urlscan.io logo urlscan.io
SecurityTrails logo

phishlabs.my.salesforce.com Open in urlscan Pro
13.110.59.205  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://phishlabs.lightning.force.com/0066S00000zrhviQAA
Effective URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Submission Tags: falconsandbox
Submission: On March 19 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 36 IPs in 4 countries across 34 domains to perform 117 HTTP transactions. The main IP is 13.110.59.205, located in United States and belongs to SALESFORCE, US. The main domain is phishlabs.my.salesforce.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 9th 2021. Valid for: a year.
This is the only time phishlabs.my.salesforce.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.109.191.206 14340 (SALESFORCE)
12 13.110.59.205 14340 (SALESFORCE)
1 13.109.186.204 14340 (SALESFORCE)
2 85.222.152.67 14340 (SALESFORCE)
14 2606:2c40::c7... 209242 (CLOUDFLAR...)
2 142.250.185.194 15169 (GOOGLE)
6 84.17.46.53 60068 (CDN77 ^_^)
2 107.23.8.65 14618 (AMAZON-AES)
2 143.204.215.105 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
2 65.9.66.123 16509 (AMAZON-02)
4 209.128.119.150 7151 (BAYAREA-AS)
4 2a03:2880:f02... 32934 (FACEBOOK)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 99.86.7.26 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
4 104.111.234.67 16625 (AKAMAI-AS)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a03:2880:f12... 32934 (FACEBOOK)
2 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
2 23.111.9.64 33438 (STACKPATH)
2 192.28.144.124 15224 (OMNITURE)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
2 13.107.42.14 8068 (MICROSOFT...)
2 143.204.215.95 16509 (AMAZON-02)
4 52.3.44.116 14618 (AMAZON-AES)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 3 54.171.228.20 16509 (AMAZON-02)
1 3 143.204.215.69 16509 (AMAZON-02)
2 35.244.174.68 15169 (GOOGLE)
2 143.204.215.77 16509 (AMAZON-02)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
117 36
1    13.109.191.206 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl16-ncg1-c5-iad4.na168-ia4.force.com
phishlabs.lightning.force.com
12    13.110.59.205 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
phishlabs.my.salesforce.com
1    13.109.186.204 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl11-ncg1-c5-iad4.na168-ia4.salesforce.com
na168.salesforce.com
2    85.222.152.67 (Frankfurt am Main, Germany)

ASN14340 (SALESFORCE, US)
PTR: dcl1-ncg0-fra3.login.salesforce.com
login.salesforce.com
14    2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
info.phishlabs.com
2    142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net
www.googleadservices.com
6    84.17.46.53 (Amsterdam, Netherlands)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com
load.sumome.com
load.sumo.com
2    107.23.8.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-23-8-65.compute-1.amazonaws.com
cdn.callrail.com
2    143.204.215.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-105.fra53.r.cloudfront.net
tag.demandbase.com
4    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
4    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
www.google-analytics.com
2    65.9.66.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-123.fra56.r.cloudfront.net
static.hotjar.com
4    209.128.119.150 (United States)

ASN7151 (BAYAREA-AS, US)
PTR: 209-128-119-150.bayarea.net
stats.sa-as.com
4    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
2    99.86.7.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-26.fra6.r.cloudfront.net
script.hotjar.com
2    2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
4    104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com
munchkin.marketo.net
2    2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6811:eacc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
2    2606:4700::6811:73b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
2    2606:4700::6812:14bf (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
4    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a02:26f0:6c00::210:ba20 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    23.111.9.64 (United States)

ASN33438 (STACKPATH, US)
scout-cdn.salesloft.com
2    192.28.144.124 (United States)

ASN15224 (OMNITURE, US)
130-bfb-942.mktoresp.com
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
2    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    143.204.215.95 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-95.fra53.r.cloudfront.net
vars.hotjar.com
4    52.3.44.116 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-44-116.compute-1.amazonaws.com
scout.salesloft.com
2    2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
3    54.171.228.20 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-228-20.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
3    143.204.215.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-69.fra53.r.cloudfront.net
segments.company-target.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    143.204.215.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-77.fra53.r.cloudfront.net
api.company-target.com
8    2606:4700::6811:e30 (United States)

ASN13335 (CLOUDFLARENET, US)
assets.codepen.io
1    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
15 salesforce.com
phishlabs.my.salesforce.com
na168.salesforce.com — Cisco Umbrella Rank: 134379
login.salesforce.com — Cisco Umbrella Rank: 5610
90 KB
14 phishlabs.com
info.phishlabs.com
175 KB
8 codepen.io
assets.codepen.io — Cisco Umbrella Rank: 39405
215 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 434
www.linkedin.com — Cisco Umbrella Rank: 609
px4.ads.linkedin.com — Cisco Umbrella Rank: 5153
4 KB
6 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 10523
scout.salesloft.com — Cisco Umbrella Rank: 11159
7 KB
6 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 573
script.hotjar.com — Cisco Umbrella Rank: 719
vars.hotjar.com — Cisco Umbrella Rank: 874
132 KB
5 company-target.com
segments.company-target.com — Cisco Umbrella Rank: 1088
api.company-target.com — Cisco Umbrella Rank: 2812
3 KB
4 sumo.com
load.sumo.com — Cisco Umbrella Rank: 10106
288 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 96
564 B
4 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 2832
12 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 124
227 KB
4 sa-as.com
stats.sa-as.com — Cisco Umbrella Rank: 50927
3 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 54
257 KB
3 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 462
1 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
2 KB
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 565
108 B
2 google.de
www.google.de — Cisco Umbrella Rank: 6433
612 B
2 google.com
www.google.com — Cisco Umbrella Rank: 2
612 B
2 mktoresp.com
130-bfb-942.mktoresp.com
622 B
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 799
7 KB
2 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2051
30 KB
2 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3167
5 KB
2 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4008
173 KB
2 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2038
39 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
3 KB
2 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 7355
516 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
39 KB
2 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1349
75 KB
2 demandbase.com
tag.demandbase.com — Cisco Umbrella Rank: 4499
37 KB
2 callrail.com
cdn.callrail.com — Cisco Umbrella Rank: 8108
623 B
2 sumome.com
load.sumome.com — Cisco Umbrella Rank: 30148
4 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 101
34 KB
1 gstatic.com
fonts.gstatic.com
13 KB
1 force.com
phishlabs.lightning.force.com
968 B
117 34
Domain Requested by
14 info.phishlabs.com phishlabs.my.salesforce.com
info.phishlabs.com
12 phishlabs.my.salesforce.com phishlabs.my.salesforce.com
8 assets.codepen.io info.phishlabs.com
4 scout.salesloft.com scout-cdn.salesloft.com
4 load.sumo.com load.sumome.com
4 www.facebook.com info.phishlabs.com
4 munchkin.marketo.net info.phishlabs.com
munchkin.marketo.net
4 connect.facebook.net phishlabs.my.salesforce.com
connect.facebook.net
4 stats.sa-as.com www.googletagmanager.com
info.phishlabs.com
4 www.googletagmanager.com info.phishlabs.com
www.googletagmanager.com
3 segments.company-target.com 1 redirects info.phishlabs.com
3 match.prod.bidr.io 3 redirects
3 px.ads.linkedin.com 3 redirects
3 fonts.googleapis.com info.phishlabs.com
2 api.company-target.com tag.demandbase.com
2 id.rlcdn.com info.phishlabs.com
2 www.google.de info.phishlabs.com
2 www.google.com info.phishlabs.com
2 vars.hotjar.com static.hotjar.com
2 px4.ads.linkedin.com info.phishlabs.com
2 130-bfb-942.mktoresp.com munchkin.marketo.net
2 scout-cdn.salesloft.com info.phishlabs.com
2 snap.licdn.com info.phishlabs.com
2 js.hs-banner.com info.phishlabs.com
2 js.hsadspixel.net info.phishlabs.com
2 js.hsleadflows.net info.phishlabs.com
2 js.hs-analytics.net info.phishlabs.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 script.hotjar.com static.hotjar.com
2 ws.zoominfo.com phishlabs.my.salesforce.com
2 static.hotjar.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
2 www.googleoptimize.com www.googletagmanager.com
2 tag.demandbase.com info.phishlabs.com
2 cdn.callrail.com info.phishlabs.com
2 load.sumome.com info.phishlabs.com
2 www.googleadservices.com info.phishlabs.com
2 login.salesforce.com phishlabs.my.salesforce.com
login.salesforce.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.linkedin.com 1 redirects
1 na168.salesforce.com phishlabs.my.salesforce.com
1 phishlabs.lightning.force.com 1 redirects
117 42

This site contains no links.

Subject Issuer Validity Valid
*.my.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-09 -
2022-07-08		 a year crt.sh
*.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-09 -
2022-07-08		 a year crt.sh
login.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-29 -
2022-07-28		 a year crt.sh
info.phishlabs.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.sumome.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-04 -
2022-05-04		 a year crt.sh
cdn.callrail.com
Amazon		 2022-02-24 -
2023-03-25		 a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2021-10-18 -
2022-10-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
stats.sa-as.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-14 -
2023-02-14		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-12-26 -
2022-03-26		 3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2021-06-04 -
2022-06-03		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2021-03-29 -
2022-04-06		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-14 -
2022-07-13		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA		 2021-12-07 -
2022-04-09		 4 months crt.sh
*.sumo.com
Sectigo RSA Domain Validation Secure Server CA		 2021-05-04 -
2022-05-04		 a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-30 -
2022-11-30		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2021-10-20 -
2022-09-26		 a year crt.sh
codepen.io
Cloudflare Inc ECC CA-3		 2021-06-06 -
2022-06-05		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Frame ID: E4AB4B17BF8E3BBC219CF167DA652899
Requests: 12 HTTP requests in this frame

Frame: https://info.phishlabs.com/sf-login-page
Frame ID: 80385C6F3E4836DC91F75A3B9596706A
Requests: 46 HTTP requests in this frame

Frame: https://login.salesforce.com/login/sessionserver212.html
Frame ID: BA8675D5366EAD318E5BB867DA1CA339
Requests: 2 HTTP requests in this frame

Frame: https://info.phishlabs.com/sf-login-page-2
Frame ID: 05CA8D4AA57174D431B359D5B2BF13D8
Requests: 55 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 8DAA5E3DAAF2DF4D3111460B2D8CF065
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: 5D1FCD067A288136995BB4A7BC270F24
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden | Salesforce

Page URL History Show full URLs

  1. https://phishlabs.lightning.force.com/0066S00000zrhviQAA HTTP 302
    https://phishlabs.my.salesforce.com/0066S00000zrhviQAA Page URL
  2. https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • load\.sumome\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

117
Requests

97 %
HTTPS

46 %
IPv6

34
Domains

42
Subdomains

36
IPs

4
Countries

1875 kB
Transfer

5967 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://phishlabs.lightning.force.com/0066S00000zrhviQAA HTTP 302
    https://phishlabs.my.salesforce.com/0066S00000zrhviQAA Page URL
  2. https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://phishlabs.lightning.force.com/0066S00000zrhviQAA HTTP 302
  • https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Request Chain 50
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1647654841103%26url%3Dhttps%253A%252F%252Fphishlabs.my.salesforce.com%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQL3irSe-5G9QQAAAX-f4a0VktEB23xGecjyHbbc0LD_lroGGBcWG99IPOpF5Mh67NM1UZQ1
Request Chain 55
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A&verifyHash=7675697abe2ee56f171a50168c48e67eea98c642
Request Chain 82
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A
Request Chain 109
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841808&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841808&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKcXsA2vIixTwAAAX-f4a47jReiExgvdHPqAov_MHR_oLe3kutTUflkIHMdtg53TotHUrWe

117 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
0066S00000zrhviQAA
phishlabs.my.salesforce.com/
Redirect Chain
  • https://phishlabs.lightning.force.com/0066S00000zrhviQAA
  • https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Referrer-Policy
origin-when-cross-origin
Cache-Control
must-revalidate,no-cache,no-store
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Connection
close

Redirect headers

Date
Sat, 19 Mar 2022 01:53:57 GMT
Strict-Transport-Security
max-age=63072001; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Security-Policy
upgrade-insecure-requests
X-Robots-Tag
none
Referrer-Policy
origin-when-cross-origin
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Location
https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Content-Length
0
Primary Request /
phishlabs.my.salesforce.com/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
85a07fb4e8e76a3bae6e0e30a18b20a8f0ac233fba452317716a6174792d8edc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/0066S00000zrhviQAA

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Referrer-Policy
origin-when-cross-origin
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Type
text/html; charset=UTF-8
Expires
Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection
0
Content-Security-Policy
frame-ancestors 'none'
X-FRAME-OPTIONS
DENY
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked
sfdc_210.css
phishlabs.my.salesforce.com/css/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/css/sfdc_210.css
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 23 May 2017 21:11:38 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/css
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Sun, 17 Jul 2022 01:53:58 GMT
SfdcSessionBase208.js
phishlabs.my.salesforce.com/jslibrary/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6ffc89bfd0b1dbbf3fd5b122ee26c05f39f23b680d43e70254c4caf4b425a105
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 09 Mar 2022 21:01:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Sun, 17 Jul 2022 01:53:58 GMT
LoginHint208.js
phishlabs.my.salesforce.com/jslibrary/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/LoginHint208.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
72c8ccd8b081cadafdd20ca628c62e6e532baa648599e1417a3244084af3908c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 09 Mar 2022 21:01:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Sun, 17 Jul 2022 01:53:58 GMT
CAAAAX-hmRSiAAAAAAAAAAAAAAAAAAAAAAAA7BF-PUI5AZndB0kKwj1ph7oA6pIwUT3KcRDM0g_11BupWzYnoklh4I8i480l-zkOAKcCcopgT8DoKmcJVZldnBNYFgYMn0pGDRAy2exZwZcv
na168.salesforce.com/brand-asset/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://na168.salesforce.com/brand-asset/CAAAAX-hmRSiAAAAAAAAAAAAAAAAAAAAAAAA7BF-PUI5AZndB0kKwj1ph7oA6pIwUT3KcRDM0g_11BupWzYnoklh4I8i480l-zkOAKcCcopgT8DoKmcJVZldnBNYFgYMn0pGDRAy2exZwZcv
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.186.204 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl11-ncg1-c5-iad4.na168-ia4.salesforce.com
Software
/
Resource Hash
08c8eb095458d2aed705fa0d062bebde26696d9fa52bb0f4cea1ace939adf75d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:59 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Mon, 7 Feb 2022 14:12:49 GMT
X-Robots-Tag
none
Strict-Transport-Security
max-age=63072000; includeSubDomains
P3P
CP="CUR OTR STA"
Cache-Control
public,max-age=3888000
X-Content-Type-Options
nosniff
Content-Type
image/png
Content-Length
18223
X-XSS-Protection
1; mode=block
Expires
Tue, 03 May 2022 01:53:59 GMT
clear.png
phishlabs.my.salesforce.com/img/ 		477 B
873 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishlabs.my.salesforce.com/img/clear.png
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 21 May 2015 20:40:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Sun, 17 Jul 2022 01:53:58 GMT
baselogin.js
phishlabs.my.salesforce.com/jslibrary/ 		640 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/baselogin.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
a3141000abd1d2a613408608a9cb3fe825f723f7b05611db1b9b97eeaf415cae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 09 Mar 2022 21:01:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Sun, 17 Jul 2022 01:53:58 GMT
1386
phishlabs.my.salesforce.com/marketing/survey/survey1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/marketing/survey/survey1/1386
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
42a531dce996297d2a03cb33044b36408821072ad24b9477a237bd8a3ed6ebf7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Content-Length
1979
1386
phishlabs.my.salesforce.com/marketing/survey/survey4/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/marketing/survey/survey4/1386
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6e254c656a029b64c10f320cb325858bc578c94d7a6ec1e5703ba03abb6738c0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Content-Length
6976
s.gif
phishlabs.my.salesforce.com/ Frame 8038 		43 B
438 B 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/s.gif
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Referrer-Policy
origin-when-cross-origin
Cache-Control
public,max-age=10368000
Expires
Sun, 17 Jul 2022 01:53:58 GMT
Last-Modified
Tue, 27 May 2003 18:28:08 GMT
Content-Type
image/gif
Accept-Ranges
bytes
Transfer-Encoding
chunked
SalesforceSans-Regular.woff2
phishlabs.my.salesforce.com/login/assets/fonts/SalesforceSans/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/css/sfdc_210.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://phishlabs.my.salesforce.com/css/sfdc_210.css
Origin
https://phishlabs.my.salesforce.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 Jul 2015 20:32:56 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
font/woff2
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Sun, 17 Jul 2022 01:53:58 GMT
sessionserver212.html
login.salesforce.com/login/ Frame BA86 		91 B
867 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/login/sessionserver212.html
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.152.67 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl1-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Security-Policy
upgrade-insecure-requests
Referrer-Policy
origin-when-cross-origin
Cache-Control
public,max-age=86400
Expires
Sun, 20 Mar 2022 01:53:58 GMT
Last-Modified
Wed, 23 Aug 2017 20:39:30 GMT
Content-Type
text/html;charset=UTF-8
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked
SessionServer212.js
login.salesforce.com/jslibrary/ Frame BA86 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/jslibrary/SessionServer212.js
Requested by
Host: login.salesforce.com
URL: https://login.salesforce.com/login/sessionserver212.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.152.67 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl1-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
d430f3d67d4fdf9143a4db967deb1d79d384fd5a90bba6f3846452f55b5b6887
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://login.salesforce.com/login/sessionserver212.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 17 Mar 2022 18:37:56 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Sun, 17 Jul 2022 01:53:58 GMT
sf-login-page
info.phishlabs.com/ Frame 8038 		9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/sf-login-page
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
781cd857240a12f5f57823cc0b6870b76087aa767e47d16bdb987e8ad986a3b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-type
text/html; charset=UTF-8
cache-control
s-maxage=14400, max-age=0
etag
W/"d2d8d7d743b2dc81b4f917b69add3236"
last-modified
Fri, 18 Mar 2022 20:02:42 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js>; rel=preload; as=script
strict-transport-security
max-age=31536000
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-51834294403,P-326665,E-1319106982,E-1973184679,E-356216487,E-51834248013,PGS-ALL,SW-1
referrer-policy
no-referrer-when-downgrade
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-id
51834294403
x-hs-hub-id
326665
x-hs-prerendered
Fri, 18 Mar 2022 20:02:42 GMT
x-powered-by
HubSpot
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aurrFO483U6y5wbuDW6R2I%2FAS1HRBE5%2B%2BSmA%2F1dzGR6a4jZOCz3n9xkFVQob66U6g%2FNxyh85wzpN3ydTiAFNan%2FfMviPn6V7aJhb2HE6TO5yPLTWPAxyYwKulV2g0qX63%2BPmGoC7kTE7cjLtzaTYUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6ee293db6b35694c-FRA
content-encoding
br
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js>
capslock_blue.png
phishlabs.my.salesforce.com/img/icon/ 		559 B
955 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishlabs.my.salesforce.com/img/icon/capslock_blue.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.59.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:53:59 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Sun, 30 Jun 2019 10:26:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Sun, 17 Jul 2022 01:53:59 GMT
index.js
info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.119/js/ Frame 8038 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d9bc6dec214e0ac4562af8a3854d2d46772e46e66806ab6aed8ba22d833d0dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4560412
x-amz-server-side-encryption
AES256
cf-ray
6ee293e1a9ae694c-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Mon, 15 Nov 2021 14:59:45 GMT
server
cloudflare
etag
W/"e87d0efee17e652760ab5ccd33fbc8ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=okfPCwBJNfvfm831mqz9pSv5nTsWZN5uVwAmY33lsvOaKC7L1nMJwfKZnVmBYmF2yumIcZ5j%2FkOnRI%2FxL9MFIXagyIXUrUGrDvx6%2FllVWfQyeDS%2BBV3NSXdeeU4zcVjm%2FgqcLlaFC1z32BA1c3w55A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
vdFz9Y2Y_lpsefQtRnWK89fgZF54ag5p
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA6-C1
content-type
application/javascript
x-amz-cf-id
jjSGMTp8y_WIqawrfnXZtUamEzIb4w_rCb0yvi7CoLsBPinFRosszA==
expires
Sun, 19 Mar 2023 01:54:00 GMT
jquery-1.7.1.js
info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ Frame 8038 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
via
1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4557992
cf-ray
6ee293e1c9c8694c-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lSg5226tcv7RUg71owKljlDi11%2BtiePskjKMT14MjldsnGGY4aIUFcmCn90%2BxJwZwWK1b02eCmIAZNhU5njgfm2RFarJ8hz%2FjM1imOWbGCGM2fn6cHVTfUiu759%2BdZMnAjQil7D7DTk%2Bka1fPqKapA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
fm5oEyshHguW5eyTWJujGExVMJHQq6j4KXVELLj8_f20U-gCmo27Iw==
expires
Sun, 19 Mar 2023 01:54:00 GMT
Setup-style.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/ Frame 8038 		39 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
via
1.1 68261aebcfc232344da2ef3bf1d3f9ea.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
5HZTARVYMJB0JVTX
x-amz-id-2
PKvJ3nUPMI6NgmnSAiEPTtYm1vfhpBTDSvQixV/CU8vNbiRUgWcModtX1WQMf0Oitmwy8bR4vBw=
last-modified
Sun, 29 Sep 2019 04:21:09 GMT
server
cloudflare
etag
W/"06ddb0e365ad13e48b57e73f34f4304b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tB6Pxlp5zLpqRng6bVPea1yIxERcYfaryi1WliHOCbpRlWt4qacggHBzW7Yt1jFqgPTaXyyZLkMDykZ1MvlAPZRVF1KYwmyZLvZ4Peo0jKscYAeGWNd9kLSAbu9djgbbfRXRIwUCJLmI4qKJfQV7bA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
h7abRBDuPOHylyfsb0LyMYoafw23bNJ1
cf-ray
6ee293e1c9cc694c-FRA
x-amz-cf-id
dTbEVkTGcjOdLXIIRB2vdNsueMN9T5Mib-Oc6tEEwl0oUHhRFkDMuQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
Setup_Style.min.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/ Frame 8038 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/Setup_Style.min.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
via
1.1 5e1f849553b1d58615d0d8f7c044078e.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
PP06XW228B32R8JW
x-amz-id-2
af7DNNdpbzZhLcdwyvI3B0elQRpglY2ckAai942RwDjwMYfFQJZG1dmIX36hQ3+9xLToC/YjlDo=
last-modified
Sun, 29 Sep 2019 04:21:13 GMT
server
cloudflare
etag
W/"8fa142fa89bb898822b083a61a7c8888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=25fUbhonofeGuH%2BOWVTqlf42NyfRPVHRU7%2BLK5aaQc1iXEVXCRq1hHsLfOC%2FZt9UeRHKWWO8mksqtN3VMlkHi4%2FbQCK8KvDXRGZU3QB%2FTerHFOtgA6VE0RsQ4HoyJvY2%2F%2BMfziIj1XEqqbiJ6Qt%2FJw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
MWEuqnQB7FhcUGXBr_hr5qk78NtV.SO_
cf-ray
6ee293e1c9cf694c-FRA
x-amz-cf-id
Yrkb0gdf69rAUhtMJC1oHeTM0p-AzekOaxTrRR5BKDaHI5LS4ZtV7Q==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
PhishStyle.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/ Frame 8038 		43 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
5HZMBCNFA2KF2RWA
x-amz-id-2
u2hfkUmGbBlYvZKwmyQmJZ22T71w7Q+xLFMB3Sw3CEaHTAqSJ4Pok4RgYTR2kYAWeHtXV4mzseE=
last-modified
Sun, 29 Sep 2019 04:21:10 GMT
server
cloudflare
etag
W/"c7ac1e1589845d6c36bea5f64db2fa4e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3ycELDJH2ZX5U0kPeUOYMsMackEdKIFe618vwVq1FlJWD%2F%2F9WHdDau0WzDPLmtnpBHuOemuUzIbOE%2BwkPKvro9JGz3FR2CAGVyT%2BRT7STnq%2BYaedXzlr8wsXAk7%2BHh%2Bcnzfu79fMGJ3yqUblXbFH3g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r2OgNPfKSJXEKLnNWcSQh.PTt4qpyGLa
cf-ray
6ee293e1c9d2694c-FRA
x-amz-cf-id
mjUo4lb8PkOOXon7-dc4lnUzdZuVXGNWqvh_qO83CooiE8KbJ4Tx6g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
326665.js
info.phishlabs.com/hs/scriptloader/ Frame 8038 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/scriptloader/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc803799b9087eb98b83e4411de09c9af83864f81095ddf065190d623dbcfa9e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
0dda0dec-f12c-4bef-926c-569cef039d3e
last-modified
Fri, 18 Mar 2022 13:54:49 GMT
server
cloudflare
x-trace
2BBD050A29BBD7F01305BC077182F1FEA331BB90D7000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6EpRNHLDnMsQbTiFeV%2B8KNq9uPwtR2slp9mMXC7K8YBu%2FRbjjdVKdonJ2j4ZDqwEZ4JWN48oelxAnUuEyoYjMCVJmK3EpnnhC6J%2FvKuZmQFw0ZMQERaW5lZ0g0yKQV8Sz2TvoRo6cYJsnlyiRiZ%2B2A%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
6ee293e21a23694c-FRA
expires
Sat, 19 Mar 2022 01:55:00 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 8038 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
37adfa46b47d25263e6aa9d11888a0a3be8c21fab0eac748c2ec828099409339
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17280
x-xss-protection
0
server
cafe
etag
8400793797420563360
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 19 Mar 2022 01:54:00 GMT
/
load.sumome.com/ Frame 8038 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumome.com/
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
cdn-edgestorageid
459
x-amz-request-id
PQSRTTQ06CTQZP39
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
12/12/2021 23:20:37
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fBU45te4W3k9MXFfi0m08C5arhKZm2JFT8skCHdcq3CXAgWuFwgFzTZLevwuVTEH3rnoMFleNsc=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Tue, 30 Nov 2021 18:00:01 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=600
cdn-requestid
8dc67037c3282030e2b9c84faa3246dc
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
swap.js
cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/ Frame 8038 		32 B
312 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/swap.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.23.8.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-8-65.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-runtime
0.007007
date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
7a3c346c-c660-4e0e-9663-5d27f76cf6f2
9f609f1a.min.js
tag.demandbase.com/ Frame 8038 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/9f609f1a.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
spcLtnX6rAUIpscvak6_OQCDfS4ghIGh
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:15:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
W/"43fe60654bcf129ab9209fc53c139c93"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
date
Sat, 19 Mar 2022 01:54:02 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-id
g9bG7q-I1tQm7Rd1LMnN6-_JmiGT0AiXyEGzm-Lo6F6s4x52N6Pqow==
gtm.js
www.googletagmanager.com/ Frame 8038 		182 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4de59b5ae5ba7eb124656e5abc1a453a95a5d9180dd61dc3d0d0fc23aeaa7434
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67023
x-xss-protection
0
last-modified
Sat, 19 Mar 2022 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 19 Mar 2022 01:54:00 GMT
sf-login-page-2
info.phishlabs.com/ Frame 05CA 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/sf-login-page-2
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
fc6f43ea9a7ab547b41271891b367646fb5fb7fe6d1433bd58844027ee61bf82
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-type
text/html; charset=UTF-8
cache-control
s-maxage=14400, max-age=0
etag
W/"77abf30a17cdbbc66dae8a6ecd221b21"
last-modified
Fri, 18 Mar 2022 20:02:43 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js>; rel=preload; as=script
strict-transport-security
max-age=31536000
content-security-policy
upgrade-insecure-requests
edge-cache-tag
CT-65363752327,P-326665,E-1319106982,E-1973184679,E-356216487,E-65362450853,PGS-ALL,SW-1
referrer-policy
no-referrer-when-downgrade
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-id
65363752327
x-hs-hub-id
326665
x-hs-prerendered
Fri, 18 Mar 2022 20:02:43 GMT
x-powered-by
HubSpot
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CpEni3NZgOzEoVP%2FL5sAGFR6N8IRfZWrxJLqla%2FZMKwpRXKpUFNJImfJSfFE%2Fb8PPf4w%2F8fxE9aRVtL6sf08rh%2F9vborrmzCGH8Wtd%2Fje2UNiNTNG%2FauU1ljixqt5ChkG0Xx0CrdJiP8%2FKN8dfqQew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
vary
Accept-Encoding
server
cloudflare
cf-ray
6ee293e21a24694c-FRA
content-encoding
br
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js>
css
fonts.googleapis.com/ Frame 8038 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,500,700
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 19 Mar 2022 00:40:04 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 19 Mar 2022 01:54:00 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 19 Mar 2022 01:54:00 GMT
optimize.js
www.googleoptimize.com/ Frame 8038 		100 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-PK5SW57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
56c113bcd118654964831902e27484a5e3273fe5101dadb1e183c2d60a6530c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38196
x-xss-protection
0
expires
Sat, 19 Mar 2022 01:54:00 GMT
js
www.googletagmanager.com/gtag/ Frame 8038 		170 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VSQX89F7WH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f8b1d759029eeaa52a167241f638fa3af49e8a2d37dfc926db860bb8505f4a4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64309
x-xss-protection
0
expires
Sat, 19 Mar 2022 01:54:00 GMT
analytics.js
www.google-analytics.com/ Frame 8038 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6554
date
Sat, 19 Mar 2022 00:04:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 19 Mar 2022 02:04:46 GMT
hotjar-2702231.js
static.hotjar.com/c/ Frame 8038 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-123.fra56.r.cloudfront.net
Software
/
Resource Hash
6d05b52a3ec99199e20adfffffcc9a0b7549fc40b9f122634da404f2c08847f0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
FRA56-C1
etag
W/3cb53ef00d9251cf2986b7db69a69210
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
content-length
1897
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
x-amz-cf-id
OlEdMnMlIA2Hvna097i4qTkNZ9C6wAwWwaWygCdZLRYAvEr74xNAPA==
live.js
stats.sa-as.com/ Frame 8038 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"2800c0-52e-54d2690345cc0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
fbevents.js
connect.facebook.net/en_US/ Frame 8038 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26320
x-xss-protection
0
pragma
public
x-fb-debug
FS9+G7BkWIF87ZU3yLvOI70K8nn7XoX1rtygJ6w4k/b4cd6QCamp9D47KtO8ZSD/k5YIXmVSQgrzT4bl+Qo92Q==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 19 Mar 2022 01:54:00 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
611434f132b77200153d4e45
ws.zoominfo.com/pixel/ Frame 8038 		0
477 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
6ee293e3cfd48ff2-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length
0
149823563868256
connect.facebook.net/signals/config/ Frame 8038 		307 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/149823563868256?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fcdce551320e5fc55409645f4ef16524b26c48c1a772c95d28f5c86fc7866f48
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
4HS/Z/fIbbbQeuBysIFuQuadVLfr1CRd1NsCmZo2edICTdiAkYkQ+6kWIf/FItgLs9tKxZID9hPbVCvLH1wIZg==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sat, 19 Mar 2022 01:54:00 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
modules.7d3f952308caf42c2b67.js
script.hotjar.com/ Frame 8038 		236 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.7d3f952308caf42c2b67.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-26.fra6.r.cloudfront.net
Software
/
Resource Hash
43b0a448dfabca1c64deab31c9b3b004d41bac8fafc0796a4f5675cea0dda5a8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 10 Mar 2022 09:02:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
751914
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63048
access-control-allow-origin
*
last-modified
Thu, 10 Mar 2022 09:01:33 GMT
etag
"2f5d47da7be4d107a04726029158797c"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
oQjWWAxK_cBlgdkjdUIch_v0t5mjtSy3RMOwAMkJzna54W1_lUvP5A==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/ Frame 8038 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/?random=1647654841007&cv=9&fst=1647654841007&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4e40e500b880df668492cf215bcf85facfaddafca5947c43f8d862e93eb9f368
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1021
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ Frame 8038 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
326665.js
js.hs-analytics.net/analytics/1647654600000/ Frame 8038 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1647654600000/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2166a944f0e64b1e46a08cea39254e1513288cc15dc1c3860b79d05a0ae39403

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
CCPX18HDM1WCC8W2
x-amz-server-side-encryption
AES256
cf-ray
6ee293e49c59691f-FRA
x-amz-id-2
T+QTqRtdim/UrTHsndD1UggAyDuy8oMIUAD8gH9mfniA2+kAiCeyq6geKajqg37g5vgWLrhSlIQ=
last-modified
Thu, 24 Feb 2022 12:03:15 GMT
server
cloudflare
etag
W/"773f772b107b514aa384eea360f368da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Sat, 19 Mar 2022 01:59:01 GMT
leadflows.js
js.hsleadflows.net/ Frame 8038 		534 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Origin
https://info.phishlabs.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js&cfRay=6ee293e4aeee68eb-IAD
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
6ee293e4aeee68eb-FRA
last-modified
Tue, 01 Mar 2022 09:57:40 UTC
server
cloudflare
etag
W/"57a8210ba9519a68ae76dcc1857db0f9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
qE7M39zrJ2dCa.o34UdW.NnTPVZDG9U3
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
content-type
application/javascript; charset=utf-8
x-amz-cf-id
ECn6xxKP3kIdrmxXEDx0pei9tNobC6neJBk5LuxE9oxHi7LBi3sfgw==
x-hs-target-asset
lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js
fb.js
js.hsadspixel.net/ Frame 8038 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:73b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c37f9f1230e8006b68895805d9e9217094a74fa6649ed6a63d3a3336918c37b9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
294
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.270/bundles/pixels-release.js&cfRay=6ee28cb6bd499b52-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 17 Mar 2022 03:35:22 UTC
server
cloudflare
etag
W/"8398d70a7781b83c3e8a52f0ea16d293"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
hxYI6wfzNUwmg1JRoMD3SYDawXUykSZn
cache-control
max-age=600
x-hs-cache-status
EXPIRED
x-amz-cf-pop
IAD89-P1
cf-ray
6ee293e49fb75ca4-FRA
x-amz-cf-id
Q0n8aGqxXinrVUbYveT0D3-QwXo0FPd5-YhvLXAe-KMreyPt1dpRew==
x-hs-target-asset
adsscriptloaderstatic/static-1.270/bundles/pixels-release.js
326665.js
js.hs-banner.com/ Frame 8038 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
VH5M08N7KMYYXPV1
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
97+9gzy17AeyWXZugT0tImAyJ6hG6dXPFOPzJoKb7eTm2IgnM6WMIhtoPiZwom9h1//M9uLPlHI=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 20:37:23 GMT
server
cloudflare
etag
W/"9d99d1791572859edb76b909144c1152"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
T225Ue6NSsChPWiTKWdZ05t774U6Tk6_
access-control-allow-origin
https://www.phishlabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
6ee293e489e36922-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sat, 19 Mar 2022 01:59:01 GMT
/
www.facebook.com/tr/ Frame 8038 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=PageView&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&rl=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&if=true&ts=1647654841040&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=0&o=30&it=1647654840926&coo=false&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Sat, 19 Mar 2022 01:54:01 GMT
munchkin.js
munchkin.marketo.net/161/ Frame 8038 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Mon, 27 Jun 2022 01:54:01 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame 8038 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 23:45:34 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=78675
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3104
sl.js
scout-cdn.salesloft.com/ Frame 8038 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
NetDNA-cache/2.2
x-amz-request-id
KJS5X2QB4KYRYEA2
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
x-cache
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-type
application/javascript
x-amz-id-2
uYbwi/E0x9Q3Gd1t9EMWEuce9W6Wj2Uzje6W7i14hi+giTeGY6hSqiCH8uyynPXGq0UHeYE2f+4=
72.0a035390359aab65eb82.js
load.sumo.com/ Frame 8038 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cdn-edgestorageid
549
x-amz-request-id
0XPNF8DMEJ6W2XCT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
02/08/2022 16:56:04
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
1ae31039bf3c9854c5e1a83346a42278
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ Frame 8038 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cdn-edgestorageid
883
x-amz-request-id
9N84X4YRM21X08T5
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
03/10/2022 13:34:18
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"ad6f2454f01de902ffd473d51c1207bf"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
a99a061116d7191957759d44ecb441fd
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
visitWebPage
130-bfb-942.mktoresp.com/webevents/ Frame 8038 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://130-bfb-942.mktoresp.com/webevents/visitWebPage?_mchNc=1647654841077&_mchCn=&_mchId=130-BFB-942&_mchTk=_mch-phishlabs.com-1647654841076-33965&_mchHo=info.phishlabs.com&_mchPo=&_mchRu=%2Fsf-login-page&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
7fefed60-d114-40e2-9135-96f92202ff70
collect
px4.ads.linkedin.com/ Frame 8038
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1647654841103%26url%3Dhttps%253A%252F%252Fphishlabs.my.salesforce....
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQL3irSe-5G9QQAAAX-f4a0VktEB23xGecjyHbbc0LD_lroGGBcW...
0
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQL3irSe-5G9QQAAAX-f4a0VktEB23xGecjyHbbc0LD_lroGGBcWG99IPOpF5Mh67NM1UZQ1
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 26619218B56542FAAA8B0CFC54B14C68 Ref B: FRAEDGE1312 Ref C: 2022-03-19T01:54:01Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXaiImPjpyZ8FP05fmCfw==
x-li-fabric
prod-lor1

Redirect headers

date
Sat, 19 Mar 2022 01:54:00 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 5F4E4ACB955D4A0088BA68BB49596816 Ref B: FRAEDGE1408 Ref C: 2022-03-19T01:54:01Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841103&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQL3irSe-5G9QQAAAX-f4a0VktEB23xGecjyHbbc0LD_lroGGBcWG99IPOpF5Mh67NM1UZQ1
x-li-proto
http/2
content-length
0
x-li-uuid
AAXaiImL7aTrBMq2aM8VjQ==
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame 8DAA 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-95.fra53.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page

Response headers

content-type
text/html
content-length
1044
date
Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
Femgf45MybnRYoKISp9nZtYjmgaeuslFs9vTjVImGacvhQ-LhkMExg==
age
3690115
r
scout.salesloft.com/ Frame 8038 		41 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo3MzgxfQ.wTFzhF-uZ32v817FJmU2XMNPhxmktsUmIa0fGBNQivQ
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.44.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-44-116.compute-1.amazonaws.com
Software
/
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
be9c22b8ce7c9f54138e0d1e0058f5fb
/
www.google.com/pagead/1p-user-list/1003980311/ Frame 8038 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1003980311/?random=1647654841007&cv=9&fst=1647651600000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=3325982261&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Mar 2022 01:54:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1003980311/ Frame 8038 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1003980311/?random=1647654841007&cv=9&fst=1647651600000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=3325982261&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Mar 2022 01:54:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
validateCookie
segments.company-target.com/ Frame 8038
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A&verifyHash=7675697abe2ee56f171a50168c48e67eea98c642
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A&verifyHash=7675697abe2ee56f171a50168c48e67eea98c642
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Server
143.204.215.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-69.fra53.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Via
1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
9dc865ed7f846617
X-Amz-Cf-Id
Tp86Re0y_Sc6p6zNxXUqGNkou3gKtd_FD_xsCTvSKWd5bhWUaY5XkA==

Redirect headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Via
1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A&verifyHash=7675697abe2ee56f171a50168c48e67eea98c642
Connection
keep-alive
trace-id
5707d54a12258953
Content-Length
0
X-Amz-Cf-Id
UXgmTBqxTLRrwAT3heZXFWp7Yg-8flx3n9lfAkjPlTRShxfXm682ig==
464526.gif
id.rlcdn.com/ Frame 8038 		0
66 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 google
alt-svc
clear
content-length
0
ip.json
api.company-target.com/api/v2/ Frame 8038 		461 B
957 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=null&page=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&page_title=3rd%20Party%20iFrame&src=tag&auth=qRf7oCt4rQiJCau52wBF0xPrmBAr5L855rvoN7fG
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-77.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
request-id
1485676b-4dfa-42d7-bfa7-1ad4093f3485
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://info.phishlabs.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 960a66a5b9d832814160983d391e997c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
kB0_ccG6dMSXhhkKKJTqfXTcVeybwyKCz6PZ9BtHL-LwZXm2K_40GQ==
expires
Fri, 18 Mar 2022 01:54:01 GMT
i
scout.salesloft.com/ Frame 8038 		48 B
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.44.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-44-116.compute-1.amazonaws.com
Software
/
Resource Hash
d11c85d0550410faeecf8be5206e7e6c368f2efdc0fcdd86e9c873b5fff52304
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
60b6f91d38408f86a5f54ef377b36f00
index.js
info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.119/js/ Frame 05CA 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.119/js/index.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d9bc6dec214e0ac4562af8a3854d2d46772e46e66806ab6aed8ba22d833d0dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 a350f357b825293e306b1b0a2cb490c0.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4560413
x-amz-server-side-encryption
AES256
cf-ray
6ee293e76f68694c-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Mon, 15 Nov 2021 14:59:45 GMT
server
cloudflare
etag
W/"e87d0efee17e652760ab5ccd33fbc8ad"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H6vYUk8%2BlJixwfAQoCzSbpt8yQYSqgyEazIoZzF%2Fi4W7tsGePx92pmhV1%2F%2B3G0d%2FtF1zh0QuacjavMtlBtO0%2B%2BBJslrz1LFHTkyCiurVTQQvqsVE2cX0euHYl8gA61gS0h5mwuQQFsuhxWXz4OW6Pw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
vdFz9Y2Y_lpsefQtRnWK89fgZF54ag5p
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA6-C1
content-type
application/javascript
x-amz-cf-id
jjSGMTp8y_WIqawrfnXZtUamEzIb4w_rCb0yvi7CoLsBPinFRosszA==
expires
Sun, 19 Mar 2023 01:54:01 GMT
jquery-1.7.1.js
info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ Frame 05CA 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4557993
cf-ray
6ee293e78f77694c-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wXk04Wlz1Pw4solheoBE3cXIGOGRos8zz26gkQ1scXcrf%2FNnmc5tsvVIPFgmloemAeqhbFh%2BBz91fM32Z5qk8rFMRCk4i9BafNw4RuruuTKvqdAN8z9g%2BlUgDT755jutxBRU3C58iUhsd056v4xL0w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
fm5oEyshHguW5eyTWJujGExVMJHQq6j4KXVELLj8_f20U-gCmo27Iw==
expires
Sun, 19 Mar 2023 01:54:01 GMT
Setup-style.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/ Frame 05CA 		39 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 68261aebcfc232344da2ef3bf1d3f9ea.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
5HZTARVYMJB0JVTX
x-amz-id-2
PKvJ3nUPMI6NgmnSAiEPTtYm1vfhpBTDSvQixV/CU8vNbiRUgWcModtX1WQMf0Oitmwy8bR4vBw=
last-modified
Sun, 29 Sep 2019 04:21:09 GMT
server
cloudflare
etag
W/"06ddb0e365ad13e48b57e73f34f4304b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qww49fzc6QN%2FSTUuSo84Kx%2ByeG55HMtHTFF0VKgPWNDihh%2Bu68kSPMCVZGmfgg9AXqngiS0wDX%2F6JDdEB73r4oxbEQgG%2BCcsjzF7L1svWcSUzv29OTQny023dzVhXaiDDqnek%2FyvTfLtDfi0RjKFzA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
h7abRBDuPOHylyfsb0LyMYoafw23bNJ1
x-amz-cf-pop
IAD89-P1
cf-ray
6ee293e78f79694c-FRA
x-amz-cf-id
dTbEVkTGcjOdLXIIRB2vdNsueMN9T5Mib-Oc6tEEwl0oUHhRFkDMuQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
Setup_Style.min.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/ Frame 05CA 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/Setup_Style.min.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 5e1f849553b1d58615d0d8f7c044078e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
PP06XW228B32R8JW
x-amz-id-2
af7DNNdpbzZhLcdwyvI3B0elQRpglY2ckAai942RwDjwMYfFQJZG1dmIX36hQ3+9xLToC/YjlDo=
last-modified
Sun, 29 Sep 2019 04:21:13 GMT
server
cloudflare
etag
W/"8fa142fa89bb898822b083a61a7c8888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AsWi48nGNjCa8TeEu%2F3yjOmP7bkaZh0l3z851Nu%2FzpcwfLZaGgyRaRlGMlpNjNrmVJ%2FGdE4zIwZCqYPhzhka3wjDOpcKfkvRrw0uJ7c8FL4nYmc%2B8QZXEPVq8kO6DbUOLL7dQZDLpzvHo6bex5o7ew%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
MWEuqnQB7FhcUGXBr_hr5qk78NtV.SO_
x-amz-cf-pop
IAD89-P1
cf-ray
6ee293e78f7a694c-FRA
x-amz-cf-id
Yrkb0gdf69rAUhtMJC1oHeTM0p-AzekOaxTrRR5BKDaHI5LS4ZtV7Q==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
PhishStyle.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/ Frame 05CA 		43 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 14
content-encoding
br
x-amz-request-id
5HZMBCNFA2KF2RWA
x-amz-id-2
u2hfkUmGbBlYvZKwmyQmJZ22T71w7Q+xLFMB3Sw3CEaHTAqSJ4Pok4RgYTR2kYAWeHtXV4mzseE=
last-modified
Sun, 29 Sep 2019 04:21:10 GMT
server
cloudflare
etag
W/"c7ac1e1589845d6c36bea5f64db2fa4e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CoQtrLYMNZZA6YEZEfZdHlYxwKrd%2F1NDsjHE7Kget3qLkaebI9qFsnJeg9xVKKN9D1KinskVTT48V%2BUumEiV58WGP198GlCMVeOYSRvbO%2Bv5hVOa7xeqtTnX1CYgt%2FBgPACTiYfYJtEoHliGPTAD%2BQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r2OgNPfKSJXEKLnNWcSQh.PTt4qpyGLa
x-amz-cf-pop
IAD89-P1
cf-ray
6ee293e78f7b694c-FRA
x-amz-cf-id
mjUo4lb8PkOOXon7-dc4lnUzdZuVXGNWqvh_qO83CooiE8KbJ4Tx6g==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 14
Shanna.jpg
assets.codepen.io/4615188/ Frame 05CA 		102 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Shanna.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40570de048c1c486155e5709177b9a7924d023bd3ad92f9f9392addd7dc55281
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSS6ANQDFA6JQTD
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
104148
x-amz-id-2
ELr/RGibHu8MdSThUBGp3fBAHivlPORyMDPibQ7WLj4EdT7oFuW1L2R70eXV+XHy44gMJUNJysYggKODIfsPCg==
last-modified
Wed, 02 Feb 2022 13:35:50 GMT
server
cloudflare
etag
"a63faa0f5a9680b242cdee9ee95b8240"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
mIS1pfVgNOxny2oA_UiQelryw1Dlk2K7
accept-ranges
bytes
cf-ray
6ee293e8099a9be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
Hayden.jpg
assets.codepen.io/4615188/ Frame 05CA 		118 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Hayden.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSQF2XW24N7GW7S
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
418873
x-amz-id-2
hTiChk8Y9gjW46Y+aP0RILj3Bv0+yTXU5SFpKMrSW4+RcaAzMjsxiiS1wFyf39jsyv/n+G7ZXTPyhLxkW9X1og==
last-modified
Wed, 02 Feb 2022 13:58:44 GMT
server
cloudflare
etag
"97a18cf018da33742d7bd00e5ed7bc50"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
BUOpMPXb2bKcT7X.XALgnd2OxTCKSSGa
accept-ranges
bytes
cf-ray
6ee293e8099b9be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
daniel.jpg
assets.codepen.io/4615188/ Frame 05CA 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/daniel.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
231e774aafbf6d84fd8fafb14040538464a2dbf8e830192fff8545d6ff14cbf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSN998F3MN376JT
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17084
x-amz-id-2
SUHodOPp46bUfcedD8nECiZhwN5BjWz2rq/aaM0cjJWUj0xHz+Gbkpa0IJJE4g9fqk6mBRontfi/+P4YtE+Qxg==
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"ca81623d1ff7bd7d00f722156f118aa2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
cgXCzQpdzao.HjrIEE_th__9CY.Z5Z7R
accept-ranges
bytes
cf-ray
6ee293e8099c9be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
Terry.jpg
assets.codepen.io/4615188/ Frame 05CA 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Terry.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f52ac0c64f144ee8d991230e25ff4530831e41c8b7b6fe3a8ba10f4716bf8094
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSKTVJS9QT18HZ4
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27729
x-amz-id-2
OKdUPfCl1F5Xew54u14sxmhrkeaqE73UNSxIMucN8iaXWopeT+VALA5eyJ3YofI2NTLAamipgZJ9szA07wXpSA==
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"d808d8f9f6f8a6a7ed07a8ea908481f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
2FrXYiy_CoHLvaJh9RAKcFOCw8px8K21
accept-ranges
bytes
cf-ray
6ee293e8099d9be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
Jesse.jpg
assets.codepen.io/4615188/ Frame 05CA 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Jesse.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca341a6cbb59e89294e4f8bb9617286c91d316f9ed2a3a7b83139d88b69fbeeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSYYAYX9CEPJPJS
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
14488
x-amz-id-2
rytTQ55CCPp5otXc2Hzz6rrv27FvxFtn8i6I3cI1bJgoxIba/En2J1pNqxIlDulvA/WrtuO83okj3sU+1wu3Rw==
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"00bb72684ccc89f6d17a710f33aa2b3b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
23JILb_By9ISC8FBrXan3SaC1YhIUjXJ
accept-ranges
bytes
cf-ray
6ee293e8099f9be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
Austin2.jpg
assets.codepen.io/4615188/ Frame 05CA 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Austin2.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
798ed8d6a3266ace22498e8746c609ea766931fbd3767bec5936789f7498e4e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSN0P3ATVVVHD8C
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11086
x-amz-id-2
IkffeYzQPvY/zpJHktuxpmXy47n1d7wN6RhJKYC6ZBNDq1XEqDSysEIdKvspvcBsP67l9bt/8srOytOuvhdJrw==
last-modified
Wed, 02 Feb 2022 18:41:01 GMT
server
cloudflare
etag
"caa308f97dca56a56e3aaeebbe6eed18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
eUGLErDO9Vpcc6oavznesOn961G..0t2
accept-ranges
bytes
cf-ray
6ee293e809a09be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
Ryan.jpg
assets.codepen.io/4615188/ Frame 05CA 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Ryan.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b91c4b246579d67c4af460ba6186dbc48366fb1f14478632f7c70e7ed122221a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSS28JHKDRTMRAC
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38560
x-amz-id-2
wzEv9ZTm6DPUiLL+IM7fjvvIe7BIEVmqRKFwVUQveOfkoWN2WJf8uPceTpLLuG8+lOs2/mposve8KHmog8fyVQ==
last-modified
Wed, 02 Feb 2022 14:14:46 GMT
server
cloudflare
etag
"25ec49cfc2f7795a086a132d55bc1b52"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
TAEoogUTTqwfSz02RjOeMLq5pSvN.lby
accept-ranges
bytes
cf-ray
6ee293e84a099be2-FRA
expires
Tue, 19 Apr 2022 01:54:02 GMT
PhishLabs_by_HS-Logo-CMYK_WHT-Padding.svg
assets.codepen.io/4615188/ Frame 05CA 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/PhishLabs_by_HS-Logo-CMYK_WHT-Padding.svg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e30 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d82fe22866056ccadac57ccb8f5978e59c5e4460bd9d4106a584ef0b48e1a5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
FPSX3DAQB3K4GE70
x-amz-server-side-encryption
AES256
cf-ray
6ee293e84a0a9be2-FRA
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
oRAWjS8A9L5c4pFHNXlTX85CORkMHMSz0AKjQ5hlm0S36+GokACC5DJF5aNWI5smoAp286gs+KIYaMJcVh6VlQ==
last-modified
Wed, 02 Feb 2022 13:06:32 GMT
server
cloudflare
etag
W/"171478fd53662a1828b7e8b759cbf55f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-version-id
qpQuUvSVTeqgpQBd9tpWSifjuGXB6uzO
access-control-allow-origin
*
cache-control
public,max-age=259200
content-type
image/svg+xml
expires
Tue, 19 Apr 2022 01:54:02 GMT
css2
fonts.googleapis.com/ Frame 05CA 		2 KB
536 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
df5ced08d7a8403aa31557fafe83cd7be61b0153e2d1ca4fcd4465c035e16465
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 18 Mar 2022 23:54:37 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 19 Mar 2022 01:54:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 19 Mar 2022 01:54:01 GMT
326665.js
info.phishlabs.com/hs/scriptloader/ Frame 05CA 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/scriptloader/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
daf5e9f8ea8711f70629b7b712637bc456362087ec97674238f895b9c6e1b3cf

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
cf-polished
origSize=1967
cf-bgj
minify
x-hubspot-correlation-id
0dda0dec-f12c-4bef-926c-569cef039d3e
last-modified
Sat, 19 Mar 2022 01:54:00 GMT
server
cloudflare
x-trace
2BBD050A29BBD7F01305BC077182F1FEA331BB90D7000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3BDInJOTXJH2V%2BLWLshu1HrPqcK0yR7IQ3dRs8a7lm0HvZ49Fo3YLhKPbTc38jN6%2F7bWpDOAw5rCItPyG0V5TvcHCuiKCPy7WT67Jf5MDI6GJczFVPbrYmXyREGWMlzP%2FUBNzLwf5UWpah3fweoMw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
6ee293e7dfc8694c-FRA
expires
Sat, 19 Mar 2022 01:55:01 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 05CA 		44 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f2.1e100.net
Software
cafe /
Resource Hash
37adfa46b47d25263e6aa9d11888a0a3be8c21fab0eac748c2ec828099409339
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17280
x-xss-protection
0
server
cafe
etag
8400793797420563360
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 19 Mar 2022 01:54:01 GMT
/
load.sumome.com/ Frame 05CA 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumome.com/
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cdn-edgestorageid
459
x-amz-request-id
PQSRTTQ06CTQZP39
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
12/12/2021 23:20:37
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fBU45te4W3k9MXFfi0m08C5arhKZm2JFT8skCHdcq3CXAgWuFwgFzTZLevwuVTEH3rnoMFleNsc=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Tue, 30 Nov 2021 18:00:01 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=600
cdn-requestid
5c7664eed0496451cc168be5eb300844
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
swap.js
cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/ Frame 05CA 		32 B
311 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/swap.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.23.8.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-23-8-65.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-runtime
0.006541
date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
0a4412a5-eac7-4a4e-9d0f-d0764d53c69f
index.php
stats.sa-as.com/ Frame 8038 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=259092&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=SF%20Login%20Page&Hst=info.phishlabs.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fsf-login-page&Reff=https%3A//phishlabs.my.salesforce.com/&FullPage=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&PMCD=https://info.phishlabs.com/sf-login-page&r=0.7174301146803503
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:06 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
IMAGE/PNG
Content-Length
102
/
www.facebook.com/tr/ Frame 8038 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=Microdata&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&rl=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&if=true&ts=1647654841544&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SF%20Login%20Page%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22%22%2C%22og%3Atitle%22%3A%22SF%20Login%20Page%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=1&o=30&it=1647654840926&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sat, 19 Mar 2022 01:54:01 GMT
9f609f1a.min.js
tag.demandbase.com/ Frame 05CA 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/9f609f1a.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-105.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id
spcLtnX6rAUIpscvak6_OQCDfS4ghIGh
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:15:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
W/"43fe60654bcf129ab9209fc53c139c93"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 fc7091924e65025d5bfb92361ec3e660.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
date
Sat, 19 Mar 2022 01:54:02 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-id
tyOIPWf9G6JOZVI9SIzUiETqo5lX_SexfL5XefiRsUEqge22kJjf9g==
gtm.js
www.googletagmanager.com/ Frame 05CA 		182 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
357cbce81b01ae479e8cba77911d6a25338129d21d2b0b65b6151922b0483a71
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67021
x-xss-protection
0
last-modified
Sat, 19 Mar 2022 00:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 19 Mar 2022 01:54:01 GMT
css
fonts.googleapis.com/ Frame 05CA 		8 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,500,700
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sat, 19 Mar 2022 01:14:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sat, 19 Mar 2022 01:54:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 19 Mar 2022 01:54:01 GMT
log
segments.company-target.com/ Frame 05CA
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://segments.company-target.com/log?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/log?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Server
143.204.215.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-69.fra53.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA53-C1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
68316e8066c532b9
X-Amz-Cf-Id
Wr3xxBysmKGDLoRPKLfJt5_cPU3d2rAmg_2kKG7RT4lZ-ZUntSP0Cw==

Redirect headers

location
https://segments.company-target.com/log?vendor=choca&user_id=AABRYU7Eam8AADFt5j7U7A
Date
Sat, 19 Mar 2022 01:54:01 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
464526.gif
id.rlcdn.com/ Frame 05CA 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 google
alt-svc
clear
content-length
0
ip.json
api.company-target.com/api/v2/ Frame 05CA 		461 B
954 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=null&page=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&page_title=3rd%20Party%20iFrame&src=tag&auth=qRf7oCt4rQiJCau52wBF0xPrmBAr5L855rvoN7fG
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-77.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
request-id
7f84dbb2-0385-4c94-a773-34e1e78035be
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://info.phishlabs.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 960a66a5b9d832814160983d391e997c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
4pZdhhsn7fzc1UoXPrNgURpNPQ7m9Fn3Vs1y57mPl60CJpez11OHDw==
expires
Fri, 18 Mar 2022 01:54:01 GMT
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
fonts.gstatic.com/s/montserrat/v23/ Frame 05CA 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v23/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://info.phishlabs.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 15:07:27 GMT
x-content-type-options
nosniff
age
211594
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12636
x-xss-protection
0
last-modified
Thu, 03 Feb 2022 00:11:57 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 16 Mar 2023 15:07:27 GMT
326665.js
js.hs-analytics.net/analytics/1647654600000/ Frame 05CA 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1647654600000/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2166a944f0e64b1e46a08cea39254e1513288cc15dc1c3860b79d05a0ae39403

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
x-amz-request-id
CCPX18HDM1WCC8W2
x-amz-id-2
T+QTqRtdim/UrTHsndD1UggAyDuy8oMIUAD8gH9mfniA2+kAiCeyq6geKajqg37g5vgWLrhSlIQ=
last-modified
Thu, 24 Feb 2022 12:03:15 GMT
server
cloudflare
etag
W/"773f772b107b514aa384eea360f368da"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
x-amz-version-id
null
cf-ray
6ee293e85f86691f-FRA
expires
Sat, 19 Mar 2022 01:59:01 GMT
leadflows.js
js.hsleadflows.net/ Frame 05CA 		534 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eacc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
Origin
https://info.phishlabs.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 4ee1745ee3cece0fab563f5a32ba165a.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js&cfRay=6ee293e4aeee68eb-IAD
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
6ee293e85b5368eb-FRA
last-modified
Tue, 01 Mar 2022 09:57:40 UTC
server
cloudflare
etag
W/"57a8210ba9519a68ae76dcc1857db0f9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
qE7M39zrJ2dCa.o34UdW.NnTPVZDG9U3
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-P1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
ECn6xxKP3kIdrmxXEDx0pei9tNobC6neJBk5LuxE9oxHi7LBi3sfgw==
x-hs-target-asset
lead-flows-js/static-1.1080/bundle/main/lead-flows-release.js
fb.js
js.hsadspixel.net/ Frame 05CA 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:73b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c37f9f1230e8006b68895805d9e9217094a74fa6649ed6a63d3a3336918c37b9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 9349b115ae66d16aae68deb9bb5eebc2.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
294
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.270/bundles/pixels-release.js&cfRay=6ee28cb6bd499b52-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Thu, 17 Mar 2022 03:35:22 UTC
server
cloudflare
etag
W/"8398d70a7781b83c3e8a52f0ea16d293"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
hxYI6wfzNUwmg1JRoMD3SYDawXUykSZn
cache-control
max-age=600
x-hs-cache-status
EXPIRED
x-amz-cf-pop
IAD89-P1
cf-ray
6ee293e85ba35ca4-FRA
x-amz-cf-id
Q0n8aGqxXinrVUbYveT0D3-QwXo0FPd5-YhvLXAe-KMreyPt1dpRew==
x-hs-target-asset
adsscriptloaderstatic/static-1.270/bundles/pixels-release.js
326665.js
js.hs-banner.com/ Frame 05CA 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:14bf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
VH5M08N7KMYYXPV1
x-amz-id-2
97+9gzy17AeyWXZugT0tImAyJ6hG6dXPFOPzJoKb7eTm2IgnM6WMIhtoPiZwom9h1//M9uLPlHI=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 20:37:23 GMT
server
cloudflare
etag
W/"9d99d1791572859edb76b909144c1152"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
T225Ue6NSsChPWiTKWdZ05t774U6Tk6_
access-control-allow-origin
https://www.phishlabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
6ee293e86d666922-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sat, 19 Mar 2022 01:59:01 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/ Frame 05CA 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/?random=1647654841665&cv=9&fst=1647654841665&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
06d3dbf5f91e2d94cccbf974a0e1495c91331f1f28d7ee9669a9f41276c6cd7d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1008
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ Frame 05CA 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
optimize.js
www.googleoptimize.com/ Frame 05CA 		100 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-PK5SW57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8c74f8137943c7c16fb6b902c8439c891a243fbcf5cb92eeb4a97b0dab852673
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38195
x-xss-protection
0
expires
Sat, 19 Mar 2022 01:54:01 GMT
js
www.googletagmanager.com/gtag/ Frame 05CA 		170 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VSQX89F7WH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6751f8a0408ffa5f5167437ff8686b1b9a4188b70b294ef1573f3223b91891b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
64365
x-xss-protection
0
expires
Sat, 19 Mar 2022 01:54:01 GMT
analytics.js
www.google-analytics.com/ Frame 05CA 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6555
date
Sat, 19 Mar 2022 00:04:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sat, 19 Mar 2022 02:04:46 GMT
hotjar-2702231.js
static.hotjar.com/c/ Frame 05CA 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-123.fra56.r.cloudfront.net
Software
/
Resource Hash
6d05b52a3ec99199e20adfffffcc9a0b7549fc40b9f122634da404f2c08847f0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:00 GMT
content-encoding
br
x-content-type-options
nosniff
age
1
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1897
access-control-allow-origin
*
x-cache-hit
1
etag
W/3cb53ef00d9251cf2986b7db69a69210
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 a383f82b5d4e98bbd66535c2c4b20c9e.cloudfront.net (CloudFront)
cache-control
max-age=60
x-amz-cf-pop
FRA56-C1
x-amz-cf-id
m6g-_BFuBDHK41I3l4ZfwmPyxyAixSGwtnGxw9m2R13tYmXW8ihV8g==
live.js
stats.sa-as.com/ Frame 05CA 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:06 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"7200a7-52e-54d2690345cc0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
fbevents.js
connect.facebook.net/en_US/ Frame 05CA 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26320
x-xss-protection
0
pragma
public
x-fb-debug
FS9+G7BkWIF87ZU3yLvOI70K8nn7XoX1rtygJ6w4k/b4cd6QCamp9D47KtO8ZSD/k5YIXmVSQgrzT4bl+Qo92Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sat, 19 Mar 2022 01:54:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
611434f132b77200153d4e45
ws.zoominfo.com/pixel/ Frame 05CA 		0
39 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
6ee293e8ac798ff2-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length
0
munchkin.js
munchkin.marketo.net/161/ Frame 05CA 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Mon, 27 Jun 2022 01:54:01 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame 05CA 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00::210:ba20 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 18 Mar 2022 23:45:34 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=78675
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3104
sl.js
scout-cdn.salesloft.com/ Frame 05CA 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
NetDNA-cache/2.2
x-amz-request-id
KJS5X2QB4KYRYEA2
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
x-cache
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-type
application/javascript
x-amz-id-2
uYbwi/E0x9Q3Gd1t9EMWEuce9W6Wj2Uzje6W7i14hi+giTeGY6hSqiCH8uyynPXGq0UHeYE2f+4=
modules.7d3f952308caf42c2b67.js
script.hotjar.com/ Frame 05CA 		236 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.7d3f952308caf42c2b67.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.7.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-7-26.fra6.r.cloudfront.net
Software
/
Resource Hash
43b0a448dfabca1c64deab31c9b3b004d41bac8fafc0796a4f5675cea0dda5a8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Thu, 10 Mar 2022 09:02:06 GMT
content-encoding
br
x-content-type-options
nosniff
age
751915
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63048
access-control-allow-origin
*
last-modified
Thu, 10 Mar 2022 09:01:33 GMT
etag
"2f5d47da7be4d107a04726029158797c"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
yB9wKwZUj4-TCljxmE55redNX9eUBpFCdHTAnLHuFPG_L3UX3nOirA==
72.0a035390359aab65eb82.js
load.sumo.com/ Frame 05CA 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cdn-edgestorageid
549
x-amz-request-id
0XPNF8DMEJ6W2XCT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
02/08/2022 16:56:04
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
3a85ff552f449f558b20bba352a9f2fa
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ Frame 05CA 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
content-encoding
br
cdn-edgestorageid
883
x-amz-request-id
9N84X4YRM21X08T5
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
03/10/2022 13:34:18
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"ad6f2454f01de902ffd473d51c1207bf"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
c6c34a2eae30be169e5966b6fb4bc29d
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
149823563868256
connect.facebook.net/signals/config/ Frame 05CA 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/149823563868256?v=2.9.57&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
fcdce551320e5fc55409645f4ef16524b26c48c1a772c95d28f5c86fc7866f48
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
89095
x-xss-protection
0
pragma
public
x-fb-debug
4HS/Z/fIbbbQeuBysIFuQuadVLfr1CRd1NsCmZo2edICTdiAkYkQ+6kWIf/FItgLs9tKxZID9hPbVCvLH1wIZg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sat, 19 Mar 2022 01:54:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1003980311/ Frame 05CA 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1003980311/?random=1647654841665&cv=9&fst=1647651600000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=3892078728&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Mar 2022 01:54:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1003980311/ Frame 05CA 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1003980311/?random=1647654841665&cv=9&fst=1647651600000&num=1&guid=ON&eid=375603260&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=3892078728&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 19 Mar 2022 01:54:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
r
scout.salesloft.com/ Frame 05CA 		41 B
403 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo3MzgxfQ.wTFzhF-uZ32v817FJmU2XMNPhxmktsUmIa0fGBNQivQ
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.44.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-44-116.compute-1.amazonaws.com
Software
/
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
2197c71cdbd1584c28010f80c71e1bc3
collect
px4.ads.linkedin.com/ Frame 05CA
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841808&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841808&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKcXsA2vIixTwAAAX-f4a47jReiExgvdHPqAov_MHR_oLe3kutTUflkIHMd...
0
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841808&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKcXsA2vIixTwAAAX-f4a47jReiExgvdHPqAov_MHR_oLe3kutTUflkIHMdtg53TotHUrWe
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F75CADCA73F74379962E85609F563D38 Ref B: FRAEDGE1312 Ref C: 2022-03-19T01:54:02Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXaiImTN+fV3pqt0pgl/Q==
x-li-fabric
prod-lor1

Redirect headers

date
Sat, 19 Mar 2022 01:54:01 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: B092040B4EAB439A9778CE23FD6D5797 Ref B: FRAEDGE1408 Ref C: 2022-03-19T01:54:01Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1647654841808&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKcXsA2vIixTwAAAX-f4a47jReiExgvdHPqAov_MHR_oLe3kutTUflkIHMdtg53TotHUrWe
x-li-proto
http/2
content-length
0
x-li-uuid
AAXaiImQT7I46SEnHXAGOw==
visitWebPage
130-bfb-942.mktoresp.com/webevents/ Frame 05CA 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://130-bfb-942.mktoresp.com/webevents/visitWebPage?_mchNc=1647654841809&_mchCn=&_mchId=130-BFB-942&_mchTk=_mch-phishlabs.com-1647654841809-65744&_mchHo=info.phishlabs.com&_mchPo=&_mchRu=%2Fsf-login-page-2&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:01 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
769a3023-9412-405e-b736-a31f668fc818
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame 5D1F 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.95 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-95.fra53.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2

Response headers

content-type
text/html
content-length
1044
date
Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 12c16baed6578bf50fb0eaa233f2bc84.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
CbJnuPz6OSuC6vlVlQomGS74hTRKXiuf0KzQqwjhx63zwT3tJPtOew==
age
3690115
/
www.facebook.com/tr/ Frame 05CA 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=PageView&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&rl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&if=true&ts=1647654841864&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=0&o=30&it=1647654841769&coo=false&exp=p1&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sat, 19 Mar 2022 01:54:01 GMT
i
scout.salesloft.com/ Frame 05CA 		48 B
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.3.44.116 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-44-116.compute-1.amazonaws.com
Software
/
Resource Hash
31517dfadbd71d905e081867eb7431b2d0556e9675967dabe0ebd42e4c141bfd
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:01 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
58c5b7643561ac592696d8ba0e82c134
index.php
stats.sa-as.com/ Frame 05CA 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=259092&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=SF%20Login%20Page&Hst=info.phishlabs.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fsf-login-page-2&Reff=https%3A//phishlabs.my.salesforce.com/&FullPage=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&PMCD=https://info.phishlabs.com/sf-login-page-2&r=0.9304201747956145
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Sat, 19 Mar 2022 01:54:02 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
IMAGE/PNG
Content-Length
102
/
www.facebook.com/tr/ Frame 05CA 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=Microdata&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&rl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&if=true&ts=1647654842367&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SF%20Login%20Page%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22%22%2C%22og%3Atitle%22%3A%22SF%20Login%20Page%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.57&r=stable&a=tmgoogletagmanager&ec=1&o=30&it=1647654841769&coo=false&es=automatic&tm=3&exp=p1&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 19 Mar 2022 01:54:02 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sat, 19 Mar 2022 01:54:02 GMT

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone object| oncontextlost object| oncontextrestored object| SFDCSessionVars function| SfdcFramework object| Sfdc object| SfdcApp object| DomainSwitcher object| IdpOptions object| LoginHint function| loader function| checkCaps function| handleLogin function| lazyload

29 Cookies

Domain/Path Name / Value
phishlabs.lightning.force.com/ Name: CookieConsentPolicy
Value: 0:0
phishlabs.lightning.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.force.com/ Name: BrowserId
Value: cHsUDacnEeyhx7s2Ri9bAw
.force.com/ Name: BrowserId_sec
Value: cHsUDacnEeyhx7s2Ri9bAw
phishlabs.my.salesforce.com/ Name: CookieConsentPolicy
Value: 0:1
phishlabs.my.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
.salesforce.com/ Name: BrowserId
Value: cOEo76cnEeyMcdGdh0eWMQ
.salesforce.com/ Name: BrowserId_sec
Value: cOEo76cnEeyMcdGdh0eWMQ
login.salesforce.com/ Name: CookieConsentPolicy
Value: 0:0
login.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
login.salesforce.com/ Name: session
Value: 1647654838897
na168.salesforce.com/ Name: CookieConsentPolicy
Value: 0:0
na168.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.linkedin.com/ Name: UserMatchHistory
Value: AQKY7aYfe3JASAAAAX-f4auiMjfTVpz9nTCO5kBNRG-xaTg60nW4yb18hMe_vVtTDdfIjdbZl4SQrg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKa20ZXtBgZBAAAAX-f4auicwYeima5_AxO1iKFyiSvp69MXNeZH5lsqdobmFgy27CfgkD1USL5iYVk69pQBQ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&4bef6a95-4d13-4376-85e9-c28aae774383"
.linkedin.com/ Name: lidc
Value: "b=OGST06:s=O:r=O:a=O:p=O:g=2354:u=1:x=1:i=1647654841:t=1647741241:v=2:sig=AQHNn3mDwWWttM4I1VC6P8JldoPKBllY"
.bidr.io/ Name: bito
Value: AABRYU7Eam8AADFt5j7U7A
.bidr.io/ Name: bitoIsSecure
Value: ok
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&2022031901540106a22f40-1b75-4ac1-85a1-0ccfa5908fe8AQE0fgOBu6g9g-6nsCbeHEOZhSMC29Hv"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NDc2NTQ4NDE7MjswMjHaSCjT9FXkFHC+4M6cq6A5fW7v54HzFQWmO9e+9HPmAg==
.info.phishlabs.com/ Name: __cfruid
Value: 4b9fe93367fb6fbfdcbd04796d1e1ded865cefb4-1647654841
.company-target.com/ Name: tuuid
Value: 66b0744a-f84f-4e8c-96cf-2dc418d02396
.company-target.com/ Name: tuuid_lu
Value: 1647654841
.ws.zoominfo.com/ Name: visitorId
Value: 280629adc4ac13def047e545a8352a7bd9eefb6d87a8c90059bc113294e15762
.doubleclick.net/ Name: IDE
Value: AHWqTUk45Q7rM6XYFUHCnci2nlU0HYCOKvTrCOE-eBRFNQx1gRrwSbl-VoPX3dxk
.codepen.io/ Name: __cf_bm
Value: gtMRUmhQA1XL9EFYi40xN8hLCTTW4c4uE.Apgr1hvCo-1647654842-0-AV68/VFgSVKXL6gK6PCUghNoo5lKEdgNShO39Ppd1rbhN9GHxe1JDZTJL3yJ5UnjRQSfeE4gUbbUiagqHULYKi4=

2 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

130-bfb-942.mktoresp.com
api.company-target.com
assets.codepen.io
cdn.callrail.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.rlcdn.com
info.phishlabs.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsleadflows.net
load.sumo.com
load.sumome.com
login.salesforce.com
match.prod.bidr.io
munchkin.marketo.net
na168.salesforce.com
phishlabs.lightning.force.com
phishlabs.my.salesforce.com
px.ads.linkedin.com
px4.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
segments.company-target.com
snap.licdn.com
static.hotjar.com
stats.sa-as.com
tag.demandbase.com
vars.hotjar.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
104.111.234.67
107.23.8.65
13.107.42.14
13.109.186.204
13.109.191.206
13.110.59.205
142.250.185.194
143.204.215.105
143.204.215.69
143.204.215.77
143.204.215.95
192.28.144.124
209.128.119.150
23.111.9.64
2606:2c40::c73c:671f
2606:4700::6810:650c
2606:4700::6811:45b0
2606:4700::6811:73b0
2606:4700::6811:e30
2606:4700::6811:eacc
2606:4700::6812:14bf
2620:1ec:21::14
2a00:1450:4001:808::2002
2a00:1450:4001:808::200e
2a00:1450:4001:810::2003
2a00:1450:4001:813::2004
2a00:1450:4001:829::2003
2a00:1450:4001:830::200a
2a00:1450:4001:831::2008
2a02:26f0:6c00::210:ba20
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
35.244.174.68
52.3.44.116
54.171.228.20
65.9.66.123
84.17.46.53
85.222.152.67
99.86.7.26
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
06294245f12818c2d04b2a9f1e1d9d5cadd44667f565cdc6f51c83aaf4dfef28
06d3dbf5f91e2d94cccbf974a0e1495c91331f1f28d7ee9669a9f41276c6cd7d
08c8eb095458d2aed705fa0d062bebde26696d9fa52bb0f4cea1ace939adf75d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
2166a944f0e64b1e46a08cea39254e1513288cc15dc1c3860b79d05a0ae39403
231e774aafbf6d84fd8fafb14040538464a2dbf8e830192fff8545d6ff14cbf1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
31517dfadbd71d905e081867eb7431b2d0556e9675967dabe0ebd42e4c141bfd
32bc7c1c64fd1b755d48d6025b86b7e7a28ad35d1f420cf85cdc1123aa7dfcd7
357cbce81b01ae479e8cba77911d6a25338129d21d2b0b65b6151922b0483a71
37adfa46b47d25263e6aa9d11888a0a3be8c21fab0eac748c2ec828099409339
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3e18d0e3dd548e9745884578e3cd9f0a492ddbb6f3b797db364b45bb16cadfb3
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
40570de048c1c486155e5709177b9a7924d023bd3ad92f9f9392addd7dc55281
42a531dce996297d2a03cb33044b36408821072ad24b9477a237bd8a3ed6ebf7
43b0a448dfabca1c64deab31c9b3b004d41bac8fafc0796a4f5675cea0dda5a8
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4d82fe22866056ccadac57ccb8f5978e59c5e4460bd9d4106a584ef0b48e1a5a
4de59b5ae5ba7eb124656e5abc1a453a95a5d9180dd61dc3d0d0fc23aeaa7434
4e40e500b880df668492cf215bcf85facfaddafca5947c43f8d862e93eb9f368
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56c113bcd118654964831902e27484a5e3273fe5101dadb1e183c2d60a6530c6
5d5cf5a4a5b7c02915bc261dca0c755d29beda0c0c3a005c78c1682c9934bb3c
5d9bc6dec214e0ac4562af8a3854d2d46772e46e66806ab6aed8ba22d833d0dd
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936
6751f8a0408ffa5f5167437ff8686b1b9a4188b70b294ef1573f3223b91891b6
6d05b52a3ec99199e20adfffffcc9a0b7549fc40b9f122634da404f2c08847f0
6e254c656a029b64c10f320cb325858bc578c94d7a6ec1e5703ba03abb6738c0
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
6ffc89bfd0b1dbbf3fd5b122ee26c05f39f23b680d43e70254c4caf4b425a105
72c8ccd8b081cadafdd20ca628c62e6e532baa648599e1417a3244084af3908c
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
781cd857240a12f5f57823cc0b6870b76087aa767e47d16bdb987e8ad986a3b2
798ed8d6a3266ace22498e8746c609ea766931fbd3767bec5936789f7498e4e8
85a07fb4e8e76a3bae6e0e30a18b20a8f0ac233fba452317716a6174792d8edc
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
8c74f8137943c7c16fb6b902c8439c891a243fbcf5cb92eeb4a97b0dab852673
947d6c755989ac2b8e761deb8f7c3d38c30f9e01ce86b4ce1c8f3a2e1d1e5221
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3141000abd1d2a613408608a9cb3fe825f723f7b05611db1b9b97eeaf415cae
ae308e0f954dd9a45304361e81dffc8a3893584af53b9779722bbb51a7c71e08
b91c4b246579d67c4af460ba6186dbc48366fb1f14478632f7c70e7ed122221a
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c37f9f1230e8006b68895805d9e9217094a74fa6649ed6a63d3a3336918c37b9
ca341a6cbb59e89294e4f8bb9617286c91d316f9ed2a3a7b83139d88b69fbeeb
d11c85d0550410faeecf8be5206e7e6c368f2efdc0fcdd86e9c873b5fff52304
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b
d430f3d67d4fdf9143a4db967deb1d79d384fd5a90bba6f3846452f55b5b6887
daf5e9f8ea8711f70629b7b712637bc456362087ec97674238f895b9c6e1b3cf
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
dc803799b9087eb98b83e4411de09c9af83864f81095ddf065190d623dbcfa9e
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
df5ced08d7a8403aa31557fafe83cd7be61b0153e2d1ca4fcd4465c035e16465
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f52ac0c64f144ee8d991230e25ff4530831e41c8b7b6fe3a8ba10f4716bf8094
f8b1d759029eeaa52a167241f638fa3af49e8a2d37dfc926db860bb8505f4a4e
fc6f43ea9a7ab547b41271891b367646fb5fb7fe6d1433bd58844027ee61bf82
fcdce551320e5fc55409645f4ef16524b26c48c1a772c95d28f5c86fc7866f48