Report - com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD

Report Overview

Submitted URL
com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
IP
104.21.55.24
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-25 21:56:28
Access
public
Website Title
Sign in
Final URL
com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Tags
salesforce phishing
urlquery detections
Phishing - Salesforce

Detections

urlquery
23
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
com1.sa.com	unknown	2024-01-23	2024-01-23	2024-04-08	12 kB	838 kB	172.67.144.34

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (4)

	URL	Size	First Seen	Last Seen
	com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE	66 B	2024-04-25	2024-05-05
Pretty URL com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE IP 172.67.144.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 19:26:45 Last Seen2024-05-05 17:02:33 Times Seen214 Hash 019761e8efe5d7919cbb7399fae175e7 cb7725f33aa9f5ad2110cedf2e4f3f176aa36f04 103366b273d7a300655a3434bf24b7ebaacab559455a0528a03d77a98fee9eeb Loading...

	unknown	16 B	2023-04-12	2024-05-05
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-12 12:16:03 Last Seen2024-05-05 17:02:32 Times Seen866 Hash f68a36abd71ae82677dd3c95dcfd9401 46a4b43ec98d6a1be16d06cfbcfadc3d3cc0c9bf 931f0c77f754571896c47d313437c8fb48d8f92e04bf626b8b78c11b8aeb9bd1 Loading...

	com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE	7.2 kB	2024-04-25	2024-05-05
Pretty URL com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE IP 172.67.144.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-25 19:26:45 Last Seen2024-05-05 17:02:33 Times Seen214 Hash 05e269de8b057f00127794d91023ad9f 3d59540fd4f144693ac2fb2c11feb89077973308 50f2396fdf540c79e08d6a91390f73f3f89b7864b55a47b18d363cfe1324a25c Loading...

	com1.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F	90 kB	2023-03-07	2024-05-05
Pretty URL com1.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F IP 172.67.144.34 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-05-05 17:05:03 Times Seen141602 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

HTTP Transactions (22)

URL IP Response Size

com1.sa.com/assets/images/ehl.png

172.67.144.34

200 OK

6.5 kB

URL GET HTTP/3
com1.sa.com/assets/images/ehl.png
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
6.5 kB (6512 bytes)
Hash
e19cb0a8ff7940341fe40ed00dada53c
6c298785abc2f256b1c1f44a211892ef73950ae0
324dfccf399348f7a1c9351a4ee814e21a37bc98895d55009b43dc1cfd1e39ba

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/ehl.png HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/png
content-length: 6512
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "662a5acc-1970"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pEYdcSQ9CuGFvQsXv4RVHscSFaUR3XqmHhkL8NyOiAx8rtBivEeoH7GH1qkRdwCN%2FUVeZyMxrpNObewraG7JM%2FvUu7LX1R1ro1tFzqgLVEoIdoTRWbeSeM8K%2BgijLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194ad2e6e56c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/assets/images/fdic.png

172.67.144.34

200 OK

6.3 kB

URL GET HTTP/3
com1.sa.com/assets/images/fdic.png
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
PNG image data, 200 x 200, 8-bit colormap, non-interlaced
Size
6.3 kB (6323 bytes)
Hash
1f216d4d130a1157674345d7c20e20b3
b4676bf182ac9cfe51aaf6d0709e5dfc591a3ae6
944f5f59fb5cff5bcfa135c92c8424dc678ef747a6114fbf926a59a2b07593c5

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/fdic.png HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/png
content-length: 6323
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "662a5acc-18b3"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=adCTqqjtXzpmEdPmUolCUCvUxx0TsBOTxtEkm0GB3Wmable7OqYqYddAHSziP6W%2B7%2BfF6n%2B4GlsN5lGYGv%2BkDzbtLy%2FTLLENtrbugX3JWiQNOEV2x0FSGmKFj1cqAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194ad2e6c56c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/assets/images/take-a-look-at-your-accounts.svg

172.67.144.34

200 OK

32 kB

URL GET HTTP/3
com1.sa.com/assets/images/take-a-look-at-your-accounts.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
32 kB (31945 bytes)
Hash
dfc59bf6fb03812a4960e061e78cd3d5
0431e77ed4b5bdbdf79fb220ca0e5a14bf506758
9b560887e13cadf1d2a3db5d1a6bbe3d867e8af0c8300bb410f091740df37cf7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/take-a-look-at-your-accounts.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-3da2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IxFXgiY7GPTaTcUu%2BFYb6WxU9GoE9mRzyXcJT1mENcCJ2CHXSI4%2F%2FgTJDOYarkxq%2B4ZUrDD77%2BEaYNeTzvUwV2JmpencoDgdorJbco0tANOM6qZlh2BboHT1%2FInriw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad3e7356c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/login_files/Logo_Master-Reverse(1).svg

172.67.144.34

200 OK

30 kB

URL GET HTTP/3
com1.sa.com/login_files/Logo_Master-Reverse(1).svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
30 kB (30183 bytes)
Hash
40b143e8df1729e28fb51892bf616869
89b0f99da6dad9f0fcbe630c0464fc4202a2b2b2
ffd9ff2db1d4f657baef24792853db2531420f99fd72a5082bee30e45fd94faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Logo_Master-Reverse(1).svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=INEAnZaApbU69TsUKUC%2BGO6kuDToiUCJWJN7WCtrdK3QAog5zPmPQh6drEpAJ36XkBBTboWl3dmfrzJOZjU%2FuurtlEqOaYXVz4dprub9t9i7WG2i2Jui4kGWwrL5kw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad2e6556c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/assets/images/close_icon.svg

172.67.144.34

200 OK

29 kB

URL GET HTTP/3
com1.sa.com/assets/images/close_icon.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
29 kB (29023 bytes)
Hash
02165b732cf61f3761a5dde7f25fa63a
10cad2b78404a7db1c6762d31564502567608b46
f0a638d71d980f453a4ca56a85bc6fcfab2cafbef3d9535a086426b8f3271077

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/close_icon.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-328"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DoBMIjW9XL5NFDoUG7IprTRKHaOPUHKaeWFW9Ks%2FRaiQAnUXo8uxixHoR%2BoLfpia0Ty3L%2FE3AhDgQeAaaHkbpoudWgzkmDbMnRUzTMfV9A%2Fkqwby320uM8LNwI8%2Fyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad3e7156c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/login_files/Logo_Master.svg

172.67.144.34

200 OK

30 kB

URL GET HTTP/3
com1.sa.com/login_files/Logo_Master.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
30 kB (30111 bytes)
Hash
c276fcbd485a351f9b974291aa9766cc
d738543926c1ad7ed84c5c8a7cd91c3d27c24ff5
173b383e44552749ccaec1b80f7a4c8915270f8eed8741d8d33c12807f5f83af

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Logo_Master.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kwHIkOr1802MgO8ipwHqiY8DaFMuGYjXuRZLc9iP17peZm%2FiKh0BIbvGmgjSh57bpivU7wDiAjXuDhoHQSv7b7vvUWeqkGO7WqBVHZ8WKg%2Bl7GPzNVXPudd3g2fF2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad3e7456c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/Heebo-Light.b37fd88770249dfa.woff2

172.67.144.34

200 OK

28 kB

URL GET HTTP/3
com1.sa.com/Heebo-Light.b37fd88770249dfa.woff2
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28476, version 1.0
Size
28 kB (28476 bytes)
Hash
400e8b71de50f49b7b0d8677fd9d81de
9303146a35fff66540170a40ff33b0ea29a0ba79
207ee410a833bdc6e9258c826ce60b8cb26471e6fac689e18d8ea8c7c5a9b585

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Light.b37fd88770249dfa.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28476
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6f3c-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jjJfYTFsapKusRpWQXxsySf5ZMoBHpsR%2F19cGON8KzS%2FoYNlMcZIHT5vjj7RkF5UN1zfxd4HeF%2BqWV34QUbStIUnT7zkRJcAko%2FfXLOOIFQ34vXs9JvxAQnweziA%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adff1b56c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/assets/images/minimize_icon.svg

172.67.144.34

200 OK

47 kB

URL GET HTTP/3
com1.sa.com/assets/images/minimize_icon.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
47 kB (47302 bytes)
Hash
60268176f4a56d3f8874307e543a7e14
c8cfb12398cb22bdaa6903bdf81ee542c7932514
50fc9d4ee7cda06611bb7dc71bec1b47412333bff019d7660e16fd5bbef1a9b0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/minimize_icon.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: W/"662a5acc-f2"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ADqBOfCf%2Bb51r3l9cIS7Y%2F8KIcdSlEtOv6Esm12DOi8rypQlM%2BrXcJdbbR73bbEzdRWqy6J7YQib6uidjcs2L9JowAOEuHv89VZ4rQpi8%2FZ32IfP4%2FH%2BLvZmf8sBSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194ad2e7056c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/login_files/Heebo-Regular.f807eddb777f8cc0.woff2

172.67.144.34

200 OK

29 kB

URL GET HTTP/3
com1.sa.com/login_files/Heebo-Regular.f807eddb777f8cc0.woff2
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28632, version 1.0
Size
29 kB (28632 bytes)
Hash
0ec52131c89aec5adb27d61223543ced
ec24f7cf191c89d67076361a5449cff46b81570e
c8eaf794d7920f0d958001cab7b9c403efb89217b4d5c3ad648de792bc590bff

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Heebo-Regular.f807eddb777f8cc0.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login_files/styles.330d80deccf75709.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28632
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
etag: "6fd8-616ebc8028d40"
cache-control: max-age=14400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dex1GzogrjSsb0ORCA0Spp2oEGTdnqPinosEy0DustIUP8kI%2BSlN%2FMnBkkzFQ%2BjNxtDsmejPetm3gYiwJJZ32WJhRzY0hFltcGo2DGR36Zl9bDvef2H6Z%2FZwZ9cIgA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194ae2f4e56c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/login_files/styles.330d80deccf75709.css

172.67.144.34

200 OK

18 kB

URL GET HTTP/3
com1.sa.com/login_files/styles.330d80deccf75709.css
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
18 kB (17938 bytes)
Hash
0159e1a8e243f244267f294ce8e8454a
44c033e7e94693674eaa6e79604325cd94b332a2
f0629367675eb8c0b7ef8121abb171165308fdd1bb733ddd90feaec5be6c9440

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/styles.330d80deccf75709.css HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: text/css
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-18842"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpKtUXLR83Iu37WM7ir9MbVvt07%2BO%2FkHNJLKti0nbU1nqfs2a7P98e%2FfE434AYIFUjSbZqfbKZotLPKtbURMb7LPfLrcgreT6D7LD5K%2BWuBo29hVm2eRmVxjQmDWhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad2e5f56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/assets/images/Logo_Master.svg

172.67.144.34

200 OK

2.9 kB

URL GET HTTP/3
com1.sa.com/assets/images/Logo_Master.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
2.9 kB (2877 bytes)
Hash
c276fcbd485a351f9b974291aa9766cc
d738543926c1ad7ed84c5c8a7cd91c3d27c24ff5
173b383e44552749ccaec1b80f7a4c8915270f8eed8741d8d33c12807f5f83af

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/Logo_Master.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-ef4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7SO%2BfMBaRGXIDSKQ4D4NnZsGq90LlEBnxBUlBhMO%2Bg75l%2B57TLBiqShxE%2FdxAUi%2BBnc5ZVEWvX1r8nlrrvLKZD%2FP5o%2BcvyaCBbe0a4ksf2KIj4AEtJrBeWv85BcJ3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad2e6356c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/favicon.ico

172.67.144.34

200 OK

10 kB

URL GET HTTP/3
com1.sa.com/favicon.ico
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size
10 kB (10228 bytes)
Hash
98a8f6231b8840dcd15a34000539c1e0
afe1f0bf1ebc23ced559189ebc678a36ebf3729c
2e9fc0625183383670d077427884473d8b0e04ab1dc479372246fdd2334fe072

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:03 GMT
content-type: image/x-icon
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: W/"662a5acc-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dVsGT9eDpv2h1nkPCkJZ0DChYB5S4LSVNGqwZoNjRF8c9u%2FtCxMfvZ0P%2B%2FIPfN60ydyppAwCLOzUpZIxYNbNCDX5jcZI4geHaybZvzztYK3K9YUxpaSZrXs5tfwSRw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194aedfed56c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/login_files/Logo_Master-Reverse.svg

172.67.144.34

200 OK

8.7 kB

URL GET HTTP/3
com1.sa.com/login_files/Logo_Master-Reverse.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
8.7 kB (8725 bytes)
Hash
40b143e8df1729e28fb51892bf616869
89b0f99da6dad9f0fcbe630c0464fc4202a2b2b2
ffd9ff2db1d4f657baef24792853db2531420f99fd72a5082bee30e45fd94faf

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/Logo_Master-Reverse.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
vary: Accept-Encoding
etag: W/"662a5acd-ef5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dshW%2FrP%2FTmCXe%2BmYvXk5K8lbFkHcHL2UjKtuiD5%2FJ2qgDp3re%2BhkJGEPNSqqsNNpv5kK0qdUU4V%2F2kX65yF%2FynSk%2FkBpJDj5YEwtaOpJ5fCAlXFVPhQGEwgh55nr1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad2e6156c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/Heebo-Regular.f807eddb777f8cc0.woff2

172.67.144.34

200 OK

29 kB

URL GET HTTP/3
com1.sa.com/Heebo-Regular.f807eddb777f8cc0.woff2
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28632, version 1.0
Size
29 kB (28632 bytes)
Hash
0ec52131c89aec5adb27d61223543ced
ec24f7cf191c89d67076361a5449cff46b81570e
c8eaf794d7920f0d958001cab7b9c403efb89217b4d5c3ad648de792bc590bff

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Regular.f807eddb777f8cc0.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28632
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6fd8-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lrvo0jU21GudPijOJSZ09s0KYYH%2BeXSA09HoaNbSZsNE0Uhaf4jmQpluN8scMt38wTqMRXORMSDfRoMlL0%2FrZBSIvv4FOmT68QjrG1R5ywPT099gGiqftZfl%2BFraWA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adef0656c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/Heebo-Thin.5740d8571ba2c17c.woff2

172.67.144.34

200 OK

28 kB

URL GET HTTP/3
com1.sa.com/Heebo-Thin.5740d8571ba2c17c.woff2
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 27808, version 1.0
Size
28 kB (27808 bytes)
Hash
cf1c3a336717c93381070d238c90f782
d663d5b077c06d4bc1b8bdfe28657147bd77256a
0201b5d83335daa6995cb96075f758bb09b8ada45a736462adbc3a28f833afef

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Thin.5740d8571ba2c17c.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 27808
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6ca0-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IGdHu7ByiQAOU%2FAeaKbcTTH1zP4mNlyTSeEzhzcHaTrQjPcFY0%2BvQ7GgyaF6xpqs%2FZ8cWBdnnrWV0r17zFQ%2FCYU35f9z6G%2FhnvECun%2BwR38N%2FHEiG2uI8T8hIzGz9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adef1556c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/capco-icon-fonts.e3dce399bcb18ec3.woff

172.67.144.34

200 OK

47 kB

URL GET HTTP/3
com1.sa.com/capco-icon-fonts.e3dce399bcb18ec3.woff
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format, TrueType, length 47132, version 0.0
Size
47 kB (47132 bytes)
Hash
bdd2d7e7a2b19da123e3dd0aa2b6ba13
336b4abd79c8aa3f658c359e33bc5581955b72ad
a6752fc2e494367dabaf484e095493fb7865ff58800abfc71123dc282d95b4f3

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /capco-icon-fonts.e3dce399bcb18ec3.woff HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: application/font-woff
content-length: 47132
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "b81c-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XJ%2BwXxUittYItPADbZOsUjwtats2U%2BBAl6YTYqXBo7nYEKMXq7ElDepVbVFhVQBpMywfG%2Fc01hmvvGRssSkajUEoQBkQMHdwV63lY2dliyI3MWanvfddnXf7jwtXwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adef0856c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE

172.67.144.34

200 OK

291 kB

URL User Request GET HTTP/2
com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type

Size
291 kB (291184 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sEPw1Jop4MsUr2uQE2cxZiAZ59RXvsHX07DWhaiFjPeX4OGE%2FHoT3IXtaw%2FfbO%2BlbgN26m%2FwyGsFuYvEsR%2FNzfNGyfH3ZSwAMxBlH09XhjkkR73tDjQjFWo4cqHljQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194aaabddb4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

com1.sa.com/assets/images/bmo-logo_2.svg

172.67.144.34

200 OK

2.2 kB

URL GET HTTP/3
com1.sa.com/assets/images/bmo-logo_2.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2203 bytes)
Hash
9ad5272aa281180ca604b472f6a20ecd
5c4fb5579743f0a859bad799c23e209e89bd8ae1
9c483d1c02a221c041f279c0d8f74301e6ec39ab666b13c6ea65314e6bea7a0a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /assets/images/bmo-logo_2.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-89b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u2tVgwYYM6RsjUSy5WBQFl1JVOXM7JqGOvYeVhxhmsF78Wg2%2Fr2%2Fn32iv6%2BtAEC%2BqDlLF5GuNemctLpFtx2wCzkoVACsyICfj11PtxUzsRvjWjkx0TQC0eTt6KGtag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad2e6756c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/build/b.8cc58ef1821ab39c.svg

172.67.144.34

200 OK

1.4 kB

URL GET HTTP/3
com1.sa.com/build/b.8cc58ef1821ab39c.svg
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
SVG Scalable Vector Graphics image
Size
1.4 kB (1444 bytes)
Hash
fc28cf8f2ed67f184837b61b032d72a3
ff1ce98294932d69f96cf1d8022a695ae79d06ab
796dcd946af0c1fc5766612670318808a465172b912369ebe17c04a71ef0dc8b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /build/b.8cc58ef1821ab39c.svg HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: image/svg+xml
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
vary: Accept-Encoding
etag: W/"662a5acc-5a4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
cf-cache-status: HIT
age: 0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LMH292ECPPZw7rpeSRFl%2FHjriPcwyB4nwvcrgZKLniRlzv70%2FyfFXwz7FwlHe%2FqhqxbQ3wXFY%2F2oClJg0p9MiXn%2BkUL8iUo%2BgrqAu05hcWijIQup3%2Fxpyc1shg4ZJw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194addf0556c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F

172.67.144.34

200 OK

90 kB

URL GET HTTP/3
com1.sa.com/login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65451)
Size
90 kB (89476 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /login_files/jquery.min.js.%D0%91%D0%B5%D0%B7%20%D0%BD%D0%B0%D0%B7%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-type: application/javascript
last-modified: Thu, 25 Apr 2024 13:29:49 GMT
etag: W/"15d84-616ebc8028d40-gzip"
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oNDLAOt7MKdO%2BLdnyxtGEqHTs7B%2ByYiSaJmBYdz4doaTADoUo%2FLu%2Br8%2BjC4Fdco5%2FqXb%2Fmdug%2FBcsk6u43tXwdfr3ZZxZ5xbMHGKYWhjpBBMH%2F%2FtCKUY%2FlPYPeDIYg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a194ad3e7756c1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

com1.sa.com/Heebo-Medium.8df563692fcd9fd0.woff2

172.67.144.34

200 OK

29 kB

URL GET HTTP/3
com1.sa.com/Heebo-Medium.8df563692fcd9fd0.woff2
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28596, version 1.0
Size
29 kB (28596 bytes)
Hash
e1ec2e8632e031aaacebf19c22be7f94
5f477c6850c9623b37ca85115005bc8e17c99a32
6b0775312a70463baadc76ad84f408bf91b13da73fd1b2df4ea62233484d5a1e

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Medium.8df563692fcd9fd0.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28596
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6fb4-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fUf3915QkPdfXf6YUCEzhoWeD08YmzGxFCXwMUT%2FKUklTSIWvZgII3fpQUmf94a8wBqBK2zygp9DbNozMURntxFP27i5k0Wh6P1elAc1D9t6%2BaMEzgSJhJvW51HAlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adef0a56c1-OSL
alt-svc: h3=":443"; ma=86400

com1.sa.com/Heebo-Bold.acf14f737f7438f7.woff2

172.67.144.34

200 OK

29 kB

URL GET HTTP/3
com1.sa.com/Heebo-Bold.acf14f737f7438f7.woff2
IP
172.67.144.34:443
ASN
#13335 CLOUDFLARENET

Requested by
https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Certificate
IssuerLet's Encrypt
Subjectcom1.sa.com
Fingerprint29:59:8A:7A:28:F3:1D:7C:DB:4D:45:03:B8:56:AE:C3:F2:0F:FC:0D
ValidityFri, 22 Mar 2024 10:22:48 GMT - Thu, 20 Jun 2024 10:22:47 GMT

File type
Web Open Font Format (Version 2), TrueType, length 28560, version 1.0
Size
29 kB (28560 bytes)
Hash
f7bc99b64b780c65fc75a44644084a6e
fb0e3ded3e6072c86a3e86f94695e2576f9758f5
f2e10df61c61ac80916ace8bb9d8166788127143cfb9f189e8c3daff7727c96d

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /Heebo-Bold.acf14f737f7438f7.woff2 HTTP/1.1
Host: com1.sa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://com1.sa.com/login.php?gad_source=1&gclid=EAIaIQobChMIkaW5sajehQMVTDWtBh3ARAHlEAMYASAAEgIK3PD_BwE
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 25 Apr 2024 21:56:02 GMT
content-length: 28560
last-modified: Thu, 25 Apr 2024 13:29:48 GMT
etag: "6f90-616ebc7f34b00"
cache-control: max-age=14400
cf-cache-status: HIT
age: 0
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tW2bE9nrzkpNhNKvrCTxLnqXuyYRhr8U16GYNTFV7xYFPl1eOx84BKTjmQhClo7LgibZ9oD13TakA8sibnQ6Q%2FdieAdGL7WQeXDriad5L2DocpNMMNcapui%2Fnii2XA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a194adff1c56c1-OSL
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (4)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (22)

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/3

IP

ASN

Requested by

Certificate

File type

Size

Hash