Report - coolber.s3.ap-southeast-2.amazonaws.com/control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use

Report Overview

Submitted URL
coolber.s3.ap-southeast-2.amazonaws.com/control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr
IP
52.95.131.26
ASN
#16509 AMAZON-02
Submitted
2024-04-25 08:38:33
Access
public
Website Title
Sign in
Final URL
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Tags
salesforce phishing suspicious
urlquery detections
Phishing - Salesforce
Suspicious - Anti-debugging code

Detections

urlquery
17
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
jupita.top	unknown	unknown	No data	No data	10 kB	207 kB	104.21.23.6
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	902 B	1.6 kB	216.58.211.4
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-25	404 B	88 kB	151.101.2.137
aadcdn.msauthimages.net	4795	2018-11-12	2019-08-14	2024-04-23	1.0 kB	262 kB	152.199.21.175
challenges.cloudflare.com	unknown	2009-02-17	2021-10-20	2024-04-24	2.3 kB	29 kB	104.17.2.184
jubvib.click	unknown	unknown	No data	No data	812 B	4.0 kB	13.237.218.132
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2024-04-24	860 B	118 kB	142.250.74.42
t3.gstatic.com	unknown	2008-02-11	2013-05-06	2024-04-24	1.5 kB	2.9 kB	142.250.74.132
coolber.s3.ap-southeast-2.amazonaws.com	unknown	unknown	No data	No data	587 B	3.8 kB	52.95.129.170

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.3.1.min.js	87 kB	2023-03-07	2024-05-04
Pretty URL code.jquery.com/jquery-3.3.1.min.js IP 151.101.2.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-05-04 22:21:17 Times Seen108573 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com	301 B	2023-05-11	2024-04-30
Pretty URL jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com IP 104.21.23.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-11 18:57:24 Last Seen2024-04-30 18:04:25 Times Seen159 Hash 939742c61acbd2c55bb5e16cb4edcdc6 ab1497df1ab67361babe365ebe575babe402f7a5 ecc6cc79bdcd7f556d563204271dbd309d4b9329c91c4e2ef55b761d0c61e3ea Loading...

	jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com	10 kB	2024-04-25	2024-04-25
Pretty URL jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com IP 104.21.23.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 10:38:39 Last Seen2024-04-25 10:38:39 Times Seen1 Hash 09c367ff0070b827ea78cad5431b8435 50396e458fc0af253a74ba1e99a44e64e4f91b30 0a4331199d5ee5c5d554179b8ec5613151d246fefc390898048f1f434bf2970f Loading...

	jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com	563 B	2023-03-14	2024-04-30
Pretty URL jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com IP 104.21.23.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-14 16:34:51 Last Seen2024-04-30 18:04:25 Times Seen177 Hash bc472d94ed4929d184d06e87d1ddb569 868d079185725391481193e70d6a954d0bf1220a 78920639ef323d552a33bf6dea6d45cd0a1765917fe6d8de5abff53a422412f0 Loading...

	jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com	9 B	2023-03-08	2024-04-30
Pretty URL jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com IP 104.21.23.6 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 09:16:08 Last Seen2024-04-30 14:19:15 Times Seen1127 Hash c9bbac13472694e895cef07d07c23e5e 7ccf44b9f613d82998db27a22bfc510c81f9cabb d4699713b7b777e5141253b2ca70e0b82451025f05058586064df17b3b2421ed Loading...

		Size	First Seen	Last Seen
	#1 Eval - 8fb9593a55319555975f7854676ad059	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:38:39 Last Seen2024-04-25 10:38:39 Times Seen1 Hash 8fb9593a55319555975f7854676ad059 31e60918619015a8f59305d6378ba656a024919f e457702da5c4defe817c0cf3f64f818e27574b840684b412e29747b35de3ec1a Loading...

	#2 Eval - 43c81e43a6e7d9140033055ff3e04983	62 B	2024-04-18	2024-04-29
Pretty Observations First Seen2024-04-18 21:08:51 Last Seen2024-04-29 16:17:50 Times Seen2736 Hash 43c81e43a6e7d9140033055ff3e04983 b0eca03913678cb38c488c7c79cc4f9d2755ea17 3f7ef931c657c4333a401c40e8b0b8d1ff3b164542af45e14242314c0ec39f34 Loading...

	#3 Eval - 9e925e9341b490bfd3b4c4ca3b0c1ef2	4 B	2023-03-07	2024-05-04
Pretty Observations First Seen2023-03-07 01:03:43 Last Seen2024-05-04 20:57:38 Times Seen351491 Hash 9e925e9341b490bfd3b4c4ca3b0c1ef2 c2543fff3bfa6f144c2f06a7de6cd10c0b650cae 1eb79602411ef02cf6fe117897015fff89f80face4eccd50425c45149b148408 Loading...

	#4 Eval - 39fa28cee66086adc70d1800a1816d3d	489 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:38:39 Last Seen2024-04-25 10:38:39 Times Seen1 Hash 39fa28cee66086adc70d1800a1816d3d 7135f6bd8b6584637324c329cd5e085e1055c9e4 867d6c521cf8251ddf7b718ac9b35c00ff0e7dcff0c674b7ee844b6bde582494 Loading...

	#5 Eval - 1271bdc55e8449a0ffed2c09ef3a6fc1	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:38:39 Last Seen2024-04-25 10:38:39 Times Seen1 Hash 1271bdc55e8449a0ffed2c09ef3a6fc1 bb25dbae03c8cb76812ba6dab4a1bc0af284311d 380bfdfff3093d729c569f101f8ced705cd220eb494a8cb747f1443f3d12b48d Loading...

	#6 Eval - b6854109fe18b27b3ee485a7c4c919d8	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:38:39 Last Seen2024-04-25 10:38:39 Times Seen1 Hash b6854109fe18b27b3ee485a7c4c919d8 505f23c551c3b20495d795de4ee6b65e361ca1f9 d5fc2f22c724bd7bef65531066a7706f52f31325df5471d7126c2af6bb122264 Loading...

	#7 Eval - 609814a713da52e22382691745f00fd5	28 B	2024-04-25	2024-04-25
Pretty Observations First Seen2024-04-25 10:38:39 Last Seen2024-04-25 10:38:39 Times Seen1 Hash 609814a713da52e22382691745f00fd5 054f44675f22091694fe38588a80a661021a01a2 047151bc9932ae50eceb92d29768a278491afcc5bec2b2edc2a93d57e74185f1 Loading...

HTTP Transactions (30)

URL IP Response Size

coolber.s3.ap-southeast-2.amazonaws.com/control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr

52.95.129.170

3.4 kB

URL
coolber.s3.ap-southeast-2.amazonaws.com/control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr
IP
52.95.129.170:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
3.4 kB (3404 bytes)
Hash
164aca923fe2a79fe5edf79f4bff0523
1a2c002adee3c47d66ea1de2660760982b26d06a
2da09c1594832e721b2806aa3cb4d4d3b80464e070506f676468896c671daf5e

HTTP Headers

GET /control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr HTTP/1.1
Host: coolber.s3.ap-southeast-2.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: woY8GfHjWqUlmj/R9njHN2iC0zLHjAiXuC+7cmIhxaDFgm8G8uNbdiQgqJQZtzUpF/re3kHS1/0=
x-amz-request-id: MR4NSPQNB8F2PWQ4
Date: Thu, 25 Apr 2024 08:38:08 GMT
Last-Modified: Wed, 24 Apr 2024 11:50:12 GMT
ETag: "164aca923fe2a79fe5edf79f4bff0523"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 3404

jubvib.click/

13.237.218.132

59 B

URL
jubvib.click/
IP
13.237.218.132:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
59 B (59 bytes)
Hash
f280f4c1a42e1c453a50a469bf74320f
ac362a3f43dfeff149e70a566322366d0f1e9343
d809eda212f0d0564e78c97d84e6e131776aac276f37f6ae7876b41334bdd481

HTTP Headers

GET / HTTP/1.1
Host: jubvib.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 08:38:11 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
X-Powered-By: PHP/7.4.30
Connection: keep-alive, Keep-Alive
Content-Length: 59
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8

jubvib.click/control_pushpz/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr

13.237.218.132

3.4 kB

URL
jubvib.click/control_pushpz/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
IP
13.237.218.132:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
3.4 kB (3403 bytes)
Hash
98f536bc223e59a8405f41715bb5b69c
12d9f2f2d0548969c0b687674a6d61b866b9fc40
6dc4d7c0238dc11eba35ef6dbcb05b65d2773b447ad075d65c76cf8c5b9c0569

HTTP Headers

GET /control_pushpz/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr HTTP/1.1
Host: jubvib.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 08:38:14 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
X-Powered-By: PHP/7.4.30
Connection: keep-alive, Keep-Alive
Content-Length: 3403
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8

challenges.cloudflare.com/turnstile/v0/api.js

104.17.2.184

0 B

URL
challenges.cloudflare.com/turnstile/v0/api.js
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Thu, 25 Apr 2024 08:38:15 GMT
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
location: /turnstile/v0/b/471dc2adc340/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d0407fcf256ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js

142.250.74.42

31 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (65447)
Size
31 kB (31191 bytes)
Hash
cf2fbbf84281d9ecbffb4993203d543b
832a6a4e86daf38b1975d705c5de5d9e5f5844bc
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

HTTP Headers

GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 Apr 2024 06:26:29 GMT
expires: Sun, 20 Apr 2025 06:26:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 439906
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

jupita.top/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.21.23.6

0 B

URL
jupita.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.21.23.6:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 25 Apr 2024 08:38:15 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RHUxf1eZv8IVc6YPAssSo60j%2BqaT0%2F2ZKTaTR0Scn6wwZ2jLYqNWit%2F4qAzlOfBI7xil5HZRRRDEMr9oEEgr8zo%2BUtefpLP9O7%2BFMTxSBaHsQdUrrdesK3aKaVJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04090c377129-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal

104.17.2.184

26 kB

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (41702)
Size
26 kB (25702 bytes)
Hash
acae11174d2ef7717418e59f9f070343
b98fa29a0bdc211f729854637b5d159d15096bfa
822d27218ec6ebef287d67342ce9560f11b58f26ebdf2fe3796cce5c58344543

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:15 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
referrer-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
vary: accept-encoding
server: cloudflare
cf-ray: 879d04092a03568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/cdn-cgi/challenge-platform/h/b/jsd/r/879d0405782c5696

104.21.23.6

0 B

URL
jupita.top/cdn-cgi/challenge-platform/h/b/jsd/r/879d0405782c5696
IP
104.21.23.6:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/879d0405782c5696 HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12321
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:15 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=3dxI15eROUHDysBI1jD6al2U00vIqNxmCqeDm0FxZvw-1714034295-1.0.1.1-MrjG0OEuYSjwhmFG.LZdmURPerydBuX01kReg0GE4w6k7TyiiEY.v7PU_ygq_zNT_lI3nnx9IJC.UI41wPqqnQ; path=/; expires=Fri, 25-Apr-25 08:38:15 GMT; domain=.jupita.top; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lbGYgzYNyVDZgCfq1s6BN8ifiCCPn5msBGaSLGak33WdDwry4Intdw%2FGBFA309c28%2BD7iXLCcl82RzFXKVZwIalCSDEw8nfjLuu27zFyimZKnhA6rAMFaFJxChvP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d040a1d2f7129-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879d04092a03568a/1714034295663/bbc86d7ed3d376a7e5df6cb6dde2b00dad18c92ca3409a0e2b9870c6af5d19e0/2uQi-S-_75n4vem

104.17.2.184

1 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879d04092a03568a/1714034295663/bbc86d7ed3d376a7e5df6cb6dde2b00dad18c92ca3409a0e2b9870c6af5d19e0/2uQi-S-_75n4vem
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
ff44570aca8241914870afbc310cdb85
58668e7669fd564d99db5d581fcdb6a5618440b5
6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/pat/879d04092a03568a/1714034295663/bbc86d7ed3d376a7e5df6cb6dde2b00dad18c92ca3409a0e2b9870c6af5d19e0/2uQi-S-_75n4vem HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 401 Unauthorized
date: Thu, 25 Apr 2024 08:38:16 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gu8htftPTdqfl32y23eKwDa0YySyjQJoOK5hwxq9dGeAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tILvIbX7T03an5d9stt3isA2tGMkso0CaDiuYcMavXRngABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 879d040eaedb568a-OSL
alt-svc: h3=":443"; ma=86400

challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879d04092a03568a/1714034295667/j09dmtCxoz2Lac2

104.17.2.184

61 B

URL
challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879d04092a03568a/1714034295667/j09dmtCxoz2Lac2
IP
104.17.2.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 93 x 56, 8-bit/color RGB, non-interlaced
Size
61 B (61 bytes)
Hash
e4d2d7d1f6c4af5964f239fc4f231d73
2a196974d7c106338ca686ef396124df57d7ab09
20b83ff6d72ce4eeab1bfe947387db4c273b010b7e1f0e2e702a18460f5032ca

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/i/879d04092a03568a/1714034295667/j09dmtCxoz2Lac2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:16 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879d04137b7e568a-OSL
alt-svc: h3=":443"; ma=86400

jupita.top/cdn-cgi/challenge-platform/h/b/rc/879d04092a03568a

104.21.23.6

21 B

URL
jupita.top/cdn-cgi/challenge-platform/h/b/rc/879d04092a03568a
IP
104.21.23.6:0
ASN
#13335 CLOUDFLARENET

File type
JSON text data
Size
21 B (21 bytes)
Hash
018598ff9794435b440d1bbf293cc10f
9129b0ca1a4febdf97636946a1fe7be8abf11890
898a24300baa285e173627eb7801c18db52748bb2119f56a71dcce0a5f8c8063

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/rc/879d04092a03568a HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Content-Type: application/json
Content-Length: 596
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=3dxI15eROUHDysBI1jD6al2U00vIqNxmCqeDm0FxZvw-1714034295-1.0.1.1-MrjG0OEuYSjwhmFG.LZdmURPerydBuX01kReg0GE4w6k7TyiiEY.v7PU_ygq_zNT_lI3nnx9IJC.UI41wPqqnQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:17 GMT
content-type: application/json
content-length: 21
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; path=/; expires=Fri, 25-Apr-25 08:38:17 GMT; domain=.jupita.top; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrq%2BGzLhjBuhc21Cbg4NHnJ5XypI45RS5EPbVkJDHyPHIuFbTEeAAhMPkgwj1TUeGeJMKESuO35SgdOeXjEPkedZLdxLNhbyfyQYBzvV1DMDUpZyD8AAN1LjpK2s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d04157f687129-OSL
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/functions/spinner.gif

104.21.23.6

46 kB

URL
jupita.top/_bahamas_delta/functions/spinner.gif
IP
104.21.23.6:0
ASN
#13335 CLOUDFLARENET

File type
GIF image data, version 89a, 48 x 48
Size
46 kB (46341 bytes)
Hash
bab0ad7ce20e911217791c00bcd4e35b
0822ac44951def4349090998b9ecb153128f03d5
bd750f550a5db2901c0bd52ec564da6adfbad55562b862b1f125d96d9d62b026

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/functions/spinner.gif HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:17 GMT
content-type: image/gif
content-length: 46341
last-modified: Wed, 07 Oct 2020 21:45:56 GMT
etag: "b505-5b11ba3eced00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4446
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F4HpkWa6%2F5NTfntw0DXtQmM8jPB0ckUHRJfsWEPZkNu06KFwUsBUhUW%2BWEJYEHl%2B2iZwt0xOReJBvBLJfxE2B%2BZQUV30YZ5g3P7qQiFOW0HFSzJrm9vqJ2IPeRCn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04193b317129-OSL
alt-svc: h3=":443"; ma=86400

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js

142.250.74.42

85 kB

URL
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js
IP
142.250.74.42:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text
Size
85 kB (85110 bytes)
Hash
2849239b95f5a9a2aea3f6ed9420bb88
af32f706407ab08f800c5e697cce92466e735847
1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 85110
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 11:15:16 GMT
expires: Wed, 23 Apr 2025 11:15:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 163381
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

jupita.top/_bahamas_delta/validate.php

104.21.23.6

560 B

URL
jupita.top/_bahamas_delta/validate.php
IP
104.21.23.6:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
560 B (560 bytes)
Hash
8f1b9e2b45d58ca204e27d996f11d95e
82cf7e13f043b3e1d8b6b4464e94e2ac3a49bfb6
22679a6a46326132738eef6dc20da5927a5a1dd7ec0cf592adee79c3936c11fb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

POST /_bahamas_delta/validate.php HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 560
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
access-control-allow-origin: *
set-cookie: captcha=1; expires=Thu, 25-Apr-2024 09:08:17 GMT; Max-Age=1800; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GapcCmm6OeKpM4rkwIpb4L5dSw4Ortf%2FyoSSmB1Ke236t8HRdfyrAJ1%2BV8s2AcMNXBB1SZWTMboGJV%2BrmQ6BNByGvoogJxlKhpk1b2Gp2RBAnugaxauL9jXGinsk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d0415af967129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.google.com/s2/favicons?domain=microsoft.com

216.58.211.4

333 B

URL
www.google.com/s2/favicons?domain=microsoft.com
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
333 B (333 bytes)
Hash
480cb4a7621d7dc6ea254da0e43fce19
5dd30b87cbf84d94464a89d3f0f14c3af9b307e3
d418e4f502eb350d0de121f8a9326b7f0108fbf26e7197d4557f1908b65eb28c

HTTP Headers

GET /s2/favicons?domain=microsoft.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 333
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:17 GMT
expires: Thu, 25 Apr 2024 09:08:17 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/s2/favicons?domain=microsoft.com

216.58.211.4

333 B

URL
www.google.com/s2/favicons?domain=microsoft.com
IP
216.58.211.4:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
333 B (333 bytes)
Hash
480cb4a7621d7dc6ea254da0e43fce19
5dd30b87cbf84d94464a89d3f0f14c3af9b307e3
d418e4f502eb350d0de121f8a9326b7f0108fbf26e7197d4557f1908b65eb28c

HTTP Headers

GET /s2/favicons?domain=microsoft.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 333
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:17 GMT
expires: Thu, 25 Apr 2024 09:08:17 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.132

123 B

URL
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:18 GMT
expires: Thu, 02 May 2024 08:38:18 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.132

123 B

URL
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:18 GMT
expires: Thu, 02 May 2024 08:38:18 GMT
cache-control: public, max-age=604800
age: 0
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16

142.250.74.132

123 B

URL
t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
123 B (123 bytes)
Hash
a8d52f25035a199583096202967555ed
fe806cc8ee0c09aa316b71455e776c023111a029
352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed

HTTP Headers

GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:18 GMT
expires: Thu, 02 May 2024 08:38:18 GMT
cache-control: public, max-age=604800
age: 0
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.3.1.min.js

151.101.2.137

200 OK

87 kB

URL GET HTTP/2
code.jquery.com/jquery-3.3.1.min.js
IP
151.101.2.137:443
ASN
#54113 FASTLY

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 08:38:19 GMT
age: 680755
x-served-by: cache-lga13622-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 1008, 9112
x-timer: S1714034300.823984,VS0,VE0
vary: Accept-Encoding
content-length: 86927
X-Firefox-Spdy: h2

aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/illustration?ts=638116536587632547

152.199.21.175

200 OK

257 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/illustration?ts=638116536587632547
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 141x141, segment length 16, baseline, precision 8, 1193x671, components 3
Size
257 kB (256712 bytes)
Hash
038390e8de0c1fbe6e10a8a33bd27e1a
ebbfa922c1d5fab094d0fa8471fd658ceb253f04
714000b576a3a131bc25504b8668ef448d946aad097c9db3fef0b1966a8d83ca

HTTP Headers

GET /dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/illustration?ts=638116536587632547 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 16959
cache-control: public, max-age=86400
content-md5: A4OQ6N4MH75uEKijO9J+Gg==
content-type: image/*
date: Thu, 25 Apr 2024 08:38:21 GMT
etag: 0x8DB0B9BF12F27C7
last-modified: Fri, 10 Feb 2023 19:20:59 GMT
server: ECAcc (ska/F6EE)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: b01d9fac-501e-002e-64c4-9611f5000000
x-ms-version: 2009-09-19
content-length: 256712
X-Firefox-Spdy: h2

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/bg.svg

104.21.23.6

200 OK

4.4 kB

URL GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/bg.svg
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
SVG Scalable Vector Graphics image
Size
4.4 kB (4362 bytes)
Hash
c516b69c14041daab1281ac4862f2376
33dbd067b9ce4bff77d03faad6eee4c3cad15300
ab6f4a25d28385487044994ba47455445477b32730bddf55cd0796068418d20e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/bg.svg HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Apr 2023 00:35:58 GMT
etag: W/"a74-5f863be143780"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5L90%2B5FthD80M2HEZFG6LhexpNf39%2BbJgnGLB%2F%2ByQCIGB%2B4X7varqOv%2FG7MXkCCeGI1U5ZT8nge0k63sL1%2FtD1r62J94bHpu1BUcyPxa7hNO%2Fld5jpA0YlTCuDp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d042969587129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd

104.21.23.6

200 OK

3.9 kB

URL GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
SVG Scalable Vector Graphics image
Size
3.9 kB (3883 bytes)
Hash
1eeb2b3bd1532486fef7bda3b39a4ef3
4c8d15ef39cd5ea9eda8cc705e18b58b118b5983
ce7f47b4aa1d6a5de89edcf4bc1ee890976a5dc9116f1acc1f92c47ee42ec308

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Sun, 02 Apr 2023 23:26:02 GMT
etag: W/"f2b-5f862c3fa5680"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F3hOeQQ78%2Fe%2FfIINJ0TM5Vaj6jam6%2B%2BjB3JfWR3OhmSz0%2FINYiBbfqiFyhb97gBscDPo%2F8Gn09l5vlCk6jP9CVybTdj7K41wwL3JUbzSKL%2BfgrBYl%2F8%2FebzaQ0%2B7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04257df37129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/css/style3.css

104.21.23.6

200 OK

93 kB

URL GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/css/style3.css
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
93 kB (92928 bytes)
Hash
bad8de214e3ae986da16d85c0d66ff0b
36f7213ed5a1be28f92b23aab7d80b9219d48abf
6bdc8c185127736e5944fdee2d4e291585742eecdc9305c9149491f4dc9782c3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/css/style3.css HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: text/css
last-modified: Mon, 03 Apr 2023 11:58:26 GMT
etag: W/"16b00-5f86d46c51c80"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RwBAWsaoOwXcyWlsv%2F%2FOpfk%2BeQ8RQhU2hMOSRcgMBQHPQ%2BhDK8L%2FPc0nWY9L%2F1V2UVAmqf1rfpTl7xDpbJjuA0pwvmyUTRlTsbdT7nzSxL4910oVLWXFhaidEjfw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04256dec7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com

104.21.23.6

200 OK

30 kB

URL User Request GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type

Size
30 kB (30457 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce
urlquery	suspicious	Suspicious - Anti-debugging code

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/index.php?login=dGVzdEBtaWNyb3NvZnQuY29t&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FruUmB0HUK7JSk4BJvHRoapDTpC5%2FhhE6jVFZrjmXTkiGg9WqAUmjrsJXWj28NUl7MuFdYEchdGODxNeZn4La4ylRehV3GlpoeytEFWHmpGjaQvgCqfghZQsvLQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d04247d427129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/bannerlogo?ts=636783560697171089

152.199.21.175

200 OK

3.7 kB

URL GET HTTP/2
aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/bannerlogo?ts=636783560697171089
IP
152.199.21.175:443
ASN
#15133 EDGECAST

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerMicrosoft Corporation
Subjectaadcdn.msauthimages.net
Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5
ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT

File type
PNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced
Size
3.7 kB (3666 bytes)
Hash
c9f31e87400c46f9f8fb580602328c72
4b538ca736fb2a88a89214ad5eb0b2b80640b5ab
dde1acefe23281e3715bdee565cf1fd7064370d4bb751ab92c4add7d42932bbe

HTTP Headers

GET /dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/bannerlogo?ts=636783560697171089 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 16959
cache-control: public, max-age=86400
content-md5: yfMeh0AMRvn4+1gGAjKMcg==
content-type: image/*
date: Thu, 25 Apr 2024 08:38:21 GMT
etag: 0x8D64F464E9A2738
last-modified: Wed, 21 Nov 2018 00:14:30 GMT
server: ECAcc (ska/F7AF)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: edfedb51-b01e-0054-2dc4-960cb5000000
x-ms-version: 2009-09-19
content-length: 3666
X-Firefox-Spdy: h2

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/e.svg

104.21.23.6

200 OK

658 B

URL GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/e.svg
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
SVG Scalable Vector Graphics image
Size
658 B (658 bytes)
Hash
5512c36b917618e29d6779aa7a02482b
716086d2426d2827f3f6dde293f2083be0e46f2b
7e63befe8a8cb0c4844541a04b09a7961a9274caef49d2421b1907eddaf6ea3c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/e.svg HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Apr 2023 12:13:10 GMT
etag: W/"292-5f86d7b75e180"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUI3XQqnG7jevKn0mvCKc6wIH%2B974RVQKrAKsLk%2BqUQQlLg7Y6N%2F8qf1y%2BvLWP%2F29UiEco%2BUvYZ1mbDSMP9ZseJarmV%2FgctXQfLL7XfC6C8NZjk9qRy0NtZY7%2BV7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04257df87129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/sig-op.svg

104.21.23.6

200 OK

1.8 kB

URL GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/sig-op.svg
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
SVG Scalable Vector Graphics image
Size
1.8 kB (1795 bytes)
Hash
2218bf5514a1fd715777856949e8ae27
bfa5d6a869674d3562a5a398a596e41a3b5da6e3
22303811730e0863e57e3b2c6e6254d79da3befaf2812e39fc4da988f835b932

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/sig-op.svg HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Sun, 02 Apr 2023 15:30:04 GMT
etag: W/"703-5f85c1dc9d700"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fd0E7Ux9RAj0hxp9kE9%2BZzlf1zsKgVuuH8sulVbvbj3qSuNIR%2Bwclymtx4p4kdhzRuxdKHG%2BDXHMitaN5fQDW60PMt4tAj6rpteFoLrhIg6Pj8xD0qSC7jfHqLLe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04257df97129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/process.php

104.21.23.6

200 OK

340 B

URL POST HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/process.php
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (364), with no line terminators
Size
340 B (340 bytes)
Hash
e3d255df60f48562995146814b89dceb
bcabf238c731dfd4a95330e322dbebf3b89308c2
aeb00603d8d73e60f416a6309b61b5d6d5f614d1afa620a40efea077a141339b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

POST /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/process.php HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=600Ezd2OUTZZjr%2F8uI32m8snMQFYx1KWqFolMlY6Qd3BTCUSjdF%2Fcs7hGbPvHv4vn7Wr%2BX033LJ8IXN5Ik3tucngqaOpiv%2FHCPDNSvJE24qMedP50yQD1NMJZYe9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d042959507129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/fi.ico

104.21.23.6

200 OK

17 kB

URL GET HTTP/3
jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/fi.ico
IP
104.21.23.6:443
ASN
#13335 CLOUDFLARENET

Requested by
https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Certificate
IssuerLet's Encrypt
Subjectjupita.top
Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D
ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT

File type
MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Size
17 kB (17174 bytes)
Hash
12e3dac858061d088023b2bd48e2fa96
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/fi.ico HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/x-icon
last-modified: Wed, 25 Jan 2023 23:48:40 GMT
etag: W/"4316-5f31f458da600"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dVabj4pTWtz%2FKmxFVJsYOKV4yQhPoXupoKTvKQ%2F8nMzBGyt18iY3NtuoigTItUsTkiTCLZX%2Fm1co4mWWPPRMtdlhSL6yYenEsAlVtlC7y38NHdAf9TIw1gq8SSXd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d042afaed7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (30)

URL

IP

ASN

File type