Report - assessment.dekrasafety.com

Report Overview

Visited public
2024-09-24 12:04:15
Tags
salesforce phishing
URL
assessment.dekrasafety.com
Finishing URL
prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
IP / ASN
20.80.64.131
#8075 MICROSOFT-CORP-MSN-AS-BLOCK
Title
Sign in
Phishing - Salesforce

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
assessment.dekrasafety.com	unknown	2019-04-11	2022-02-21 09:29:07	2023-11-08 04:53:04	2.4 kB	61 kB	20.80.64.131
o.pki.goog	unknown	2016-06-13	2024-04-24 13:44:57	2024-09-24 01:59:52	325 B	699 B	142.250.74.131
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2024-09-24 02:15:38	461 B	1.5 kB	142.250.74.106
blobdspprd.blob.core.windows.net	unknown	1995-08-10	2023-10-24 18:45:41	2023-10-24 18:45:41	477 B	1.7 MB	20.209.184.65
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2024-09-24 01:59:52	471 B	124 kB	104.18.10.207
r10.o.lencr.org	unknown	2020-06-29	2024-06-06 21:45:11	2024-09-24 01:59:52	327 B	887 B	23.33.119.27
prddekrasafetyplatform.b2clogin.com	unknown	unknown	No data	No data	13 kB	79 kB	20.190.177.21
myapps.dekrasafety.com	unknown	unknown	No data	No data	989 B	5.0 kB	20.40.202.0
blobdspdev.blob.core.windows.net	unknown	unknown	No data	No data	1.4 kB	39 kB	20.60.194.225
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2024-09-24 07:28:16	541 B	8.7 kB	216.58.207.227
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2024-09-24 03:03:16	450 B	31 kB	142.250.74.74

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-04-29
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-29 07:54 Times Seen111228 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	unknown	ScriptElement	9 B	2023-03-07	2025-04-29
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-04-29 08:05 Times Seen20031 Hash 5e543256c480ac577d30f76f9120eb74 d5d4cd07616a542891b7ec2d0257b3a24b69856e eb045d78d273107348b0300c01d29b7552d622abbc6faf81b3ec55359aa9950c Loading...

	prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	ScriptElement	4.3 kB	2024-09-28	2024-09-28
Pretty URL prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D IP 20.190.177.21 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 08:03 Last Seen2024-09-28 08:03 Times Seen1 Hash f17577e29251dafcb1bf83154664a1b6 53f1cf87f2164428d73ffa7bd9d0790e8e74e8a6 6fedb817680bd0531170aa512a42c5ab33735adfd750c09d5604a992ef1a19f9 Loading...

	prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	ScriptElement	201 B	2024-09-28	2024-09-28
Pretty URL prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D IP 20.190.177.21 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2024-09-28 08:03 Last Seen2024-09-28 08:03 Times Seen1 Hash f2647614832eb2b6c6f5394bbf70e761 75a9cf41468b27ba63d74cf4f0ec3405b2e53bc4 d670e1c678dd3bef9c168c85f3b5796a36047f9b77e690a1c91c6033fbec9cbb Loading...

	prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	ScriptElement	168 kB	2023-05-24	2025-03-13
Pretty URL prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D IP 20.190.177.21 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-24 20:01 Last Seen2025-03-13 13:59 Times Seen9 Hash 904a2fdda2f5990aa3344c70fc91a13f 9f4b29fd2271a9e4e3e8a345b858ae69c9a7b2d8 8747ad8326e52bcf2be26848855bbb08ea150e8dc6c314d0e7ec7fad0251462f Loading...

	unknown	ScriptElement	4.4 kB	2024-09-28	2024-09-28
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-28 08:03 Last Seen2024-09-28 08:03 Times Seen1 Hash 500dc6619bfe393e139e9ae618c05cbe 280a975b06dc19e7560432878a20395fd5324002 86caa0ccb13f572e44956936536eb21748c176f201c940c70430e7d7962f80da Loading...

	unknown	JavascriptURL	8 B	2023-04-10	2025-04-28
Pretty Introduced by javascriptURL Embedded in HTML false Observations First Seen2023-04-10 23:38 Last Seen2025-04-28 01:01 Times Seen12151 Hash 69165ebff8690c39998558705627e927 b86888593992fa44c3d1fe1c665367cb214e5416 0de7a49f6d21fbef846aba4bd271502d7ec9489bfbb3fd96f5ff7cf19140875e Loading...

	prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D	ScriptElement	157 B	2023-03-10	2025-04-24
Pretty URL prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D IP 20.190.177.21 ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 10:38 Last Seen2025-04-24 14:13 Times Seen249 Hash 962b28e9f8133cc633b34f157319a734 b1e076e2501f602eacd091354c44dfd9df7eaa33 323f8b86e5da480dd2f2ea9b757ce8d6fbe9601b80a8ea2f191c43aca3495919 Loading...

HTTP Transactions (21)

URL IP Response Size

r10.o.lencr.org/

23.33.119.27

504 B

URL
r10.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
504 B (504 bytes)
Hash
c6c7d535128f9eb2ec6dcd3d7d62919a
5aaa50926b462ccfc32d84db180a9af68e4d6b46
d498f9efc3307515c07f69fe4e630319e60c13d37700b7f35297c9b8d442b690

HTTP Headers

POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "D498F9EFC3307515C07F69FE4E630319E60C13D37700B7F35297C9B8D442B690"
Last-Modified: Sun, 22 Sep 2024 14:37:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6479
Expires: Tue, 24 Sep 2024 13:51:48 GMT
Date: Tue, 24 Sep 2024 12:03:49 GMT
Connection: keep-alive

assessment.dekrasafety.com/content/img/brand/logo.png

20.80.64.131

9.6 kB

URL
assessment.dekrasafety.com/content/img/brand/logo.png
IP
20.80.64.131:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
PNG image data, 165 x 46, 8-bit/color RGBA, non-interlaced
Size
9.6 kB (9584 bytes)
Hash
6b5feb42276c8ef5230f3c5d7ebde67a
35a7898acaa1f3417efb06e0d27e5f0bce85a514
709fcdfc12e51d9139b8ade6c370ec78cb4ef0fe58a71262207fbced36ddf5fe

HTTP Headers

GET /content/img/brand/logo.png HTTP/1.1
Host: assessment.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://assessment.dekrasafety.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Sep 2024 12:03:50 GMT
content-type: image/png
content-length: 9584
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 16 Sep 2024 03:06:40 GMT
cache-control: no-store
accept-ranges: bytes
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

assessment.dekrasafety.com/fa-regular-400.f386b6b7c6bf65a5.woff2

20.80.64.131

26 kB

URL
assessment.dekrasafety.com/fa-regular-400.f386b6b7c6bf65a5.woff2
IP
20.80.64.131:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
Web Open Font Format (Version 2), TrueType, length 25452, version 773.768
Size
26 kB (25452 bytes)
Hash
023a4a925fa3fce0f66b769ef6bbb264
2ed706340547d19c10a409ee02fb08f3d52ff670
2bccecf0bc7e96cd5ce4003abeb3ae9ee4a3d19158c4e6edfd2df32d2f0d5721

HTTP Headers

GET /fa-regular-400.f386b6b7c6bf65a5.woff2 HTTP/1.1
Host: assessment.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://assessment.dekrasafety.com/styles.6ae391fd9deaade7.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Sep 2024 12:03:52 GMT
content-type: font/woff2
content-length: 25452
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 16 Sep 2024 03:06:36 GMT
cache-control: no-store
accept-ranges: bytes
strict-transport-security: max-age=63072000
X-Firefox-Spdy: h2

assessment.dekrasafety.com/639.c5c9015724b6691b.js

20.80.64.131

2.1 kB

URL
assessment.dekrasafety.com/639.c5c9015724b6691b.js
IP
20.80.64.131:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
gzip compressed data, from Unix
Size
2.1 kB (2054 bytes)
Hash
ef68da3ffa4ddc50c4e5b17ecdb5f6b9
ef6ce5888809106866590a0762b804f091aacac0
189f5b37891df0daad06344c4d1b48a63f7151f5ecee7757832749991a1d3276

HTTP Headers

GET /639.c5c9015724b6691b.js HTTP/1.1
Host: assessment.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://assessment.dekrasafety.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Sep 2024 12:03:51 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 16 Sep 2024 03:06:36 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D

20.190.177.21

200 OK

72 kB

URL User Request GET HTTP/1.1
prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
IP
20.190.177.21:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintE4:75:6A:85:FE:F6:8E:25:DE:B3:7B:05:13:09:96:75:D8:81:67:A0
ValidityWed, 08 May 2024 00:00:00 GMT - Thu, 08 May 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (60339), with CRLF, LF line terminators
Size
72 kB (71737 bytes)
Hash
64c88c77ec18e5450010d6312fdcc05d
008063cfdbf4061678be5b38d8e29fc7e2e47fc7
9f6c2acc8cb964ab2b6936ea63052dbcb0752d27b2f884243cf293d61fc03d2d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D HTTP/1.1
Host: prddekrasafetyplatform.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://assessment.dekrasafety.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
x-ms-gateway-requestid: 83555d30-8a0d-4af3-8efd-4eb8fb0d171b
X-UA-Compatible: IE=edge
X-Request-ID: 3d32bbb8-2a10-4917-aaa7-d25b798ae9c3
X-Build: 1.1.259.0
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-cpim-csrf=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=; domain=prddekrasafetyplatform.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-cache|ulsypraqf0mqp9jbeyrpww_0=m1.jz+OhOzmIsWnHp/j.9NAhNNLVAuyShFjF8f2+3A==.0.Tcigl3IghTsKRCTWRibkQI4BtNYwjfb7q9WWzdt6zmQTx6qApqjyoAZ92qMvw4s2YBnnuCASRmFBfNNjfAl3p6qqOmuJIZXG9yHEAOArLQ3jalsBIldp/ezrRY08MRNyMdbpDCb9UaGCyTI6VD4FslkS26AIeooHRBH3dPCvrYAgQGpUUDlSgVmzgC5spGtkOJo6n1J2t66lji/Z5ZBgXsOepB8E9KB6gYZIBxTlMlcFLT/Ta7sbRVZTfxUNKvn6tAPE4UCUJgOzFLiNajowr6paHkjOYMbp930Q9q9WwA1JE9qpo75NHGjeh4mjiwd7snwCy2m7msKtwTv1bsopYtQPGmdtRmyCVhjX33iquOxGS0WKZHbDrQ8mxNOAw7pyfFalC7b9EagWYW+lu2bq3DE0h9iL9IrsyDSTd2Ql0YWDgApiqSTMmREczxYiXv1txd5v/AsgVKKEbmCVoOq9MdWslkzwYndcwexfcgT4Dt8dhoNpRANBT6BPAwmYFH2/aU44RvWxOeoxm7+PobDn68OoAe+GaFMAorAVeFHWz3/WyQxKw+/n9OqvR3Us+Vv2+KjduRAESZwusFrxNQsSKMjEXUQeOAAz2vT93XdlB7UF0t7RbABmprij/yRD69O/b4fjHsbWcj+LVbvzK9VKx8GzzQ+Fde+MdSuvc4DXOgDgGLRZqx/ClJJO+oxQb0SS3kguG5pgNgUPA7f6JPwIinqCoswwPMoIlx7krXmLki/CicxMndZa0BZLlEW1E89bBLE0XeTUHLa0yi/0KaoIV7X7ihiHH6QwpM+h0pvVCrMirRDhyMyda2UvREcH3tyezj1c4HTc61KiVXMlRM+U39Dkbml/gSW7kLdaZSJ9HW2AcUFdgPpP2aqY+1cyz0GHC23Vbs9i0T/1PxlujBIGfK3GLnmY6U6SMhhl8pqXUEG5H7sMHrzUwPB9bdx1RAn2UdUBeblD8U6h/KKlGbdkW1C0va1us1WG3/KWxFIX/5ovB6sU1SB/qoKqQBo2UwXrSLCGOFK+HHhqP+vRvZ4DUp5S1IE/0JP6cbR+YXXkLKuV6teFLmzZRM3vEpOVoyiG; domain=prddekrasafetyplatform.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyIsIlQiOiJwcmRkZWtyYXNhZmV0eXBsYXRmb3JtLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfc2lnbnVwX3NpZ25pbiIsIkMiOiI0ZTgxOWE3My0xNDNlLTQyMzgtODBjYy0xNTY2MzZjMTA4YzAiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyJ9; domain=prddekrasafetyplatform.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-geo=NA; expires=Tue, 24 Sep 2024 13:03:55 GMT; path=/; secure; samesite=none; httponly
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Tue, 24 Sep 2024 12:03:54 GMT
Content-Length: 71737

myapps.dekrasafety.com/SignInSSO.html

20.40.202.0

200 OK

2.5 kB

URL GET HTTP/1.1
myapps.dekrasafety.com/SignInSSO.html
IP
20.40.202.0:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerGoDaddy.com, Inc.
Subject*.dekrasafety.com
Fingerprint36:5F:1A:42:00:1A:25:3F:0B:DC:2C:C9:13:6B:6E:DB:D5:E5:25:88
ValidityThu, 21 Sep 2023 15:32:03 GMT - Tue, 22 Oct 2024 15:32:03 GMT

File type
HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Size
2.5 kB (2451 bytes)
Hash
b08de628796825bddef64d356947fe2d
260db68304c056a2490530e6af822c10b43129ce
9147be65c46f7e0b9bbf62798d13c1ccdac4c8f5a79248492f26fe81e30d7cc9

HTTP Headers

GET /SignInSSO.html HTTP/1.1
Host: myapps.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://prddekrasafetyplatform.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 2451
Content-Type: text/html
Date: Tue, 24 Sep 2024 12:03:56 GMT
Server: Microsoft-IIS/10.0
Accept-Ranges: bytes
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Content-Encoding: gzip
ETag: "5151bb83c7ced91:0"
Last-Modified: Mon, 14 Aug 2023 15:53:48 GMT
Set-Cookie: ARRAffinity=e89758e10c9869c11e2227a89658629cf00ab1218b50631917483d7ec6ac23ce;Path=/;HttpOnly;Secure;Domain=myapps.dekrasafety.com
ARRAffinitySameSite=e89758e10c9869c11e2227a89658629cf00ab1218b50631917483d7ec6ac23ce;Path=/;HttpOnly;SameSite=None;Secure;Domain=myapps.dekrasafety.com
Vary: Accept-Encoding
X-Powered-By: ASP.NET

o.pki.goog/wr2

142.250.74.131

471 B

URL
o.pki.goog/wr2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
feb07e2ccd1a6c5d52eb93c50730f24b
89b4f6991b57c994760d60fdae929efcc780bebd
f49b13d6a42b55879e11bbfc44873ce2f15f38ea404fc78128c63dd538d0bc84

HTTP Headers

POST /wr2 HTTP/1.1
Host: o.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 24 Sep 2024 12:03:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css2?family=Poppins&display=swap

142.250.74.106

200 OK

829 B

URL GET HTTP/2
fonts.googleapis.com/css2?family=Poppins&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
gzip compressed data, max compression
Size
829 B (829 bytes)
Hash
3b58df70660f813d58690b9d19d03e29
eb1b54f072e0fa0d2b95ab91a12aeec726a94c34
551c5c8f7a90c13846eff4e7cb2ab4cda613da951decc63b16b54078ae7dcd1b

HTTP Headers

GET /css2?family=Poppins&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 24 Sep 2024 12:03:56 GMT
date: Tue, 24 Sep 2024 12:03:56 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

myapps.dekrasafety.com/ManageSlider/SliderList

20.40.202.0

200 OK

1.0 kB

URL POST HTTP/1.1
myapps.dekrasafety.com/ManageSlider/SliderList
IP
20.40.202.0:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerGoDaddy.com, Inc.
Subject*.dekrasafety.com
Fingerprint36:5F:1A:42:00:1A:25:3F:0B:DC:2C:C9:13:6B:6E:DB:D5:E5:25:88
ValidityThu, 21 Sep 2023 15:32:03 GMT - Tue, 22 Oct 2024 15:32:03 GMT

File type
JSON text data
Size
1.0 kB (1007 bytes)
Hash
6301c18006172f89a0e3e62251473f64
86bc7cc95d8ac247a8617044a56ab7b0486c6bf1
56a49802867faf94dfe204a6ce16409f3a1a57a57397a1fc07333dba8365ffb3

HTTP Headers

POST /ManageSlider/SliderList HTTP/1.1
Host: myapps.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://prddekrasafetyplatform.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0

HTTP/1.1 200 OK
Content-Length: 1007
Content-Type: application/json; charset=utf-8
Date: Tue, 24 Sep 2024 12:03:56 GMT
Server: Microsoft-IIS/10.0
Access-Control-Allow-Methods: GET,POST,PUT,DELETE,OPTIONS,PATCH
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
Cache-Control: private
Content-Encoding: gzip
Set-Cookie: ARRAffinity=e89758e10c9869c11e2227a89658629cf00ab1218b50631917483d7ec6ac23ce;Path=/;HttpOnly;Secure;Domain=myapps.dekrasafety.com
ARRAffinitySameSite=e89758e10c9869c11e2227a89658629cf00ab1218b50631917483d7ec6ac23ce;Path=/;HttpOnly;SameSite=None;Secure;Domain=myapps.dekrasafety.com
Vary: Accept-Encoding
X-AspNetMvc-Version: 5.2
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET

blobdspdev.blob.core.windows.net/sif-tool/flaticon.css

20.60.194.225

200 OK

12 kB

URL GET HTTP/1.1
blobdspdev.blob.core.windows.net/sif-tool/flaticon.css
IP
20.60.194.225:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerMicrosoft Corporation
Subject*.blob.core.windows.net
FingerprintDD:64:62:7C:8E:B1:9B:15:58:5C:DF:CB:1C:65:16:B0:E6:20:6F:00
ValidityWed, 27 Mar 2024 16:30:23 GMT - Sat, 22 Mar 2025 16:30:23 GMT

File type
ASCII text, with CRLF line terminators
Size
12 kB (12549 bytes)
Hash
9bef3531a9356f8fe8a72a94650855fc
7217ae7b82766e0b60344bf2a17398b4c8ee52bd
4c6e80e98e54536d241ba5870692dbaaade5d31f2e1513f794a35982979ca4c6

HTTP Headers

GET /sif-tool/flaticon.css HTTP/1.1
Host: blobdspdev.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 12549
Content-Type: text/css
Content-MD5: m+81Mak1b4/opyqUZQhV/A==
Last-Modified: Thu, 15 Oct 2020 07:37:39 GMT
Accept-Ranges: bytes
ETag: "0x8D870DD318C7295"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b4af4d9c-201e-0083-0e79-0e4509000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
Date: Tue, 24 Sep 2024 12:03:56 GMT

blobdspdev.blob.core.windows.net/sif-tool/Custom.css

20.60.194.225

200 OK

15 kB

URL GET HTTP/1.1
blobdspdev.blob.core.windows.net/sif-tool/Custom.css
IP
20.60.194.225:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerMicrosoft Corporation
Subject*.blob.core.windows.net
FingerprintDD:64:62:7C:8E:B1:9B:15:58:5C:DF:CB:1C:65:16:B0:E6:20:6F:00
ValidityWed, 27 Mar 2024 16:30:23 GMT - Sat, 22 Mar 2025 16:30:23 GMT

File type
assembler source, ASCII text, with CRLF line terminators
Size
15 kB (15418 bytes)
Hash
1f7db0ad954b79f47257dcd2bc4e63bd
8b21407034114d2ff4b4dfcee3717eeb6add79d2
aa4e7a0d6a1afcb7f08ec48d934816716493fee209071a52313f63b06a1759a9

HTTP Headers

GET /sif-tool/Custom.css HTTP/1.1
Host: blobdspdev.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 15418
Content-Type: text/css
Content-MD5: H32wrZVLefRyV9zSvE5jvQ==
Last-Modified: Fri, 18 Jun 2021 11:41:44 GMT
Accept-Ranges: bytes
ETag: "0x8D9324E0C959534"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: e05febd8-701e-0018-4679-0ec831000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
Date: Tue, 24 Sep 2024 12:03:56 GMT

blobdspdev.blob.core.windows.net/sif-tool/logo.png

20.60.194.225

200 OK

8.8 kB

URL GET HTTP/1.1
blobdspdev.blob.core.windows.net/sif-tool/logo.png
IP
20.60.194.225:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerMicrosoft Corporation
Subject*.blob.core.windows.net
FingerprintDD:64:62:7C:8E:B1:9B:15:58:5C:DF:CB:1C:65:16:B0:E6:20:6F:00
ValidityWed, 27 Mar 2024 16:30:23 GMT - Sat, 22 Mar 2025 16:30:23 GMT

File type
PNG image data, 350 x 97, 8-bit/color RGBA, non-interlaced
Size
8.8 kB (8751 bytes)
Hash
b98c72ca5ccae1aaa3c02fd6a5bfd6db
60b8dde3db667ba80940be3db6f57d17b8ba6fc2
56ba3399792b21a56a4cdb94b00dedd91e3916ecf7ceddd6df9b869b0f4250e4

HTTP Headers

GET /sif-tool/logo.png HTTP/1.1
Host: blobdspdev.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 8751
Content-Type: image/png
Content-MD5: uYxyylzK4aqjwC/Wpb/W2w==
Last-Modified: Thu, 30 Apr 2020 10:46:52 GMT
Accept-Ranges: bytes
ETag: "0x8D7ECF3CB0DFF2C"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: b4af4e5e-201e-0083-4179-0e4509000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
Access-Control-Allow-Origin: *
Date: Tue, 24 Sep 2024 12:03:56 GMT

fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2

216.58.207.227

200 OK

7.9 kB

URL GET HTTP/2
fonts.gstatic.com/s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerGoogle Trust Services
Subject*.gstatic.com
FingerprintEA:6A:C6:A3:F6:90:16:40:23:03:8F:A5:6F:71:11:F6:FA:B7:5F:C3
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v21/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://prddekrasafetyplatform.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Sep 2024 16:27:58 GMT
expires: Fri, 19 Sep 2025 16:27:58 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 22 Mar 2024 00:00:38 GMT
content-type: font/woff2
age: 416158
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin

20.190.177.21

200 OK

0 B

URL POST HTTP/1.1
prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin
IP
20.190.177.21:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintE4:75:6A:85:FE:F6:8E:25:DE:B3:7B:05:13:09:96:75:D8:81:67:A0
ValidityWed, 08 May 2024 00:00:00 GMT - Thu, 08 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

POST /prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/client/perftrace?tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin HTTP/1.1
Host: prddekrasafetyplatform.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json; charset=utf-8
X-CSRF-TOKEN: cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=
X-Requested-With: XMLHttpRequest
Content-Length: 4060
Origin: https://prddekrasafetyplatform.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Cookie: x-ms-cpim-csrf=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=; x-ms-cpim-cache|ulsypraqf0mqp9jbeyrpww_0=m1.jz+OhOzmIsWnHp/j.9NAhNNLVAuyShFjF8f2+3A==.0.Tcigl3IghTsKRCTWRibkQI4BtNYwjfb7q9WWzdt6zmQTx6qApqjyoAZ92qMvw4s2YBnnuCASRmFBfNNjfAl3p6qqOmuJIZXG9yHEAOArLQ3jalsBIldp/ezrRY08MRNyMdbpDCb9UaGCyTI6VD4FslkS26AIeooHRBH3dPCvrYAgQGpUUDlSgVmzgC5spGtkOJo6n1J2t66lji/Z5ZBgXsOepB8E9KB6gYZIBxTlMlcFLT/Ta7sbRVZTfxUNKvn6tAPE4UCUJgOzFLiNajowr6paHkjOYMbp930Q9q9WwA1JE9qpo75NHGjeh4mjiwd7snwCy2m7msKtwTv1bsopYtQPGmdtRmyCVhjX33iquOxGS0WKZHbDrQ8mxNOAw7pyfFalC7b9EagWYW+lu2bq3DE0h9iL9IrsyDSTd2Ql0YWDgApiqSTMmREczxYiXv1txd5v/AsgVKKEbmCVoOq9MdWslkzwYndcwexfcgT4Dt8dhoNpRANBT6BPAwmYFH2/aU44RvWxOeoxm7+PobDn68OoAe+GaFMAorAVeFHWz3/WyQxKw+/n9OqvR3Us+Vv2+KjduRAESZwusFrxNQsSKMjEXUQeOAAz2vT93XdlB7UF0t7RbABmprij/yRD69O/b4fjHsbWcj+LVbvzK9VKx8GzzQ+Fde+MdSuvc4DXOgDgGLRZqx/ClJJO+oxQb0SS3kguG5pgNgUPA7f6JPwIinqCoswwPMoIlx7krXmLki/CicxMndZa0BZLlEW1E89bBLE0XeTUHLa0yi/0KaoIV7X7ihiHH6QwpM+h0pvVCrMirRDhyMyda2UvREcH3tyezj1c4HTc61KiVXMlRM+U39Dkbml/gSW7kLdaZSJ9HW2AcUFdgPpP2aqY+1cyz0GHC23Vbs9i0T/1PxlujBIGfK3GLnmY6U6SMhhl8pqXUEG5H7sMHrzUwPB9bdx1RAn2UdUBeblD8U6h/KKlGbdkW1C0va1us1WG3/KWxFIX/5ovB6sU1SB/qoKqQBo2UwXrSLCGOFK+HHhqP+vRvZ4DUp5S1IE/0JP6cbR+YXXkLKuV6teFLmzZRM3vEpOVoyiG; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyIsIlQiOiJwcmRkZWtyYXNhZmV0eXBsYXRmb3JtLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfc2lnbnVwX3NpZ25pbiIsIkMiOiI0ZTgxOWE3My0xNDNlLTQyMzgtODBjYy0xNTY2MzZjMTA4YzAiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyJ9; x-ms-cpim-geo=NA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
x-ms-gateway-requestid: 5d35db15-14b7-4501-8432-aa3dcbfbfe7e
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Tue, 24 Sep 2024 12:03:55 GMT
Content-Length: 0

ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

142.250.74.74

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerGoogle Trust Services
Subjectupload.video.google.com
FingerprintC6:E8:36:27:AB:3A:34:33:0B:85:2C:D8:6C:0A:74:34:71:6A:F5:62
ValidityMon, 26 Aug 2024 07:12:45 GMT - Mon, 18 Nov 2024 07:12:44 GMT

File type
JavaScript source, ASCII text, with very long lines (32030)
Size
30 kB (30244 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 19 Sep 2024 15:03:14 GMT
expires: Fri, 19 Sep 2025 15:03:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 421243
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blobdspprd.blob.core.windows.net/sif-tool/iStock-522555014.jpg

20.209.184.65

200 OK

1.7 MB

URL GET HTTP/1.1
blobdspprd.blob.core.windows.net/sif-tool/iStock-522555014.jpg
IP
20.209.184.65:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerMicrosoft Corporation
Subject*.blob.core.windows.net
FingerprintDF:BD:B8:AC:56:47:E7:B5:22:87:76:67:DD:F1:BB:A4:69:44:36:79
ValidityWed, 03 Apr 2024 06:17:51 GMT - Sat, 29 Mar 2025 06:17:51 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 300x300, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=8, description=Back view of successful manager looking the city from his office, orientation=upper-left, xresolution=110, yresolution=118, resolutionunit=2, software=Adobe Photoshop CS6 (Windows) (Adobe Photoshop CS6, datetime=2016:02:05 14:39:00], baseline, precision 8, 2121x1414, components 3
Size
1.7 MB (1656227 bytes)
Hash
d73409e1f8c08e5e7930daf4d9fd110f
626ae08956a4062e2680f7074c058d6944452357
813dca6877bcabc51ce63cb15485dcfdf6c57c727844052fbd579f8f1b1105a5

HTTP Headers

GET /sif-tool/iStock-522555014.jpg HTTP/1.1
Host: blobdspprd.blob.core.windows.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Length: 1656227
Content-Type: image/jpeg
Content-MD5: 1zQJ4fjAjl55MNr02f0RDw==
Last-Modified: Wed, 14 Apr 2021 13:43:38 GMT
Accept-Ranges: bytes
ETag: "0x8D8FF4B4F33470B"
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 29f8e1d1-a01e-007e-1779-0e95e1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
Date: Tue, 24 Sep 2024 12:03:56 GMT

assessment.dekrasafety.com/63.7831534115364ba5.js

20.80.64.131

14 kB

URL
assessment.dekrasafety.com/63.7831534115364ba5.js
IP
20.80.64.131:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
gzip compressed data, from Unix
Size
14 kB (14209 bytes)
Hash
d17f66fcb84d32689c96fb53f5bd4769
594ff0f1034feeed53b165df43585251d2b5b304
ae0db7646f68d04c6ebd6968fca65b472ac30a7aa7db0c0f360b0fb60cac7958

HTTP Headers

GET /63.7831534115364ba5.js HTTP/1.1
Host: assessment.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://assessment.dekrasafety.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Sep 2024 12:03:51 GMT
content-type: application/javascript
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 16 Sep 2024 03:06:36 GMT
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

assessment.dekrasafety.com/content/favicon.ico

20.80.64.131

7.9 kB

URL
assessment.dekrasafety.com/content/favicon.ico
IP
20.80.64.131:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
gzip compressed data, from Unix
Size
7.9 kB (7943 bytes)
Hash
c1563a020b89008dd650016f7bd39786
9f4e64dc6c1a3fa238af5220a352c6cb630204a1
392b342c00182403aae39efac6f36f8d2f17db5418bf821e1775b3fb2e76e4a4

HTTP Headers

GET /content/favicon.ico HTTP/1.1
Host: assessment.dekrasafety.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://assessment.dekrasafety.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 24 Sep 2024 12:03:51 GMT
content-type: image/x-icon
vary: Accept-Encoding, Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Mon, 16 Sep 2024 03:06:40 GMT
cache-control: no-store
strict-transport-security: max-age=63072000
content-encoding: gzip
X-Firefox-Spdy: h2

prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/SelfAsserted?tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin

20.190.177.21

200 OK

136 B

URL POST HTTP/1.1
prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/SelfAsserted?tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin
IP
20.190.177.21:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintE4:75:6A:85:FE:F6:8E:25:DE:B3:7B:05:13:09:96:75:D8:81:67:A0
ValidityWed, 08 May 2024 00:00:00 GMT - Thu, 08 May 2025 23:59:59 GMT

File type
JSON text data
Size
136 B (136 bytes)
Hash
b5206f4a72e76ccb39f926b9266eabc4
21bed52d35bdcbcb19d7c5c46e7633a90ee6de5f
3d2e31593aa639799db53c6825b15a48325afb87dcf9e64e98e7e1118bcbf10f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

POST /prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/SelfAsserted?tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin HTTP/1.1
Host: prddekrasafetyplatform.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-TOKEN: cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=
X-Requested-With: XMLHttpRequest
Content-Length: 53
Origin: https://prddekrasafetyplatform.b2clogin.com
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Cookie: x-ms-cpim-csrf=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=; x-ms-cpim-cache|ulsypraqf0mqp9jbeyrpww_0=m1.jz+OhOzmIsWnHp/j.9NAhNNLVAuyShFjF8f2+3A==.0.Tcigl3IghTsKRCTWRibkQI4BtNYwjfb7q9WWzdt6zmQTx6qApqjyoAZ92qMvw4s2YBnnuCASRmFBfNNjfAl3p6qqOmuJIZXG9yHEAOArLQ3jalsBIldp/ezrRY08MRNyMdbpDCb9UaGCyTI6VD4FslkS26AIeooHRBH3dPCvrYAgQGpUUDlSgVmzgC5spGtkOJo6n1J2t66lji/Z5ZBgXsOepB8E9KB6gYZIBxTlMlcFLT/Ta7sbRVZTfxUNKvn6tAPE4UCUJgOzFLiNajowr6paHkjOYMbp930Q9q9WwA1JE9qpo75NHGjeh4mjiwd7snwCy2m7msKtwTv1bsopYtQPGmdtRmyCVhjX33iquOxGS0WKZHbDrQ8mxNOAw7pyfFalC7b9EagWYW+lu2bq3DE0h9iL9IrsyDSTd2Ql0YWDgApiqSTMmREczxYiXv1txd5v/AsgVKKEbmCVoOq9MdWslkzwYndcwexfcgT4Dt8dhoNpRANBT6BPAwmYFH2/aU44RvWxOeoxm7+PobDn68OoAe+GaFMAorAVeFHWz3/WyQxKw+/n9OqvR3Us+Vv2+KjduRAESZwusFrxNQsSKMjEXUQeOAAz2vT93XdlB7UF0t7RbABmprij/yRD69O/b4fjHsbWcj+LVbvzK9VKx8GzzQ+Fde+MdSuvc4DXOgDgGLRZqx/ClJJO+oxQb0SS3kguG5pgNgUPA7f6JPwIinqCoswwPMoIlx7krXmLki/CicxMndZa0BZLlEW1E89bBLE0XeTUHLa0yi/0KaoIV7X7ihiHH6QwpM+h0pvVCrMirRDhyMyda2UvREcH3tyezj1c4HTc61KiVXMlRM+U39Dkbml/gSW7kLdaZSJ9HW2AcUFdgPpP2aqY+1cyz0GHC23Vbs9i0T/1PxlujBIGfK3GLnmY6U6SMhhl8pqXUEG5H7sMHrzUwPB9bdx1RAn2UdUBeblD8U6h/KKlGbdkW1C0va1us1WG3/KWxFIX/5ovB6sU1SB/qoKqQBo2UwXrSLCGOFK+HHhqP+vRvZ4DUp5S1IE/0JP6cbR+YXXkLKuV6teFLmzZRM3vEpOVoyiG; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyIsIlQiOiJwcmRkZWtyYXNhZmV0eXBsYXRmb3JtLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfc2lnbnVwX3NpZ25pbiIsIkMiOiI0ZTgxOWE3My0xNDNlLTQyMzgtODBjYy0xNTY2MzZjMTA4YzAiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyJ9; x-ms-cpim-geo=NA
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: no-store, must-revalidate, no-cache
Content-Type: text/json; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
x-ms-gateway-requestid: bef1d9b5-7733-45bb-97a5-75b0d8961482
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-cpim-cache|ulsypraqf0mqp9jbeyrpww_0=m1.Nhc4gWykyDIhpa7Y.+urrdg6iqETixmYA2T+Brg==.0.qSt4yeSoP8WzO7NIAsdQ7hWZ44xI3CxWGk0umbXip6mZe7LA3SkFe3Z9zw/bgz5rI5XZR8Ppl+A0FKvSyI9SRBwyGDYubgRb86gyCTrjPYY75n1xypf7tbMXlJlNTlys0zvprOf06YPFgsC9BSj2D9J3z1JswV/wpztrFUnrq00OpCAi1Mfj1CsE+h3eUe0D87gFJ8i3PlWLmqjaRJ/aLevX9R5IUt5qRtZo/dLvr25WU+0JmWyBIUCi4gpVaxNfvfXYo40/tgFiShxWLnkVgSgiGPhBHcZ48lNRJy889H4UR76r9v7ZHCTqQZDeVnNobf1UcOMI+rL3WM+2sEMCoBFA3vUlG25GBSVjX39seT0cypsZLa3n2Tya0N0SHF3d7SgA6L6wkVAvXgnNxJwwOU6oWbW0ZJBO9F+4WzRaeUhweXZOgmHyqTFrDqtGh503vWK1/KbVdG1CX05x1zqUU1hKXGUdbEiqTNt5W2ZYBbvDFe+LcmQi8m8lckaHlf9mIhQe0r5J7G2rjJBDBgFXOzxrrImbMWgcYzLjsbogbDjNdGThrfwFyQ2GjIX5f26xwct7UzHOzfQzU+YA+NfbGlEpED4pUySGfEb+R4XNHhbxbg6o+zVdFcA3WVWBEP6ZQtr57LynsZZIoz0bZv6Rx90uLc0Zhan9tLKy4FsBQp0NsJ+1PAqZ037sUvdxKkPgNq3wuDdwy15d2XjZvkLr1LgAjGOiTD0UtCsAOX5k8AnJ/fawPRCJkHGkx/R/dMOF7Mvzn05cmQEbTzItMkEpJoeJXLkDxN656JSj6xyL1K88v2qenMEaPfvqfyz/AjPVNhZlha5qEwg+2yml3+Z8lfmkKIQWgKibhbZNpfSHJGtfzYsK3R7zeV1HXwzwL8p6KQ+4wLJ30K0UGVVEMWsOpeUzNVDphA7gzabWLheWVxPuzbn7Yww5+HtCVy5AsRKFkXVbvyEgVZHnDKabYOZQqBLP6zhYOqSx15dg3Hl+zoA0AU9sDkLClOy5PPNJh+48U9+IfpzJZ7BkEOAr6QHWw5jY0Fd/5LHEGf3pXDZNLPk62HXy0JRVu7f0asEGAEVnfzVkIzRCwv5VXs896ZjFzn46Pe8zS7ZoYRDdPwtHGC+mCevOVnLku+onB9Y92S7S8v2QsXUSlEQ=; domain=prddekrasafetyplatform.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyIsIlQiOiJwcmRkZWtyYXNhZmV0eXBsYXRmb3JtLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfc2lnbnVwX3NpZ25pbiIsIkMiOiI0ZTgxOWE3My0xNDNlLTQyMzgtODBjYy0xNTY2MzZjMTA4YzAiLCJTIjoyLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyJ9; domain=prddekrasafetyplatform.b2clogin.com; path=/; SameSite=None; secure; HttpOnly
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Tue, 24 Sep 2024 12:04:11 GMT
Content-Length: 136

prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/api/SelfAsserted/confirmed?csrf_token=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=&tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin&diags=%7B%22pageViewId%22%3A%2283555d30-8a0d-4af3-8efd-4eb8fb0d171b%22%2C%22pageId%22%3A%22SelfAsserted%22%2C%22trace%22%3A%5B%7B%22ac%22%3A%22T005%22%2C%22acST%22%3A1727179435%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T021%20-%20URL%3Ahttps%3A%2F%2Fmyapps.dekrasafety.com%2FSignInSSO.html%22%2C%22acST%22%3A1727179435%2C%22acD%22%3A803%7D%2C%7B%22ac%22%3A%22T019%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A9%7D%2C%7B%22ac%22%3A%22T004%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A6%7D%2C%7B%22ac%22%3A%22T003%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T035%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T030Online%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A364%7D%2C%7B%22ac%22%3A%22T002%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A366%7D%5D%7D

20.190.177.21

634 B

URL User Request GET
prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/api/SelfAsserted/confirmed?csrf_token=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=&tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin&diags=%7B%22pageViewId%22%3A%2283555d30-8a0d-4af3-8efd-4eb8fb0d171b%22%2C%22pageId%22%3A%22SelfAsserted%22%2C%22trace%22%3A%5B%7B%22ac%22%3A%22T005%22%2C%22acST%22%3A1727179435%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T021%20-%20URL%3Ahttps%3A%2F%2Fmyapps.dekrasafety.com%2FSignInSSO.html%22%2C%22acST%22%3A1727179435%2C%22acD%22%3A803%7D%2C%7B%22ac%22%3A%22T019%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A9%7D%2C%7B%22ac%22%3A%22T004%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A6%7D%2C%7B%22ac%22%3A%22T003%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T035%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T030Online%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A364%7D%2C%7B%22ac%22%3A%22T002%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A366%7D%5D%7D
IP
20.190.177.21:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerDigiCert Inc
Subjectgraph.windows.net
FingerprintE4:75:6A:85:FE:F6:8E:25:DE:B3:7B:05:13:09:96:75:D8:81:67:A0
ValidityWed, 08 May 2024 00:00:00 GMT - Thu, 08 May 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (562), with CRLF line terminators
Size
634 B (634 bytes)
Hash
5eb2c23cae9e666d8ceb4aa96fd0c62f
205e272db226b0629b2fceae333ea72b6f3bffbd
0e405b8ae06aaef02c40fc18d4a05eab863c811f9cb4c92f6887958fd93f0dff

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /prddekrasafetyplatform.onmicrosoft.com/B2C_1A_signup_signin/api/SelfAsserted/confirmed?csrf_token=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=&tx=StateProperties=eyJUSUQiOiIzZDMyYmJiOC0yYTEwLTQ5MTctYWFhNy1kMjViNzk4YWU5YzMifQ&p=B2C_1A_signup_signin&diags=%7B%22pageViewId%22%3A%2283555d30-8a0d-4af3-8efd-4eb8fb0d171b%22%2C%22pageId%22%3A%22SelfAsserted%22%2C%22trace%22%3A%5B%7B%22ac%22%3A%22T005%22%2C%22acST%22%3A1727179435%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T021%20-%20URL%3Ahttps%3A%2F%2Fmyapps.dekrasafety.com%2FSignInSSO.html%22%2C%22acST%22%3A1727179435%2C%22acD%22%3A803%7D%2C%7B%22ac%22%3A%22T019%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A9%7D%2C%7B%22ac%22%3A%22T004%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A6%7D%2C%7B%22ac%22%3A%22T003%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A2%7D%2C%7B%22ac%22%3A%22T035%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T030Online%22%2C%22acST%22%3A1727179436%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A364%7D%2C%7B%22ac%22%3A%22T002%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A0%7D%2C%7B%22ac%22%3A%22T017T010%22%2C%22acST%22%3A1727179451%2C%22acD%22%3A366%7D%5D%7D HTTP/1.1
Host: prddekrasafetyplatform.b2clogin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Cookie: x-ms-cpim-csrf=cDBkU254bFFPbWFIMXdvYUtIKzdsbXZEaDUxeE5EVG5hRG5oTytNMGNLQ1dKYk55ZExHWitKUzdtK2llcDN4eFZTcXB5Wm9vV09RU2VOVitzSVRsQlE9PTsyMDI0LTA5LTI0VDEyOjAzOjU0LjUzMDUzMTFaOzRNY0toYjJaOUlaK1dKNXhZbjh5VkE9PTt7IlRhcmdldEVudGl0eSI6IlNpZ25pbkVtYWlsRXhjaGFuZ2UiLCJPcmNoZXN0cmF0aW9uU3RlcCI6MX0=; x-ms-cpim-cache|ulsypraqf0mqp9jbeyrpww_0=m1.Nhc4gWykyDIhpa7Y.+urrdg6iqETixmYA2T+Brg==.0.qSt4yeSoP8WzO7NIAsdQ7hWZ44xI3CxWGk0umbXip6mZe7LA3SkFe3Z9zw/bgz5rI5XZR8Ppl+A0FKvSyI9SRBwyGDYubgRb86gyCTrjPYY75n1xypf7tbMXlJlNTlys0zvprOf06YPFgsC9BSj2D9J3z1JswV/wpztrFUnrq00OpCAi1Mfj1CsE+h3eUe0D87gFJ8i3PlWLmqjaRJ/aLevX9R5IUt5qRtZo/dLvr25WU+0JmWyBIUCi4gpVaxNfvfXYo40/tgFiShxWLnkVgSgiGPhBHcZ48lNRJy889H4UR76r9v7ZHCTqQZDeVnNobf1UcOMI+rL3WM+2sEMCoBFA3vUlG25GBSVjX39seT0cypsZLa3n2Tya0N0SHF3d7SgA6L6wkVAvXgnNxJwwOU6oWbW0ZJBO9F+4WzRaeUhweXZOgmHyqTFrDqtGh503vWK1/KbVdG1CX05x1zqUU1hKXGUdbEiqTNt5W2ZYBbvDFe+LcmQi8m8lckaHlf9mIhQe0r5J7G2rjJBDBgFXOzxrrImbMWgcYzLjsbogbDjNdGThrfwFyQ2GjIX5f26xwct7UzHOzfQzU+YA+NfbGlEpED4pUySGfEb+R4XNHhbxbg6o+zVdFcA3WVWBEP6ZQtr57LynsZZIoz0bZv6Rx90uLc0Zhan9tLKy4FsBQp0NsJ+1PAqZ037sUvdxKkPgNq3wuDdwy15d2XjZvkLr1LgAjGOiTD0UtCsAOX5k8AnJ/fawPRCJkHGkx/R/dMOF7Mvzn05cmQEbTzItMkEpJoeJXLkDxN656JSj6xyL1K88v2qenMEaPfvqfyz/AjPVNhZlha5qEwg+2yml3+Z8lfmkKIQWgKibhbZNpfSHJGtfzYsK3R7zeV1HXwzwL8p6KQ+4wLJ30K0UGVVEMWsOpeUzNVDphA7gzabWLheWVxPuzbn7Yww5+HtCVy5AsRKFkXVbvyEgVZHnDKabYOZQqBLP6zhYOqSx15dg3Hl+zoA0AU9sDkLClOy5PPNJh+48U9+IfpzJZ7BkEOAr6QHWw5jY0Fd/5LHEGf3pXDZNLPk62HXy0JRVu7f0asEGAEVnfzVkIzRCwv5VXs896ZjFzn46Pe8zS7ZoYRDdPwtHGC+mCevOVnLku+onB9Y92S7S8v2QsXUSlEQ=; x-ms-cpim-trans=eyJUX0RJQyI6W3siSSI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyIsIlQiOiJwcmRkZWtyYXNhZmV0eXBsYXRmb3JtLm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMWFfc2lnbnVwX3NpZ25pbiIsIkMiOiI0ZTgxOWE3My0xNDNlLTQyMzgtODBjYy0xNTY2MzZjMTA4YzAiLCJTIjoyLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6IjNkMzJiYmI4LTJhMTAtNDkxNy1hYWE3LWQyNWI3OThhZTljMyJ9; x-ms-cpim-geo=NA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: no-store, must-revalidate, no-cache
Content-Type: text/html; charset=utf-8
Location: https://assessment.dekrasafety.com/oauth-callback#error=server_error&error_description=AADB2C90075%3a+The+claims+exchange+%27REST-Validate-Domain%27+specified+in+step+%272%27+returned+HTTP+error+response+with+Code+%27InternalServerError%27+and+Reason+%27Internal+Server+Error%27.%0d%0aCorrelation+ID%3a+3d32bbb8-2a10-4917-aaa7-d25b798ae9c3%0d%0aTimestamp%3a+2024-09-24+12%3a04%3a12Z%0d%0a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3d
x-ms-gateway-requestid: 6bf66a9f-bf02-4505-8992-9ac78ea636ca
X-Frame-Options: DENY
Public: OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: x-ms-cpim-cache|ulsypraqf0mqp9jbeyrpww_0=; domain=prddekrasafetyplatform.b2clogin.com; expires=Wed, 24-Sep-2014 12:04:12 GMT; path=/; SameSite=None; secure; HttpOnly
x-ms-cpim-trans=; domain=prddekrasafetyplatform.b2clogin.com; expires=Wed, 24-Sep-2014 12:04:12 GMT; path=/; SameSite=None; secure; HttpOnly
Allow: OPTIONS, TRACE, GET, HEAD, POST
Date: Tue, 24 Sep 2024 12:04:13 GMT
Content-Length: 634

maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css

104.18.10.207

200 OK

122 kB

URL GET HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css
IP
104.18.10.207:443
ASN
#13335 CLOUDFLARENET

Requested by
https://prddekrasafetyplatform.b2clogin.com/prddekrasafetyplatform.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/authorize?client_id=4e819a73-143e-4238-80cc-156636c108c0&scope=openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Fassessment.dekrasafety.com%2Foauth-callback&client-request-id=c46b0d81-9f82-48fe-977c-13acee632e35&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.6.0&client_info=1&code_challenge=w4c61_a-s4iPQDl05mRG45QD1WZ-N5in7AlMRt3MhMA&code_challenge_method=S256&nonce=73fa5c2b-2107-42e5-a630-c03fe004f53a&state=eyJpZCI6IjNhOTAxNTZkLWMzY2MtNGE0Ny1hMTgwLTdhMjk1Nzk2ZDIzNCIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Certificate
IssuerGoogle Trust Services
Subjectbootstrapcdn.com
Fingerprint95:66:C2:43:CE:55:3C:D7:76:0E:9C:5F:28:8C:E9:AA:DC:AC:A2:59
ValidityFri, 20 Sep 2024 01:25:04 GMT - Thu, 19 Dec 2024 01:25:03 GMT

File type
ASCII text, with very long lines (65371)
Size
122 kB (122540 bytes)
Hash
5d5357cb3704e1f43a1f5bfed2aebf42
08df9a96752852f2cbd310c30facd934e348c2c5
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87

HTTP Headers

GET /bootstrap/3.3.5/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://prddekrasafetyplatform.b2clogin.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 24 Sep 2024 12:03:56 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: W/"5d5357cb3704e1f43a1f5bfed2aebf42"
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-proxyver: 1.04
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cdn-cachedat: 03/18/2024 12:42:14
cdn-edgestorageid: 1070
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: 3faad83a8f35d6b3fc543f70deeabd6b
cdn-cache: HIT
content-encoding: br
cf-cache-status: HIT
age: 7008492
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 8c82a254ad7256a5-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size