urlscan.io logo urlscan.io
SecurityTrails logo

phishlabs.my.salesforce.com Open in urlscan Pro
13.109.188.205  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://phishlabs.lightning.force.com/0066S00000zrhviQAA
Effective URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Submission Tags: falconsandbox
Submission: On May 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 37 IPs in 4 countries across 34 domains to perform 118 HTTP transactions. The main IP is 13.109.188.205, located in United States and belongs to SALESFORCE, US. The main domain is phishlabs.my.salesforce.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 9th 2021. Valid for: a year.
This is the only time phishlabs.my.salesforce.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.109.190.206 14340 (SALESFORCE)
12 13.109.188.205 14340 (SALESFORCE)
1 13.109.191.204 14340 (SALESFORCE)
2 85.222.152.195 14340 (SALESFORCE)
14 2606:2c40::c7... 209242 (CLOUDFLAR...)
2 142.250.181.226 15169 (GOOGLE)
6 84.17.46.53 60068 (CDN77 ^_^)
2 35.171.118.96 14618 (AMAZON-AES)
2 13.224.198.110 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 13.225.80.58 16509 (AMAZON-02)
4 209.128.119.150 7151 (BAYAREA-AS)
4 2a03:2880:f02... 32934 (FACEBOOK)
3 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 13.224.198.15 16509 (AMAZON-02)
4 2a03:2880:f12... 32934 (FACEBOOK)
3 3 52.209.163.249 16509 (AMAZON-02)
1 3 18.66.248.56 16509 (AMAZON-02)
2 35.244.174.68 15169 (GOOGLE)
2 13.225.80.60 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
4 104.92.72.193 16625 (AKAMAI-AS)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a02:26f0:f7:... 20940 (AKAMAI-ASN1)
2 23.111.9.64 33438 (STACKPATH)
2 192.28.144.124 15224 (OMNITURE)
4 18.207.82.85 14618 (AMAZON-AES)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
2 13.107.42.14 8068 (MICROSOFT...)
2 13.224.198.52 16509 (AMAZON-02)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
118 37
1    13.109.190.206 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl15-ncg1-c5-iad4.na168-ia4.force.com
phishlabs.lightning.force.com
12    13.109.188.205 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
phishlabs.my.salesforce.com
1    13.109.191.204 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl16-ncg1-c5-iad4.na168-ia4.salesforce.com
na168.salesforce.com
2    85.222.152.195 (Frankfurt am Main, Germany)

ASN14340 (SALESFORCE, US)
PTR: dcl2-ncg0-fra3.login.salesforce.com
login.salesforce.com
14    2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
info.phishlabs.com
2    142.250.181.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net
www.googleadservices.com
6    84.17.46.53 (Amsterdam, Netherlands)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com
load.sumome.com
load.sumo.com
2    35.171.118.96 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-118-96.compute-1.amazonaws.com
cdn.callrail.com
2    13.224.198.110 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-110.fra2.r.cloudfront.net
tag.demandbase.com
4    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
2    2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    13.225.80.58 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-58.fra2.r.cloudfront.net
static.hotjar.com
4    209.128.119.150 (United States)

ASN7151 (BAYAREA-AS, US)
PTR: 209-128-119-150.bayarea.net
stats.sa-as.com
4    2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2606:4700::6810:650c (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
3    2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    13.224.198.15 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-15.fra2.r.cloudfront.net
script.hotjar.com
4    2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    52.209.163.249 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-209-163-249.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
3    18.66.248.56 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-56.dus51.r.cloudfront.net
segments.company-target.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    13.225.80.60 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-80-60.fra2.r.cloudfront.net
api.company-target.com
2    2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
4    104.92.72.193 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-92-72-193.deploy.static.akamaitechnologies.com
munchkin.marketo.net
2    2606:4700:4400::6812:21ab (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
2    2606:4700::6811:47b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6811:e8cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
2    2606:4700::6811:74b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
2    2a00:1450:4001:812::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    2a02:26f0:f7::5c7b:e053 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    23.111.9.64 (United States)

ASN33438 (STACKPATH, US)
scout-cdn.salesloft.com
2    192.28.144.124 (United States)

ASN15224 (OMNITURE, US)
130-bfb-942.mktoresp.com
4    18.207.82.85 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-207-82-85.compute-1.amazonaws.com
scout.salesloft.com
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
2    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    13.224.198.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-198-52.fra2.r.cloudfront.net
vars.hotjar.com
8    2606:4700::6810:b02c (United States)

ASN13335 (CLOUDFLARENET, US)
assets.codepen.io
1    2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
Apex Domain
Subdomains		 Transfer
15 salesforce.com
phishlabs.my.salesforce.com
na168.salesforce.com — Cisco Umbrella Rank: 165210
login.salesforce.com — Cisco Umbrella Rank: 5687
90 KB
14 phishlabs.com
info.phishlabs.com
175 KB
8 codepen.io
assets.codepen.io — Cisco Umbrella Rank: 40743
214 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 511
www.linkedin.com — Cisco Umbrella Rank: 616
px4.ads.linkedin.com — Cisco Umbrella Rank: 4745
4 KB
6 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 15336
scout.salesloft.com — Cisco Umbrella Rank: 15893
7 KB
6 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 645
script.hotjar.com — Cisco Umbrella Rank: 896
vars.hotjar.com — Cisco Umbrella Rank: 989
133 KB
5 company-target.com
segments.company-target.com — Cisco Umbrella Rank: 1294
api.company-target.com — Cisco Umbrella Rank: 3542
5 KB
4 sumo.com
load.sumo.com — Cisco Umbrella Rank: 11247
288 KB
4 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3700
12 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 102
674 B
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 146
226 KB
4 sa-as.com
stats.sa-as.com — Cisco Umbrella Rank: 58848
3 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
273 KB
3 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 466
1 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
2 KB
3 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 6972
3 KB
2 mktoresp.com
130-bfb-942.mktoresp.com
622 B
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 939
7 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 5483
612 B
2 google.com
www.google.com — Cisco Umbrella Rank: 7
612 B
2 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3498
5 KB
2 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4372
175 KB
2 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2271
39 KB
2 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2273
30 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
3 KB
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 598
107 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
39 KB
2 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1364
81 KB
2 demandbase.com
tag.demandbase.com — Cisco Umbrella Rank: 5207
37 KB
2 callrail.com
cdn.callrail.com — Cisco Umbrella Rank: 8717
622 B
2 sumome.com
load.sumome.com — Cisco Umbrella Rank: 37868
4 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 110
33 KB
1 gstatic.com
fonts.gstatic.com
13 KB
1 force.com
phishlabs.lightning.force.com
968 B
118 34
Domain Requested by
14 info.phishlabs.com phishlabs.my.salesforce.com
info.phishlabs.com
12 phishlabs.my.salesforce.com phishlabs.my.salesforce.com
8 assets.codepen.io info.phishlabs.com
4 scout.salesloft.com scout-cdn.salesloft.com
4 load.sumo.com load.sumome.com
4 munchkin.marketo.net info.phishlabs.com
munchkin.marketo.net
4 www.facebook.com info.phishlabs.com
4 connect.facebook.net phishlabs.my.salesforce.com
connect.facebook.net
4 stats.sa-as.com www.googletagmanager.com
info.phishlabs.com
4 www.googletagmanager.com info.phishlabs.com
www.googletagmanager.com
3 px.ads.linkedin.com 3 redirects
3 segments.company-target.com 1 redirects info.phishlabs.com
3 match.prod.bidr.io 3 redirects
3 fonts.googleapis.com info.phishlabs.com
3 ws.zoominfo.com phishlabs.my.salesforce.com
ws.zoominfo.com
2 vars.hotjar.com static.hotjar.com
2 px4.ads.linkedin.com info.phishlabs.com
2 130-bfb-942.mktoresp.com munchkin.marketo.net
2 scout-cdn.salesloft.com info.phishlabs.com
2 snap.licdn.com info.phishlabs.com
2 www.google.de info.phishlabs.com
2 www.google.com info.phishlabs.com
2 js.hsadspixel.net info.phishlabs.com
2 js.hsleadflows.net info.phishlabs.com
2 js.hs-analytics.net info.phishlabs.com
2 js.hs-banner.com info.phishlabs.com
2 googleads.g.doubleclick.net www.googleadservices.com
2 api.company-target.com tag.demandbase.com
2 id.rlcdn.com info.phishlabs.com
2 script.hotjar.com static.hotjar.com
2 static.hotjar.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
2 www.googleoptimize.com www.googletagmanager.com
2 tag.demandbase.com info.phishlabs.com
2 cdn.callrail.com info.phishlabs.com
2 load.sumome.com info.phishlabs.com
2 www.googleadservices.com info.phishlabs.com
2 login.salesforce.com phishlabs.my.salesforce.com
login.salesforce.com
1 fonts.gstatic.com fonts.googleapis.com
1 www.linkedin.com 1 redirects
1 na168.salesforce.com phishlabs.my.salesforce.com
1 phishlabs.lightning.force.com 1 redirects
118 42

This site contains no links.

Subject Issuer Validity Valid
*.my.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-09 -
2022-07-08		 a year crt.sh
na168.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-21 -
2023-03-20		 a year crt.sh
login.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-29 -
2022-07-28		 a year crt.sh
info.phishlabs.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.sumome.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-04-05		 a year crt.sh
cdn.callrail.com
Amazon		 2022-02-24 -
2023-03-25		 a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2021-10-18 -
2022-10-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
stats.sa-as.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-14 -
2023-02-14		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-02-28 -
2022-05-29		 3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2022-05-04 -
2023-05-04		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2021-10-20 -
2022-09-26		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2022-02-06 -
2023-02-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-16 -
2023-04-14		 a year crt.sh
*.sumo.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-04-05		 a year crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-30 -
2022-11-30		 a year crt.sh
codepen.io
Cloudflare Inc ECC CA-3		 2022-05-06 -
2023-05-06		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 6 frames:

Primary Page: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Frame ID: AFE1D1D87DF76B9840EC7F97A0FD70E5
Requests: 12 HTTP requests in this frame

Frame: https://info.phishlabs.com/sf-login-page
Frame ID: 3CC97554CAA6AD37F878475481C86BE7
Requests: 46 HTTP requests in this frame

Frame: https://login.salesforce.com/login/sessionserver212.html
Frame ID: DF6FAF698DE9CA57890D1F2A06C205CF
Requests: 2 HTTP requests in this frame

Frame: https://info.phishlabs.com/sf-login-page-2
Frame ID: BED2E643047917504026400E4A07CDB3
Requests: 56 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: A3FEBFA732F170DBA9E84D379150DB44
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: 0BCA72F423499D15D536FC27C1752058
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden | Salesforce

Page URL History Show full URLs

  1. https://phishlabs.lightning.force.com/0066S00000zrhviQAA HTTP 302
    https://phishlabs.my.salesforce.com/0066S00000zrhviQAA Page URL
  2. https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • load\.sumome\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

118
Requests

97 %
HTTPS

48 %
IPv6

34
Domains

42
Subdomains

37
IPs

4
Countries

1904 kB
Transfer

6207 kB
Size

30
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://phishlabs.lightning.force.com/0066S00000zrhviQAA HTTP 302
    https://phishlabs.my.salesforce.com/0066S00000zrhviQAA Page URL
  2. https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://phishlabs.lightning.force.com/0066S00000zrhviQAA HTTP 302
  • https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Request Chain 38
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA&verifyHash=16f7787d786478411bb6aae7a7229d50a67eca2c
Request Chain 56
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1653198462007%26url%3Dhttps%253A%252F%252Fphishlabs.my.salesforce.com%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKs6NkiRFUXhwAAAYDqTp1-RTm8BFTVdtggGB-w8t9PJvC9f4WcAndN3z0iqPROJHxP0K8
Request Chain 81
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA
Request Chain 112
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462451&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462451&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKyW0KfO4IrUwAAAYDqTp5CWw9Ql8-7QkOKyCuRWDJNXbM4AWN96c85lTMDiIAMbTicG8A

118 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
0066S00000zrhviQAA
phishlabs.my.salesforce.com/
Redirect Chain
  • https://phishlabs.lightning.force.com/0066S00000zrhviQAA
  • https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
must-revalidate,no-cache,no-store
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
X-Robots-Tag
none

Redirect headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Length
0
Content-Security-Policy
upgrade-insecure-requests
Date
Sun, 22 May 2022 05:47:35 GMT
Location
https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Robots-Tag
none
X-XSS-Protection
1; mode=block
Primary Request /
phishlabs.my.salesforce.com/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
2ee23813fa644b088e6c066052ca130434ecb5278faab9b6591f457b070d0b79
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Encoding
gzip
Content-Security-Policy
frame-ancestors 'none'
Content-Type
text/html; charset=UTF-8
Date
Sun, 22 May 2022 05:47:38 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-FRAME-OPTIONS
DENY
X-Robots-Tag
none
X-XSS-Protection
0
sfdc_210.css
phishlabs.my.salesforce.com/css/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/css/sfdc_210.css
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 23 May 2017 21:11:38 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/css
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 05:47:39 GMT
SfdcSessionBase208.js
phishlabs.my.salesforce.com/jslibrary/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6ffc89bfd0b1dbbf3fd5b122ee26c05f39f23b680d43e70254c4caf4b425a105
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 05:47:39 GMT
LoginHint208.js
phishlabs.my.salesforce.com/jslibrary/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/LoginHint208.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
72c8ccd8b081cadafdd20ca628c62e6e532baa648599e1417a3244084af3908c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 05:47:39 GMT
CAAAAYDsBgNsAAAAAAAAAAAAAAAAAAAAAAAA7B1Qs1W1NsZEm4B4gTNZuKiR3Y342CIZrN_UgwBUs0WL1o3vMeeGwmzeWYuInXJLQyk8f13C6G2zoKalVkZiCzuS_0EE7oTnTFBhbSChj6yx
na168.salesforce.com/brand-asset/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://na168.salesforce.com/brand-asset/CAAAAYDsBgNsAAAAAAAAAAAAAAAAAAAAAAAA7B1Qs1W1NsZEm4B4gTNZuKiR3Y342CIZrN_UgwBUs0WL1o3vMeeGwmzeWYuInXJLQyk8f13C6G2zoKalVkZiCzuS_0EE7oTnTFBhbSChj6yx
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.191.204 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c5-iad4.na168-ia4.salesforce.com
Software
/
Resource Hash
08c8eb095458d2aed705fa0d062bebde26696d9fa52bb0f4cea1ace939adf75d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:40 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Mon, 7 Feb 2022 14:12:49 GMT
X-Robots-Tag
none
Strict-Transport-Security
max-age=63072000; includeSubDomains
P3P
CP="CUR OTR STA"
Cache-Control
public,max-age=3888000
X-Content-Type-Options
nosniff
Content-Type
image/png
Content-Length
18223
X-XSS-Protection
1; mode=block
Expires
Wed, 06 Jul 2022 05:47:40 GMT
clear.png
phishlabs.my.salesforce.com/img/ 		477 B
873 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishlabs.my.salesforce.com/img/clear.png
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 21 May 2015 20:40:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Mon, 19 Sep 2022 05:47:39 GMT
baselogin.js
phishlabs.my.salesforce.com/jslibrary/ 		640 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/baselogin.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
a3141000abd1d2a613408608a9cb3fe825f723f7b05611db1b9b97eeaf415cae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 05:47:39 GMT
1386
phishlabs.my.salesforce.com/marketing/survey/survey1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/marketing/survey/survey1/1386
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
42a531dce996297d2a03cb33044b36408821072ad24b9477a237bd8a3ed6ebf7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Content-Length
1979
1386
phishlabs.my.salesforce.com/marketing/survey/survey4/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/marketing/survey/survey4/1386
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6e254c656a029b64c10f320cb325858bc578c94d7a6ec1e5703ba03abb6738c0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Content-Length
6976
s.gif
phishlabs.my.salesforce.com/ Frame 3CC9 		43 B
438 B 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/s.gif
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public,max-age=10368000
Content-Type
image/gif
Date
Sun, 22 May 2022 05:47:39 GMT
Expires
Mon, 19 Sep 2022 05:47:39 GMT
Last-Modified
Tue, 27 May 2003 18:28:08 GMT
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
X-Robots-Tag
none
SalesforceSans-Regular.woff2
phishlabs.my.salesforce.com/login/assets/fonts/SalesforceSans/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/css/sfdc_210.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://phishlabs.my.salesforce.com/css/sfdc_210.css
Origin
https://phishlabs.my.salesforce.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:39 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 Jul 2015 20:32:56 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
font/woff2
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Mon, 19 Sep 2022 05:47:39 GMT
sessionserver212.html
login.salesforce.com/login/ Frame DF6F 		91 B
867 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/login/sessionserver212.html
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.152.195 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl2-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://phishlabs.my.salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public,max-age=86400
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Type
text/html;charset=UTF-8
Date
Sun, 22 May 2022 05:47:39 GMT
Expires
Mon, 23 May 2022 05:47:39 GMT
Last-Modified
Wed, 23 Aug 2017 20:39:30 GMT
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
SessionServer212.js
login.salesforce.com/jslibrary/ Frame DF6F 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/jslibrary/SessionServer212.js
Requested by
Host: login.salesforce.com
URL: https://login.salesforce.com/login/sessionserver212.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.152.195 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl2-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
d430f3d67d4fdf9143a4db967deb1d79d384fd5a90bba6f3846452f55b5b6887
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.salesforce.com/login/sessionserver212.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:40 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Mon, 19 Sep 2022 05:47:40 GMT
sf-login-page
info.phishlabs.com/ Frame 3CC9 		9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/sf-login-page
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
d91ea1c6b56e9b6efc3164f86101d70f8e8b2fccc70d6a1106b93948e411b36c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://phishlabs.my.salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
s-maxage=14400, max-age=0
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>
cf-ray
70f34228fadc694b-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sun, 22 May 2022 05:47:41 GMT
edge-cache-tag
CT-51834294403,P-326665,E-1319106982,E-1973184679,E-356216487,E-51834248013,PGS-ALL,SW-1
etag
W/"56e9b4d805b9e84ce0a02e0c76d4f739"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Sat, 21 May 2022 07:44:07 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPlNFuMg90MeiuPj0ZS73VgCFtX8Y%2FsnIuOKU9wBfs9uOzMT3dvHvmLwseS%2F8DSkKreyZYqzCPeCX191zqUqz6L5QYjcQIvKGHvx%2FgRpF3cuC%2FuUuvJEyAdLbaQuX4TRP1I3f39PDeeNeIgqKWQ7aw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-id
51834294403
x-hs-hub-id
326665
x-hs-prerendered
Sat, 21 May 2022 07:44:07 GMT
x-powered-by
HubSpot
capslock_blue.png
phishlabs.my.salesforce.com/img/icon/ 		559 B
955 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishlabs.my.salesforce.com/img/icon/capslock_blue.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0066S00000zrhviQAA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:40 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Sun, 30 Jun 2019 10:26:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Mon, 19 Sep 2022 05:47:40 GMT
index.js
info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ Frame 3CC9 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4120404
x-amz-server-side-encryption
AES256
cf-ray
70f3422e3a75694b-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 25 Mar 2022 12:04:14 GMT
server
cloudflare
etag
W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M5CiBSIDbgUstTk%2Ftgo0aF%2FM8AKyPl9HYz4mSdj61n3oVJpvWLt02ozq18fDNaWKgRE14%2BmaNpI9jsKDsQ5doWD0itUrDsQkqORYcdRfKmBJ65qNUCplwOXCZAnvAlRTWAP8xXxi0BzFWUR8mCl%2BXw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
IEE9ZmbJgF53I0lPlIN-GxbmpLUEFckYurqYcNnudXdWCydPJuYhBw==
expires
Mon, 22 May 2023 05:47:41 GMT
jquery-1.7.1.js
info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ Frame 3CC9 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10101613
cf-ray
70f3422e6ab1694b-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=h%2BnNfQOKjeJJXWajKjgRylzUHueq0Y0J4QanQ7Oqb%2FZeHYU84rouvXKPHcUc5Y21bk05MsDdJfH6mPaWU26uykoLp14aI3PwKCG6v7t2Sj0OiOnFxHQUoQA45W15B4F4Qj1jPozxJP30SMBUzRu9Qg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
fm5oEyshHguW5eyTWJujGExVMJHQq6j4KXVELLj8_f20U-gCmo27Iw==
expires
Mon, 22 May 2023 05:47:41 GMT
Setup-style.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/ Frame 3CC9 		39 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 2ca1a2664d288773b443dc5e52a8b5b8.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
BDAES1PF028QGC00
x-amz-id-2
OIXk46+5WW/T7Cc9TeIRNUTaoX1dE1a8tEYa/Ob+UkjS7/1KLHNL1Zb0D0a6w0aKZ4FDw5wFVJU=
last-modified
Sun, 29 Sep 2019 04:21:09 GMT
server
cloudflare
etag
W/"06ddb0e365ad13e48b57e73f34f4304b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvXJ95lWfKrboIqpmUMaEo%2F%2FGrVflxuVLNQ52n2dZXFJI60MrzjcDiU7HfbQaJkirfemYeSBiZE92vFaAfmxZ6QjCT0zgl58mvQfoWnA2tVINEePP%2F245sXcXyJXFQMUdsoAiEgINtchv1A5SnFzkA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
h7abRBDuPOHylyfsb0LyMYoafw23bNJ1
cf-ray
70f3422e6ab2694b-FRA
x-amz-cf-id
p7jX8WskrZaCDCCWSz9IjbTJsDLE6f68_ZH6WJX0HjjHH6ky8o_DPA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Setup_Style.min.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/ Frame 3CC9 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/Setup_Style.min.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
BDA25ZYG5MCA7R91
x-amz-id-2
Hc2vEY05gqTG/4zZD4CQMlFdmne6gNiwSziggOBwe+zOvtJlZsO09pz7FZ3laH7SmtfhM/8nV+k=
last-modified
Sun, 29 Sep 2019 04:21:13 GMT
server
cloudflare
etag
W/"8fa142fa89bb898822b083a61a7c8888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FVFE1QHOvTDW9ynBu1EP6C8sU5ZAD9EBnzgA4lPgriul1ppR5OxOBswMibQc2f3CLPSlz82GNMh2aQYNasR0%2BLOEP2BtkzS4%2Bzpkf%2F9CiRqJ70nDoh8amFvmMBPP7qHA7cq60oR390kr48ODQli%2Fzw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
MWEuqnQB7FhcUGXBr_hr5qk78NtV.SO_
cf-ray
70f3422e6ab3694b-FRA
x-amz-cf-id
tiVKt0Mgh0Jp1fnb-EvO4PhSGpZNWhSXZPGl9fSdW35fgjTLbwyg4w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
PhishStyle.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/ Frame 3CC9 		43 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
702ZAP1FNS8XTGJE
x-amz-id-2
/hCdErJmdUMEZ0G6md57Oua2X62runTY/kMWRZSKx4i6X/4TRdThQP/ZG98j2PkxZgvBaXoJQPs=
last-modified
Sun, 29 Sep 2019 04:21:10 GMT
server
cloudflare
etag
W/"c7ac1e1589845d6c36bea5f64db2fa4e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BYG0M96x%2FW5%2B94IC2zQ3DeHn7XnH7NVc7%2BgB%2B0G4fnMP51OAK%2Bm6Ie8xcmNmlVP96uuWiWfRIxbc8pEeYeVu2kyDDLo3oeXY8fv7P7AnHd%2FTlQT76NhRVTTcVRWHrbhypub2oPDsh25iBFFdZnJvWA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r2OgNPfKSJXEKLnNWcSQh.PTt4qpyGLa
cf-ray
70f3422e6ab4694b-FRA
x-amz-cf-id
kYzhn3enBhaLKfCfrBHGGJ0Er8MSD5OyUMGfU6bO_XBFIlmFjMhAZA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
326665.js
info.phishlabs.com/hs/scriptloader/ Frame 3CC9 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/scriptloader/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e709d59b2f8550e371a800a9eee92d440d1b755c84246e05dde515431cd133ba

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
a334c9c3-cdd4-4025-b673-420593a0234e
last-modified
Sun, 22 May 2022 03:36:51 GMT
server
cloudflare
x-trace
2B4124734E496895FEB45695EDF222F344A69FAD7E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2cH5Vks%2BN9i0OZjHfaIbFSOj2bnoASzW1QX1eX2v8urkqsBnQZPL1iw8fEAHb0D%2BlhSXpz1HaEIIKQiE6grU5HYSWdHC6aFx3MjDwR8lli%2Fe%2FxMvosBml6dWRg806697uC3R6%2FQm9cU2yHe77zvEw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
70f3422eeb78694b-FRA
expires
Sun, 22 May 2022 05:48:41 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 3CC9 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
895f492be4e7fcbe0f12090af4097a95d96b07157baacd9d8011c0a24e4dc947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16860
x-xss-protection
0
server
cafe
etag
9538313714109913383
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 05:47:41 GMT
/
load.sumome.com/ Frame 3CC9 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumome.com/
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
cdn-edgestorageid
459
x-amz-request-id
3PCZK5VJD5EKZK42
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
04/25/2022 00:10:59
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
dAESyP9+JFGRy8XKuCpYIrR3W//nPp0NqykRo+mXyOZWMUDphuFDRn6nYqCTb0JhIyoEEMA36go=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 15:23:03 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=600
cdn-requestid
088d5df56b1bb468d9b828d50f2b883c
cdn-requestcountrycode
RO
cdn-status
200
cdn-requestpullsuccess
True
swap.js
cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/ Frame 3CC9 		32 B
312 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/swap.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.118.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-118-96.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-runtime
0.006853
date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
79b037ac-ccf7-4e47-a69b-1e761a7f9d17
9f609f1a.min.js
tag.demandbase.com/ Frame 3CC9 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/9f609f1a.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.198.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-198-110.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
spcLtnX6rAUIpscvak6_OQCDfS4ghIGh
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:15:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA2-C1
etag
W/"43fe60654bcf129ab9209fc53c139c93"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
date
Sun, 22 May 2022 05:47:42 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-id
f7qNJWfNbpYus2ILYBZW4Q_xb_g5qfWgjiwjh06jW0SNx9Of07U_nQ==
gtm.js
www.googletagmanager.com/ Frame 3CC9 		190 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b0a3071828b344195ba59d405e4844f0c5bb2ea6d7661884ecafa79eddea76d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70030
x-xss-protection
0
last-modified
Sun, 22 May 2022 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 05:47:41 GMT
sf-login-page-2
info.phishlabs.com/ Frame BED2 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/sf-login-page-2
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
ec787aa1ff5c729635e3b4c140d088b8363f03a4dca06aca9b157f257e2aba00
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
s-maxage=14400, max-age=0
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>
cf-ray
70f3422eeb80694b-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sun, 22 May 2022 05:47:42 GMT
edge-cache-tag
CT-65363752327,P-326665,E-1319106982,E-1973184679,E-356216487,E-65362450853,PGS-ALL,SW-1
etag
W/"e2f6a3654a481368e0a44dae4866dec8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Sat, 21 May 2022 07:44:08 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1APnbKELrYjxF60LrsdJAi1Ien3HvkcfUnYc22gzeKbJnFPAJSc341u2xgcEm3HZDBhGrZM7LmlrALsMOig0C%2BWTHquopx9pfH3IHB1SGj9HSyVrhFhn6XTLpBrkYOWOEpuq94VE9%2BNDcG%2BSwezdfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-id
65363752327
x-hs-hub-id
326665
x-hs-prerendered
Sat, 21 May 2022 07:44:08 GMT
x-powered-by
HubSpot
optimize.js
www.googleoptimize.com/ Frame 3CC9 		108 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-PK5SW57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d227db36858e48bfa8c473837e11d2390fa2fce13040f6ba5fae83de7cb0e6e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41301
x-xss-protection
0
expires
Sun, 22 May 2022 05:47:41 GMT
js
www.googletagmanager.com/gtag/ Frame 3CC9 		189 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VSQX89F7WH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
63546f6fc684cf07edf163d625a25b55baa1be3760df4c1c138a341c97c97c64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69565
x-xss-protection
0
expires
Sun, 22 May 2022 05:47:41 GMT
analytics.js
www.google-analytics.com/ Frame 3CC9 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5313
date
Sun, 22 May 2022 04:19:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 22 May 2022 06:19:08 GMT
hotjar-2702231.js
static.hotjar.com/c/ Frame 3CC9 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.80.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-80-58.fra2.r.cloudfront.net
Software
/
Resource Hash
6b30b793f99f794d675c0c00d32839131896b43377660191828043b81ea05fbb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
FRA2-C2
etag
W/8df7282d229d8f895b5ef835678c3920
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
s_nbjkt1Rt-9Yx8tn16OTLeQQnpL6dLNLeXZVZBcH1X6u4e4-6qYiw==
via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
live.js
stats.sa-as.com/ Frame 3CC9 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"2800c0-52e-54d2690345cc0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
fbevents.js
connect.facebook.net/en_US/ Frame 3CC9 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
/xlA7DVy1x11Kp7LkRb/5VvEOSOhjzrmCRztCJv7jbD2MCQbeoEKsAkpwHNYYm+Ib/bjjF9/j3lwK5UV5btYvQ==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Sun, 22 May 2022 05:47:41 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
611434f132b77200153d4e45
ws.zoominfo.com/pixel/ Frame 3CC9 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
1f735850d9ba999007cbc997dee56b0074f21cff1e0d1c58553d68cf255bbcc4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
70f3422fe8df0229-ZRH
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
via
1.1 google
149823563868256
connect.facebook.net/signals/config/ Frame 3CC9 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/149823563868256?v=2.9.60&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
10d7ebbbb0a90097f9a8bb69f5616ff502210b74bfe69c467055bc60411fdd5d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
kQEyJwLRBTJsxWQOepkfGmEEBDvgeuSJNcOtEVG8nYkVBT3E/KaOlpXGH8JBKCyR5NQ0q6mySnX0Vomji4mcRg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sun, 22 May 2022 05:47:41 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1653198461485
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
css
fonts.googleapis.com/ Frame 3CC9 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,500,700
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b3f0a6d6a59d8015a0f304089d399067747d2618e48cce61474983bf0e76f7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 May 2022 04:15:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 22 May 2022 05:47:41 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 May 2022 05:47:41 GMT
modules.f31ba00513b7ef8234d1.js
script.hotjar.com/ Frame 3CC9 		243 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.f31ba00513b7ef8234d1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.198.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-198-15.fra2.r.cloudfront.net
Software
/
Resource Hash
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 20 May 2022 16:09:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
135514
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63712
access-control-allow-origin
*
last-modified
Fri, 20 May 2022 16:08:12 GMT
etag
"bb85a92d3aefdabfa0ed466815889fc6"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 7a18a0a1d9929dae345690b88b08dd5e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
nJULRzLYm8P2Kh06wqRWcNjUfzKD19yzkwrUsj81ot_zfEogkY-cFg==
/
www.facebook.com/tr/ Frame 3CC9 		44 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=PageView&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&rl=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&if=true&ts=1653198461539&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=0&o=30&it=1653198461418&coo=false&exp=p0&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Sun, 22 May 2022 05:47:41 GMT
validateCookie
segments.company-target.com/ Frame 3CC9
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA&verifyHash=16f7787d786478411bb6aae7a7229d50a67eca2c
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA&verifyHash=16f7787d786478411bb6aae7a7229d50a67eca2c
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Via
1.1 197c4cb5add90683639ea9a7475e4dd2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
61dbaebf01f71276
X-Amz-Cf-Id
oqYz14d1EVeF6Kjtf5RAv0ZOep0rLvRc9cPZXVPzsXS9Js2ciJvPPA==

Redirect headers

Date
Sun, 22 May 2022 05:47:42 GMT
Via
1.1 197c4cb5add90683639ea9a7475e4dd2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA&verifyHash=16f7787d786478411bb6aae7a7229d50a67eca2c
Connection
keep-alive
trace-id
24a8833920f2c1fc
Content-Length
0
X-Amz-Cf-Id
PHTrSG0Qn9UBqN894Uqhx7Zi6u8CZ_8vCm0GkXqbcRx50EfapJ6oSA==
464526.gif
id.rlcdn.com/ Frame 3CC9 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ip.json
api.company-target.com/api/v2/ Frame 3CC9 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=null&page=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&page_title=3rd%20Party%20iFrame&src=tag&auth=qRf7oCt4rQiJCau52wBF0xPrmBAr5L855rvoN7fG
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.80.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-80-60.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
41aa3f3db71668353923b3b0505dc9aaf4a775b0b87d79bf6134a9683cc8807e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
request-id
0d2be80a-4ae4-4845-b04d-41ae65edb3d0
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://info.phishlabs.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
IVVwqAQid3C4bzHucs2UBjeTyOJ9pJe1D5Rh1InLM9_uLVPJ3Rtvmg==
expires
Sat, 21 May 2022 05:47:41 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/ Frame 3CC9 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/?random=1653198461796&cv=9&fst=1653198461796&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
7c4aa661a9d577743ffb80a2d0e6814f9df18dc26ce3ae75b4ee187f0236efc2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1016
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ Frame 3CC9 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.72.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-72-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:41 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
326665.js
js.hs-banner.com/ Frame 3CC9 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
6AW8TQEC2DTHVTHZ
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
8jxtCk2J16dU84u76RNUWAR0xXLCy7uryUHJz6nydkZHmzf9bwWmnTlxx6zgAEUibxcmLrq4PTI=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 20:37:23 GMT
server
cloudflare
etag
W/"9d99d1791572859edb76b909144c1152"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
T225Ue6NSsChPWiTKWdZ05t774U6Tk6_
access-control-allow-origin
https://www.phishlabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
70f342327b9d01db-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sun, 22 May 2022 05:52:42 GMT
326665.js
js.hs-analytics.net/analytics/1653198300000/ Frame 3CC9 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1653198300000/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f06593fd04112f8f991fcddae285285243b502f8ee32ab9ad6a54a45c0c62d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
BDAATGGNCV24E7XN
x-amz-server-side-encryption
AES256
cf-ray
70f342327ff001f8-ZRH
x-amz-id-2
a1VZDZPe8B0pivQLgHCTkn954hcenmvZ8Luo9xd2oBKOxFqjizzp+Bi2CxuTqqcgsO3RZWnpD6c=
last-modified
Thu, 14 Apr 2022 15:09:10 GMT
server
cloudflare
etag
W/"a0b185fc22d0f8b28d97f2114d68823e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Sun, 22 May 2022 05:52:41 GMT
leadflows.js
js.hsleadflows.net/ Frame 3CC9 		547 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Origin
https://info.phishlabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 5148e372b4ab17878741ea92be548472.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
MISS
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js&cfRay=70f342328bcfcc46-IAD
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
70f342328bcfcc46-ZRH
last-modified
Thu, 19 May 2022 12:56:48 UTC
server
cloudflare
etag
W/"3a729bcb06fbe3ff521fc0e64855db1f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
g4B39IYvnh_FDOMHIH7jomAsh2XchlfN
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
content-type
application/javascript; charset=utf-8
x-amz-cf-id
_GkjKWJgZVxiHT3EyRZAZfveHELV6YzZeOPRhZu6uf5G_VrorB4PRA==
x-hs-target-asset
lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js
fb.js
js.hsadspixel.net/ Frame 3CC9 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:74b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
142e1cd28809b7bbe61123941a3a70a045a5c1fa864c97574b32abd94f4b4229

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
via
1.1 b9d1b307966c2273bf97ed7c681603da.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
500
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.278/bundles/pixels-release.js&cfRay=70f335f8dad88fce-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 10 May 2022 02:37:05 UTC
server
cloudflare
etag
W/"e23a3c7ef0fc6b7c55f83c4911c95be6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
sUKtDc7b2iEDZ57z7v16VeKnAVF7O_.0
cache-control
max-age=600
x-hs-cache-status
EXPIRED
x-amz-cf-pop
IAD89-P1
cf-ray
70f342326cca9022-FRA
x-amz-cf-id
ZcGypW5NjRfS6ohf0yvU3I099K_7hKUAAr6i8X632fIpIEibGu3VjA==
x-hs-target-asset
adsscriptloaderstatic/static-1.278/bundles/pixels-release.js
/
www.google.com/pagead/1p-user-list/1003980311/ Frame 3CC9 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1003980311/?random=1653198461796&cv=9&fst=1653195600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=2297982449&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 05:47:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1003980311/ Frame 3CC9 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1003980311/?random=1653198461796&cv=9&fst=1653195600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=2297982449&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 05:47:41 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/161/ Frame 3CC9 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.72.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-72-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:41 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Tue, 30 Aug 2022 05:47:41 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame 3CC9 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f7::5c7b:e053 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
662
Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
X-EdgeConnect-MidMile-RTT
0
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=36936
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
sl.js
scout-cdn.salesloft.com/ Frame 3CC9 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
NetDNA-cache/2.2
x-amz-request-id
FVXXN9NQSP35N957
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
x-cache
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-type
application/javascript
x-amz-id-2
t+hD+ut+08JWthjEFl2C7IQAskPGv+nM+sfOEhNE+YxckEOo/JGGKTykwPcyfU4866qU33D7xzA=
72.0a035390359aab65eb82.js
load.sumo.com/ Frame 3CC9 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
cdn-edgestorageid
549
x-amz-request-id
0XPNF8DMEJ6W2XCT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
02/08/2022 16:56:04
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
947f0847a76e0c3d0386f187cb63d305
cdn-requestcountrycode
RO
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ Frame 3CC9 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
cdn-edgestorageid
883
x-amz-request-id
9N84X4YRM21X08T5
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
03/10/2022 13:34:18
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"ad6f2454f01de902ffd473d51c1207bf"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
e8fa2c443448b97410615c8e509afbbc
cdn-requestcountrycode
RO
cdn-status
200
cdn-requestpullsuccess
True
visitWebPage
130-bfb-942.mktoresp.com/webevents/ Frame 3CC9 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://130-bfb-942.mktoresp.com/webevents/visitWebPage?_mchNc=1653198461973&_mchCn=&_mchId=130-BFB-942&_mchTk=_mch-phishlabs.com-1653198461971-66139&_mchHo=info.phishlabs.com&_mchPo=&_mchRu=%2Fsf-login-page&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
b059ee6a-34e2-4192-b097-435fbc82f022
r
scout.salesloft.com/ Frame 3CC9 		41 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo3MzgxfQ.wTFzhF-uZ32v817FJmU2XMNPhxmktsUmIa0fGBNQivQ
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.207.82.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-82-85.compute-1.amazonaws.com
Software
/
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
fd04b3082b6e05a475ac9ff058836dd5
collect
px4.ads.linkedin.com/ Frame 3CC9
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1653198462007%26url%3Dhttps%253A%252F%252Fphishlabs.my.salesforce....
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKs6NkiRFUXhwAAAYDqTp1-RTm8BFTVdtggGB-w8t9PJvC9f4Wc...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKs6NkiRFUXhwAAAYDqTp1-RTm8BFTVdtggGB-w8t9PJvC9f4WcAndN3z0iqPROJHxP0K8
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 82BA19F931C24ABEA1FACCC8B8BF166D Ref B: FRAEDGE1111 Ref C: 2022-05-22T05:47:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfk0MZqFVshtHTiOkt3Q==
x-li-fabric
prod-lva1

Redirect headers

date
Sun, 22 May 2022 05:47:41 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 08865BF4F47B40E5B2D6D8A392B1D039 Ref B: FRAEDGE1507 Ref C: 2022-05-22T05:47:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462007&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKs6NkiRFUXhwAAAYDqTp1-RTm8BFTVdtggGB-w8t9PJvC9f4WcAndN3z0iqPROJHxP0K8
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfk0MXBseCrLE43EGlcA==
box-4924254a9ce4dc9b959b6e4a9b662d60.html
vars.hotjar.com/ Frame A3FE 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.198.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-198-52.fra2.r.cloudfront.net
Software
/
Resource Hash
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3351516
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 10:49:06 GMT
etag
"1635635016e428baa170305e9282c34a"
last-modified
Wed, 13 Apr 2022 10:48:29 GMT
vary
Accept-Encoding
via
1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
x-amz-cf-id
Jr2JKuKmOArdbCIPNZXQT9AgdFbJNO5VdPHa79eGyZzxNMEf2J3G9w==
x-amz-cf-pop
FRA2-C1
x-cache
Hit from cloudfront
x-robots-tag
none
index.php
stats.sa-as.com/ Frame 3CC9 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=259092&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=SF%20Login%20Page&Hst=info.phishlabs.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fsf-login-page&Reff=https%3A//phishlabs.my.salesforce.com/&FullPage=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&PMCD=https://info.phishlabs.com/sf-login-page&r=0.42872551979477724
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:57:29 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
IMAGE/PNG
Content-Length
102
/
www.facebook.com/tr/ Frame 3CC9 		44 B
90 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=Microdata&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&rl=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&if=true&ts=1653198462089&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SF%20Login%20Page%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22%22%2C%22og%3Atitle%22%3A%22SF%20Login%20Page%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=1&o=30&it=1653198461418&coo=false&es=automatic&tm=3&exp=p0&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sun, 22 May 2022 05:47:42 GMT
index.js
info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ Frame BED2 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 347732911156afff87ff95b6d55b9278.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4120405
x-amz-server-side-encryption
AES256
cf-ray
70f342345b01694b-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 25 Mar 2022 12:04:14 GMT
server
cloudflare
etag
W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pJjmtByGOROCF3hA5DAwEr9zdxk0odWzSKDEVyVUcsfhlIO5hwlR2djNYuqCX1Wk44bk%2B2EZytaC7H9ejNyou4elUIgF4%2FfRtGeFYRQJfi%2BrTWInlo66jPBtxlbcrsx38eJ1YHmNjWNy4Hjwj5bLjg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
IEE9ZmbJgF53I0lPlIN-GxbmpLUEFckYurqYcNnudXdWCydPJuYhBw==
expires
Mon, 22 May 2023 05:47:42 GMT
jquery-1.7.1.js
info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ Frame BED2 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 ddd7d19501f4b19d560bfedbdd9b13ce.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10101614
cf-ray
70f342347b24694b-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=N6wh9IVVvZ3vj7rR3SBe4j5oAK6GAaEcNvxDVjcBMwcu4aYErshk1aQhlGa89WvEclWnKEXYd%2BhrwMmAZ0jqNVhGugKl6mlXjM98BlTQ4EfOQE61b6oKQsSuxTn8Zw0tkjl7i7UHCeZD7TJ0qguOjA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
DUS51-P2
content-type
application/javascript
x-amz-cf-id
fm5oEyshHguW5eyTWJujGExVMJHQq6j4KXVELLj8_f20U-gCmo27Iw==
expires
Mon, 22 May 2023 05:47:42 GMT
Setup-style.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/ Frame BED2 		39 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 2ca1a2664d288773b443dc5e52a8b5b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
BDAES1PF028QGC00
x-amz-id-2
OIXk46+5WW/T7Cc9TeIRNUTaoX1dE1a8tEYa/Ob+UkjS7/1KLHNL1Zb0D0a6w0aKZ4FDw5wFVJU=
last-modified
Sun, 29 Sep 2019 04:21:09 GMT
server
cloudflare
etag
W/"06ddb0e365ad13e48b57e73f34f4304b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9FyOfEhDKqrsBRsHp4TCW5VKWtNbwR3r8HDtiiPnESP0riYvGQ0R0bFM2qW2i0YcdBP0ced4AppFbYmPvXxg%2BLHWbTeOLJT9KpYED4uwebAbdOb2TR%2BQ1rSC4Mqr2fNy2xf8O9qGhN6NJfU4S04%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
h7abRBDuPOHylyfsb0LyMYoafw23bNJ1
x-amz-cf-pop
IAD89-P1
cf-ray
70f342347b26694b-FRA
x-amz-cf-id
p7jX8WskrZaCDCCWSz9IjbTJsDLE6f68_ZH6WJX0HjjHH6ky8o_DPA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Setup_Style.min.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/ Frame BED2 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/Setup_Style.min.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 5630c5d6ce3870273aaf2ed5fe6c2f14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
BDA25ZYG5MCA7R91
x-amz-id-2
Hc2vEY05gqTG/4zZD4CQMlFdmne6gNiwSziggOBwe+zOvtJlZsO09pz7FZ3laH7SmtfhM/8nV+k=
last-modified
Sun, 29 Sep 2019 04:21:13 GMT
server
cloudflare
etag
W/"8fa142fa89bb898822b083a61a7c8888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PSf3s8L8S%2FK7cMm5JxC5e2Qw%2FzgtANJyU%2FRDEyrQrkoIYCVR8N9LbG%2F9PDPJtUXbHaki00QjQ07O1tMz5XbeNvGW3e9bWmGXJ3JK7%2FDU9UzlB8jYNfYGURITPX8ZlRpeWBSBfUdeYL2W5znIoYaiiQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
MWEuqnQB7FhcUGXBr_hr5qk78NtV.SO_
x-amz-cf-pop
IAD89-P1
cf-ray
70f342347b27694b-FRA
x-amz-cf-id
tiVKt0Mgh0Jp1fnb-EvO4PhSGpZNWhSXZPGl9fSdW35fgjTLbwyg4w==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
PhishStyle.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/ Frame BED2 		43 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 0920aeb1eced22df07c9ece1cab0a554.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
702ZAP1FNS8XTGJE
x-amz-id-2
/hCdErJmdUMEZ0G6md57Oua2X62runTY/kMWRZSKx4i6X/4TRdThQP/ZG98j2PkxZgvBaXoJQPs=
last-modified
Sun, 29 Sep 2019 04:21:10 GMT
server
cloudflare
etag
W/"c7ac1e1589845d6c36bea5f64db2fa4e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wRXu%2BK4T6BwwLu%2B9bF2bijOVR%2Fle005%2BYmF8fiIzK%2BcOvCqbooncWz%2Be4w5eIhh6XKNmyzATUKBtbRP7Mo0cwjaUuNep3zEoXPjsapSe1kZBgF9XXyZPPXYQheSBgEIJJZj2t5fa0I5W8ai%2Fqr2kuw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r2OgNPfKSJXEKLnNWcSQh.PTt4qpyGLa
x-amz-cf-pop
IAD89-P1
cf-ray
70f342347b2b694b-FRA
x-amz-cf-id
kYzhn3enBhaLKfCfrBHGGJ0Er8MSD5OyUMGfU6bO_XBFIlmFjMhAZA==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Shanna.jpg
assets.codepen.io/4615188/ Frame BED2 		102 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Shanna.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
40570de048c1c486155e5709177b9a7924d023bd3ad92f9f9392addd7dc55281
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:43 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YREXMJMFDXBADJCH
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
104148
x-amz-id-2
c2x600ExvAICFUuwP5y5lb0kdev8EoLwKZ4P6edAtNGgdcyTMr26L2aL5OcOYkqYFWkXYUy76iE=
last-modified
Wed, 02 Feb 2022 13:35:50 GMT
server
cloudflare
etag
"a63faa0f5a9680b242cdee9ee95b8240"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
mIS1pfVgNOxny2oA_UiQelryw1Dlk2K7
accept-ranges
bytes
cf-ray
70f34234e96e8fef-FRA
expires
Wed, 22 Jun 2022 05:47:43 GMT
Hayden.jpg
assets.codepen.io/4615188/ Frame BED2 		246 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Hayden.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:43 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YREMC1VW1JYCWQ3R
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
418873
x-amz-id-2
DBfbsGA4nhdFwXEBB7+L2UAzvEcCBWVgB1xVsy7sNizV75fX6XTQ9gmmCo3FlVfFubwNhtlzwtI=
last-modified
Wed, 02 Feb 2022 13:58:44 GMT
server
cloudflare
etag
"97a18cf018da33742d7bd00e5ed7bc50"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
BUOpMPXb2bKcT7X.XALgnd2OxTCKSSGa
accept-ranges
bytes
cf-ray
70f34234e9718fef-FRA
expires
Wed, 22 Jun 2022 05:47:43 GMT
daniel.jpg
assets.codepen.io/4615188/ Frame BED2 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/daniel.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
231e774aafbf6d84fd8fafb14040538464a2dbf8e830192fff8545d6ff14cbf1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:43 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YREK8MK0R7C6S51C
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
17084
x-amz-id-2
F/fieLDV0R/apkDNq2K+MvMg0jASLMxhS3XRa50rv4FRgT03po93RgnfsgLu5oli4s6jURNOwrk=
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"ca81623d1ff7bd7d00f722156f118aa2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
cgXCzQpdzao.HjrIEE_th__9CY.Z5Z7R
accept-ranges
bytes
cf-ray
70f34234e9738fef-FRA
expires
Wed, 22 Jun 2022 05:47:43 GMT
Terry.jpg
assets.codepen.io/4615188/ Frame BED2 		27 KB
28 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Terry.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f52ac0c64f144ee8d991230e25ff4530831e41c8b7b6fe3a8ba10f4716bf8094
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:43 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YRES029ZF83MWXT5
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27729
x-amz-id-2
d0HCuHUqskywDR9cL2dwHc2KkIw6CHpZSfeHRi8baUyqHRaB/EUZiQ6gO6ZU1xHUKi90Jud0kvg=
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"d808d8f9f6f8a6a7ed07a8ea908481f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
2FrXYiy_CoHLvaJh9RAKcFOCw8px8K21
accept-ranges
bytes
cf-ray
70f34234f9748fef-FRA
expires
Wed, 22 Jun 2022 05:47:42 GMT
Jesse.jpg
assets.codepen.io/4615188/ Frame BED2 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Jesse.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca341a6cbb59e89294e4f8bb9617286c91d316f9ed2a3a7b83139d88b69fbeeb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YREYZWREFKDBDN9N
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
14488
x-amz-id-2
oxLzOdL6v9WmqJFYTOtlgipS/PwDBuZTJO6Ei7i207Wpmruv2B+gd6H5z+1GX4riM2/4W55ZA1s=
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"00bb72684ccc89f6d17a710f33aa2b3b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
23JILb_By9ISC8FBrXan3SaC1YhIUjXJ
accept-ranges
bytes
cf-ray
70f34234f9758fef-FRA
expires
Wed, 22 Jun 2022 05:47:42 GMT
Austin2.jpg
assets.codepen.io/4615188/ Frame BED2 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Austin2.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
798ed8d6a3266ace22498e8746c609ea766931fbd3767bec5936789f7498e4e8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YREZ91JAQCCHG19D
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
11086
x-amz-id-2
XhWV2v+gqDxGDxkhiFm3mBVWzLPzjR6UrY9iryXPIHHDo1KorZUVKgSD8HiLyjvCekLaonf24c0=
last-modified
Wed, 02 Feb 2022 18:41:01 GMT
server
cloudflare
etag
"caa308f97dca56a56e3aaeebbe6eed18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
eUGLErDO9Vpcc6oavznesOn961G..0t2
accept-ranges
bytes
cf-ray
70f34234f9768fef-FRA
expires
Wed, 22 Jun 2022 05:47:42 GMT
Ryan.jpg
assets.codepen.io/4615188/ Frame BED2 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Ryan.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b91c4b246579d67c4af460ba6186dbc48366fb1f14478632f7c70e7ed122221a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:43 GMT
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YREY12XV3ETMWV99
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
38560
x-amz-id-2
6L1KbTTY/10G5gEl3okP5vHTpZbImAqlbmluHqz4tVTEeWS7zXqZTcLYxFk82l0/If0CZ5a+1QE=
last-modified
Wed, 02 Feb 2022 14:14:46 GMT
server
cloudflare
etag
"25ec49cfc2f7795a086a132d55bc1b52"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
TAEoogUTTqwfSz02RjOeMLq5pSvN.lby
accept-ranges
bytes
cf-ray
70f34234f9788fef-FRA
expires
Wed, 22 Jun 2022 05:47:42 GMT
PhishLabs_by_HS-Logo-CMYK_WHT-Padding.svg
assets.codepen.io/4615188/ Frame BED2 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/PhishLabs_by_HS-Logo-CMYK_WHT-Padding.svg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d82fe22866056ccadac57ccb8f5978e59c5e4460bd9d4106a584ef0b48e1a5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
MISS
x-amz-request-id
YRETF2W7R0GEY8KB
x-amz-server-side-encryption
AES256
cf-ray
70f34234f9798fef-FRA
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
csqp0CaEmhUsObXbbiz/j1QIZnk9wvR4nm7Y3LLJBhIY7R7FS5fX2QwWuX15saX/CXPfuRS9w/k=
last-modified
Wed, 02 Feb 2022 13:06:32 GMT
server
cloudflare
etag
W/"171478fd53662a1828b7e8b759cbf55f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-version-id
qpQuUvSVTeqgpQBd9tpWSifjuGXB6uzO
access-control-allow-origin
*
cache-control
public,max-age=259200
content-type
image/svg+xml
expires
Wed, 22 Jun 2022 05:47:42 GMT
css2
fonts.googleapis.com/ Frame BED2 		2 KB
537 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
063bea88139206ba971350416eb9d7a6e9c7bca372a55f380f472d84d505dd0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 May 2022 04:15:40 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 22 May 2022 05:47:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 May 2022 05:47:42 GMT
326665.js
info.phishlabs.com/hs/scriptloader/ Frame BED2 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/scriptloader/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd89abc0ab756b6d1389360d6dc1c5c9d4b9b51a6aeb45c5e30e7dbe798ca1d3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
cf-polished
origSize=1967
cf-bgj
minify
x-hubspot-correlation-id
a334c9c3-cdd4-4025-b673-420593a0234e
last-modified
Sun, 22 May 2022 05:47:41 GMT
server
cloudflare
x-trace
2B4124734E496895FEB45695EDF222F344A69FAD7E000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0cwdrvG4HYt3pPrtKCpZ4%2Ft6HnVm8I1RKOK9hJteppi8AGmxIdTL%2Bj4vcnZWE5lHrfSZy%2FyBikYNrP8S97tQ2SmksTcdCheHBmJxDZJvD2DYcmHTqSehJasjdIajN1L2ulCuXU6Kc0%2ByUkMPRw6hLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
70f34234cb99694b-FRA
expires
Sun, 22 May 2022 05:48:42 GMT
conversion.js
www.googleadservices.com/pagead/ Frame BED2 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f2.1e100.net
Software
cafe /
Resource Hash
895f492be4e7fcbe0f12090af4097a95d96b07157baacd9d8011c0a24e4dc947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16860
x-xss-protection
0
server
cafe
etag
9538313714109913383
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 05:47:42 GMT
/
load.sumome.com/ Frame BED2 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumome.com/
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
cdn-edgestorageid
459
x-amz-request-id
3PCZK5VJD5EKZK42
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
04/25/2022 00:10:59
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
dAESyP9+JFGRy8XKuCpYIrR3W//nPp0NqykRo+mXyOZWMUDphuFDRn6nYqCTb0JhIyoEEMA36go=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 15:23:03 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=600
cdn-requestid
c1ccfa8088e9c0ad742f7feab88cba30
cdn-requestcountrycode
RO
cdn-status
200
cdn-requestpullsuccess
True
swap.js
cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/ Frame BED2 		32 B
310 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/swap.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.171.118.96 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-35-171-118-96.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-runtime
0.007973
date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
eecb5004-e340-41ac-ae99-b82c9a72ae7c
9f609f1a.min.js
tag.demandbase.com/ Frame BED2 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/9f609f1a.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.198.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-198-110.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
spcLtnX6rAUIpscvak6_OQCDfS4ghIGh
content-encoding
gzip
etag
W/"43fe60654bcf129ab9209fc53c139c93"
age
1
x-cache
Hit from cloudfront
vary
Accept-Encoding
last-modified
Thu, 03 Mar 2022 16:15:48 GMT
server
AmazonS3
date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 59d92388a3a66e5f245f384a437fa024.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
M8sV2-xJN9kRB65KjiNl_EkpWMdtMtFyK4gM9GIpdG_6RdMeHCpwaw==
gtm.js
www.googletagmanager.com/ Frame BED2 		190 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a28820b58af5edcb000933be326552d2eefa3e684a7bc28586cb647cc6b3a5c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69932
x-xss-protection
0
last-modified
Sun, 22 May 2022 03:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 05:47:42 GMT
css
fonts.googleapis.com/ Frame BED2 		8 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,500,700
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b3f0a6d6a59d8015a0f304089d399067747d2618e48cce61474983bf0e76f7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 May 2022 04:50:25 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 22 May 2022 05:47:42 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 May 2022 05:47:42 GMT
log
segments.company-target.com/ Frame BED2
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://segments.company-target.com/log?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/log?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Server
18.66.248.56 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-56.dus51.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Via
1.1 27a205ba0937fb032aa2efb66ec66a80.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
e9e2c87d3eca0afa
X-Amz-Cf-Id
_W8kE5nF7MCNo2D8IFh2Mvx2BldlYp6kgPr9uf90jIg7KtWCg-S8vg==

Redirect headers

location
https://segments.company-target.com/log?vendor=choca&user_id=AAC2pk7FE50AAEwjnUa9oA
Date
Sun, 22 May 2022 05:47:42 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
strict-transport-security
max-age=2592000; includeSubDomains
464526.gif
id.rlcdn.com/ Frame BED2 		0
9 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ip.json
api.company-target.com/api/v2/ Frame BED2 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=null&page=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&page_title=3rd%20Party%20iFrame&src=tag&auth=qRf7oCt4rQiJCau52wBF0xPrmBAr5L855rvoN7fG
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.80.60 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-80-60.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
41aa3f3db71668353923b3b0505dc9aaf4a775b0b87d79bf6134a9683cc8807e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
identification-source
CACHE
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
request-id
0fa72416-a4b5-4cd9-992a-d5c9d760a845
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://info.phishlabs.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 f99b5b46e77cfe9c3413f99dc8a4088c.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
VSRv26bqfggdf7EQjcOy4-GeczHUDTqW8K8ZUQtn1e36BLvwGKEfIA==
expires
Sat, 21 May 2022 05:47:42 GMT
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
fonts.gstatic.com/s/montserrat/v24/ Frame BED2 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v24/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7816b6bd80713ced0fabbf061d7ad97d6d1ff4fbf94a1e2b17fbd61421a3a17
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://info.phishlabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:11:23 GMT
x-content-type-options
nosniff
age
390979
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12708
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 14:37:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 May 2023 17:11:23 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/ Frame BED2 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/?random=1653198462224&cv=9&fst=1653198462224&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f39f2bccaca83220d134a81d698637505defeed2bc45195f2f2d253d39afbe17
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1002
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
326665.js
js.hs-banner.com/ Frame BED2 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:21ab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
6AW8TQEC2DTHVTHZ
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
8jxtCk2J16dU84u76RNUWAR0xXLCy7uryUHJz6nydkZHmzf9bwWmnTlxx6zgAEUibxcmLrq4PTI=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 20:37:23 GMT
server
cloudflare
etag
W/"9d99d1791572859edb76b909144c1152"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
T225Ue6NSsChPWiTKWdZ05t774U6Tk6_
access-control-allow-origin
https://www.phishlabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
70f34234fde501db-ZRH
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sun, 22 May 2022 05:52:42 GMT
326665.js
js.hs-analytics.net/analytics/1653198300000/ Frame BED2 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1653198300000/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:47b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f06593fd04112f8f991fcddae285285243b502f8ee32ab9ad6a54a45c0c62d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
cf-cache-status
HIT
age
1
x-amz-server-side-encryption
AES256
x-amz-request-id
BDAATGGNCV24E7XN
x-amz-id-2
a1VZDZPe8B0pivQLgHCTkn954hcenmvZ8Luo9xd2oBKOxFqjizzp+Bi2CxuTqqcgsO3RZWnpD6c=
last-modified
Thu, 14 Apr 2022 15:09:10 GMT
server
cloudflare
etag
W/"a0b185fc22d0f8b28d97f2114d68823e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
x-amz-version-id
null
cf-ray
70f34234fa3301f8-ZRH
expires
Sun, 22 May 2022 05:52:41 GMT
leadflows.js
js.hsleadflows.net/ Frame BED2 		547 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e8cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
Origin
https://info.phishlabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 5148e372b4ab17878741ea92be548472.cloudfront.net (CloudFront)
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js&cfRay=70f342328bcfcc46-IAD
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
70f34234fdaecc46-ZRH
last-modified
Thu, 19 May 2022 12:56:48 UTC
server
cloudflare
etag
W/"3a729bcb06fbe3ff521fc0e64855db1f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET
x-amz-version-id
g4B39IYvnh_FDOMHIH7jomAsh2XchlfN
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-P1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
_GkjKWJgZVxiHT3EyRZAZfveHELV6YzZeOPRhZu6uf5G_VrorB4PRA==
x-hs-target-asset
lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js
fb.js
js.hsadspixel.net/ Frame BED2 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:74b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
142e1cd28809b7bbe61123941a3a70a045a5c1fa864c97574b32abd94f4b4229

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 b9d1b307966c2273bf97ed7c681603da.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
501
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.278/bundles/pixels-release.js&cfRay=70f335f8dad88fce-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 10 May 2022 02:37:05 UTC
server
cloudflare
etag
W/"e23a3c7ef0fc6b7c55f83c4911c95be6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
sUKtDc7b2iEDZ57z7v16VeKnAVF7O_.0
cache-control
max-age=600
x-hs-cache-status
EXPIRED
x-amz-cf-pop
IAD89-P1
cf-ray
70f34234f8519022-FRA
x-amz-cf-id
ZcGypW5NjRfS6ohf0yvU3I099K_7hKUAAr6i8X632fIpIEibGu3VjA==
x-hs-target-asset
adsscriptloaderstatic/static-1.278/bundles/pixels-release.js
munchkin.js
munchkin.marketo.net/ Frame BED2 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.72.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-72-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
optimize.js
www.googleoptimize.com/ Frame BED2 		108 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-PK5SW57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c008cf14d25ed8be3eeaf81f7b687f35b987110ea9bc7cdcc4802b518408749a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41301
x-xss-protection
0
expires
Sun, 22 May 2022 05:47:42 GMT
js
www.googletagmanager.com/gtag/ Frame BED2 		189 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VSQX89F7WH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b6f03753313fda0bf82628e13b604dd3aa75ba5e85a579db433c35ede0983ffc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69583
x-xss-protection
0
expires
Sun, 22 May 2022 05:47:42 GMT
analytics.js
www.google-analytics.com/ Frame BED2 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5314
date
Sun, 22 May 2022 04:19:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 22 May 2022 06:19:08 GMT
hotjar-2702231.js
static.hotjar.com/c/ Frame BED2 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.80.58 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-80-58.fra2.r.cloudfront.net
Software
/
Resource Hash
6b30b793f99f794d675c0c00d32839131896b43377660191828043b81ea05fbb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
age
1
etag
W/8df7282d229d8f895b5ef835678c3920
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-pop
FRA2-C2
x-amz-cf-id
8iiXarVTES7_4hB4Zttz3yZVv6rq6JYKOa4CfbNptacblr6F6wzhSw==
via
1.1 e1e056e45a0f8d6bc22b223900511170.cloudfront.net (CloudFront)
live.js
stats.sa-as.com/ Frame BED2 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"2800c0-52e-54d2690345cc0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
fbevents.js
connect.facebook.net/en_US/ Frame BED2 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
/xlA7DVy1x11Kp7LkRb/5VvEOSOhjzrmCRztCJv7jbD2MCQbeoEKsAkpwHNYYm+Ib/bjjF9/j3lwK5UV5btYvQ==
x-frame-options
DENY
date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
611434f132b77200153d4e45
ws.zoominfo.com/pixel/ Frame BED2 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0066S00000zrhviQAA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
7e173621c2461388a9b1202e3f50ab7b2240549cb2b1bb3875854f0ed3de0565
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
70f342352d0a0229-ZRH
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
via
1.1 google
munchkin.js
munchkin.marketo.net/161/ Frame BED2 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.72.193 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-72-193.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Tue, 30 Aug 2022 05:47:42 GMT
72.0a035390359aab65eb82.js
load.sumo.com/ Frame BED2 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
cdn-edgestorageid
549
x-amz-request-id
0XPNF8DMEJ6W2XCT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
02/08/2022 16:56:04
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
70b8c58f388729063376cadd7a15b50c
cdn-requestcountrycode
RO
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ Frame BED2 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
br
cdn-edgestorageid
883
x-amz-request-id
9N84X4YRM21X08T5
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
03/10/2022 13:34:18
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"ad6f2454f01de902ffd473d51c1207bf"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
c0d1d1faa6c8cb45ed87e7e06c1326e8
cdn-requestcountrycode
RO
cdn-status
200
cdn-requestpullsuccess
True
149823563868256
connect.facebook.net/signals/config/ Frame BED2 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/149823563868256?v=2.9.60&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
10d7ebbbb0a90097f9a8bb69f5616ff502210b74bfe69c467055bc60411fdd5d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
88744
x-xss-protection
0
pragma
public
x-fb-debug
kQEyJwLRBTJsxWQOepkfGmEEBDvgeuSJNcOtEVG8nYkVBT3E/KaOlpXGH8JBKCyR5NQ0q6mySnX0Vomji4mcRg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
i
scout.salesloft.com/ Frame 3CC9 		48 B
512 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.207.82.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-82-85.compute-1.amazonaws.com
Software
/
Resource Hash
49b95194e6eaebdcf36f5fd42b5d9c8df69d88dc8164a832618b9aa5154b7f82
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
0e2937cceb441e3dc8dc40379444ac33
modules.f31ba00513b7ef8234d1.js
script.hotjar.com/ Frame BED2 		243 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.f31ba00513b7ef8234d1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.198.15 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-198-15.fra2.r.cloudfront.net
Software
/
Resource Hash
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 20 May 2022 16:09:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
135515
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63712
access-control-allow-origin
*
last-modified
Fri, 20 May 2022 16:08:12 GMT
etag
"bb85a92d3aefdabfa0ed466815889fc6"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 7a18a0a1d9929dae345690b88b08dd5e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
T4PW_rkaXgFmQbyvPEBkAfTxRZ9s3WKC1qBn1toDHq9tniop8TQpyw==
visitWebPage
130-bfb-942.mktoresp.com/webevents/ Frame BED2 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://130-bfb-942.mktoresp.com/webevents/visitWebPage?_mchNc=1653198462345&_mchCn=&_mchId=130-BFB-942&_mchTk=_mch-phishlabs.com-1653198462344-24271&_mchHo=info.phishlabs.com&_mchPo=&_mchRu=%2Fsf-login-page-2&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
51da0898-5152-49cf-b924-96091ad6b476
/
www.google.com/pagead/1p-user-list/1003980311/ Frame BED2 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1003980311/?random=1653198462224&cv=9&fst=1653195600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=3840134582&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 05:47:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1003980311/ Frame BED2 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1003980311/?random=1653198462224&cv=9&fst=1653195600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=3840134582&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 05:47:42 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame BED2 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f7::5c7b:e053 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

X-EdgeConnect-Origin-MEX-Latency
662
Date
Sun, 22 May 2022 05:47:42 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
X-EdgeConnect-MidMile-RTT
0
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=36936
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
sl.js
scout-cdn.salesloft.com/ Frame BED2 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
NetDNA-cache/2.2
x-amz-request-id
FVXXN9NQSP35N957
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
x-cache
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-type
application/javascript
x-amz-id-2
t+hD+ut+08JWthjEFl2C7IQAskPGv+nM+sfOEhNE+YxckEOo/JGGKTykwPcyfU4866qU33D7xzA=
/
www.facebook.com/tr/ Frame BED2 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=PageView&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&rl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&if=true&ts=1653198462425&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=0&o=30&it=1653198462269&coo=false&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sun, 22 May 2022 05:47:42 GMT
r
scout.salesloft.com/ Frame BED2 		41 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo3MzgxfQ.wTFzhF-uZ32v817FJmU2XMNPhxmktsUmIa0fGBNQivQ
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.207.82.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-82-85.compute-1.amazonaws.com
Software
/
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
cd0d2024c35548b9621f3d27b5933029
box-4924254a9ce4dc9b959b6e4a9b662d60.html
vars.hotjar.com/ Frame 0BCA 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.198.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-198-52.fra2.r.cloudfront.net
Software
/
Resource Hash
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3351516
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 10:49:06 GMT
etag
"1635635016e428baa170305e9282c34a"
last-modified
Wed, 13 Apr 2022 10:48:29 GMT
vary
Accept-Encoding
via
1.1 96ab38d99b79d57e5c7e9b8a07c0fad2.cloudfront.net (CloudFront)
x-amz-cf-id
3Vlzv_HlxkmnbO-iL-w3hMjNmT_HmkbaIbsnE-Srj1_JfiIen7F9fA==
x-amz-cf-pop
FRA2-C1
x-cache
Hit from cloudfront
x-robots-tag
none
collect
px4.ads.linkedin.com/ Frame BED2
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462451&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462451&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKyW0KfO4IrUwAAAYDqTp5CWw9Ql8-7QkOKyCuRWDJNXbM4AWN96c85lTMD...
0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462451&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKyW0KfO4IrUwAAAYDqTp5CWw9Ql8-7QkOKyCuRWDJNXbM4AWN96c85lTMDiIAMbTicG8A
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:41 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: E69559224D154B66A8B75C629C7BB3C6 Ref B: FRAEDGE1111 Ref C: 2022-05-22T05:47:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfk0MbqfiCKfGihW42OA==
x-li-fabric
prod-lva1

Redirect headers

date
Sun, 22 May 2022 05:47:42 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: D957F23723BD44EFB47C7F8E5FB9DB01 Ref B: FRAEDGE1507 Ref C: 2022-05-22T05:47:42Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653198462451&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&e_ipv6=AQKyW0KfO4IrUwAAAYDqTp5CWw9Ql8-7QkOKyCuRWDJNXbM4AWN96c85lTMDiIAMbTicG8A
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfk0MaAqbV6xNwcaq6vQ==
collect
ws.zoominfo.com/pixel/ Frame BED2 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/collect
Requested by
Host: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:650c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-origin
https://info.phishlabs.com
access-control-allow-credentials
true
cf-ray
70f342367f5f9180-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length
0
i
scout.salesloft.com/ Frame BED2 		48 B
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.207.82.85 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-207-82-85.compute-1.amazonaws.com
Software
/
Resource Hash
e6928981b59ea02d1e709a19ece52e51742d620ccac9950f88dc9b99d3daf5af
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
2ff0030bec5fb7469bb3a69ce6f22394
index.php
stats.sa-as.com/ Frame BED2 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=259092&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=SF%20Login%20Page&Hst=info.phishlabs.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fsf-login-page-2&Reff=https%3A//phishlabs.my.salesforce.com/&FullPage=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&PMCD=https://info.phishlabs.com/sf-login-page-2&r=0.8903254839279755
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 05:47:43 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
IMAGE/PNG
Content-Length
102
/
www.facebook.com/tr/ Frame BED2 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=Microdata&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&rl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&if=true&ts=1653198462932&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SF%20Login%20Page%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22%22%2C%22og%3Atitle%22%3A%22SF%20Login%20Page%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=1&o=30&it=1653198462269&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 05:47:42 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sun, 22 May 2022 05:47:42 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| SFDCSessionVars function| SfdcFramework object| Sfdc object| SfdcApp object| DomainSwitcher object| IdpOptions object| LoginHint function| loader function| checkCaps function| handleLogin function| lazyload

30 Cookies

Domain/Path Name / Value
phishlabs.lightning.force.com/ Name: CookieConsentPolicy
Value: 0:0
phishlabs.lightning.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.force.com/ Name: BrowserId
Value: rj499tmSEeybySmMxOUsIA
.force.com/ Name: BrowserId_sec
Value: rj499tmSEeybySmMxOUsIA
phishlabs.my.salesforce.com/ Name: CookieConsentPolicy
Value: 0:1
phishlabs.my.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
.salesforce.com/ Name: BrowserId
Value: r_ri6dmSEeyMIvNq-7uxvQ
.salesforce.com/ Name: BrowserId_sec
Value: r_ri6dmSEeyMIvNq-7uxvQ
login.salesforce.com/ Name: CookieConsentPolicy
Value: 0:0
login.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
login.salesforce.com/ Name: session
Value: 1653198460096
na168.salesforce.com/ Name: CookieConsentPolicy
Value: 0:0
na168.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.facebook.com/ Name: fr
Value: 030b15jaqLwEsoul7..Biic59...1.0.Biic59.
.ws.zoominfo.com/ Name: visitorId
Value: e3abc19bae0955dc2b110b6ad3b5bfa8bc6bdb0376ee5f24ba9f1ca24ef18884
.bidr.io/ Name: bito
Value: AAC2pk7FE50AAEwjnUa9oA
.bidr.io/ Name: bitoIsSecure
Value: ok
.company-target.com/ Name: tuuid
Value: cb1d2dad-e7f3-47bd-b425-cc98e101b193
.company-target.com/ Name: tuuid_lu
Value: 1653198462
.info.phishlabs.com/ Name: __cfruid
Value: 6d903152a237717590250d3b04e0fc8dae0334dd-1653198462
.linkedin.com/ Name: UserMatchHistory
Value: AQLO3MZvNVs6PwAAAYDqTpye7icvZ-lqghfCVR3-zt1K_4Wim1c5oJ7zx7JQrbx1KzqloqvrRz8Cfg
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLif8jtQtm7GQAAAYDqTpyeJGYEM5xMgEXBozkiJYsjH8qBf5c_TPlnbL2u3IMT3lVYA6qfI1wtVg3gZtqKBQ
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&cbbd1796-e2e2-4957-8d78-6b35abc8477a"
.linkedin.com/ Name: lidc
Value: "b=VGST00:s=V:r=V:a=V:p=V:g=2714:u=1:x=1:i=1653198462:t=1653284862:v=2:sig=AQE1wmR77ZrKpTRtr1N8FtN5LX-TapPF"
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.www.linkedin.com/ Name: bscookie
Value: "v=1&202205220547427123c9f5-f37a-4462-8f08-6db71634902bAQFZDe_uYF7CF6RvEWDE6pNsEjnalA4s"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTMxOTg0NjI7MjswMjHMajiIgLuiBURS+Kk6mB0xknm9PozlqIaHYQYMAGkEFQ==
.doubleclick.net/ Name: IDE
Value: AHWqTUndUHRn37xB-9A8JnK9XJKG3vdLBMibFnWQN3nyUDpzK8Z2aUCVLpzBm2CT
.codepen.io/ Name: __cf_bm
Value: o5rRT00.bBfiG5ADF0FmsrnYKYl.EijioSzPRzq33xI-1653198462-0-AbESkD2uE5fMV/oCN8Tkrq4GVP5tu5lELgbu6cIC3WksM/EbifgLyhpp+gHn/Mp1eZTfpcU0F3UzQ1PZnqHF7vY=

2 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

130-bfb-942.mktoresp.com
api.company-target.com
assets.codepen.io
cdn.callrail.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.rlcdn.com
info.phishlabs.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsleadflows.net
load.sumo.com
load.sumome.com
login.salesforce.com
match.prod.bidr.io
munchkin.marketo.net
na168.salesforce.com
phishlabs.lightning.force.com
phishlabs.my.salesforce.com
px.ads.linkedin.com
px4.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
segments.company-target.com
snap.licdn.com
static.hotjar.com
stats.sa-as.com
tag.demandbase.com
vars.hotjar.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
104.92.72.193
13.107.42.14
13.109.188.205
13.109.190.206
13.109.191.204
13.224.198.110
13.224.198.15
13.224.198.52
13.225.80.58
13.225.80.60
142.250.181.226
18.207.82.85
18.66.248.56
192.28.144.124
209.128.119.150
23.111.9.64
2606:2c40::c73c:671f
2606:4700:4400::6812:21ab
2606:4700::6810:650c
2606:4700::6810:b02c
2606:4700::6811:47b0
2606:4700::6811:74b0
2606:4700::6811:e8cc
2620:1ec:21::14
2a00:1450:4001:800::2008
2a00:1450:4001:811::2003
2a00:1450:4001:812::2004
2a00:1450:4001:813::200a
2a00:1450:4001:827::200e
2a00:1450:4001:829::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82f::200e
2a02:26f0:f7::5c7b:e053
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
35.171.118.96
35.244.174.68
52.209.163.249
84.17.46.53
85.222.152.195
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
063bea88139206ba971350416eb9d7a6e9c7bca372a55f380f472d84d505dd0e
08c8eb095458d2aed705fa0d062bebde26696d9fa52bb0f4cea1ace939adf75d
10d7ebbbb0a90097f9a8bb69f5616ff502210b74bfe69c467055bc60411fdd5d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
142e1cd28809b7bbe61123941a3a70a045a5c1fa864c97574b32abd94f4b4229
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
1f735850d9ba999007cbc997dee56b0074f21cff1e0d1c58553d68cf255bbcc4
231e774aafbf6d84fd8fafb14040538464a2dbf8e830192fff8545d6ff14cbf1
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ee23813fa644b088e6c066052ca130434ecb5278faab9b6591f457b070d0b79
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
40570de048c1c486155e5709177b9a7924d023bd3ad92f9f9392addd7dc55281
41aa3f3db71668353923b3b0505dc9aaf4a775b0b87d79bf6134a9683cc8807e
42a531dce996297d2a03cb33044b36408821072ad24b9477a237bd8a3ed6ebf7
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
49b95194e6eaebdcf36f5fd42b5d9c8df69d88dc8164a832618b9aa5154b7f82
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4d82fe22866056ccadac57ccb8f5978e59c5e4460bd9d4106a584ef0b48e1a5a
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
63546f6fc684cf07edf163d625a25b55baa1be3760df4c1c138a341c97c97c64
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
6b30b793f99f794d675c0c00d32839131896b43377660191828043b81ea05fbb
6b3f0a6d6a59d8015a0f304089d399067747d2618e48cce61474983bf0e76f7d
6e254c656a029b64c10f320cb325858bc578c94d7a6ec1e5703ba03abb6738c0
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
6ffc89bfd0b1dbbf3fd5b122ee26c05f39f23b680d43e70254c4caf4b425a105
72c8ccd8b081cadafdd20ca628c62e6e532baa648599e1417a3244084af3908c
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
798ed8d6a3266ace22498e8746c609ea766931fbd3767bec5936789f7498e4e8
7c4aa661a9d577743ffb80a2d0e6814f9df18dc26ce3ae75b4ee187f0236efc2
7e173621c2461388a9b1202e3f50ab7b2240549cb2b1bb3875854f0ed3de0565
7f06593fd04112f8f991fcddae285285243b502f8ee32ab9ad6a54a45c0c62d0
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
895f492be4e7fcbe0f12090af4097a95d96b07157baacd9d8011c0a24e4dc947
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a28820b58af5edcb000933be326552d2eefa3e684a7bc28586cb647cc6b3a5c1
a3141000abd1d2a613408608a9cb3fe825f723f7b05611db1b9b97eeaf415cae
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
b0a3071828b344195ba59d405e4844f0c5bb2ea6d7661884ecafa79eddea76d9
b6f03753313fda0bf82628e13b604dd3aa75ba5e85a579db433c35ede0983ffc
b91c4b246579d67c4af460ba6186dbc48366fb1f14478632f7c70e7ed122221a
c008cf14d25ed8be3eeaf81f7b687f35b987110ea9bc7cdcc4802b518408749a
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
ca341a6cbb59e89294e4f8bb9617286c91d316f9ed2a3a7b83139d88b69fbeeb
cd89abc0ab756b6d1389360d6dc1c5c9d4b9b51a6aeb45c5e30e7dbe798ca1d3
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b
d227db36858e48bfa8c473837e11d2390fa2fce13040f6ba5fae83de7cb0e6e9
d430f3d67d4fdf9143a4db967deb1d79d384fd5a90bba6f3846452f55b5b6887
d91ea1c6b56e9b6efc3164f86101d70f8e8b2fccc70d6a1106b93948e411b36c
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6928981b59ea02d1e709a19ece52e51742d620ccac9950f88dc9b99d3daf5af
e709d59b2f8550e371a800a9eee92d440d1b755c84246e05dde515431cd133ba
e7816b6bd80713ced0fabbf061d7ad97d6d1ff4fbf94a1e2b17fbd61421a3a17
ec787aa1ff5c729635e3b4c140d088b8363f03a4dca06aca9b157f257e2aba00
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9
f39f2bccaca83220d134a81d698637505defeed2bc45195f2f2d253d39afbe17
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f52ac0c64f144ee8d991230e25ff4530831e41c8b7b6fe3a8ba10f4716bf8094
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488