Report - gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD

Report Overview

Submitted URL
gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
IP
104.21.91.206
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-27 10:25:02
Access
public
Website Title
Sign in
Final URL
gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Tags
salesforce phishing
urlquery detections
Phishing - Salesforce

Detections

urlquery
22
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gova.sa.com	unknown	unknown	No data	No data	11 kB	737 kB	172.67.179.90

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE	66 B	2024-04-25	2024-05-05
Pretty URL gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE IP 172.67.179.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 19:26:45 Last Seen2024-05-05 17:02:33 Times Seen214 Hash 019761e8efe5d7919cbb7399fae175e7 cb7725f33aa9f5ad2110cedf2e4f3f176aa36f04 103366b273d7a300655a3434bf24b7ebaacab559455a0528a03d77a98fee9eeb Loading...

	unknown	16 B	2023-04-12	2024-05-08
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-12 12:16:03 Last Seen2024-05-08 23:54:21 Times Seen868 Hash f68a36abd71ae82677dd3c95dcfd9401 46a4b43ec98d6a1be16d06cfbcfadc3d3cc0c9bf 931f0c77f754571896c47d313437c8fb48d8f92e04bf626b8b78c11b8aeb9bd1 Loading...

	gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE	7.2 kB	2024-04-25	2024-05-05
Pretty URL gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE IP 172.67.179.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 19:26:45 Last Seen2024-05-05 17:02:33 Times Seen214 Hash 05e269de8b057f00127794d91023ad9f 3d59540fd4f144693ac2fb2c11feb89077973308 50f2396fdf540c79e08d6a91390f73f3f89b7864b55a47b18d363cfe1324a25c Loading...

	gova.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F	90 kB	2023-03-07	2024-05-09
Pretty URL gova.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F IP 172.67.179.90 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-09 17:13:51 Times Seen142940 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (21)

URL IP Response Size

gova.sa.com/assets/images/fdic.png

172.67.179.90

200 OK

6.3 kB

URL GET HTTP/3
gova.sa.com/assets/images/fdic.png
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
6.3 kB (6323 bytes)
Hash
1f216d4d130a1157674345d7c20e20b3
b4676bf182ac9cfe51aaf6d0709e5dfc591a3ae6
944f5f59fb5cff5bcfa135c92c8424dc678ef747a6114fbf926a59a2b07593c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/fdic.png HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/png
content-length: 6323
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "662a5acc-18b3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tKMZaUZVfzZTaGJgUdCJj9e6GniyMU0Sb5Rj2KuQM24kAp%2BYXetuJvCmAUKTYMs4aC0Cy3B1kcF0w1CK0RY%2F1yzTY4JwgIS2SFAjYQmMC0BVccUP9vEB8eDzD4JTaA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a931c1256cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/assets/images/ehl.png

172.67.179.90

200 OK

6.5 kB

URL GET HTTP/3
gova.sa.com/assets/images/ehl.png
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
6.5 kB (6512 bytes)
Hash
e19cb0a8ff7940341fe40ed00dada53c
6c298785abc2f256b1c1f44a211892ef73950ae0
324dfccf399348f7a1c9351a4ee814e21a37bc98895d55009b43dc1cfd1e39ba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/ehl.png HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/png
content-length: 6512
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "662a5acc-1970"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s68HQQxV7EtiHp01v%2F80PZsl%2FUoYw2TrxrmjC9BCdMiFD1YjoDGiMRi9R2kKQhDiHEpIB7XXIryoQObAKB%2F9xsVVkhCdxEI4z49FoqR4uuEKQjCMYvEtFxgDp%2FX3aA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a931c1556cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/Heebo-Regular.f807eddb777f8cc0.woff2

172.67.179.90

200 OK

29 kB

URL GET HTTP/3
gova.sa.com/Heebo-Regular.f807eddb777f8cc0.woff2
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28632, version 1.0
Size
29 kB (28632 bytes)
Hash
0ec52131c89aec5adb27d61223543ced
ec24f7cf191c89d67076361a5449cff46b81570e
c8eaf794d7920f0d958001cab7b9c403efb89217b4d5c3ad648de792bc590bff

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Regular.f807eddb777f8cc0.woff2 HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-length: 28632
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6fd8-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=glq2NuoRfzL5vmunYX0SvpDlTZx86A1NQ0Tetxo5RwSEJdDZsHHRSL4RD1ZEWYN1p6XYp5khWPh633EbLcQFoLi0hMpA1c4xyIKIRNBg7FW015Wl%2FpPxCf09E9QKrA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a93bc9f56cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/capco-icon-fonts.e3dce399bcb18ec3.woff

172.67.179.90

200 OK

47 kB

URL GET HTTP/3
gova.sa.com/capco-icon-fonts.e3dce399bcb18ec3.woff
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
Web Open Font Format, TrueType, length 47132, version 0.0
Size
47 kB (47132 bytes)
Hash
bdd2d7e7a2b19da123e3dd0aa2b6ba13
336b4abd79c8aa3f658c359e33bc5581955b72ad
a6752fc2e494367dabaf484e095493fb7865ff58800abfc71123dc282d95b4f3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /capco-icon-fonts.e3dce399bcb18ec3.woff HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: application/font-woff
content-length: 47132
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "b81c-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vXDaGXl5zdRGIw3lJoRESp4OF6IRy6JmJxwTqfsz4pf4qFiAPJWUGhw21GqdK0jdFiFMjZ%2BSe5i4UNtaPN%2BU4YGUgE9a0FaWavvrtQvqvEauN5nhHbrrWZS1Ys7gTA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a93dcd056cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/Heebo-Medium.8df563692fcd9fd0.woff2

172.67.179.90

200 OK

29 kB

URL GET HTTP/3
gova.sa.com/Heebo-Medium.8df563692fcd9fd0.woff2
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28596, version 1.0
Size
29 kB (28596 bytes)
Hash
e1ec2e8632e031aaacebf19c22be7f94
5f477c6850c9623b37ca85115005bc8e17c99a32
6b0775312a70463baadc76ad84f408bf91b13da73fd1b2df4ea62233484d5a1e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Medium.8df563692fcd9fd0.woff2 HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-length: 28596
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6fb4-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gaI3ut%2BNgyNdvIkLEVzl3Q5zM%2FYSYvS%2BvkSKKdNIH2myp2jhUqFUEaK%2BfYleAoOzpwhn3MdNDD%2B06IIpWRXQigT9fo9VZedx7eq6sF9b9NqCr0QMuVtj9oy%2FNbLKxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a93ece056cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/Heebo-Light.b37fd88770249dfa.woff2

172.67.179.90

200 OK

28 kB

URL GET HTTP/3
gova.sa.com/Heebo-Light.b37fd88770249dfa.woff2
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28476, version 1.0
Size
28 kB (28476 bytes)
Hash
400e8b71de50f49b7b0d8677fd9d81de
9303146a35fff66540170a40ff33b0ea29a0ba79
207ee410a833bdc6e9258c826ce60b8cb26471e6fac689e18d8ea8c7c5a9b585

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Light.b37fd88770249dfa.woff2 HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-length: 28476
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6f3c-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SBJomy%2FSa%2BL9432o3h%2BkTCpmHrgllpx%2BopJ6wYVEatr8lOu%2Fnye2QTxJQjJ8PPU2r%2BoXqtrp%2Fu%2BC30TCyWF5wvj1vzd%2FlrmXOCiN%2FT4scytt9X2OwRKbtjyv%2FveEsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a93ece456cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/Heebo-Thin.5740d8571ba2c17c.woff2

172.67.179.90

200 OK

28 kB

URL GET HTTP/3
gova.sa.com/Heebo-Thin.5740d8571ba2c17c.woff2
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27808, version 1.0
Size
28 kB (27808 bytes)
Hash
cf1c3a336717c93381070d238c90f782
d663d5b077c06d4bc1b8bdfe28657147bd77256a
0201b5d83335daa6995cb96075f758bb09b8ada45a736462adbc3a28f833afef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Thin.5740d8571ba2c17c.woff2 HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-length: 27808
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6ca0-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ku%2BhFThxOH7oFB%2FzNn%2BbmPCrkPLEoMHaNVU5CrUZtBeRoOaMoB1SupTR2ZRCa%2FouLGGXp0HLF3%2BTuizNxHuKieeaQffm6YmG933QD90zcWuDw50x1ffB0OpWpvdvJQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a93ece256cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/Heebo-Bold.acf14f737f7438f7.woff2

172.67.179.90

200 OK

29 kB

URL GET HTTP/3
gova.sa.com/Heebo-Bold.acf14f737f7438f7.woff2
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28560, version 1.0
Size
29 kB (28560 bytes)
Hash
f7bc99b64b780c65fc75a44644084a6e
fb0e3ded3e6072c86a3e86f94695e2576f9758f5
f2e10df61c61ac80916ace8bb9d8166788127143cfb9f189e8c3daff7727c96d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Bold.acf14f737f7438f7.woff2 HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-length: 28560
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6f90-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dGXZiF%2BSG2geVUQs7OTsTeRIlkVSIsBGdUKct%2B359qYl45JsfBt1phRxOSmyXUn6fzPsZ6vdNhL0J2wVjity2RncBz9tm3hH3VRyYdyqNmOM8U%2Fsp62R5qvXNdFCWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a93fcf156cb-OSL
alt-svc: h3=":443"; ma=86400

gova.sa.com/assets/images/bmo-logo_2.svg

172.67.179.90

200 OK

1.5 kB

URL GET HTTP/3
gova.sa.com/assets/images/bmo-logo_2.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
1.5 kB (1512 bytes)
Hash
aa8a6bbb24dac15ade66b5767ae248ec
d61ed316743cfd1e01757f55bf678341fb8358f1
e2401764b4fc7043eda44c3e20d4ef8b6586fdc5d07f6f6165cb20b354543356

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/bmo-logo_2.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-89b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=znXOYF4X5ZVTcFqiI8sWkTucMS0VxvAbABahNRUjGu1p8b24YHgUtlZ9DMfGVHLj6EXTwNPqbfa49V%2B9hcYoiTHnHljOEEQBiH2UrOGeQ14uMgZeRoURg1SwymLTiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a931c0f56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/assets/images/take-a-look-at-your-accounts.svg

172.67.179.90

200 OK

4.6 kB

URL GET HTTP/3
gova.sa.com/assets/images/take-a-look-at-your-accounts.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
4.6 kB (4640 bytes)
Hash
dfc59bf6fb03812a4960e061e78cd3d5
0431e77ed4b5bdbdf79fb220ca0e5a14bf506758
9b560887e13cadf1d2a3db5d1a6bbe3d867e8af0c8300bb410f091740df37cf7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/take-a-look-at-your-accounts.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-3da2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ec%2F9rN%2BReUI5aZE7lgDp3VW1jiN3ufpzo7ck3B68t%2F%2FVABfxY4rT%2FOlGYY8JTDFBsCTufdgwtkKeOtePvnJ01NJEYO0n29PMXt%2BmSBmzeQJv8IRBtvDKnLl9IIk%2FpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a932c2e56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/login_files/Logo_Master-Reverse(1).svg

172.67.179.90

200 OK

10 kB

URL GET HTTP/3
gova.sa.com/login_files/Logo_Master-Reverse(1).svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
10 kB (10318 bytes)
Hash
40b143e8df1729e28fb51892bf616869
89b0f99da6dad9f0fcbe630c0464fc4202a2b2b2
ffd9ff2db1d4f657baef24792853db2531420f99fd72a5082bee30e45fd94faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Logo_Master-Reverse(1).svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FnwVsN0tqtQc6RgEsIj%2BhXsR4TGOAsTZPlHjxfoEFx6yj8FYmZYxlV3EZEqhAVq2lPPlh%2FqDrRrD928zQ3d3bHExrUIbZA4MbxEk7ObyDTymKGK%2Fu5q64FBYQmN%2FMw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a931c0d56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/favicon.ico

172.67.179.90

200 OK

8.5 kB

URL GET HTTP/3
gova.sa.com/favicon.ico
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
8.5 kB (8479 bytes)
Hash
98a8f6231b8840dcd15a34000539c1e0
afe1f0bf1ebc23ced559189ebc678a36ebf3729c
2e9fc0625183383670d077427884473d8b0e04ab1dc479372246fdd2334fe072

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/x-icon
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: W/"662a5acc-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8w4ZGGrmrtUkpX0nRE4UymGLnrWOj4SCtICwnjcf7nRtGvmu99F%2BwMYjrunK4zadth0CyB7q6gRYv9lhdp%2Bxi%2BOe3LDQQ9il978Sx%2BBE6t6MyFpBz9Ozv4RU9VAVaw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a948d9756cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/login_files/Logo_Master-Reverse.svg

172.67.179.90

200 OK

3.8 kB

URL GET HTTP/3
gova.sa.com/login_files/Logo_Master-Reverse.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3829 bytes)
Hash
9256617ff3587d2a6e669765544011aa
56374110d91ae43da040b2d6074082bad289c7f3
57f2a79c0c447b629348a97b9dabaea0596ebced897a64c3f3f77a7a5c138324

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Logo_Master-Reverse.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWjclpeYZ51tUd0in04zg%2FrvmcO5W4dLdrWwqhKftjp8vZw2mlnevDxN3NKj5ERpsMEhF0%2BlKFlzqvkmB3xah6DMClJDz6ULSiQwzVku6iYkwr84SgrH4ccxnHQSFw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a931c0856cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/assets/images/close_icon.svg

172.67.179.90

200 OK

808 B

URL GET HTTP/3
gova.sa.com/assets/images/close_icon.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
808 B (808 bytes)
Hash
55769bc38246f79f9dbc054a8f6b2b6a
2875a364b4edac56315b647b4a80288c5425ea87
a922b34d92609202c1ade203b3d118b26264c608cea70ec506c9deda0a84978e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/close_icon.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-328"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5pn7%2Fln7BRmj7Kx6x9T6n%2F2RjmT%2BfuPVlu1gjkC%2B5gmP12LqYHaFI0Y7cKiq4QIOxsmEYFRP4xBhwv0%2BS9aVkpi1QQJuUgDDV12v8aDU0h5IQC83ynXOCbtzR%2FuZXA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a931c1856cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/build/b.8cc58ef1821ab39c.svg

172.67.179.90

200 OK

1.4 kB

URL GET HTTP/3
gova.sa.com/build/b.8cc58ef1821ab39c.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1444 bytes)
Hash
fc28cf8f2ed67f184837b61b032d72a3
ff1ce98294932d69f96cf1d8022a695ae79d06ab
796dcd946af0c1fc5766612670318808a465172b912369ebe17c04a71ef0dc8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /build/b.8cc58ef1821ab39c.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-5a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nWnfCh%2FvnhBlxH8iit7g9cGfjGhoOS6hyjhOJAvvlKCqrNTDsaDfO7Ld%2BiSNGnvMgWw6pxe7EIySWmLz7i46fpkL97CE7btZOrByEwTaf3aXXcRdyYSG0xwOycVC5w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a939c8f56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/login_files/Logo_Master.svg

172.67.179.90

200 OK

3.8 kB

URL GET HTTP/3
gova.sa.com/login_files/Logo_Master.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3828 bytes)
Hash
cc7e515d9803f675c078fab93fb82c44
6f736baef39f70ba3c3b7eaea5179cff09c9f410
dd2573228e20a1b91a05f24f1d980e573746c94d69258d61a9a0f7f9b13ab4eb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Logo_Master.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N%2F3l%2BCPLc%2BbsM7Sn77W%2FsZoYzF%2BR%2FTlJkFCH%2BRT%2BucZKqemnFiP%2Fryf1WdRYet3BrW6y7%2F5q%2BtWJWquE%2BLrXOUd5ZcxXTVk%2FdcKVC4LGyd4rGf1BzjDru8um0jXpzA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a932c3156cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F

172.67.179.90

200 OK

90 kB

URL GET HTTP/3
gova.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
etag: W/"15d84-616ebc8028d40-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=81TNq4Qp6c9yo1hc1tEpn6MHlhPs7V9x4aMT%2BXf75sDLNKoKx80sp6AIUZpfmg6w%2BgZGi2A0KSLuqsaDxYsc3pgd%2F%2BWRoPpL8I801oHT%2BtkTdp1CR%2FL1yKkr%2Br4dGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a932c3556cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE

172.67.179.90

200 OK

291 kB

URL User Request GET HTTP/2
gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type

Size
291 kB (291184 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iYfrVuiM9kSJKrlyHvQFNBD5up0eVffOUoW04s6rS6ukOcEfE8QVtDw4UD3A5DBUi%2F4XgL4xRZOnXI%2FOLqMWUWxbruB8TenTEUnhj3nATS%2Bd8xoVQfVJPGR7lUj1KQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a913baf5699-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

gova.sa.com/login_files/styles.330d80deccf75709.css

172.67.179.90

200 OK

100 kB

URL GET HTTP/3
gova.sa.com/login_files/styles.330d80deccf75709.css
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
100 kB (100418 bytes)
Hash
0159e1a8e243f244267f294ce8e8454a
44c033e7e94693674eaa6e79604325cd94b332a2
f0629367675eb8c0b7ef8121abb171165308fdd1bb733ddd90feaec5be6c9440

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/styles.330d80deccf75709.css HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: text/css
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-18842"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YOkzurUILbIJEaH16mI7ri47EECPhroXrFYQbvkpui54WrAKv80DiZSCsoiKG3IkGNXT%2F0Q6gPpyHWglFi0msIeW2sY79T76QoUN1MxmpxmqnW0hkw8AUvSR5AE%2BpA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a930c0056cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/assets/images/Logo_Master.svg

172.67.179.90

200 OK

3.8 kB

URL GET HTTP/3
gova.sa.com/assets/images/Logo_Master.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
3.8 kB (3828 bytes)
Hash
cc7e515d9803f675c078fab93fb82c44
6f736baef39f70ba3c3b7eaea5179cff09c9f410
dd2573228e20a1b91a05f24f1d980e573746c94d69258d61a9a0f7f9b13ab4eb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/Logo_Master.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-ef4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dJnJxERQ%2BJg03V5yRd9CZLMdIWnqkHW%2FEL3IPFybnqn%2FVzJmu7QVaTR2E1MEEIfoqkyeGFlBdp9TWvbKojhRWauUPSEC3SVj5Njg3lBi9y0rz2tXbdSM%2FU9bCHlihw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87ae1a931c0b56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

gova.sa.com/assets/images/minimize_icon.svg

172.67.179.90

200 OK

242 B

URL GET HTTP/3
gova.sa.com/assets/images/minimize_icon.svg
IP
172.67.179.90:443
ASN
#13335 CLOUDFLARENET

Requested by
https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Certificate
IssuerLet's Encrypt
Subjectgova.sa.com
Fingerprint6B:9D:93:D2:08:82:89:7A:F0:2C:F4:74:96:97:91:1D:02:4D:10:45
ValiditySun, 07 Apr 2024 09:59:13 GMT - Sat, 06 Jul 2024 09:59:12 GMT

File type
SVG Scalable Vector Graphics image
Size
242 B (242 bytes)
Hash
f6e33203dd67db19508d0e5656bbd5fe
f5c5ee14c4dde28a2e0655d9c02a4f71b8c346df
6fb609f6b9760747b55fa262330106b254cf160689958948fc64fe9fecfadb2c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/minimize_icon.svg HTTP/1.1
Host: gova.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gova.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMI7rSc8f3hhQMVOjfUAR2nkQfWEAMYASAAEgKFYPD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Sat, 27 Apr 2024 10:24:36 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: W/"662a5acc-f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 3528
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcXMdhJoKGYsDQ1NAuh1WmcQ6Mm6iIeHn%2FrFLo08pvQ9tAVTzjbzbd8lqNrfXuQleznCd%2BWaKpGap%2B1F6xZEQDG9QZBEfZfJXiQygobcW5P5W7VMCOFUDMzq%2FsmMpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87ae1a931c1656cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash