{"report_id":"5fa60a97-a4b6-4f0f-a4ba-528ed32015f6","version":6,"status":"done","tags":["salesforce","phishing"],"date":"2023-12-04T05:55:57Z","url":{"schema":"http","addr":"1701669320.eurotesting36.cc/index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"172.67.162.29","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/user/login/1701669339.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"title":"Sign in"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:14:56Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-09-09 02:40:21","last_seen":"2023-12-03 05:48:43","alert_count":0,"request_count":3,"received_data":50027,"sent_data":1638,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2013-06-10 22:14:26","last_seen":"2023-12-03 06:08:10","alert_count":0,"request_count":2,"received_data":11182,"sent_data":940,"comment":"","tags":null,"fingerprints":null},{"fqdn":"1701669320.eurotesting36.cc","ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":26,"request_count":26,"received_data":1071224,"sent_data":14650,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:55:44Z","timestamp":1701669344,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":44213,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:55:44.752055+0000\",\"flow_id\":812753470126519,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.246\",\"src_port\":44213,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56270,\"rrname\":\"1701669320.eurotesting36.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:55:44.752055+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:55:44Z","timestamp":1701669344,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":40223,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:55:44.751890+0000\",\"flow_id\":1032447489767698,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.246\",\"src_port\":40223,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":712,\"rrname\":\"1701669320.eurotesting36.cc\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:55:44.751890+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/user/login/1701669339.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"278807b37126bbe79c019bb2b9474219","sha1":"2878091eb21533a2c62d4dfbb3a9c186ea7b1d58","sha256":"35cb897d6a911aa382bbc814f7c5cfa9550041d20cd0f845d3e64ed8be8cd77b","sha512":"6ace6c283c515250f9c8389ba489417bfbab54305d10b8d19556f18b00423c8c5bffd3dc192d6cc9b48a6c023002f019b73ba20d8b4170321e6430953c0f782c","ssdeep":"","tlshash":"40c012db424243dc66f11085ca0b3b0cf13f06ee8c11e061f841c700310938f8a6fac6","size":188,"data":"","first_seen":"2023-08-28T11:00:12Z","last_seen":"2024-08-21T07:54:54.833959Z","times_seen":1849,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/popper.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"56456db9d72a4b380ed3cb63095e6022","sha1":"6dbce88aee15b42f29083df7a07513cf3b486ba0","sha256":"66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2","sha512":"e56bd96b837b26add354d0a9e2b8dc04c95cea94f7959ee05718ed23a224296fae22d49afab160b45963bd99c2c501a3f12517e431eb68a13a327ff8b262b50a","ssdeep":"384:kmQkLrwVOyzirVyKnxRsIB9Db5HjiWn8xHOxvRVgD75zBY5vImg3FzGpL9ARdOgS:vLsgyziJp3Db5OxHOxvYD73Y5vQzyL9p","tlshash":"1992b4cc3294b06643a791a7a0af960fb2339875610e9410f19df2d97c30ef9a13bc79","size":21004,"data":"","first_seen":"2023-03-07T01:06:27Z","last_seen":"2026-05-04T23:06:05.973928Z","times_seen":17679,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/bootstrap/js/bootstrap.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0c2bcf5ef0c4476508d79ec9cdcce07","sha1":"3beed68ed7d753c6bf4f61c26386ddd7929ba030","sha256":"edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba","sha512":"5ca6bd1de99dcb5522dca486809760332625520d6033e4212fa7279724dedaaccc0989b89c06753ec55ead0cd34d7ce89d447e766b301ea8093eec02ab531a02","ssdeep":"768:0KD1OYYUhTVvO1Nn6u7MTLOarIkSsBAiAH0FcQ2K8FXsb6mH/3bz5vhCG:0G1T145KVdsXc/hhCG","tlshash":"a453750672a4f472059fa176803b0a0bb7362c9de506b16cbad998dd1f7cd443267f3a","size":63467,"data":"","first_seen":"2023-03-07T01:03:47Z","last_seen":"2026-05-04T21:07:59.152557Z","times_seen":9899,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/static_new/js/common.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e3725bd66c9f142d4468799bd513bbd","sha1":"85a79d2444f2efa6db1140edfdacb028ea0265b5","sha256":"137ab52ea1f182be9d4c84d01110a7d54b4523c7f2a8b504737c138874f9a5b2","sha512":"11567a5615ebd4198ba6bda334b3ab3bacec56fe0dc85dfd1730a0a8d1e8e552e115970561dbd674fecf887371eafb1f50d847b254662e231ff794c76338ae52","ssdeep":"","tlshash":"1d51951eed6872330a2af23b096fd104f02b644fdb0e86117f4d9984c7a151ed97ea4b","size":2610,"data":"","first_seen":"2023-07-22T22:30:25Z","last_seen":"2024-08-21T09:43:41.342844Z","times_seen":1881,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/main.js?v=V1.24","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b90b1e7f3effbe0945d51be2591e957a","sha1":"eb699dc823c7297a91317b3d97fde455caa52782","sha256":"f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412","sha512":"8a9ec4b385beef0c20620fd71b7c2447363e5ae82e649937871ef03c8cc77b5aec4cba0e6669463fd447518815b418839d2656bd4558d452815d31296043ffb4","ssdeep":"96:dE653W3esRZ+Q4I1Jo1AhCubdCmWWaN4rM9258nSjJyT4eTvhP4Voed0r/PLUlA:D53W3TZ+dQCuIvdNjA5jP70/Tr","tlshash":"4c2244587011506645bf373baebf928cfb3a022b92069a127d7c55d45f306b86272eec","size":10176,"data":"","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-03-28T09:31:23.227563Z","times_seen":2080,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-04T23:07:44.553057Z","times_seen":125572,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/jquery.cookie.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5528dde0006c78be04817327c2f9b6f","sha1":"31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8","sha256":"b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8","sha512":"69484bdb1382ae92c4b860f97fab601db2d8117469619f06e720fe5a516b5eb3f2d88ad6065bba6e28790bd1faa86b20aa753a9a0c7a2ad53c4eb787a404a9af","ssdeep":"","tlshash":"72610f6134fd623e0d9b6bd5676f0468b83ffe70b02406448426bd95286c862dba7c5f","size":3121,"data":"","first_seen":"2023-03-07T01:06:39Z","last_seen":"2026-05-04T23:18:23.569983Z","times_seen":16189,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/public/js/layer_mobile/layer.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"79b7829af0bbfea5760aa606bf1a02c7","sha1":"54c27862e41ef815009fca7b54d9d463cfb015bc","sha256":"2fc4428e63cd5bd982210576674877bd1ba3eb59b9f4686d3668fd94530fa4b7","sha512":"dc634dfed7b74ba81193c8362188ab44430b00ed4dcc93dd4a68c22de03157b2b9ac611139cb5a5f3a63a6d7472445e8e08e87318514560f5f2231898a4032d1","ssdeep":"","tlshash":"aa61c7abf005b23756132085a17f283fb63b6471a5058860d0e2e0be99fddac6837f5d","size":3304,"data":"","first_seen":"2023-03-07T01:34:12Z","last_seen":"2026-05-04T09:15:43.244128Z","times_seen":4586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/user/login/1701669339.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2fa7998f2ef1c1f8fbc81c7cb8d7bd8f","sha1":"8eea9c77ffa0ab1657cc5a7794cd34bce3497076","sha256":"a308de4b11e78c4e3c5179581f19cd9fc1fd3373555d95c456ff249f98a80f59","sha512":"705e36b7f808b42b0a2e323ccf0dc23b5af8f4cc2a21291ad25cedfa587c755284b3e1b5305b172c0d6d1138b146894658426abf06a0256dc16ded49c179a71c","ssdeep":"","tlshash":"f5e08c8ef9861102a5a3612b89ab6948253f18c71800e402bb0c68852faa58a9a1be1c","size":317,"data":"","first_seen":"2023-03-12T13:45:56Z","last_seen":"2024-08-21T09:43:41.34225Z","times_seen":1900,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/user/login/1701669339.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe981e5f023b8a2997081643f731293f","sha1":"16635d10a2bccf13ea7a5b5c49a4bf448abab880","sha256":"6569c992f7d5e3341db75d91c61390bbc7c61b1d190554c2f2b1b7791a5b4714","sha512":"4bb9ac586f19cf03d730377986d196a67ad7ae29af7ae997d10f9b697382d656625226c86e2f66996ba00d8b90a9fd9c30db2e2445cda880069e6fbc2ba5dc90","ssdeep":"","tlshash":"db900280561d3211250c000c081e00c81018213a5a434ce5a9a1a50810455441158018","size":47,"data":"","first_seen":"2023-03-12T13:45:56Z","last_seen":"2025-04-18T11:34:02.227279Z","times_seen":1885,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c4358cb63a4b96c5d71a2fb630871f30","sha1":"be3b7d9d5bbd680d035f768345778d84eb08fe23","sha256":"c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229","sha512":"35a85c90dfa0ac1e9f4b1bb7bd074a8b20baf6cc235bafb16148da3d55931ad46e89af33508970da09208e166601df250040841d5dc7742b9d6ab9c065a5a467","ssdeep":"3072:U79yoiRfIBB4G+yMwoSpADH79cVOJjBqcxN:k9ytlByMwoSpADH79cVOJjBqcL","tlshash":"9dd3188db354b2e151e72256539ed10263b65845b80ac1a470b68cd7acbde8c03bfefd","size":139961,"data":"","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-05-04T21:34:09.79208Z","times_seen":3893,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/user/login/1701669339.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T23:09:49.501557Z","times_seen":14657655,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/vue.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5c020d18d70f21851364d0570d38127","sha1":"5dba3f5cb7463e356310fc14e26d3358c1b00ed2","sha256":"58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c","sha512":"1b5b549a89f71d969d8a221659d02f9fafe9f9476d2e98e7baa790ec344593ca74f13671cae19dab346eae4bb8ec6a39759efcf5bfa2ca81c7513ceab92e9025","ssdeep":"3072:TiOkNK65nfn78CZzFYSVMvCCaBQdg7pUPO5knTlB+cwNwDJgYB3lY5TxbMeBUw3F:TU9gCZ6SVVQdg7i7nT+T67BPyVQ4h","tlshash":"4b74b55db9f322a25a5370b94bafa449b278c0130508ce907d8dd3a46f9053857fbfe9","size":343988,"data":"","first_seen":"2023-03-12T17:52:29Z","last_seen":"2025-09-30T14:21:27.823334Z","times_seen":1928,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/static_new/js/dialog.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b00205ad1fe51bf8f61bcb3de292faa","sha1":"4b12f988964d29bd82b14e71b86104a1a91b667b","sha256":"d1eef2b2ff683e089b9d124aa8090e174252e0894af20ae6d78fed7dc69744d5","sha512":"4b4d16845173e2fdf03eda7f3d3c1750f5a5c7016850a658ac290ae44d079e8f91f6767d4bf6771846890739371aa443f349384144e9f59922c9c2f0974e224f","ssdeep":"192:8792uFckSv56nit+FETsYnZpeVbMcMtUqVbMcvwpNDygwNAZPPrxmjp4axgVVHpD:kHC8u6fRVFObkcobwhUi2VHEaLgiz","tlshash":"cbc2322465eb21964a73f83687ab3112f2270013941dfe15397f465c0fe4b3876aafe6","size":27744,"data":"","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-04-23T16:06:14.560206Z","times_seen":3676,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"fonts.googleapis.com/icon?family=Material+Icons","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.072Z","timestamp":1701669346072,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"CC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42","sha256":"9A:90:D4:1D:0C:D1:CA:9D:4D:19:37:44:C4:E6:E4:28:27:C0:F5:0A:9C:B4:56:89:C4:D1:8A:63:A7:01:28:54"}}},"request":{"raw":"GET /icon?family=Material+Icons HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 04 Dec 2023 05:55:40 GMT\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":812,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"gzip compressed data, max compression\\012- data","md5":"ce6842534d03ae0dee3501933b6acdab","sha1":"9b8db3e2b60065ab8d5e93bd701f2acdc47c527b","sha256":"788c4108891e71b9034f6a18ccb6dcbb578cc27d01b2e7e294b0037683c47c34","sha512":"51ac6b59223e7c66d96ff7c79c2e24d6fb865b65fe50d5076012082529525a9591e782e2beb64f80779bed7621fe4b1ed4a2b1be0d74f521c6a2507cb48a5e4d","ssdeep":"","tlshash":"8501c50c07a43cab2a4d833994c69531dd0db47b0bfa82013e9e769f4fba7d96bc4414","first_seen":"2023-12-04T04:22:49Z","last_seen":"2023-12-05T02:30:30Z","times_seen":10,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":105,"dns":0,"connect":9,"send":0,"wait":20,"receive":0,"ssl":133},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/img/BG-02.png","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.091Z","timestamp":1701669346091,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /img/BG-02.png HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 1731\r\nlast-modified: Sun, 01 May 2022 13:31:30 GMT\r\netag: \"626e8bb2-6c3\"\r\nexpires: Wed, 03 Jan 2024 05:55:40 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=lyLJgKeNKXrVZx8R65kYsffnw8VbhKi8vX0WgihJh7AL1ViyXK8igUOx1wdCWAgnRPlaex7dnlUXWDB2lYZSZSOexPbLkefodvizHI6OUd3W9u9DdLx3%2F4btDv8e4xZVXBs8wB6uN%2BALJOWG7L8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8301cd424dca5684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1731,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced\\012- data","md5":"3fddc88d1a5aaececb8e1722ebae13fe","sha1":"ad2c2af726002d922c1b4dd5ec35d9588b2c0937","sha256":"efe284cd11a10ce3d54c9e6c1defe460c5cc534d84a0796f67e007f64f339ecd","sha512":"206ee995f96849a7926b9ae656ce28b71f45f49e8f7bf7bd855faaa04a10f74bcc2df81a17adf19e6d017500b4765212ce7729a54169784fa3a603615850c95f","ssdeep":"","tlshash":"ff3147d6d64428e23564cefd7f10884784854fb1be06deb2494f735b519971a8cbf504","first_seen":"2023-10-14T18:24:17Z","last_seen":"2024-08-21T04:43:37.524111Z","times_seen":1863,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":350,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/imgy/jt.png","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.095Z","timestamp":1701669346095,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /imgy/jt.png HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: image/png\r\ncontent-length: 2375\r\nlast-modified: Tue, 06 Sep 2022 00:12:36 GMT\r\netag: \"63169074-947\"\r\nexpires: Wed, 03 Jan 2024 05:55:40 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=mhpMdmQ1sTPftz7MgQlTO%2BKn7uw3F8aZGNogwiY29Tfbv3WkchIfo0nhUtCBu1pAE8O7zK6BEFaiocxw200XyrmFIw3n%2BjMJZKJzgkzEVCYaMm3qJEaaGnUWMTpO2pdJBJrQM0LsVdQjYtqipCY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8301cd425de25684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2375,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\\012- data","md5":"e964107220dbdd61e6b472795240444a","sha1":"0408a43b2085287cc2443074c14844f0f2520fcf","sha256":"d151a40c6e9c58773a8bf737a89a170daf644d3d2341ed48fc609d70cebdd448","sha512":"cbd71067f50368421fb1787433c5ae25bc88b4008c883e3b13eeb0530359acd8885092c55f9b3e495d3cdaf2e650f498d8ee8fcfe7f777045e4f80e3f52bced1","ssdeep":"","tlshash":"eb410ad444c18e9f2485c05fd162ce0f1e3259cb67e1949c1bd0062e8dc1bf522b379a","first_seen":"2023-05-22T20:55:19Z","last_seen":"2024-10-04T11:10:52.654878Z","times_seen":1916,"resource_available":false,"data":null}},"time_used":377,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":377,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/img/Icons/icon-15.png","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.093Z","timestamp":1701669346093,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /img/Icons/icon-15.png HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 21002\r\nlast-modified: Tue, 18 Oct 2022 12:59:58 GMT\r\netag: \"634ea34e-520a\"\r\nexpires: Wed, 03 Jan 2024 05:55:40 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=H7I9C9A5xo3dXNfUS98JY603uHXHBfngKox7hV%2FXNS2JzJKrO%2BUCfl3DHw49W2d4R1E2cIfFQ3G0gTy6xYmBpzPfRHonBqq2NGUOFAcGcYA6DMM3x1CTneoBLJBRTYf1qGYcs7uzW6QwcIe%2B9WI%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8301cd425ddf5684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21002,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced\\012- data","md5":"039a2cd46fb5029c8ce65eb2872d52c0","sha1":"17999cde44a2cab266902e4ec0a232d910bc825c","sha256":"1dcc87e99c0dc4b6aa560e5654ac343e5b4e5f2eb4d581531ca92791b9c8d891","sha512":"a80943da465cd44ea084a9d650d27a7ebbe907e4db0921e5d20c6dcba0ef4a4baad66b8c873643ebf755bdd9acd993b590030bd4416b48a14fa83c16a60f100a","ssdeep":"384:TPa1YO6suTyN5mGVQ8VvKfAj1wJOeHqweN2ifngiUttY84oqNlFe+UVfaOR:TS1YO6sfNgGVhVvNeKwerPUttN4JNLef","tlshash":"5092e1c75b05e4f13c4377b5214889c19a822f681bf25167e336e8b69abc014f2a776f","first_seen":"2023-05-22T20:55:19Z","last_seen":"2024-08-21T09:43:41.31738Z","times_seen":1882,"resource_available":false,"data":null}},"time_used":582,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":578,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/imgy/Tapptitude-logo-031_1.png","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.094Z","timestamp":1701669346094,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /imgy/Tapptitude-logo-031_1.png HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 22928\r\nlast-modified: Fri, 20 Oct 2023 03:34:40 GMT\r\netag: \"6531f550-5990\"\r\nexpires: Wed, 03 Jan 2024 05:55:40 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ftPUOLKENJQIVzD8bGVrbzfAyoWUHUHVlPID9HURH9daX6GrkmIJGFrBDLZ4M6M4kZNebHhZK1%2Fl%2Fc2wlvPJKuvw94DkgasnC0sO0Uvbfhd6mwWI5O7AFHs35q9z7fPI6RiPL8cIcc54yzYr35s%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8301cd425de05684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22928,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 592 x 74, 8-bit/color RGBA, non-interlaced\\012- data","md5":"615b82fc36a2d246faae75b9f9153d0b","sha1":"0a1cc40a07ce6ea315e66238c528fb4d20ee5216","sha256":"21c1edefa64b1975773aa2e06c8def761b8eb0474bf36bed5c79783e41096376","sha512":"049ef8aad9ed35916d71ffcc5589ae8dd5725ca256f3c2651edbb40c5e6f039afa3e0466e0fa4df648098e203d4ea047cc8343427e86f99fa2954629941e430a","ssdeep":"384:p7nxXZHn4S3N4lt8ei5kLm6poRei9USMvLcZbbDreCpJQGzmCH0C73U3OtnDe3x+:9xyS3lei5kLmJ9USI4xpStCH0C73Pgsn","tlshash":"eaa2f1c63ff04c0636537b8256589477a42f9ce08fc59caccdbcca2662516a8ce8d597","first_seen":"2023-11-16T15:33:23Z","last_seen":"2024-08-20T19:17:05.325737Z","times_seen":1862,"resource_available":false,"data":null}},"time_used":598,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":597,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.136Z","timestamp":1701669347136,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"E5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD","sha256":"EF:BD:DB:F8:2A:77:8C:C2:9E:F9:E0:B2:26:39:CB:EC:63:F1:80:36:F6:06:6E:F5:E1:6C:45:66:A4:D1:A6:C8"}}},"request":{"raw":"GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1701669320.eurotesting36.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15744\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 30 Nov 2023 04:57:34 GMT\r\nexpires: Fri, 29 Nov 2024 04:57:34 GMT\r\ncache-control: public, max-age=31536000\r\nage: 349087\r\nlast-modified: Wed, 11 May 2022 19:24:48 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15744,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\\012- data","md5":"15d9f621c3bd1599f0169dcf0bd5e63e","sha1":"7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52","sha256":"f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615","sha512":"d35a47162fc160cd5f806c3bb7feb50ec96fdfc81753660ead22ef33f89be6b1bfd63d1135f6b479d35c2e9d30f2360ffc8819efca672270e230635bcb206c82","ssdeep":"384:z1TLklSElcS5V6qQTMUP07JwirW6RlLwK79/:p7EJ5E2bJwi5jLwK79/","tlshash":"8162e00158a163ade9b2327ed10b1b91c40660a27d2504e8c6e4fc95fe3d7ed5487b76","first_seen":"2023-04-05T08:15:27Z","last_seen":"2026-05-04T22:50:51.67644Z","times_seen":159757,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":70,"dns":1,"connect":7,"send":0,"wait":9,"receive":3,"ssl":62},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/main.js?v=V1.24","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.104Z","timestamp":1701669346104,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/main.js?v=V1.24 HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:35:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425dc6-27c0\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=K4Og3CUUORAHXkntoe5PP53clQtteiQI13j3PCexQmeVIYgIzARct88nHxmlFH%2BEwurS41dRuLjSgvTyiAksjLXmpRZIpR3hCv4Qep%2F4eviLUiqJTqawp6%2B8EqjC1niDBH0AEidVQCqGPXClhN0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425dec5684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2992,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"b90b1e7f3effbe0945d51be2591e957a","sha1":"eb699dc823c7297a91317b3d97fde455caa52782","sha256":"f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412","sha512":"8a9ec4b385beef0c20620fd71b7c2447363e5ae82e649937871ef03c8cc77b5aec4cba0e6669463fd447518815b418839d2656bd4558d452815d31296043ffb4","ssdeep":"96:dE653W3esRZ+Q4I1Jo1AhCubdCmWWaN4rM9258nSjJyT4eTvhP4Voed0r/PLUlA:D53W3TZ+dQCuIvdNjA5jP70/Tr","tlshash":"4c2244587011506645bf373baebf928cfb3a022b92069a127d7c55d45f306b86272eec","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-03-28T09:31:23.227563Z","times_seen":2080,"resource_available":true,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/vue.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.051Z","timestamp":1701669346051,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /vue.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 28 Aug 2022 23:13:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"630bf692-53fb4\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=RgYTMFcP4jAQp51PYWOz2dFgBQlrQS2Js9J5%2F87G1mNe3QakCrL6ISSv8hfXCRgaJwlqoLxFvNe%2BHt2kPOILb%2FxYV%2Bpgp94vpLevTponWQpJ8sSQ%2B4Y%2Boovy1YRV6S0fTvAV3vMO1Z0WfSXoyec%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd423db05684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":139901,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"f5c020d18d70f21851364d0570d38127","sha1":"5dba3f5cb7463e356310fc14e26d3358c1b00ed2","sha256":"58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c","sha512":"1b5b549a89f71d969d8a221659d02f9fafe9f9476d2e98e7baa790ec344593ca74f13671cae19dab346eae4bb8ec6a39759efcf5bfa2ca81c7513ceab92e9025","ssdeep":"3072:TiOkNK65nfn78CZzFYSVMvCCaBQdg7pUPO5knTlB+cwNwDJgYB3lY5TxbMeBUw3F:TU9gCZ6SVVQdg7i7nT+T67BPyVQ4h","tlshash":"4b74b55db9f322a25a5370b94bafa449b278c0130508ce907d8dd3a46f9053857fbfe9","first_seen":"2023-03-12T17:52:29Z","last_seen":"2025-09-30T14:21:27.823334Z","times_seen":1928,"resource_available":true,"data":null}},"time_used":947,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":943,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/css/app.css","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.086Z","timestamp":1701669346086,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /css/app.css HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 18 Oct 2022 13:16:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"634ea742-5ea3\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=JabcwqsyhFK0%2B7%2BL9TmiMzDt8duuvQGkkPwCaoEX6rO7vHKfjnzkd8DN2YnU8mqkhmtHVSYTo2hzfPb67Yx2yl3oTLyqXTF8zGuozEzi8Nfx3gaz9vrY5ye8ohVtlZx9b2zJuPPTe3ouIjLce6Y%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd424dc05684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":20970,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"ae3caa52c7fab666fb168ff6a696d9c5","sha1":"090c339bde608db35013e6ada8d7c81b2a684d3a","sha256":"cc21fb7e30b9f6c795ec25c1ce9b8d456b44f97b4f0d8b77ccf4e11d5aed06ec","sha512":"7a6f6d475fff3b483f3b55b626071236167ccd42d83e049d8019227705062ed0532e64d3ef72e1602eeab3af3971a3d0d2a1f766d6af69da76743fae6212780a","ssdeep":"192:rCuucKzvD01WbskE0B0hcTQBMCIwckdg9oQu3OibrSQoSE6YqpEKYKwt+CSUEl+l:vgSzbIroQ6nxZ20G6vOw8py5PLiF","tlshash":"59b2635da90554b6bf2369e5bbf24fcbf7f884128d099369b1d353048bd61703aa3388","first_seen":"2023-11-18T19:37:28Z","last_seen":"2024-08-20T18:53:53.239177Z","times_seen":250,"resource_available":false,"data":null}},"time_used":356,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":356,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/imgy/BG-01.png","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.126Z","timestamp":1701669347126,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /imgy/BG-01.png HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 26585\r\nlast-modified: Sun, 13 Nov 2022 09:55:20 GMT\r\netag: \"6370bf08-67d9\"\r\nexpires: Wed, 03 Jan 2024 05:55:41 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=JyI2V9RaH1n4JDfeuII1JtmwFheLNRt9Tb9f7VHWgyh93TdOySUxvKK9eMV65vVFC42cYSqtClFcBqac2s7NFbNOfLzm1Q0MAvruDZYTImwi8CLCKN7U%2FREPgV1qQKH4YQ9Mp2AXVSfZQon6Glg%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 8301cd49190b5684-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26585,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 900, 8-bit/color RGBA, non-interlaced\\012- data","md5":"32e5a811d97ee090735b1b91c0504da8","sha1":"eaeafca8c27de39c0445155e2098a45c9710d6e4","sha256":"b4a732b2cfdf0b07576b5fafca34c485db75c90f3c466f54987f62c361c21082","sha512":"c70f06ff26e172e2b2523616af42c46d82838a9fa1519115a3e7aaa11eb070e101c4e24f84c567464147d3e8b38f98251378b61b7cc1f9b9a51d17d7ac565a6d","ssdeep":"384:m7CqOZwlceEU6AA7z/BWjYiGE//QC1toY+fsggn6FQcpgIOaWX7E:jVZwlSAA7TEjYiGbfjgnszpg9ZI","tlshash":"74c21999c91f4832ca10c5f07f56472f79bb2b68c63653161b77b1a826acec5fb03a05","first_seen":"2023-05-22T20:55:19Z","last_seen":"2024-10-04T11:10:52.656192Z","times_seen":1861,"resource_available":false,"data":null}},"time_used":549,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":548,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/jquery.cookie.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.099Z","timestamp":1701669346099,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/jquery.cookie.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:36:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425df6-c31\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=4AbhhZLeR%2Bq0ShFjc7RbhtiUEshmNcmylPsmFljYyBnR2t7%2BY4rEGrt11gUokj7hucEeosnobOVm0CaTMVtMw5XD0L9rL9TjaLStgH9J74SpWehoFTLEPfTQ1h03wn7wfKC0vkEzb8PMJiBUs64%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425de75684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3121,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (3441), with no line terminators","md5":"c70a657c6ff1764a238929b6e46fb8e4","sha1":"e2a8eb96b388abf14690ea14fe4af3f600296235","sha256":"466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813","sha512":"5bf73bfebf28b33fa15afeccfb4d215d20bee6f9c318665e0bcd39b370980a7ff8a24a9b32f1dfd13d73d2ed5a6192e798764cd80748eb5fa173b89c1c13f6d1","ssdeep":"","tlshash":"81610f6134fd623e0d9b6bd5676f0468b83ffe70b02406448426b995286c862dba7c5f","first_seen":"2023-04-05T13:41:14Z","last_seen":"2025-04-06T16:07:02.012143Z","times_seen":3258,"resource_available":false,"data":null}},"time_used":423,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":423,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/public/js/layer_mobile/need/layer.css","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.101Z","timestamp":1701669346101,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /public/js/layer_mobile/need/layer.css HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Dec 2019 03:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5def0da6-148c\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0ri9FIbt1ohQQT4JL6kFz64VxlVnPxq8Ct0FAFWvSkhc9j5dJ6xVFXRhDyjuo7sg4uF2PpWIJ3OVLZ1G2Jp3%2BdYeOREv7yOBAQ3VJOGxQfTFlxony0ZDrvZQ1B9sSpvT%2FkGjMvpMK7pxU3bHm%2FM%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425de95684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5260,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5260), with no line terminators","md5":"633915e62d14a714594b95b974ee0836","sha1":"e11ebb64a70272c4f35b92fea064f27c4b87efad","sha256":"eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6","sha512":"3a0f469c32521c0fe51838b099650f055410cbdabf64659856e009c8d5e1f3a32fed568832282a92892f1398c8557fe1f64a6a34881f711ecd55b41b054d243a","ssdeep":"96:tJA7fs72Cyf26B6ZtbXBh+Bcw0iZRfcSNHIFSf:J72b5YZtbXucwlrESNoa","tlshash":"9cb1c796989303e8b027c51796dc5efe70388d43915209aef157382fc74bdd9b1b260b","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-05-04T09:15:43.252989Z","times_seen":4991,"resource_available":false,"data":null}},"time_used":349,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":349,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.147Z","timestamp":1701669347147,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"E5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD","sha256":"EF:BD:DB:F8:2A:77:8C:C2:9E:F9:E0:B2:26:39:CB:EC:63:F1:80:36:F6:06:6E:F5:E1:6C:45:66:A4:D1:A6:C8"}}},"request":{"raw":"GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1701669320.eurotesting36.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15860\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 29 Nov 2023 21:13:56 GMT\r\nexpires: Thu, 28 Nov 2024 21:13:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 11 May 2022 19:24:42 GMT\r\ncontent-type: font/woff2\r\nage: 376905\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15860,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\\012- data","md5":"e9f5aaf547f165386cd313b995dddd8e","sha1":"acdef5603c2387b0e5bffd744b679a24a8bc1968","sha256":"f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860","sha512":"2a71edb5490f286642a874d52a1969f54282bc43cb24e8d5a297e13b320321fb7b7af5524eac609cf5f95ee08d5e4ec5803e2a3c8d13c09f6cc38713c665d0ce","ssdeep":"384:S7qmPTF4N21t//YW2FS6+1XxrsbGmjlAbvqMmtCN:S621tHY4xwbGmjloSM7N","tlshash":"1a62d0058ba5850bf5b907fb0e1ab7ee30664b523c8c42278348073970db47a6b2b1fd","first_seen":"2023-04-05T14:47:55Z","last_seen":"2026-05-04T21:53:17.191226Z","times_seen":90781,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":125,"dns":4,"connect":13,"send":0,"wait":24,"receive":27,"ssl":94},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/bootstrap/js/bootstrap.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.097Z","timestamp":1701669346097,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/bootstrap/js/bootstrap.min.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 06 Mar 2021 03:08:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6042f232-f7eb\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=fTa%2BAC0JBZ9yMwBL2MKt62BbS2YEqisOek1mwI0IQksnuE%2Fl6bRYk5LoZv3zxFgLYfp4ylnyB%2Fk6w13PCsfKJWSiYQmy6kwH2Z4Q4nW%2F54ImRSWlSzZ2WfHdY9kfkubeiCDQG8wuNqQQWROTnCc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425de45684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":63467,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (63188)","md5":"f0c2bcf5ef0c4476508d79ec9cdcce07","sha1":"3beed68ed7d753c6bf4f61c26386ddd7929ba030","sha256":"edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba","sha512":"5ca6bd1de99dcb5522dca486809760332625520d6033e4212fa7279724dedaaccc0989b89c06753ec55ead0cd34d7ce89d447e766b301ea8093eec02ab531a02","ssdeep":"768:0KD1OYYUhTVvO1Nn6u7MTLOarIkSsBAiAH0FcQ2K8FXsb6mH/3bz5vhCG:0G1T145KVdsXc/hhCG","tlshash":"a453750672a4f472059fa176803b0a0bb7362c9de506b16cbad998dd1f7cd443267f3a","first_seen":"2023-03-07T01:03:47Z","last_seen":"2026-05-04T21:07:59.152557Z","times_seen":9899,"resource_available":true,"data":null}},"time_used":583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":581,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/favicon.ico","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.537Z","timestamp":1701669347537,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 04 Dec 2023 05:55:42 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=g9zc%2Bv3gZY81I6m3JBIl6FjjNaU8YBRud02KxzSBA%2Fbfo9YMBf9gpEXVEge9mbSZxUH5nbWY5LI3uTjvBA88cibg0nzDEQQ52Jp11Ypws7Goar%2BnnTYUuzB3lVW2GsD8%2FLzzudPEVTa14%2BvdHRw%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd4baa655684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":24969,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T23:09:49.501557Z","times_seen":14657655,"resource_available":true,"data":null}},"time_used":409,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":408,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.css","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.077Z","timestamp":1701669346077,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/swiper/swiper-bundle.min.css HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 05 Mar 2021 16:40:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425ee4-3661\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ol3r3zArVvv%2BaHiOxn%2BB0rCv9%2FTJOWk4alDzrOculn%2BmOCaMa5CU3muZOY3F5sa%2F8QeHj9Gs%2BNsGyf%2BuU1uowEeMDKK1m%2BZbb8hasBZBnIXJSyXRhpfKjEtV9reOg14HyK3xQ%2FH1dSPDxLTZhoE%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd424db55684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13921,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13663)","md5":"4d0619d7577a990881a0079718c5c92e","sha1":"02553ae8ed1026ae5e1fe6cc5883fd42379e5e68","sha256":"f9a55bcc80d6d8b2815299c5501cddaa8e5f3f697cdb8f5ce1e3e924097117ba","sha512":"b80d7e90703fd0eebc15348ce23793cc936746f356c5d0824a713782ff0b6b2497631413de7739b8f5fd6ee30fb48d60c5405cc66d3ee4b730e7d8e39749cc0d","ssdeep":"384:FlUbeo7zOqgx9BU0m/XCQif65W/1mXA82FH8x:F6br7zOlbhm/X5if65W/1mXA82FQ","tlshash":"8b52236417003837f3774f6e4aa1e6b59f60cc838a934d9db2c0dd44d6fa8b9122eb95","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-05-04T21:56:21.507004Z","times_seen":3487,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":424,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.152Z","timestamp":1701669347152,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"E5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD","sha256":"EF:BD:DB:F8:2A:77:8C:C2:9E:F9:E0:B2:26:39:CB:EC:63:F1:80:36:F6:06:6E:F5:E1:6C:45:66:A4:D1:A6:C8"}}},"request":{"raw":"GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1701669320.eurotesting36.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15920\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 30 Nov 2023 07:29:35 GMT\r\nexpires: Fri, 29 Nov 2024 07:29:35 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 11 May 2022 19:24:45 GMT\r\ncontent-type: font/woff2\r\nage: 339966\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\\012- data","md5":"3a44e06eb954b96aa043227f3534189d","sha1":"23cef6993ddb2b2979e8e7647fc3763694e2ba7d","sha256":"b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e","sha512":"fab970b250dd88064730bd2603c530f3503abb0af4e4095786877f9660a159bf4ad98c5abea2e95eb39ae8c13417736b5772fcb9f87941ff5e0f383cb172997f","ssdeep":"384:sShqOXQlaSchOwK0uFvRqq3xR/xb5OY3aU/lHS9WE2YeK1os:sShJKaScJK0uFvRvxb5OY3aU/lHkmK","tlshash":"cc62cf5c6a901684c67c29b63b6d616be9a1cd50c2ab73904fdba317d30d3a1e0298fd","first_seen":"2023-04-05T08:15:27Z","last_seen":"2026-05-04T23:11:08.38157Z","times_seen":64600,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":125,"dns":8,"connect":13,"send":0,"wait":49,"receive":8,"ssl":102},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/public/js/layer_mobile/need/layer.css?2.0","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.286Z","timestamp":1701669347286,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /public/js/layer_mobile/need/layer.css?2.0 HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:42 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Dec 2019 03:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5def0da6-148c\"\r\nexpires: Mon, 04 Dec 2023 17:55:42 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=XnCXe5%2F7RVjbn9tQccv3NELYXAFzqKChiAjgAQntjZiCtO6QPyCb5TDfwiSyf9%2F5x1RWPSSPPxNRoXOGRW9HIztysQKvq1fswC7G4KVeqOEJXpEAhkZRULANDJa2wc9BIy8re%2Fe2v4i1rXG0tyc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd4a69e65684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5260,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5260), with no line terminators","md5":"633915e62d14a714594b95b974ee0836","sha1":"e11ebb64a70272c4f35b92fea064f27c4b87efad","sha256":"eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6","sha512":"3a0f469c32521c0fe51838b099650f055410cbdabf64659856e009c8d5e1f3a32fed568832282a92892f1398c8557fe1f64a6a34881f711ecd55b41b054d243a","ssdeep":"96:tJA7fs72Cyf26B6ZtbXBh+Bcw0iZRfcSNHIFSf:J72b5YZtbXucwlrESNoa","tlshash":"9cb1c796989303e8b027c51796dc5efe70388d43915209aef157382fc74bdd9b1b260b","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-05-04T09:15:43.252989Z","times_seen":4991,"resource_available":false,"data":null}},"time_used":468,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":420,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/style.css?v=V1.24","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.080Z","timestamp":1701669346080,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/style.css?v=V1.24 HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 07 Sep 2022 15:17:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6318b610-1eb6e\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ckreTxmrTfWPH9xo8BrgJIKMHk%2BofWTEjm9u5wvuMkEXnnEsYLwzUfsWX8Hgv9mV5j659w3O9LSeOJyDRx9fBA%2FR2Z4eiW3N4xT3uw3TkEK5%2Bo4%2Fg06bashycHLEa07b3dbrcTbSd8aqosX4oTs%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd424db85684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":125806,"size_decoded":0,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T23:09:49.501557Z","times_seen":14657655,"resource_available":true,"data":null}},"time_used":561,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":561,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/popper.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.096Z","timestamp":1701669346096,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/popper.min.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:34:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425db0-520c\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=08h2E%2Fb6ih6gWkIb6x6d9bihuLqWZlRydI2ax5Rv4rTaYHmah9L7FBLxlzDUXUn%2B4vNCmu9QSIYAYcnxon74gd4bgCaj%2B7YvTOib0uhqgYtAYtHNMVtHPtx3%2B2l%2BZYFZRhMM%2BpsiLenz%2B9%2FrKXY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425de35684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21004,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (20831)","md5":"56456db9d72a4b380ed3cb63095e6022","sha1":"6dbce88aee15b42f29083df7a07513cf3b486ba0","sha256":"66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2","sha512":"e56bd96b837b26add354d0a9e2b8dc04c95cea94f7959ee05718ed23a224296fae22d49afab160b45963bd99c2c501a3f12517e431eb68a13a327ff8b262b50a","ssdeep":"384:kmQkLrwVOyzirVyKnxRsIB9Db5HjiWn8xHOxvRVgD75zBY5vImg3FzGpL9ARdOgS:vLsgyziJp3Db5OxHOxvYD73Y5vQzyL9p","tlshash":"1992b4cc3294b06643a791a7a0af960fb2339875610e9410f19df2d97c30ef9a13bc79","first_seen":"2023-03-07T01:06:27Z","last_seen":"2026-05-04T23:06:05.973928Z","times_seen":17679,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":358,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/static_new/css/public.css?v=V1.24","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.084Z","timestamp":1701669346084,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /static_new/css/public.css?v=V1.24 HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 01 Sep 2022 14:01:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6310bb36-43fb\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=%2B%2BFOdgTWDUYbySNlmggoATR2ku701aCDJ5Sb8C1eByxUxm8bA3pAVIRDPwI8pVUgiIPZPaywBqFexOrmukZeYKAVPqY0tRsOvtynP59iN09ZiLW8wEndz1HquCI7jTf%2BgPA69XW1CNDg5oek%2Ffc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd424dbb5684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17403,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"169e4de5136bed51956394ccd4328122","sha1":"3fca078ed53575c53e868fffa9be8cffe910684c","sha256":"ce9c68517b2551c460aa4225e927dd8a58775df119518be2bdcc6532ea859fe7","sha512":"986e267a9ae76681af37efc78f090413eea362e47126d4500bb7cf8a72f0d8661a4d245678cf860ec766f98db56bbf807ff9e870f797df2776d8db423aa54c86","ssdeep":"192:ilUMZ494EUoQiNCZ5fz9ksnOzaTNUbOnJkFXz9CNvcgIkwUzY5VDb84Xvbzjqoji:aHSmQbX/Soe","tlshash":"0072217a5d081140e27fd3719fea1a99ea35417352022bae76c991874fb271432cffc5","first_seen":"2023-05-17T12:30:16Z","last_seen":"2024-10-04T10:22:11.294605Z","times_seen":1908,"resource_available":false,"data":null}},"time_used":422,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":422,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/swiper/swiper-bundle.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.098Z","timestamp":1701669346098,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/swiper/swiper-bundle.min.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:40:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425ee4-222b9\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=0T05Atfjh2atPlpOUQhq1n7dPp%2B6q5DPJSFXJK73QYE9BiejtOy8oVPEXE2jGfcTR7bPXt40oTQbiJ3L4HrTT2nsE4ewNCLMvy5XivDLznu9fdu8nWy2cDB0khkipvYQdvtj2gwOdtZcey4VI5s%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425de55684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":139961,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65278)","md5":"c4358cb63a4b96c5d71a2fb630871f30","sha1":"be3b7d9d5bbd680d035f768345778d84eb08fe23","sha256":"c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229","sha512":"35a85c90dfa0ac1e9f4b1bb7bd074a8b20baf6cc235bafb16148da3d55931ad46e89af33508970da09208e166601df250040841d5dc7742b9d6ab9c065a5a467","ssdeep":"3072:U79yoiRfIBB4G+yMwoSpADH79cVOJjBqcxN:k9ytlByMwoSpADH79cVOJjBqcL","tlshash":"9dd3188db354b2e151e72256539ed10263b65845b80ac1a470b68cd7acbde8c03bfefd","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-05-04T21:34:09.79208Z","times_seen":3893,"resource_available":true,"data":null}},"time_used":762,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":759,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/static_new/js/dialog.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.100Z","timestamp":1701669346100,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /static_new/js/dialog.min.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 15 Feb 2020 10:13:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5e47c438-6cfa\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=JmxasBqYCci8euSoKcY1x%2BRirJ8vQuZR7jQ34wXNR%2BgxlffGSTS6gpGOA3jTc7vKbscHX7zotBkf4R9j1Xqpm%2F6v12UHelStP%2FZrqr9duUcOhWV2atn4u4d3%2Fk%2BXC3%2B%2F7Q6S8wbZzXGLhkF6mn4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425de85684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27898,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T23:09:49.501557Z","times_seen":14657655,"resource_available":true,"data":null}},"time_used":378,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":378,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:47.119Z","timestamp":1701669347119,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/jquery-3.3.1.min.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:34:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425d9e-1538f\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: HIT\r\nage: 1\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vWO6SSmSEYK%2BH7EyHmRQ%2FahvOOWDYpqBgal5rO8pRpo5QqHRbr8dOeibfNo4ix1JOtygsPw5akCxNkaMH%2FjrSfYguvjsOZVUXHj7GtvXWYOcgzPNqxJo0NvGgwbYVIq4fMlkoqwT6iBTt52pzeU%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd4909095684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-04T23:07:44.553057Z","times_seen":125572,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T05:55:44.774Z","timestamp":1701669344774,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /index/index/user/login/1701669320.html/index/user/login/1701669320.html/index/user/login/1701669321.html HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Mon, 04 Dec 2023 05:55:39 GMT\r\ncontent-type: text/html; charset=utf-8\r\nset-cookie: think_var=en_us; expires=Mon, 04-Dec-2023 06:25:39 GMT; Max-Age=1800; path=/; HttpOnly\ns9851347b=gok0dk675n33bhs1cdj8nmev53; path=/; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: no-cache,must-revalidate\r\nlocation: /index/user/login/1701669339.html\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Ta6%2BfwmF3aL5x6V3KZ%2FUWyGbj2hHmPQDKUdt8fMj%2FhfjUVeNQpXR68afKoJzHQN9N60yOXPz5%2FfjDWm7tvOA3KQj6QUFXXwUroHoP1UFoyLUorytjy81Ly9V6Snv0Z5%2B6Q0feqsmOSLP%2F0PI2Zs%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd3c1ea656c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":12339,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T23:09:49.501557Z","times_seen":14657655,"resource_available":true,"data":null}},"time_used":952,"timings":{"blocked":277,"dns":4,"connect":255,"send":0,"wait":396,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,500,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.074Z","timestamp":1701669346074,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"CC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42","sha256":"9A:90:D4:1D:0C:D1:CA:9D:4D:19:37:44:C4:E6:E4:28:27:C0:F5:0A:9C:B4:56:89:C4:D1:8A:63:A7:01:28:54"}}},"request":{"raw":"GET /css?family=Roboto:300,400,500,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 04 Dec 2023 05:55:40 GMT\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (9360), with no line terminators","md5":"311d8cdf954644f222105d26d89d1d7f","sha1":"1445a416c8f15a49fb6afb69d25b8ccb01db4b66","sha256":"45d9a25c93de59121371b5487af8dd0ed67b61136cf072a7622f202a11740f8d","sha512":"d52487dbd8108b0664831871908bdcc934c396d770a6626813909a262ffdd9c3d516b4ca035834b05b6cb951b7564e4d71c7700051d4e7b4871a390b2e17e669","ssdeep":"192:/AP0XBIOY5oRWjgZFJCE+PGhMzfKSmnzvTrIQUDR1I:/AP0XBIOooRWjgZFJbiGhMzfKS0zvTrB","tlshash":"7612ae91581b5400eb830ee637df7a35bd0f2b2560728132abfd68ae5dcbc22135874d","first_seen":"2023-05-05T11:56:12Z","last_seen":"2024-08-21T09:44:15.772178Z","times_seen":3055,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":106,"dns":0,"connect":8,"send":0,"wait":25,"receive":6,"ssl":132},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/jquery-3.3.1.min.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.088Z","timestamp":1701669346088,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/jquery-3.3.1.min.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:34:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425d9e-1538f\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=rAOqqaARRUdYPWcxXOJdh1KvkDOzybGfY6D1RXvdTjWjXSKKNrVgaJB17hzCynWuecGixcQX7lJTAp7u2NjJwiJhWx6H9zQF5hP7WzfPjkeXDRZgigvpdD8%2FhAemGGvt0PxNjjnzcLoF18tExf0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd424dc45684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":86927,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-04T23:07:44.553057Z","times_seen":125572,"resource_available":true,"data":null}},"time_used":575,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":573,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/red/bootstrap/css/bootstrap.min.css","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.075Z","timestamp":1701669346075,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /red/bootstrap/css/bootstrap.min.css HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:41 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 06 Mar 2021 03:08:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6042f228-27681\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=3M%2FCPZsst8gwwKGp%2Fqqex0RRtE50KVHD1ib7fyuDgxL2fovdLSPN%2BoxiP087i0sLC8myNcFpDx%2BdfVQJKp5IUrVRwebTp0CsJe7mDh5oGLnOPeUiNPvooqCfxyCL7u5gqywXCIB4NjTiwPcm9lM%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd424db45684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":161409,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65326)","md5":"d432e4222814b62dd30c9513dcc29440","sha1":"2cac4afc120983921411296bd4e8fd8a94ba237e","sha256":"4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601","sha512":"3f9320327d6304dd356ac060534cfad10938431897a3cebec2515a84aaec41fdfb73d72ba39d7b5b35523cf575b432b3864bb6889d855602faef01b4dd21a734","ssdeep":"1536:iC7AIJkTR+rMqFVD2DEBi8yNcuSElAz/uJpq3SYiLENM6HN26R:d7XXGLq3SYiLENM6HN26R","tlshash":"8cf353a6f5a0312de4a7c61964d0bafd152f8245d7224bfbf8273b6447892c70a73e4c","first_seen":"2023-04-05T05:11:52Z","last_seen":"2026-05-04T22:41:33.659989Z","times_seen":12478,"resource_available":false,"data":null}},"time_used":534,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":532,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/public/js/layer_mobile/layer.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.102Z","timestamp":1701669346102,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /public/js/layer_mobile/layer.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2019 03:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5def0da6-ce8\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=xZ5US4Tu06cOiaf%2FhW1Ehnyn90%2BwsCrJ5vB%2FSH%2FChISMKOhZw%2BZHdC7t96skRsI33nby2u%2BmCmXeP3Hjpz3%2B5sBmxOV9gdIGKjJvbYDmLsMJ%2FKGq75YA9vdrv2kjTERh%2FrTrogZtmqzIarxNdwk%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425dea5684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3304,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (3435), with no line terminators","md5":"13fd3d5b0fb763160395abbad25d8e57","sha1":"6bc56d44091c873f6b5496ef8be2ed9f36e5220b","sha256":"f1757725deb30f2928f10e427b253f153b0466a60a1c399e9f6bb6cbf5908941","sha512":"1cf9caadb34021fc390c9e13b83336d334de4e635057f0bdb1d9ef15955fe96849e82ba5a7581cfcee911db9a92498d92a830551f550eb3758e2c6346ecad73f","ssdeep":"","tlshash":"0e61c7abf005b23756132085a17f282fb63b6471a5058860d0e2e0be99fddac6837f5d","first_seen":"2023-04-07T00:16:00Z","last_seen":"2025-04-05T12:50:42.269296Z","times_seen":2307,"resource_available":false,"data":null}},"time_used":347,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":347,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/static_new/js/common.js","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701669320.eurotesting36.cc/index/user/login/1701669339.html","date":"2023-12-04T05:55:46.103Z","timestamp":1701669346103,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /static_new/js/common.js HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701669320.eurotesting36.cc/index/user/login/1701669339.html\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 06 Nov 2022 20:24:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"636817fe-a32\"\r\nexpires: Mon, 04 Dec 2023 17:55:40 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=UtR00iHP0HfiwojFigizK%2FsLNPNokQJpc56H8umuX7nWGKnye8XJphr99508AB0FT9RYU%2Foyj%2FdaZHGHQqSgzGzDfV8yt3xCL%2FYWV5oZh8T5CUTbK6P5ukFD7u%2B5DA%2B6lElzCmkn6UWji%2F5%2FwQs%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd425deb5684-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2610,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (2737), with no line terminators","md5":"47da7e76ce9452fee91c87417c13fb38","sha1":"286af070ababfdfc497b609fb2ec05560f90d785","sha256":"0d96d9dc5de250b868903260e201d6d8cfd63c8da748828b2f46fbb59cbc205d","sha512":"e83582d33fd7b92047908141393e4fe2428282865e85ca52a548e38fbed10f1d9fb33f14496a68553c1df4edcf4ae2f325535f679c8452ae1244211c91dfe8fd","ssdeep":"","tlshash":"1351751eed6872330a2af23b096fd144f02b644fdb0e86117f4d9984c7a151ed97ea4b","first_seen":"2023-08-09T06:39:27Z","last_seen":"2024-08-21T09:43:41.332666Z","times_seen":1429,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":353,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701669320.eurotesting36.cc/index/user/login/1701669339.html","fqdn":"1701669320.eurotesting36.cc","domain":"eurotesting36.cc","tld":"cc"},"ip":{"addr":"104.21.10.17","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T05:55:45.509Z","timestamp":1701669345509,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting36.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Fri, 10 Nov 2023 12:38:54 GMT","end":"Thu, 08 Feb 2024 12:38:53 GMT"},"fingerprint":{"sha1":"9C:58:77:D8:BF:18:F1:AE:FC:56:20:70:28:F7:10:93:0B:0B:9A:31","sha256":"D8:DE:9D:CE:95:AC:89:99:B1:AF:D5:A3:C3:C6:D8:65:AF:F1:7B:AF:6E:61:E7:A9:0A:7B:76:5A:2B:C9:61:AD"}}},"request":{"raw":"GET /index/user/login/1701669339.html HTTP/1.1\r\nHost: 1701669320.eurotesting36.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: think_var=en_us; s9851347b=gok0dk675n33bhs1cdj8nmev53\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 04 Dec 2023 05:55:40 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=vNI1lCku%2Fw0TFsf1f7DU%2Fb%2BYU2rIYzqzG2IYnAFt5wZcxqBtIftzgz9UY6iVVBZbW0lv3CPXHbMxa3dY93PgfTqoEN4JPB6xJEO0qWzayLqkCXzhV9aTWPVquf9YxEEdqeiSiBBc1CHNjLGJy98%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 8301cd3ef84956c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12339,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-04T23:09:49.501557Z","times_seen":14657655,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":224,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}}]}