| com1.sa.com/assets/images/ehl.png |  104.21.55.24 | | 6.5 kB |
URL com1.sa.com/assets/images/ehl.png IP104.21.55.24:0
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hashe19cb0a8ff7940341fe40ed00dada53c 6c298785abc2f256b1c1f44a211892ef73950ae0 324dfccf399348f7a1c9351a4ee814e21a37bc98895d55009b43dc1cfd1e39ba
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /assets/images/ehl.png HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/png
content-length: 6512
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "662a5acc-1970"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKOkALEolzVdivX1YcWEYHMHYVn27NAJ3HVQ5YBZmDv3O%2BYPHlJZzToooTUXkuNI9gKISbB6BNNHlVhKCmdeSD%2FZTKeCbboe3kNkTjiwZ8Aq%2FHTnheDaU6Qfra1PTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194acde6d56a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/assets/images/fdic.png | 104.21.55.24 | | 6.3 kB |
URL com1.sa.com/assets/images/fdic.png IP104.21.55.24:0
File typePNG image data, 200 x 200, 8-bit colormap, non-interlaced Hash1f216d4d130a1157674345d7c20e20b3 b4676bf182ac9cfe51aaf6d0709e5dfc591a3ae6 944f5f59fb5cff5bcfa135c92c8424dc678ef747a6114fbf926a59a2b07593c5
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /assets/images/fdic.png HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/png
content-length: 6323
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "662a5acc-18b3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0elK1%2BFdI9PNp1xRBXDQl85%2B2CwMV3%2BnHYG3gkgSsXeDUkjOjugyP7OYWHdQ%2BnkM5SrI2sEPdshEYP9SZ%2Fuz65m6%2Bab9zbAnSThmzQyZD4mwzgG1xS09ERdEoQ0jcg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194acde6c56a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/Heebo-Thin.5740d8571ba2c17c.woff2 | 104.21.55.24 | 200 OK | 28 kB |
URL GET HTTP/3com1.sa.com/Heebo-Thin.5740d8571ba2c17c.woff2 IP104.21.55.24:443
Requested byhttps://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE CertificateIssuerLet's Encrypt Subjectcom1.sa.com Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 27808, version 1.0 Hashcf1c3a336717c93381070d238c90f782 d663d5b077c06d4bc1b8bdfe28657147bd77256a 0201b5d83335daa6995cb96075f758bb09b8ada45a736462adbc3a28f833afef
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /Heebo-Thin.5740d8571ba2c17c.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 27808
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6ca0-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=23Zw7ny1Nf%2FmtlLvrPAVVz36tPZRoGSrXHJsLTr7dcYfGOkNmN8dYSyVACwiLifKnmTB70j5jhWR%2FiDZ%2BWOVvM2m9aq09ITWSwY7vu5Qve8b1V5zhSi8IPGSkM%2Bj%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194addf2b56a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/login_files/styles.330d80deccf75709.css | 104.21.55.24 | | 46 kB |
URL com1.sa.com/login_files/styles.330d80deccf75709.css IP104.21.55.24:0
File typeASCII text, with very long lines (65536), with no line terminators Hash0159e1a8e243f244267f294ce8e8454a 44c033e7e94693674eaa6e79604325cd94b332a2 f0629367675eb8c0b7ef8121abb171165308fdd1bb733ddd90feaec5be6c9440
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /login_files/styles.330d80deccf75709.css HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: text/css
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-18842"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pVdYC3bKH8ER7zdSzrGxy%2B9qMXdNnd9bGBJnVwzUB6t%2BRDZKXvXcjizICNLNHSRrG5Jsroiu9MyCpvkURd0Ef2Ag3hFGeBG2jNnDH6Bel96E5TvOAjsiog5trCB0w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194acce6356a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/login_files/Logo_Master-Reverse(1).svg | 104.21.55.24 | | 30 kB |
URL com1.sa.com/login_files/Logo_Master-Reverse(1).svg IP104.21.55.24:0
File typeSVG Scalable Vector Graphics image Hash40b143e8df1729e28fb51892bf616869 89b0f99da6dad9f0fcbe630c0464fc4202a2b2b2 ffd9ff2db1d4f657baef24792853db2531420f99fd72a5082bee30e45fd94faf
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /login_files/Logo_Master-Reverse(1).svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uO0PDT3758f7tEHBS7ynizs4FSG218mlWlpgvI7Ma2Tn1dyCulKt9tbLZV%2Bw12BM5rhso7m%2BPzGo3gxL80Zg7cu9Rj3lehThMK%2FLrVzKRSm0NjjhF9PKw0q63bEhSg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194acde6a56a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/assets/images/Logo_Master.svg | 104.21.55.24 | | 49 kB |
URL com1.sa.com/assets/images/Logo_Master.svg IP104.21.55.24:0
File typeSVG Scalable Vector Graphics image Hashc276fcbd485a351f9b974291aa9766cc d738543926c1ad7ed84c5c8a7cd91c3d27c24ff5 173b383e44552749ccaec1b80f7a4c8915270f8eed8741d8d33c12807f5f83af
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /assets/images/Logo_Master.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-ef4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5CKHk3t4QYpsX5SraGMpBmkdKVqobg74a8vqJhznBMxnKPG59gvgdwV9j19Kb%2B2QUxIM2PFm2%2Btk8pXUIt%2F3nlHZMkTJJIxQhpRnoniV84u0Ab%2BW4r1niHGD7iCfjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194acde6856a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/Heebo-Light.b37fd88770249dfa.woff2 | 104.21.55.24 | 200 OK | 28 kB |
URL GET HTTP/3com1.sa.com/Heebo-Light.b37fd88770249dfa.woff2 IP104.21.55.24:443
Requested byhttps://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE CertificateIssuerLet's Encrypt Subjectcom1.sa.com Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28476, version 1.0 Hash400e8b71de50f49b7b0d8677fd9d81de 9303146a35fff66540170a40ff33b0ea29a0ba79 207ee410a833bdc6e9258c826ce60b8cb26471e6fac689e18d8ea8c7c5a9b585
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /Heebo-Light.b37fd88770249dfa.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28476
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6f3c-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7tDkBRnJKpY4DeixhtmyLkgH32iRWWqWjRWPCHcUwRG3CH38Q1oS6liTiak2WhzNo7smd2a%2B8b7NcbTrxs0CWRs6qAWCFjdedquhA9ylLZCe8qqXZKLpV4s9CIYuXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194addf2d56a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/Heebo-Bold.acf14f737f7438f7.woff2 | 104.21.55.24 | | 29 kB |
URL com1.sa.com/Heebo-Bold.acf14f737f7438f7.woff2 IP104.21.55.24:0
File typeWeb Open Font Format (Version 2), TrueType, length 28560, version 1.0 Hashf7bc99b64b780c65fc75a44644084a6e fb0e3ded3e6072c86a3e86f94695e2576f9758f5 f2e10df61c61ac80916ace8bb9d8166788127143cfb9f189e8c3daff7727c96d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /Heebo-Bold.acf14f737f7438f7.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28560
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6f90-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DOuE28yZDu0D0n7GUYr0B9yURRKjaIVZXX%2F89ZX1wL8wVsDRLl%2BbTT6yehDz6gJ2zuMwwxKDiPbTOvuIU6aseENUAiNloHKPNQy6Ar7VhyUkHofFgpDFmqzA9mCWqA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adef3056a8-OSL
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F | 104.21.55.24 | | 62 kB |
URL com1.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F IP104.21.55.24:0
File typeJavaScript source, ASCII text, with very long lines (65451) Hashdc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
etag: W/"15d84-616ebc8028d40-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QkWe9MJVzvvhJBCkxaqoe%2FMlqGakyWX57EIIZ%2F6INO1eQcAOaoScdfy7WrPN8LgYDiFOtOOaLSw%2B1N4V3Qrus1bvS966QTiGOt67By8a4ekA8VTSxeT9rYkZ8Fy9jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194acee7b56a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE | 104.21.55.24 | | 43 kB |
URL com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE IP104.21.55.24:0
File typeHTML document, ASCII text, with very long lines (25799) Hash06d1cc9ea32b52fc24745162572855d7 937e8125a480e690397495b9e73f11f3e251fe87 7a9bf214f197623d8767bf5f2a1430cb9701994bf1c2b08a82a3da4dd8d2e8c4
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=edMZ7dutW29Dx0y1Gsm9BNFLVzdmPsDf5vrX8o5Kok8m5uuEBJksuafTv8G961Sq0doAbtuJkkxiIgzr5zQo1q31t9Ttz8Wx9Rbc1OSzgcECy%2F7dyUi%2ByLvlC%2BZNhQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ab9db156a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| com1.sa.com/assets/images/minimize_icon.svg | 104.21.55.24 | 200 OK | 242 B |
URL GET HTTP/3com1.sa.com/assets/images/minimize_icon.svg IP104.21.55.24:443
Requested byhttps://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE CertificateIssuerLet's Encrypt Subjectcom1.sa.com Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT
File typeSVG Scalable Vector Graphics image Hashf6e33203dd67db19508d0e5656bbd5fe f5c5ee14c4dde28a2e0655d9c02a4f71b8c346df 6fb609f6b9760747b55fa262330106b254cf160689958948fc64fe9fecfadb2c
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /assets/images/minimize_icon.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: W/"662a5acc-f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BxCi0oBPRtfxL%2B9%2FnXxSUZMaS7MMNT590jV2MKYUn1lCde8rJDbyHpfmLDJF%2BOf7lTmCl73oTkqGukysFgonZ%2FEBb9g0w5BJUUx0IOQc7qLIQ6ENPfR%2BY0%2F2ds%2BiKA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194acde6e56a8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| com1.sa.com/Heebo-Medium.8df563692fcd9fd0.woff2 | 104.21.55.24 | 200 OK | 29 kB |
URL GET HTTP/3com1.sa.com/Heebo-Medium.8df563692fcd9fd0.woff2 IP104.21.55.24:443
Requested byhttps://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE CertificateIssuerLet's Encrypt Subjectcom1.sa.com Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 28596, version 1.0 Hashe1ec2e8632e031aaacebf19c22be7f94 5f477c6850c9623b37ca85115005bc8e17c99a32 6b0775312a70463baadc76ad84f408bf91b13da73fd1b2df4ea62233484d5a1e
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Salesforce |
GET /Heebo-Medium.8df563692fcd9fd0.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7KGMt6jehQMVxdQWBR0XTQp7EAMYASAAEgL4wPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28596
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6fb4-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0zPPIw5a%2BOtr%2BPAk54HmSJEIhIqUlhbjkXgPsBhChu3j%2BhU%2Bb%2BL%2BI2Q73UPrd%2FVf%2FN2XtB0w2QyQlYJm6%2Bqpb3rYRvXEUR0x2k68Mrnf7xdwhnyDAvKGUUQEBberA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adcf2556a8-OSL
alt-svc: h3=":443"; ma=86400
|
|