urlscan.io logo urlscan.io
SecurityTrails logo

phishlabs.my.salesforce.com Open in urlscan Pro
13.109.187.205  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://phishlabs.lightning.force.com/0010H00002RB7XiQAL
Effective URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Submission Tags: falconsandbox
Submission: On May 22 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 40 IPs in 4 countries across 36 domains to perform 143 HTTP transactions. The main IP is 13.109.187.205, located in United States and belongs to SALESFORCE, US. The main domain is phishlabs.my.salesforce.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 9th 2021. Valid for: a year.
This is the only time phishlabs.my.salesforce.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.110.62.206 14340 (SALESFORCE)
12 13.109.187.205 14340 (SALESFORCE)
1 13.110.56.204 14340 (SALESFORCE)
2 85.222.153.195 14340 (SALESFORCE)
14 2606:2c40::c7... 209242 (CLOUDFLAR...)
8 142.250.185.226 15169 (GOOGLE)
6 84.17.46.53 60068 (CDN77 ^_^)
2 54.84.95.254 14618 (AMAZON-AES)
2 143.204.215.43 16509 (AMAZON-02)
8 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 108.157.4.21 16509 (AMAZON-02)
4 209.128.119.150 7151 (BAYAREA-AS)
4 2a03:2880:f02... 32934 (FACEBOOK)
3 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
2 99.86.4.91 16509 (AMAZON-02)
2 6 2a00:1450:400... 15169 (GOOGLE)
4 104.89.28.179 16625 (AKAMAI-AS)
2 2606:4700:440... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
4 2a03:2880:f12... 32934 (FACEBOOK)
8 2606:4700::68... 13335 (CLOUDFLAR...)
4 4 52.215.3.215 16509 (AMAZON-02)
2 4 18.66.248.17 16509 (AMAZON-02)
2 35.244.174.68 15169 (GOOGLE)
2 143.204.215.77 16509 (AMAZON-02)
2 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 23.111.9.64 33438 (STACKPATH)
2 6 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
2 192.28.144.124 15224 (OMNITURE)
2 99.86.4.31 16509 (AMAZON-02)
6 6 2620:1ec:21::14 8068 (MICROSOFT...)
2 13.107.42.14 ()
1 2a00:1450:400... 15169 (GOOGLE)
4 54.144.43.78 14618 (AMAZON-AES)
2 2606:4700::68... ()
2 2606:4700::68... ()
2 52.38.14.212 ()
143 40
1    13.110.62.206 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl7-ncg1-c5-iad4.na168-ia4.force.com
phishlabs.lightning.force.com
12    13.109.187.205 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
phishlabs.my.salesforce.com
1    13.110.56.204 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl1-ncg1-c5-iad4.na168-ia4.salesforce.com
na168.salesforce.com
2    85.222.153.195 (Frankfurt am Main, Germany)

ASN14340 (SALESFORCE, US)
PTR: dcl4-ncg0-fra3.login.salesforce.com
login.salesforce.com
14    2606:2c40::c73c:671f (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
info.phishlabs.com
8    142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net
www.googleadservices.com
6    84.17.46.53 (Amsterdam, Netherlands)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-84-17-46-53.cdn77.com
load.sumome.com
load.sumo.com
2    54.84.95.254 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-84-95-254.compute-1.amazonaws.com
cdn.callrail.com
2    143.204.215.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-43.fra53.r.cloudfront.net
tag.demandbase.com
8    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googleoptimize.com
3    2a00:1450:4001:82f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    108.157.4.21 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-21.dus51.r.cloudfront.net
static.hotjar.com
4    209.128.119.150 (United States)

ASN7151 (BAYAREA-AS, US)
PTR: 209-128-119-150.bayarea.net
stats.sa-as.com
4    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2606:4700::6810:a852 (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
3    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    99.86.4.91 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-91.fra6.r.cloudfront.net
script.hotjar.com
6    2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
4    104.89.28.179 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-89-28-179.deploy.static.akamaitechnologies.com
munchkin.marketo.net
2    2606:4700:4400::ac40:9a55 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
2    2606:4700::6811:43b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6811:e9cc (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsleadflows.net
2    2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
4    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
8    2606:4700::6810:b02c (United States)

ASN13335 (CLOUDFLARENET, US)
assets.codepen.io
4    52.215.3.215 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-3-215.eu-west-1.compute.amazonaws.com
match.prod.bidr.io
4    18.66.248.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-248-17.dus51.r.cloudfront.net
segments.company-target.com
2    35.244.174.68 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 68.174.244.35.bc.googleusercontent.com
id.rlcdn.com
2    143.204.215.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-77.fra53.r.cloudfront.net
api.company-target.com
2    2a02:26f0:3500:7::17d8:4dc8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
2    23.111.9.64 (United States)

ASN33438 (STACKPATH, US)
scout-cdn.salesloft.com
6    2a00:1450:4001:800::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
6    2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
2    192.28.144.124 (United States)

ASN15224 (OMNITURE, US)
130-bfb-942.mktoresp.com
2    99.86.4.31 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-31.fra6.r.cloudfront.net
vars.hotjar.com
6    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
2    13.107.42.14 (None, )

ASN- ()
px4.ads.linkedin.com
1    2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
4    54.144.43.78 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-144-43-78.compute-1.amazonaws.com
scout.salesloft.com
2    2606:4700::6813:9a53 (None, )

ASN- ()
track.hubspot.com
2    2606:4700::6811:c8cc (None, )

ASN- ()
api.hubapi.com
2    52.38.14.212 (None, )

ASN- ()
sumo.com
Apex Domain
Subdomains		 Transfer
15 salesforce.com
phishlabs.my.salesforce.com
na168.salesforce.com — Cisco Umbrella Rank: 165210
login.salesforce.com — Cisco Umbrella Rank: 5687
90 KB
14 phishlabs.com
info.phishlabs.com
175 KB
8 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 511
www.linkedin.com — Cisco Umbrella Rank: 616
px4.ads.linkedin.com
6 KB
8 codepen.io
assets.codepen.io — Cisco Umbrella Rank: 40743
482 KB
8 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 71
441 KB
8 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 110
94 KB
6 google.de
www.google.de — Cisco Umbrella Rank: 5483
868 B
6 google.com
www.google.com — Cisco Umbrella Rank: 7
788 B
6 sumo.com
load.sumo.com — Cisco Umbrella Rank: 11247
sumo.com
290 KB
6 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 15336
scout.salesloft.com — Cisco Umbrella Rank: 15893
7 KB
6 company-target.com
segments.company-target.com — Cisco Umbrella Rank: 1294
api.company-target.com — Cisco Umbrella Rank: 3542
4 KB
6 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 44
5 KB
6 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 645
script.hotjar.com — Cisco Umbrella Rank: 896
vars.hotjar.com — Cisco Umbrella Rank: 989
133 KB
4 bidr.io
match.prod.bidr.io — Cisco Umbrella Rank: 466
2 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 102
564 B
4 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 3700
12 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 146
226 KB
4 sa-as.com
stats.sa-as.com — Cisco Umbrella Rank: 58848
3 KB
3 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 46
2 KB
3 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 6972
3 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
59 KB
2 hubapi.com
api.hubapi.com
1 KB
2 hubspot.com
track.hubspot.com
1 KB
2 mktoresp.com
130-bfb-942.mktoresp.com
622 B
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 939
7 KB
2 rlcdn.com
id.rlcdn.com — Cisco Umbrella Rank: 598
140 B
2 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3498
5 KB
2 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4372
175 KB
2 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2271
39 KB
2 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2273
30 KB
2 googleoptimize.com
www.googleoptimize.com — Cisco Umbrella Rank: 1364
81 KB
2 demandbase.com
tag.demandbase.com — Cisco Umbrella Rank: 5207
37 KB
2 callrail.com
cdn.callrail.com — Cisco Umbrella Rank: 8717
622 B
2 sumome.com
load.sumome.com — Cisco Umbrella Rank: 37868
4 KB
1 gstatic.com
fonts.gstatic.com
13 KB
1 force.com
phishlabs.lightning.force.com
968 B
143 36
Domain Requested by
14 info.phishlabs.com phishlabs.my.salesforce.com
info.phishlabs.com
12 phishlabs.my.salesforce.com phishlabs.my.salesforce.com
8 assets.codepen.io info.phishlabs.com
8 www.googletagmanager.com info.phishlabs.com
www.googletagmanager.com
js.hsadspixel.net
8 www.googleadservices.com info.phishlabs.com
www.googletagmanager.com
www.googleadservices.com
6 www.google.de info.phishlabs.com
6 www.google.com 2 redirects info.phishlabs.com
6 googleads.g.doubleclick.net 2 redirects www.googleadservices.com
4 scout.salesloft.com scout-cdn.salesloft.com
4 px.ads.linkedin.com 4 redirects
4 load.sumo.com load.sumome.com
4 segments.company-target.com 2 redirects info.phishlabs.com
4 match.prod.bidr.io 4 redirects
4 www.facebook.com info.phishlabs.com
4 munchkin.marketo.net info.phishlabs.com
munchkin.marketo.net
4 connect.facebook.net phishlabs.my.salesforce.com
connect.facebook.net
4 stats.sa-as.com www.googletagmanager.com
info.phishlabs.com
3 fonts.googleapis.com info.phishlabs.com
3 ws.zoominfo.com phishlabs.my.salesforce.com
ws.zoominfo.com
3 www.google-analytics.com www.googletagmanager.com
info.phishlabs.com
2 sumo.com load.sumo.com
2 api.hubapi.com js.hsadspixel.net
2 track.hubspot.com info.phishlabs.com
2 px4.ads.linkedin.com info.phishlabs.com
2 www.linkedin.com 2 redirects
2 vars.hotjar.com static.hotjar.com
2 130-bfb-942.mktoresp.com munchkin.marketo.net
2 scout-cdn.salesloft.com info.phishlabs.com
2 snap.licdn.com info.phishlabs.com
2 api.company-target.com tag.demandbase.com
2 id.rlcdn.com info.phishlabs.com
tag.demandbase.com
2 js.hsadspixel.net info.phishlabs.com
2 js.hsleadflows.net info.phishlabs.com
2 js.hs-analytics.net info.phishlabs.com
2 js.hs-banner.com info.phishlabs.com
2 script.hotjar.com static.hotjar.com
2 static.hotjar.com www.googletagmanager.com
2 www.googleoptimize.com www.googletagmanager.com
2 tag.demandbase.com info.phishlabs.com
2 cdn.callrail.com info.phishlabs.com
2 load.sumome.com info.phishlabs.com
2 login.salesforce.com phishlabs.my.salesforce.com
login.salesforce.com
1 fonts.gstatic.com fonts.googleapis.com
1 na168.salesforce.com phishlabs.my.salesforce.com
1 phishlabs.lightning.force.com 1 redirects
143 45

This site contains no links.

Subject Issuer Validity Valid
*.my.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-09 -
2022-07-08		 a year crt.sh
na168.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-21 -
2023-03-20		 a year crt.sh
login.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-29 -
2022-07-28		 a year crt.sh
info.phishlabs.com
Cloudflare Inc ECC CA-3		 2021-07-16 -
2022-07-15		 a year crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.sumome.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-04-05		 a year crt.sh
cdn.callrail.com
Amazon		 2022-02-24 -
2023-03-25		 a year crt.sh
tag.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2021-10-18 -
2022-10-14		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
stats.sa-as.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-14 -
2023-02-14		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-03-01 -
2022-05-30		 3 months crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2022-05-04 -
2023-05-04		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2022-02-06 -
2023-02-07		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
codepen.io
Cloudflare Inc ECC CA-3		 2022-05-06 -
2023-05-06		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA		 2022-02-03 -
2023-02-25		 a year crt.sh
api.demandbase.com
Go Daddy Secure Certificate Authority - G2		 2021-10-20 -
2022-09-26		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2022-03-01 -
2023-03-01		 a year crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA		 2022-03-16 -
2023-04-14		 a year crt.sh
*.sumo.com
Sectigo RSA Domain Validation Secure Server CA		 2022-04-05 -
2023-04-05		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-30 -
2022-11-30		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2022-03-08 -
2023-03-07		 a year crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2022-05-07 -
2023-05-07		 a year crt.sh

This page contains 6 frames:

Primary Page: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Frame ID: F17761DAC565620A7979A2BF4728FA27
Requests: 12 HTTP requests in this frame

Frame: https://info.phishlabs.com/sf-login-page
Frame ID: 71163B5B1C56F5421CFBB7E145E1D65D
Requests: 59 HTTP requests in this frame

Frame: https://login.salesforce.com/login/sessionserver212.html
Frame ID: 1235CA137B962B94B6C45F5B542C8345
Requests: 2 HTTP requests in this frame

Frame: https://info.phishlabs.com/sf-login-page-2
Frame ID: F3102CDEBB62F5BA3D2829F177E2C480
Requests: 68 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: B45BB233D69088A9E0336B0CE4D6AFAD
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Frame ID: E3753190771C2784C92A88810AA190D6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden | Salesforce

Page URL History Show full URLs

  1. https://phishlabs.lightning.force.com/0010H00002RB7XiQAL HTTP 302
    https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL Page URL
  2. https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googleoptimize\.com/optimize\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • load\.sumome\.com
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

143
Requests

96 %
HTTPS

49 %
IPv6

36
Domains

45
Subdomains

40
IPs

4
Countries

2425 kB
Transfer

6861 kB
Size

29
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://phishlabs.lightning.force.com/0010H00002RB7XiQAL HTTP 302
    https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL Page URL
  2. https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://phishlabs.lightning.force.com/0010H00002RB7XiQAL HTTP 302
  • https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Request Chain 62
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=c6abd0356e0782dbceacc6fe39c38c592b2e81d4
Request Chain 77
  • https://match.prod.bidr.io/cookie-sync/demandbase HTTP 303
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1 HTTP 303
  • https://segments.company-target.com/log?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ HTTP 303
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=99b246399736a67e988e6a62749a7224bb8da7d4
Request Chain 80
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1653258241611%26url%3Dhttps%253A%252F%252Fphishlabs.my.salesforce.com%252F%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKvYDLQ5ZtkjgAAAYDt3sqzuIe46YqNiV9CWPdnVmaRyicO7XYzMv3KiHVQdMwCIPD1rEM
Request Chain 110
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1653258241874%26url%3Dhttps%253A%252F%252Finfo.phishlabs.com%252Fsf-login-page%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&liSync=true&e_ipv6=AQLh7yjoNBvdrgAAAYDt3sl68i7jeHaKnVl0GRObDY-wbSPmaVqNgWetF6D-m7nyPoHmAl0
Request Chain 122
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=A7iKYsr5AciVb5DQm4AC&sscte=1&crd=&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0LGn2ArynsLtgeD-PjK3aViUgC73RNCUiY HTTP 302
  • https://www.google.com/pagead/1p-conversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYsr5AciVb5DQm4AC&cid=CAQSKQCNIrLMRxOtc--X-hynqEzai2RsYHW7Eps-8YoVV3-jZA3j08pn8C5H&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KxZrbk9BiJPt_AF1iKVHKvIja-WKCWrJY&random=3783950150&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYsr5AciVb5DQm4AC&cid=CAQSKQCNIrLMRxOtc--X-hynqEzai2RsYHW7Eps-8YoVV3-jZA3j08pn8C5H&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KxZrbk9BiJPt_AF1iKVHKvIja-WKCWrJY&random=3783950150&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Request Chain 131
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=A7iKYpnwCu-mx_AP-uagiAY&sscte=1&crd=&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0J-QRPs3vScPXK2Oiwnqr3iDmw8gWjyyy8 HTTP 302
  • https://www.google.com/pagead/1p-conversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYpnwCu-mx_AP-uagiAY&cid=CAQSKQCNIrLMYumGd0ZwX82T9oRQw6bEn917KygAn6YrKBhIAKHGnkGgJDgk&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KroMqoSPYTTuG_acA48Vhj8pztVB3nxx4&random=2202020817&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYpnwCu-mx_AP-uagiAY&cid=CAQSKQCNIrLMYumGd0ZwX82T9oRQw6bEn917KygAn6YrKBhIAKHGnkGgJDgk&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KroMqoSPYTTuG_acA48Vhj8pztVB3nxx4&random=2202020817&resp=GooglemKTybQhCsO&ipr=y&prhg=0

143 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
0010H00002RB7XiQAL
phishlabs.my.salesforce.com/
Redirect Chain
  • https://phishlabs.lightning.force.com/0010H00002RB7XiQAL
  • https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
must-revalidate,no-cache,no-store
Connection
close
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Accept-Encoding
X-Robots-Tag
none

Redirect headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Length
0
Content-Security-Policy
upgrade-insecure-requests
Date
Sun, 22 May 2022 22:23:57 GMT
Location
https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Robots-Tag
none
X-XSS-Protection
1; mode=block
Primary Request /
phishlabs.my.salesforce.com/ 		9 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
162d1ebe2f6f03049b53c407b7197b73bb48dc0bc49536f8f656f916363367b4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Content-Encoding
gzip
Content-Security-Policy
frame-ancestors 'none'
Content-Type
text/html; charset=UTF-8
Date
Sun, 22 May 2022 22:23:58 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-FRAME-OPTIONS
DENY
X-Robots-Tag
none
X-XSS-Protection
0
sfdc_210.css
phishlabs.my.salesforce.com/css/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/css/sfdc_210.css
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Tue, 23 May 2017 21:11:38 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/css
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 22:23:58 GMT
SfdcSessionBase208.js
phishlabs.my.salesforce.com/jslibrary/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6ffc89bfd0b1dbbf3fd5b122ee26c05f39f23b680d43e70254c4caf4b425a105
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 22:23:58 GMT
LoginHint208.js
phishlabs.my.salesforce.com/jslibrary/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/LoginHint208.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
72c8ccd8b081cadafdd20ca628c62e6e532baa648599e1417a3244084af3908c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 22:23:58 GMT
CAAAAYDvli1vAAAAAAAAAAAAAAAAAAAAAAAA7Pjj9UwaRizsVlTSYV8LMWHoxWb-KXUIizIWGE3UGjDG6xbkvMFPsGNIuIRU5NBWwQB7nVnvPT3-e_sSw1-crVHfyi9i23GOpO3Popc1WubQ
na168.salesforce.com/brand-asset/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://na168.salesforce.com/brand-asset/CAAAAYDvli1vAAAAAAAAAAAAAAAAAAAAAAAA7Pjj9UwaRizsVlTSYV8LMWHoxWb-KXUIizIWGE3UGjDG6xbkvMFPsGNIuIRU5NBWwQB7nVnvPT3-e_sSw1-crVHfyi9i23GOpO3Popc1WubQ
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.56.204 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl1-ncg1-c5-iad4.na168-ia4.salesforce.com
Software
/
Resource Hash
08c8eb095458d2aed705fa0d062bebde26696d9fa52bb0f4cea1ace939adf75d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:59 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Mon, 7 Feb 2022 14:12:49 GMT
X-Robots-Tag
none
Strict-Transport-Security
max-age=63072000; includeSubDomains
P3P
CP="CUR OTR STA"
Cache-Control
public,max-age=3888000
X-Content-Type-Options
nosniff
Content-Type
image/png
Content-Length
18223
X-XSS-Protection
1; mode=block
Expires
Wed, 06 Jul 2022 22:23:59 GMT
clear.png
phishlabs.my.salesforce.com/img/ 		477 B
873 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishlabs.my.salesforce.com/img/clear.png
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 21 May 2015 20:40:36 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Mon, 19 Sep 2022 22:23:58 GMT
baselogin.js
phishlabs.my.salesforce.com/jslibrary/ 		640 B
909 B 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/jslibrary/baselogin.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
a3141000abd1d2a613408608a9cb3fe825f723f7b05611db1b9b97eeaf415cae
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 19 May 2022 18:18:24 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Vary
Accept-Encoding
Expires
Mon, 19 Sep 2022 22:23:58 GMT
1386
phishlabs.my.salesforce.com/marketing/survey/survey1/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/marketing/survey/survey1/1386
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
42a531dce996297d2a03cb33044b36408821072ad24b9477a237bd8a3ed6ebf7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Content-Length
1979
1386
phishlabs.my.salesforce.com/marketing/survey/survey4/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/marketing/survey/survey4/1386
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
6e254c656a029b64c10f320cb325858bc578c94d7a6ec1e5703ba03abb6738c0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:58 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=2592000
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Robots-Tag
none
Content-Length
6976
s.gif
phishlabs.my.salesforce.com/ Frame 7116 		43 B
438 B 		Document
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/s.gif
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public,max-age=10368000
Content-Type
image/gif
Date
Sun, 22 May 2022 22:23:59 GMT
Expires
Mon, 19 Sep 2022 22:23:59 GMT
Last-Modified
Tue, 27 May 2003 18:28:08 GMT
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
X-Robots-Tag
none
SalesforceSans-Regular.woff2
phishlabs.my.salesforce.com/login/assets/fonts/SalesforceSans/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://phishlabs.my.salesforce.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/css/sfdc_210.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://phishlabs.my.salesforce.com/css/sfdc_210.css
Origin
https://phishlabs.my.salesforce.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:59 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Fri, 24 Jul 2015 20:32:56 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
font/woff2
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Mon, 19 Sep 2022 22:23:59 GMT
sessionserver212.html
login.salesforce.com/login/ Frame 1235 		91 B
867 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/login/sessionserver212.html
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/jslibrary/SfdcSessionBase208.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.153.195 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://phishlabs.my.salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public,max-age=86400
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Type
text/html;charset=UTF-8
Date
Sun, 22 May 2022 22:23:59 GMT
Expires
Mon, 23 May 2022 22:23:59 GMT
Last-Modified
Wed, 23 Aug 2017 20:39:30 GMT
Referrer-Policy
origin-when-cross-origin
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
SessionServer212.js
login.salesforce.com/jslibrary/ Frame 1235 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/jslibrary/SessionServer212.js
Requested by
Host: login.salesforce.com
URL: https://login.salesforce.com/login/sessionserver212.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.153.195 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl4-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
d430f3d67d4fdf9143a4db967deb1d79d384fd5a90bba6f3846452f55b5b6887
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.salesforce.com/login/sessionserver212.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:59 GMT
Content-Encoding
gzip
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 12 May 2022 20:22:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
Expires
Mon, 19 Sep 2022 22:23:59 GMT
sf-login-page
info.phishlabs.com/ Frame 7116 		9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/sf-login-page
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
d91ea1c6b56e9b6efc3164f86101d70f8e8b2fccc70d6a1106b93948e411b36c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://phishlabs.my.salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
s-maxage=14400, max-age=0
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>
cf-ray
70f8f5a05d7c9010-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sun, 22 May 2022 22:24:00 GMT
edge-cache-tag
CT-51834294403,P-326665,E-1319106982,E-1973184679,E-356216487,E-51834248013,PGS-ALL,SW-1
etag
W/"56e9b4d805b9e84ce0a02e0c76d4f739"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Sat, 21 May 2022 07:44:07 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OAsLmRCBWYKy1s%2BVs5LMUSjm8Ry1IeMLvCWPRu6BFfg6nPdShe%2B7a%2Fd0R6aaDi1URBTyOWbAhr6VNFnmEzzQaL53L7%2FCt73dyZt0uMfqbgmhmVGIKl1fYb8uhxe%2BKQ892iDrQW9WkgYZtMOWZ%2BpGVw%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-id
51834294403
x-hs-hub-id
326665
x-hs-prerendered
Sat, 21 May 2022 07:44:07 GMT
x-powered-by
HubSpot
capslock_blue.png
phishlabs.my.salesforce.com/img/icon/ 		559 B
955 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://phishlabs.my.salesforce.com/img/icon/capslock_blue.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.187.205 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl12-ncg1-c5-iad4.na168-ia4.my.salesforce.com
Software
/
Resource Hash
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://phishlabs.my.salesforce.com/?ec=302&startURL=%2F0010H00002RB7XiQAL
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:23:59 GMT
Referrer-Policy
origin-when-cross-origin
Last-Modified
Sun, 30 Jun 2019 10:26:54 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
image/png
Cache-Control
public,max-age=10368000
Transfer-Encoding
chunked
Accept-Ranges
bytes
X-Robots-Tag
none
Expires
Mon, 19 Sep 2022 22:23:59 GMT
index.js
info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ Frame 7116 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:00 GMT
via
1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4180183
x-amz-server-side-encryption
AES256
cf-ray
70f8f5a408f99010-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 25 Mar 2022 12:04:14 GMT
server
cloudflare
etag
W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xb%2FnI0kohjOSkIBy8wM3VuASKluc8JHEe6YJt29ngN3gMP5fqj2CrszWn4s7rVKDr8Nny3Aov9cGkAcY4Weuq108fg%2Fv8kQ8cxWSlHNbmLTm3NNIr5H43VlzQtq%2FXgSkW%2Fz8yyjkTp6x5vJfbCGyEQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
dDNdVQJpkk63I9jhGSFT9-acB29RCuU641FJKlCC-4gOcweOW_vaEg==
expires
Mon, 22 May 2023 22:24:00 GMT
jquery-1.7.1.js
info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ Frame 7116 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:00 GMT
via
1.1 64585853437a64d04c376ce448746668.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10162310
cf-ray
70f8f5a479989010-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Dw9CZuIKwEc9QmScpKulM90IqC0TEnHHxTCbVUYHrWeMzrI4v2fCatAZxdljTDLmmsJh0UOk3xR3fpmfzbEWsMdNViMrPgbCUzTvw4Xr00uQYcSEHzQ0p8Tt0ZxfRvhp29Nt3K26dTiptOsn51AYFw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
DFW55-C3
content-type
application/javascript
x-amz-cf-id
ORGj_fS451Qgx4lMQ9IiibpdvFLtioQjBopMXBc7nU4U7YwRQwh2Eg==
expires
Mon, 22 May 2023 22:24:00 GMT
Setup-style.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/ Frame 7116 		39 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 3d65275b81abaf880be10de6f2c71e9a.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
TZJQSCASHF84V9NY
x-amz-id-2
GrBKdslmngQh55iXpWdZ/6znBYfkarPESFMmgaV73zlbcbQka70L5N8BXj4N9vb3XjvE0QKmZBQ=
last-modified
Sun, 29 Sep 2019 04:21:09 GMT
server
cloudflare
etag
W/"06ddb0e365ad13e48b57e73f34f4304b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uYb2jwj3e1vZJSY%2FY1spuaoWR8q9t2vnaa84SvTNgphRQjc9i5wEaMaKCq3LSA%2FZVZqO0qFjaql4FAbd6sDmg10Tm%2BJk02jGj96qQ6tyvZVvlTgMBHNqIzBQ6tnI7rMqWb%2FFkeUFECiw%2B%2B0Yp6gc%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
h7abRBDuPOHylyfsb0LyMYoafw23bNJ1
cf-ray
70f8f5a4799a9010-FRA
x-amz-cf-id
w7r8KYTMNW2SMq19IrvO38Pq4dwOAiP69bx_u3JmmPPwpZjgU4UDIw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Setup_Style.min.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/ Frame 7116 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/Setup_Style.min.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 2ca1a2664d288773b443dc5e52a8b5b8.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
6PYET39H4RQ36ECT
x-amz-id-2
6d3yzx4b+xZGcYXA8mJw7MaIbx7RmiT+UDvLdaDoqcmf+yHbFpHEwZStEKc4Rg2qKtUeGEuG5Gs=
last-modified
Sun, 29 Sep 2019 04:21:13 GMT
server
cloudflare
etag
W/"8fa142fa89bb898822b083a61a7c8888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MpvleuHKr3wDb3LM%2BiFcUWD8FuCgInA0VhHpBvdaMxaH92kX8uojd%2FCiPDa0yljcXmctFnr3%2B9nLjU%2B3vAL2ZmTBm82RwCE1gRTgcwey88D8W81wHArLyaGIMoIrPDz1O4s2OLaA21l76sVHEsM%2BVg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
MWEuqnQB7FhcUGXBr_hr5qk78NtV.SO_
cf-ray
70f8f5a4799b9010-FRA
x-amz-cf-id
r4cmSMd_CUM9gukVfffpoArV7eEqKOWGRVe_5fJoHxD4nqdEYzKomg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
PhishStyle.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/ Frame 7116 		43 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 920629f47fa586ce02a1a1af8b626578.cloudfront.net (CloudFront)
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-P1
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
EPG7938CTHPQBCZ5
x-amz-id-2
4t0z/qfLBc+O18kkkFl8J8RbihnKKDVQB7YevG0Sajy+iH5NZOVyLqSXlQFySbpD3hYN0fi3RAE=
last-modified
Sun, 29 Sep 2019 04:21:10 GMT
server
cloudflare
etag
W/"c7ac1e1589845d6c36bea5f64db2fa4e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8uN3EvqqCuLzBKpSmqx9WpnJMyJ%2FPi7AEnnDXMPPxLzarvVmCpiaBu4d1DlzdeURlo0GM807ntYM2qifwpOu83BpXi1mAHtWpRelOWP0XKTsVRUTswh0pgdKrMLP95k0aTkTcxUCeLqP%2F2%2FA0W8zEA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r2OgNPfKSJXEKLnNWcSQh.PTt4qpyGLa
cf-ray
70f8f5a4799f9010-FRA
x-amz-cf-id
Kh7ciMx9Clw78n_vPx03y9aDLk_c4Ej4uelVJ60rCZCCZWRryCVrMQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
326665.js
info.phishlabs.com/hs/scriptloader/ Frame 7116 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/scriptloader/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8111cbc6e43e8fa2c0993ecc768ff768d0e2eec90ff0e98fa954934653280877

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:00 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
8f74647a-d50b-40e2-b51c-b8fdd27e22e4
last-modified
Sun, 22 May 2022 20:44:42 GMT
server
cloudflare
x-trace
2B07E0CA9743533C38FE798F25C764FF38673A6787000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=10U5chh8QRuwFUjR%2FelfcdiJCfaWNdWJbBx543XeuJXn8NlLEFxCMC6iafY5Gfhux6Z4CmGjIROrcmWNq8p7pIjZHkuQMV3nr9Op21LR5yLxmT3v%2FJzMRU0OfaG64tM6gqNZg5OV%2BMYMR2xJDz3DZg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
70f8f5a51a299010-FRA
expires
Sun, 22 May 2022 22:25:00 GMT
conversion.js
www.googleadservices.com/pagead/ Frame 7116 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
895f492be4e7fcbe0f12090af4097a95d96b07157baacd9d8011c0a24e4dc947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16860
x-xss-protection
0
server
cafe
etag
9538313714109913383
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 22:24:00 GMT
/
load.sumome.com/ Frame 7116 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumome.com/
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:00 GMT
content-encoding
br
cdn-edgestorageid
459
x-amz-request-id
3PCZK5VJD5EKZK42
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
04/25/2022 00:10:59
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
dAESyP9+JFGRy8XKuCpYIrR3W//nPp0NqykRo+mXyOZWMUDphuFDRn6nYqCTb0JhIyoEEMA36go=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 15:23:03 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=600
cdn-requestid
2089bf2c27064684c834cc9ee3462a37
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
swap.js
cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/ Frame 7116 		32 B
311 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/swap.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.95.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-95-254.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-runtime
0.006459
date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
d148078a-70d0-4060-82cc-0b832212fea2
9f609f1a.min.js
tag.demandbase.com/ Frame 7116 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/9f609f1a.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-43.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
spcLtnX6rAUIpscvak6_OQCDfS4ghIGh
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:15:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
W/"43fe60654bcf129ab9209fc53c139c93"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
date
Sun, 22 May 2022 22:24:02 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-id
LG7nLhAJ6IV1a5GS90F3Imndbccu2C9c25fyzvCpBnOVPw_tmP5TXQ==
gtm.js
www.googletagmanager.com/ Frame 7116 		190 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f49425f5b998238d124fe6a278d18123df013e7acc4ea295d9b4e860d153da02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:00 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
70029
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 22:24:00 GMT
sf-login-page-2
info.phishlabs.com/ Frame F310 		12 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/sf-login-page-2
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare / HubSpot
Resource Hash
ec787aa1ff5c729635e3b4c140d088b8363f03a4dca06aca9b157f257e2aba00
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
s-maxage=14400, max-age=0
cf-h2-pushed
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>
cf-ray
70f8f5a51a2c9010-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Sun, 22 May 2022 22:24:01 GMT
edge-cache-tag
CT-65363752327,P-326665,E-1319106982,E-1973184679,E-356216487,E-65362450853,PGS-ALL,SW-1
etag
W/"e2f6a3654a481368e0a44dae4866dec8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified
Sat, 21 May 2022 07:44:08 GMT
link
</hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KW94l7EW7P2QiWqZfKAt1LFpQoeRPu1G7nPTVxed98QdYNbipMoS8%2BClhx9GRjg%2BySqentHdwIcsbra6kQ0GP5HhyPWmjIv8%2B16cRX20JJlw2kSEUeuPGXhhsf%2FcjKv9J395ntrECjcnS5yiG6Lodg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=14400, max-age=0
x-hs-cf-cache-status
MISS
x-hs-combine-css
Disabled
x-hs-content-id
65363752327
x-hs-hub-id
326665
x-hs-prerendered
Sat, 21 May 2022 07:44:08 GMT
x-powered-by
HubSpot
optimize.js
www.googleoptimize.com/ Frame 7116 		108 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-PK5SW57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c2e6337626070c83775b83e0968a0e266a1f3b80035726bbd052770a4db6cc81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41303
x-xss-protection
0
expires
Sun, 22 May 2022 22:24:01 GMT
js
www.googletagmanager.com/gtag/ Frame 7116 		189 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VSQX89F7WH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
db698624112058457713cd475f1ec2a3623baeec72511649baf81e34b4fe28f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69554
x-xss-protection
0
expires
Sun, 22 May 2022 22:24:01 GMT
analytics.js
www.google-analytics.com/ Frame 7116 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2955
date
Sun, 22 May 2022 21:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 22 May 2022 23:34:46 GMT
hotjar-2702231.js
static.hotjar.com/c/ Frame 7116 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-21.dus51.r.cloudfront.net
Software
/
Resource Hash
30b76237f4c654e30bc806e5e3a7a7fd0be4607c025272c68e598700af348590
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
DUS51-P2
etag
W/babf3c569d24ddd84de54786572c2745
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
LHZtxoj8tlN99srfNgJXyKfOAdNc7e6qstTAdab9yjQiKHUIi_Ke3g==
via
1.1 b1dc6a0d7547e8d4ab339f8c4caf9ea8.cloudfront.net (CloudFront)
live.js
stats.sa-as.com/ Frame 7116 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"2800c0-52e-54d2690345cc0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
fbevents.js
connect.facebook.net/en_US/ Frame 7116 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
KVnh0DTT9Em1w5f0frEUqGeb7URPZi7AH/ikPNf3uNeMvp2b2/hmgdNW1U7jg/XPiKE5upiBJv2fa2bOUxJmJg==
x-fb-trip-id
917726464
x-frame-options
DENY
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Sun, 22 May 2022 22:24:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
611434f132b77200153d4e45
ws.zoominfo.com/pixel/ Frame 7116 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
96c81131f835646ed2eca9451d2f605b6015eadd06b9aaaa9298d13936b21b0a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
70f8f5a71d419110-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
via
1.1 google
css
fonts.googleapis.com/ Frame 7116 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,500,700
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b3f0a6d6a59d8015a0f304089d399067747d2618e48cce61474983bf0e76f7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 May 2022 22:17:34 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 22 May 2022 22:24:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 May 2022 22:24:01 GMT
149823563868256
connect.facebook.net/signals/config/ Frame 7116 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/149823563868256?v=2.9.60&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
10d7ebbbb0a90097f9a8bb69f5616ff502210b74bfe69c467055bc60411fdd5d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
uD8+b882JPzF53Wu/sTR34ShXbyMUrxMZy9Kj0h9PEppEYD9WML0XD30jKO/mxhEu7KiqI0EW0vRM61Qv9Kc4w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sun, 22 May 2022 22:24:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-cdn-origin-ts
1653258241256
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
modules.f31ba00513b7ef8234d1.js
script.hotjar.com/ Frame 7116 		243 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.f31ba00513b7ef8234d1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-91.fra6.r.cloudfront.net
Software
/
Resource Hash
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 20 May 2022 16:09:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
195294
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63712
access-control-allow-origin
*
last-modified
Fri, 20 May 2022 16:08:12 GMT
etag
"bb85a92d3aefdabfa0ed466815889fc6"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 9810d82af8847b51b9c3048141069a64.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
Ab5AHGJWkq0WG4Ddk-TrkGcNLJiU3FPJP8yLl3Nuk6-Wqd0dGmsClA==
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/ Frame 7116 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/?random=1653258241338&cv=9&fst=1653258241338&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fa3d8b4bf92b0f8ca5082a5566b8238a2b608958afe72d4688c3ea83651c7425
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1015
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ Frame 7116 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-28-179.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
326665.js
js.hs-banner.com/ Frame 7116 		61 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
NR10T7R9G9W3NZ1P
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-id-2
fUybxc1aueDcm1jb3JfxtI1SbBszIax6vGHnCeis5UM45UxewCTQKwKwY4RRft2Qy96bMPST5R4=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 20:37:23 GMT
server
cloudflare
etag
W/"9d99d1791572859edb76b909144c1152"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
T225Ue6NSsChPWiTKWdZ05t774U6Tk6_
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
70f8f5a90b479a0f-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sun, 22 May 2022 22:29:01 GMT
326665.js
js.hs-analytics.net/analytics/1653258000000/ Frame 7116 		62 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1653258000000/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f06593fd04112f8f991fcddae285285243b502f8ee32ab9ad6a54a45c0c62d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
EPG5WVY4J57PX94G
x-amz-server-side-encryption
AES256
cf-ray
70f8f5a90b4a691b-FRA
x-amz-id-2
es6Z3WQ+sIlIAeDSrcx8RvzNs3rD12aY8i5xsPV028Sl2vrBGHtvG/cj68CDNXtD60ePL3BZ9Pg=
last-modified
Thu, 14 Apr 2022 15:09:10 GMT
server
cloudflare
etag
W/"a0b185fc22d0f8b28d97f2114d68823e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
content-type
text/javascript
expires
Sun, 22 May 2022 22:29:01 GMT
leadflows.js
js.hsleadflows.net/ Frame 7116 		547 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Origin
https://info.phishlabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status
MISS
x-amz-cf-pop
IAD89-P1
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js&cfRay=70f8f5a91a4b925f-IAD
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
70f8f5a91a4b925f-FRA
last-modified
Thu, 19 May 2022 12:56:48 UTC
server
cloudflare
etag
W/"3a729bcb06fbe3ff521fc0e64855db1f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
g4B39IYvnh_FDOMHIH7jomAsh2XchlfN
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
content-type
application/javascript; charset=utf-8
x-amz-cf-id
sndGbUw0UU_sGUf6qECePo-W90iIC0KrYuxM2j1exwatYW0KpZgVLg==
x-hs-target-asset
lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js
fb.js
js.hsadspixel.net/ Frame 7116 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
142e1cd28809b7bbe61123941a3a70a045a5c1fa864c97574b32abd94f4b4229

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 d591fee4e3f29cf0e3380368d25b4a40.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
377
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.278/bundles/pixels-release.js&cfRay=70f8ec7269bf9b83-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 10 May 2022 02:37:05 UTC
server
cloudflare
etag
W/"e23a3c7ef0fc6b7c55f83c4911c95be6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
sUKtDc7b2iEDZ57z7v16VeKnAVF7O_.0
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
cf-ray
70f8f5a91c9b9b80-FRA
x-amz-cf-id
CnpgyLN4mjAY3J04mm8gjJ9JuVbfaw8Qzknf1cJa5qff0fNLYBluiw==
x-hs-target-asset
adsscriptloaderstatic/static-1.278/bundles/pixels-release.js
/
www.facebook.com/tr/ Frame 7116 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=PageView&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&rl=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&if=true&ts=1653258241395&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=0&o=30&it=1653258241159&coo=false&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Sun, 22 May 2022 22:24:01 GMT
index.js
info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/ Frame F310 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/HubspotToolsMenu/static-1.128/js/index.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 c6702f5f3b6e77da6f394e67ef1a6aaa.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
4180184
x-amz-server-side-encryption
AES256
cf-ray
70f8f5a8ae1b9010-FRA
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Fri, 25 Mar 2022 12:04:14 GMT
server
cloudflare
etag
W/"fabb1243bed29fd93cc5e0ce02ce9114"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENAGdfN5gHbe6i7mW0VcYcr%2F49X2oEmD7zEt2Kzay8bNanw9T3F2B9kwsm8r%2B0Xgn09JBKOHyg0gtJPLTdsKaVlUG8Gpgr%2BFMHIUTi7EyFOnHDBKsH6c%2B1nfZsxIkawp6nqRemTTUbo7kBmgzRZnlQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
ye98kzU383wl95_ydpYD.3IraNY6l134
cache-control
public, max-age=31536000
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
dDNdVQJpkk63I9jhGSFT9-acB29RCuU641FJKlCC-4gOcweOW_vaEg==
expires
Mon, 22 May 2023 22:24:01 GMT
jquery-1.7.1.js
info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/ Frame F310 		92 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/hsstatic/jquery-libs/static-1.1/jquery/jquery-1.7.1.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 64585853437a64d04c376ce448746668.cloudfront.net (CloudFront)
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
10162311
cf-ray
70f8f5a91e9c9010-FRA
x-cache
Hit from cloudfront
content-encoding
br
last-modified
Tue, 25 Nov 2014 17:03:30 GMT
server
cloudflare
etag
W/"ddb84c1587287b2df08966081ef063bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cEZLSDPy2ghu3ogq%2BucKLfll4ZUeEcWScZsAeWeUQehKDqapy4%2BXa3KeK30aLRNi212yQzyPLlD5PGjY57EOEE8PvF85vAeC425LYO0yZxDQ0OPta8cneUJj56lanzTaIZfQAFQeboLHuwpKBRhu9A%3D%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id
null
cache-control
public, max-age=31536000
x-amz-cf-pop
DFW55-C3
content-type
application/javascript
x-amz-cf-id
ORGj_fS451Qgx4lMQ9IiibpdvFLtioQjBopMXBc7nU4U7YwRQwh2Eg==
expires
Mon, 22 May 2023 22:24:01 GMT
Setup-style.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/ Frame F310 		39 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 3d65275b81abaf880be10de6f2c71e9a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
0
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
TZJQSCASHF84V9NY
x-amz-id-2
GrBKdslmngQh55iXpWdZ/6znBYfkarPESFMmgaV73zlbcbQka70L5N8BXj4N9vb3XjvE0QKmZBQ=
last-modified
Sun, 29 Sep 2019 04:21:09 GMT
server
cloudflare
etag
W/"06ddb0e365ad13e48b57e73f34f4304b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hjLvm5Tn5iQweBZXe0mxvmC6yNmULX%2BiF8ETuhlXy4QEd%2BqVNkhU8qkou8V%2BjjSnELwxtYGi5w8fJbWU4DsF89K8CZJDWs1qwLd8LvScwhKuoRaBXUZF1qV8z7V%2FswqX99LonMK17PiAfBnRmtJ1qA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
h7abRBDuPOHylyfsb0LyMYoafw23bNJ1
x-amz-cf-pop
IAD89-P1
cf-ray
70f8f5a91e9f9010-FRA
x-amz-cf-id
w7r8KYTMNW2SMq19IrvO38Pq4dwOAiP69bx_u3JmmPPwpZjgU4UDIw==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Setup_Style.min.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/ Frame F310 		151 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1973184679/1569730872907/Coded_files/Custom/page/custom-stylemanager/Setup_Style.min.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 2ca1a2664d288773b443dc5e52a8b5b8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
6PYET39H4RQ36ECT
x-amz-id-2
6d3yzx4b+xZGcYXA8mJw7MaIbx7RmiT+UDvLdaDoqcmf+yHbFpHEwZStEKc4Rg2qKtUeGEuG5Gs=
last-modified
Sun, 29 Sep 2019 04:21:13 GMT
server
cloudflare
etag
W/"8fa142fa89bb898822b083a61a7c8888"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yzKVKyxA7NUWN4YVogOdP5gMT40%2FTor3bQq9WYTnCZYljawby1jdzF6pvXT3DkPQckrVg1qieWpAetDlNIGaJ66iLe69q64%2FJ7Mx0J63UAWJPTHKdtIrZmAdlX%2Fp5xYIqW4nUdu7CcDS0l8eih8KkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
MWEuqnQB7FhcUGXBr_hr5qk78NtV.SO_
x-amz-cf-pop
IAD89-P1
cf-ray
70f8f5a91ea09010-FRA
x-amz-cf-id
r4cmSMd_CUM9gukVfffpoArV7eEqKOWGRVe_5fJoHxD4nqdEYzKomg==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
PhishStyle.css
info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/ Frame F310 		43 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/1319106982/1569730869319/custom/system/css/PhishStyle.css
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 920629f47fa586ce02a1a1af8b626578.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
0
x-cache
Miss from cloudfront
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 15
content-encoding
br
x-amz-request-id
EPG7938CTHPQBCZ5
x-amz-id-2
4t0z/qfLBc+O18kkkFl8J8RbihnKKDVQB7YevG0Sajy+iH5NZOVyLqSXlQFySbpD3hYN0fi3RAE=
last-modified
Sun, 29 Sep 2019 04:21:10 GMT
server
cloudflare
etag
W/"c7ac1e1589845d6c36bea5f64db2fa4e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6E3EyGdzSY3eKL1yXmxxwUgUJIELGEvfXQY20A8E%2FGc35we7v%2B5h6arkMpFPq%2BMyzjUeZDc6h2knCRACi1SqynbPRtskVZ5i%2Bm4%2B37nQK%2FwSeqP%2B9upramVb%2Fr%2BWmpHFUg3ow2ct7rnuSZ1cIgEMQw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900, s-maxage=31536000, max-age=31536000
access-control-allow-credentials
false
x-amz-version-id
r2OgNPfKSJXEKLnNWcSQh.PTt4qpyGLa
x-amz-cf-pop
IAD89-P1
cf-ray
70f8f5a91ea29010-FRA
x-amz-cf-id
Kh7ciMx9Clw78n_vPx03y9aDLk_c4Ej4uelVJ60rCZCCZWRryCVrMQ==
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 15
Shanna.jpg
assets.codepen.io/4615188/ Frame F310 		56 KB
57 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Shanna.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
599c6827f613c3549cac226ab2017588669c2617a779129f7cce22d7f874b426
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept, Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAJ3H8QW62TWHPW
cf-polished
qual=85, origFmt=jpeg, origSize=104148
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Shanna.webp"
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
57694
x-amz-id-2
ov/B+gTQunESX+XawKdUVu/QLcNTSHBW1GAVM0qNvg/g6+1Spi0hWv2kKQC3GYFOXgSeydLsx1k=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 13:35:50 GMT
server
cloudflare
etag
"a63faa0f5a9680b242cdee9ee95b8240"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
mIS1pfVgNOxny2oA_UiQelryw1Dlk2K7
accept-ranges
bytes
cf-ray
70f8f5aa2cc59b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
Hayden.jpg
assets.codepen.io/4615188/ Frame F310 		360 KB
361 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Hayden.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4762e79732140151f9c2758c7b0bb023cc22bb5b9b7ae69b7ce8a3642d6ac80f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAZWX17VTTAZADE
cf-polished
origSize=418873, status=webp_bigger
x-amz-replication-status
COMPLETED
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
368762
x-amz-id-2
hT6eQWIJz2MrusBMH6qdSiL2XZo0hIHSLwtuly/Den3MQgiEkyV7So2qsHJUXxNoBD4RXyjjiQI=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 13:58:44 GMT
server
cloudflare
etag
"97a18cf018da33742d7bd00e5ed7bc50"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
BUOpMPXb2bKcT7X.XALgnd2OxTCKSSGa
accept-ranges
bytes
cf-ray
70f8f5aa2cc69b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
daniel.jpg
assets.codepen.io/4615188/ Frame F310 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/daniel.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e83cc3ef357dadc3f480a6b0b76f654772622ac699f2f9d454d543f2d4e6de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept, Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAMZCGZB1SPHQSV
cf-polished
qual=85, origFmt=jpeg, origSize=17084
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="daniel.webp"
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
7554
x-amz-id-2
qBd3RjUGFEtEVWsipbVGZB974inZcr4aHplFPMslptzAiSzdkVw3pbcuxcIEo1q/Jdhaf3jSqJU=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"ca81623d1ff7bd7d00f722156f118aa2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
cgXCzQpdzao.HjrIEE_th__9CY.Z5Z7R
accept-ranges
bytes
cf-ray
70f8f5aa2cc79b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
Terry.jpg
assets.codepen.io/4615188/ Frame F310 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Terry.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f0bd16158b8563ae4091546a56258e7bc73523cb0803940fc1c2b2d8b77bf459
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept, Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAPFJW1ZQAN45P5
cf-polished
qual=85, origFmt=jpeg, origSize=27729
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Terry.webp"
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
13732
x-amz-id-2
egBwUrBgayflDPHtDfjr6QvpSbJu1KAU0fqvhoXvEZOaUesfTW33ElTsmZOzYVIXVukETfVTjh8=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"d808d8f9f6f8a6a7ed07a8ea908481f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
2FrXYiy_CoHLvaJh9RAKcFOCw8px8K21
accept-ranges
bytes
cf-ray
70f8f5aa2cc99b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
Jesse.jpg
assets.codepen.io/4615188/ Frame F310 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Jesse.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5672ea8b4bfb3e235065932e817f738913ada8fc8ac0046870825960c3bc251
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept, Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVANJK58VXYXQ4TR
cf-polished
qual=85, origFmt=jpeg, origSize=14488
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Jesse.webp"
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
9490
x-amz-id-2
HUGwz7W7T1YYpkxdei2qWmJrbn04Rj0XYsaVdXBqJYQxTPz9Cguywe8dnbSUxmLDxCbY6CS4irY=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 13:53:54 GMT
server
cloudflare
etag
"00bb72684ccc89f6d17a710f33aa2b3b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
23JILb_By9ISC8FBrXan3SaC1YhIUjXJ
accept-ranges
bytes
cf-ray
70f8f5aa2cca9b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
Austin2.jpg
assets.codepen.io/4615188/ Frame F310 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Austin2.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e8a758f2f2d105ff00611253974bc81b0e0bfca7e4f5d06f8e955be460f4726
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept, Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAJ18P6BQ8SEHGN
cf-polished
qual=85, origFmt=jpeg, origSize=11086
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Austin2.webp"
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
8804
x-amz-id-2
YrLLgZPp28OUVUB7gSvqW74xQbWDqkQuqZPdFBJx3fg4YER8OF+xKkvK8/Gw2w2gPOoVfeUhu1k=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 18:41:01 GMT
server
cloudflare
etag
"caa308f97dca56a56e3aaeebbe6eed18"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
eUGLErDO9Vpcc6oavznesOn961G..0t2
accept-ranges
bytes
cf-ray
70f8f5aa2ccc9b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
Ryan.jpg
assets.codepen.io/4615188/ Frame F310 		20 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/Ryan.jpg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
79af41973bc96207688346b12db5f13d13f6799956e92bcfa240239bfff98a5b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
vary
Accept, Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAPFVF2JX4ET7D5
cf-polished
qual=85, origFmt=jpeg, origSize=38560
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Ryan.webp"
cf-bgj
imgq:85,h2pri
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
20148
x-amz-id-2
ii5ja6oFeN2ksOfjTvJ8Qx4UDDrvjd4p0e4B4myyVCVePw0ZmtCTu9eHBJT+nPWBcKWuxL8EqHQ=
x-amz-server-side-encryption
AES256
last-modified
Wed, 02 Feb 2022 14:14:46 GMT
server
cloudflare
etag
"25ec49cfc2f7795a086a132d55bc1b52"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/webp
access-control-allow-origin
*
cache-control
public,max-age=259200
x-amz-version-id
TAEoogUTTqwfSz02RjOeMLq5pSvN.lby
accept-ranges
bytes
cf-ray
70f8f5aa3cd99b95-FRA
expires
Wed, 22 Jun 2022 22:24:02 GMT
PhishLabs_by_HS-Logo-CMYK_WHT-Padding.svg
assets.codepen.io/4615188/ Frame F310 		8 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.codepen.io/4615188/PhishLabs_by_HS-Logo-CMYK_WHT-Padding.svg
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b02c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4d82fe22866056ccadac57ccb8f5978e59c5e4460bd9d4106a584ef0b48e1a5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
REVALIDATED
x-amz-request-id
BVAVAFBZZT2WPHFB
x-amz-server-side-encryption
AES256
cf-ray
70f8f5aa3cda9b95-FRA
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-id-2
IZ4UUZfNs/hyMOd7EhqdcLAAbroFzrAdHaIxnAU2fN4zTF8GfdQQ+LH9f9XRLvSaZ4h2FTmE6B8=
last-modified
Wed, 02 Feb 2022 13:06:32 GMT
server
cloudflare
etag
W/"171478fd53662a1828b7e8b759cbf55f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-version-id
qpQuUvSVTeqgpQBd9tpWSifjuGXB6uzO
access-control-allow-origin
*
cache-control
public,max-age=259200
content-type
image/svg+xml
expires
Wed, 22 Jun 2022 22:24:02 GMT
css2
fonts.googleapis.com/ Frame F310 		2 KB
537 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
063bea88139206ba971350416eb9d7a6e9c7bca372a55f380f472d84d505dd0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 May 2022 22:07:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 22 May 2022 22:24:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 May 2022 22:24:01 GMT
326665.js
info.phishlabs.com/hs/scriptloader/ Frame F310 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://info.phishlabs.com/hs/scriptloader/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
470ce266c15074d073e804d39bf48f980d214c4b4b5dd3cdf7f4b6b0e32835be

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
1
cf-polished
origSize=1967
cf-bgj
minify
x-hubspot-correlation-id
8f74647a-d50b-40e2-b51c-b8fdd27e22e4
last-modified
Sun, 22 May 2022 22:24:00 GMT
server
cloudflare
x-trace
2B07E0CA9743533C38FE798F25C764FF38673A6787000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3600
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hXZBctBiPgTFITwal15e6SdPai9JaAWBwG8GLcaWBHnYabBws5eO%2B2mtrQRK9269zj9FdAKKZ%2B5H4I9lcJh5Lnxdx1Bn30YiZ%2Fx1avBb50xOA65zrcD0%2Bzuy9lITTF5nfquMmn00yQDRG61diEWL3Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
cache-control
public, max-age=60
access-control-allow-credentials
true
cf-ray
70f8f5a99f1e9010-FRA
expires
Sun, 22 May 2022 22:25:01 GMT
conversion.js
www.googleadservices.com/pagead/ Frame F310 		43 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
895f492be4e7fcbe0f12090af4097a95d96b07157baacd9d8011c0a24e4dc947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16860
x-xss-protection
0
server
cafe
etag
9538313714109913383
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 22:24:01 GMT
/
load.sumome.com/ Frame F310 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumome.com/
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cdn-edgestorageid
459
x-amz-request-id
3PCZK5VJD5EKZK42
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
04/25/2022 00:10:59
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
dAESyP9+JFGRy8XKuCpYIrR3W//nPp0NqykRo+mXyOZWMUDphuFDRn6nYqCTb0JhIyoEEMA36go=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Fri, 25 Mar 2022 15:23:03 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"415c9608bc47ee8a16b3a2f2c0aee7b0"
vary
Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=600
cdn-requestid
8774320866847d4be41ed03dbafcb597
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
swap.js
cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/ Frame F310 		32 B
311 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.callrail.com/companies/183982884/39c56d681fb32ea35c56/12/swap.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.84.95.254 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-84-95-254.compute-1.amazonaws.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-runtime
0.008041
date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
server
nginx/1.18.0 (Ubuntu)
etag
W/"d18beba8a6db32dd84b24258cf6542ac"
content-type
text/javascript; charset=utf-8
status
200 OK
cache-control
max-age=3600, public
timing-allow-origin
*
x-request-id
dd1a82db-d7fa-4eb9-af56-4b0ac880db03
validateCookie
segments.company-target.com/ Frame 7116
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=c6abd0356e0782dbceacc6fe39c38c592b2e81d4
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=c6abd0356e0782dbceacc6fe39c38c592b2e81d4
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Server
18.66.248.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-17.dus51.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:02 GMT
Via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
f78f7c35107d1e43
X-Amz-Cf-Id
4qVCDDqavjkeHUmBHH9oExi_fLMLvZEkEEu1Z9cNV0Iz0Qxcc-NB2Q==

Redirect headers

Date
Sun, 22 May 2022 22:24:02 GMT
Via
1.1 6ee47dd27ca379a812104b559e9a5a22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=c6abd0356e0782dbceacc6fe39c38c592b2e81d4
Connection
keep-alive
trace-id
e3e08044fde7e40a
Content-Length
0
X-Amz-Cf-Id
jcbxMOdKkx-3MzJHoKZzWG5IcqfMxb9Kvlx39Hav3J1OLveWFboDtA==
464526.gif
id.rlcdn.com/ Frame 7116 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ip.json
api.company-target.com/api/v2/ Frame 7116 		447 B
935 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=null&page=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&page_title=3rd%20Party%20iFrame&src=tag&auth=qRf7oCt4rQiJCau52wBF0xPrmBAr5L855rvoN7fG
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-77.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
2ba4a6b1ebfb80728d3b65bfa635d53207ea54977db48861f4b81cec562f8458

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
request-id
7f11d381-76d1-46ff-a271-29d0e487342e
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://info.phishlabs.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
hU4sM3zSz4R0rLxAzCj6bp4x-BoYzYURQf0-tib-vWvhdSBYwKCTew==
expires
Sat, 21 May 2022 22:24:01 GMT
munchkin.js
munchkin.marketo.net/161/ Frame 7116 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-28-179.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Tue, 30 Aug 2022 22:24:01 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame 7116 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:7::17d8:4dc8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=54917
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
sl.js
scout-cdn.salesloft.com/ Frame 7116 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
NetDNA-cache/2.2
x-amz-request-id
T22JFY63TR17E70D
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
x-cache
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-type
application/javascript
x-amz-id-2
QA98vabmP8IbsuTBI8++kRvFEAtBW8iTnBzlk5CySbaeBaBTV6xPy5hO2u5mxCIWkbEx3MBSt+YGlIqwI2kiFA==
72.0a035390359aab65eb82.js
load.sumo.com/ Frame 7116 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cdn-edgestorageid
549
x-amz-request-id
0XPNF8DMEJ6W2XCT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
02/08/2022 16:56:04
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
9602f637faa27513e6071c2f64d41931
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ Frame 7116 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cdn-edgestorageid
883
x-amz-request-id
9N84X4YRM21X08T5
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
03/10/2022 13:34:18
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"ad6f2454f01de902ffd473d51c1207bf"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
c7d8efe594d92479bd8dc224e0b7c275
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
/
www.google.com/pagead/1p-user-list/1003980311/ Frame 7116 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1003980311/?random=1653258241338&cv=9&fst=1653256800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=379595271&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1003980311/ Frame 7116 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1003980311/?random=1653258241338&cv=9&fst=1653256800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=379595271&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
9f609f1a.min.js
tag.demandbase.com/ Frame F310 		67 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.demandbase.com/9f609f1a.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-43.fra53.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

x-amz-version-id
spcLtnX6rAUIpscvak6_OQCDfS4ghIGh
content-encoding
gzip
last-modified
Thu, 03 Mar 2022 16:15:48 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
W/"43fe60654bcf129ab9209fc53c139c93"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
via
1.1 c90147ea5199ff7ce77981c8da4247c4.cloudfront.net (CloudFront)
cache-control
public, max-age=3600
date
Sun, 22 May 2022 22:24:02 GMT
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=(), interest-cohort=()
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-id
KtMiX5bXVTS6Q20ry95eFGW0zXqlTiM7AfJn8oto1DwoVmrcXRqa1Q==
gtm.js
www.googletagmanager.com/ Frame F310 		190 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
954bef6790dd6644977788b2ae26d419570047dc3ca42484bac947d8fc94e323
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69933
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 22:24:01 GMT
css
fonts.googleapis.com/ Frame F310 		8 KB
714 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,300,500,700
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6b3f0a6d6a59d8015a0f304089d399067747d2618e48cce61474983bf0e76f7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/hs-fs/hub/326665/hub_generated/template_assets/356216487/1569730868008/Coded_files/Custom/page/css/Setup-style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Sun, 22 May 2022 22:09:57 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Sun, 22 May 2022 22:24:01 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sun, 22 May 2022 22:24:01 GMT
visitWebPage
130-bfb-942.mktoresp.com/webevents/ Frame 7116 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://130-bfb-942.mktoresp.com/webevents/visitWebPage?_mchNc=1653258241521&_mchCn=&_mchId=130-BFB-942&_mchTk=_mch-phishlabs.com-1653258241521-39632&_mchHo=info.phishlabs.com&_mchPo=&_mchRu=%2Fsf-login-page&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:02 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
8b1f740d-2c88-42b3-8ef7-319dc9a4c842
box-4924254a9ce4dc9b959b6e4a9b662d60.html
vars.hotjar.com/ Frame B45B 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-31.fra6.r.cloudfront.net
Software
/
Resource Hash
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer
https://info.phishlabs.com/sf-login-page
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3411295
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 10:49:06 GMT
etag
"1635635016e428baa170305e9282c34a"
last-modified
Wed, 13 Apr 2022 10:48:29 GMT
vary
Accept-Encoding
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
x-amz-cf-id
dr1SLvlXXRAkmZn3nDS7SVh0Ztab2s50aPq6_O6SkMQ9zTsWKqzS9g==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-robots-tag
none
validateCookie
segments.company-target.com/ Frame F310
Redirect Chain
  • https://match.prod.bidr.io/cookie-sync/demandbase
  • https://match.prod.bidr.io/cookie-sync/demandbase?_bee_ppp=1
  • https://segments.company-target.com/log?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ
  • https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=99b246399736a67e988e6a62749a7224bb8da7d4
26 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://segments.company-target.com/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=99b246399736a67e988e6a62749a7224bb8da7d4
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Server
18.66.248.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-17.dus51.r.cloudfront.net
Software
/
Resource Hash
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:02 GMT
Via
1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Content-Type
image/gif
Transfer-Encoding
chunked
Connection
keep-alive
trace-id
be82db95518e417d
X-Amz-Cf-Id
ua58dSIw8hWWUpGsIscxwZve8tGUqNDOUAIfFuB8QOYvBttFIeLY6Q==

Redirect headers

Date
Sun, 22 May 2022 22:24:02 GMT
Via
1.1 5bbaa27b453dc834289b91c14bbb4934.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
DUS51-P1
Vary
Origin
X-Cache
Miss from cloudfront
Location
/validateCookie?vendor=choca&user_id=AAEHtk7FFXAAAEusOvP2DQ&verifyHash=99b246399736a67e988e6a62749a7224bb8da7d4
Connection
keep-alive
trace-id
d3a032797859a1fd
Content-Length
0
X-Amz-Cf-Id
rQqaverS1NTi0QjgswnGpUHPjA3FLvOYcvBFGAGgWh0OeIjZVBiJSQ==
464526.gif
id.rlcdn.com/ Frame F310 		0
42 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://id.rlcdn.com/464526.gif
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.174.68 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
68.174.244.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ip.json
api.company-target.com/api/v2/ Frame F310 		447 B
934 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.company-target.com/api/v2/ip.json?referrer=null&page=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&page_title=3rd%20Party%20iFrame&src=tag&auth=qRf7oCt4rQiJCau52wBF0xPrmBAr5L855rvoN7fG
Requested by
Host: tag.demandbase.com
URL: https://tag.demandbase.com/9f609f1a.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.215.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-215-77.fra53.r.cloudfront.net
Software
nginx /
Resource Hash
2ba4a6b1ebfb80728d3b65bfa635d53207ea54977db48861f4b81cec562f8458

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
identification-source
CENTRAL
vary
Accept-Encoding, Origin
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
request-id
d8f26dcc-e615-4a1c-a758-0dbfb19b96c4
content-encoding
gzip
pragma
no-cache
access-control-allow-origin
https://info.phishlabs.com
server
nginx
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json;charset=utf-8
via
1.1 f2db75b601dc30df73b1beb29596a374.cloudfront.net (CloudFront)
access-control-expose-headers
cache-control
no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials
true
api-version
v2
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
osAqlIMdxxc4aUv_LcFfcmQbgMbL4Ix_QI0-_Q_B9UiRWn-qb7djQg==
expires
Sat, 21 May 2022 22:24:01 GMT
collect
px4.ads.linkedin.com/ Frame 7116
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1653258241611%26url%3Dhttps%253A%252F%252Fphishlabs.my.salesforce....
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKvYDLQ5ZtkjgAAAYDt3sqzuIe46YqNiV9CWPdnVmaRyicO7XYz...
0
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKvYDLQ5ZtkjgAAAYDt3sqzuIe46YqNiV9CWPdnVmaRyicO7XYzMv3KiHVQdMwCIPD1rEM
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Server
13.107.42.14 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 7159B2A91EC84BE5A9B095B9C50160A8 Ref B: FRAEDGE1506 Ref C: 2022-05-22T22:24:02Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfoS5LMz7wE1VyPDsQkQ==
x-li-fabric
prod-lor1

Redirect headers

date
Sun, 22 May 2022 22:24:02 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 88EBCD1987AB411BA2592A2271D10898 Ref B: FRAEDGE1117 Ref C: 2022-05-22T22:24:02Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241611&url=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&liSync=true&e_ipv6=AQKvYDLQ5ZtkjgAAAYDt3sqzuIe46YqNiV9CWPdnVmaRyicO7XYzMv3KiHVQdMwCIPD1rEM
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfoS5Hoa0V9Pkuj/HVWg==
326665.js
js.hs-banner.com/ Frame F310 		61 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
content-type
text/javascript; charset=UTF-8
access-control-max-age
604800
x-amz-request-id
NR10T7R9G9W3NZ1P
x-amz-id-2
fUybxc1aueDcm1jb3JfxtI1SbBszIax6vGHnCeis5UM45UxewCTQKwKwY4RRft2Qy96bMPST5R4=
timing-allow-origin
*
last-modified
Thu, 17 Feb 2022 20:37:23 GMT
server
cloudflare
etag
W/"9d99d1791572859edb76b909144c1152"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-amz-version-id
T225Ue6NSsChPWiTKWdZ05t774U6Tk6_
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300, public
access-control-allow-credentials
true
cf-ray
70f8f5aa5ce59a0f-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
expires
Sun, 22 May 2022 22:29:01 GMT
326665.js
js.hs-analytics.net/analytics/1653258000000/ Frame F310 		62 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1653258000000/326665.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:43b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7f06593fd04112f8f991fcddae285285243b502f8ee32ab9ad6a54a45c0c62d0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
x-amz-request-id
EPG5WVY4J57PX94G
x-amz-id-2
es6Z3WQ+sIlIAeDSrcx8RvzNs3rD12aY8i5xsPV028Sl2vrBGHtvG/cj68CDNXtD60ePL3BZ9Pg=
last-modified
Thu, 14 Apr 2022 15:09:10 GMT
server
cloudflare
etag
W/"a0b185fc22d0f8b28d97f2114d68823e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300, public
access-control-allow-credentials
false
x-amz-version-id
null
cf-ray
70f8f5aa4ce8691b-FRA
expires
Sun, 22 May 2022 22:29:01 GMT
leadflows.js
js.hsleadflows.net/ Frame F310 		547 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e9cc , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
Origin
https://info.phishlabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 7afe17509cf46af31fd4ba3c3d932fa6.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
0
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js&cfRay=70f8f5a91a4b925f-IAD
x-cache
Hit from cloudfront
access-control-max-age
3000
x-amz-replication-status
COMPLETED
content-encoding
br
cf-ray
70f8f5aa4b61925f-FRA
last-modified
Thu, 19 May 2022 12:56:48 UTC
server
cloudflare
etag
W/"3a729bcb06fbe3ff521fc0e64855db1f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
x-amz-version-id
g4B39IYvnh_FDOMHIH7jomAsh2XchlfN
access-control-allow-origin
*
cache-control
s-maxage=86400, max-age=0
x-hs-cache-status
MISS
x-amz-cf-pop
IAD89-P1
content-type
application/javascript; charset=utf-8
x-amz-cf-id
sndGbUw0UU_sGUf6qECePo-W90iIC0KrYuxM2j1exwatYW0KpZgVLg==
x-hs-target-asset
lead-flows-js/static-1.1090/bundle/main/lead-flows-release.js
fb.js
js.hsadspixel.net/ Frame F310 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/hs/scriptloader/326665.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
142e1cd28809b7bbe61123941a3a70a045a5c1fa864c97574b32abd94f4b4229

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
via
1.1 d591fee4e3f29cf0e3380368d25b4a40.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
377
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://exceptions.hubspot.com/csp/report?resource=adsscriptloaderstatic/static-1.278/bundles/pixels-release.js&cfRay=70f8ec7269bf9b83-IAD
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
x-amz-replication-status
COMPLETED
content-encoding
br
last-modified
Tue, 10 May 2022 02:37:05 UTC
server
cloudflare
etag
W/"e23a3c7ef0fc6b7c55f83c4911c95be6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
sUKtDc7b2iEDZ57z7v16VeKnAVF7O_.0
cache-control
max-age=600
x-hs-cache-status
HIT
x-amz-cf-pop
IAD89-P1
cf-ray
70f8f5aa5e3f9b80-FRA
x-amz-cf-id
CnpgyLN4mjAY3J04mm8gjJ9JuVbfaw8Qzknf1cJa5qff0fNLYBluiw==
x-hs-target-asset
adsscriptloaderstatic/static-1.278/bundles/pixels-release.js
optimize.js
www.googleoptimize.com/ Frame F310 		108 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleoptimize.com/optimize.js?id=OPT-PK5SW57
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
26a65fceb456801d25cc8f90343268b1a30be028992a1389af6371e776ba2d56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
41302
x-xss-protection
0
expires
Sun, 22 May 2022 22:24:01 GMT
js
www.googletagmanager.com/gtag/ Frame F310 		189 KB
68 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-VSQX89F7WH&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
db698624112058457713cd475f1ec2a3623baeec72511649baf81e34b4fe28f4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
69554
x-xss-protection
0
expires
Sun, 22 May 2022 22:24:01 GMT
analytics.js
www.google-analytics.com/ Frame F310 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2955
date
Sun, 22 May 2022 21:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 22 May 2022 23:34:46 GMT
hotjar-2702231.js
static.hotjar.com/c/ Frame F310 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.157.4.21 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-157-4-21.dus51.r.cloudfront.net
Software
/
Resource Hash
30b76237f4c654e30bc806e5e3a7a7fd0be4607c025272c68e598700af348590
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
x-amz-cf-pop
DUS51-P2
etag
W/babf3c569d24ddd84de54786572c2745
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
TZTHPwBlxLgMRZAoDWpKQn5Z1uxUjKhyE7jIxexhTHpF9BzQAM61ow==
via
1.1 b1dc6a0d7547e8d4ab339f8c4caf9ea8.cloudfront.net (CloudFront)
live.js
stats.sa-as.com/ Frame F310 		1 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://stats.sa-as.com/live.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:02 GMT
Content-Encoding
gzip
Last-Modified
Fri, 14 Apr 2017 20:48:27 GMT
Server
Apache
ETag
"2800c0-52e-54d2690345cc0"
Vary
Accept-Encoding
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
text/javascript
Connection
close
Accept-Ranges
bytes
Content-Length
630
fbevents.js
connect.facebook.net/en_US/ Frame F310 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
KVnh0DTT9Em1w5f0frEUqGeb7URPZi7AH/ikPNf3uNeMvp2b2/hmgdNW1U7jg/XPiKE5upiBJv2fa2bOUxJmJg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sun, 22 May 2022 22:24:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
611434f132b77200153d4e45
ws.zoominfo.com/pixel/ Frame F310 		2 KB
986 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Requested by
Host: phishlabs.my.salesforce.com
URL: https://phishlabs.my.salesforce.com/0010H00002RB7XiQAL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
4b3bd457ad1a29bef7c2271997475af79566198a237506c86669a18f5025c41c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
cf-ray
70f8f5aa78469110-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
via
1.1 google
JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
fonts.gstatic.com/s/montserrat/v24/ Frame F310 		12 KB
13 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/montserrat/v24/JTUHjIg1_i6t8kCHKm4532VJOt5-QNFgpCu173w5aXo.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Montserrat:wght@600&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7816b6bd80713ced0fabbf061d7ad97d6d1ff4fbf94a1e2b17fbd61421a3a17
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://info.phishlabs.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Tue, 17 May 2022 17:14:30 GMT
x-content-type-options
nosniff
age
450571
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
12708
x-xss-protection
0
last-modified
Tue, 26 Apr 2022 14:37:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 17 May 2023 17:14:30 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/ Frame F310 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1003980311/?random=1653258241681&cv=9&fst=1653258241681&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
c69d6f8b84850c5cd202894180372e3cb762bb1e111cc975d96f880a87b48f42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1004
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ Frame F310 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-28-179.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
r
scout.salesloft.com/ Frame 7116 		41 B
403 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo3MzgxfQ.wTFzhF-uZ32v817FJmU2XMNPhxmktsUmIa0fGBNQivQ
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.144.43.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-144-43-78.compute-1.amazonaws.com
Software
/
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
9d2bfe82df76e1fa0e7a16102f20b31c
149823563868256
connect.facebook.net/signals/config/ Frame F310 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/149823563868256?v=2.9.60&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
10d7ebbbb0a90097f9a8bb69f5616ff502210b74bfe69c467055bc60411fdd5d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
88744
x-xss-protection
0
pragma
public
x-fb-debug
uD8+b882JPzF53Wu/sTR34ShXbyMUrxMZy9Kj0h9PEppEYD9WML0XD30jKO/mxhEu7KiqI0EW0vRM61Qv9Kc4w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Sun, 22 May 2022 22:24:01 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
modules.f31ba00513b7ef8234d1.js
script.hotjar.com/ Frame F310 		243 KB
63 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.f31ba00513b7ef8234d1.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.91 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-91.fra6.r.cloudfront.net
Software
/
Resource Hash
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Fri, 20 May 2022 16:09:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
195294
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
63712
access-control-allow-origin
*
last-modified
Fri, 20 May 2022 16:08:12 GMT
etag
"bb85a92d3aefdabfa0ed466815889fc6"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 9810d82af8847b51b9c3048141069a64.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
FRA6-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
vtw9HsGT7vGoBSZ1AGCOjdx2BJybb9AQqT2RCZagSOLoZBxYVtY1ig==
munchkin.js
munchkin.marketo.net/161/ Frame F310 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.89.28.179 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-89-28-179.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Tue, 30 Aug 2022 22:24:01 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ Frame F310 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:7::17d8:4dc8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:01 GMT
Content-Encoding
gzip
Last-Modified
Wed, 13 Apr 2022 23:25:22 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=54917
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3085
sl.js
scout-cdn.salesloft.com/ Frame F310 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.64 , United States, ASN33438 (STACKPATH, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
gzip
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
server
NetDNA-cache/2.2
x-amz-request-id
T22JFY63TR17E70D
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
x-cache
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
content-type
application/javascript
x-amz-id-2
QA98vabmP8IbsuTBI8++kRvFEAtBW8iTnBzlk5CySbaeBaBTV6xPy5hO2u5mxCIWkbEx3MBSt+YGlIqwI2kiFA==
index.php
stats.sa-as.com/ Frame 7116 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=259092&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=SF%20Login%20Page&Hst=info.phishlabs.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fsf-login-page&Reff=https%3A//phishlabs.my.salesforce.com/&FullPage=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&PMCD=https://info.phishlabs.com/sf-login-page&r=0.7179361664740582
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:33:47 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
IMAGE/PNG
Content-Length
102
72.0a035390359aab65eb82.js
load.sumo.com/ Frame F310 		131 KB
44 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/72.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cdn-edgestorageid
549
x-amz-request-id
0XPNF8DMEJ6W2XCT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
02/08/2022 16:56:04
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
fRyRZPznrdNCv6h7ET6s4hxYavl5uQTCIw4k+SNx+rjjWJ+d+NyHOuNYYlwtWDhVTfTilutE/G8=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:32 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"a1c4ecc2ca5bc12d61068cd427f9729f"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
416ba0f29517d808e92e146da7799edd
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
73.0a035390359aab65eb82.js
load.sumo.com/ Frame F310 		289 KB
100 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://load.sumo.com/73.0a035390359aab65eb82.js
Requested by
Host: load.sumome.com
URL: https://load.sumome.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
84.17.46.53 Amsterdam, Netherlands, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-84-17-46-53.cdn77.com
Software
BunnyCDN-AMS1-879 /
Resource Hash
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
content-encoding
br
cdn-edgestorageid
883
x-amz-request-id
9N84X4YRM21X08T5
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
03/10/2022 13:34:18
cdn-pullzone
53731
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-id-2
oBS1PkrTXAnH8s3caBjTTV5L90IZsuK5pg1OeS7uUquH6t3b+uNjsnqRi1r23MOIUSMtIk0jATI=
server
BunnyCDN-AMS1-879
access-control-allow-origin
*
last-modified
Mon, 10 Jan 2022 18:22:33 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
etag
W/"ad6f2454f01de902ffd473d51c1207bf"
vary
Accept-Encoding, Accept-Encoding
content-type
text/javascript
cdn-cache
HIT
cdn-uid
a61f2e95-f685-45ef-9e80-35f4adfb29cb
cache-control
max-age=31536000
cdn-requestid
15145f6056ce46165326c48364ce9942
cdn-requestcountrycode
DE
cdn-status
200
cdn-requestpullsuccess
True
box-4924254a9ce4dc9b959b6e4a9b662d60.html
vars.hotjar.com/ Frame E375 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-4924254a9ce4dc9b959b6e4a9b662d60.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2702231.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-31.fra6.r.cloudfront.net
Software
/
Resource Hash
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
3411295
cache-control
max-age=31536000
content-encoding
br
content-length
1044
content-type
text/html
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Wed, 13 Apr 2022 10:49:06 GMT
etag
"1635635016e428baa170305e9282c34a"
last-modified
Wed, 13 Apr 2022 10:48:29 GMT
vary
Accept-Encoding
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
x-amz-cf-id
T8wWmCdnMeEBjK0Cronju3oIjPye8gZ5gmyWNn6tVyzWCSTJXxCdKw==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-robots-tag
none
collect
ws.zoominfo.com/pixel/ Frame F310 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/collect
Requested by
Host: ws.zoominfo.com
URL: https://ws.zoominfo.com/pixel/611434f132b77200153d4e45
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:a852 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://info.phishlabs.com/sf-login-page-2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-type
text/plain;charset=UTF-8

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
via
1.1 google
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-origin
https://info.phishlabs.com
access-control-allow-credentials
true
cf-ray
70f8f5ac39df9a1d-FRA
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for
content-length
0
/
www.google.com/pagead/1p-user-list/1003980311/ Frame F310 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1003980311/?random=1653258241681&cv=9&fst=1653256800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=2287747264&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1003980311/ Frame F310 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1003980311/?random=1653258241681&cv=9&fst=1653256800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&fmt=3&is_vtc=1&random=2287747264&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
visitWebPage
130-bfb-942.mktoresp.com/webevents/ Frame F310 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://130-bfb-942.mktoresp.com/webevents/visitWebPage?_mchNc=1653258241872&_mchCn=&_mchId=130-BFB-942&_mchTk=_mch-phishlabs.com-1653258241872-56693&_mchHo=info.phishlabs.com&_mchPo=&_mchRu=%2Fsf-login-page-2&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:24:02 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
381e33d2-1f1c-4458-b870-3078b00188c9
r
scout.salesloft.com/ Frame F310 		41 B
405 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0Ijo3MzgxfQ.wTFzhF-uZ32v817FJmU2XMNPhxmktsUmIa0fGBNQivQ
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.144.43.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-144-43-78.compute-1.amazonaws.com
Software
/
Resource Hash
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
41
x-request-id
68e3053bf70b210215838e133bec5c1f
collect
px4.ads.linkedin.com/ Frame F310
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D27536%26time%3D1653258241874%26url%3Dhttps%253A%252F%252Finfo.phishlabs.com%252Fs...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&liSync=true&e_ipv6=AQLh7yjoNBvdrgAAAYDt3sl68i7jeHaKnVl0GRObDY-wbSPm...
0
264 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&liSync=true&e_ipv6=AQLh7yjoNBvdrgAAAYDt3sl68i7jeHaKnVl0GRObDY-wbSPmaVqNgWetF6D-m7nyPoHmAl0
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H2
Server
13.107.42.14 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 241DB5D8323B4F1AAAE27EC35283EEC8 Ref B: FRAEDGE1506 Ref C: 2022-05-22T22:24:02Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfoS5HmdMsFClEH8Ra4A==
x-li-fabric
prod-lor1

Redirect headers

date
Sun, 22 May 2022 22:24:02 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 51FBB3FAFD404759845A7D8388B9E58F Ref B: FRAEDGE1117 Ref C: 2022-05-22T22:24:02Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=27536&time=1653258241874&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&liSync=true&e_ipv6=AQLh7yjoNBvdrgAAAYDt3sl68i7jeHaKnVl0GRObDY-wbSPmaVqNgWetF6D-m7nyPoHmAl0
x-li-proto
http/2
content-length
0
x-li-uuid
AAXfoS5Cx254iC10O2nSQg==
/
www.facebook.com/tr/ Frame F310 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=PageView&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&rl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&if=true&ts=1653258241893&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=0&o=30&it=1653258241755&coo=false&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sun, 22 May 2022 22:24:01 GMT
/
www.facebook.com/tr/ Frame 7116 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=Microdata&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&rl=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&if=true&ts=1653258241915&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SF%20Login%20Page%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22%22%2C%22og%3Atitle%22%3A%22SF%20Login%20Page%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=1&o=30&it=1653258241159&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sun, 22 May 2022 22:24:01 GMT
i
scout.salesloft.com/ Frame F310 		48 B
512 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.144.43.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-144-43-78.compute-1.amazonaws.com
Software
/
Resource Hash
9caf75b396b033007a822291a9ccd3a59b2ae0f10d0e1975592b37a495a8672f
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
0d11a8d01c397a2a1453d34c27d8948f
i
scout.salesloft.com/ Frame 7116 		48 B
513 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.144.43.78 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-144-43-78.compute-1.amazonaws.com
Software
/
Resource Hash
3f28afff22d03381bb1eefde71de49a12d397b45d99c8569476a6792ce88e1fc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
strict-transport-security
max-age=15724800; includeSubDomains, max-age=31536000; includeSubDomains
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
content-length
48
x-request-id
c0d15fc99fe463146c8dd0ab7e5a0b26
index.php
stats.sa-as.com/ Frame F310 		95 B
426 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.sa-as.com/index.php?DID=259092&MyPage=undefined&MyID=undefined&MySearch=undefined&TitleTag=SF%20Login%20Page&Hst=info.phishlabs.com&width=1600&height=1200&ColDep=24&Lang=en-US&Cook=true&Page=%2Fsf-login-page-2&Reff=https%3A//phishlabs.my.salesforce.com/&FullPage=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&PMCD=https://info.phishlabs.com/sf-login-page-2&r=0.08519242037992791
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.128.119.150 , United States, ASN7151 (BAYAREA-AS, US),
Reverse DNS
209-128-119-150.bayarea.net
Software
Apache /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

Date
Sun, 22 May 2022 22:33:47 GMT
Content-Encoding
gzip
Server
Apache
Vary
Accept-Encoding
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
close
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Type
IMAGE/PNG
Content-Length
102
/
www.facebook.com/tr/ Frame F310 		44 B
88 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=149823563868256&ev=Microdata&dl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&rl=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&if=true&ts=1653258242429&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22SF%20Login%20Page%22%2C%22meta%3Adescription%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Adescription%22%3A%22%22%2C%22og%3Atitle%22%3A%22SF%20Login%20Page%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.60&r=stable&a=tmgoogletagmanager&ec=1&o=30&it=1653258241755&coo=false&es=automatic&tm=3&rqm=GET
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page-2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Sun, 22 May 2022 22:24:02 GMT
__ptq.gif
track.hubspot.com/ Frame F310 		45 B
962 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3605317381&v=1.1&a=326665&pi=65363752327&ct=landing-page&ccu=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&cpi=65363752327&lpi=65363752327&lvi=65363752327&r=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&pu=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&t=SF+Login+Page&cts=1653258242845&vi=4289e840d77cd6249a32cd525f951429&nc=true&ce=false&cc=0
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
f987670e-e021-40b7-bb93-65e12f805036
cf-ray
70f8f5b2eb8f5c44-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EbifFwbwUTMUVg18aqmWokyduxyfSY2LR2001cgxCdD6Nj%2BCjPW34SjHYi9T5rqY71UJl%2FR056850nEPlYSgKR7PPYjeKloB%2B65HJJLIX43yOdmpOud8jvR2hDd95MAWmlBvntRuT5bbxMiRuYeR"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
json
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ Frame F310 		67 B
914 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=326665
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:c8cc -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
6ad8527860c3a19c514c1998a328c5f9301a7e61f900b183c1988e2550f4da78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
6125dc2d-5284-42a0-8778-2663928f8af4
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
x-trace
2B2446B71DE18B273073A040626450625766AF6C40000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQqdMupM9XSg0ALO47kuayUA7q%2FdrQLNls3jASz4KhO%2BxIyWMwtRUTI4W08a%2BSqcM9NfuCeXXhGsweQ9ZTddecOuB5kAgiaNgm2bCJ3646pQSAL4jPc3qg56nY3PSoGvPmETlmrLx2LUPudL"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-allow-credentials
false
cf-ray
70f8f5b2eb639250-FRA
access-control-allow-headers
*
/
sumo.com/api/load/ Frame F310 		679 B
1018 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sumo.com/api/load/
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.38.14.212 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
f3c553a48c6008915624ae06a0d694e9940ffbe6544b9463552de9e3f8cea342
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://info.phishlabs.com/sf-login-page-2
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
vary
Origin, Accept-Encoding
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
679
conversion_async.js
www.googleadservices.com/pagead/ Frame F310 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
0a9adccc17d9e34e3971bce91e3723f1fef884844fed6e6e10085e19745faef5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14849
x-xss-protection
0
server
cafe
etag
10272469744856839321
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 22:24:02 GMT
/
www.googleadservices.com/pagead/conversion/698066554/ Frame F310 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698066554/?random=1653258243005&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
4fc27b1563349994b5497624afcb2ccaa9f245a61164387ae08af77c7248b652
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1197
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/698066554/ Frame F310
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u...
  • https://www.google.com/pagead/1p-conversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah...
  • https://www.google.de/pagead/1p-conversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYsr5AciVb5DQm4AC&cid=CAQSKQCNIrLMRxOtc--X-hynqEzai2RsYHW7Eps-8YoVV3-jZA3j08pn8C5H&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KxZrbk9BiJPt_AF1iKVHKvIja-WKCWrJY&random=3783950150&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Protocol
H3
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/698066554/?random=94811957&cv=9&fst=1653258243005&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYsr5AciVb5DQm4AC&cid=CAQSKQCNIrLMRxOtc--X-hynqEzai2RsYHW7Eps-8YoVV3-jZA3j08pn8C5H&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KxZrbk9BiJPt_AF1iKVHKvIja-WKCWrJY&random=3783950150&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
analytics.js
www.google-analytics.com/ Frame 7116 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: info.phishlabs.com
URL: https://info.phishlabs.com/sf-login-page
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
2957
date
Sun, 22 May 2022 21:34:46 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Sun, 22 May 2022 23:34:46 GMT
json
api.hubapi.com/hs-script-loader-public/v1/config/pixel/ Frame 7116 		67 B
431 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixel/json?portalId=326665
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:c8cc -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
6ad8527860c3a19c514c1998a328c5f9301a7e61f900b183c1988e2550f4da78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
4265c7f0-2c36-4b32-8426-3aad43577fde
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
x-trace
2B5036CA3B2E8D4BFF8E5B363C5A4D41A21EC8F20A000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zm1%2B3butjDBNm%2FpVD4%2FrfNiHHlPZPC3VJy6NSr5nlEM3Z3aRyqpunjLnFjuniDU6v95pOSZKss%2B5GLqrvKD8%2B9rLABBZ2ejrete5tWOSUKgVttK9dw573GdixdJEI2vsyjigCUzexMLJvI9r"}],"group":"cf-nel","max_age":604800}
content-type
application/json;charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-allow-credentials
false
cf-ray
70f8f5b36bd79250-FRA
access-control-allow-headers
*
__ptq.gif
track.hubspot.com/ Frame 7116 		45 B
555 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3605317381&v=1.1&a=326665&pi=51834294403&ct=landing-page&ccu=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&cpi=51834294403&lpi=51834294403&lvi=51834294403&r=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&pu=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&t=SF+Login+Page&cts=1653258243085&vi=825c12dd230809fd949c3464cc86b18b&nc=true&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id
83a4c035-111b-4104-b240-ef1bde8605cd
cf-ray
70f8f5b36c455c44-FRA
p3p
CP="NOI CUR ADM OUR NOR STA NID"
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
45
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hTwmyhFIn%2Bo6pzoiv5TWTvu%2BWADf65PGoHCzbvDWQcGR%2BA38lXEre3RaYc3YfFzu0vxSpfeQ1CiqxdsYktcXlPFELoRUYtbFAGyy84lWGlVJldSzVmek42AhX7AiLcr4edjcK8eu%2Fdx3keztzztS"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
x-robots-tag
none
/
sumo.com/api/load/ Frame 7116 		679 B
1020 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sumo.com/api/load/
Requested by
Host: load.sumo.com
URL: https://load.sumo.com/73.0a035390359aab65eb82.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.38.14.212 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
cd8b15d2a7ddc438d105cdbed34620b1f105906828fbe4c8fbf33165c14252c9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://info.phishlabs.com/sf-login-page
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
vary
Origin, Accept-Encoding
server
nginx
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
access-control-allow-origin
https://info.phishlabs.com
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
content-length
679
conversion_async.js
www.googleadservices.com/pagead/ Frame 7116 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
0a9adccc17d9e34e3971bce91e3723f1fef884844fed6e6e10085e19745faef5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14849
x-xss-protection
0
server
cafe
etag
10272469744856839321
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 22:24:03 GMT
/
www.googleadservices.com/pagead/conversion/698066554/ Frame 7116 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/698066554/?random=1653258243155&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
08b7a7e2bd1c6ac9673a21ff1df60b01ce29fec4a788437db10f43638235c78d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1217
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ Frame F310 		106 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-698066554
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
529d1f641e0a27039c1592ac99ed97a6040939a86a374ea3bc91252992d05d22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42801
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 22:24:03 GMT
js
www.googletagmanager.com/gtag/ Frame F310 		106 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-698066554&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e1ea7f9134154b5a7981a0dc107b64f307d23056c618dcba2387e29b2e0db5c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42786
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 22:24:03 GMT
/
www.google.de/pagead/1p-conversion/698066554/ Frame 7116
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&...
  • https://www.google.com/pagead/1p-conversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_a...
  • https://www.google.de/pagead/1p-conversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYpnwCu-mx_AP-uagiAY&cid=CAQSKQCNIrLMYumGd0ZwX82T9oRQw6bEn917KygAn6YrKBhIAKHGnkGgJDgk&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KroMqoSPYTTuG_acA48Vhj8pztVB3nxx4&random=2202020817&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Protocol
H3
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/698066554/?random=623328193&cv=9&fst=1653258243155&num=1&value=0&label=RgjoCPGzstcCEPrM7swC&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2wg5b0&sendb=1&ig=1&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=A7iKYpnwCu-mx_AP-uagiAY&cid=CAQSKQCNIrLMYumGd0ZwX82T9oRQw6bEn917KygAn6YrKBhIAKHGnkGgJDgk&eitems=ChEI8L6nlAYQ-fWrrqOB4cOlARIdAHHMu0KroMqoSPYTTuG_acA48Vhj8pztVB3nxx4&random=2202020817&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame F310 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-698066554&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
0a9adccc17d9e34e3971bce91e3723f1fef884844fed6e6e10085e19745faef5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14849
x-xss-protection
0
server
cafe
etag
10272469744856839321
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 22:24:03 GMT
js
www.googletagmanager.com/gtag/ Frame 7116 		106 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-698066554
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
529d1f641e0a27039c1592ac99ed97a6040939a86a374ea3bc91252992d05d22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42801
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 22:24:03 GMT
js
www.googletagmanager.com/gtag/ Frame 7116 		106 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-698066554&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5JL2H9R
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a165efe8945f059d5969bc8415f3243bf73b830712b33798089c43b7f6643a36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42812
x-xss-protection
0
last-modified
Sun, 22 May 2022 21:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 22 May 2022 22:24:03 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/ Frame F310 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/?random=1653258243294&cv=9&fst=1653258243294&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5697dfefc516e6d3e48707e1e5f8d0b83c7cb69be1d6b57dca4a1e65cff6554c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1043
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ Frame 7116 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-698066554
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s53-in-f2.1e100.net
Software
cafe /
Resource Hash
0a9adccc17d9e34e3971bce91e3723f1fef884844fed6e6e10085e19745faef5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14849
x-xss-protection
0
server
cafe
etag
10272469744856839321
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sun, 22 May 2022 22:24:03 GMT
/
www.google.com/pagead/1p-user-list/698066554/ Frame F310 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/698066554/?random=1653258243294&cv=9&fst=1653256800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&async=1&fmt=3&is_vtc=1&random=1033973296&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/698066554/ Frame F310 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/698066554/?random=1653258243294&cv=9&fst=1653256800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page-2&ref=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&tiba=SF%20Login%20Page&async=1&fmt=3&is_vtc=1&random=1033973296&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page-2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/ Frame 7116 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/698066554/?random=1653258243372&cv=9&fst=1653258243372&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&ig=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
4215251af4cf465a1957b32d1963ac721cf95eb0a8cc599e473ef270fef5c155
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1057
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/698066554/ Frame 7116 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/698066554/?random=1653258243372&cv=9&fst=1653256800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&async=1&fmt=3&is_vtc=1&random=3144065109&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/698066554/ Frame 7116 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/698066554/?random=1653258243372&cv=9&fst=1653256800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa5b0&sendb=1&data=event%3Dgtag.config&frm=2&url=https%3A%2F%2Finfo.phishlabs.com%2Fsf-login-page&ref=https%3A%2F%2Fphishlabs.my.salesforce.com%2F&tiba=SF%20Login%20Page&async=1&fmt=3&is_vtc=1&random=3144065109&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://info.phishlabs.com/sf-login-page
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

pragma
no-cache
date
Sun, 22 May 2022 22:24:03 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

17 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails object| SFDCSessionVars function| SfdcFramework object| Sfdc object| SfdcApp object| DomainSwitcher object| IdpOptions object| LoginHint function| loader function| checkCaps function| handleLogin function| lazyload

29 Cookies

Domain/Path Name / Value
phishlabs.lightning.force.com/ Name: CookieConsentPolicy
Value: 0:0
phishlabs.lightning.force.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.force.com/ Name: BrowserId
Value: 3wBT69odEeyxIA-vOcQ6Eg
.force.com/ Name: BrowserId_sec
Value: 3wBT69odEeyxIA-vOcQ6Eg
phishlabs.my.salesforce.com/ Name: CookieConsentPolicy
Value: 0:1
phishlabs.my.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
.salesforce.com/ Name: BrowserId
Value: 34rgUtodEeyUJfuGQ0p_gw
.salesforce.com/ Name: BrowserId_sec
Value: 34rgUtodEeyUJfuGQ0p_gw
login.salesforce.com/ Name: CookieConsentPolicy
Value: 0:0
login.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
login.salesforce.com/ Name: session
Value: 1653258239253
na168.salesforce.com/ Name: CookieConsentPolicy
Value: 0:0
na168.salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:0
.ws.zoominfo.com/ Name: visitorId
Value: ab58d1cc18683d3c9ba7429630366411adf7daa9626f6bd944c9560bd6bd97f1
.info.phishlabs.com/ Name: __cfruid
Value: 9020a2def74158355b6bdb4d7848aa902d95a402-1653258241
.bidr.io/ Name: bito
Value: AAEHtk7FFXAAAEusOvP2DQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.doubleclick.net/ Name: IDE
Value: AHWqTUmsc7iKnQBiMdTUEuL_cluGTt7QEYm7end-PMnJgjKuZ0ItMgtHmGqERZCa
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: lidc
Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2262:u=1:x=1:i=1653258241:t=1653344641:v=2:sig=AQHgES-I8oHIxetcQAFHXZBJskbOjffB"
.company-target.com/ Name: tuuid_lu
Value: 1653258242
.linkedin.com/ Name: UserMatchHistory
Value: AQK80oZYXHPPJwAAAYDt3sfC0xdKsNip7diIB1xWn99W41xK8zYJJT4s9rn47CsCqfVh66326OCyLQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLvrvjCNTNKPwAAAYDt3sfCNOxOFIguaIQQE0H6FP_oDSsLcU1xCgeCIgE8ENNkpZ-yePR6qSPRDG2jGhGicg
.linkedin.com/ Name: bcookie
Value: "v=2&e495b370-3da4-40ac-871e-949f9ff2f6e1"
.company-target.com/ Name: tuuid
Value: 1ee11e3a-0feb-41a2-a201-a7477a532815
.linkedin.com/ Name: lang
Value: v=2&lang=de-de
.codepen.io/ Name: __cf_bm
Value: FaduQhq0g80OFpiui6Z3RdPmTsbwSPyNz3RqKXUup9o-1653258242-0-AWqMELg3bLReyAV5K1F1R4HhRxoPd21epnKJzd6OhuNIClVWxKKpZJV07pc6JK39WBHD3qPWd5tzAxWylKg5Fbw=
.www.linkedin.com/ Name: bscookie
Value: "v=1&20220522222402e1ca0acb-e6a0-4cd1-873e-09cf749b6b54AQEaEJO6zJc11aO91vLnehWd6PsaJ9j_"
.linkedin.com/ Name: li_gc
Value: MTswOzE2NTMyNTgyNDI7MjswMjHp6AupsMV7tbMhwCsB94AYegrkPGP1CFwwjpGQD6yyxg==

2 Console Messages

Source Level URL
Text
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()
network error URL: https://id.rlcdn.com/464526.gif
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

130-bfb-942.mktoresp.com
api.company-target.com
api.hubapi.com
assets.codepen.io
cdn.callrail.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
id.rlcdn.com
info.phishlabs.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hsleadflows.net
load.sumo.com
load.sumome.com
login.salesforce.com
match.prod.bidr.io
munchkin.marketo.net
na168.salesforce.com
phishlabs.lightning.force.com
phishlabs.my.salesforce.com
px.ads.linkedin.com
px4.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
segments.company-target.com
snap.licdn.com
static.hotjar.com
stats.sa-as.com
sumo.com
tag.demandbase.com
track.hubspot.com
vars.hotjar.com
ws.zoominfo.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googleoptimize.com
www.googletagmanager.com
www.linkedin.com
104.89.28.179
108.157.4.21
13.107.42.14
13.109.187.205
13.110.56.204
13.110.62.206
142.250.185.226
143.204.215.43
143.204.215.77
18.66.248.17
192.28.144.124
209.128.119.150
23.111.9.64
2606:2c40::c73c:671f
2606:4700:4400::ac40:9a55
2606:4700::6810:a852
2606:4700::6810:b02c
2606:4700::6811:43b0
2606:4700::6811:70b0
2606:4700::6811:c8cc
2606:4700::6811:e9cc
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:800::2004
2a00:1450:4001:800::200e
2a00:1450:4001:810::2002
2a00:1450:4001:810::2008
2a00:1450:4001:82f::2003
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2003
2a00:1450:4001:831::200a
2a02:26f0:3500:7::17d8:4dc8
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
35.244.174.68
52.215.3.215
52.38.14.212
54.144.43.78
54.84.95.254
84.17.46.53
85.222.153.195
99.86.4.31
99.86.4.91
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
063bea88139206ba971350416eb9d7a6e9c7bca372a55f380f472d84d505dd0e
08b7a7e2bd1c6ac9673a21ff1df60b01ce29fec4a788437db10f43638235c78d
08c8eb095458d2aed705fa0d062bebde26696d9fa52bb0f4cea1ace939adf75d
0a9adccc17d9e34e3971bce91e3723f1fef884844fed6e6e10085e19745faef5
0e8a758f2f2d105ff00611253974bc81b0e0bfca7e4f5d06f8e955be460f4726
10d7ebbbb0a90097f9a8bb69f5616ff502210b74bfe69c467055bc60411fdd5d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
142e1cd28809b7bbe61123941a3a70a045a5c1fa864c97574b32abd94f4b4229
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
162d1ebe2f6f03049b53c407b7197b73bb48dc0bc49536f8f656f916363367b4
1f1752651aca663f40e45c60e182172fc426a40df042098f6e68a56db2c459f3
26a65fceb456801d25cc8f90343268b1a30be028992a1389af6371e776ba2d56
2ba4a6b1ebfb80728d3b65bfa635d53207ea54977db48861f4b81cec562f8458
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
30b76237f4c654e30bc806e5e3a7a7fd0be4607c025272c68e598700af348590
3b7b8a4b411ddf8db9bacc2f3aabf406f8e4c0c087829b336ca331c40adfdff1
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f28afff22d03381bb1eefde71de49a12d397b45d99c8569476a6792ce88e1fc
4215251af4cf465a1957b32d1963ac721cf95eb0a8cc599e473ef270fef5c155
42a531dce996297d2a03cb33044b36408821072ad24b9477a237bd8a3ed6ebf7
44b7fb6f761a2e8bf64400e3311c4c4bf343e888ee1b8bbf125881c4617ed70f
470ce266c15074d073e804d39bf48f980d214c4b4b5dd3cdf7f4b6b0e32835be
4762e79732140151f9c2758c7b0bb023cc22bb5b9b7ae69b7ce8a3642d6ac80f
49e8187781eff93305f402677187e3e74b291edfc85aed6f3b52e205ae5d896f
49e83cc3ef357dadc3f480a6b0b76f654772622ac699f2f9d454d543f2d4e6de
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4b3bd457ad1a29bef7c2271997475af79566198a237506c86669a18f5025c41c
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4d82fe22866056ccadac57ccb8f5978e59c5e4460bd9d4106a584ef0b48e1a5a
4fc27b1563349994b5497624afcb2ccaa9f245a61164387ae08af77c7248b652
529d1f641e0a27039c1592ac99ed97a6040939a86a374ea3bc91252992d05d22
5475ef880793a875564088fea38154cee107eede5a2af036f3774a3dec5e48e6
549660be1bcc8bddbd57d25e9a7fa8d30b44c37ecc3f0af02494d9b1ac926eca
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5697dfefc516e6d3e48707e1e5f8d0b83c7cb69be1d6b57dca4a1e65cff6554c
599c6827f613c3549cac226ab2017588669c2617a779129f7cce22d7f874b426
662b97d6826c2e5cfd4e6a8fe8d5cf696620ba7a205c915731532fbecb560936
67f8c7fd7353ad063da1f3115924c458c494cb134f4d87de4407a132842c9bc9
6ad8527860c3a19c514c1998a328c5f9301a7e61f900b183c1988e2550f4da78
6b3f0a6d6a59d8015a0f304089d399067747d2618e48cce61474983bf0e76f7d
6e254c656a029b64c10f320cb325858bc578c94d7a6ec1e5703ba03abb6738c0
6effaae73ce83316d1356ea984e417519743bce7a23982f053b1b8ec82135dae
6ffc89bfd0b1dbbf3fd5b122ee26c05f39f23b680d43e70254c4caf4b425a105
72c8ccd8b081cadafdd20ca628c62e6e532baa648599e1417a3244084af3908c
73c748a03b271d7a4d7c1ed120f668653c1d7ed4632748920048ddcde2e6d759
75cde5cd327239276b3bafb85d50f38fbd3b77bd15984deb9f6c02dd01b8ff86
79af41973bc96207688346b12db5f13d13f6799956e92bcfa240239bfff98a5b
7f06593fd04112f8f991fcddae285285243b502f8ee32ab9ad6a54a45c0c62d0
8111cbc6e43e8fa2c0993ecc768ff768d0e2eec90ff0e98fa954934653280877
88171413fc76dda23ab32baa17b11e4fff89141c633ece737852445f1ba6c1bd
895f492be4e7fcbe0f12090af4097a95d96b07157baacd9d8011c0a24e4dc947
954bef6790dd6644977788b2ae26d419570047dc3ca42484bac947d8fc94e323
96c81131f835646ed2eca9451d2f605b6015eadd06b9aaaa9298d13936b21b0a
9caf75b396b033007a822291a9ccd3a59b2ae0f10d0e1975592b37a495a8672f
a165efe8945f059d5969bc8415f3243bf73b830712b33798089c43b7f6643a36
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a3141000abd1d2a613408608a9cb3fe825f723f7b05611db1b9b97eeaf415cae
a7f34d8a360138562c84cb056d4fcf2ea1f696ddc1035b23dbfe473fc577b9d2
acbe6770b0fc8b621a9d4f7068b241fb403fe999ea33270931ee59ec4cfdf3f1
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c2e6337626070c83775b83e0968a0e266a1f3b80035726bbd052770a4db6cc81
c69d6f8b84850c5cd202894180372e3cb762bb1e111cc975d96f880a87b48f42
cd8b15d2a7ddc438d105cdbed34620b1f105906828fbe4c8fbf33165c14252c9
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b
d430f3d67d4fdf9143a4db967deb1d79d384fd5a90bba6f3846452f55b5b6887
d91ea1c6b56e9b6efc3164f86101d70f8e8b2fccc70d6a1106b93948e411b36c
db698624112058457713cd475f1ec2a3623baeec72511649baf81e34b4fe28f4
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dd11601c17fb8d00dabc2f9098f8981adb8fc219d32bd1ef4870a79bb2754008
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
e05ae076790852a21a47535d8a06e4ebdfc3079536d9c3f9f91d9f5b29303f0e
e1ea7f9134154b5a7981a0dc107b64f307d23056c618dcba2387e29b2e0db5c3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5672ea8b4bfb3e235065932e817f738913ada8fc8ac0046870825960c3bc251
e7816b6bd80713ced0fabbf061d7ad97d6d1ff4fbf94a1e2b17fbd61421a3a17
ec787aa1ff5c729635e3b4c140d088b8363f03a4dca06aca9b157f257e2aba00
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0bd16158b8563ae4091546a56258e7bc73523cb0803940fc1c2b2d8b77bf459
f394449b628adf61ff28bab19f83eb9c9ff876a0a94363639119b5b675b43fd9
f3c553a48c6008915624ae06a0d694e9940ffbe6544b9463552de9e3f8cea342
f452c0a329f17acfb74497d9ddef4a0d5af4166d43da2a3824387fc71205cd4f
f49425f5b998238d124fe6a278d18123df013e7acc4ea295d9b4e860d153da02
f8b8c8146d6359d62410c5da0c4573717f95f8a2e79fcdf1c3ab242a70d10488
fa3d8b4bf92b0f8ca5082a5566b8238a2b608958afe72d4688c3ea83651c7425