urlscan.io logo urlscan.io
SecurityTrails logo

bhoroshasthol.com Open in urlscan Pro
2a06:98c1:3121::3  Public Scan

Go To Rescan Add Verdict Report
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Submission Tags: phishing
Submission: On May 04 via api from US — Scanned from NL
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2a06:98c1:3121::3, located in United States and belongs to CLOUDFLARENET, US. The main domain is bhoroshasthol.com.
TLS certificate: Issued by E1 on April 17th 2023. Valid for: 3 months.
This is the only time bhoroshasthol.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2a06:98c1:312... 13335 (CLOUDFLAR...)
7 13.110.37.36 14340 (SALESFORCE)
2 85.222.155.67 14340 (SALESFORCE)
13 4
Apex Domain
Subdomains		 Transfer
7 force.com
portalaccess.force.com
21 KB
2 salesforce.com
login.salesforce.com — Cisco Umbrella Rank: 5445
10 KB
2 bhoroshasthol.com
bhoroshasthol.com
13 KB
13 3
Domain Requested by
7 portalaccess.force.com bhoroshasthol.com
portalaccess.force.com
2 login.salesforce.com portalaccess.force.com
login.salesforce.com
2 bhoroshasthol.com bhoroshasthol.com
13 3

This site contains links to these domains. Also see Links.

Domain
portalaccess.force.com
Subject Issuer Validity Valid
bhoroshasthol.com
E1		 2023-04-17 -
2023-07-16		 3 months crt.sh
*.na141.force.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-15 -
2024-03-13		 a year crt.sh
login.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-14 -
2023-06-13		 a year crt.sh

This page contains 2 frames:

Primary Page: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Frame ID: C7214034D051BF6369E75240439255AA
Requests: 11 HTTP requests in this frame

Frame: https://login.salesforce.com/login/sessionserver212.html
Frame ID: 976A7F76616CFB03B8120AB821ADF472
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | Portal Access

Page Statistics

13
Requests

85 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

2
Countries

45 kB
Transfer

101 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
bhoroshasthol.com/sa.officedepot.workspace.com/ 		9 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f746ecd9124e329bec9fb164e513522ead38c2ba0d7d29ee9422a307babdc8cf

Request headers

Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
nl-NL,nl;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
7c20c690dcb51c7a-AMS
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 04 May 2023 12:34:03 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AfMhW7SmlcjJWyFULt%2FWDC9uTctp3taZj%2FPyMNfqm%2Fv53bjGX%2BzXwzervoWxpk9x3AQ7%2B3yvOrGshZrOyrvxPIwsgcjc24x0udUQ1c1aNJEHbFZcVyGzY3lyTOemesGjrmiaXMlyt%2BrU75KjA1r41A%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
sfdc_210.css
portalaccess.force.com/css/ 		15 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portalaccess.force.com/css/sfdc_210.css
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
c225ba1069485484b90206a0c6526046c88de0505eedab79c65612e22dcac98c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Sun, 23 Apr 2023 21:10:13 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Mon, 14 Nov 2022 20:33:00 GMT
Age
919432
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
3798
Expires
Mon, 21 Aug 2023 21:10:13 GMT
SfdcSessionBase208.js
portalaccess.force.com/jslibrary/ 		16 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalaccess.force.com/jslibrary/SfdcSessionBase208.js
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
52ca1f9d5b39ac9590e45d7665d1121364d804df601330d49b19817e586d3133
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Wed, 03 May 2023 15:09:44 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Mon, 01 May 2023 18:36:50 GMT
Age
77061
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
5922
Expires
Thu, 31 Aug 2023 15:09:44 GMT
LoginHint208.js
portalaccess.force.com/jslibrary/ 		20 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalaccess.force.com/jslibrary/LoginHint208.js
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
7e1be85121724b45c7ac94344a70c0db1218e40b53ff78f3b2228a77929c0a56
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Tue, 18 Apr 2023 12:35:22 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Thu, 13 Apr 2023 17:45:12 GMT
Age
1382323
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
6189
Expires
Wed, 16 Aug 2023 12:35:22 GMT
servlet.png
bhoroshasthol.com/sa.officedepot.workspace.com/foot/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bhoroshasthol.com/sa.officedepot.workspace.com/foot/servlet.png
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3121::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
808d5f90e26ff1cef2544ee1d3c3b0cd09ec83e67bf2d2e4268ae5b194f94b54

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/sa.officedepot.workspace.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

date
Thu, 04 May 2023 12:34:05 GMT
cf-cache-status
MISS
last-modified
Thu, 04 May 2023 00:08:40 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BGbP%2FBq7y3urH7dw8ncaBt9n00UcueKfUBbq4q3ImnXyXiRxuI9G9ssBz1uV%2FmpSXnxct55tBnuqJSgQz8BhIk7OhCMpymBMR6iIC32T4G7rp75ouX5XDlyNYIcwM0C%2Bo%2F1aF%2B%2BjmS1vJj5q%2FFqQDA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
7c20c69e7bca1c7a-AMS
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
10168
clear.png
portalaccess.force.com/img/ 		477 B
805 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portalaccess.force.com/img/clear.png
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
dd464055be78eadee2d5d3ecc5380600b788883e462d9e77372877dc04110e6d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Tue, 18 Apr 2023 06:23:43 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Thu, 21 May 2015 20:40:36 GMT
Age
1404622
Content-Type
image/png
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
477
Expires
Wed, 16 Aug 2023 06:23:43 GMT
baselogin4.js
portalaccess.force.com/jslibrary/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portalaccess.force.com/jslibrary/baselogin4.js
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
a44a332a5a4f24eb901f6cc0d4594e7befeaedb9717d7e3a43a5c139d0e03e6e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Tue, 18 Apr 2023 11:52:15 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Thu, 13 Apr 2023 17:45:12 GMT
Age
1384910
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
1789
Expires
Wed, 16 Aug 2023 11:52:15 GMT
LoginMarketingSurveyResponse.js
portalaccess.force.com/jslibrary/ 		1 KB
1016 B 		Script
General
Check archive.org
Download Go to
Full URL
https://portalaccess.force.com/jslibrary/LoginMarketingSurveyResponse.js
Requested by
Host: bhoroshasthol.com
URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
d7c69aa9b8a38fd462dedb21a38aaf775d26b69a0ce81fb7e237c1e9badfbb98
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Tue, 02 May 2023 15:58:19 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Thu, 27 Apr 2023 17:57:44 GMT
Age
160546
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
627
Expires
Wed, 30 Aug 2023 15:58:19 GMT
SalesforceSans-Regular.woff2
portalaccess.force.com/login/assets/fonts/SalesforceSans/ 		0
0
sessionserver212.html
login.salesforce.com/login/ Frame 976A 		91 B
959 B 		Document
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/login/sessionserver212.html
Requested by
Host: portalaccess.force.com
URL: https://portalaccess.force.com/jslibrary/SfdcSessionBase208.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.155.67 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl7-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
db743dbd91a699d36f6a755ad2c8eec5ce0d1b3715df50a651b7c24de11c1811
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bhoroshasthol.com/
Upgrade-Insecure-Requests
1
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)
accept-language
nl-NL,nl;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
public,max-age=86400
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests
Content-Type
text/html;charset=UTF-8
Date
Thu, 04 May 2023 12:34:05 GMT
Expires
Fri, 05 May 2023 12:34:05 GMT
Last-Modified
Wed, 23 Aug 2017 20:39:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
SessionServer212.js
login.salesforce.com/jslibrary/ Frame 976A 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.salesforce.com/jslibrary/SessionServer212.js
Requested by
Host: login.salesforce.com
URL: https://login.salesforce.com/login/sessionserver212.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.155.67 Frankfurt am Main, Germany, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl7-ncg0-fra3.login.salesforce.com
Software
/
Resource Hash
3fd16348fe4ca03d12f4668222ce1eab604cf1c0a8e9ee23b15cb35ebed94110
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://login.salesforce.com/login/sessionserver212.html
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Thu, 04 May 2023 12:34:05 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 03 May 2023 19:40:04 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
Expires
Fri, 01 Sep 2023 12:34:05 GMT
SalesforceSans-Regular.woff
portalaccess.force.com/login/assets/fonts/SalesforceSans/ 		0
0
capslock_blue.png
portalaccess.force.com/img/icon/ 		559 B
887 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portalaccess.force.com/img/icon/capslock_blue.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.37.36 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl3-ncg0-phx3.na141-ph2.force.com
Software
/
Resource Hash
02c47d1fb4a92fd6eca59ed828b0d0d7a8ef8285688bd27f36b1e003ffa9a52c
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://bhoroshasthol.com/
User-Agent
ia_archiver (+http://www.alexa.com/site/help/webmasters; crawler@alexa.com)

Response headers

Date
Tue, 18 Apr 2023 12:01:51 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
Last-Modified
Sun, 30 Jun 2019 10:26:54 GMT
Age
1384335
Content-Type
image/png
Cache-Control
public,max-age=10368000
Accept-Ranges
bytes
Content-Length
559
Expires
Wed, 16 Aug 2023 12:01:51 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
portalaccess.force.com
URL
https://portalaccess.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
Domain
portalaccess.force.com
URL
https://portalaccess.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| SFDCSessionVars function| SfdcFramework object| Sfdc object| SfdcApp object| DomainSwitcher object| IdpOptions object| LoginHint function| loader function| checkCaps function| handleLogin function| lazyload

0 Cookies

4 Console Messages

Source Level URL
Text
javascript error URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Message:
Access to font at 'https://portalaccess.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2' from origin 'https://bhoroshasthol.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://portalaccess.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff2
Message:
Failed to load resource: net::ERR_FAILED
javascript error URL: https://bhoroshasthol.com/sa.officedepot.workspace.com/
Message:
Access to font at 'https://portalaccess.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff' from origin 'https://bhoroshasthol.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://portalaccess.force.com/login/assets/fonts/SalesforceSans/SalesforceSans-Regular.woff
Message:
Failed to load resource: net::ERR_FAILED