| coolber.s3.ap-southeast-2.amazonaws.com/control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr | 52.95.129.170 | | 3.4 kB |
URL coolber.s3.ap-southeast-2.amazonaws.com/control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr IP52.95.129.170:0
File typeHTML document, ASCII text, with CRLF line terminators Hash164aca923fe2a79fe5edf79f4bff0523 1a2c002adee3c47d66ea1de2660760982b26d06a 2da09c1594832e721b2806aa3cb4d4d3b80464e070506f676468896c671daf5e
GET /control_pushpz.html?login=test@microsoft.com&pcnt=3&no_redrct=no_redrct&use_cdtimr=use_cdtimr HTTP/1.1
Host: coolber.s3.ap-southeast-2.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: woY8GfHjWqUlmj/R9njHN2iC0zLHjAiXuC+7cmIhxaDFgm8G8uNbdiQgqJQZtzUpF/re3kHS1/0=
x-amz-request-id: MR4NSPQNB8F2PWQ4
Date: Thu, 25 Apr 2024 08:38:08 GMT
Last-Modified: Wed, 24 Apr 2024 11:50:12 GMT
ETag: "164aca923fe2a79fe5edf79f4bff0523"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/html
Server: AmazonS3
Content-Length: 3404
|
|
| jubvib.click/ | 13.237.218.132 | | 59 B |
IP13.237.218.132:0
File typeHTML document, ASCII text, with CRLF line terminators Hashf280f4c1a42e1c453a50a469bf74320f ac362a3f43dfeff149e70a566322366d0f1e9343 d809eda212f0d0564e78c97d84e6e131776aac276f37f6ae7876b41334bdd481
GET / HTTP/1.1
Host: jubvib.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 08:38:11 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
X-Powered-By: PHP/7.4.30
Connection: keep-alive, Keep-Alive
Content-Length: 59
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
|
|
| jubvib.click/control_pushpz/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr | 13.237.218.132 | | 3.4 kB |
URL jubvib.click/control_pushpz/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr IP13.237.218.132:0
File typeHTML document, ASCII text, with CRLF line terminators Hash98f536bc223e59a8405f41715bb5b69c 12d9f2f2d0548969c0b687674a6d61b866b9fc40 6dc4d7c0238dc11eba35ef6dbcb05b65d2773b447ad075d65c76cf8c5b9c0569
GET /control_pushpz/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr HTTP/1.1
Host: jubvib.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Thu, 25 Apr 2024 08:38:14 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
X-Powered-By: PHP/7.4.30
Connection: keep-alive, Keep-Alive
Content-Length: 3403
Keep-Alive: timeout=5, max=100
Content-Type: text/html; charset=UTF-8
|
|
| challenges.cloudflare.com/turnstile/v0/api.js | 104.17.2.184 | | 0 B |
URL challenges.cloudflare.com/turnstile/v0/api.js IP104.17.2.184:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /turnstile/v0/api.js HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Thu, 25 Apr 2024 08:38:15 GMT
content-length: 0
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: max-age=300, public
location: /turnstile/v0/b/471dc2adc340/api.js
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d0407fcf256ba-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js | 142.250.74.42 | | 31 kB |
URL ajax.googleapis.com/ajax/libs/jquery/3.6.3/jquery.min.js IP142.250.74.42:0
File typeJavaScript source, ASCII text, with very long lines (65447) Hashcf2fbbf84281d9ecbffb4993203d543b 832a6a4e86daf38b1975d705c5de5d9e5f5844bc a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
GET /ajax/libs/jquery/3.6.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31191
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 20 Apr 2024 06:26:29 GMT
expires: Sun, 20 Apr 2025 06:26:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Wed, 11 Jan 2023 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 439906
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| jupita.top/cdn-cgi/challenge-platform/scripts/jsd/main.js | 104.21.23.6 | | 0 B |
URL jupita.top/cdn-cgi/challenge-platform/scripts/jsd/main.js IP104.21.23.6:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
date: Thu, 25 Apr 2024 08:38:15 GMT
content-length: 0
access-control-allow-origin: *
cache-control: max-age=300, public
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8RHUxf1eZv8IVc6YPAssSo60j%2BqaT0%2F2ZKTaTR0Scn6wwZ2jLYqNWit%2F4qAzlOfBI7xil5HZRRRDEMr9oEEgr8zo%2BUtefpLP9O7%2BFMTxSBaHsQdUrrdesK3aKaVJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04090c377129-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal | 104.17.2.184 | | 26 kB |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal IP104.17.2.184:0
File typeHTML document, ASCII text, with very long lines (41702) Hashacae11174d2ef7717418e59f9f070343 b98fa29a0bdc211f729854637b5d159d15096bfa 822d27218ec6ebef287d67342ce9560f11b58f26ebdf2fe3796cce5c58344543
GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:15 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
content-security-policy: frame-src https://challenges.cloudflare.com/ blob:; base-uri 'self'
referrer-policy: same-origin
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
document-policy: js-profiling
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cross-origin-opener-policy: same-origin
origin-agent-cluster: ?1
vary: accept-encoding
server: cloudflare
cf-ray: 879d04092a03568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/cdn-cgi/challenge-platform/h/b/jsd/r/879d0405782c5696 | 104.21.23.6 | | 0 B |
URL jupita.top/cdn-cgi/challenge-platform/h/b/jsd/r/879d0405782c5696 IP104.21.23.6:0
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
POST /cdn-cgi/challenge-platform/h/b/jsd/r/879d0405782c5696 HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12321
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:15 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=3dxI15eROUHDysBI1jD6al2U00vIqNxmCqeDm0FxZvw-1714034295-1.0.1.1-MrjG0OEuYSjwhmFG.LZdmURPerydBuX01kReg0GE4w6k7TyiiEY.v7PU_ygq_zNT_lI3nnx9IJC.UI41wPqqnQ; path=/; expires=Fri, 25-Apr-25 08:38:15 GMT; domain=.jupita.top; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lbGYgzYNyVDZgCfq1s6BN8ifiCCPn5msBGaSLGak33WdDwry4Intdw%2FGBFA309c28%2BD7iXLCcl82RzFXKVZwIalCSDEw8nfjLuu27zFyimZKnhA6rAMFaFJxChvP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d040a1d2f7129-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879d04092a03568a/1714034295663/bbc86d7ed3d376a7e5df6cb6dde2b00dad18c92ca3409a0e2b9870c6af5d19e0/2uQi-S-_75n4vem | 104.17.2.184 | | 1 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/879d04092a03568a/1714034295663/bbc86d7ed3d376a7e5df6cb6dde2b00dad18c92ca3409a0e2b9870c6af5d19e0/2uQi-S-_75n4vem IP104.17.2.184:0
File typevery short file (no magic) Hashff44570aca8241914870afbc310cdb85 58668e7669fd564d99db5d581fcdb6a5618440b5 6da43b944e494e885e69af021f93c6d9331c78aa228084711429160a5bbd15b5
GET /cdn-cgi/challenge-platform/h/b/pat/879d04092a03568a/1714034295663/bbc86d7ed3d376a7e5df6cb6dde2b00dad18c92ca3409a0e2b9870c6af5d19e0/2uQi-S-_75n4vem HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 401 Unauthorized
date: Thu, 25 Apr 2024 08:38:16 GMT
content-type: text/plain; charset=UTF-8
content-length: 1
www-authenticate: PrivateToken challenge="AAIAGXBhdC1pc3N1ZXIuY2xvdWRmbGFyZS5jb20gu8htftPTdqfl32y23eKwDa0YySyjQJoOK5hwxq9dGeAAGWNoYWxsZW5nZXMuY2xvdWRmbGFyZS5jb20=", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEApc5PUXcXSrXwpeNe3kT6EaAJPDsPBMfFZc7M608yW3JV6YSHiGBLoFiLtNHD3Yj8UsOtWbQeFa2uvS_dYz5MBsoSW4-RbOY-WCB2aGEB-eoRbXl4lJRl0UNGi00lNBgNTil_mTTSNV3ssSkmSY8kwM-5GqBNfJ2kmJPKo02MWiXn1pwc4YXbeATUrYDRvvXUXYZrgaarjDyvHFhnYpD3mqr5qOj_TS_1SCUZ0HIp8ywDX06Xc59cKjzFHEUzD3gWutoK4apMxNt9bWWxcH3D_UL1a1llCxh-knMwTxgvRXS-XHap_ymO2zCuAPNgo1SDCTl4lTQZbVX7VvpDZwMaiQIDAQAB", max-age=20, PrivateToken challenge="AAIALHBwLWlzc3Vlci1wcm9kdWN0aW9uLnJlc2VhcmNoLmNsb3VkZmxhcmUuY29tILvIbX7T03an5d9stt3isA2tGMkso0CaDiuYcMavXRngABljaGFsbGVuZ2VzLmNsb3VkZmxhcmUuY29t", token-key="MIIBUjA9BgkqhkiG9w0BAQowMKANMAsGCWCGSAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiAwIBMAOCAQ8AMIIBCgKCAQEA1FEYykHcK8H9rb_u0aFz3CmWgYloQw4YhedoEOAjJ0vy2Axa4f9UG9Dzs4uXS34_h8l6MDo2nRCvLI9lvebilMnTjCn-6D77bewqYxJKUFZW1z2jBIdu03TrETczfEg7kxgKtJE9NXGDjYJcF_iMgzgNA0PEAVM89tUYXXlFy4cUAGlqU2mPpIEOxm5ARsXC-zlLK60fkJ4cOsZRkZa6EExdhmgdwQ0fEJuSOHrBO_-zJn4hUP8q9g4yqkxW2UrfJgD07F4HaHGBEiei06sGDvH2NEPvswEl5dTGxutNrxlU7W24iYhNa2nhjlc53nNb0mKtszv-czVE9UhXyJ7-RQIDAQAB", max-age=20
server: cloudflare
cf-ray: 879d040eaedb568a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879d04092a03568a/1714034295667/j09dmtCxoz2Lac2 | 104.17.2.184 | | 61 B |
URL challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/879d04092a03568a/1714034295667/j09dmtCxoz2Lac2 IP104.17.2.184:0
File typePNG image data, 93 x 56, 8-bit/color RGB, non-interlaced Hashe4d2d7d1f6c4af5964f239fc4f231d73 2a196974d7c106338ca686ef396124df57d7ab09 20b83ff6d72ce4eeab1bfe947387db4c273b010b7e1f0e2e702a18460f5032ca
GET /cdn-cgi/challenge-platform/h/b/i/879d04092a03568a/1714034295667/j09dmtCxoz2Lac2 HTTP/1.1
Host: challenges.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/ik61n/0x4AAAAAAAXjXiXiV7KvBpAv/auto/normal
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:16 GMT
content-type: image/png
content-length: 61
server: cloudflare
cf-ray: 879d04137b7e568a-OSL
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/cdn-cgi/challenge-platform/h/b/rc/879d04092a03568a | 104.21.23.6 | | 21 B |
URL jupita.top/cdn-cgi/challenge-platform/h/b/rc/879d04092a03568a IP104.21.23.6:0
Hash018598ff9794435b440d1bbf293cc10f 9129b0ca1a4febdf97636946a1fe7be8abf11890 898a24300baa285e173627eb7801c18db52748bb2119f56a71dcce0a5f8c8063
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
POST /cdn-cgi/challenge-platform/h/b/rc/879d04092a03568a HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Content-Type: application/json
Content-Length: 596
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=3dxI15eROUHDysBI1jD6al2U00vIqNxmCqeDm0FxZvw-1714034295-1.0.1.1-MrjG0OEuYSjwhmFG.LZdmURPerydBuX01kReg0GE4w6k7TyiiEY.v7PU_ygq_zNT_lI3nnx9IJC.UI41wPqqnQ
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:17 GMT
content-type: application/json
content-length: 21
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
set-cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; path=/; expires=Fri, 25-Apr-25 08:38:17 GMT; domain=.jupita.top; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rrq%2BGzLhjBuhc21Cbg4NHnJ5XypI45RS5EPbVkJDHyPHIuFbTEeAAhMPkgwj1TUeGeJMKESuO35SgdOeXjEPkedZLdxLNhbyfyQYBzvV1DMDUpZyD8AAN1LjpK2s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d04157f687129-OSL
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/functions/spinner.gif | 104.21.23.6 | | 46 kB |
URL jupita.top/_bahamas_delta/functions/spinner.gif IP104.21.23.6:0
File typeGIF image data, version 89a, 48 x 48 Hashbab0ad7ce20e911217791c00bcd4e35b 0822ac44951def4349090998b9ecb153128f03d5 bd750f550a5db2901c0bd52ec564da6adfbad55562b862b1f125d96d9d62b026
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/functions/spinner.gif HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:17 GMT
content-type: image/gif
content-length: 46341
last-modified: Wed, 07 Oct 2020 21:45:56 GMT
etag: "b505-5b11ba3eced00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4446
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F4HpkWa6%2F5NTfntw0DXtQmM8jPB0ckUHRJfsWEPZkNu06KFwUsBUhUW%2BWEJYEHl%2B2iZwt0xOReJBvBLJfxE2B%2BZQUV30YZ5g3P7qQiFOW0HFSzJrm9vqJ2IPeRCn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04193b317129-OSL
alt-svc: h3=":443"; ma=86400
|
|
| ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js | 142.250.74.42 | | 85 kB |
URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.js IP142.250.74.42:0
File typeJavaScript source, ASCII text Hash2849239b95f5a9a2aea3f6ed9420bb88 af32f706407ab08f800c5e697cce92466e735847 1fe2bb5390a75e5d61e72c107cab528fc3c29a837d69aab7d200e1dbb5dcd239
GET /ajax/libs/jquery/3.6.0/jquery.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 85110
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 11:15:16 GMT
expires: Wed, 23 Apr 2025 11:15:16 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 163381
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
|
| jupita.top/_bahamas_delta/validate.php | 104.21.23.6 | | 560 B |
URL jupita.top/_bahamas_delta/validate.php IP104.21.23.6:0
Hash8f1b9e2b45d58ca204e27d996f11d95e 82cf7e13f043b3e1d8b6b4464e94e2ac3a49bfb6 22679a6a46326132738eef6dc20da5927a5a1dd7ec0cf592adee79c3936c11fb
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
POST /_bahamas_delta/validate.php HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 560
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/?login=test@microsoft.com&page=null&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null&vcnt=null&use_cdtimr=use_cdtimr
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
access-control-allow-origin: *
set-cookie: captcha=1; expires=Thu, 25-Apr-2024 09:08:17 GMT; Max-Age=1800; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GapcCmm6OeKpM4rkwIpb4L5dSw4Ortf%2FyoSSmB1Ke236t8HRdfyrAJ1%2BV8s2AcMNXBB1SZWTMboGJV%2BrmQ6BNByGvoogJxlKhpk1b2Gp2RBAnugaxauL9jXGinsk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d0415af967129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| www.google.com/s2/favicons?domain=microsoft.com | 216.58.211.4 | | 333 B |
URL www.google.com/s2/favicons?domain=microsoft.com IP216.58.211.4:0
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash480cb4a7621d7dc6ea254da0e43fce19 5dd30b87cbf84d94464a89d3f0f14c3af9b307e3 d418e4f502eb350d0de121f8a9326b7f0108fbf26e7197d4557f1908b65eb28c
GET /s2/favicons?domain=microsoft.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 333
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:17 GMT
expires: Thu, 25 Apr 2024 09:08:17 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| www.google.com/s2/favicons?domain=microsoft.com | 216.58.211.4 | | 333 B |
URL www.google.com/s2/favicons?domain=microsoft.com IP216.58.211.4:0
File typeHTML document, ASCII text, with CRLF, LF line terminators Hash480cb4a7621d7dc6ea254da0e43fce19 5dd30b87cbf84d94464a89d3f0f14c3af9b307e3 d418e4f502eb350d0de121f8a9326b7f0108fbf26e7197d4557f1908b65eb28c
GET /s2/favicons?domain=microsoft.com HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 301 Moved Permanently
location: https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16
x-content-type-options: nosniff
server: sffe
content-length: 333
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:17 GMT
expires: Thu, 25 Apr 2024 09:08:17 GMT
cache-control: public, max-age=1800
content-type: text/html; charset=UTF-8
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 | 142.250.74.132 | | 123 B |
URL t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 IP142.250.74.132:0
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hasha8d52f25035a199583096202967555ed fe806cc8ee0c09aa316b71455e776c023111a029 352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:18 GMT
expires: Thu, 02 May 2024 08:38:18 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 | 142.250.74.132 | | 123 B |
URL t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 IP142.250.74.132:0
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hasha8d52f25035a199583096202967555ed fe806cc8ee0c09aa316b71455e776c023111a029 352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:18 GMT
expires: Thu, 02 May 2024 08:38:18 GMT
cache-control: public, max-age=604800
age: 0
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 | 142.250.74.132 | | 123 B |
URL t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 IP142.250.74.132:0
File typePNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced Hasha8d52f25035a199583096202967555ed fe806cc8ee0c09aa316b71455e776c023111a029 352a123b5fc60b04834709b12bd417da8aec2c4319e6486c31f6826e9e591eed
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://microsoft.com&size=16 HTTP/1.1
Host: t3.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jupita.top/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://www.microsoft.com/favicon.ico?v2
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 123
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 25 Apr 2024 08:38:18 GMT
expires: Thu, 02 May 2024 08:38:18 GMT
cache-control: public, max-age=604800
age: 0
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| code.jquery.com/jquery-3.3.1.min.js | 151.101.2.137 | 200 OK | 87 kB |
URL GET HTTP/2code.jquery.com/jquery-3.3.1.min.js IP151.101.2.137:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerSectigo Limited Subject*.jquery.com FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT
File typeJavaScript source, ASCII text, with very long lines (65451) Hasha09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
GET /jquery-3.3.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: "28feccc0-1538f"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 25 Apr 2024 08:38:19 GMT
age: 680755
x-served-by: cache-lga13622-LGA, cache-hel1410028-HEL
x-cache: HIT, HIT
x-cache-hits: 1008, 9112
x-timer: S1714034300.823984,VS0,VE0
vary: Accept-Encoding
content-length: 86927
X-Firefox-Spdy: h2
|
|
| aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/illustration?ts=638116536587632547 | 152.199.21.175 | 200 OK | 257 kB |
URL GET HTTP/2aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/illustration?ts=638116536587632547 IP152.199.21.175:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerMicrosoft Corporation Subjectaadcdn.msauthimages.net Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5 ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT
File typeJPEG image data, JFIF standard 1.01, resolution (DPI), density 141x141, segment length 16, baseline, precision 8, 1193x671, components 3 Size257 kB (256712 bytes) Hash038390e8de0c1fbe6e10a8a33bd27e1a ebbfa922c1d5fab094d0fa8471fd658ceb253f04 714000b576a3a131bc25504b8668ef448d946aad097c9db3fef0b1966a8d83ca
GET /dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/illustration?ts=638116536587632547 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 16959
cache-control: public, max-age=86400
content-md5: A4OQ6N4MH75uEKijO9J+Gg==
content-type: image/*
date: Thu, 25 Apr 2024 08:38:21 GMT
etag: 0x8DB0B9BF12F27C7
last-modified: Fri, 10 Feb 2023 19:20:59 GMT
server: ECAcc (ska/F6EE)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: b01d9fac-501e-002e-64c4-9611f5000000
x-ms-version: 2009-09-19
content-length: 256712
X-Firefox-Spdy: h2
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/bg.svg | 104.21.23.6 | 200 OK | 4.4 kB |
URL GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/bg.svg IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typeSVG Scalable Vector Graphics image Hashc516b69c14041daab1281ac4862f2376 33dbd067b9ce4bff77d03faad6eee4c3cad15300 ab6f4a25d28385487044994ba47455445477b32730bddf55cd0796068418d20e
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/bg.svg HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Apr 2023 00:35:58 GMT
etag: W/"a74-5f863be143780"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P5L90%2B5FthD80M2HEZFG6LhexpNf39%2BbJgnGLB%2F%2ByQCIGB%2B4X7varqOv%2FG7MXkCCeGI1U5ZT8nge0k63sL1%2FtD1r62J94bHpu1BUcyPxa7hNO%2Fld5jpA0YlTCuDp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d042969587129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd | 104.21.23.6 | 200 OK | 3.9 kB |
URL GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typeSVG Scalable Vector Graphics image Hash1eeb2b3bd1532486fef7bda3b39a4ef3 4c8d15ef39cd5ea9eda8cc705e18b58b118b5983 ce7f47b4aa1d6a5de89edcf4bc1ee890976a5dc9116f1acc1f92c47ee42ec308
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/lg.svg?x=ee5c8d9fb6248c938fd0dc19370e90bd HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Sun, 02 Apr 2023 23:26:02 GMT
etag: W/"f2b-5f862c3fa5680"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F3hOeQQ78%2Fe%2FfIINJ0TM5Vaj6jam6%2B%2BjB3JfWR3OhmSz0%2FINYiBbfqiFyhb97gBscDPo%2F8Gn09l5vlCk6jP9CVybTdj7K41wwL3JUbzSKL%2BfgrBYl%2F8%2FebzaQ0%2B7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04257df37129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/css/style3.css | 104.21.23.6 | 200 OK | 93 kB |
URL GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/css/style3.css IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typeASCII text, with very long lines (65536), with no line terminators Hashbad8de214e3ae986da16d85c0d66ff0b 36f7213ed5a1be28f92b23aab7d80b9219d48abf 6bdc8c185127736e5944fdee2d4e291585742eecdc9305c9149491f4dc9782c3
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/css/style3.css HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: text/css
last-modified: Mon, 03 Apr 2023 11:58:26 GMT
etag: W/"16b00-5f86d46c51c80"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RwBAWsaoOwXcyWlsv%2F%2FOpfk%2BeQ8RQhU2hMOSRcgMBQHPQ%2BhDK8L%2FPc0nWY9L%2F1V2UVAmqf1rfpTl7xDpbJjuA0pwvmyUTRlTsbdT7nzSxL4910oVLWXFhaidEjfw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04256dec7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com | 104.21.23.6 | 200 OK | 30 kB |
URL User Request GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com IP104.21.23.6:443
CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
Hashd41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce | urlquery | suspicious | Suspicious - Anti-debugging code |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/index.php?login=dGVzdEBtaWNyb3NvZnQuY29t&request_type=null&page_bg=null&no_redrct=no_redrct&pcnt=3&no_psplash=null&pmax=null
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:19 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3FruUmB0HUK7JSk4BJvHRoapDTpC5%2FhhE6jVFZrjmXTkiGg9WqAUmjrsJXWj28NUl7MuFdYEchdGODxNeZn4La4ylRehV3GlpoeytEFWHmpGjaQvgCqfghZQsvLQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d04247d427129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/bannerlogo?ts=636783560697171089 | 152.199.21.175 | 200 OK | 3.7 kB |
URL GET HTTP/2aadcdn.msauthimages.net/dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/bannerlogo?ts=636783560697171089 IP152.199.21.175:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerMicrosoft Corporation Subjectaadcdn.msauthimages.net Fingerprint3B:14:C7:84:64:65:A8:46:3C:B4:7E:B7:F2:A1:AF:6B:8F:EF:17:E5 ValidityThu, 11 Jan 2024 12:14:02 GMT - Sun, 05 Jan 2025 12:14:02 GMT
File typePNG image data, 280 x 60, 8-bit/color RGBA, non-interlaced Hashc9f31e87400c46f9f8fb580602328c72 4b538ca736fb2a88a89214ad5eb0b2b80640b5ab dde1acefe23281e3715bdee565cf1fd7064370d4bb751ab92c4add7d42932bbe
GET /dbd5a2dd-n2kxueriy-dm8fhyf0anvulmvhi3kdbkkxqluuekyfc/logintenantbranding/0/bannerlogo?ts=636783560697171089 HTTP/1.1
Host: aadcdn.msauthimages.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
age: 16959
cache-control: public, max-age=86400
content-md5: yfMeh0AMRvn4+1gGAjKMcg==
content-type: image/*
date: Thu, 25 Apr 2024 08:38:21 GMT
etag: 0x8D64F464E9A2738
last-modified: Wed, 21 Nov 2018 00:14:30 GMT
server: ECAcc (ska/F7AF)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: edfedb51-b01e-0054-2dc4-960cb5000000
x-ms-version: 2009-09-19
content-length: 3666
X-Firefox-Spdy: h2
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/e.svg | 104.21.23.6 | 200 OK | 658 B |
URL GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/e.svg IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typeSVG Scalable Vector Graphics image Hash5512c36b917618e29d6779aa7a02482b 716086d2426d2827f3f6dde293f2083be0e46f2b 7e63befe8a8cb0c4844541a04b09a7961a9274caef49d2421b1907eddaf6ea3c
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/e.svg HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Mon, 03 Apr 2023 12:13:10 GMT
etag: W/"292-5f86d7b75e180"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BUI3XQqnG7jevKn0mvCKc6wIH%2B974RVQKrAKsLk%2BqUQQlLg7Y6N%2F8qf1y%2BvLWP%2F29UiEco%2BUvYZ1mbDSMP9ZseJarmV%2FgctXQfLL7XfC6C8NZjk9qRy0NtZY7%2BV7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04257df87129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/sig-op.svg | 104.21.23.6 | 200 OK | 1.8 kB |
URL GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/sig-op.svg IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typeSVG Scalable Vector Graphics image Hash2218bf5514a1fd715777856949e8ae27 bfa5d6a869674d3562a5a398a596e41a3b5da6e3 22303811730e0863e57e3b2c6e6254d79da3befaf2812e39fc4da988f835b932
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/sig-op.svg HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/svg+xml
last-modified: Sun, 02 Apr 2023 15:30:04 GMT
etag: W/"703-5f85c1dc9d700"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fd0E7Ux9RAj0hxp9kE9%2BZzlf1zsKgVuuH8sulVbvbj3qSuNIR%2Bwclymtx4p4kdhzRuxdKHG%2BDXHMitaN5fQDW60PMt4tAj6rpteFoLrhIg6Pj8xD0qSC7jfHqLLe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d04257df97129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/process.php | 104.21.23.6 | 200 OK | 340 B |
URL POST HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/process.php IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typetroff or preprocessor input, ASCII text, with very long lines (364), with no line terminators Hashe3d255df60f48562995146814b89dceb bcabf238c731dfd4a95330e322dbebf3b89308c2 aeb00603d8d73e60f416a6309b61b5d6d5f614d1afa620a40efea077a141339b
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
POST /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/process.php HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 33
Origin: https://jupita.top
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.30
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=600Ezd2OUTZZjr%2F8uI32m8snMQFYx1KWqFolMlY6Qd3BTCUSjdF%2Fcs7hGbPvHv4vn7Wr%2BX033LJ8IXN5Ik3tucngqaOpiv%2FHCPDNSvJE24qMedP50yQD1NMJZYe9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 879d042959507129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/fi.ico | 104.21.23.6 | 200 OK | 17 kB |
URL GET HTTP/3jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/fi.ico IP104.21.23.6:443
Requested byhttps://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com CertificateIssuerLet's Encrypt Subjectjupita.top Fingerprint9E:5B:A3:A8:86:17:B2:D3:02:73:C1:56:80:93:96:CC:EA:89:5C:6D ValidityThu, 18 Apr 2024 20:57:05 GMT - Wed, 17 Jul 2024 20:57:04 GMT
File typeMS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors Hash12e3dac858061d088023b2bd48e2fa96 e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5 90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21
Analyzer | Verdict | Alert | urlquery | phishing | Phishing - Salesforce |
GET /_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/imgs/fi.ico HTTP/1.1
Host: jupita.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://jupita.top/_bahamas_delta/zure/cd0fbb7849b9b9d84c4f8e48e7301ecf/login.php?id=test@microsoft.com
Cookie: cf_clearance=w50D7sB3_9drg5L2208ewCebIqKgV4jKyZbSQyLasqM-1714034297-1.0.1.1-FBeAdZ6uIjpEsSvxUk.eZS01pekobi5a4ovi04JysozLIUM1zc8va3NOkXyLGNBtY2nNdXc9FFYtyK9OeuU0Zg; captcha=1; PHPSESSID=v4ui5uu2gm07pv6rlvvbi09kpe
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 08:38:20 GMT
content-type: image/x-icon
last-modified: Wed, 25 Jan 2023 23:48:40 GMT
etag: W/"4316-5f31f458da600"
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dVabj4pTWtz%2FKmxFVJsYOKV4yQhPoXupoKTvKQ%2F8nMzBGyt18iY3NtuoigTItUsTkiTCLZX%2Fm1co4mWWPPRMtdlhSL6yYenEsAlVtlC7y38NHdAf9TIw1gq8SSXd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 879d042afaed7129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|