Report - gangguanshop.com/

Report Overview

Visited public
2023-12-05 15:25:05
Tags
salesforce phishing
URL
gangguanshop.com/
Finishing URL
gangguanshop.com/index/user/login.html
IP / ASN
38.45.120.164
#174 COGENT-174
Title
Sign in
Phishing - Salesforce

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
gangguanshop.com	unknown	2021-05-02	2017-10-02 06:16:12	2023-12-02 16:38:49	5.8 kB	376 kB	38.45.120.166

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-05 15:24:52	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (5)

	URL	From	Size	First Seen	Last Seen
	gangguanshop.com/static_new/js/jquery.min.js	ScriptElement	88 kB	2023-03-07	2025-05-07
Pretty URL gangguanshop.com/static_new/js/jquery.min.js IP 38.45.120.166 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-07 21:25 Times Seen3657 Hash 2f772fed444d5489079f275bd01e26cc a8927ac2830b2fdd4a729eb0eb7f80923539ceb9 2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a Loading...

	gangguanshop.com/static_new/js/dialog.min.js	ScriptElement	28 kB	2023-04-09	2024-09-28
Pretty URL gangguanshop.com/static_new/js/dialog.min.js IP 38.45.120.166 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-09 05:49 Last Seen2024-09-28 08:18 Times Seen149 Hash 819489feed48dde570ea1c90f4c26943 e0390e58fd57a11ff7eb5b7e0949db417b355179 d81811ac835e6b20322babf937f5bb9e1cc145f766093a3baf4b7c7311e532ca Loading...

	gangguanshop.com/static_new/js/common.js	ScriptElement	2.1 kB	2023-03-07	2025-05-07
Pretty URL gangguanshop.com/static_new/js/common.js IP 38.45.120.166 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:20 Last Seen2025-05-07 14:04 Times Seen1192 Hash 406be4345cfb532036cad97a814bc41a 675d6a1546566c56cbfdd718373b19f26f79f3bc c086a692a01d650dccb602faf9fbea54f920546532821ad19cdefeb750eea586 Loading...

	gangguanshop.com/index/user/login.html	ScriptElement	0 B	0001-01-01	2025-05-09
Pretty URL gangguanshop.com/index/user/login.html IP 38.45.120.166 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-05-09 04:16 Times Seen4633850 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	gangguanshop.com/index/user/login.html	ScriptElement	2.1 kB	2023-07-11	2024-08-20
Pretty URL gangguanshop.com/index/user/login.html IP 38.45.120.166 ASN #174 COGENT-174 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-11 22:25 Last Seen2024-08-20 17:55 Times Seen141 Hash 072497067bf228f46943f7755dc35e5c 2eb68ac4c97e8405158d0fa4695d14f193345e97 9ea0ee4df47fa008f79296a8e74a276cb6e756de95b3184853a36c13da7ee2a7 Loading...

HTTP Transactions (11)

URL IP Response Size

gangguanshop.com/p_static1/css/base.css

38.45.120.166

200 OK

856 B

URL GET HTTP/2
gangguanshop.com/p_static1/css/base.css
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text
Size
856 B (856 bytes)
Hash
d83064a2939de2dc97927e8ff2de22aa
fd054743412d2de797943b0e4443d563e650e18f
cdaea0b2d53ba496d91da4af33c03bea79b9ce1bbe6b8fc6379af22f9a93714f

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /p_static1/css/base.css HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: text/css
content-length: 856
last-modified: Fri, 09 Jun 2023 06:29:43 GMT
etag: "6482c6d7-358"
expires: Tue, 05 Dec 2023 22:52:26 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

gangguanshop.com/p_static1/img/logo.png

38.45.120.166

200 OK

53 kB

URL GET HTTP/2
gangguanshop.com/p_static1/img/logo.png
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
PNG image data, 1200 x 840, 8-bit/color RGBA, non-interlaced\012- data
Size
53 kB (52653 bytes)
Hash
8b010ecc0657b5989902e509fbf85b8d
146bc16a8e9ecb2e995ef1cd09ed1db6f80b1fe5
fdfeca14dfab4bc226005baae87dd73633a702133b8be5472d617518daf9ba3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /p_static1/img/logo.png HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: image/png
content-length: 52653
last-modified: Fri, 14 Jul 2023 11:26:30 GMT
etag: "64b130e6-cdad"
expires: Sun, 31 Dec 2023 15:54:52 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

gangguanshop.com/p_static1/img/login_btn.png

38.45.120.166

200 OK

611 B

URL GET HTTP/2
gangguanshop.com/p_static1/img/login_btn.png
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced\012- data
Size
611 B (611 bytes)
Hash
1ec6953a4ac1b5d1436ae062e14f21b2
50597d8a6984c02bd50d06c51bacc814df78c227
5a4bba1a7049980724ac218e28686044b0f83a8a95d577a8f80248fff583c9e2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /p_static1/img/login_btn.png HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: image/png
content-length: 611
last-modified: Thu, 02 Mar 2023 18:27:55 GMT
etag: "6400eaab-263"
expires: Sun, 31 Dec 2023 15:54:52 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

gangguanshop.com/p_static1/img/bg-top.png

38.45.120.166

200 OK

164 kB

URL GET HTTP/2
gangguanshop.com/p_static1/img/bg-top.png
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
PNG image data, 800 x 900, 8-bit colormap, non-interlaced\012- data
Size
164 kB (163791 bytes)
Hash
290559eda46149e04da69326c514e45d
505dc3ca369f2aab9d93bd44a05a8174f265a370
780f23e37939e83f6d68032a221e07a9dbff0dc15bd57408bf18eed8a541c69c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /p_static1/img/bg-top.png HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:49 GMT
content-type: image/png
content-length: 163791
last-modified: Sat, 01 Jul 2023 03:26:08 GMT
etag: "649f9cd0-27fcf"
expires: Sun, 31 Dec 2023 15:54:52 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

gangguanshop.com/favicon.ico

38.45.120.166

200 OK

5.4 kB

URL GET HTTP/2
gangguanshop.com/favicon.ico
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
ccda8df05e9a37b3131afd4d451b44ec
ed9d0f9c4224fbd4c768be237b4b59f27f1b718c
92842fc6c2f66b46f69458c14621fc2eca5d6c02d7937f9124fe8a3a9a55bc91

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:49 GMT
content-type: image/x-icon
content-length: 5430
last-modified: Fri, 14 Jul 2023 11:25:26 GMT
etag: "64b130a6-1536"
strict-transport-security: max-age=31536000
accept-ranges: bytes
server: cdn
x-cache-status: MISS
X-Firefox-Spdy: h2

gangguanshop.com/static_new/css/public.css

38.45.120.166

200 OK

16 kB

URL GET HTTP/2
gangguanshop.com/static_new/css/public.css
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
16 kB (16218 bytes)
Hash
8d9acb36e3f61379b86658df119cbe5f
4b40186551b53328baedb162e495dd276620c3fe
2509b72d37e08bbb3d3107b1cf2a5412c2cd17ca5b2949857b37557e192152d0

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/css/public.css HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: text/css
last-modified: Sat, 15 Feb 2020 10:13:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"5e47c43a-3f5a"
expires: Tue, 05 Dec 2023 22:52:26 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gangguanshop.com/static_new/js/jquery.min.js

38.45.120.166

200 OK

88 kB

URL GET HTTP/2
gangguanshop.com/static_new/js/jquery.min.js
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65450), with CRLF line terminators
Size
88 kB (88145 bytes)
Hash
2f772fed444d5489079f275bd01e26cc
a8927ac2830b2fdd4a729eb0eb7f80923539ceb9
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/jquery.min.js HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: application/javascript
last-modified: Sat, 15 Feb 2020 10:13:14 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"5e47c43a-15851"
expires: Tue, 05 Dec 2023 22:52:26 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gangguanshop.com/static_new/js/dialog.min.js

38.45.120.166

200 OK

28 kB

URL GET HTTP/2
gangguanshop.com/static_new/js/dialog.min.js
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type

Size
28 kB (27891 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/dialog.min.js HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: application/javascript
last-modified: Tue, 29 Dec 2020 07:40:58 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"5feadd8a-6cf3"
expires: Tue, 05 Dec 2023 22:52:26 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gangguanshop.com/static_new/js/common.js

38.45.120.166

200 OK

2.1 kB

URL GET HTTP/2
gangguanshop.com/static_new/js/common.js
IP
38.45.120.166:443
ASN
#174 COGENT-174

Requested by
https://gangguanshop.com/index/user/login.html
Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2192), with no line terminators
Size
2.1 kB (2126 bytes)
Hash
1602305add4522cf987af4464aa97131
b6c0c2c23b29bde23f0142b6ce7a57315856285f
ebf9a4d2dc159edb856909b907d4b8d844f5197bee62df0b2f02e559c9c3739b

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /static_new/js/common.js HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gangguanshop.com/index/user/login.html
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; lang=en-us
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:48 GMT
content-type: application/javascript
last-modified: Sun, 29 Mar 2020 13:03:22 GMT
vary: Accept-Encoding, Accept-Encoding
etag: W/"5e809c9a-84e"
expires: Tue, 05 Dec 2023 22:52:26 GMT
cache-control: max-age=43200
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: HIT
content-encoding: gzip
X-Firefox-Spdy: h2

gangguanshop.com/

38.45.120.166

301 Moved Permanently

7.1 kB

URL User Request GET HTTP/2
gangguanshop.com/
IP
38.45.120.166:443
ASN
#174 COGENT-174

Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type

Size
7.1 kB (7070 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET / HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 15:24:47 GMT
content-type: text/html; charset=utf-8
set-cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29; path=/; HttpOnly
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-cache,must-revalidate
location: /index/user/login.html
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: MISS
X-Firefox-Spdy: h2

gangguanshop.com/index/user/login.html

38.45.120.166

200 OK

7.1 kB

URL User Request GET HTTP/2
gangguanshop.com/index/user/login.html
IP
38.45.120.166:443
ASN
#174 COGENT-174

Certificate
IssuerZeroSSL
Subjectgangguanshop.com
Fingerprint09:F0:41:C1:97:10:0E:8E:C5:EC:92:7E:8D:4C:62:01:0B:2D:AA:3B
ValidityMon, 27 Nov 2023 00:00:00 GMT - Sun, 25 Feb 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (7351), with no line terminators
Size
7.1 kB (7070 bytes)
Hash
566508ec5d4f307623dff1c2d2add635
64b6f7e19d8ebed80cdab46fef8416417813c0b3
07bc81e764c0314ee08ad19d70a537cedd2168708801f5ffbb251e174c4a2526

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Salesforce

HTTP Headers

GET /index/user/login.html HTTP/1.1
Host: gangguanshop.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: s4c9f0208=8t1tpbh990e3jh144io5vr3j29
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 15:24:47 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: lang=en-us; expires=Thu, 04-Jan-2024 15:24:56 GMT; Max-Age=2592000; path=/; HttpOnly
strict-transport-security: max-age=31536000
server: cdn
x-cache-status: MISS
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (11)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2