{"report_id":"ac83514a-cd7b-4904-90b1-afe0e7e26d8a","version":6,"status":"done","tags":["salesforce","phishing"],"date":"2023-12-04T05:16:06Z","url":{"schema":"http","addr":"1701666918.eurotesting99.cc/index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"172.67.210.31","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"United States","country_code":"US"},"final":{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/user/login/1701666950.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"title":"Sign in"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T09:15:17Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"1701666918.eurotesting99.cc","ip":{"addr":"104.21.16.54","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":27,"request_count":27,"received_data":1034037,"sent_data":14775,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-09-09 02:40:21","last_seen":"2023-12-03 05:48:43","alert_count":0,"request_count":3,"received_data":50027,"sent_data":1638,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":8877,"first_seen":"2013-06-10 22:14:26","last_seen":"2023-12-03 06:08:10","alert_count":0,"request_count":2,"received_data":10937,"sent_data":942,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:54Z","timestamp":1701666954,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54925,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:54.050825+0000\",\"flow_id\":1561063318013577,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":54925,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":42984,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:54.050825+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:54Z","timestamp":1701666954,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52007,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:54.051028+0000\",\"flow_id\":1637468638725972,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":52007,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":36804,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:54.051028+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:54Z","timestamp":1701666954,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60054,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:54.091531+0000\",\"flow_id\":221602604803467,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":60054,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":22480,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:54.091531+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:56Z","timestamp":1701666956,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34056,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:56.000823+0000\",\"flow_id\":1008578052490039,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":34056,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45224,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:56.000823+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:57Z","timestamp":1701666957,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":39952,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:57.052174+0000\",\"flow_id\":98242554350542,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":39952,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":1630,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:57.052174+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:57Z","timestamp":1701666957,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47839,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:57.065282+0000\",\"flow_id\":1791215583231746,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":47839,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":64291,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:57.065282+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41292,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.640794+0000\",\"flow_id\":451071970297626,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":41292,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":55161,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.640794+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":40760,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.643716+0000\",\"flow_id\":2243043995341444,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":40760,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":39248,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.643716+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":33460,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.645042+0000\",\"flow_id\":749213567604658,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":33460,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31363,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.645042+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":57287,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.646952+0000\",\"flow_id\":1146747150589736,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":57287,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":4279,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.646952+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43574,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.647713+0000\",\"flow_id\":1712643451576865,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":43574,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":50971,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.647713+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":60939,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.648318+0000\",\"flow_id\":2116318837793918,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":60939,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":4438,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.648318+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":47653,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.661769+0000\",\"flow_id\":1293641474513161,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":47653,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":16572,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.661769+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":38086,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.664087+0000\",\"flow_id\":1195999688008215,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":38086,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":29572,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.664087+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":34015,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.663487+0000\",\"flow_id\":1314877940309951,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":34015,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56768,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.663487+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":59741,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.662793+0000\",\"flow_id\":638768483540233,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":59741,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":64616,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.662793+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":49239,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.665747+0000\",\"flow_id\":1377764851460243,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":49239,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":13699,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.665747+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58632,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.711990+0000\",\"flow_id\":413707902311734,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":58632,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":38347,\"rrname\":\"1701666953.eurotesting99.cc\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.711990+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:58Z","timestamp":1701666958,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":57254,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:58.712172+0000\",\"flow_id\":291337841597932,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":57254,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":45353,\"rrname\":\"1701666953.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:58.712172+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:59Z","timestamp":1701666959,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":57101,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:59.777513+0000\",\"flow_id\":698736964525353,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":57101,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":34835,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:59.777513+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:59Z","timestamp":1701666959,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54773,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:59.781499+0000\",\"flow_id\":871890718551227,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":54773,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":5747,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:59.781499+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:15:59Z","timestamp":1701666959,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":51943,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:15:59.853104+0000\",\"flow_id\":225538942633072,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":51943,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":56140,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:15:59.853104+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:16:00Z","timestamp":1701666960,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":42053,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:16:00.133685+0000\",\"flow_id\":754251564321333,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":42053,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":21413,\"rrname\":\"1701666918.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:16:00.133685+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-12-04T05:16:00Z","timestamp":1701666960,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":38335,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"medium","alert":"ET DNS Query for .cc TLD","source":"{\"timestamp\":\"2023-12-04T05:16:00.614357+0000\",\"flow_id\":105982085586901,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.181\",\"src_port\":38335,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2027758,\"rev\":5,\"signature\":\"ET DNS Query for .cc TLD\",\"category\":\"Potentially Bad Traffic\",\"severity\":2,\"metadata\":{\"affected_product\":[\"Any\"],\"attack_target\":[\"Client_Endpoint\"],\"created_at\":[\"2019_07_26\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"DNS\"],\"signature_severity\":[\"Minor\"],\"updated_at\":[\"2020_09_17\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":31732,\"rrname\":\"1701666953.eurotesting99.cc\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":98,\"bytes_toclient\":0,\"start\":\"2023-12-04T05:16:00.614357+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/static_new/js/dialog.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"5b00205ad1fe51bf8f61bcb3de292faa","sha1":"4b12f988964d29bd82b14e71b86104a1a91b667b","sha256":"d1eef2b2ff683e089b9d124aa8090e174252e0894af20ae6d78fed7dc69744d5","sha512":"4b4d16845173e2fdf03eda7f3d3c1750f5a5c7016850a658ac290ae44d079e8f91f6767d4bf6771846890739371aa443f349384144e9f59922c9c2f0974e224f","ssdeep":"192:8792uFckSv56nit+FETsYnZpeVbMcMtUqVbMcvwpNDygwNAZPPrxmjp4axgVVHpD:kHC8u6fRVFObkcobwhUi2VHEaLgiz","tlshash":"cbc2322465eb21964a73f83687ab3112f2270013941dfe15397f465c0fe4b3876aafe6","size":27744,"data":"","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-04-23T16:06:14.560206Z","times_seen":3676,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/jquery-3.3.1.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","size":86927,"data":"","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-06T02:26:14.178411Z","times_seen":125850,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/user/login/1701666950.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"278807b37126bbe79c019bb2b9474219","sha1":"2878091eb21533a2c62d4dfbb3a9c186ea7b1d58","sha256":"35cb897d6a911aa382bbc814f7c5cfa9550041d20cd0f845d3e64ed8be8cd77b","sha512":"6ace6c283c515250f9c8389ba489417bfbab54305d10b8d19556f18b00423c8c5bffd3dc192d6cc9b48a6c023002f019b73ba20d8b4170321e6430953c0f782c","ssdeep":"","tlshash":"40c012db424243dc66f11085ca0b3b0cf13f06ee8c11e061f841c700310938f8a6fac6","size":188,"data":"","first_seen":"2023-08-28T11:00:12Z","last_seen":"2024-08-21T07:54:54.833959Z","times_seen":1849,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c4358cb63a4b96c5d71a2fb630871f30","sha1":"be3b7d9d5bbd680d035f768345778d84eb08fe23","sha256":"c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229","sha512":"35a85c90dfa0ac1e9f4b1bb7bd074a8b20baf6cc235bafb16148da3d55931ad46e89af33508970da09208e166601df250040841d5dc7742b9d6ab9c065a5a467","ssdeep":"3072:U79yoiRfIBB4G+yMwoSpADH79cVOJjBqcxN:k9ytlByMwoSpADH79cVOJjBqcL","tlshash":"9dd3188db354b2e151e72256539ed10263b65845b80ac1a470b68cd7acbde8c03bfefd","size":139961,"data":"","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-05-05T05:37:42.380192Z","times_seen":3895,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/public/js/layer_mobile/layer.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"79b7829af0bbfea5760aa606bf1a02c7","sha1":"54c27862e41ef815009fca7b54d9d463cfb015bc","sha256":"2fc4428e63cd5bd982210576674877bd1ba3eb59b9f4686d3668fd94530fa4b7","sha512":"dc634dfed7b74ba81193c8362188ab44430b00ed4dcc93dd4a68c22de03157b2b9ac611139cb5a5f3a63a6d7472445e8e08e87318514560f5f2231898a4032d1","ssdeep":"","tlshash":"aa61c7abf005b23756132085a17f283fb63b6471a5058860d0e2e0be99fddac6837f5d","size":3304,"data":"","first_seen":"2023-03-07T01:34:12Z","last_seen":"2026-05-04T09:15:43.244128Z","times_seen":4586,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/vue.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f5c020d18d70f21851364d0570d38127","sha1":"5dba3f5cb7463e356310fc14e26d3358c1b00ed2","sha256":"58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c","sha512":"1b5b549a89f71d969d8a221659d02f9fafe9f9476d2e98e7baa790ec344593ca74f13671cae19dab346eae4bb8ec6a39759efcf5bfa2ca81c7513ceab92e9025","ssdeep":"3072:TiOkNK65nfn78CZzFYSVMvCCaBQdg7pUPO5knTlB+cwNwDJgYB3lY5TxbMeBUw3F:TU9gCZ6SVVQdg7i7nT+T67BPyVQ4h","tlshash":"4b74b55db9f322a25a5370b94bafa449b278c0130508ce907d8dd3a46f9053857fbfe9","size":343988,"data":"","first_seen":"2023-03-12T17:52:29Z","last_seen":"2025-09-30T14:21:27.823334Z","times_seen":1928,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/popper.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"56456db9d72a4b380ed3cb63095e6022","sha1":"6dbce88aee15b42f29083df7a07513cf3b486ba0","sha256":"66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2","sha512":"e56bd96b837b26add354d0a9e2b8dc04c95cea94f7959ee05718ed23a224296fae22d49afab160b45963bd99c2c501a3f12517e431eb68a13a327ff8b262b50a","ssdeep":"384:kmQkLrwVOyzirVyKnxRsIB9Db5HjiWn8xHOxvRVgD75zBY5vImg3FzGpL9ARdOgS:vLsgyziJp3Db5OxHOxvYD73Y5vQzyL9p","tlshash":"1992b4cc3294b06643a791a7a0af960fb2339875610e9410f19df2d97c30ef9a13bc79","size":21004,"data":"","first_seen":"2023-03-07T01:06:27Z","last_seen":"2026-05-06T02:14:07.459927Z","times_seen":17722,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/jquery.cookie.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5528dde0006c78be04817327c2f9b6f","sha1":"31e1bcc4cf805a2c2fee21f48ded1e598f64a2a8","sha256":"b84161c9fbf7520cd14e7019f92120bd87a928a074156e91a992eba9fc9436e8","sha512":"69484bdb1382ae92c4b860f97fab601db2d8117469619f06e720fe5a516b5eb3f2d88ad6065bba6e28790bd1faa86b20aa753a9a0c7a2ad53c4eb787a404a9af","ssdeep":"","tlshash":"72610f6134fd623e0d9b6bd5676f0468b83ffe70b02406448426bd95286c862dba7c5f","size":3121,"data":"","first_seen":"2023-03-07T01:06:39Z","last_seen":"2026-05-06T02:37:23.510853Z","times_seen":16263,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/static_new/js/common.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e3725bd66c9f142d4468799bd513bbd","sha1":"85a79d2444f2efa6db1140edfdacb028ea0265b5","sha256":"137ab52ea1f182be9d4c84d01110a7d54b4523c7f2a8b504737c138874f9a5b2","sha512":"11567a5615ebd4198ba6bda334b3ab3bacec56fe0dc85dfd1730a0a8d1e8e552e115970561dbd674fecf887371eafb1f50d847b254662e231ff794c76338ae52","ssdeep":"","tlshash":"1d51951eed6872330a2af23b096fd104f02b644fdb0e86117f4d9984c7a151ed97ea4b","size":2610,"data":"","first_seen":"2023-07-22T22:30:25Z","last_seen":"2024-08-21T09:43:41.342844Z","times_seen":1881,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/user/login/1701666950.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"2fa7998f2ef1c1f8fbc81c7cb8d7bd8f","sha1":"8eea9c77ffa0ab1657cc5a7794cd34bce3497076","sha256":"a308de4b11e78c4e3c5179581f19cd9fc1fd3373555d95c456ff249f98a80f59","sha512":"705e36b7f808b42b0a2e323ccf0dc23b5af8f4cc2a21291ad25cedfa587c755284b3e1b5305b172c0d6d1138b146894658426abf06a0256dc16ded49c179a71c","ssdeep":"","tlshash":"f5e08c8ef9861102a5a3612b89ab6948253f18c71800e402bb0c68852faa58a9a1be1c","size":317,"data":"","first_seen":"2023-03-12T13:45:56Z","last_seen":"2024-08-21T09:43:41.34225Z","times_seen":1900,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/user/login/1701666950.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe981e5f023b8a2997081643f731293f","sha1":"16635d10a2bccf13ea7a5b5c49a4bf448abab880","sha256":"6569c992f7d5e3341db75d91c61390bbc7c61b1d190554c2f2b1b7791a5b4714","sha512":"4bb9ac586f19cf03d730377986d196a67ad7ae29af7ae997d10f9b697382d656625226c86e2f66996ba00d8b90a9fd9c30db2e2445cda880069e6fbc2ba5dc90","ssdeep":"","tlshash":"db900280561d3211250c000c081e00c81018213a5a434ce5a9a1a50810455441158018","size":47,"data":"","first_seen":"2023-03-12T13:45:56Z","last_seen":"2025-04-18T11:34:02.227279Z","times_seen":1885,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/bootstrap/js/bootstrap.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"f0c2bcf5ef0c4476508d79ec9cdcce07","sha1":"3beed68ed7d753c6bf4f61c26386ddd7929ba030","sha256":"edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba","sha512":"5ca6bd1de99dcb5522dca486809760332625520d6033e4212fa7279724dedaaccc0989b89c06753ec55ead0cd34d7ce89d447e766b301ea8093eec02ab531a02","ssdeep":"768:0KD1OYYUhTVvO1Nn6u7MTLOarIkSsBAiAH0FcQ2K8FXsb6mH/3bz5vhCG:0G1T145KVdsXc/hhCG","tlshash":"a453750672a4f472059fa176803b0a0bb7362c9de506b16cbad998dd1f7cd443267f3a","size":63467,"data":"","first_seen":"2023-03-07T01:03:47Z","last_seen":"2026-05-05T23:26:51.74532Z","times_seen":9916,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/main.js?v=V1.24","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"b90b1e7f3effbe0945d51be2591e957a","sha1":"eb699dc823c7297a91317b3d97fde455caa52782","sha256":"f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412","sha512":"8a9ec4b385beef0c20620fd71b7c2447363e5ae82e649937871ef03c8cc77b5aec4cba0e6669463fd447518815b418839d2656bd4558d452815d31296043ffb4","ssdeep":"96:dE653W3esRZ+Q4I1Jo1AhCubdCmWWaN4rM9258nSjJyT4eTvhP4Voed0r/PLUlA:D53W3TZ+dQCuIvdNjA5jP70/Tr","tlshash":"4c2244587011506645bf373baebf928cfb3a022b92069a127d7c55d45f306b86272eec","size":10176,"data":"","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-03-28T09:31:23.227563Z","times_seen":2080,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/user/login/1701666950.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-04T05:15:57.062951505Z","timestamp":1701666957062,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nDate: Mon, 04 Dec 2023 05:15:51 GMT\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nCache-Control: max-age=3600\r\nExpires: Mon, 04 Dec 2023 06:15:51 GMT\r\nLocation: https://1701666918.eurotesting99.cc/\r\nReport-To: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=5hyktSLA7HvXYIP7KVFSy1HUJyCu7VrRp3dvpJRJhcMmW3GfaTlS0wznOvSSw3C0UUv1gL2ot2ss8XDFZyacXLwsnJ7Q5kqjbmf%2FmFM71xNPXi1cINsND5304ypkQJsTbY%2B7in0z7HPPbCEB8OY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nNEL: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nServer: cloudflare\r\nCF-RAY: 830192ef29fd56c5-OSL\r\nalt-svc: h2=\":443\"; ma=60\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-12-04T05:15:58.859176022Z","timestamp":1701666958859,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 302 Found\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlocation: https://1701666953.eurotesting99.cc/index\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=2dJl8avmHTVhqmljhWXGcFKdvJNrYJO2dYKMeYr8mEZKbBoWkHVNeIhnLdQ32Xyxxx%2BR9BsbWf9bB2vKmY7T0Llrqze3thIxxdZRNLstRYqSEbJ3JmWrumGKeY7j%2FeS3hM3iuINoXsGcez1Yzfo%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192ef5a87b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":472,"size_decoded":0,"mime_type":"application/octet-stream","magic":"data","md5":"c8e172038dad75b35d3115ef63ab1bd7","sha1":"163f6b877bf8eddc3c6636fde845140a47997e96","sha256":"be2331ad70399bca919a20bc3dc238ab122ec166ae61387ddcef7b68b0568cd2","sha512":"61f2a6862035de3a9c0d539c7d3d683f37a4f5c9f3199440774c1c2be5a8256d25742e12fbca1718dac7260489775f39b04e0670e186e776ba123bb729fbeb1d","ssdeep":"","tlshash":"b0f0540c0e30b40b090e872db585d1780500717f0ef4030a1dfd341e0b7d7c6278440c","first_seen":"2023-12-04T06:16:13Z","last_seen":"2023-12-05T00:45:50Z","times_seen":5,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/img/BG-02.png","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.680Z","timestamp":1701666958680,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /img/BG-02.png HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 1731\r\nlast-modified: Sun, 01 May 2022 13:31:30 GMT\r\netag: \"626e8bb2-6c3\"\r\nexpires: Wed, 03 Jan 2024 05:15:53 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=y0uJV4biK7%2F1hDEVnbn3G338DNiT8Qu2K2QVf4YgyPJRiVB3iBn%2Bnf0L9A63Ai072bgnWR%2Bm%2BPjErj6yU6SrSc7ooLIT7kiCSpMLTKigeRiHX89fG9ZXcxjICHl2PlXP2bQ%2BV0iA8KdDiDp2TNc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7456c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1731,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced\\012- data","md5":"3fddc88d1a5aaececb8e1722ebae13fe","sha1":"ad2c2af726002d922c1b4dd5ec35d9588b2c0937","sha256":"efe284cd11a10ce3d54c9e6c1defe460c5cc534d84a0796f67e007f64f339ecd","sha512":"206ee995f96849a7926b9ae656ce28b71f45f49e8f7bf7bd855faaa04a10f74bcc2df81a17adf19e6d017500b4765212ce7729a54169784fa3a603615850c95f","ssdeep":"","tlshash":"ff3147d6d64428e23564cefd7f10884784854fb1be06deb2494f735b519971a8cbf504","first_seen":"2023-10-14T18:24:17Z","last_seen":"2024-08-21T04:43:37.524111Z","times_seen":1863,"resource_available":false,"data":null}},"time_used":374,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/img/Icons/icon-15.png","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.681Z","timestamp":1701666958681,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /img/Icons/icon-15.png HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 21002\r\nlast-modified: Tue, 18 Oct 2022 12:59:58 GMT\r\netag: \"634ea34e-520a\"\r\nexpires: Wed, 03 Jan 2024 05:15:53 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=FoAgcXH2YvJSZk3b4YD7hYLO7sE2ksc9o%2B7sKCKoHgzeT%2B3Q0c2BypFxrk61bScUzNbhWeZeBcqE89g2AaaNQShynonJzQT8qGo%2FtK%2B1%2BVi1Hbz6OXNNRa3pBlgDK4uypE74y3llgm3V2YrE%2Brc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7656c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21002,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit colormap, non-interlaced\\012- data","md5":"039a2cd46fb5029c8ce65eb2872d52c0","sha1":"17999cde44a2cab266902e4ec0a232d910bc825c","sha256":"1dcc87e99c0dc4b6aa560e5654ac343e5b4e5f2eb4d581531ca92791b9c8d891","sha512":"a80943da465cd44ea084a9d650d27a7ebbe907e4db0921e5d20c6dcba0ef4a4baad66b8c873643ebf755bdd9acd993b590030bd4416b48a14fa83c16a60f100a","ssdeep":"384:TPa1YO6suTyN5mGVQ8VvKfAj1wJOeHqweN2ifngiUttY84oqNlFe+UVfaOR:TS1YO6sfNgGVhVvNeKwerPUttN4JNLef","tlshash":"5092e1c75b05e4f13c4377b5214889c19a822f681bf25167e336e8b69abc014f2a776f","first_seen":"2023-05-22T20:55:19Z","last_seen":"2024-08-21T09:43:41.31738Z","times_seen":1882,"resource_available":false,"data":null}},"time_used":516,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":514,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/imgy/jt.png","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.682Z","timestamp":1701666958682,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /imgy/jt.png HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 2375\r\nlast-modified: Tue, 06 Sep 2022 00:12:36 GMT\r\netag: \"63169074-947\"\r\nexpires: Wed, 03 Jan 2024 05:15:53 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=470wbgEdS%2BCbwnRJKva8MoAcofxwOdakcXN2VcUS3t2kBxvkDO0d2VMytIcP83WUoeRWFVVo3in%2BWmg7izCa5eQauxtUCvIsvYLmRSEHQQ4AucBsjthFgYPy8Tasty5L1T4v1aNtErCZ5GAkSV0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7856c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2375,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\\012- data","md5":"e964107220dbdd61e6b472795240444a","sha1":"0408a43b2085287cc2443074c14844f0f2520fcf","sha256":"d151a40c6e9c58773a8bf737a89a170daf644d3d2341ed48fc609d70cebdd448","sha512":"cbd71067f50368421fb1787433c5ae25bc88b4008c883e3b13eeb0530359acd8885092c55f9b3e495d3cdaf2e650f498d8ee8fcfe7f777045e4f80e3f52bced1","ssdeep":"","tlshash":"eb410ad444c18e9f2485c05fd162ce0f1e3259cb67e1949c1bd0062e8dc1bf522b379a","first_seen":"2023-05-22T20:55:19Z","last_seen":"2024-10-04T11:10:52.654878Z","times_seen":1916,"resource_available":false,"data":null}},"time_used":531,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":531,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/imgy/Tapptitude-logo-031_1.png","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.682Z","timestamp":1701666958682,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /imgy/Tapptitude-logo-031_1.png HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: image/png\r\ncontent-length: 22928\r\nlast-modified: Fri, 20 Oct 2023 03:34:40 GMT\r\netag: \"6531f550-5990\"\r\nexpires: Wed, 03 Jan 2024 05:15:53 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=XVgDrT9yA7%2B%2BQ4oDjPlBJ1gVOSBYXnspXkoRiLwA0DmICtJbIxyyYt3sINY6Mflq7%2F9aw3fahhNpaZgNVWGDhrZZ0sayRfZ49shlYG2%2BaOjZAzqC3%2FEn5gH2hTV0TuHIiwYwh7Z5Cja0z43CmfQ%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7756c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22928,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 592 x 74, 8-bit/color RGBA, non-interlaced\\012- data","md5":"615b82fc36a2d246faae75b9f9153d0b","sha1":"0a1cc40a07ce6ea315e66238c528fb4d20ee5216","sha256":"21c1edefa64b1975773aa2e06c8def761b8eb0474bf36bed5c79783e41096376","sha512":"049ef8aad9ed35916d71ffcc5589ae8dd5725ca256f3c2651edbb40c5e6f039afa3e0466e0fa4df648098e203d4ea047cc8343427e86f99fa2954629941e430a","ssdeep":"384:p7nxXZHn4S3N4lt8ei5kLm6poRei9USMvLcZbbDreCpJQGzmCH0C73U3OtnDe3x+:9xyS3lei5kLmJ9USI4xpStCH0C73Pgsn","tlshash":"eaa2f1c63ff04c0636537b8256589477a42f9ce08fc59caccdbcca2662516a8ce8d597","first_seen":"2023-11-16T15:33:23Z","last_seen":"2024-08-20T19:17:05.325737Z","times_seen":1862,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":701,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/static_new/js/common.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.694Z","timestamp":1701666958694,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /static_new/js/common.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 06 Nov 2022 20:24:30 GMT\r\nvary: Accept-Encoding\r\netag: W/\"636817fe-a32\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=DRB1gTibdbEp71dzySIkReXEmvQew370Y5ZCioJHhQrIZ%2B2mXC8Rc%2Bb2zXqu0CfQ1tbCI38UFrMb2IJywZ77gYOTy%2FGWvaSu0pFFg1hfaeeNMs%2Bzj32EO8jCnd%2FdKsyprWFdepp4fF6ACpWtvms%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f8056c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1461,"size_decoded":0,"mime_type":"application/javascript","magic":"HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators","md5":"4e3725bd66c9f142d4468799bd513bbd","sha1":"85a79d2444f2efa6db1140edfdacb028ea0265b5","sha256":"137ab52ea1f182be9d4c84d01110a7d54b4523c7f2a8b504737c138874f9a5b2","sha512":"11567a5615ebd4198ba6bda334b3ab3bacec56fe0dc85dfd1730a0a8d1e8e552e115970561dbd674fecf887371eafb1f50d847b254662e231ff794c76338ae52","ssdeep":"","tlshash":"1d51951eed6872330a2af23b096fd104f02b644fdb0e86117f4d9984c7a151ed97ea4b","first_seen":"2023-07-22T22:30:25Z","last_seen":"2024-08-21T09:43:41.342844Z","times_seen":1881,"resource_available":true,"data":null}},"time_used":828,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":828,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/jquery-3.3.1.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:59.778Z","timestamp":1701666959778,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/jquery-3.3.1.min.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:34:38 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425d9e-1538f\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: HIT\r\nage: 0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=ZaAlQNXAotL4FSgXA28HJ8uOIz7NMmjlwfqrNYBSOTfn534Ud4m1DDQyXM1x7RwvF1FQ4ZGynwiEPiJ4OvsGrgN9sqUQwJPHsERprGvBp%2F2VbiCjtpjDAx5lLS%2BOWdtnilYaXsVFNSYyAz1TEfg%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830193003a5756c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":47140,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65451)","md5":"a09e13ee94d51c524b7e2a728c7d4039","sha1":"0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae","sha256":"160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef","sha512":"f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a","ssdeep":"1536:jLiBdiaWLOczCmZx6+VWuGzQNOzdn6x2RZd9SEnk9HB96c9Yo/NWLbVj3kC6t3:5kn6x2xe9NK6nC69","tlshash":"748319dd72c6b06247ab71ba00bf550bf2361999684d4410f129e4eabc74b4e823bf7d","first_seen":"2023-03-07T01:02:02Z","last_seen":"2026-05-06T02:26:14.178411Z","times_seen":125850,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/bootstrap/css/bootstrap.min.css","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.672Z","timestamp":1701666958672,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/bootstrap/css/bootstrap.min.css HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Sat, 06 Mar 2021 03:08:24 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6042f228-27681\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=75cio05t35vNa3uCc1mNOykOzbfaDLPR5Jy7E2VcRqKVRJIKjnZhG70WsYa4CBzAJ1AkW8TY0stkIpMcg5jyBDr1a1fFgOaTeBVaHQA1BdpOIWfpbxEPdAF0JqY1oyOlE56yjNQ6%2BNJ877eMckE%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f91f6456c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25540,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65326)","md5":"d432e4222814b62dd30c9513dcc29440","sha1":"2cac4afc120983921411296bd4e8fd8a94ba237e","sha256":"4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601","sha512":"3f9320327d6304dd356ac060534cfad10938431897a3cebec2515a84aaec41fdfb73d72ba39d7b5b35523cf575b432b3864bb6889d855602faef01b4dd21a734","ssdeep":"1536:iC7AIJkTR+rMqFVD2DEBi8yNcuSElAz/uJpq3SYiLENM6HN26R:d7XXGLq3SYiLENM6HN26R","tlshash":"8cf353a6f5a0312de4a7c61964d0bafd152f8245d7224bfbf8273b6447892c70a73e4c","first_seen":"2023-04-05T05:11:52Z","last_seen":"2026-05-06T00:07:49.570073Z","times_seen":12499,"resource_available":false,"data":null}},"time_used":583,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":582,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:59.784Z","timestamp":1701666959784,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"E5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD","sha256":"EF:BD:DB:F8:2A:77:8C:C2:9E:F9:E0:B2:26:39:CB:EC:63:F1:80:36:F6:06:6E:F5:E1:6C:45:66:A4:D1:A6:C8"}}},"request":{"raw":"GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1701666918.eurotesting99.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15744\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 30 Nov 2023 04:57:34 GMT\r\nexpires: Fri, 29 Nov 2024 04:57:34 GMT\r\ncache-control: public, max-age=31536000\r\nage: 346700\r\nlast-modified: Wed, 11 May 2022 19:24:48 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15744,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\\012- data","md5":"15d9f621c3bd1599f0169dcf0bd5e63e","sha1":"7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52","sha256":"f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615","sha512":"d35a47162fc160cd5f806c3bb7feb50ec96fdfc81753660ead22ef33f89be6b1bfd63d1135f6b479d35c2e9d30f2360ffc8819efca672270e230635bcb206c82","ssdeep":"384:z1TLklSElcS5V6qQTMUP07JwirW6RlLwK79/:p7EJ5E2bJwi5jLwK79/","tlshash":"8162e00158a163ade9b2327ed10b1b91c40660a27d2504e8c6e4fc95fe3d7ed5487b76","first_seen":"2023-04-05T08:15:27Z","last_seen":"2026-05-06T02:29:51.333518Z","times_seen":159803,"resource_available":true,"data":null}},"time_used":134,"timings":{"blocked":57,"dns":0,"connect":7,"send":0,"wait":19,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/main.js?v=V1.24","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.695Z","timestamp":1701666958695,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/main.js?v=V1.24 HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:35:18 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425dc6-27c0\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=E%2Fazh98ri%2FOKRQsyEboKbzesPbq1dMfi6R%2B2DpHWhWnOYwHlco3cUKeWRrigVALVoQJjk5gcwcLpic9YMGiEhi2xWCf%2FMq9l7GphN8V%2B9%2FGZw0iLWS4SP0Nxr1fYFKHZvDnA9s2uuNjVlVu6%2By0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f8156c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18440,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with CRLF line terminators","md5":"b90b1e7f3effbe0945d51be2591e957a","sha1":"eb699dc823c7297a91317b3d97fde455caa52782","sha256":"f5733054b0df915644a10c7c7bf9f4029dec903183464d982d2af0aab3336412","sha512":"8a9ec4b385beef0c20620fd71b7c2447363e5ae82e649937871ef03c8cc77b5aec4cba0e6669463fd447518815b418839d2656bd4558d452815d31296043ffb4","ssdeep":"96:dE653W3esRZ+Q4I1Jo1AhCubdCmWWaN4rM9258nSjJyT4eTvhP4Voed0r/PLUlA:D53W3TZ+dQCuIvdNjA5jP70/Tr","tlshash":"4c2244587011506645bf373baebf928cfb3a022b92069a127d7c55d45f306b86272eec","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-03-28T09:31:23.227563Z","times_seen":2080,"resource_available":true,"data":null}},"time_used":822,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":822,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/imgy/BG-01.png","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:59.782Z","timestamp":1701666959782,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /imgy/BG-01.png HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:54 GMT\r\ncontent-type: image/png\r\ncontent-length: 26585\r\nlast-modified: Sun, 13 Nov 2022 09:55:20 GMT\r\netag: \"6370bf08-67d9\"\r\nexpires: Wed, 03 Jan 2024 05:15:54 GMT\r\ncache-control: max-age=2592000\r\ncf-cache-status: MISS\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=MpgnnKPoIoA1t1r83aqOrufOD44vfvYzzGdIC2IrfhCm9VezmlA4fbHuXfiaiTmxr6KcVWxYMOKw5CdeUMJGgBEwOct0zMLppkBgZBsNzee6yQXi4WtOhlrraz0Q%2BfyxbFcgjk7lNa0uxRb1zcY%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830193004a5f56c7-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26585,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 800 x 900, 8-bit/color RGBA, non-interlaced\\012- data","md5":"32e5a811d97ee090735b1b91c0504da8","sha1":"eaeafca8c27de39c0445155e2098a45c9710d6e4","sha256":"b4a732b2cfdf0b07576b5fafca34c485db75c90f3c466f54987f62c361c21082","sha512":"c70f06ff26e172e2b2523616af42c46d82838a9fa1519115a3e7aaa11eb070e101c4e24f84c567464147d3e8b38f98251378b61b7cc1f9b9a51d17d7ac565a6d","ssdeep":"384:m7CqOZwlceEU6AA7z/BWjYiGE//QC1toY+fsggn6FQcpgIOaWX7E:jVZwlSAA7TEjYiGbfjgnszpg9ZI","tlshash":"74c21999c91f4832ca10c5f07f56472f79bb2b68c63653161b77b1a826acec5fb03a05","first_seen":"2023-05-22T20:55:19Z","last_seen":"2024-10-04T11:10:52.656192Z","times_seen":1861,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":572,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/public/js/layer_mobile/layer.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.693Z","timestamp":1701666958693,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /public/js/layer_mobile/layer.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 10 Dec 2019 03:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5def0da6-ce8\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=NdOLtcE8IcEEAXUMMzBVxhuMRGCTZ%2FiDCSjgnduhH6MA38feV%2BmufkzhRJ91%2FfI9QRFVVbwLH5vnYfvESPyMQ30e6tzLk%2B9hrBQ0N5MdNXVUSx0vEr7SS3hkpggFb3i%2F7QiYakMIFOKlDJ%2FsB%2Bk%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7f56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3304,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (3435), with no line terminators","md5":"13fd3d5b0fb763160395abbad25d8e57","sha1":"6bc56d44091c873f6b5496ef8be2ed9f36e5220b","sha256":"f1757725deb30f2928f10e427b253f153b0466a60a1c399e9f6bb6cbf5908941","sha512":"1cf9caadb34021fc390c9e13b83336d334de4e635057f0bdb1d9ef15955fe96849e82ba5a7581cfcee911db9a92498d92a830551f550eb3758e2c6346ecad73f","ssdeep":"","tlshash":"0e61c7abf005b23756132085a17f282fb63b6471a5058860d0e2e0be99fddac6837f5d","first_seen":"2023-04-07T00:16:00Z","last_seen":"2025-04-05T12:50:42.269296Z","times_seen":2307,"resource_available":false,"data":null}},"time_used":884,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":884,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/user/login/1701666950.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T05:15:56.001Z","timestamp":1701666956001,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /index/user/login/1701666950.html HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:52 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=KdCC0l%2BOJ3iNtaHA9PLCllsoZEgDJML28lzgis9gRGC0%2Br5mpkhcM2L4hDew4ZY%2F9DKQ%2BkZjP4KQdhpS3yt3tK0fso%2FpiOrFYjBjXtl%2FRR79jlNWzciCxwppV7j7cIG%2BrkeHywBizA5xbaW2Av8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192e898d7b51b-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12339,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":2364,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2364,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/static_new/js/dialog.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.688Z","timestamp":1701666958688,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /static_new/js/dialog.min.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 15 Feb 2020 10:13:12 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5e47c438-6cfa\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Lm9e0sY0d3YMhRIIzYTQMjoR%2BotOt64KF6R8%2F3Ru8pcoyeTATrLOJdipd6xEWhLEMIpAmINRhx6KPse3ur9hAfmOT6jHzjV3uimbj9NUDnFK4XK6lrFYJaHoin%2FSVg%2FMruYxMGhJpOEIMUkdKhs%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7d56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27898,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":675,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":675,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/favicon.ico","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:16:00.134Z","timestamp":1701666960134,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Mon, 04 Dec 2023 05:15:55 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: Accept-Encoding\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=L9mYp9kdCs11h3IEZZkLG1kVWGm853YI70rjP5aFKVdpB48lRGT7H1ShDiH50fo%2B4hoG3HSJKzidx9eU1nbHm3MUPaoQ5MhLyusnQQp08Vfz2xf%2B50RLui%2Fq6hxVYRF30I4J4H2xXkh6umA5aE4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830193026b1c56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":null,"data":{"size":24968,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":607,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":607,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/static_new/css/public.css?v=V1.24","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.675Z","timestamp":1701666958675,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /static_new/css/public.css?v=V1.24 HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Thu, 01 Sep 2022 14:01:26 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6310bb36-43fb\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Uio7EEBLXMZK90Bz49J2iQUVAGuj6foN9e5ubgBCNUdN1qPcaIdxrzJobMukheOuTFiJ0rqmRv0ULV1Tk7Z5aosYD2T2ReoDqFKrzjqcjDJOe%2B%2F0bPNcUSjbYiN1VyfCSTt3pE7cNjZRygdnIDQ%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f92f6856c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17403,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"169e4de5136bed51956394ccd4328122","sha1":"3fca078ed53575c53e868fffa9be8cffe910684c","sha256":"ce9c68517b2551c460aa4225e927dd8a58775df119518be2bdcc6532ea859fe7","sha512":"986e267a9ae76681af37efc78f090413eea362e47126d4500bb7cf8a72f0d8661a4d245678cf860ec766f98db56bbf807ff9e870f797df2776d8db423aa54c86","ssdeep":"192:ilUMZ494EUoQiNCZ5fz9ksnOzaTNUbOnJkFXz9CNvcgIkwUzY5VDb84Xvbzjqoji:aHSmQbX/Soe","tlshash":"0072217a5d081140e27fd3719fea1a99ea35417352022bae76c991874fb271432cffc5","first_seen":"2023-05-17T12:30:16Z","last_seen":"2024-10-04T10:22:11.294605Z","times_seen":1908,"resource_available":false,"data":null}},"time_used":608,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":608,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:59.800Z","timestamp":1701666959800,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"E5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD","sha256":"EF:BD:DB:F8:2A:77:8C:C2:9E:F9:E0:B2:26:39:CB:EC:63:F1:80:36:F6:06:6E:F5:E1:6C:45:66:A4:D1:A6:C8"}}},"request":{"raw":"GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1701666918.eurotesting99.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15920\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 30 Nov 2023 07:29:35 GMT\r\nexpires: Fri, 29 Nov 2024 07:29:35 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 11 May 2022 19:24:45 GMT\r\ncontent-type: font/woff2\r\nage: 337579\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15920,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\\012- data","md5":"3a44e06eb954b96aa043227f3534189d","sha1":"23cef6993ddb2b2979e8e7647fc3763694e2ba7d","sha256":"b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e","sha512":"fab970b250dd88064730bd2603c530f3503abb0af4e4095786877f9660a159bf4ad98c5abea2e95eb39ae8c13417736b5772fcb9f87941ff5e0f383cb172997f","ssdeep":"384:sShqOXQlaSchOwK0uFvRqq3xR/xb5OY3aU/lHS9WE2YeK1os:sShJKaScJK0uFvRvxb5OY3aU/lHkmK","tlshash":"cc62cf5c6a901684c67c29b63b6d616be9a1cd50c2ab73904fdba317d30d3a1e0298fd","first_seen":"2023-04-05T08:15:27Z","last_seen":"2026-05-06T01:26:39.848257Z","times_seen":64620,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":90,"dns":0,"connect":7,"send":0,"wait":8,"receive":2,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/jquery.cookie.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.686Z","timestamp":1701666958686,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/jquery.cookie.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:36:06 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425df6-c31\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=V%2FEoPuSDLbl1r9gr%2BJl%2FQ3zZ9u%2FfCkh1DaabvRLVM1K8BV6tpuauVMjpF72nI5uyO%2FFbEsKO0EexJ90jDL%2BCfNiQE9GISLeposYcMGUtrHj44OjBPqpAJdz8N51TgSjrZfVzcMsm8LLJQYsvgP0%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7c56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3121,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (3441), with no line terminators","md5":"c70a657c6ff1764a238929b6e46fb8e4","sha1":"e2a8eb96b388abf14690ea14fe4af3f600296235","sha256":"466840a5176a0d6bd70e2d5ade5928ad656ca6b9cd3040a241e33478c63f5813","sha512":"5bf73bfebf28b33fa15afeccfb4d215d20bee6f9c318665e0bcd39b370980a7ff8a24a9b32f1dfd13d73d2ed5a6192e798764cd80748eb5fa173b89c1c13f6d1","ssdeep":"","tlshash":"81610f6134fd623e0d9b6bd5676f0468b83ffe70b02406448426b995286c862dba7c5f","first_seen":"2023-04-05T13:41:14Z","last_seen":"2025-04-06T16:07:02.012143Z","times_seen":3258,"resource_available":false,"data":null}},"time_used":380,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/public/js/layer_mobile/need/layer.css","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.691Z","timestamp":1701666958691,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /public/js/layer_mobile/need/layer.css HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Dec 2019 03:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5def0da6-148c\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=4Zf3E%2FOKYlmZoWUlquFm3MVXLqsDjrTOhLJkDAxUewT0aIWjFu38UrjpAUtb0DW33FbHuCdtKCjF6du0sAu8Pm1fSoB2H1aqn0lq6igBxKGhXDCTzpCYW6qgZqHeJBnMWpPfh2tkntG4ar1KQjA%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7e56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5260,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5260), with no line terminators","md5":"633915e62d14a714594b95b974ee0836","sha1":"e11ebb64a70272c4f35b92fea064f27c4b87efad","sha256":"eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6","sha512":"3a0f469c32521c0fe51838b099650f055410cbdabf64659856e009c8d5e1f3a32fed568832282a92892f1398c8557fe1f64a6a34881f711ecd55b41b054d243a","ssdeep":"96:tJA7fs72Cyf26B6ZtbXBh+Bcw0iZRfcSNHIFSf:J72b5YZtbXucwlrESNoa","tlshash":"9cb1c796989303e8b027c51796dc5efe70388d43915209aef157382fc74bdd9b1b260b","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-05-05T05:55:23.70684Z","times_seen":4992,"resource_available":false,"data":null}},"time_used":822,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":822,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/style.css?v=V1.24","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.674Z","timestamp":1701666958674,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/style.css?v=V1.24 HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Wed, 07 Sep 2022 15:17:36 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6318b610-1eb6e\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=Ey7ODfJpHrCYgDivHwBXxk0dmD5Eu5ekke3Wqpo8WVKxa86CEuHa2bqxNMwFAOWHJEpfHfFY7mOfwTp%2F9TbhvAw4Qdu2JVut8g1tZ8GkXm0eOsMOEftSZPKGzvK0R6HlKq1yOZlRTrcGKKgAzxA%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f92f6656c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":125806,"size_decoded":0,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":766,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.css","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.673Z","timestamp":1701666958673,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/swiper/swiper-bundle.min.css HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 05 Mar 2021 16:40:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425ee4-3661\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=dX%2Fl4LeNWgdmevel4imWpRh6cebbuXuqBq90Bg2QDLcvujOHsKNrE8Iqdbd0WQOfxMU9o%2FrcLai1CSYkSnNf2C0LB0%2BdxMgqOxtKGu%2BSx9vH4NfmZ%2BJQoLZMhj1xoM%2FLg33yIWBtNk1JPnQa1Zk%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f92f6556c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13921,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (13663)","md5":"4d0619d7577a990881a0079718c5c92e","sha1":"02553ae8ed1026ae5e1fe6cc5883fd42379e5e68","sha256":"f9a55bcc80d6d8b2815299c5501cddaa8e5f3f697cdb8f5ce1e3e924097117ba","sha512":"b80d7e90703fd0eebc15348ce23793cc936746f356c5d0824a713782ff0b6b2497631413de7739b8f5fd6ee30fb48d60c5405cc66d3ee4b730e7d8e39749cc0d","ssdeep":"384:FlUbeo7zOqgx9BU0m/XCQif65W/1mXA82FH8x:F6br7zOlbhm/X5if65W/1mXA82FQ","tlshash":"8b52236417003837f3774f6e4aa1e6b59f60cc838a934d9db2c0dd44d6fa8b9122eb95","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-05-05T01:10:11.332764Z","times_seen":3488,"resource_available":false,"data":null}},"time_used":572,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":572,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/bootstrap/js/bootstrap.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.684Z","timestamp":1701666958684,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/bootstrap/js/bootstrap.min.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sat, 06 Mar 2021 03:08:34 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6042f232-f7eb\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=UJgsbnxzVlokBK8NmxhlVdUllibT67j9TTNyzS6%2FHqv%2BesmSMnJScxg%2FHaexFNr3PZoc7prXKTTqG3v5uARxHC%2F7oKdyykBw%2FrmNc4BIjhQOuyukvjKpk8Vbsa%2BbkXU53f%2B1cJmhx5V54H6fur8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7a56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":63467,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (63188)","md5":"f0c2bcf5ef0c4476508d79ec9cdcce07","sha1":"3beed68ed7d753c6bf4f61c26386ddd7929ba030","sha256":"edd03b96ae4ff7886406c59d7dfeeaa1b624a7da297bf2f92d0cb6b7f9633cba","sha512":"5ca6bd1de99dcb5522dca486809760332625520d6033e4212fa7279724dedaaccc0989b89c06753ec55ead0cd34d7ce89d447e766b301ea8093eec02ab531a02","ssdeep":"768:0KD1OYYUhTVvO1Nn6u7MTLOarIkSsBAiAH0FcQ2K8FXsb6mH/3bz5vhCG:0G1T145KVdsXc/hhCG","tlshash":"a453750672a4f472059fa176803b0a0bb7362c9de506b16cbad998dd1f7cd443267f3a","first_seen":"2023-03-07T01:03:47Z","last_seen":"2026-05-05T23:26:51.74532Z","times_seen":9916,"resource_available":true,"data":null}},"time_used":759,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":759,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/vue.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.666Z","timestamp":1701666958666,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /vue.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 28 Aug 2022 23:13:22 GMT\r\nvary: Accept-Encoding\r\netag: W/\"630bf692-53fb4\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=n5RYhl4QQW3pzwifGX6YcN2P%2BEm2srvDpGIYg6Mm0o8GebUI%2BmGJhmUUL1tNLmaPEx1FAXLLZcIsPAE7F1VJxch6ts2Hrk%2BQIDs%2FK2g2Gl5%2BTdxgad6gSaA4iMO%2F0DL%2BBhFkYog9N0gPMQFbezU%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f91f6256c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":343988,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"f5c020d18d70f21851364d0570d38127","sha1":"5dba3f5cb7463e356310fc14e26d3358c1b00ed2","sha256":"58692c4b6420c192dcf7620267b09183cf3c4bd6050b31843698e69a59c26e6c","sha512":"1b5b549a89f71d969d8a221659d02f9fafe9f9476d2e98e7baa790ec344593ca74f13671cae19dab346eae4bb8ec6a39759efcf5bfa2ca81c7513ceab92e9025","ssdeep":"3072:TiOkNK65nfn78CZzFYSVMvCCaBQdg7pUPO5knTlB+cwNwDJgYB3lY5TxbMeBUw3F:TU9gCZ6SVVQdg7i7nT+T67BPyVQ4h","tlshash":"4b74b55db9f322a25a5370b94bafa449b278c0130508ce907d8dd3a46f9053857fbfe9","first_seen":"2023-03-12T17:52:29Z","last_seen":"2025-09-30T14:21:27.823334Z","times_seen":1928,"resource_available":true,"data":null}},"time_used":977,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":975,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.googleapis.com/icon?family=Material+Icons","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.668Z","timestamp":1701666958668,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"CC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42","sha256":"9A:90:D4:1D:0C:D1:CA:9D:4D:19:37:44:C4:E6:E4:28:27:C0:F5:0A:9C:B4:56:89:C4:D1:8A:63:A7:01:28:54"}}},"request":{"raw":"GET /icon?family=Material+Icons HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 04 Dec 2023 05:15:53 GMT\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":565,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (588), with no line terminators","md5":"bdcf60bde5544e1017e1f2e60888a9c7","sha1":"6fb24309b7ff90c1c99d19c0c7a127a16508840e","sha256":"d701601406acfca6bfc0c58b411446e3e0e96c659f35c143355d3dd72c390952","sha512":"6f5e7bfa0f258ba27a9333e2f94fc571a8a081cc9bdeba6cbc113cafac97736490572c5d9a55619dd8017d07c4e997cfe09e1d936399e37464f5fed27765ed39","ssdeep":"","tlshash":"32f0eb29fe06984451220f923bcf37210d0f2a1fa43684ba4b510e5f4cfb0b6038a30e","first_seen":"2023-04-05T02:48:12Z","last_seen":"2024-08-21T09:44:09.510513Z","times_seen":6263,"resource_available":false,"data":null}},"time_used":160,"timings":{"blocked":57,"dns":0,"connect":8,"send":0,"wait":21,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,500,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.671Z","timestamp":1701666958671,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"CC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42","sha256":"9A:90:D4:1D:0C:D1:CA:9D:4D:19:37:44:C4:E6:E4:28:27:C0:F5:0A:9C:B4:56:89:C4:D1:8A:63:A7:01:28:54"}}},"request":{"raw":"GET /css?family=Roboto:300,400,500,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 04 Dec 2023 05:15:53 GMT\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9108,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (9360), with no line terminators","md5":"311d8cdf954644f222105d26d89d1d7f","sha1":"1445a416c8f15a49fb6afb69d25b8ccb01db4b66","sha256":"45d9a25c93de59121371b5487af8dd0ed67b61136cf072a7622f202a11740f8d","sha512":"d52487dbd8108b0664831871908bdcc934c396d770a6626813909a262ffdd9c3d516b4ca035834b05b6cb951b7564e4d71c7700051d4e7b4871a390b2e17e669","ssdeep":"192:/AP0XBIOY5oRWjgZFJCE+PGhMzfKSmnzvTrIQUDR1I:/AP0XBIOooRWjgZFJbiGhMzfKS0zvTrB","tlshash":"7612ae91581b5400eb830ee637df7a35bd0f2b2560728132abfd68ae5dcbc22135874d","first_seen":"2023-05-05T11:56:12Z","last_seen":"2024-08-21T09:44:15.772178Z","times_seen":3055,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":54,"dns":1,"connect":9,"send":0,"wait":20,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/css/app.css","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.677Z","timestamp":1701666958677,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /css/app.css HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 18 Oct 2022 13:16:50 GMT\r\nvary: Accept-Encoding\r\netag: W/\"634ea742-5ea3\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gcI2ijr%2F5cOxxZ0xD%2FWxaqq6LiAPrc8ls%2BKfn%2FZvmyYRSlFZu77q9P1oy9wO0Xja9BNoySqUWRWRPyV7ePmdb6IGcu1V8F4BEoOpt1CNaA7DqTnCxxUbpXeH8CYTzrAu0nnHH0ovrkzvHPKVeAc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f92f6956c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24227,"size_decoded":0,"mime_type":"text/css","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":357,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":357,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/swiper/swiper-bundle.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.685Z","timestamp":1701666958685,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/swiper/swiper-bundle.min.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:54 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:40:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425ee4-222b9\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gvyDuE7ZqDVmavnFPypR9oauRaarw3sL22v2mIoYMFyBBBiEHTmQqKChz3RPPWIhmGlnhMoPYpIH%2FFi1s2oWPTfRGsM6QOsiWmYwOlJTUqeinTvKXmu5KrMpqor9botsAD1ijAhgNw1Ujkno0Ww%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7b56c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":139961,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65278)","md5":"c4358cb63a4b96c5d71a2fb630871f30","sha1":"be3b7d9d5bbd680d035f768345778d84eb08fe23","sha256":"c26293076ae548cd0614c5946e9c16f34bd7810fd2f63deeaa28df61ce935229","sha512":"35a85c90dfa0ac1e9f4b1bb7bd074a8b20baf6cc235bafb16148da3d55931ad46e89af33508970da09208e166601df250040841d5dc7742b9d6ab9c065a5a467","ssdeep":"3072:U79yoiRfIBB4G+yMwoSpADH79cVOJjBqcxN:k9ytlByMwoSpADH79cVOJjBqcL","tlshash":"9dd3188db354b2e151e72256539ed10263b65845b80ac1a470b68cd7acbde8c03bfefd","first_seen":"2023-03-07T12:20:59Z","last_seen":"2026-05-05T05:37:42.380192Z","times_seen":3895,"resource_available":true,"data":null}},"time_used":1027,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1027,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:59.794Z","timestamp":1701666959794,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"GTS CA 1C3","organization":"Google Trust Services LLC"},"validity":{"start":"Mon, 23 Oct 2023 11:24:07 GMT","end":"Mon, 15 Jan 2024 11:24:06 GMT"},"fingerprint":{"sha1":"E5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD","sha256":"EF:BD:DB:F8:2A:77:8C:C2:9E:F9:E0:B2:26:39:CB:EC:63:F1:80:36:F6:06:6E:F5:E1:6C:45:66:A4:D1:A6:C8"}}},"request":{"raw":"GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://1701666918.eurotesting99.cc\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 15860\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 29 Nov 2023 21:13:56 GMT\r\nexpires: Thu, 28 Nov 2024 21:13:56 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 11 May 2022 19:24:42 GMT\r\ncontent-type: font/woff2\r\nage: 374518\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15860,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\\012- data","md5":"e9f5aaf547f165386cd313b995dddd8e","sha1":"acdef5603c2387b0e5bffd744b679a24a8bc1968","sha256":"f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860","sha512":"2a71edb5490f286642a874d52a1969f54282bc43cb24e8d5a297e13b320321fb7b7af5524eac609cf5f95ee08d5e4ec5803e2a3c8d13c09f6cc38713c665d0ce","ssdeep":"384:S7qmPTF4N21t//YW2FS6+1XxrsbGmjlAbvqMmtCN:S621tHY4xwbGmjloSM7N","tlshash":"1a62d0058ba5850bf5b907fb0e1ab7ee30664b523c8c42278348073970db47a6b2b1fd","first_seen":"2023-04-05T14:47:55Z","last_seen":"2026-05-06T02:29:51.334125Z","times_seen":90820,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":47,"dns":0,"connect":7,"send":0,"wait":9,"receive":10,"ssl":39},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2023-12-04T05:15:54.094Z","timestamp":1701666954094,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /index/index/user/login/1701666919.html/index/user/login/1701666919.html/index/user/login/1701666932.html HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 301 Moved Permanently\r\ndate: Mon, 04 Dec 2023 05:15:50 GMT\r\ncontent-type: text/html; charset=utf-8\r\nset-cookie: think_var=en_us; expires=Mon, 04-Dec-2023 05:45:49 GMT; Max-Age=1799; path=/; HttpOnly\ns9851347b=nv42f0kb156bol713k5bnaleb7; path=/; HttpOnly\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\npragma: no-cache\r\ncache-control: no-cache,must-revalidate\r\nlocation: /index/user/login/1701666950.html\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=H7UKtHXbzIJ1n%2FQIsmdqKwZ36DV3BKAIYT5l%2F0xtX%2Bz7aLAMhCwGx%2Bp1RpmpkauACgq9cvoY6ygBD1A3Etjk%2BTsu1iQYP84yKSJ9POfcT1foTkcM7yOuL03QQydkD%2FSONu4%2Bkjaj5Jss%2BWRgNN4%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192dccc28b51b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":null,"data":{"size":12339,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-06T02:45:52.177229Z","times_seen":14716384,"resource_available":true,"data":null}},"time_used":1914,"timings":{"blocked":11,"dns":1,"connect":1,"send":0,"wait":1890,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/public/js/layer_mobile/need/layer.css?2.0","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:59.853Z","timestamp":1701666959853,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /public/js/layer_mobile/need/layer.css?2.0 HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:55 GMT\r\ncontent-type: text/css\r\nlast-modified: Tue, 10 Dec 2019 03:14:46 GMT\r\nvary: Accept-Encoding\r\netag: W/\"5def0da6-148c\"\r\nexpires: Mon, 04 Dec 2023 17:15:55 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=gOX4zXLN6YYouEtNL3oV8Dq9DGGpOx2hLY4Tw%2BnTkjsMy63rsdl%2FNc%2B91wv8O%2BnJF81pF611vjAAX%2FNqeBB21f1noXRfLPBVvcuSKSdw9w7PVThQIBICqHLStMBXkci4NujgUdrcoyJmkd5hKQc%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 83019300baa256c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5260,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (5260), with no line terminators","md5":"633915e62d14a714594b95b974ee0836","sha1":"e11ebb64a70272c4f35b92fea064f27c4b87efad","sha256":"eecc7effcae5f246e6212c30c525cee9e11cadedc7d32aa6def213f1a90d98f6","sha512":"3a0f469c32521c0fe51838b099650f055410cbdabf64659856e009c8d5e1f3a32fed568832282a92892f1398c8557fe1f64a6a34881f711ecd55b41b054d243a","ssdeep":"96:tJA7fs72Cyf26B6ZtbXBh+Bcw0iZRfcSNHIFSf:J72b5YZtbXucwlrESNoa","tlshash":"9cb1c796989303e8b027c51796dc5efe70388d43915209aef157382fc74bdd9b1b260b","first_seen":"2023-04-07T00:16:00Z","last_seen":"2026-05-05T05:55:23.70684Z","times_seen":4992,"resource_available":false,"data":null}},"time_used":756,"timings":{"blocked":8,"dns":0,"connect":0,"send":0,"wait":748,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"1701666918.eurotesting99.cc/red/popper.min.js","fqdn":"1701666918.eurotesting99.cc","domain":"eurotesting99.cc","tld":"cc"},"ip":{"addr":"104.21.16.54","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://1701666918.eurotesting99.cc/index/user/login/1701666950.html","date":"2023-12-04T05:15:58.683Z","timestamp":1701666958683,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"eurotesting99.cc","organization":""},"issuer":{"commonName":"GTS CA 1P5","organization":"Google Trust Services LLC"},"validity":{"start":"Sun, 26 Nov 2023 12:31:35 GMT","end":"Sat, 24 Feb 2024 12:31:34 GMT"},"fingerprint":{"sha1":"6E:75:69:3D:1B:A2:65:1E:83:B2:C8:FE:CE:BE:BB:54:6B:15:4B:93","sha256":"98:3D:3E:9B:88:5A:09:CD:3D:72:83:37:AC:D8:1C:22:B2:80:9B:97:CF:6A:17:DE:5D:B1:C2:77:F0:DF:5E:84"}}},"request":{"raw":"GET /red/popper.min.js HTTP/1.1\r\nHost: 1701666918.eurotesting99.cc\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://1701666918.eurotesting99.cc/index/user/login/1701666950.html\r\nCookie: think_var=en_us; s9851347b=nv42f0kb156bol713k5bnaleb7\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 04 Dec 2023 05:15:53 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Fri, 05 Mar 2021 16:34:56 GMT\r\nvary: Accept-Encoding\r\netag: W/\"60425db0-520c\"\r\nexpires: Mon, 04 Dec 2023 17:15:53 GMT\r\ncache-control: max-age=43200\r\ncf-cache-status: MISS\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v3?s=86FM7hqlL785RpwsIMP1xeA4ADwGhG9dEU1DivFEFOCsyMsntN3KCqqTTUYrrGRfFlQd2I2%2FXky9yZfDK9AAq5LxFvcX3eAc2hAvewunzbwiTVwOadRMDs%2BKLLuiSFIMsJx0J0KrSuh%2F9cuGFG8%3D\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=86400; includeSubDomains; preload\r\nx-content-type-options: nosniff\r\nserver: cloudflare\r\ncf-ray: 830192f93f7956c7-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21004,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (20831)","md5":"56456db9d72a4b380ed3cb63095e6022","sha1":"6dbce88aee15b42f29083df7a07513cf3b486ba0","sha256":"66f3a07e1fa9b64a686b66381e4458dbc8abf3dbbff954720c4eec07b84411c2","sha512":"e56bd96b837b26add354d0a9e2b8dc04c95cea94f7959ee05718ed23a224296fae22d49afab160b45963bd99c2c501a3f12517e431eb68a13a327ff8b262b50a","ssdeep":"384:kmQkLrwVOyzirVyKnxRsIB9Db5HjiWn8xHOxvRVgD75zBY5vImg3FzGpL9ARdOgS:vLsgyziJp3Db5OxHOxvYD73Y5vQzyL9p","tlshash":"1992b4cc3294b06643a791a7a0af960fb2339875610e9410f19df2d97c30ef9a13bc79","first_seen":"2023-03-07T01:06:27Z","last_seen":"2026-05-06T02:14:07.459927Z","times_seen":17722,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":384,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - Salesforce","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with Salesforce phishing","tags":["salesforce","phishing"],"meta":null}]}}]}