Report - glaisterennor.my.salesforce.com/

Report Overview

Submitted URL
glaisterennor.my.salesforce.com/
IP
13.50.12.179
ASN
#16509 AMAZON-02
Submitted
2024-05-07 21:43:26
Access
public
Website Title
Login | Salesforce
Final URL
glaisterennor.my.salesforce.com/
Tags
salesforce phishing
urlquery detections
Phishing - Salesforce

Detections

urlquery
13
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
login.salesforce.com	5976	1998-12-02	2012-08-28	2024-05-07	1.2 kB	10 kB	85.222.152.67
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-05-07	883 B	164 kB	142.250.74.168
use.fontawesome.com	942	2012-10-18	2017-01-30	2024-05-06	2.3 kB	202 kB	104.21.27.152
www.glaister.co.nz	unknown	2011-07-18	2014-12-16	2019-07-15	8.2 kB	2.5 MB	103.253.193.2
fast.fonts.net	2905	1999-03-03	2013-07-13	2024-05-06	3.0 kB	113 kB	104.16.41.28
glaisterennor.my.salesforce.com	unknown	unknown	No data	No data	7.4 kB	850 kB	13.50.12.179
jpn144.sfdc-mchho0.salesforce.com	unknown	unknown	No data	No data	680 B	11 kB	52.192.137.143

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (20)

	URL	Size	First Seen	Last Seen
	glaisterennor.my.salesforce.com/jslibrary/LoginHint208.js	20 kB	2024-02-12	2024-05-18
Pretty URL glaisterennor.my.salesforce.com/jslibrary/LoginHint208.js IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-12 10:33:33 Last Seen2024-05-18 23:27:07 Times Seen263 Hash f1b06a808e5910093e3a8ecd1c70d695 d6ea29b885998bd24811333f6ceaffce42400f7d b4e09e04175d3fc81542f40d4d227db48c6199f93ca2737a1ce91e9e57865dff Loading...

	glaisterennor.my.salesforce.com/jslibrary/baselogin4.js	3.7 kB	2023-09-22	2024-05-18
Pretty URL glaisterennor.my.salesforce.com/jslibrary/baselogin4.js IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 22:31:15 Last Seen2024-05-18 23:27:07 Times Seen116 Hash aa7120617be6552d18958a4f2126e31c ac4cd593a586e9ed6a1e594c6cfd16c29cefe10c e1457f4e0fc2f7491437a31828d6354cb60e1f246dfb793878590a7f8a0c73cc Loading...

	login.salesforce.com/jslibrary/SessionServer212.js	26 kB	2024-04-19	2024-05-18
Pretty URL login.salesforce.com/jslibrary/SessionServer212.js IP 85.222.152.67 ASN #14340 SALESFORCE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 01:41:30 Last Seen2024-05-18 23:27:07 Times Seen208 Hash 73a1f29e8c7cd49d00053c5ae784dfa9 eaec29f3ebaa1a5fadf3d326b7d395dfdc9296b7 0e21ffa9feb64d907c7ac56565cd75ebd0db526708f76dfa9ce60e91bf014e7e Loading...

	www.google-analytics.com/analytics.js	4.7 kB	2023-04-11	2024-05-19
Pretty URL www.google-analytics.com/analytics.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 16:53:55 Times Seen350224 Hash f24128d0c9cba7be2916c693427a3483 1b6397d496ea896ebc2018b01b995cee4f166029 58173de4697da1a218f04c3a783a733bab4e769ceabc37cd42da9dc3e036a7e8 Loading...

	www.googletagmanager.com/gtag/js?id=G-3DXV3CCKCZ&l=dataLayer&cx=c	248 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=G-3DXV3CCKCZ&l=dataLayer&cx=c IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:43:35 Last Seen2024-05-07 23:43:35 Times Seen2 Hash e1e30c3aadbba0262bbbc8e609feba3d a994badca1e3d3ce725b9b992fe687db4c9b27da 38ca53f9bbf300576c36aea9983d98352dfd8fc6f81d420947aa919be52522be Loading...

	glaisterennor.my.salesforce.com/	660 B	2024-04-19	2024-05-10
Pretty URL glaisterennor.my.salesforce.com/ IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 01:41:30 Last Seen2024-05-10 04:39:20 Times Seen3 Hash f2a4929b9d270d7646609f121a64b604 f51e4e0a8ada8835d01978a1e4c7d482bd9f5fae 01567088506517abf17d12782f9b3219eafa4cb1ec9ce95386de734ea3ecb658 Loading...

	glaisterennor.my.salesforce.com/jslibrary/SfdcSessionBase208.js	16 kB	2023-09-22	2024-05-18
Pretty URL glaisterennor.my.salesforce.com/jslibrary/SfdcSessionBase208.js IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 22:31:15 Last Seen2024-05-18 23:27:07 Times Seen268 Hash eede1b37a00f77c1143e618cf980b866 95388a2520cd89b8c9a837a336688520dee7ef45 680ee03715036c635c33fdd03f1ba69538ed2af3f569e2cc901c937653f90f06 Loading...

	glaisterennor.my.salesforce.com/	26 B	2023-03-07	2024-05-18
Pretty URL glaisterennor.my.salesforce.com/ IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:55:54 Last Seen2024-05-18 23:27:04 Times Seen339 Hash 8103d3e8387e32cf361c0e8b2b344c51 9e5587feb21500aa44b24cf8443e30a496d3a088 73f9e62599202c81dea54a9448af6f96f07177807f358ca43cf3533581e88b6f Loading...

	www.googletagmanager.com/gtag/js?id=UA-177510329-1	208 kB	2024-05-07	2024-05-07
Pretty URL www.googletagmanager.com/gtag/js?id=UA-177510329-1 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-05-07 23:43:35 Last Seen2024-05-07 23:43:35 Times Seen2 Hash 1d64a581e35037f51729e15aa6654a85 57e9993db8f4f21175da72a8c7eef8fbd4a12978 2a33ab82a0a709c48cf6a3a17ad368ebe327f0202008bc3775528cd827565642 Loading...

	www.glaister.co.nz/	155 B	2024-04-19	2024-05-10
Pretty URL www.glaister.co.nz/ IP 103.253.193.2 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 01:41:30 Last Seen2024-05-10 04:39:20 Times Seen3 Hash 37b4f2dfd55e91c7898bad9276f7d1de 2ffbe532102ed3a2713f49ab45cbfa697806b142 52ac9885c4df4760d269d6878e62902c45652edd68d794adaa2bd57117739b77 Loading...

	glaisterennor.my.salesforce.com/sandbox%20eval%20code	147 B	2023-04-11	2024-05-19
Pretty URL glaisterennor.my.salesforce.com/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:07:53 Last Seen2024-05-19 16:53:54 Times Seen350740 Hash 92b651082ce234f66bb544e678befda3 14c21c55ddce43b6f677caadf51d4ab98c6a3df8 25d57d1d97abeb84531d3d3e5754dd5cb19a2c115edfa7cfc7af8247084faded Loading...

	www.glaister.co.nz/themes/mytheme/combined/combined-1.js?m=1646287021	201 kB	2024-04-19	2024-05-10
Pretty URL www.glaister.co.nz/themes/mytheme/combined/combined-1.js?m=1646287021 IP 103.253.193.2 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 01:41:30 Last Seen2024-05-10 04:39:21 Times Seen6 Hash df6214b5552f5c2b5991e4fb432cb2c1 db3b4d7be894b11f1113bad15c790d2977937ec7 bfdc62e84a717d4f2bcbd30dda4173ce9b35f3c1ae87d9164fcd87de97fb26dd Loading...

	www.glaister.co.nz/	963 B	2024-05-07	2024-05-07
Pretty URL www.glaister.co.nz/ IP 103.253.193.2 ASN #38719 Dreamscape Networks Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-07 23:43:35 Last Seen2024-05-07 23:43:35 Times Seen1 Hash 7bfaf6ea00d58ab25a9bdadab701a2e0 8724ecad86ad6e01a3034850d3b265f6a29c7b7b b9b2de01d81cae73bdb2c84e674bd2f741f8a8fc2888b77e56f6bf66c271dc46 Loading...

	glaisterennor.my.salesforce.com/	36 B	2023-03-07	2024-05-18
Pretty URL glaisterennor.my.salesforce.com/ IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:55:54 Last Seen2024-05-18 23:27:04 Times Seen325 Hash d0c5cce62dc464e89fae808d1640c900 4afe4cb9dfef577682db08964d47ab44d712ec7b e9bcfe3afd2e8f3d30686f9b65b059b564e681174496d3d431c4b31089135290 Loading...

	glaisterennor.my.salesforce.com/jslibrary/LoginMarketingSurveyResponse.js	1.2 kB	2023-09-22	2024-05-18
Pretty URL glaisterennor.my.salesforce.com/jslibrary/LoginMarketingSurveyResponse.js IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-22 22:31:15 Last Seen2024-05-18 23:27:04 Times Seen118 Hash d2416ba9d293cfeee10328340f1110aa e9b6af4500700ba97482fed0c5482255eeae0da0 cc67dfeba43d6c94d69dd0c640cc261281a9884e91c933b3aa3e023fd14ad27d Loading...

	use.fontawesome.com/e4d1c6444a.js	2.7 kB	2024-04-19	2024-05-10
Pretty URL use.fontawesome.com/e4d1c6444a.js IP 104.21.27.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-19 01:41:30 Last Seen2024-05-10 04:39:20 Times Seen4 Hash fc1f90b3daa0973bd28177b9c4a2b0f1 61bda8dbe065fe5a5eb43120a8b05a1585c81b8f 15dc7396995e51087e00fa6c1250fea32bb46e7442085f26394da05cfbd0b225 Loading...

	use.fontawesome.com/webfontloader/1.6.24/webfontloader.js	12 kB	2023-03-07	2024-05-10
Pretty URL use.fontawesome.com/webfontloader/1.6.24/webfontloader.js IP 104.21.27.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:42 Last Seen2024-05-10 04:39:21 Times Seen456 Hash 9064ce12d2c81f68123c93bc1a8b0cad 44a3a4a8cbd7a3a77d4a7314d9d2b9d28a3fb56a 2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac Loading...

	glaisterennor.my.salesforce.com/	439 B	2024-04-19	2024-05-10
Pretty URL glaisterennor.my.salesforce.com/ IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-19 01:41:30 Last Seen2024-05-10 04:39:20 Times Seen3 Hash 672d68359197a01400d00f41c52c643e 91ca49c2b431353013b29fd3d506d08c229ba102 dc236b8f44ee22cf05a652092cf8d7580ce5ab373840727f1da9cd970384cb77 Loading...

	unknown	11 B	2023-03-08	2024-05-18
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-03-08 02:17:24 Last Seen2024-05-18 23:27:04 Times Seen394 Hash 4b80dcd0c4d0cacaf9e50f8afc01d5a5 b51772b16ae628996bf9bff731d7ba48eaee7652 12c24a63d2c9e7daddf3e42c629b68ad0fc0ad83d292f04f2c3d41d34e294b1a Loading...

	glaisterennor.my.salesforce.com/	0 B	2023-03-07	2024-05-19
Pretty URL glaisterennor.my.salesforce.com/ IP 13.50.12.179 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-19 16:57:26 Times Seen37835004 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (42)

URL IP Response Size

glaisterennor.my.salesforce.com/css/sfdc_210.css?v=2

13.50.12.179

200 OK

4.3 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/css/sfdc_210.css?v=2
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size
4.3 kB (4321 bytes)
Hash
849cd603e2afe999609b2837951e6228
ed0a93d81262d6227ef810b68028a4adb5246107
ad3ae042d4a2cc2312ac8467a05c5695bde991c4cd555ea4c244c42706965eaa

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /css/sfdc_210.css?v=2 HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:00 GMT
content-type: text/css
x-sfdc-request-check: 2
expires: Wed, 04 Sep 2024 21:43:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cache-control: public,max-age=10368000
vary: Accept-Encoding
last-modified: Wed, 28 Feb 2024 21:26:09 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
x-robots-tag: none
server: sfdcedge
x-sfdc-request-id: 7a0174312f754c40941ed018b7254e87
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

jpn144.sfdc-mchho0.salesforce.com/brand-asset/CAAAAY9WuGDbAAAAAAAAAAAAAAAAAAAAAAAA-EFOjxYYbup7YZtWOhCYs9Bllvx1j6DDaHlvr-tnLx1oEjamOeND7BQDjHvRHmyxRAoNfaPVzBTWBHdD2HZVqJRTFzd37zeJCLqyyYrXbWKE

52.192.137.143

200 OK

10 kB

URL GET HTTP/2
jpn144.sfdc-mchho0.salesforce.com/brand-asset/CAAAAY9WuGDbAAAAAAAAAAAAAAAAAAAAAAAA-EFOjxYYbup7YZtWOhCYs9Bllvx1j6DDaHlvr-tnLx1oEjamOeND7BQDjHvRHmyxRAoNfaPVzBTWBHdD2HZVqJRTFzd37zeJCLqyyYrXbWKE
IP
52.192.137.143:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectjpn144.sfdc-mchho0.salesforce.com
Fingerprint3F:58:E6:66:13:8C:27:23:B3:F8:56:3A:6B:8C:EE:38:30:47:32:E7
ValidityMon, 14 Aug 2023 00:00:00 GMT - Tue, 13 Aug 2024 23:59:59 GMT

File type
PNG image data, 250 x 125, 8-bit/color RGBA, non-interlaced
Size
10 kB (9980 bytes)
Hash
9d48c515ae968babd29d60892caec0af
7c48b92c6dd2133b0c9c0e427af3526b949c29d7
531cb5b90d3443702841927f297b3fd467410ef621d8f75e405ed461bdbcf54e

HTTP Headers

GET /brand-asset/CAAAAY9WuGDbAAAAAAAAAAAAAAAAAAAAAAAA-EFOjxYYbup7YZtWOhCYs9Bllvx1j6DDaHlvr-tnLx1oEjamOeND7BQDjHvRHmyxRAoNfaPVzBTWBHdD2HZVqJRTFzd37zeJCLqyyYrXbWKE HTTP/1.1
Host: jpn144.sfdc-mchho0.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
set-cookie: CookieConsentPolicy=0:0; path=/; expires=Wed, 07-May-2025 21:43:01 GMT; Max-Age=31536000; secure; SameSite=None
LSKey-c$CookieConsentPolicy=0:0; path=/; expires=Wed, 07-May-2025 21:43:01 GMT; Max-Age=31536000; secure; SameSite=None
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
x-robots-tag: none
referrer-policy: origin-when-cross-origin
cache-control: public,max-age=3888000
content-type: image/png
p3p: CP="CUR OTR STA"
expires: Fri, 21 Jun 2024 21:43:01 GMT
last-modified: Fri, 1 May 2020 00:45:54 GMT
content-length: 9980
X-Firefox-Spdy: h2

85.222.152.67

200 OK

98 B

URL GET HTTP/1.1
login.salesforce.com/login/sessionserver212.html
IP
85.222.152.67:443
ASN
#14340 SALESFORCE

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectlogin.salesforce.com
Fingerprint96:B3:67:7B:A1:37:62:48:91:14:43:0A:1F:CF:BF:7D:16:08:B6:17
ValidityTue, 05 Mar 2024 00:00:00 GMT - Wed, 05 Feb 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
98 B (98 bytes)
Hash
f1375ef84643a5974d735836e66d3829
a8ea06a865b284d2965aeb5108c445ff53e5a285
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811

HTTP Headers

GET /login/sessionserver212.html HTTP/1.1
Host: login.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:43:01 GMT
Set-Cookie: CookieConsentPolicy=0:0; path=/; expires=Wed, 07-May-2025 21:43:01 GMT; Max-Age=31536000; secure; SameSite=None
LSKey-c$CookieConsentPolicy=0:0; path=/; expires=Wed, 07-May-2025 21:43:01 GMT; Max-Age=31536000; secure; SameSite=None
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: upgrade-insecure-requests
Referrer-Policy: origin-when-cross-origin
Cache-Control: public,max-age=86400
Expires: Wed, 08 May 2024 21:43:01 GMT
Last-Modified: Wed, 23 Aug 2017 20:39:30 GMT
Content-Type: text/html;charset=UTF-8
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

85.222.152.67

200 OK

8.8 kB

URL GET HTTP/1.1
login.salesforce.com/jslibrary/SessionServer212.js
IP
85.222.152.67:443
ASN
#14340 SALESFORCE

Requested by
https://login.salesforce.com/login/sessionserver212.html
Certificate
IssuerDigiCert Inc
Subjectlogin.salesforce.com
Fingerprint96:B3:67:7B:A1:37:62:48:91:14:43:0A:1F:CF:BF:7D:16:08:B6:17
ValidityTue, 05 Mar 2024 00:00:00 GMT - Wed, 05 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (575)
Size
8.8 kB (8843 bytes)
Hash
73a1f29e8c7cd49d00053c5ae784dfa9
eaec29f3ebaa1a5fadf3d326b7d395dfdc9296b7
0e21ffa9feb64d907c7ac56565cd75ebd0db526708f76dfa9ce60e91bf014e7e

HTTP Headers

GET /jslibrary/SessionServer212.js HTTP/1.1
Host: login.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://login.salesforce.com/login/sessionserver212.html
DNT: 1
Connection: keep-alive
Cookie: BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg; CookieConsentPolicy=0:0; LSKey-c$CookieConsentPolicy=0:0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 07 May 2024 21:43:01 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Cache-Control: public,max-age=10368000
Expires: Wed, 04 Sep 2024 21:43:01 GMT
Last-Modified: Wed, 10 Apr 2024 05:45:26 GMT
Content-Type: application/x-javascript
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Transfer-Encoding: chunked

glaisterennor.my.salesforce.com/favicon.ico

13.50.12.179

200 OK

6.5 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/favicon.ico
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
6.5 kB (6482 bytes)
Hash
97170dbdfa00950ddb98008d114b9a13
55fcca549138ed8fd50c7c1ce7c6625d5f8b85c2
0ea1aaed0850eaa4592cfb525a25b28c2eccc3e7bc70177b18a127ddc9b12fa0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:03 GMT
content-type: image/x-icon
x-sfdc-request-check: 2
x-content-type-options: nosniff
cache-control: public,max-age=3888000
expires: Fri, 21 Jun 2024 21:43:02 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
x-robots-tag: none
server: sfdcedge
x-sfdc-request-id: 6b2f8b38ea8b23876000fca9083cb295
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-177510329-1

142.250.74.168

200 OK

75 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=UA-177510329-1
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.glaister.co.nz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
75 kB (74835 bytes)
Hash
1d64a581e35037f51729e15aa6654a85
57e9993db8f4f21175da72a8c7eef8fbd4a12978
2a33ab82a0a709c48cf6a3a17ad368ebe327f0202008bc3775528cd827565642

HTTP Headers

GET /gtag/js?id=UA-177510329-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 21:43:04 GMT
expires: Tue, 07 May 2024 21:43:04 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 74835
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

use.fontawesome.com/e4d1c6444a.js

104.21.27.152

200 OK

85 kB

URL GET HTTP/2
use.fontawesome.com/e4d1c6444a.js
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (2566)
Size
85 kB (84652 bytes)
Hash
fc1f90b3daa0973bd28177b9c4a2b0f1
61bda8dbe065fe5a5eb43120a8b05a1585c81b8f
15dc7396995e51087e00fa6c1250fea32bb46e7442085f26394da05cfbd0b225

HTTP Headers

GET /e4d1c6444a.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:04 GMT
content-type: text/javascript
etag: W/"fc1f90b3daa0973bd28177b9c4a2b0f1"
last-modified: Fri, 22 Sep 2023 01:35:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f%2Bd0KMJsDxQIcb4VJVqlKd55nsznuELs3nlsjX01%2FtUhZrPvrVlGuIWmXzu30vyA5JfhhJkj0BACdIaP7Wp%2F8%2BFnHqZI9rb02bTCuChynrKnXdICDV0MM8c0TGbosZn7avs0SQkZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804622e9d2f0b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

www.glaister.co.nz/themes/mytheme/combined/combined-1.css?m=1600401293

103.253.193.2

200 OK

7.2 kB

URL GET HTTP/2
www.glaister.co.nz/themes/mytheme/combined/combined-1.css?m=1600401293
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
ASCII text, with very long lines (32684)
Size
7.2 kB (7179 bytes)
Hash
40ea892dce2648b70de124c40d2add5c
3f7afbc2cd6d5b4d3d4785625ab058454b59020e
ada99838b208ab0c0c3ac1cd71ab460e0f5bbe499eef8b92ae7a94bd220f7566

HTTP Headers

GET /themes/mytheme/combined/combined-1.css?m=1600401293 HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: text/css
last-modified: Fri, 18 Sep 2020 03:54:53 GMT
vary: Accept-Encoding
cache-control: max-age=604800, public
etag: W/"5f642f8d-843b"
x-powered-by: PleskLin
content-encoding: gzip
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-3DXV3CCKCZ&l=dataLayer&cx=c

142.250.74.168

200 OK

88 kB

URL GET HTTP/3
www.googletagmanager.com/gtag/js?id=G-3DXV3CCKCZ&l=dataLayer&cx=c
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://www.glaister.co.nz/
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint93:6B:D2:9D:92:BE:2D:D8:02:67:82:83:5E:EF:A3:F9:13:F3:26:AE
ValidityTue, 16 Apr 2024 03:18:45 GMT - Tue, 09 Jul 2024 03:18:44 GMT

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
88 kB (87894 bytes)
Hash
e1e30c3aadbba0262bbbc8e609feba3d
a994badca1e3d3ce725b9b992fe687db4c9b27da
38ca53f9bbf300576c36aea9983d98352dfd8fc6f81d420947aa919be52522be

HTTP Headers

GET /gtag/js?id=G-3DXV3CCKCZ&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 07 May 2024 21:43:05 GMT
expires: Tue, 07 May 2024 21:43:05 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 87894
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.glaister.co.nz/themes/mytheme/combined/dottedlinecpastrokebda45esc1.svg

103.253.193.2

200 OK

195 B

URL GET HTTP/2
www.glaister.co.nz/themes/mytheme/combined/dottedlinecpastrokebda45esc1.svg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
SVG Scalable Vector Graphics image
Size
195 B (195 bytes)
Hash
af7cd461f3bae8754d097a0d23e1e1e0
61056053d2d9de859930f22253bf17a44b5e7eb4
b0d8a0e601886f942e323ed90bc97304ffcc9fce985306b99efe61ea41ccd16e

HTTP Headers

GET /themes/mytheme/combined/dottedlinecpastrokebda45esc1.svg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/themes/mytheme/combined/colorscheme-1-live.css?m=1600401292
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:05 GMT
content-type: image/svg+xml
content-length: 195
x-accel-version: 0.01
last-modified: Fri, 18 Sep 2020 03:54:53 GMT
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=604800, public
x-powered-by: PleskLin
X-Firefox-Spdy: h2

fast.fonts.net/dv2/14/3ded7064-503f-4fa0-853b-9f7a2cf55f20.woff2?d44f19a684109620e4841571a390e818464d53007380443c77caecd356c9fd4641f9c04d94bfc72b184ba47bc8c51c8a55ac9003cd2116d745d6b10e8f8b3d7afbcb5183ee9fe5d49f49fc8b3481199965777afebd9ade27434ab5d7b8ca1510402906ef2b52db8a0215d78052e23a66dab3354ffc4a0b20150de79fb9fcb0ae5e733ada98f0d004f1513ecb1c4f6deccf186420f98c16948f73818d1c6e5c7db9b2474a825960bed97fc6ead97db0501bd65f3397bb7c52&projectId=fe020fd2-866a-4a1d-a9c3-87063544eb28

104.16.41.28

200 OK

46 kB

URL GET HTTP/2
fast.fonts.net/dv2/14/3ded7064-503f-4fa0-853b-9f7a2cf55f20.woff2?d44f19a684109620e4841571a390e818464d53007380443c77caecd356c9fd4641f9c04d94bfc72b184ba47bc8c51c8a55ac9003cd2116d745d6b10e8f8b3d7afbcb5183ee9fe5d49f49fc8b3481199965777afebd9ade27434ab5d7b8ca1510402906ef2b52db8a0215d78052e23a66dab3354ffc4a0b20150de79fb9fcb0ae5e733ada98f0d004f1513ecb1c4f6deccf186420f98c16948f73818d1c6e5c7db9b2474a825960bed97fc6ead97db0501bd65f3397bb7c52&projectId=fe020fd2-866a-4a1d-a9c3-87063544eb28
IP
104.16.41.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerGoogle Trust Services LLC
Subjectfonts.net
Fingerprint40:BB:71:39:9B:62:CA:2E:30:5E:D3:A9:33:D6:69:83:D8:1F:D0:57
ValidityThu, 04 Apr 2024 03:21:50 GMT - Wed, 03 Jul 2024 03:21:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45700, version 5.-8520
Size
46 kB (45700 bytes)
Hash
5c748c95a4f3afa6ec56540a6ddd1950
059374eaec96b1a23adf434aa9a24e057b32bbe3
81f5c60e6e440e4cb80660f27628e681a3b6b2449ac3206e9d9ff709a94d39d8

HTTP Headers

GET /dv2/14/3ded7064-503f-4fa0-853b-9f7a2cf55f20.woff2?d44f19a684109620e4841571a390e818464d53007380443c77caecd356c9fd4641f9c04d94bfc72b184ba47bc8c51c8a55ac9003cd2116d745d6b10e8f8b3d7afbcb5183ee9fe5d49f49fc8b3481199965777afebd9ade27434ab5d7b8ca1510402906ef2b52db8a0215d78052e23a66dab3354ffc4a0b20150de79fb9fcb0ae5e733ada98f0d004f1513ecb1c4f6deccf186420f98c16948f73818d1c6e5c7db9b2474a825960bed97fc6ead97db0501bd65f3397bb7c52&projectId=fe020fd2-866a-4a1d-a9c3-87063544eb28 HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.glaister.co.nz
DNT: 1
Connection: keep-alive
Referer: https://fast.fonts.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:06 GMT
content-type: application/octet-stream
content-length: 45700
x-amz-id-2: NBaYoLSvUrG0DoDNx84Mg8B8j3JN8OBrpweujkmfauxrnZw0SPl/QYWwfCzr3FtdBL16jGgv9BIdjfrFUJ2dZvmD0G/OrGFOoIZ5h7ZPldQ=
x-amz-request-id: M49CNDAHB5SEVC2B
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Fri, 13 Nov 2020 08:51:23 GMT
etag: "5c748c95a4f3afa6ec56540a6ddd1950"
x-amz-meta-mtime: 1459543939
x-amz-version-id: null
cf-cache-status: MISS
expires: Tue, 07 May 2024 21:48:06 GMT
cache-control: public, max-age=300
accept-ranges: bytes
set-cookie: __cf_bm=Uiqm1384UAokRXwH.PKEtC9i1MlZgD22HgFJvt8TfwE-1715118186-1.0.1.1-b4rK1lkWXRGRQNrF.Q5g3IsGcOH49Bon220p6VqBfIxqc0Ci2ca3me.JjvOTWwORpxdLllG17sHwdc4KmKw8bw; path=/; expires=Tue, 07-May-24 22:13:06 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 88046234ab498f63-CPH
X-Firefox-Spdy: h2

fast.fonts.net/dv2/14/367341fc-4cc6-4a79-89ad-d6c61561611e.woff2?d44f19a684109620e4841571a390e818464d53007380443c77caecd356c9fd4641f9c04d94bfc72b184ba47bc8c51c8a55ac9003cd2116d745d6b10e8f8b3d7afbcb5183ee9fe5d49f49fc8b3481199965777afebd9ade27434ab5d7b8ca1510402906ef2b52db8a0215d78052e23a66dab3354ffc4a0b20150de79fb9fcb0ae5e733ada98f0d004f1513ecb1c4f6deccf186420f98c16948f73818d1c6e5c7db9b2474a825960bed97fc6ead97db0501bd65f3397bb7c52&projectId=fe020fd2-866a-4a1d-a9c3-87063544eb28

104.16.41.28

200 OK

46 kB

URL GET HTTP/2
fast.fonts.net/dv2/14/367341fc-4cc6-4a79-89ad-d6c61561611e.woff2?d44f19a684109620e4841571a390e818464d53007380443c77caecd356c9fd4641f9c04d94bfc72b184ba47bc8c51c8a55ac9003cd2116d745d6b10e8f8b3d7afbcb5183ee9fe5d49f49fc8b3481199965777afebd9ade27434ab5d7b8ca1510402906ef2b52db8a0215d78052e23a66dab3354ffc4a0b20150de79fb9fcb0ae5e733ada98f0d004f1513ecb1c4f6deccf186420f98c16948f73818d1c6e5c7db9b2474a825960bed97fc6ead97db0501bd65f3397bb7c52&projectId=fe020fd2-866a-4a1d-a9c3-87063544eb28
IP
104.16.41.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerGoogle Trust Services LLC
Subjectfonts.net
Fingerprint40:BB:71:39:9B:62:CA:2E:30:5E:D3:A9:33:D6:69:83:D8:1F:D0:57
ValidityThu, 04 Apr 2024 03:21:50 GMT - Wed, 03 Jul 2024 03:21:49 GMT

File type
Web Open Font Format (Version 2), TrueType, length 45548, version 5.-8520
Size
46 kB (45548 bytes)
Hash
06d773c020eee0c1c3a899cf21f8471b
8d05f195cbb4dd1420566c253c26e787a7a61e7a
0f9d4c7b2dc986be0872e50513b807ba7097b50ab6fe8ff4cca6a2984400e91f

HTTP Headers

GET /dv2/14/367341fc-4cc6-4a79-89ad-d6c61561611e.woff2?d44f19a684109620e4841571a390e818464d53007380443c77caecd356c9fd4641f9c04d94bfc72b184ba47bc8c51c8a55ac9003cd2116d745d6b10e8f8b3d7afbcb5183ee9fe5d49f49fc8b3481199965777afebd9ade27434ab5d7b8ca1510402906ef2b52db8a0215d78052e23a66dab3354ffc4a0b20150de79fb9fcb0ae5e733ada98f0d004f1513ecb1c4f6deccf186420f98c16948f73818d1c6e5c7db9b2474a825960bed97fc6ead97db0501bd65f3397bb7c52&projectId=fe020fd2-866a-4a1d-a9c3-87063544eb28 HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.glaister.co.nz
DNT: 1
Connection: keep-alive
Referer: https://fast.fonts.net/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:06 GMT
content-type: application/octet-stream
content-length: 45548
x-amz-id-2: 9ceU/rsK52K0hzflIQj0LPQxZ+Yg4wL6nojJJnE/nmlKTehQCSBl7jC1HwVQh8y3q7qtSldbtzc=
x-amz-request-id: 5FTC1VJQQ1JK616W
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Fri, 13 Nov 2020 05:34:46 GMT
etag: "06d773c020eee0c1c3a899cf21f8471b"
x-amz-meta-mtime: 1504562659
x-amz-version-id: null
cf-cache-status: MISS
expires: Tue, 07 May 2024 21:48:06 GMT
cache-control: public, max-age=300
accept-ranges: bytes
set-cookie: __cf_bm=3D1AD4k_03nAYz_YTt.mnOHgQmZ.EqpQ5xywYKp7p_g-1715118186-1.0.1.1-Hzu23FOxhVp48sawzNAUF_cv2j2V_20tqtPFQOR1AYSPbiUyuc.rOKYTrcdbwmdB4FymwNJurmKNUz3xNgBfUQ; path=/; expires=Tue, 07-May-24 22:13:06 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 88046234ab508f63-CPH
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/Uploads/Temporary/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLGZhbHNlLDBd/home-expertise.jpg

103.253.193.2

200 OK

49 kB

URL GET HTTP/2
www.glaister.co.nz/assets/Uploads/Temporary/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLGZhbHNlLDBd/home-expertise.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 353x200, components 3
Size
49 kB (48623 bytes)
Hash
bc81b8fa28a48e3e838c004dae742264
9646a4ad2a213b7800fa35ff35d06526ff37379f
59b31305ebb7cca388c8e4444a65c482ce94beaeda0da92dab1a933609ceff0b

HTTP Headers

GET /assets/Uploads/Temporary/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLGZhbHNlLDBd/home-expertise.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 48623
last-modified: Fri, 18 Sep 2020 03:53:52 GMT
cache-control: max-age=604800, public
etag: "5f642f50-bdef"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/Uploads/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLCJ5IiwyMV0/Jack-and-Stephanie-Our-People.jpg

103.253.193.2

200 OK

61 kB

URL GET HTTP/2
www.glaister.co.nz/assets/Uploads/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLCJ5IiwyMV0/Jack-and-Stephanie-Our-People.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 353x200, components 3
Size
61 kB (61313 bytes)
Hash
d684b0237cea18e6005ae97176b0a5ee
8bf50e335634c1ec4c8e28ecaadf15d23001730c
1ce3329215421439468d0964238d010b543a393b4221cbfe6618a3cd4ac2c01b

HTTP Headers

GET /assets/Uploads/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLCJ5IiwyMV0/Jack-and-Stephanie-Our-People.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:05 GMT
content-type: image/jpeg
content-length: 61313
last-modified: Fri, 18 Sep 2020 03:53:52 GMT
cache-control: max-age=604800, public
etag: "5f642f50-ef81"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/Uploads/_resampled/ResizedImageWzYwLDYwXQ/Linked-in-gold.png

103.253.193.2

200 OK

1.6 kB

URL GET HTTP/2
www.glaister.co.nz/assets/Uploads/_resampled/ResizedImageWzYwLDYwXQ/Linked-in-gold.png
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced
Size
1.6 kB (1648 bytes)
Hash
07dd169cf4f001e25ea1368fe0e465a3
b9a5fa67992093ab84848bb062fee410104f763d
bcdd771d34b6d0649c36342775f44a58f284e0f269ecf1099d5d729781b71e0f

HTTP Headers

GET /assets/Uploads/_resampled/ResizedImageWzYwLDYwXQ/Linked-in-gold.png HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:05 GMT
content-type: image/png
content-length: 1648
last-modified: Fri, 18 Sep 2020 03:53:52 GMT
cache-control: max-age=604800, public
etag: "5f642f50-670"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/Uploads/Temporary/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLGZhbHNlLDBd/home-property.jpg

103.253.193.2

200 OK

88 kB

URL GET HTTP/2
www.glaister.co.nz/assets/Uploads/Temporary/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLGZhbHNlLDBd/home-property.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 353x200, components 3
Size
88 kB (88349 bytes)
Hash
f88edfd8513914c49bd822c4b21348a5
1ef4b9e5d40742e45e0e298acf328a05f12e5221
0e2209ab3921d8470ad7334f2ba3e1ff08bc63c351da3b4a59bce7a7c8715138

HTTP Headers

GET /assets/Uploads/Temporary/_resampled/CroppedFocusedImageWyIzNTMiLCIyMDAiLGZhbHNlLDBd/home-property.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:05 GMT
content-type: image/jpeg
content-length: 88349
last-modified: Fri, 18 Sep 2020 03:53:52 GMT
cache-control: max-age=604800, public
etag: "5f642f50-1591d"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/jslibrary/baselogin4.js

13.50.12.179

200 OK

294 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/jslibrary/baselogin4.js
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size
294 kB (293572 bytes)
Hash
2ce5edbc7226b192087f37bbd82df26b
ff6d82aaf15c941542d330067960cc8f9b5169e3
1daede9d9267074cf303dc13a3c366dd0f32d00bae4f3755bc66971a1ee11f37

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /jslibrary/baselogin4.js HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: application/x-javascript
x-sfdc-request-check: 2
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 15 Aug 2023 06:08:13 GMT
x-robots-tag: none
expires: Wed, 04 Sep 2024 21:43:01 GMT
referrer-policy: origin-when-cross-origin
cache-control: public,max-age=10368000
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
server: sfdcedge
x-sfdc-request-id: 13229b524e3f911e75d1ed3ad4831c90
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/Pen-edit.jpg

103.253.193.2

200 OK

233 kB

URL GET HTTP/2
www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/Pen-edit.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1440x360, components 3
Size
233 kB (233426 bytes)
Hash
08d7c1b6ccdaf1330556f01785d2f07a
e2875514870715ce8a90b5a044a84064765a2990
16bf8a442b30edc6de68ca756d187a928f07eea5992ce0a7386456277eb50063

HTTP Headers

GET /assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/Pen-edit.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 233426
last-modified: Thu, 23 Sep 2021 02:16:04 GMT
cache-control: max-age=604800, public
etag: "614be364-38fd2"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/Michaela-Mark-H-Annice.jpg

103.253.193.2

200 OK

329 kB

URL GET HTTP/2
www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/Michaela-Mark-H-Annice.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1440x360, components 3
Size
329 kB (328964 bytes)
Hash
4934b4f59b3c2d15cd431e79de94157c
480312be6796487640d066d72631f1880d15be0d
af68301711cb791bfeec8a9cdeaa1562018d3e245000433500c6bccd9c7bd19e

HTTP Headers

GET /assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/Michaela-Mark-H-Annice.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 328964
last-modified: Thu, 23 Sep 2021 02:14:22 GMT
cache-control: max-age=604800, public
etag: "614be2fe-50504"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIiwieSIsODBd/Header-Home-4.jpg

103.253.193.2

200 OK

327 kB

URL GET HTTP/2
www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIiwieSIsODBd/Header-Home-4.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1440x360, components 3
Size
327 kB (326558 bytes)
Hash
5e1fc682f518ec1853ad0253c25ab4f7
0d52639463539ac549e013407238c82860b735c7
02333ab99c0c870ca0b933006cc6c95e7cefa0e017799c09314461b19372db37

HTTP Headers

GET /assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIiwieSIsODBd/Header-Home-4.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 326558
last-modified: Fri, 18 Sep 2020 03:53:49 GMT
cache-control: max-age=604800, public
etag: "5f642f4d-4fb9e"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/SGH-client-meeting.jpg

103.253.193.2

200 OK

382 kB

URL GET HTTP/2
www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/SGH-client-meeting.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1440x360, components 3
Size
382 kB (382161 bytes)
Hash
1f44c912e16d5eb375719454f85e59bb
ec9d637a9128a3659622aefc1bfb74528f053c85
35e4c6924c13155cf8a8666928a1480aa5fb6dc56be43edd524bd2f93b557289

HTTP Headers

GET /assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/SGH-client-meeting.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 382161
last-modified: Thu, 23 Sep 2021 02:15:26 GMT
cache-control: max-age=604800, public
etag: "614be33e-5d4d1"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/jslibrary/LoginMarketingSurveyResponse.js

13.50.12.179

200 OK

429 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/jslibrary/LoginMarketingSurveyResponse.js
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)
Size
429 kB (428851 bytes)
Hash
0c0a416d5bc7eab54830d8de0e739802
6b9d6004c212a11be948f45cb199edae199d5aae
40212c839fbce16de085073e003f0e3173751f2e3ed8b3e756de3968361e9fb2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /jslibrary/LoginMarketingSurveyResponse.js HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: application/x-javascript
x-sfdc-request-check: 2
expires: Wed, 04 Sep 2024 21:43:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cache-control: public,max-age=10368000
vary: Accept-Encoding
last-modified: Tue, 15 Aug 2023 06:08:04 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
x-robots-tag: none
server: sfdcedge
x-sfdc-request-id: a7c6c0d6ba102965990e636e1752dfdb
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/s.gif

13.50.12.179

200 OK

7.8 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/s.gif
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
7.8 kB (7752 bytes)
Hash
a113acd2545e03a15162608431156482
dc93e4f233acf6753e3c621cede353df063f092f
802df9f0257a7d065c848948ec2edb4376decec683e3728b2bd348500f042e97

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /s.gif HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: image/gif
x-sfdc-request-check: 2
x-robots-tag: none
strict-transport-security: max-age=63072000; includeSubDomains
referrer-policy: origin-when-cross-origin
x-content-type-options: nosniff
last-modified: Tue, 27 May 2003 18:28:08 GMT
cache-control: public,max-age=10368000
expires: Wed, 04 Sep 2024 21:43:01 GMT
server: sfdcedge
x-sfdc-request-id: 045bbf41dc6b5c69105eaeaf1fe48229
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2

13.50.12.179

200 OK

28 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27580, version 1.0
Size
28 kB (27580 bytes)
Hash
3ccb7b03c77bb2a3e91f6a2fb4c211f8
ac4c4df3c4bcc636190e4f94c7a80b81158d0517
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2 HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://glaisterennor.my.salesforce.com/css/sfdc_210.css?v=2
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: font/woff2
x-sfdc-request-check: 2
x-content-type-options: nosniff
x-robots-tag: none
cache-control: public,max-age=10368000
referrer-policy: origin-when-cross-origin
last-modified: Fri, 24 Jul 2015 20:32:56 GMT
strict-transport-security: max-age=63072000; includeSubDomains
expires: Wed, 04 Sep 2024 21:43:01 GMT
server: sfdcedge
x-sfdc-request-id: 6adad399605855781c9bbad95b5aab91
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Light.woff2

13.50.12.179

200 OK

28 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Light.woff2
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27736, version 1.0
Size
28 kB (27736 bytes)
Hash
f4c092cda9a56b8e26cc307f208949b4
dac76c1196988545bc7c7609d609fdc58cf079e5
b7df2d6cb9d0ecda707a1de1302b3c9d9bda16247dc382e696579a8308d49771

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login/assets/fonts/SalesforceSans/SalesforceSans-Light.woff2 HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Referer: https://glaisterennor.my.salesforce.com/css/sfdc_210.css?v=2
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:02 GMT
content-type: font/woff2
x-sfdc-request-check: 2
expires: Wed, 04 Sep 2024 21:43:02 GMT
x-content-type-options: nosniff
cache-control: public,max-age=10368000
last-modified: Fri, 24 Jul 2015 20:32:55 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
x-robots-tag: none
server: sfdcedge
x-sfdc-request-id: 0579914bf3137b34899abacaaf6368ee
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/img/clear.png

13.50.12.179

200 OK

477 B

URL GET HTTP/2
glaisterennor.my.salesforce.com/img/clear.png
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size
477 B (477 bytes)
Hash
1cc6ffea5ac6b5c6e7d7b6b9b1a01e9f
a4fd54cc5e6cac7e5fee6f9832c817d5e58c7c10
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /img/clear.png HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: image/png
x-sfdc-request-check: 2
x-robots-tag: none
strict-transport-security: max-age=63072000; includeSubDomains
referrer-policy: origin-when-cross-origin
x-content-type-options: nosniff
last-modified: Thu, 21 May 2015 20:40:37 GMT
cache-control: public,max-age=10368000
expires: Wed, 04 Sep 2024 21:43:01 GMT
server: sfdcedge
x-sfdc-request-id: dc666b060102099197fd11f2244c999c
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

www.glaister.co.nz/themes/mytheme/combined/combined-1.js?m=1646287021

103.253.193.2

200 OK

201 kB

URL GET HTTP/2
www.glaister.co.nz/themes/mytheme/combined/combined-1.js?m=1646287021
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JavaScript source, ASCII text, with very long lines (1386)
Size
201 kB (200885 bytes)
Hash
df6214b5552f5c2b5991e4fb432cb2c1
db3b4d7be894b11f1113bad15c790d2977937ec7
bfdc62e84a717d4f2bcbd30dda4173ce9b35f3c1ae87d9164fcd87de97fb26dd

HTTP Headers

GET /themes/mytheme/combined/combined-1.js?m=1646287021 HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:05 GMT
content-type: text/javascript
last-modified: Thu, 03 Mar 2022 05:57:01 GMT
vary: Accept-Encoding
cache-control: max-age=604800, public
etag: W/"622058ad-310b5"
x-powered-by: PleskLin
content-encoding: gzip
X-Firefox-Spdy: h2

www.glaister.co.nz/

103.253.193.2

200 OK

19 kB

URL GET HTTP/2
www.glaister.co.nz/
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type

Size
19 kB (19302 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://glaisterennor.my.salesforce.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, X-Forwarded-Protocol
expires: Wed, 08 May 2024 21:43:04 GMT
cache-control: no-cache, no-store, must-revalidate, max-age=86400
last-modified: Tue, 07 May 2024 04:53:09 GMT
x-powered-by: PHP/5.6.40, PleskLin
content-encoding: gzip
X-Firefox-Spdy: h2

www.glaister.co.nz/themes/mytheme/combined/colorscheme-1-live.css?m=1600401292

103.253.193.2

200 OK

3.4 kB

URL GET HTTP/2
www.glaister.co.nz/themes/mytheme/combined/colorscheme-1-live.css?m=1600401292
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
ASCII text, with very long lines (3402), with no line terminators
Size
3.4 kB (3396 bytes)
Hash
032a78e0ddfbf3b938ccb83e4645daf1
cee6d0fe170fa0db9d9a5bd8189b9b43bc687203
22576b0820787dca544e378ee47997c782b0358475b13e5e4462942f8d303718

HTTP Headers

GET /themes/mytheme/combined/colorscheme-1-live.css?m=1600401292 HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: text/css
last-modified: Fri, 18 Sep 2020 03:54:52 GMT
vary: Accept-Encoding
cache-control: max-age=604800, public
etag: W/"5f642f8c-d44"
x-powered-by: PleskLin
content-encoding: gzip
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/

13.50.12.179

200 OK

9.3 kB

URL User Request GET HTTP/2
glaisterennor.my.salesforce.com/
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (9980), with no line terminators
Size
9.3 kB (9308 bytes)
Hash
1a8d8e54ba39465099fbb79346148b2b
93f91caf4c7851f7f9b7f0e79a24fe64c8e8e9af
08d2fee8a443a3222e5229f1b8032277172a458fccf1aa4fe551eba189e34534

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET / HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:00 GMT
content-type: text/html; charset=UTF-8
x-sfdc-request-check: 2
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
cache-control: no-cache,must-revalidate,max-age=0,no-store,private
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
content-security-policy: upgrade-insecure-requests, frame-ancestors 'none'
set-cookie: CookieConsentPolicy=0:1; path=/; expires=Wed, 07-May-2025 21:43:00 GMT; Max-Age=31536000; secure; SameSite=None
LSKey-c$CookieConsentPolicy=0:1; path=/; expires=Wed, 07-May-2025 21:43:00 GMT; Max-Age=31536000; secure; SameSite=None
BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; domain=.salesforce.com; path=/; expires=Wed, 07-May-2025 21:43:00 GMT; Max-Age=31536000
BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg; domain=.salesforce.com; path=/; expires=Wed, 07-May-2025 21:43:00 GMT; Max-Age=31536000; secure; SameSite=None
x-robots-tag: none
x-frame-options: DENY
expires: Thu, 01 Jan 1970 00:00:00 GMT
server: sfdcedge
x-sfdc-request-id: 12f8f1acbc4d01af399815a067837280
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

fast.fonts.net/t/1.css?apiType=css&projectid=fe020fd2-866a-4a1d-a9c3-87063544eb28

104.16.41.28

200 OK

0 B

URL GET HTTP/2
fast.fonts.net/t/1.css?apiType=css&projectid=fe020fd2-866a-4a1d-a9c3-87063544eb28
IP
104.16.41.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerGoogle Trust Services LLC
Subjectfonts.net
Fingerprint40:BB:71:39:9B:62:CA:2E:30:5E:D3:A9:33:D6:69:83:D8:1F:D0:57
ValidityThu, 04 Apr 2024 03:21:50 GMT - Wed, 03 Jul 2024 03:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/1.css?apiType=css&projectid=fe020fd2-866a-4a1d-a9c3-87063544eb28 HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://fast.fonts.net/cssapi/fe020fd2-866a-4a1d-a9c3-87063544eb28.css
Cookie: __cf_bm=RfXQTme3bCl7IFKQGn2xsdTmTSUVksCN1CtebLA58aQ-1715118185-1.0.1.1-CbdT0zHjZScAhxBorumjQ5VZ85krk8.mqr.Ii2EP7FOsPyMfUwafqKolFrRGcV_y_1kMuQ9Ns4aiwxg2ip3JTQ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:05 GMT
content-type: text/css; charset=utf-8
content-length: 0
x-amz-id-2: uzs0+UHc8UGAzZ8VPvjKCgBusygpLONZMFjJ4khFY73PhU+lpx4hWfv/3rkc1llRI2Ff7JipMDSh+VuZs6GV0n8w7PjHMhnxwsWo6e2MPCM=
x-amz-request-id: M4979HYB651TRJQA
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
etag: "d41d8cd98f00b204e9800998ecf8427e"
cache-control: public, max-age=0, s-maxage=604800
x-amz-meta-mtime: 1519217722
x-amz-version-id: null
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 88046231b91d8f63-CPH
X-Firefox-Spdy: h2

fast.fonts.net/cssapi/fe020fd2-866a-4a1d-a9c3-87063544eb28.css

104.16.41.28

200 OK

18 kB

URL GET HTTP/2
fast.fonts.net/cssapi/fe020fd2-866a-4a1d-a9c3-87063544eb28.css
IP
104.16.41.28:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerGoogle Trust Services LLC
Subjectfonts.net
Fingerprint40:BB:71:39:9B:62:CA:2E:30:5E:D3:A9:33:D6:69:83:D8:1F:D0:57
ValidityThu, 04 Apr 2024 03:21:50 GMT - Wed, 03 Jul 2024 03:21:49 GMT

File type
ASCII text, with very long lines (2485), with CRLF line terminators
Size
18 kB (18091 bytes)
Hash
f984d1d541d49ae5a02d44d63668a147
40315bc4995213cca2b386aaad2f51b5faef5d62
a57fde5886bc38127ab1ff4e9e8a482afccdbdb72ffb7306da9045e2c4b7f44b

HTTP Headers

GET /cssapi/fe020fd2-866a-4a1d-a9c3-87063544eb28.css HTTP/1.1
Host: fast.fonts.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:05 GMT
content-type: text/css; charset=utf-8
x-amz-id-2: w7v5CK38Jvtjlvi8RPeuguLGGtHo8Pi6YxH8fIp6gdIOKk9vGVRv2kpWLUehTapMFsmbmAtfmZAopTuVjIlxZNSVvknSjvdQFko8dz/w4vM=
x-amz-request-id: M496HSKDQ8D6MNFV
last-modified: Thu, 18 Feb 2021 04:15:57 GMT
etag: W/"f984d1d541d49ae5a02d44d63668a147"
x-amz-meta-mtime: 1510813464
x-amz-version-id: null
cf-cache-status: MISS
expires: Tue, 07 May 2024 21:48:05 GMT
cache-control: public, max-age=300
set-cookie: __cf_bm=RfXQTme3bCl7IFKQGn2xsdTmTSUVksCN1CtebLA58aQ-1715118185-1.0.1.1-CbdT0zHjZScAhxBorumjQ5VZ85krk8.mqr.Ii2EP7FOsPyMfUwafqKolFrRGcV_y_1kMuQ9Ns4aiwxg2ip3JTQ; path=/; expires=Tue, 07-May-24 22:13:05 GMT; domain=.fonts.net; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 8804622f1f058f63-CPH
content-encoding: gzip
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/jslibrary/LoginHint208.js

13.50.12.179

200 OK

20 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/jslibrary/LoginHint208.js
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
ASCII text, with very long lines (563)
Size
20 kB (20453 bytes)
Hash
f1b06a808e5910093e3a8ecd1c70d695
d6ea29b885998bd24811333f6ceaffce42400f7d
b4e09e04175d3fc81542f40d4d227db48c6199f93ca2737a1ce91e9e57865dff

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /jslibrary/LoginHint208.js HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: application/x-javascript
x-sfdc-request-check: 2
x-robots-tag: none
last-modified: Thu, 01 Feb 2024 18:09:51 GMT
strict-transport-security: max-age=63072000; includeSubDomains
referrer-policy: origin-when-cross-origin
content-encoding: gzip
x-content-type-options: nosniff
vary: Accept-Encoding
cache-control: public,max-age=10368000
expires: Wed, 04 Sep 2024 21:43:01 GMT
server: sfdcedge
x-sfdc-request-id: e3fc65aa1cbb582cb324fdcb6ab2e800
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

www.glaister.co.nz/themes/mytheme/combined/logocpafillbda45ecpbfill404041sc1.svg

103.253.193.2

200 OK

23 kB

URL GET HTTP/2
www.glaister.co.nz/themes/mytheme/combined/logocpafillbda45ecpbfill404041sc1.svg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
SVG Scalable Vector Graphics image
Size
23 kB (23176 bytes)
Hash
0d0a42233f2fcc23ce90ddd7cfe963f3
208abe551ebc00c2572f95871d611d248ca9cee5
cbe394cb7ef9f19b1b8db38df28bd4cba91748712131a4d199cff18332a65407

HTTP Headers

GET /themes/mytheme/combined/logocpafillbda45ecpbfill404041sc1.svg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/svg+xml
last-modified: Fri, 18 Sep 2020 03:54:53 GMT
vary: Accept-Encoding
cache-control: max-age=604800, public
etag: W/"5f642f8d-5a88"
x-powered-by: PleskLin
content-encoding: gzip
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIiwieSIsMF0/GE-Partners-UPDATED.jpg

103.253.193.2

200 OK

292 kB

URL GET HTTP/2
www.glaister.co.nz/assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIiwieSIsMF0/GE-Partners-UPDATED.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1440x360, components 3
Size
292 kB (291785 bytes)
Hash
cfef18983b24650c3a135dccae7acc9a
9fee1b3788f8da93827ead0501e8e85d88a1b81e
955e9faf3bcd5b17308a5df12c298ed7b96f9e1c94f7088ff114daeb3ce396ad

HTTP Headers

GET /assets/HeaderSlides/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIiwieSIsMF0/GE-Partners-UPDATED.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 291785
last-modified: Fri, 01 Oct 2021 02:34:33 GMT
cache-control: max-age=604800, public
etag: "615673b9-473c9"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

www.glaister.co.nz/assets/Uploads/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/GE-WEB-UPDATE-HR-PANO.jpg

103.253.193.2

200 OK

428 kB

URL GET HTTP/2
www.glaister.co.nz/assets/Uploads/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/GE-WEB-UPDATE-HR-PANO.jpg
IP
103.253.193.2:443
ASN
#38719 Dreamscape Networks Limited

Requested by
https://www.glaister.co.nz/
Certificate
IssuerLet's Encrypt
Subjectglaister.co.nz
Fingerprint52:11:03:E1:AA:FD:F5:B1:87:53:65:FC:78:5E:1A:A2:54:BE:3F:8D
ValidityWed, 20 Mar 2024 04:38:55 GMT - Tue, 18 Jun 2024 04:38:54 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 1440x360, components 3
Size
428 kB (428225 bytes)
Hash
a7f0c0406c7e3ecb91785babf0162c8f
762d345238b5806b5dbe99d3dd43d155252b176b
49f473d945f583c692a070e27151d71d0a01438de3ce9dd075c5b294682c6849

HTTP Headers

GET /assets/Uploads/_resampled/CroppedFocusedImageWyIxNDQwIiwiMzYwIixmYWxzZSwwXQ/GE-WEB-UPDATE-HR-PANO.jpg HTTP/1.1
Host: www.glaister.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Tue, 07 May 2024 21:43:04 GMT
content-type: image/jpeg
content-length: 428225
last-modified: Thu, 17 Mar 2022 21:23:10 GMT
cache-control: max-age=604800, public
etag: "6233a6be-688c1"
x-powered-by: PleskLin
accept-ranges: bytes
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/jslibrary/SfdcSessionBase208.js

13.50.12.179

200 OK

16 kB

URL GET HTTP/2
glaisterennor.my.salesforce.com/jslibrary/SfdcSessionBase208.js
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (575)
Size
16 kB (16252 bytes)
Hash
eede1b37a00f77c1143e618cf980b866
95388a2520cd89b8c9a837a336688520dee7ef45
680ee03715036c635c33fdd03f1ba69538ed2af3f569e2cc901c937653f90f06

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /jslibrary/SfdcSessionBase208.js HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:01 GMT
content-type: application/x-javascript
x-sfdc-request-check: 2
expires: Wed, 04 Sep 2024 21:43:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
cache-control: public,max-age=10368000
vary: Accept-Encoding
last-modified: Tue, 15 Aug 2023 06:08:09 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
x-robots-tag: none
server: sfdcedge
x-sfdc-request-id: 3d802fa8f1a7474b8571a36f79ad13ac
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.6.2/css/font-awesome-css.min.css

104.21.27.152

200 OK

28 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.6.2/css/font-awesome-css.min.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (28274)
Size
28 kB (28275 bytes)
Hash
95e795396dad96cf9d858440a3507715
3e4fd0035a4968f0143ef1f3b4d979a107ed25b7
4bacd81e6150c0d6b49e7e302971b5b5865e43751b7fabb8b3756ef1e6dbac09

HTTP Headers

GET /releases/v4.6.2/css/font-awesome-css.min.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/e4d1c6444a.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:05 GMT
content-type: text/css
cache-control: max-age=31556926
etag: W/"95e795396dad96cf9d858440a3507715"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 610256
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZE02cUmewfH7UVDNZL99XFyt6mc9Fmx9uhUVS9l8GkU5FxXJSeA0pxvXaANz7rq0rHKvVm1Fgl33RE%2F6VBgnL4e7L81LDZmmag%2FiLOKeVADZE82OIhxxksuseJKT7sG3XpHR65W"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8804623289550b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/webfontloader/1.6.24/webfontloader.js

104.21.27.152

200 OK

12 kB

URL GET HTTP/2
use.fontawesome.com/webfontloader/1.6.24/webfontloader.js
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (2134)
Size
12 kB (12493 bytes)
Hash
9064ce12d2c81f68123c93bc1a8b0cad
44a3a4a8cbd7a3a77d4a7314d9d2b9d28a3fb56a
2711b037e078e306e59765e9fc22d9f86867eb26af8c6af72d864a1c52bed8ac

HTTP Headers

GET /webfontloader/1.6.24/webfontloader.js HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:04 GMT
content-type: application/x-javascript
cache-control: max-age=31556926
etag: W/"9064ce12d2c81f68123c93bc1a8b0cad"
last-modified: Fri, 22 Sep 2023 01:46:36 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 4318
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iN%2Bq0WPKHEMcLcqvdZ3PAb8kdxDQlDd0wuMG4tF%2BAMWH1tVWdbHrM%2BS2msr6uoUKvvH61VF6mj6NDeOlf1FqMbQFbaOwR7NFJ2xV8A9T0UkVYal7X2ebpNGKBTO2QSZfCavWAobI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880462302ef10b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/e4d1c6444a.css

104.21.27.152

200 OK

1.0 kB

URL GET HTTP/2
use.fontawesome.com/e4d1c6444a.css
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (1054), with no line terminators
Size
1.0 kB (1033 bytes)
Hash
0fd7d4aa18cf6ab3de77056d4d50a802
ce69fc08a4c1974694ccf1fb015d827f0cddbaf7
c8e514f51f477b97dbcc1ee89e1380e9e3ad9b9662b12413315eb1e53e297013

HTTP Headers

GET /e4d1c6444a.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.glaister.co.nz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:05 GMT
content-type: text/css
etag: W/"b2e035a5bbe42b68e8d16c5e6417f79f"
last-modified: Fri, 22 Sep 2023 01:35:49 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u6qUCue8k3I24SKkjXvA3OJpQRHjbGsljuv4cuzZSunKn%2BCudtWN6kkthazEb%2Bi7eFtQzBXkQeGjl1iqvhffFmnSRM6GIdbevGafP9qfGToS9fmHb7p1%2FwmzW4r3tC5DLy22Mnld"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 880462304f090b65-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v4.6.2/fonts/fontawesome-webfont.woff2

104.21.27.152

200 OK

72 kB

URL GET HTTP/2
use.fontawesome.com/releases/v4.6.2/fonts/fontawesome-webfont.woff2
IP
104.21.27.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://www.glaister.co.nz/
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 71760, version 4.393
Size
72 kB (71760 bytes)
Hash
a1a450ea331a3fc89e867ecad963b6b2
ee59197f63a2c4c7b7f2ae135a745202235de8d4
2932abf996373e87fbf2e950876b1962f1b57db954a1643ea68831d9fbb74da4

HTTP Headers

GET /releases/v4.6.2/fonts/fontawesome-webfont.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.glaister.co.nz
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:05 GMT
content-type: application/octet-stream
content-length: 71760
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "a1a450ea331a3fc89e867ecad963b6b2"
last-modified: Fri, 22 Sep 2023 01:44:05 GMT
vary: Origin, Accept-Encoding
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BLFTP0YVT9b4%2F3S8JK6%2FfSjh%2BtWQVfVEq54EF2Ff7CNdyDln0i0qOsIGrUQq4QQAgOV0YnrIAplWXjUZwtjNNLYlUZXJ91I4eH%2BHfS2ialQhnCPO5bHytwSDDbwwx0MIfzjSlsJD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88046232b97d0b65-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

glaisterennor.my.salesforce.com/img/icon/capslock_blue.png

13.50.12.179

200 OK

549 B

URL GET HTTP/2
glaisterennor.my.salesforce.com/img/icon/capslock_blue.png
IP
13.50.12.179:443
ASN
#16509 AMAZON-02

Requested by
https://glaisterennor.my.salesforce.com/
Certificate
IssuerDigiCert Inc
Subjectsfdc-cehfhs.edge.my.salesforce.com
Fingerprint9A:38:EE:34:65:EC:F2:D5:C1:DA:AD:81:65:7B:6B:A5:EC:8C:D2:54
ValiditySun, 11 Feb 2024 00:00:00 GMT - Mon, 10 Feb 2025 23:59:59 GMT

File type
PNG image data, 33 x 43, 8-bit/color RGBA, non-interlaced
Size
549 B (549 bytes)
Hash
0b76cfe389e0720a22e73e9a1f63351f
c3f0a7e6547e3997f8c9574a011005de748181ee
1f21e5aca5794286008ff7bd98038e525e047e36490747681a6ea396a52fd24b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /img/icon/capslock_blue.png HTTP/1.1
Host: glaisterennor.my.salesforce.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://glaisterennor.my.salesforce.com/
DNT: 1
Connection: keep-alive
Cookie: CookieConsentPolicy=0:1; LSKey-c$CookieConsentPolicy=0:1; BrowserId=xj3kzQy6Ee-_JoEEFrkcRg; BrowserId_sec=xj3kzQy6Ee-_JoEEFrkcRg
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 07 May 2024 21:43:03 GMT
content-type: image/png
x-sfdc-request-check: 2
expires: Wed, 04 Sep 2024 21:43:03 GMT
x-content-type-options: nosniff
cache-control: public,max-age=10368000
last-modified: Tue, 04 Apr 2023 21:01:52 GMT
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=63072000; includeSubDomains
x-robots-tag: none
server: sfdcedge
x-sfdc-request-id: e3fc2277c5ea2424b68d982acd8957b4
x-sfdc-edge-cache: MISS
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (20)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML