Report - 1701666918.eurotesting99.cc/index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html

Report Overview

Visited public
2023-12-04 05:16:06
Tags
salesforce phishing
Submit Tags
URL
1701666918.eurotesting99.cc/index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html
Finishing URL
1701666918.eurotesting99.cc/index/user/login/1701666950.html
IP / ASN
172.67.210.31
#13335 CLOUDFLARENET
Title
Sign in
Phishing - Salesforce

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
1701666918.eurotesting99.cc	unknown	unknown	No data	No data	15 kB	1.0 MB	104.21.16.54
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.6 kB	50 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	942 B	11 kB	142.250.74.106

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-04 05:15:54	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:54	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:54	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:56	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:57	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:57	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:58	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:15:59	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:16:00	medium	Client IP	Internal IP	ET DNS Query for .cc TLD
2023-12-04 05:16:00	medium	Client IP	Internal IP	ET DNS Query for .cc TLD

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	1701666918.eurotesting99.cc/static_new/js/dialog.min.js	ScriptElement	28 kB	2023-04-07	2025-07-10
Pretty URL 1701666918.eurotesting99.cc/static_new/js/dialog.min.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-07 00:16 Last Seen2025-07-10 13:09 Times Seen3414 Hash 5b00205ad1fe51bf8f61bcb3de292faa 4b12f988964d29bd82b14e71b86104a1a91b667b d1eef2b2ff683e089b9d124aa8090e174252e0894af20ae6d78fed7dc69744d5 Loading...

	1701666918.eurotesting99.cc/red/jquery-3.3.1.min.js	ScriptElement	87 kB	2023-03-07	2025-07-12
Pretty URL 1701666918.eurotesting99.cc/red/jquery-3.3.1.min.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-07-12 01:12 Times Seen65311 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	1701666918.eurotesting99.cc/index/user/login/1701666950.html	ScriptElement	188 B	2023-08-28	2024-08-21
Pretty URL 1701666918.eurotesting99.cc/index/user/login/1701666950.html IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-28 11:00 Last Seen2024-08-21 07:54 Times Seen1849 Hash 278807b37126bbe79c019bb2b9474219 2878091eb21533a2c62d4dfbb3a9c186ea7b1d58 35cb897d6a911aa382bbc814f7c5cfa9550041d20cd0f845d3e64ed8be8cd77b Loading...

	1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.js	ScriptElement	140 kB	2023-03-07	2025-07-10
Pretty URL 1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20 Last Seen2025-07-10 13:09 Times Seen3336 Hash c4358cb63a4b96c5d71a2fb630871f30 be3b7d9d5bbd680d035f768345778d84eb08fe23 c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229 Loading...

	1701666918.eurotesting99.cc/public/js/layer_mobile/layer.js	ScriptElement	3.3 kB	2023-03-07	2025-07-10
Pretty URL 1701666918.eurotesting99.cc/public/js/layer_mobile/layer.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:34 Last Seen2025-07-10 13:09 Times Seen3761 Hash 79b7829af0bbfea5760aa606bf1a02c7 54c27862e41ef815009fca7b54d9d463cfb015bc 2fc4428e63cd5bd982210576674877bd1ba3eb59b9f4686d3668fd94530fa4b7 Loading...

	1701666918.eurotesting99.cc/vue.js	ScriptElement	344 kB	2023-03-12	2024-10-14
Pretty URL 1701666918.eurotesting99.cc/vue.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 17:52 Last Seen2024-10-14 19:36 Times Seen1927 Hash f5c020d18d70f21851364d0570d38127 5dba3f5cb7463e356310fc14e26d3358c1b00ed2 58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c Loading...

	1701666918.eurotesting99.cc/red/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-07-11
Pretty URL 1701666918.eurotesting99.cc/red/popper.min.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-11 22:03 Times Seen10604 Hash 56456db9d72a4b380ed3cb63095e6022 6dbce88aee15b42f29083df7a07513cf3b486ba0 66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2 Loading...

	1701666918.eurotesting99.cc/red/jquery.cookie.js	ScriptElement	3.1 kB	2023-03-07	2025-07-12
Pretty URL 1701666918.eurotesting99.cc/red/jquery.cookie.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06 Last Seen2025-07-12 01:15 Times Seen8164 Hash d5528dde0006c78be04817327c2f9b6f 31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8 b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8 Loading...

	1701666918.eurotesting99.cc/static_new/js/common.js	ScriptElement	2.6 kB	2023-07-22	2024-08-21
Pretty URL 1701666918.eurotesting99.cc/static_new/js/common.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-22 22:30 Last Seen2024-08-21 09:43 Times Seen1881 Hash 4e3725bd66c9f142d4468799bd513bbd 85a79d2444f2efa6db1140edfdacb028ea0265b5 137ab52ea1f182be9d4c84d01110a7d54b4523c7f2a8b504737c138874f9a5b2 Loading...

	1701666918.eurotesting99.cc/index/user/login/1701666950.html	ScriptElement	317 B	2023-03-12	2024-08-21
Pretty URL 1701666918.eurotesting99.cc/index/user/login/1701666950.html IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 13:45 Last Seen2024-08-21 09:43 Times Seen1900 Hash 2fa7998f2ef1c1f8fbc81c7cb8d7bd8f 8eea9c77ffa0ab1657cc5a7794cd34bce3497076 a308de4b11e78c4e3c5179581f19cd9fc1fd3373555d95c456ff249f98a80f59 Loading...

	1701666918.eurotesting99.cc/index/user/login/1701666950.html	ScriptElement	47 B	2023-03-12	2025-04-18
Pretty URL 1701666918.eurotesting99.cc/index/user/login/1701666950.html IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-12 13:45 Last Seen2025-04-18 11:34 Times Seen1885 Hash fe981e5f023b8a2997081643f731293f 16635d10a2bccf13ea7a5b5c49a4bf448abab880 6569c992f7d5e3341db75d91c61390bbc7c61b1d190554c2f2b1b7791a5b4714 Loading...

	1701666918.eurotesting99.cc/red/bootstrap/js/bootstrap.min.js	ScriptElement	64 kB	2023-03-07	2025-07-11
Pretty URL 1701666918.eurotesting99.cc/red/bootstrap/js/bootstrap.min.js IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-07-11 22:51 Times Seen6471 Hash f0c2bcf5ef0c4476508d79ec9cdcce07 3beed68ed7d753c6bf4f61c26386ddd7929ba030 edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba Loading...

	1701666918.eurotesting99.cc/red/main.js?v=V1.24	ScriptElement	10 kB	2023-03-07	2025-04-20
Pretty URL 1701666918.eurotesting99.cc/red/main.js?v=V1.24 IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:20 Last Seen2025-04-20 12:02 Times Seen2060 Hash b90b1e7f3effbe0945d51be2591e957a eb699dc823c7297a91317b3d97fde455caa52782 f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412 Loading...

	1701666918.eurotesting99.cc/index/user/login/1701666950.html	ScriptElement	0 B	0001-01-01	2025-07-12
Pretty URL 1701666918.eurotesting99.cc/index/user/login/1701666950.html IP 104.21.16.54 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-07-12 01:19 Times Seen5397394 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (32)

URL IP Response Size

1701666918.eurotesting99.cc/

104.21.16.54

0 B

URL
1701666918.eurotesting99.cc/
IP
104.21.16.54:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET / HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 301 Moved Permanently
Date: Mon, 04 Dec 2023 05:15:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 04 Dec 2023 06:15:51 GMT
Location: https://1701666918.eurotesting99.cc/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5hyktSLA7HvXYIP7KVFSy1HUJyCu7VrRp3dvpJRJhcMmW3GfaTlS0wznOvSSw3C0UUv1gL2ot2ss8XDFZyacXLwsnJ7Q5kqjbmf%2FmFM71xNPXi1cINsND5304ypkQJsTbY%2B7in0z7HPPbCEB8OY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 830192ef29fd56c5-OSL
alt-svc: h2=":443"; ma=60

1701666918.eurotesting99.cc/

104.21.16.54

472 B

URL
1701666918.eurotesting99.cc/
IP
104.21.16.54:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
472 B (472 bytes)
Hash
c8e172038dad75b35d3115ef63ab1bd7
163f6b877bf8eddc3c6636fde845140a47997e96
be2331ad70399bca919a20bc3dc238ab122ec166ae61387ddcef7b68b0568cd2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET / HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/html; charset=UTF-8
location: https://1701666953.eurotesting99.cc/index
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2dJl8avmHTVhqmljhWXGcFKdvJNrYJO2dYKMeYr8mEZKbBoWkHVNeIhnLdQ32Xyxxx%2BR9BsbWf9bB2vKmY7T0Llrqze3thIxxdZRNLstRYqSEbJ3JmWrumGKeY7j%2FeS3hM3iuINoXsGcez1Yzfo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192ef5a87b4f1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/img/BG-02.png

104.21.16.54

200 OK

1.7 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/img/BG-02.png
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
PNG image data, 400 x 400, 8-bit colormap, non-interlaced\012- data
Size
1.7 kB (1731 bytes)
Hash
3fddc88d1a5aaececb8e1722ebae13fe
ad2c2af726002d922c1b4dd5ec35d9588b2c0937
efe284cd11a10ce3d54c9e6c1defe460c5cc534d84a0796f67e007f64f339ecd

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /img/BG-02.png HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: image/png
content-length: 1731
last-modified: Sun, 01 May 2022 13:31:30 GMT
etag: "626e8bb2-6c3"
expires: Wed, 03 Jan 2024 05:15:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0uJV4biK7%2F1hDEVnbn3G338DNiT8Qu2K2QVf4YgyPJRiVB3iBn%2Bnf0L9A63Ai072bgnWR%2Bm%2BPjErj6yU6SrSc7ooLIT7kiCSpMLTKigeRiHX89fG9ZXcxjICHl2PlXP2bQ%2BV0iA8KdDiDp2TNc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7456c7-OSL
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/img/Icons/icon-15.png

104.21.16.54

200 OK

21 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/img/Icons/icon-15.png
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
PNG image data, 400 x 400, 8-bit colormap, non-interlaced\012- data
Size
21 kB (21002 bytes)
Hash
039a2cd46fb5029c8ce65eb2872d52c0
17999cde44a2cab266902e4ec0a232d910bc825c
1dcc87e99c0dc4b6aa560e5654ac343e5b4e5f2eb4d581531ca92791b9c8d891

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /img/Icons/icon-15.png HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: image/png
content-length: 21002
last-modified: Tue, 18 Oct 2022 12:59:58 GMT
etag: "634ea34e-520a"
expires: Wed, 03 Jan 2024 05:15:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FoAgcXH2YvJSZk3b4YD7hYLO7sE2ksc9o%2B7sKCKoHgzeT%2B3Q0c2BypFxrk61bScUzNbhWeZeBcqE89g2AaaNQShynonJzQT8qGo%2FtK%2B1%2BVi1Hbz6OXNNRa3pBlgDK4uypE74y3llgm3V2YrE%2Brc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7656c7-OSL
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/imgy/jt.png

104.21.16.54

200 OK

2.4 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/imgy/jt.png
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
2.4 kB (2375 bytes)
Hash
e964107220dbdd61e6b472795240444a
0408a43b2085287cc2443074c14844f0f2520fcf
d151a40c6e9c58773a8bf737a89a170daf644d3d2341ed48fc609d70cebdd448

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /imgy/jt.png HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: image/png
content-length: 2375
last-modified: Tue, 06 Sep 2022 00:12:36 GMT
etag: "63169074-947"
expires: Wed, 03 Jan 2024 05:15:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=470wbgEdS%2BCbwnRJKva8MoAcofxwOdakcXN2VcUS3t2kBxvkDO0d2VMytIcP83WUoeRWFVVo3in%2BWmg7izCa5eQauxtUCvIsvYLmRSEHQQ4AucBsjthFgYPy8Tasty5L1T4v1aNtErCZ5GAkSV0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7856c7-OSL
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/imgy/Tapptitude-logo-031_1.png

104.21.16.54

200 OK

23 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/imgy/Tapptitude-logo-031_1.png
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
PNG image data, 592 x 74, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (22928 bytes)
Hash
615b82fc36a2d246faae75b9f9153d0b
0a1cc40a07ce6ea315e66238c528fb4d20ee5216
21c1edefa64b1975773aa2e06c8def761b8eb0474bf36bed5c79783e41096376

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /imgy/Tapptitude-logo-031_1.png HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: image/png
content-length: 22928
last-modified: Fri, 20 Oct 2023 03:34:40 GMT
etag: "6531f550-5990"
expires: Wed, 03 Jan 2024 05:15:53 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XVgDrT9yA7%2B%2BQ4oDjPlBJ1gVOSBYXnspXkoRiLwA0DmICtJbIxyyYt3sINY6Mflq7%2F9aw3fahhNpaZgNVWGDhrZZ0sayRfZ49shlYG2%2BaOjZAzqC3%2FEn5gH2hTV0TuHIiwYwh7Z5Cja0z43CmfQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7756c7-OSL
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/static_new/js/common.js

104.21.16.54

200 OK

1.5 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/static_new/js/common.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Size
1.5 kB (1461 bytes)
Hash
4e3725bd66c9f142d4468799bd513bbd
85a79d2444f2efa6db1140edfdacb028ea0265b5
137ab52ea1f182be9d4c84d01110a7d54b4523c7f2a8b504737c138874f9a5b2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/common.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: application/javascript
last-modified: Sun, 06 Nov 2022 20:24:30 GMT
vary: Accept-Encoding
etag: W/"636817fe-a32"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRB1gTibdbEp71dzySIkReXEmvQew370Y5ZCioJHhQrIZ%2B2mXC8Rc%2Bb2zXqu0CfQ1tbCI38UFrMb2IJywZ77gYOTy%2FGWvaSu0pFFg1hfaeeNMs%2Bzj32EO8jCnd%2FdKsyprWFdepp4fF6ACpWtvms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f8056c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/jquery-3.3.1.min.js

104.21.16.54

200 OK

47 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/jquery-3.3.1.min.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (65451)
Size
47 kB (47140 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/jquery-3.3.1.min.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:54 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:34:38 GMT
vary: Accept-Encoding
etag: W/"60425d9e-1538f"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZaAlQNXAotL4FSgXA28HJ8uOIz7NMmjlwfqrNYBSOTfn534Ud4m1DDQyXM1x7RwvF1FQ4ZGynwiEPiJ4OvsGrgN9sqUQwJPHsERprGvBp%2F2VbiCjtpjDAx5lLS%2BOWdtnilYaXsVFNSYyAz1TEfg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830193003a5756c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/bootstrap/css/bootstrap.min.css

104.21.16.54

200 OK

26 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/bootstrap/css/bootstrap.min.css
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (65326)
Size
26 kB (25540 bytes)
Hash
d432e4222814b62dd30c9513dcc29440
2cac4afc120983921411296bd4e8fd8a94ba237e
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/bootstrap/css/bootstrap.min.css HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/css
last-modified: Sat, 06 Mar 2021 03:08:24 GMT
vary: Accept-Encoding
etag: W/"6042f228-27681"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=75cio05t35vNa3uCc1mNOykOzbfaDLPR5Jy7E2VcRqKVRJIKjnZhG70WsYa4CBzAJ1AkW8TY0stkIpMcg5jyBDr1a1fFgOaTeBVaHQA1BdpOIWfpbxEPdAF0JqY1oyOlE56yjNQ6%2BNJ877eMckE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f91f6456c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1701666918.eurotesting99.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 346700
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/red/main.js?v=V1.24

104.21.16.54

200 OK

18 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/main.js?v=V1.24
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with CRLF line terminators
Size
18 kB (18440 bytes)
Hash
b90b1e7f3effbe0945d51be2591e957a
eb699dc823c7297a91317b3d97fde455caa52782
f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/main.js?v=V1.24 HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:35:18 GMT
vary: Accept-Encoding
etag: W/"60425dc6-27c0"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E%2Fazh98ri%2FOKRQsyEboKbzesPbq1dMfi6R%2B2DpHWhWnOYwHlco3cUKeWRrigVALVoQJjk5gcwcLpic9YMGiEhi2xWCf%2FMq9l7GphN8V%2B9%2FGZw0iLWS4SP0Nxr1fYFKHZvDnA9s2uuNjVlVu6%2By0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f8156c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/imgy/BG-01.png

104.21.16.54

200 OK

27 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/imgy/BG-01.png
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
PNG image data, 800 x 900, 8-bit/color RGBA, non-interlaced\012- data
Size
27 kB (26585 bytes)
Hash
32e5a811d97ee090735b1b91c0504da8
eaeafca8c27de39c0445155e2098a45c9710d6e4
b4a732b2cfdf0b07576b5fafca34c485db75c90f3c466f54987f62c361c21082

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /imgy/BG-01.png HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:54 GMT
content-type: image/png
content-length: 26585
last-modified: Sun, 13 Nov 2022 09:55:20 GMT
etag: "6370bf08-67d9"
expires: Wed, 03 Jan 2024 05:15:54 GMT
cache-control: max-age=2592000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MpgnnKPoIoA1t1r83aqOrufOD44vfvYzzGdIC2IrfhCm9VezmlA4fbHuXfiaiTmxr6KcVWxYMOKw5CdeUMJGgBEwOct0zMLppkBgZBsNzee6yQXi4WtOhlrraz0Q%2BfyxbFcgjk7lNa0uxRb1zcY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830193004a5f56c7-OSL
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/public/js/layer_mobile/layer.js

104.21.16.54

200 OK

3.3 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/public/js/layer_mobile/layer.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
Unicode text, UTF-8 text, with very long lines (3435), with no line terminators
Size
3.3 kB (3304 bytes)
Hash
13fd3d5b0fb763160395abbad25d8e57
6bc56d44091c873f6b5496ef8be2ed9f36e5220b
f1757725deb30f2928f10e427b253f153b0466a60a1c399e9f6bb6cbf5908941

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /public/js/layer_mobile/layer.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:54 GMT
content-type: application/javascript
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-ce8"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdOLtcE8IcEEAXUMMzBVxhuMRGCTZ%2FiDCSjgnduhH6MA38feV%2BmufkzhRJ91%2FfI9QRFVVbwLH5vnYfvESPyMQ30e6tzLk%2B9hrBQ0N5MdNXVUSx0vEr7SS3hkpggFb3i%2F7QiYakMIFOKlDJ%2FsB%2Bk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7f56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/index/user/login/1701666950.html

104.21.16.54

200 OK

12 kB

URL User Request GET HTTP/2
1701666918.eurotesting99.cc/index/user/login/1701666950.html
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type

Size
12 kB (12339 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /index/user/login/1701666950.html HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 05:15:52 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KdCC0l%2BOJ3iNtaHA9PLCllsoZEgDJML28lzgis9gRGC0%2Br5mpkhcM2L4hDew4ZY%2F9DKQ%2BkZjP4KQdhpS3yt3tK0fso%2FpiOrFYjBjXtl%2FRR79jlNWzciCxwppV7j7cIG%2BrkeHywBizA5xbaW2Av8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192e898d7b51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/static_new/js/dialog.min.js

104.21.16.54

200 OK

28 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/static_new/js/dialog.min.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type

Size
28 kB (27898 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/dialog.min.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2020 10:13:12 GMT
vary: Accept-Encoding
etag: W/"5e47c438-6cfa"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lm9e0sY0d3YMhRIIzYTQMjoR%2BotOt64KF6R8%2F3Ru8pcoyeTATrLOJdipd6xEWhLEMIpAmINRhx6KPse3ur9hAfmOT6jHzjV3uimbj9NUDnFK4XK6lrFYJaHoin%2FSVg%2FMruYxMGhJpOEIMUkdKhs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7d56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/favicon.ico

104.21.16.54

404 Not Found

25 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/favicon.ico
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type

Size
25 kB (24968 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Mon, 04 Dec 2023 05:15:55 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L9mYp9kdCs11h3IEZZkLG1kVWGm853YI70rjP5aFKVdpB48lRGT7H1ShDiH50fo%2B4hoG3HSJKzidx9eU1nbHm3MUPaoQ5MhLyusnQQp08Vfz2xf%2B50RLui%2Fq6hxVYRF30I4J4H2xXkh6umA5aE4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830193026b1c56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/static_new/css/public.css?v=V1.24

104.21.16.54

200 OK

17 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/static_new/css/public.css?v=V1.24
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with CRLF line terminators
Size
17 kB (17403 bytes)
Hash
169e4de5136bed51956394ccd4328122
3fca078ed53575c53e868fffa9be8cffe910684c
ce9c68517b2551c460aa4225e927dd8a58775df119518be2bdcc6532ea859fe7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/css/public.css?v=V1.24 HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/css
last-modified: Thu, 01 Sep 2022 14:01:26 GMT
vary: Accept-Encoding
etag: W/"6310bb36-43fb"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uio7EEBLXMZK90Bz49J2iQUVAGuj6foN9e5ubgBCNUdN1qPcaIdxrzJobMukheOuTFiJ0rqmRv0ULV1Tk7Z5aosYD2T2ReoDqFKrzjqcjDJOe%2B%2F0bPNcUSjbYiN1VyfCSTt3pE7cNjZRygdnIDQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f92f6856c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1701666918.eurotesting99.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 337579
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/red/jquery.cookie.js

104.21.16.54

200 OK

3.1 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/jquery.cookie.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (3441), with no line terminators
Size
3.1 kB (3121 bytes)
Hash
c70a657c6ff1764a238929b6e46fb8e4
e2a8eb96b388abf14690ea14fe4af3f600296235
466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/jquery.cookie.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:36:06 GMT
vary: Accept-Encoding
etag: W/"60425df6-c31"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V%2FEoPuSDLbl1r9gr%2BJl%2FQ3zZ9u%2FfCkh1DaabvRLVM1K8BV6tpuauVMjpF72nI5uyO%2FFbEsKO0EexJ90jDL%2BCfNiQE9GISLeposYcMGUtrHj44OjBPqpAJdz8N51TgSjrZfVzcMsm8LLJQYsvgP0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7c56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/public/js/layer_mobile/need/layer.css

104.21.16.54

200 OK

5.3 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/public/js/layer_mobile/need/layer.css
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (5260), with no line terminators
Size
5.3 kB (5260 bytes)
Hash
633915e62d14a714594b95b974ee0836
e11ebb64a70272c4f35b92fea064f27c4b87efad
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /public/js/layer_mobile/need/layer.css HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/css
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-148c"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4Zf3E%2FOKYlmZoWUlquFm3MVXLqsDjrTOhLJkDAxUewT0aIWjFu38UrjpAUtb0DW33FbHuCdtKCjF6du0sAu8Pm1fSoB2H1aqn0lq6igBxKGhXDCTzpCYW6qgZqHeJBnMWpPfh2tkntG4ar1KQjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7e56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/style.css?v=V1.24

104.21.16.54

200 OK

126 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/style.css?v=V1.24
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type

Size
126 kB (125806 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/style.css?v=V1.24 HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/css
last-modified: Wed, 07 Sep 2022 15:17:36 GMT
vary: Accept-Encoding
etag: W/"6318b610-1eb6e"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ey7ODfJpHrCYgDivHwBXxk0dmD5Eu5ekke3Wqpo8WVKxa86CEuHa2bqxNMwFAOWHJEpfHfFY7mOfwTp%2F9TbhvAw4Qdu2JVut8g1tZ8GkXm0eOsMOEftSZPKGzvK0R6HlKq1yOZlRTrcGKKgAzxA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f92f6656c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.css

104.21.16.54

200 OK

14 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.css
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (13663)
Size
14 kB (13921 bytes)
Hash
4d0619d7577a990881a0079718c5c92e
02553ae8ed1026ae5e1fe6cc5883fd42379e5e68
f9a55bcc80d6d8b2815299c5501cddaa8e5f3f697cdb8f5ce1e3e924097117ba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/swiper/swiper-bundle.min.css HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/css
last-modified: Fri, 05 Mar 2021 16:40:04 GMT
vary: Accept-Encoding
etag: W/"60425ee4-3661"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dX%2Fl4LeNWgdmevel4imWpRh6cebbuXuqBq90Bg2QDLcvujOHsKNrE8Iqdbd0WQOfxMU9o%2FrcLai1CSYkSnNf2C0LB0%2BdxMgqOxtKGu%2BSx9vH4NfmZ%2BJQoLZMhj1xoM%2FLg33yIWBtNk1JPnQa1Zk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f92f6556c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/bootstrap/js/bootstrap.min.js

104.21.16.54

200 OK

64 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/bootstrap/js/bootstrap.min.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (63188)
Size
64 kB (63467 bytes)
Hash
f0c2bcf5ef0c4476508d79ec9cdcce07
3beed68ed7d753c6bf4f61c26386ddd7929ba030
edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/bootstrap/js/bootstrap.min.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: application/javascript
last-modified: Sat, 06 Mar 2021 03:08:34 GMT
vary: Accept-Encoding
etag: W/"6042f232-f7eb"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UJgsbnxzVlokBK8NmxhlVdUllibT67j9TTNyzS6%2FHqv%2BesmSMnJScxg%2FHaexFNr3PZoc7prXKTTqG3v5uARxHC%2F7oKdyykBw%2FrmNc4BIjhQOuyukvjKpk8Vbsa%2BbkXU53f%2B1cJmhx5V54H6fur8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7a56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/vue.js

104.21.16.54

200 OK

344 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/vue.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text
Size
344 kB (343988 bytes)
Hash
f5c020d18d70f21851364d0570d38127
5dba3f5cb7463e356310fc14e26d3358c1b00ed2
58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /vue.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:54 GMT
content-type: application/javascript
last-modified: Sun, 28 Aug 2022 23:13:22 GMT
vary: Accept-Encoding
etag: W/"630bf692-53fb4"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5RYhl4QQW3pzwifGX6YcN2P%2BEm2srvDpGIYg6Mm0o8GebUI%2BmGJhmUUL1tNLmaPEx1FAXLLZcIsPAE7F1VJxch6ts2Hrk%2BQIDs%2FK2g2Gl5%2BTdxgad6gSaA4iMO%2F0DL%2BBhFkYog9N0gPMQFbezU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f91f6256c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.googleapis.com/icon?family=Material+Icons

142.250.74.106

200 OK

565 B

URL GET HTTP/2
fonts.googleapis.com/icon?family=Material+Icons
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (588), with no line terminators
Size
565 B (565 bytes)
Hash
bdcf60bde5544e1017e1f2e60888a9c7
6fb24309b7ff90c1c99d19c0c7a127a16508840e
d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952

HTTP Headers

GET /icon?family=Material+Icons HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:15:53 GMT
date: Mon, 04 Dec 2023 05:15:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap

142.250.74.106

200 OK

9.1 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (9360), with no line terminators
Size
9.1 kB (9108 bytes)
Hash
311d8cdf954644f222105d26d89d1d7f
1445a416c8f15a49fb6afb69d25b8ccb01db4b66
45d9a25c93de59121371b5487af8dd0ed67b61136cf072a7622f202a11740f8d

HTTP Headers

GET /css?family=Roboto:300,400,500,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 05:15:53 GMT
date: Mon, 04 Dec 2023 05:15:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/css/app.css

104.21.16.54

200 OK

24 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/css/app.css
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type

Size
24 kB (24227 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /css/app.css HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: text/css
last-modified: Tue, 18 Oct 2022 13:16:50 GMT
vary: Accept-Encoding
etag: W/"634ea742-5ea3"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gcI2ijr%2F5cOxxZ0xD%2FWxaqq6LiAPrc8ls%2BKfn%2FZvmyYRSlFZu77q9P1oy9wO0Xja9BNoySqUWRWRPyV7ePmdb6IGcu1V8F4BEoOpt1CNaA7DqTnCxxUbpXeH8CYTzrAu0nnHH0ovrkzvHPKVeAc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f92f6956c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.js

104.21.16.54

200 OK

140 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (65278)
Size
140 kB (139961 bytes)
Hash
c4358cb63a4b96c5d71a2fb630871f30
be3b7d9d5bbd680d035f768345778d84eb08fe23
c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/swiper/swiper-bundle.min.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:54 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:40:04 GMT
vary: Accept-Encoding
etag: W/"60425ee4-222b9"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvyDuE7ZqDVmavnFPypR9oauRaarw3sL22v2mIoYMFyBBBiEHTmQqKChz3RPPWIhmGlnhMoPYpIH%2FFi1s2oWPTfRGsM6QOsiWmYwOlJTUqeinTvKXmu5KrMpqor9botsAD1ijAhgNw1Ujkno0Ww%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7b56c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://1701666918.eurotesting99.cc
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:13:56 GMT
expires: Thu, 28 Nov 2024 21:13:56 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
age: 374518
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html

104.21.16.54

301 Moved Permanently

12 kB

URL User Request GET HTTP/2
1701666918.eurotesting99.cc/index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type

Size
12 kB (12339 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 05:15:50 GMT
content-type: text/html; charset=utf-8
set-cookie: think_var=en_us; expires=Mon, 04-Dec-2023 05:45:49 GMT; Max-Age=1799; path=/; HttpOnly
s9851347b=nv42f0kb156bol713k5bnaleb7; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache,must-revalidate
location: /index/user/login/1701666950.html
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H7UKtHXbzIJ1n%2FQIsmdqKwZ36DV3BKAIYT5l%2F0xtX%2Bz7aLAMhCwGx%2Bp1RpmpkauACgq9cvoY6ygBD1A3Etjk%2BTsu1iQYP84yKSJ9POfcT1foTkcM7yOuL03QQydkD%2FSONu4%2Bkjaj5Jss%2BWRgNN4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192dccc28b51b-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

GET 1701666918.eurotesting99.cc/public/js/layer_mobile/need/layer.css?2.0

104.21.16.54

200 OK

5.3 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/public/js/layer_mobile/need/layer.css?2.0
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (5260), with no line terminators
Size
5.3 kB (5260 bytes)
Hash
633915e62d14a714594b95b974ee0836
e11ebb64a70272c4f35b92fea064f27c4b87efad
eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /public/js/layer_mobile/need/layer.css?2.0 HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:55 GMT
content-type: text/css
last-modified: Tue, 10 Dec 2019 03:14:46 GMT
vary: Accept-Encoding
etag: W/"5def0da6-148c"
expires: Mon, 04 Dec 2023 17:15:55 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gOX4zXLN6YYouEtNL3oV8Dq9DGGpOx2hLY4Tw%2BnTkjsMy63rsdl%2FNc%2B91wv8O%2BnJF81pF611vjAAX%2FNqeBB21f1noXRfLPBVvcuSKSdw9w7PVThQIBICqHLStMBXkci4NujgUdrcoyJmkd5hKQc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 83019300baa256c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

GET 1701666918.eurotesting99.cc/red/popper.min.js

104.21.16.54

200 OK

21 kB

URL GET HTTP/3
1701666918.eurotesting99.cc/red/popper.min.js
IP
104.21.16.54:443
ASN
#13335 CLOUDFLARENET

Requested by
https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Certificate
IssuerGoogle Trust Services LLC
Subjecteurotesting99.cc
Fingerprint6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93
ValiditySun, 26 Nov 2023 12:31:35 GMT - Sat, 24 Feb 2024 12:31:34 GMT

File type
ASCII text, with very long lines (20831)
Size
21 kB (21004 bytes)
Hash
56456db9d72a4b380ed3cb63095e6022
6dbce88aee15b42f29083df7a07513cf3b486ba0
66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /red/popper.min.js HTTP/1.1
Host: 1701666918.eurotesting99.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html
Cookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 05:15:53 GMT
content-type: application/javascript
last-modified: Fri, 05 Mar 2021 16:34:56 GMT
vary: Accept-Encoding
etag: W/"60425db0-520c"
expires: Mon, 04 Dec 2023 17:15:53 GMT
cache-control: max-age=43200
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86FM7hqlL785RpwsIMP1xeA4ADwGhG9dEU1DivFEFOCsyMsntN3KCqqTTUYrrGRfFlQd2I2%2FXky9yZfDK9AAq5LxFvcX3eAc2hAvewunzbwiTVwOadRMDs%2BKLLuiSFIMsJx0J0KrSuh%2F9cuGFG8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=86400; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 830192f93f7956c7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by