Report - 1701669320.eurotesting36.cc/index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html

Report Overview

Visited public
2023-12-04 05:55:57
Tags
salesforce phishing
Submit Tags
URL
1701669320.eurotesting36.cc/index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html
Finishing URL
1701669320.eurotesting36.cc/index/user/login/1701669339.html
IP / ASN
172.67.162.29
#13335 CLOUDFLARENET
Title
Sign in
Phishing - Salesforce

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.6 kB	50 kB	142.250.74.67
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	940 B	11 kB	142.250.74.106
1701669320.eurotesting36.cc	unknown	unknown	No data	No data	15 kB	1.1 MB	104.21.10.17

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 05:55:44	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:55:44	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	1701669320.eurotesting36.cc/index/user/login/1701669339.html	ScriptElement	188 B	2023-08-28	2024-08-21
Pretty URL 1701669320.eurotesting36.cc/index/user/login/1701669339.html IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-28 11:00 Last Seen2024-08-21 07:54 Times Seen1849 Hash 278807b37126bbe79c019bb2b9474219 2878091eb21533a2c62d4dfbb3a9c186ea7b1d58 35cb897d6a911aa382bbc814f7c5cfa9550041d20cd0f845d3e64ed8be8cd77b Loading...

	1701669320.eurotesting36.cc/red/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-07-09
Pretty URL 1701669320.eurotesting36.cc/red/popper.min.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-09 10:11 Times Seen10552 Hash 56456db9d72a4b380ed3cb63095e6022 6dbce88aee15b42f29083df7a07513cf3b486ba0 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2 Loading...

	1701669320.eurotesting36.cc/red/bootstrap/js/bootstrap.min.js	ScriptElement	64 kB	2023-03-07	2025-07-09
Pretty URL 1701669320.eurotesting36.cc/red/bootstrap/js/bootstrap.min.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-09 10:07 Times Seen6446 Hash f0c2bcf5ef0c4476508d79ec9cdcce07 3beed68ed7d753c6bf4f61c26386ddd7929ba030 edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba Loading...

	1701669320.eurotesting36.cc/static_new/js/common.js	ScriptElement	2.6 kB	2023-07-22	2024-08-21
Pretty URL 1701669320.eurotesting36.cc/static_new/js/common.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 22:30 Last Seen2024-08-21 09:43 Times Seen1881 Hash 4e3725bd66c9f142d4468799bd513bbd 85a79d2444f2efa6db1140edfdacb028ea0265b5 137ab52ea1f182be9d4c84d01110a7d54b4523c7f2a8b504737c138874f9a5b2 Loading...

	1701669320.eurotesting36.cc/red/main.js?v=V1.24	ScriptElement	10 kB	2023-03-07	2025-04-20
Pretty URL 1701669320.eurotesting36.cc/red/main.js?v=V1.24 IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20 Last Seen2025-04-20 12:02 Times Seen2060 Hash b90b1e7f3effbe0945d51be2591e957a eb699dc823c7297a91317b3d97fde455caa52782 f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412 Loading...

	1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js	ScriptElement	87 kB	2023-03-07	2025-07-09
Pretty URL 1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-09 10:15 Times Seen64872 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	1701669320.eurotesting36.cc/red/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-07-09
Pretty URL 1701669320.eurotesting36.cc/red/jquery.cookie.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-09 09:12 Times Seen8101 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	1701669320.eurotesting36.cc/public/js/layer_mobile/layer.js	ScriptElement	3.3 kB	2023-03-07	2025-07-08
Pretty URL 1701669320.eurotesting36.cc/public/js/layer_mobile/layer.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34 Last Seen2025-07-08 19:46 Times Seen3752 Hash 79b7829af0bbfea5760aa606bf1a02c7 54c27862e41ef815009fca7b54d9d463cfb015bc 2fc4428e63cd5bd982210576674877bd1ba3eb59b9f4686d3668fd94530fa4b7 Loading...

	1701669320.eurotesting36.cc/index/user/login/1701669339.html	ScriptElement	317 B	2023-03-12	2024-08-21
Pretty URL 1701669320.eurotesting36.cc/index/user/login/1701669339.html IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 13:45 Last Seen2024-08-21 09:43 Times Seen1900 Hash 2fa7998f2ef1c1f8fbc81c7cb8d7bd8f 8eea9c77ffa0ab1657cc5a7794cd34bce3497076 a308de4b11e78c4e3c5179581f19cd9fc1fd3373555d95c456ff249f98a80f59 Loading...

	1701669320.eurotesting36.cc/index/user/login/1701669339.html	ScriptElement	47 B	2023-03-12	2025-04-18
Pretty URL 1701669320.eurotesting36.cc/index/user/login/1701669339.html IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 13:45 Last Seen2025-04-18 11:34 Times Seen1885 Hash fe981e5f023b8a2997081643f731293f 16635d10a2bccf13ea7a5b5c49a4bf448abab880 6569c992f7d5e3341db75d91c61390bbc7c61b1d190554c2f2b1b7791a5b4714 Loading...

	1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.js	ScriptElement	140 kB	2023-03-07	2025-07-09
Pretty URL 1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20 Last Seen2025-07-09 01:09 Times Seen3326 Hash c4358cb63a4b96c5d71a2fb630871f30 be3b7d9d5bbd680d035f768345778d84eb08fe23 c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229 Loading...

	1701669320.eurotesting36.cc/index/user/login/1701669339.html	ScriptElement	0 B	0001-01-01	2025-07-09
Pretty URL 1701669320.eurotesting36.cc/index/user/login/1701669339.html IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-09 10:19 Times Seen5357607 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	1701669320.eurotesting36.cc/vue.js	ScriptElement	344 kB	2023-03-12	2024-10-14
Pretty URL 1701669320.eurotesting36.cc/vue.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 17:52 Last Seen2024-10-14 19:36 Times Seen1927 Hash f5c020d18d70f21851364d0570d38127 5dba3f5cb7463e356310fc14e26d3358c1b00ed2 58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c Loading...

	1701669320.eurotesting36.cc/static_new/js/dialog.min.js	ScriptElement	28 kB	2023-04-07	2025-07-08
Pretty URL 1701669320.eurotesting36.cc/static_new/js/dialog.min.js IP 104.21.10.17 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 00:16 Last Seen2025-07-08 13:48 Times Seen3404 Hash 5b00205ad1fe51bf8f61bcb3de292faa 4b12f988964d29bd82b14e71b86104a1a91b667b d1eef2b2ff683e089b9d124aa8090e174252e0894af20ae6d78fed7dc69744d5 Loading...

HTTP Transactions (31)

URL IP Response Size

GET fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

812 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
812 B (812 bytes)
Hash
ce6842534d03ae0dee3501933b6acdab
9b8db3e2b60065ab8d5e93bd701f2acdc47c527b
788c4108891e71b9034f6a18ccb6dcbb578cc27d01b2e7e294b0037683c47c34

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:55:40 GMT
date: Mon, 04 Dec 2023 05:55:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701669320.eurotesting36.cc/img/BG-02.png

104.21.10.17

200 OK

1.7 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/img/BG-02.png
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
PNG image data, 400 x 400, 8-bit colormap, non-interlaced\012- data
Size
1.7 kB (1731 bytes)
Hash
3fddc88d1a5aaececb8e1722ebae13fe
ad2c2af726002d922c1b4dd5ec35d9588b2c0937
efe284cd11a10ce3d54c9e6c1defe460c5cc534d84a0796f67e007f64f339ecd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /img/BG-02.png HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: image/png
content-length: 1731
last-modified: Sun, 01 May 2022 13:31:30 GMT
etag: "626e8bb2-6c3"
expires: Wed, 03 Jan 2024 05:55:40 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lyLJgKeNKXrVZx8R65kYsffnw8VbhKi8vX0WgihJh7AL1ViyXK8igUOx1wdCWAgnRPlaex7dnlUXWDB2lYZSZSOexPbLkefodvizHI6OUd3W9u9DdLx3%2F4btDv8e4xZVXBs8wB6uN%2BALJOWG7L8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301cd424dca5684-OSL
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/imgy/jt.png

104.21.10.17

200 OK

2.4 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/imgy/jt.png
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2375 bytes)
Hash
e964107220dbdd61e6b472795240444a
0408a43b2085287cc2443074c14844f0f2520fcf
d151a40c6e9c58773a8bf737a89a170daf644d3d2341ed48fc609d70cebdd448

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /imgy/jt.png HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: image/png
content-length: 2375
last-modified: Tue, 06 Sep 2022 00:12:36 GMT
etag: "63169074-947"
expires: Wed, 03 Jan 2024 05:55:40 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mhpMdmQ1sTPftz7MgQlTO%2BKn7uw3F8aZGNogwiY29Tfbv3WkchIfo0nhUtCBu1pAE8O7zK6BEFaiocxw200XyrmFIw3n%2BjMJZKJzgkzEVCYaMm3qJEaaGnUWMTpO2pdJBJrQM0LsVdQjYtqipCY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301cd425de25684-OSL
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/img/Icons/icon-15.png

104.21.10.17

200 OK

21 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/img/Icons/icon-15.png
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
PNG image data, 400 x 400, 8-bit colormap, non-interlaced\012- data
Size
21 kB (21002 bytes)
Hash
039a2cd46fb5029c8ce65eb2872d52c0
17999cde44a2cab266902e4ec0a232d910bc825c
1dcc87e99c0dc4b6aa560e5654ac343e5b4e5f2eb4d581531ca92791b9c8d891

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /img/Icons/icon-15.png HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: image/png
content-length: 21002
last-modified: Tue, 18 Oct 2022 12:59:58 GMT
etag: "634ea34e-520a"
expires: Wed, 03 Jan 2024 05:55:40 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7I9C9A5xo3dXNfUS98JY603uHXHBfngKox7hV%2FXNS2JzJKrO%2BUCfl3DHw49W2d4R1E2cIfFQ3G0gTy6xYmBpzPfRHonBqq2NGUOFAcGcYA6DMM3x1CTneoBLJBRTYf1qGYcs7uzW6QwcIe%2B9WI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301cd425ddf5684-OSL
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/imgy/Tapptitude-logo-031_1.png

104.21.10.17

200 OK

23 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/imgy/Tapptitude-logo-031_1.png
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
PNG image data, 592 x 74, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22928 bytes)
Hash
615b82fc36a2d246faae75b9f9153d0b
0a1cc40a07ce6ea315e66238c528fb4d20ee5216
21c1edefa64b1975773aa2e06c8def761b8eb0474bf36bed5c79783e41096376

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /imgy/Tapptitude-logo-031_1.png HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: image/png
content-length: 22928
last-modified: Fri, 20 Oct 2023 03:34:40 GMT
etag: "6531f550-5990"
expires: Wed, 03 Jan 2024 05:55:40 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ftPUOLKENJQIVzD8bGVrbzfAyoWUHUHVlPID9HURH9daX6GrkmIJGFrBDLZ4M6M4kZNebHhZK1%2Fl%2Fc2wlvPJKuvw94DkgasnC0sO0Uvbfhd6mwWI5O7AFHs35q9z7fPI6RiPL8cIcc54yzYr35s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301cd425de05684-OSL
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1701669320.eurotesting36.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 349087
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701669320.eurotesting36.cc/red/main.js?v=V1.24

104.21.10.17

200 OK

3.0 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/main.js?v=V1.24
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with CRLF line terminators
Size
3.0 kB (2992 bytes)
Hash
b90b1e7f3effbe0945d51be2591e957a
eb699dc823c7297a91317b3d97fde455caa52782
f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/main.js?v=V1.24 HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:35:18 GMT
vary: Accept-Encoding
etag: W/"60425dc6-27c0"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4Og3CUUORAHXkntoe5PP53clQtteiQI13j3PCexQmeVIYgIzARct88nHxmlFH%2BEwurS41dRuLjSgvTyiAksjLXmpRZIpR3hCv4Qep%2F4eviLUiqJTqawp6%2B8EqjC1niDBH0AEidVQCqGPXClhN0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425dec5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/vue.js

104.21.10.17

200 OK

140 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/vue.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text
Size
140 kB (139901 bytes)
Hash
f5c020d18d70f21851364d0570d38127
5dba3f5cb7463e356310fc14e26d3358c1b00ed2
58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /vue.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: application/javascript
last-modified: Sun, 28 Aug 2022 23:13:22 GMT
vary: Accept-Encoding
etag: W/"630bf692-53fb4"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RgYTMFcP4jAQp51PYWOz2dFgBQlrQS2Js9J5%2F87G1mNe3QakCrL6ISSv8hfXCRgaJwlqoLxFvNe%2BHt2kPOILb%2FxYV%2Bpgp94vpLevTponWQpJ8sSQ%2B4Y%2Boovy1YRV6S0fTvAV3vMO1Z0WfSXoyec%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd423db05684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/css/app.css

104.21.10.17

200 OK

21 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/css/app.css
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
Unicode text, UTF-8 text, with CRLF line terminators
Size
21 kB (20970 bytes)
Hash
ae3caa52c7fab666fb168ff6a696d9c5
090c339bde608db35013e6ada8d7c81b2a684d3a
cc21fb7e30b9f6c795ec25c1ce9b8d456b44f97b4f0d8b77ccf4e11d5aed06ec

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /css/app.css HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 13:16:50 GMT
vary: Accept-Encoding
etag: W/"634ea742-5ea3"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JabcwqsyhFK0%2B7%2BL9TmiMzDt8duuvQGkkPwCaoEX6rO7vHKfjnzkd8DN2YnU8mqkhmtHVSYTo2hzfPb67Yx2yl3oTLyqXTF8zGuozEzi8Nfx3gaz9vrY5ye8ohVtlZx9b2zJuPPTe3ouIjLce6Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd424dc05684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/imgy/BG-01.png

104.21.10.17

200 OK

27 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/imgy/BG-01.png
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
PNG image data, 800 x 900, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (26585 bytes)
Hash
32e5a811d97ee090735b1b91c0504da8
eaeafca8c27de39c0445155e2098a45c9710d6e4
b4a732b2cfdf0b07576b5fafca34c485db75c90f3c466f54987f62c361c21082

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /imgy/BG-01.png HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:42 GMT
content-type: image/png
content-length: 26585
last-modified: Sun, 13 Nov 2022 09:55:20 GMT
etag: "6370bf08-67d9"
expires: Wed, 03 Jan 2024 05:55:41 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JyI2V9RaH1n4JDfeuII1JtmwFheLNRt9Tb9f7VHWgyh93TdOySUxvKK9eMV65vVFC42cYSqtClFcBqac2s7NFbNOfLzm1Q0MAvruDZYTImwi8CLCKN7U%2FREPgV1qQKH4YQ9Mp2AXVSfZQon6Glg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8301cd49190b5684-OSL
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/jquery.cookie.js

104.21.10.17

200 OK

3.1 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/jquery.cookie.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
c70a657c6ff1764a238929b6e46fb8e4
e2a8eb96b388abf14690ea14fe4af3f600296235
466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/jquery.cookie.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:36:06 GMT
vary: Accept-Encoding
etag: W/"60425df6-c31"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4AbhhZLeR%2Bq0ShFjc7RbhtiUEshmNcmylPsmFljYyBnR2t7%2BY4rEGrt11gUokj7hucEeosnobOVm0CaTMVtMw5XD0L9rL9TjaLStgH9J74SpWehoFTLEPfTQ1h03wn7wfKC0vkEzb8PMJiBUs64%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425de75684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/public/js/layer_mobile/need/layer.css

104.21.10.17

200 OK

5.3 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/public/js/layer_mobile/need/layer.css
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (5260), with no line terminators
Size
5.3 kB (5260 bytes)
Hash
633915e62d14a714594b95b974ee0836
e11ebb64a70272c4f35b92fea064f27c4b87efad
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /public/js/layer_mobile/need/layer.css HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: text/css
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-148c"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0ri9FIbt1ohQQT4JL6kFz64VxlVnPxq8Ct0FAFWvSkhc9j5dJ6xVFXRhDyjuo7sg4uF2PpWIJ3OVLZ1G2Jp3%2BdYeOREv7yOBAQ3VJOGxQfTFlxony0ZDrvZQ1B9sSpvT%2FkGjMvpMK7pxU3bHm%2FM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425de95684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1701669320.eurotesting36.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 376905
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701669320.eurotesting36.cc/red/bootstrap/js/bootstrap.min.js

104.21.10.17

200 OK

64 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/bootstrap/js/bootstrap.min.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (63188)
Size
64 kB (63467 bytes)
Hash
f0c2bcf5ef0c4476508d79ec9cdcce07
3beed68ed7d753c6bf4f61c26386ddd7929ba030
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: application/javascript
last-modified: Sat, 06 Mar 2021 03:08:34 GMT
vary: Accept-Encoding
etag: W/"6042f232-f7eb"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fTa%2BAC0JBZ9yMwBL2MKt62BbS2YEqisOek1mwI0IQksnuE%2Fl6bRYk5LoZv3zxFgLYfp4ylnyB%2Fk6w13PCsfKJWSiYQmy6kwH2Z4Q4nW%2F54ImRSWlSzZ2WfHdY9kfkubeiCDQG8wuNqQQWROTnCc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425de45684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/favicon.ico

104.21.10.17

404 Not Found

25 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/favicon.ico
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type

Size
25 kB (24969 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 04 Dec 2023 05:55:42 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g9zc%2Bv3gZY81I6m3JBIl6FjjNaU8YBRud02KxzSBA%2Fbfo9YMBf9gpEXVEge9mbSZxUH5nbWY5LI3uTjvBA88cibg0nzDEQQ52Jp11Ypws7Goar%2BnnTYUuzB3lVW2GsD8%2FLzzudPEVTa14%2BvdHRw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd4baa655684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.css

104.21.10.17

200 OK

14 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.css
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (13663)
Size
14 kB (13921 bytes)
Hash
4d0619d7577a990881a0079718c5c92e
02553ae8ed1026ae5e1fe6cc5883fd42379e5e68
f9a55bcc80d6d8b2815299c5501cddaa8e5f3f697cdb8f5ce1e3e924097117ba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/swiper/swiper-bundle.min.css HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: text/css
last-modified: Fri, 05 Mar 2021 16:40:04 GMT
vary: Accept-Encoding
etag: W/"60425ee4-3661"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ol3r3zArVvv%2BaHiOxn%2BB0rCv9%2FTJOWk4alDzrOculn%2BmOCaMa5CU3muZOY3F5sa%2F8QeHj9Gs%2BNsGyf%2BuU1uowEeMDKK1m%2BZbb8hasBZBnIXJSyXRhpfKjEtV9reOg14HyK3xQ%2FH1dSPDxLTZhoE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd424db55684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1701669320.eurotesting36.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 339966
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701669320.eurotesting36.cc/public/js/layer_mobile/need/layer.css?2.0

104.21.10.17

200 OK

5.3 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/public/js/layer_mobile/need/layer.css?2.0
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (5260), with no line terminators
Size
5.3 kB (5260 bytes)
Hash
633915e62d14a714594b95b974ee0836
e11ebb64a70272c4f35b92fea064f27c4b87efad
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /public/js/layer_mobile/need/layer.css?2.0 HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:42 GMT
content-type: text/css
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-148c"
expires: Mon, 04 Dec 2023 17:55:42 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XnCXe5%2F7RVjbn9tQccv3NELYXAFzqKChiAjgAQntjZiCtO6QPyCb5TDfwiSyf9%2F5x1RWPSSPPxNRoXOGRW9HIztysQKvq1fswC7G4KVeqOEJXpEAhkZRULANDJa2wc9BIy8re%2Fe2v4i1rXG0tyc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd4a69e65684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/style.css?v=V1.24

104.21.10.17

200 OK

126 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/style.css?v=V1.24
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type

Size
126 kB (125806 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/style.css?v=V1.24 HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: text/css
last-modified: Wed, 07 Sep 2022 15:17:36 GMT
vary: Accept-Encoding
etag: W/"6318b610-1eb6e"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ckreTxmrTfWPH9xo8BrgJIKMHk%2BofWTEjm9u5wvuMkEXnnEsYLwzUfsWX8Hgv9mV5j659w3O9LSeOJyDRx9fBA%2FR2Z4eiW3N4xT3uw3TkEK5%2Bo4%2Fg06bashycHLEa07b3dbrcTbSd8aqosX4oTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd424db85684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/popper.min.js

104.21.10.17

200 OK

21 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/popper.min.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (20831)
Size
21 kB (21004 bytes)
Hash
56456db9d72a4b380ed3cb63095e6022
6dbce88aee15b42f29083df7a07513cf3b486ba0
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/popper.min.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:34:56 GMT
vary: Accept-Encoding
etag: W/"60425db0-520c"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08h2E%2Fb6ih6gWkIb6x6d9bihuLqWZlRydI2ax5Rv4rTaYHmah9L7FBLxlzDUXUn%2B4vNCmu9QSIYAYcnxon74gd4bgCaj%2B7YvTOib0uhqgYtAYtHNMVtHPtx3%2B2l%2BZYFZRhMM%2BpsiLenz%2B9%2FrKXY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425de35684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/static_new/css/public.css?v=V1.24

104.21.10.17

200 OK

17 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/static_new/css/public.css?v=V1.24
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with CRLF line terminators
Size
17 kB (17403 bytes)
Hash
169e4de5136bed51956394ccd4328122
3fca078ed53575c53e868fffa9be8cffe910684c
ce9c68517b2551c460aa4225e927dd8a58775df119518be2bdcc6532ea859fe7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/css/public.css?v=V1.24 HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: text/css
last-modified: Thu, 01 Sep 2022 14:01:26 GMT
vary: Accept-Encoding
etag: W/"6310bb36-43fb"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BFOdgTWDUYbySNlmggoATR2ku701aCDJ5Sb8C1eByxUxm8bA3pAVIRDPwI8pVUgiIPZPaywBqFexOrmukZeYKAVPqY0tRsOvtynP59iN09ZiLW8wEndz1HquCI7jTf%2BgPA69XW1CNDg5oek%2Ffc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd424dbb5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.js

104.21.10.17

200 OK

140 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (65278)
Size
140 kB (139961 bytes)
Hash
c4358cb63a4b96c5d71a2fb630871f30
be3b7d9d5bbd680d035f768345778d84eb08fe23
c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/swiper/swiper-bundle.min.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:40:04 GMT
vary: Accept-Encoding
etag: W/"60425ee4-222b9"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0T05Atfjh2atPlpOUQhq1n7dPp%2B6q5DPJSFXJK73QYE9BiejtOy8oVPEXE2jGfcTR7bPXt40oTQbiJ3L4HrTT2nsE4ewNCLMvy5XivDLznu9fdu8nWy2cDB0khkipvYQdvtj2gwOdtZcey4VI5s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425de55684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/static_new/js/dialog.min.js

104.21.10.17

200 OK

28 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/static_new/js/dialog.min.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type

Size
28 kB (27898 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/dialog.min.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2020 10:13:12 GMT
vary: Accept-Encoding
etag: W/"5e47c438-6cfa"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JmxasBqYCci8euSoKcY1x%2BRirJ8vQuZR7jQ34wXNR%2BgxlffGSTS6gpGOA3jTc7vKbscHX7zotBkf4R9j1Xqpm%2F6v12UHelStP%2FZrqr9duUcOhWV2atn4u4d3%2Fk%2BXC3%2B%2F7Q6S8wbZzXGLhkF6mn4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425de85684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js

104.21.10.17

200 OK

87 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/jquery-3.3.1.min.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:34:38 GMT
vary: Accept-Encoding
etag: W/"60425d9e-1538f"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vWO6SSmSEYK%2BH7EyHmRQ%2FahvOOWDYpqBgal5rO8pRpo5QqHRbr8dOeibfNo4ix1JOtygsPw5akCxNkaMH%2FjrSfYguvjsOZVUXHj7GtvXWYOcgzPNqxJo0NvGgwbYVIq4fMlkoqwT6iBTt52pzeU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd4909095684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html

104.21.10.17

301 Moved Permanently

12 kB

URL User Request GET HTTP/2
1701669320.eurotesting36.cc/index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type

Size
12 kB (12339 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 05:55:39 GMT
content-type: text/html; charset=utf-8
set-cookie: think_var=en_us; expires=Mon, 04-Dec-2023 06:25:39 GMT; Max-Age=1800; path=/; HttpOnly
s9851347b=gok0dk675n33bhs1cdj8nmev53; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache,must-revalidate
location: /index/user/login/1701669339.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ta6%2BfwmF3aL5x6V3KZ%2FUWyGbj2hHmPQDKUdt8fMj%2FhfjUVeNQpXR68afKoJzHQN9N60yOXPz5%2FfjDWm7tvOA3KQj6QUFXXwUroHoP1UFoyLUorytjy81Ly9V6Snv0Z5%2B6Q0feqsmOSLP%2F0PI2Zs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd3c1ea656c7-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

142.250.74.106

200 OK

9.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (9360), with no line terminators
Size
9.1 kB (9108 bytes)
Hash
311d8cdf954644f222105d26d89d1d7f
1445a416c8f15a49fb6afb69d25b8ccb01db4b66
45d9a25c93de59121371b5487af8dd0ed67b61136cf072a7622f202a11740f8d

HTTP Headers

GET /css?family=Roboto:300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:55:40 GMT
date: Mon, 04 Dec 2023 05:55:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js

104.21.10.17

200 OK

87 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (65451)
Size
87 kB (86927 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/jquery-3.3.1.min.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:34:38 GMT
vary: Accept-Encoding
etag: W/"60425d9e-1538f"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rAOqqaARRUdYPWcxXOJdh1KvkDOzybGfY6D1RXvdTjWjXSKKNrVgaJB17hzCynWuecGixcQX7lJTAp7u2NjJwiJhWx6H9zQF5hP7WzfPjkeXDRZgigvpdD8%2FhAemGGvt0PxNjjnzcLoF18tExf0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd424dc45684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/red/bootstrap/css/bootstrap.min.css

104.21.10.17

200 OK

161 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/red/bootstrap/css/bootstrap.min.css
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
ASCII text, with very long lines (65326)
Size
161 kB (161409 bytes)
Hash
d432e4222814b62dd30c9513dcc29440
2cac4afc120983921411296bd4e8fd8a94ba237e
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:41 GMT
content-type: text/css
last-modified: Sat, 06 Mar 2021 03:08:24 GMT
vary: Accept-Encoding
etag: W/"6042f228-27681"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3M%2FCPZsst8gwwKGp%2Fqqex0RRtE50KVHD1ib7fyuDgxL2fovdLSPN%2BoxiP087i0sLC8myNcFpDx%2BdfVQJKp5IUrVRwebTp0CsJe7mDh5oGLnOPeUiNPvooqCfxyCL7u5gqywXCIB4NjTiwPcm9lM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd424db45684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/public/js/layer_mobile/layer.js

104.21.10.17

200 OK

3.3 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/public/js/layer_mobile/layer.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
Unicode text, UTF-8 text, with very long lines (3435), with no line terminators
Size
3.3 kB (3304 bytes)
Hash
13fd3d5b0fb763160395abbad25d8e57
6bc56d44091c873f6b5496ef8be2ed9f36e5220b
f1757725deb30f2928f10e427b253f153b0466a60a1c399e9f6bb6cbf5908941

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /public/js/layer_mobile/layer.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: application/javascript
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-ce8"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZ5US4Tu06cOiaf%2FhW1Ehnyn90%2BwsCrJ5vB%2FSH%2FChISMKOhZw%2BZHdC7t96skRsI33nby2u%2BmCmXeP3Hjpz3%2B5sBmxOV9gdIGKjJvbYDmLsMJ%2FKGq75YA9vdrv2kjTERh%2FrTrogZtmqzIarxNdwk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425dea5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/static_new/js/common.js

104.21.10.17

200 OK

2.6 kB

URL GET HTTP/3
1701669320.eurotesting36.cc/static_new/js/common.js
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2737), with no line terminators
Size
2.6 kB (2610 bytes)
Hash
47da7e76ce9452fee91c87417c13fb38
286af070ababfdfc497b609fb2ec05560f90d785
0d96d9dc5de250b868903260e201d6d8cfd63c8da748828b2f46fbb59cbc205d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/common.js HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: application/javascript
last-modified: Sun, 06 Nov 2022 20:24:30 GMT
vary: Accept-Encoding
etag: W/"636817fe-a32"
expires: Mon, 04 Dec 2023 17:55:40 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UtR00iHP0HfiwojFigizK%2FsLNPNokQJpc56H8umuX7nWGKnye8XJphr99508AB0FT9RYU%2Foyj%2FdaZHGHQqSgzGzDfV8yt3xCL%2FYWV5oZh8T5CUTbK6P5ukFD7u%2B5DA%2B6lElzCmkn6UWji%2F5%2FwQs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd425deb5684-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701669320.eurotesting36.cc/index/user/login/1701669339.html

104.21.10.17

200 OK

12 kB

URL User Request GET HTTP/2
1701669320.eurotesting36.cc/index/user/login/1701669339.html
IP
104.21.10.17:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting36.cc
Fingerprint9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31
ValidityFri, 10 Nov 2023 12:38:54 GMT - Thu, 08 Feb 2024 12:38:53 GMT

File type

Size
12 kB (12339 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /index/user/login/1701669339.html HTTP/1.1
Host: 1701669320.eurotesting36.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:55:40 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vNI1lCku%2Fw0TFsf1f7DU%2Fb%2BYU2rIYzqzG2IYnAFt5wZcxqBtIftzgz9UY6iVVBZbW0lv3CPXHbMxa3dY93PgfTqoEN4JPB6xJEO0qWzayLqkCXzhV9aTWPVquf9YxEEdqeiSiBBc1CHNjLGJy98%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8301cd3ef84956c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by