Content-Type: text/css; charset=UTF-8
Last-Modified: Fri, 12 Apr 2024 16:11:08 GMT
ETag: "lA-K0mOxGEJmre8R8lt-gep4g4w"
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

cumulus.sherweb.com/oidc/bundles/js/placeholders.js?v=Zg5BSN9_bYMiX7uZdfRD2B1BDz4

199.244.76.105

200 OK

1.8 kB

URL GET HTTP/1.1
cumulus.sherweb.com/oidc/bundles/js/placeholders.js?v=Zg5BSN9_bYMiX7uZdfRD2B1BDz4
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (4274), with no line terminators
Size
1.8 kB (1782 bytes)
Hash
d12daa8636bb931d27888f15c5be35bb
e3212e3cbdfdfbee8b2a9432e8d514d26a014d0f
09e991d11b5c8b840ce682ee41f9a436665585a1309b2abcc08dbe87274a1412

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/bundles/js/placeholders.js?v=Zg5BSN9_bYMiX7uZdfRD2B1BDz4 HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Cookie: .AspNetCore.Antiforgery.U50SxYfDo7Y=CfDJ8NjX395COPxFqRVA2e3wAvikR_5rRlJ7-rvLcpI_K4BxujMnmLbmii7I5KFcV_-8AeCTDKimuPpWGUsDwnv4dsTEGjWO8q85_RPnKTqFmxvbS221JVzW0pngUcPEodR6Puqo5Wgf1aS35moUWIFdL-4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000,immutable
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 12 Apr 2024 16:11:08 GMT
ETag: "Zg5BSN9_bYMiX7uZdfRD2B1BDz4"
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

cumulus.sherweb.com/oidc/bundles/js/segment.js?v=fuBRp82R_hoPj3RLHM2nI-19H1Y

199.244.76.105

200 OK

786 B

URL GET HTTP/1.1
cumulus.sherweb.com/oidc/bundles/js/segment.js?v=fuBRp82R_hoPj3RLHM2nI-19H1Y
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
ASCII text, with very long lines (1507), with no line terminators
Size
786 B (786 bytes)
Hash
5e091be570147293883880b9ec2b5c80
722f6159940206b4826494a6b9cadda4ea5583b1
721f5907274fadb86b4cabd28f50314958e5170c9ea0af78f1d68042bd96e559

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/bundles/js/segment.js?v=fuBRp82R_hoPj3RLHM2nI-19H1Y HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Cookie: .AspNetCore.Antiforgery.U50SxYfDo7Y=CfDJ8NjX395COPxFqRVA2e3wAvikR_5rRlJ7-rvLcpI_K4BxujMnmLbmii7I5KFcV_-8AeCTDKimuPpWGUsDwnv4dsTEGjWO8q85_RPnKTqFmxvbS221JVzW0pngUcPEodR6Puqo5Wgf1aS35moUWIFdL-4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000,immutable
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 12 Apr 2024 16:11:08 GMT
ETag: "fuBRp82R_hoPj3RLHM2nI-19H1Y"
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

cumulus.sherweb.com/oidc/bundles/js/ui-toolkit-components.js?v=UUV0Gh-FAD__lL1JpmTGwfdrOk0

199.244.76.105

200 OK

14 kB

URL GET HTTP/1.1
cumulus.sherweb.com/oidc/bundles/js/ui-toolkit-components.js?v=UUV0Gh-FAD__lL1JpmTGwfdrOk0
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (30660), with CRLF line terminators
Size
14 kB (14109 bytes)
Hash
7310f1ef57f41199d47cc1d7306de732
c036c90826373b72d6cf281e29e6beb0d17dd9da
7ce24074a235f9d56533c2bd6bbb98c5b377a69503bfa393c0435d0f71a844b4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/bundles/js/ui-toolkit-components.js?v=UUV0Gh-FAD__lL1JpmTGwfdrOk0 HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Cookie: .AspNetCore.Antiforgery.U50SxYfDo7Y=CfDJ8NjX395COPxFqRVA2e3wAvikR_5rRlJ7-rvLcpI_K4BxujMnmLbmii7I5KFcV_-8AeCTDKimuPpWGUsDwnv4dsTEGjWO8q85_RPnKTqFmxvbS221JVzW0pngUcPEodR6Puqo5Wgf1aS35moUWIFdL-4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000,immutable
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 12 Apr 2024 16:11:08 GMT
ETag: "UUV0Gh-FAD__lL1JpmTGwfdrOk0"
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:53 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2

216.58.207.227

200 OK

15 kB

URL GET HTTP/2
fonts.gstatic.com/s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint15:DD:05:B3:2F:D8:E3:54:C9:B4:FA:E4:AC:01:ED:C8:E1:EA:A7:AD
ValidityTue, 16 Apr 2024 04:17:07 GMT - Tue, 09 Jul 2024 04:17:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 14940, version 1.0
Size
15 kB (14940 bytes)
Hash
a46fb7aae99225fdfd9d64b2b8b1063f
1ee50bf5985c1956dde1c06d9b1cec4645ddb92b
4b5816bbfc52587979139951355fe4048da02ce60e40cef8e4a1efb6cd396281

HTTP Headers

GET /s/montserrat/v26/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCtr6Hw5aXo.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cumulus.sherweb.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14940
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 May 2024 01:57:59 GMT
expires: Fri, 02 May 2025 01:57:59 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 13 Sep 2023 22:46:07 GMT
content-type: font/woff2
age: 526615
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cumulus.sherweb.com/oidc/bundles/js/jquery.js?v=Pp9TSvCi-BPI5wca6g4jZYz8MK8

199.244.76.105

200 OK

42 kB

URL GET HTTP/1.1
cumulus.sherweb.com/oidc/bundles/js/jquery.js?v=Pp9TSvCi-BPI5wca6g4jZYz8MK8
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (65270)
Size
42 kB (41583 bytes)
Hash
6ad78f34c09ca15d6aed2a9f3722a839
f6b0c9812395e79863904d689248bc7c95dce03e
00e3ab53755f83aa6f04fc5a1c29f9a9f161d587283cf7d3f4f84eb23dc40ca8

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /oidc/bundles/js/jquery.js?v=Pp9TSvCi-BPI5wca6g4jZYz8MK8 HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Cookie: .AspNetCore.Antiforgery.U50SxYfDo7Y=CfDJ8NjX395COPxFqRVA2e3wAvikR_5rRlJ7-rvLcpI_K4BxujMnmLbmii7I5KFcV_-8AeCTDKimuPpWGUsDwnv4dsTEGjWO8q85_RPnKTqFmxvbS221JVzW0pngUcPEodR6Puqo5Wgf1aS35moUWIFdL-4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: max-age=31536000,immutable
Content-Type: text/javascript; charset=UTF-8
Last-Modified: Fri, 12 Apr 2024 16:11:08 GMT
ETag: "Pp9TSvCi-BPI5wca6g4jZYz8MK8"
Strict-Transport-Security: max-age=2592000
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET
Date: Wed, 08 May 2024 04:14:54 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

cumulus.sherweb.com/favicon.ico

199.244.76.105

404 Not Found

3.4 kB

URL GET HTTP/1.0
cumulus.sherweb.com/favicon.ico
IP
199.244.76.105:443
ASN
#36354 SHERWEB-AS36354

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerDigiCert Inc
Subject*.sherweb.com
Fingerprint66:D4:B0:26:4D:68:FD:0C:83:60:EA:F1:DB:53:A0:46:83:88:61:14
ValidityTue, 23 Apr 2024 00:00:00 GMT - Tue, 22 Apr 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF line terminators
Size
3.4 kB (3394 bytes)
Hash
5cb3f7b2e600e0da55337a083308ebbe
2da1781c93b8c7f843a4bfc10daaca65694255cc
0ba39eb9530e2c36ccf1abd8966b832f68188cea8b423dd32ed5547cc763e818

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cumulus.sherweb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.0 404 Not Found
Cache-Control: no-store, no-cache
Connection: close
Content-Length: 3394

fonts.googleapis.com/css2?family=Montserrat&display=swap

142.250.74.106

200 OK

12 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Montserrat&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint36:49:20:36:0C:4D:DA:55:65:64:23:0F:49:3E:FA:78:87:35:A3:79
ValidityTue, 16 Apr 2024 04:17:12 GMT - Tue, 09 Jul 2024 04:17:11 GMT

File type
gzip compressed data, max compression
Size
12 kB (11859 bytes)
Hash
377a246d9560d3edec94da12050bde27
56ae9448843f6cb963b81fd43ba42c7314bbfa94
2199b1670f20251d6c91a9cd9a3e7d5c5d6eb759f23373a2487722b4dec04b5d

HTTP Headers

GET /css2?family=Montserrat&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 May 2024 04:14:54 GMT
date: Wed, 08 May 2024 04:14:54 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz

143.204.48.96

200 OK

4.7 kB

URL GET HTTP/2
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (15894)
Size
4.7 kB (4743 bytes)
Hash
0e6c238c4491ba0be60ff1ba0021c299
6f676de2a7d8f5a5a4855101a256ce3fd0e29443
86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff

HTTP Headers

GET /next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 4743
date: Fri, 12 Apr 2024 20:28:53 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 05 Apr 2024 16:42:47 GMT
etag: "6a3ed21f9b6777c0c37e6e248ea22387"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
x-amz-version-id: UrcbvrdkWvVeM88a5LbnIeGLbGs5UNca
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: kc3rWEZiRTOKiCfqx9tnmpWik1zapeRWA8KZADPboXMyUxp_5Uh-KA==
age: 2187963
X-Firefox-Spdy: h2

cdn.segment.com/analytics.js/v1/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/analytics.min.js

143.204.48.96

200 OK

35 kB

URL GET HTTP/2
cdn.segment.com/analytics.js/v1/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/analytics.min.js
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
35 kB (34936 bytes)
Hash
43594d9cce60d11c21892383791991e7
a2127f83fd53d67be1de8a539e11fe168f420e52
dafcf5d711965819e577f82074a3cb14b87c61501e239946e961cc328a18d511

HTTP Headers

GET /analytics.js/v1/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/analytics.min.js HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Wed, 08 May 2024 04:14:56 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Wed, 24 Apr 2024 19:19:46 GMT
etag: W/"43594d9cce60d11c21892383791991e7"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=120
x-amz-version-id: DbFdwgjRf2ONtGV0ILPUAnxu6IUREa2A
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GBW5OUlHWmE8F8Aim8UJokjfCbi-SWq8F9Ql0uvrAnofh37uA6LK2w==
X-Firefox-Spdy: h2

cdn.segment.com/next-integrations/integrations/visual-tagger/0.3.5/visual-tagger.dynamic.js.gz

143.204.48.96

200 OK

16 kB

URL GET HTTP/2
cdn.segment.com/next-integrations/integrations/visual-tagger/0.3.5/visual-tagger.dynamic.js.gz
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (46392)
Size
16 kB (15523 bytes)
Hash
4fe5e51c081c22eda111911dc950a52b
9f3c892363770f80748c2b957732c6765d78a12a
3999ddde00a86aa8cac52ba54aa3cbf69ccd2ff81a1ecbf5d179eeee6ac835c1

HTTP Headers

GET /next-integrations/integrations/visual-tagger/0.3.5/visual-tagger.dynamic.js.gz HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 15523
date: Fri, 12 Apr 2024 23:54:56 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 05 Apr 2024 16:42:48 GMT
etag: "1e6ed20ae1ef59e0a54725d717b8454f"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
x-amz-version-id: q0OSwXvSit6ty3qgWK_ICzaIr7vDA45T
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: D8ksYamNHWMgpglauBmNXEmdFVKaITSQ4dPLE7T8EBTk1p9G27hazA==
age: 2175600
X-Firefox-Spdy: h2

cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

143.204.48.96

200 OK

22 kB

URL GET HTTP/2
cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
22 kB (21911 bytes)
Hash
a6378a93e23b431232f76fc74dca8b18
51c28e605abfb910d4c836f58e96723141e28b30
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

HTTP Headers

GET /next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 21911
date: Fri, 12 Apr 2024 19:17:49 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 05 Apr 2024 16:42:46 GMT
etag: "c467a63b2e7c3a99be423ace649014d8"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
x-amz-version-id: 1Y99HfuTczPsGIDdcPhw1L1EusEviR19
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 6Hs9Il7QxTU3I0xvvln0pE4vqxcrP1M226SyyjXzX8bHkHPsVHeiDw==
age: 2192227
X-Firefox-Spdy: h2

cdn.segment.com/v1/projects/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/settings

143.204.48.96

200 OK

3.8 kB

URL GET HTTP/2
cdn.segment.com/v1/projects/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/settings
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (4195), with no line terminators
Size
3.8 kB (3799 bytes)
Hash
4549697134111b0fc3fc76299ac773c8
533500405aefe62c9e2e1a2bcc51f7142d0352c8
36896caa831914dc6cc467fe4bb03b650f6adb1fc77cfeb0618379903db756c0

HTTP Headers

GET /v1/projects/v1LBm6ekWibInRF7kPz21aelktZ2Nh3E/settings HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cumulus.sherweb.com/
Origin: https://cumulus.sherweb.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Wed, 08 May 2024 01:55:18 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Thu, 08 Jun 2023 20:11:03 GMT
etag: W/"d31f7af0ce7c7a52a8211ee6b2c23d92"
x-amz-server-side-encryption: AES256
cache-control: public, max-age=10800
x-amz-version-id: 5oj8CBSrNTZZPD7kTSM2l4kyUe1IJfqX
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 80d21802b1b80c40e55ccf83433b8eac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: gw2wSTxchUEAFo3FKfzBUHw7H4V9A2KvoMWhFHLuvcM6hdqB8TehlA==
age: 8378
X-Firefox-Spdy: h2

cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js

143.204.48.96

200 OK

1.6 kB

URL GET HTTP/2
cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (1580), with no line terminators
Size
1.6 kB (1559 bytes)
Hash
6e19b4ef2ab810cbea710a18b9497529
8b87132691b073aa3ef474eaa704138098abf3bd
e8714289e7eb4b5686a2bffa5ec489305ec9f8da80596cad8e3b860eefaca9de

HTTP Headers

GET /analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Fri, 12 Apr 2024 16:48:23 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Apr 2024 03:48:56 GMT
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000,immutable
x-amz-version-id: 6p7m0DymtVd2iHKfdr7k4GM1yYafy1xS
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: aEIMgvouVWkDkmKOUnNj6A1WCj9I4hXbHYPbHO7Czh6ORQuJjT1qJg==
age: 2201192
X-Firefox-Spdy: h2

cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz

143.204.48.96

200 OK

5.1 kB

URL GET HTTP/2
cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (5284), with no line terminators
Size
5.1 kB (5144 bytes)
Hash
fc3a0209bfb978af71b9305a325617f8
4ef3909ebf6e2f76bd1aaef1b3fef83fa042fffa
a39fc8b3210f7674bcb4c9deb8d9a5268759335ce385c2f5c5ed826f278a1c03

HTTP Headers

GET /next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 2166
date: Fri, 12 Apr 2024 16:56:40 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
last-modified: Fri, 05 Apr 2024 16:42:47 GMT
etag: "5ab49a383e9cf7b93c013d369b1b30f7"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000,immutable
content-encoding: gzip
x-amz-version-id: oPHfKDIg3jvUi4BGP8xSSh5eX6u0MY0C
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9-4Tb4qiuKgvdqDSTFp1ti3kwBPp8XY-aDcsw8Ufu2kvh1Xru1CfIQ==
age: 2200696
X-Firefox-Spdy: h2

cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js

143.204.48.96

200 OK

9.3 kB

URL GET HTTP/2
cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
IP
143.204.48.96:443
ASN
#16509 AMAZON-02

Requested by
https://cumulus.sherweb.com/oidc/hrd?ReturnUrl=%2Foidc%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Dxtkl.accesscontrol.nexus.sw%26redirect_uri%3Dhttps%253A%252F%252Fcumulus.sherweb.com%252Fnexus%252FoidcRedirectCallback%26response_type%3Did_token%26scope%3Dopenid%2520profile%26response_mode%3Dform_post%26nonce%3D638507384933372425.Yzk4OTkyM2MtYWRkNC00OTgxLTgxZmItYzU5NWM1NmIyNWY5YjBiNGI2MWYtYzU0YS00MDVlLThjM2YtMDk0NGQ0OWQxYzU5%26state%3DCfDJ8JbKeVtJ6_1OgLUpRYg2oQd-MTCYl_7moFJW0PQ8ipdZwYhIpc1JJVXPvpdtSM5qSWg4N4XM2VyKjsSWNw03BzEgErZZZ11GwmYUTOD-BtshOxmCvo95ggv-uw9KSSnRPl1GDzToyquHU5opT7m00xlcfFuTsK8oPWazLvZBZ3KUTFHnw1FiSq59Tbmd2qxs9TZH9IkapHq8GUnoYkAosJQEAid_QRQfrvD6kmaBlZefGU4WIO7foPMH4T_sRHoNUga7RcsHrUNbYyaeK24R-rGBbWT4l6-oBhyyv5OzRxLAeZJsZeaKjcnBXigoO2PPbzent5sYi9WcymAC7wyXKP6U5CT2eGGMQvP9C3xDcTNL%26x-client-SKU%3DID_NET461%26x-client-ver%3D5.3.0.0
Certificate
IssuerAmazon
Subject*.segment.com
Fingerprint92:B4:26:19:9B:B4:C7:48:23:87:41:7A:8A:10:5E:C4:E8:77:35:A0
ValidityTue, 14 Nov 2023 00:00:00 GMT - Fri, 13 Dec 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9406), with no line terminators
Size
9.3 kB (9270 bytes)
Hash
defb9a3767dd29149113ad936cc421cb
4413847b3ee811cc644e012be8db5f02c1964d52
545d5230918bffd3499d9275cccb6f2854cf53518606f872191abe1b4115b067

HTTP Headers

GET /analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js HTTP/1.1
Host: cdn.segment.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cumulus.sherweb.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
date: Mon, 15 Apr 2024 15:05:40 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
x-amz-replication-status: COMPLETED
last-modified: Fri, 12 Apr 2024 21:39:45 GMT
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
x-amz-server-side-encryption: AES256
cache-control: public,max-age=31536000,immutable
x-amz-version-id: 1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: G1wolwOdaTKqKkeKAdmLKPRQ26AuHbSWrPcLTquj-ocCUt0AANGMUQ==
age: 1948156
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML