Report - 47.91.149.178/privacy/policy

Report Overview

Submitted URL
47.91.149.178/privacy/policy
IP
47.91.149.178
ASN
#45102 Alibaba US Technology Co., Ltd.
Submitted
2024-04-18 06:07:30
Access
public
Website Title
Facebook
Final URL
47.91.149.178/privacy/policy
Tags
meta facebook phishing social
urlquery detections
Phishing - Facebook

Detections

urlquery
9
Network Intrusion Detection
0
Threat Detection Systems
54

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
47.91.149.178	unknown	unknown	2019-12-09	2024-03-28	3.8 kB	206 kB	47.91.149.178
agent.joinf.cn	unknown	2009-07-05	2019-12-20	2024-04-08	5.2 kB	3.3 MB	47.91.149.178

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-03	medium	47.91.149.178/	Facebook, Inc.
2024-03-16	medium	agent.joinf.cn/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed
2024-04-18	medium	47.91.149.178	Sinkholed

ThreatFox

No alerts detected

JavaScript (11)

	URL	Size	First Seen	Last Seen
	static.xx.fbcdn.net/rsrc.php/v3/yo/r/rMjUV3tlg5-.js?_nc_x=Ij3Wp8lg5Kz	957 B	2023-07-06	2024-04-30
Pretty URL static.xx.fbcdn.net/rsrc.php/v3/yo/r/rMjUV3tlg5-.js?_nc_x=Ij3Wp8lg5Kz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-06 12:57:55 Last Seen2024-04-30 02:06:59 Times Seen870 Hash c9127cdccc5e7ba2e6fb3699d6592904 daad14d6e0a7f8919463500b8f58e8bc63914fb1 b873671ef1b37dc064f74561503bc7738f8bd318eaafd582da7a5dc8371a8fd0 Loading...

	static.xx.fbcdn.net/rsrc.php/v3/yu/r/emmFfFsTUtD.js?_nc_x=Ij3Wp8lg5Kz	1.3 kB	2023-07-06	2024-04-30
Pretty URL static.xx.fbcdn.net/rsrc.php/v3/yu/r/emmFfFsTUtD.js?_nc_x=Ij3Wp8lg5Kz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-06 12:57:54 Last Seen2024-04-30 02:06:59 Times Seen878 Hash 13e86ca3a4cf24ff867234a1435606a3 3227c1fd291ce20fac271325897a3e8691a3d474 57d535c3941adc1f62ae8713c9c6f5a0d44d0833891eb5458966e34b59bef46e Loading...

	agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL3IvZld4TDFycjBPYnEuanM/X25jX3g9SWozV3A4bGc1S3o=	305 B	2024-02-22	2024-04-21
Pretty URL agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL3IvZld4TDFycjBPYnEuanM/X25jX3g9SWozV3A4bGc1S3o= IP 47.91.149.178 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-22 00:54:19 Last Seen2024-04-21 17:53:41 Times Seen12 Hash 3597b11fc3b17ab898c01c4352181298 fd703b65fb26e3e998f03bca81c08f28a89cbac9 e66440b80362274601c578a2767e2361cd7818c3215491ac0d682f261da38381 Loading...

	agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lVL3IvdWlzSmRDaHhiRWUuanM/X25jX3g9SWozV3A4bGc1S3o=	304 kB	2024-04-18	2024-04-24
Pretty URL agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lVL3IvdWlzSmRDaHhiRWUuanM/X25jX3g9SWozV3A4bGc1S3o= IP 47.91.149.178 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:07:32 Last Seen2024-04-24 21:07:06 Times Seen28 Hash e92791ae800aca264f79330fcfb6721e 4c1a6961f30d4c3cc9064d5f73ac7ed61b2e1952 02c2eaebfec729bddc78e39c92d39ff2e16c1387dc7ef751777d2f9e72b5ba8e Loading...

	agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUhyQjQveS0vbC9lbl9VUy9ISXM2TmR2SkUwSi5qcz9fbmNfeD1JajNXcDhsZzVLeg==	1.1 MB	2024-04-18	2024-04-18
Pretty URL agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUhyQjQveS0vbC9lbl9VUy9ISXM2TmR2SkUwSi5qcz9fbmNfeD1JajNXcDhsZzVLeg== IP 47.91.149.178 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:07:32 Last Seen2024-04-18 08:07:32 Times Seen2 Hash 6d5652a064e05bdd474cae3f904bc710 7aeb5dcf60ad77c7f015fbe81ae83cf242fe6889 d00954dfd459beb5030d7446de572db5f6fdd496530ed537cee50a4d8e719593 Loading...

	static.xx.fbcdn.net/rsrc.php/v3/yL/r/dbgrMsnD18p.js?_nc_x=Ij3Wp8lg5Kz	418 B	2023-07-06	2024-04-30
Pretty URL static.xx.fbcdn.net/rsrc.php/v3/yL/r/dbgrMsnD18p.js?_nc_x=Ij3Wp8lg5Kz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-06 12:57:54 Last Seen2024-04-30 02:06:59 Times Seen878 Hash 18f5757dd4c9ca737665c9e5f80756d5 1329f6e7dc9f20364e5a9c3bdc7bf43903bd833f c8141d007707b0013d361b41e91ccad163bb2713d1e43d3d1efb57678a1913cd Loading...

	static.xx.fbcdn.net/rsrc.php/v3/yH/r/ZLcKObNuO1b.js?_nc_x=Ij3Wp8lg5Kz	122 B	2023-12-02	2024-04-30
Pretty URL static.xx.fbcdn.net/rsrc.php/v3/yH/r/ZLcKObNuO1b.js?_nc_x=Ij3Wp8lg5Kz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-02 16:44:26 Last Seen2024-04-30 02:06:58 Times Seen718 Hash daeaaf11de3738d6e14d0cf5a0e90566 42774a39591dc467209a0b9fc94bf4058abc0f9d 00bc020c9b69caf1a659d40d6db9a47fd45757e74d17166c8ddea4f30ac503e4 Loading...

	agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lqL3IveklZcllKcXNLRnkuanM/X25jX3g9SWozV3A4bGc1S3o=	22 kB	2024-04-18	2024-04-18
Pretty URL agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lqL3IveklZcllKcXNLRnkuanM/X25jX3g9SWozV3A4bGc1S3o= IP 47.91.149.178 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:07:32 Last Seen2024-04-18 08:07:32 Times Seen2 Hash 4b181c5987ec2e289938fcae4cac8236 e35b5e4f654ee54f06a561ba6b15d9d309b46586 997baea3ca627a0e795b5f975a761a57f365d2b51d6477293e7d527021747128 Loading...

	agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUNqUTQveVQvbC9lbl9VUy8tY3VFckZ5WktzSS5qcz9fbmNfeD1JajNXcDhsZzVLeg==	56 kB	2024-04-18	2024-04-18
Pretty URL agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUNqUTQveVQvbC9lbl9VUy8tY3VFckZ5WktzSS5qcz9fbmNfeD1JajNXcDhsZzVLeg== IP 47.91.149.178 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:07:32 Last Seen2024-04-18 08:07:32 Times Seen2 Hash 28056153fba8f7ea8be56e44f0c5fbd5 241def990c1afd16bc738a91cc41bee2dcf95647 d1f62021abf4d7f9eaf9abde656d69e2568897d5d00875273525b2a53104e5b4 Loading...

	agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaWdZQTQveWsvbC9lbl9VUy81amo5U2h0RXVQWmdCYkJTVHBWQUl6cURCdzd5anFZdk1UTG9qUXRzRk5jc25DaHdBVVQxYVVnRFl2YXRrdlBob09SZjdzMFdKdkhNUEw5WEYwd08wZWo5TUwtbV9EaVFyZlhWQWJsSXV0bEp1RHU4RmpKMm1BZjVja3A4R3dyT01uN21CUDdvcy1fRmNvLTFSZHp1emkxNnlnZ1d2c0pwUUZyWXJHYzF3YS1PcTE5Y3JfbDFEdXpBdFdWRGg0Y24xQ014dWIzeTkxcW1sb1lxWF9lSk1sdnZoU0hxT0w4eENxaHhGSExwNTVIZlhXX19tTWdGUmxDc0dOMEZIemk5NV93bUItNTFZeG9TdHlCejJnRTJwRVFuNEhWRVI2dkhwUG4zLVdGV1YuanM/X25jX3g9SWozV3A4bGc1S3o=	1.2 MB	2024-04-18	2024-04-18
Pretty URL agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaWdZQTQveWsvbC9lbl9VUy81amo5U2h0RXVQWmdCYkJTVHBWQUl6cURCdzd5anFZdk1UTG9qUXRzRk5jc25DaHdBVVQxYVVnRFl2YXRrdlBob09SZjdzMFdKdkhNUEw5WEYwd08wZWo5TUwtbV9EaVFyZlhWQWJsSXV0bEp1RHU4RmpKMm1BZjVja3A4R3dyT01uN21CUDdvcy1fRmNvLTFSZHp1emkxNnlnZ1d2c0pwUUZyWXJHYzF3YS1PcTE5Y3JfbDFEdXpBdFdWRGg0Y24xQ014dWIzeTkxcW1sb1lxWF9lSk1sdnZoU0hxT0w4eENxaHhGSExwNTVIZlhXX19tTWdGUmxDc0dOMEZIemk5NV93bUItNTFZeG9TdHlCejJnRTJwRVFuNEhWRVI2dkhwUG4zLVdGV1YuanM/X25jX3g9SWozV3A4bGc1S3o= IP 47.91.149.178 ASN #45102 Alibaba US Technology Co., Ltd. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 08:07:32 Last Seen2024-04-18 08:07:32 Times Seen2 Hash fedd9ab192ce2ab0099569867be3015a a1d3a7c675b78f45ef79b97d95c771327d78f40e 925180ec482e38f52c5a81fc818058f600edebd4d9711ca8177159449d74e667 Loading...

	static.xx.fbcdn.net/rsrc.php/v3/y2/r/cMd_SZov9Ei.js?_nc_x=Ij3Wp8lg5Kz	269 B	2024-03-28	2024-04-30
Pretty URL static.xx.fbcdn.net/rsrc.php/v3/y2/r/cMd_SZov9Ei.js?_nc_x=Ij3Wp8lg5Kz IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-28 14:40:39 Last Seen2024-04-30 02:06:58 Times Seen26 Hash 331a36a3a4c643c8e7121a884c1a751f 7b4c1f0004f29830a7b50059dec4d83ce44b0d07 ab410d6ec4c6ab768230975ea72a4fe1179c83aace07b21cc4e616ee315f2ddc Loading...

HTTP Transactions (19)

URL IP Response Size

47.91.149.178/ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2872

47.91.149.178

200 OK

243 B

URL POST HTTP/1.1
47.91.149.178/ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2872
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
243 B (243 bytes)
Hash
06d18a985f8a6e5ce5e69b0cc4546601
88d3718ecbb4c01fbe3558edbbf81417649a27d9
93cc977859fb1db35bd15424a8c667f6efada09fdc630d58604bf67ee41ea5e4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/qm/?__a=1&__user=0&__comet_req=15&jazoest=2872 HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 132
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:05 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: CmhWrjAD+mPrOd1oKOvQhqrZJz8l2JqNyGRT+Jbs15O+jjBQkIPiF0yKrIHMgTaPaMs/ZpMa4omDBqW8I8tKvQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=8, rtx=1, c=72, mss=1380, tbw=200152, tp=-1, tpl=-1, uplat=158, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

47.91.149.178/privacy/policy

47.91.149.178

190 kB

URL User Request GET
47.91.149.178/privacy/policy
IP
47.91.149.178:0
ASN
#45102 Alibaba US Technology Co., Ltd.

File type
HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
190 kB (190301 bytes)
Hash
717049b399382000545972fe3e13797f
1abc63ac8440547fcdf7167c756e72c7394796c5
fbf63e1abc26dcf1c297ba80957086d9dc5451600e09474f15d548d9c8fc6b00

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /privacy/policy HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:04 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
accept-ch-lifetime: 4838400
accept-ch: viewport-width,dpr,Sec-CH-Prefers-Color-Scheme,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version,Sec-CH-UA-Model
Pragma: no-cache
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
Content-Type: text/html;charset=utf-8
X-FB-Debug: kGwDy9UcD5rNcgUyQLkfENNqdBSQkuVPnfZCxsFWAxMu4FRDKxfouL6c5ELgROw/3Tam3GZ4aqW6W0lhxNvwVA==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=1, rtx=0, c=10, mss=1380, tbw=3223, tp=-1, tpl=-1, uplat=183, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lqL3IveklZcllKcXNLRnkuanM/X25jX3g9SWozV3A4bGc1S3o=

47.91.149.178

200 OK

22 kB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lqL3IveklZcllKcXNLRnkuanM/X25jX3g9SWozV3A4bGc1S3o=
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
JavaScript source, ASCII text, with very long lines (6078)
Size
22 kB (21507 bytes)
Hash
4b181c5987ec2e289938fcae4cac8236
e35b5e4f654ee54f06a561ba6b15d9d309b46586
997baea3ca627a0e795b5f975a761a57f365d2b51d6477293e7d527021747128

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lqL3IveklZcllKcXNLRnkuanM/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:06 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: SxgcWYfsLiiZOPyuTKyCNg==
Expires: Fri, 18 Apr 2025 01:14:48 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
origin-agent-cluster: ?0
X-FB-Debug: lTLWb1utOlYu476n0z935R6hsLB2D0xHyat+FzXU3Vv8dmjiOLXOx1fbBrwzPuyEklmk7a7axDBMzaYij9TAFQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=9, rtx=3, c=282, mss=1380, tbw=350054, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 21507
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUNqUTQveVQvbC9lbl9VUy8tY3VFckZ5WktzSS5qcz9fbmNfeD1JajNXcDhsZzVLeg==

47.91.149.178

200 OK

56 kB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUNqUTQveVQvbC9lbl9VUy8tY3VFckZ5WktzSS5qcz9fbmNfeD1JajNXcDhsZzVLeg==
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
JavaScript source, ASCII text, with very long lines (8257)
Size
56 kB (55735 bytes)
Hash
28056153fba8f7ea8be56e44f0c5fbd5
241def990c1afd16bc738a91cc41bee2dcf95647
d1f62021abf4d7f9eaf9abde656d69e2568897d5d00875273525b2a53104e5b4

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUNqUTQveVQvbC9lbl9VUy8tY3VFckZ5WktzSS5qcz9fbmNfeD1JajNXcDhsZzVLeg== HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:06 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: KAVhU/uo9+qL5W5E8MX71Q==
Expires: Fri, 18 Apr 2025 00:54:13 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
origin-agent-cluster: ?0
X-FB-Debug: HhKgKrF9kfV998lZALBLh/NnCggIKoMNrtiEfg3ua62TrCv3Ir6PXm3VONUHWTI+08nswpF5mcp84bR35KHzvw==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=1, c=147, mss=1380, tbw=204473, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 55735
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL3IvZld4TDFycjBPYnEuanM/X25jX3g9SWozV3A4bGc1S3o=

47.91.149.178

200 OK

305 B

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL3IvZld4TDFycjBPYnEuanM/X25jX3g9SWozV3A4bGc1S3o=
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
JavaScript source, ASCII text
Size
305 B (305 bytes)
Hash
3597b11fc3b17ab898c01c4352181298
fd703b65fb26e3e998f03bca81c08f28a89cbac9
e66440b80362274601c578a2767e2361cd7818c3215491ac0d682f261da38381

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL3IvZld4TDFycjBPYnEuanM/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:07 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: NZexH8OxeriYwBxDUhgSmA==
Expires: Sat, 12 Apr 2025 14:36:53 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: ULy5kR7rH4d4zg5ozL5vEyBnlped9/G3+kjnAYJABinNZnEPCess5cSb4Rvb5i03hne1FU/OEmABfrxrEoivcQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=3, rtx=3, c=290, mss=1380, tbw=373493, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 305
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lVL3IvdWlzSmRDaHhiRWUuanM/X25jX3g9SWozV3A4bGc1S3o=

47.91.149.178

200 OK

304 kB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lVL3IvdWlzSmRDaHhiRWUuanM/X25jX3g9SWozV3A4bGc1S3o=
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
JavaScript source, ASCII text, with very long lines (11228)
Size
304 kB (304282 bytes)
Hash
e92791ae800aca264f79330fcfb6721e
4c1a6961f30d4c3cc9064d5f73ac7ed61b2e1952
02c2eaebfec729bddc78e39c92d39ff2e16c1387dc7ef751777d2f9e72b5ba8e

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lVL3IvdWlzSmRDaHhiRWUuanM/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:06 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 6SeRroAKyiZPeTMPz7ZyHg==
Expires: Fri, 18 Apr 2025 06:07:06 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: DtHGSCP9icgyZHaXLwLQtuCVJEbtE89qhBtrFfNUp/FItK2Nzi5gtXedwSxrTpUWT73tyZRURsf5jSm2ooQA2A==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=21, rtx=11, c=132, mss=1380, tbw=2574145, tp=-1, tpl=-1, uplat=145, ullat=0
Alt-Svc: h3=":443"; ma=86400
Content-Length: 304282
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaWdZQTQveWsvbC9lbl9VUy81amo5U2h0RXVQWmdCYkJTVHBWQUl6cURCdzd5anFZdk1UTG9qUXRzRk5jc25DaHdBVVQxYVVnRFl2YXRrdlBob09SZjdzMFdKdkhNUEw5WEYwd08wZWo5TUwtbV9EaVFyZlhWQWJsSXV0bEp1RHU4RmpKMm1BZjVja3A4R3dyT01uN21CUDdvcy1fRmNvLTFSZHp1emkxNnlnZ1d2c0pwUUZyWXJHYzF3YS1PcTE5Y3JfbDFEdXpBdFdWRGg0Y24xQ014dWIzeTkxcW1sb1lxWF9lSk1sdnZoU0hxT0w4eENxaHhGSExwNTVIZlhXX19tTWdGUmxDc0dOMEZIemk5NV93bUItNTFZeG9TdHlCejJnRTJwRVFuNEhWRVI2dkhwUG4zLVdGV1YuanM/X25jX3g9SWozV3A4bGc1S3o=

47.91.149.178

200 OK

1.2 MB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaWdZQTQveWsvbC9lbl9VUy81amo5U2h0RXVQWmdCYkJTVHBWQUl6cURCdzd5anFZdk1UTG9qUXRzRk5jc25DaHdBVVQxYVVnRFl2YXRrdlBob09SZjdzMFdKdkhNUEw5WEYwd08wZWo5TUwtbV9EaVFyZlhWQWJsSXV0bEp1RHU4RmpKMm1BZjVja3A4R3dyT01uN21CUDdvcy1fRmNvLTFSZHp1emkxNnlnZ1d2c0pwUUZyWXJHYzF3YS1PcTE5Y3JfbDFEdXpBdFdWRGg0Y24xQ014dWIzeTkxcW1sb1lxWF9lSk1sdnZoU0hxT0w4eENxaHhGSExwNTVIZlhXX19tTWdGUmxDc0dOMEZIemk5NV93bUItNTFZeG9TdHlCejJnRTJwRVFuNEhWRVI2dkhwUG4zLVdGV1YuanM/X25jX3g9SWozV3A4bGc1S3o=
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
JavaScript source, ASCII text, with very long lines (11296)
Size
1.2 MB (1235635 bytes)
Hash
fedd9ab192ce2ab0099569867be3015a
a1d3a7c675b78f45ef79b97d95c771327d78f40e
925180ec482e38f52c5a81fc818058f600edebd4d9711ca8177159449d74e667

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaWdZQTQveWsvbC9lbl9VUy81amo5U2h0RXVQWmdCYkJTVHBWQUl6cURCdzd5anFZdk1UTG9qUXRzRk5jc25DaHdBVVQxYVVnRFl2YXRrdlBob09SZjdzMFdKdkhNUEw5WEYwd08wZWo5TUwtbV9EaVFyZlhWQWJsSXV0bEp1RHU4RmpKMm1BZjVja3A4R3dyT01uN21CUDdvcy1fRmNvLTFSZHp1emkxNnlnZ1d2c0pwUUZyWXJHYzF3YS1PcTE5Y3JfbDFEdXpBdFdWRGg0Y24xQ014dWIzeTkxcW1sb1lxWF9lSk1sdnZoU0hxT0w4eENxaHhGSExwNTVIZlhXX19tTWdGUmxDc0dOMEZIemk5NV93bUItNTFZeG9TdHlCejJnRTJwRVFuNEhWRVI2dkhwUG4zLVdGV1YuanM/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:06 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: /t2asZLOKrAJlWmGe+MBWg==
Expires: Fri, 18 Apr 2025 03:28:13 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
origin-agent-cluster: ?0
X-FB-Debug: Xg1gyXwCzl2yVpx0FjwBv827Yms74lGLD/0ekw0Vy0Cwd1VRk2vT3YfbSiqQNLv8thm5xILHHNSuhit1iT85qw==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=1, rtx=3, c=216, mss=1380, tbw=697691, tp=-1, tpl=-1, uplat=2, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 1235635
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUhyQjQveS0vbC9lbl9VUy9ISXM2TmR2SkUwSi5qcz9fbmNfeD1JajNXcDhsZzVLeg==

47.91.149.178

200 OK

1.1 MB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUhyQjQveS0vbC9lbl9VUy9ISXM2TmR2SkUwSi5qcz9fbmNfeD1JajNXcDhsZzVLeg==
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
JavaScript source, ASCII text, with very long lines (19868)
Size
1.1 MB (1094740 bytes)
Hash
6d5652a064e05bdd474cae3f904bc710
7aeb5dcf60ad77c7f015fbe81ae83cf242fe6889
d00954dfd459beb5030d7446de572db5f6fdd496530ed537cee50a4d8e719593

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzaUhyQjQveS0vbC9lbl9VUy9ISXM2TmR2SkUwSi5qcz9fbmNfeD1JajNXcDhsZzVLeg== HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:06 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: bVZSoGTgW91HTK4/kEvHEA==
Expires: Fri, 18 Apr 2025 01:07:14 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: LgnsZcuDWzCSgjjn8Ebo/p5Riq7gizOsi8lYQ9Y491lsbs3+xfIPDwcobhlGBLTtWa2kM8OOVlwCZjnbrRAM/A==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=14, mss=1380, tbw=3222, tp=-1, tpl=-1, uplat=3, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 1094740
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3luL2wvMCxjcm9zcy9CZ3FaZFFvRUJPNi5jc3M/X25jX3g9SWozV3A4bGc1S3o=

47.91.149.178

200 OK

601 kB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3luL2wvMCxjcm9zcy9CZ3FaZFFvRUJPNi5jc3M/X25jX3g9SWozV3A4bGc1S3o=
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with very long lines (32559)
Size
601 kB (600624 bytes)
Hash
fc10f46d26b86447233024e65e8dea61
ed35f17b0907950fa03c9187eee2496b63b1059a
d23548c66a417b9e23a31d5bbff9b4736f78e30ae835b23c0c234e64ed23bad5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3luL2wvMCxjcm9zcy9CZ3FaZFFvRUJPNi5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:07 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: /BD0bSa4ZEcjMCTmXo3qYQ==
Expires: Fri, 18 Apr 2025 06:07:07 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: GSPCcGvoX9qJwt9nkFups/7G8P39K93B/Hnsin6H8OFN7h6iaPWtE6jQxA/xIhIz3lm96+28UuOTl6ghLvvoyw==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=3, rtx=2, c=192, mss=1380, tbw=262285, tp=-1, tpl=-1, uplat=286, ullat=0
Alt-Svc: h3=":443"; ma=86400
Content-Length: 600624
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3lUL3IvYUdUM2dza3pXQmYuaWNv

47.91.149.178

200 OK

5.4 kB

URL GET HTTP/1.1
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3lUL3IvYUdUM2dza3pXQmYuaWNv
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
3e764f0f737767b30a692fab1de3ce49
58fa0755a8ee455819769ee0e77c23829bf488dd
88ae5454a7c32c630703440849d35c58f570d8eecc23c071dbe68d63ce6a40d7

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3lUL3IvYUdUM2dza3pXQmYuaWNv HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:10 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: image/x-icon
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: PnZPD3N3Z7MKaS+rHePOSQ==
Expires: Wed, 16 Apr 2025 21:49:27 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: TRDUAuDXmohyBXiaNPl1PZJYM01GmeyxPIhkWJsvvmpS1DsVMsk0tTgfQZhGvFW0nPHmQhxk74iM52xHCgbEwg==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=11, rtx=7, c=268, mss=1380, tbw=1941089, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 5430
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static/rsrc.php/yu/r/Ddk-AuWE7VS.svg

47.91.149.178

2.6 kB

URL GET
agent.joinf.cn/static/rsrc.php/yu/r/Ddk-AuWE7VS.svg
IP
47.91.149.178:0
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
SVG Scalable Vector Graphics image
Size
2.6 kB (2581 bytes)
Hash
d4318cd31955a9f24519f473044664f9
66d56228a5dcbbd6ac852f6acf03d3e3fb2f2a31
e3c54c4a9cbf08d90e8c147b6dd3c4cd28971bc87aa9adfd6d77bee9f9d7cea5

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static/rsrc.php/yu/r/Ddk-AuWE7VS.svg HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:17 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Vary: Accept-Encoding
Content-Type: image/svg+xml
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: 1DGM0xlVqfJFGfRzBEZk+Q==
Expires: Fri, 11 Apr 2025 10:24:59 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: tQnEHKMQVOTWnSdPRFfGGkJUPIGQ4jSciFlhFpefpjS65H1/izLzX46LlQq+EZDg0n9UJ8G+nmJBNWzbjpDHNQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=14, rtx=5, c=112, mss=1380, tbw=1105028, tp=-1, tpl=-1, uplat=1, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 2581
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

agent.joinf.cn/static/rsrc.php/v3/ye/r/EPaK4bH114Z.png

47.91.149.178

200 OK

7.2 kB

URL GET HTTP/1.1
agent.joinf.cn/static/rsrc.php/v3/ye/r/EPaK4bH114Z.png
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
PNG image data, 189 x 177, 8-bit colormap, non-interlaced
Size
7.2 kB (7229 bytes)
Hash
530d5e23a6eac9fa58d4ea5c022cce86
16c4f5b765ac45170b2716d119817b9d32e8f623
ab14d8e643f2db15305edcf319e978de1f30620838f7b51d299040182555c11b

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static/rsrc.php/v3/ye/r/EPaK4bH114Z.png HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:17 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: image/png
Access-Control-Allow-Origin: *
Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: Uw1eI6bqyfpY1OpcAizOhg==
Expires: Sat, 12 Apr 2025 19:36:30 GMT
Cache-Control: public,max-age=31536000,immutable
reporting-endpoints: permissions_policy="https://www.xx.facebook.com/ajax/browser_error_reports/"
timing-allow-origin: *
document-policy: force-load-at-top
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
cross-origin-resource-policy: cross-origin
X-Content-Type-Options: nosniff
report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.xx.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
X-FB-Debug: dDXOlWVB83OJc3SmmtxaqHbdw+ApwvHX3/8UZG5TOGJ2Vqv5D1rmzQyA+ZzOQiRtk3YzKWzWP+hUiihNbx4KtA==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=9, rtx=5, c=112, mss=1380, tbw=1109345, tp=-1, tpl=-1, uplat=0, ullat=-1
Alt-Svc: h3=":443"; ma=86400
Content-Length: 7229
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive

47.91.149.178/ajax/bulk-route-definitions/

47.91.149.178

200 OK

261 B

URL POST HTTP/1.1
47.91.149.178/ajax/bulk-route-definitions/
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
19530ce9b9f2aea3162fb66ca9dd5c70
5cab007add15f34b1bb747e2ae31c34851028c36
25e5b2a2536cfa81fe694cd8abcef669199ad2ecb0394d42bd439a8797447207

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/bulk-route-definitions/ HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-FB-LSD: AVqKAHKGgBQ
X-ASBD-ID: 129477
Content-Length: 442
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:18 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: 6ZoGueizSgAEQCYZsDcrnWbIfYfjxohR87v/hu+k3OdWGxSANby/Ehv9DKrYS9rTPGe/qIxh6AFZKc9gT8m7Uw==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=5, c=74, mss=1380, tbw=445722, tp=-1, tpl=-1, uplat=140, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

47.91.149.178/ajax/bulk-route-definitions/

47.91.149.178

200 OK

261 B

URL POST HTTP/1.1
47.91.149.178/ajax/bulk-route-definitions/
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
d276a69754e39c0da03e3b9d159c79e1
83e265a2f1dbace73afafa25407aa4be67fe8542
00e84c216a300bdc9b60f41499a0ba71fe94c6b3f24d1e5b7e7e67fee42d6bf4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/bulk-route-definitions/ HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-FB-LSD: AVqKAHKGgBQ
X-ASBD-ID: 129477
Content-Length: 458
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:18 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: k4W57xr6RWv//dQS1Cd5PPe+eMXyBWqeElK7GMqJXtAGeJguvfxlAbDzIR4EVHjESW/c+Iyw6jlL6XtAbe2OJA==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=6, c=58, mss=1380, tbw=1039703, tp=-1, tpl=-1, uplat=141, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked

47.91.149.178/ajax/bulk-route-definitions/

47.91.149.178

200 OK

261 B

URL POST HTTP/1.1
47.91.149.178/ajax/bulk-route-definitions/
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
eea7dd3104dbacf30d93433d97c78733
c7606445e4a6fc54cb441bd761d611400312880d
368375adf4b1d8e00b660af606694a020e4b67bc73444f7ddad50d263f54a227

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/bulk-route-definitions/ HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-FB-LSD: AVqKAHKGgBQ
X-ASBD-ID: 129477
Content-Length: 442
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:21 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: qk3+9bQSJuLQDAPMNTkTEOGOkNDK7y96okVx6T88fSl8kZvHZIx6nJDWtAOh7ov/zrr0QBtcdjtWPUxIGTdEuQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1380, tbw=3223, tp=-1, tpl=-1, uplat=138, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked

47.91.149.178/ajax/bulk-route-definitions/

47.91.149.178

200 OK

261 B

URL POST HTTP/1.1
47.91.149.178/ajax/bulk-route-definitions/
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
dfd641c90c1e1ef79d0d801c983f8c98
d7fe4f20ee05190b2b819ab51c51d1d48387873a
f1f2887a4a2d304d458348aeb09abbf8238b1441dae6be464866d29c51d1dc34

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/bulk-route-definitions/ HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-FB-LSD: AVqKAHKGgBQ
X-ASBD-ID: 129477
Content-Length: 458
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:21 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: nLSUensMvw2PrALwQjwvGylwwpXh8geaOZOfnSS01kjVKD6H46HW1/AD5mIyoUjx75ayUIKi9kn5RBwZBcyw9A==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1380, tbw=3222, tp=-1, tpl=-1, uplat=140, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked

47.91.149.178/ajax/bulk-route-definitions/

47.91.149.178

200 OK

261 B

URL POST HTTP/1.1
47.91.149.178/ajax/bulk-route-definitions/
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
84f60166e92f302a7263c3fc1463f3ed
a61d681404280f7730d5a843908dc950f7c5e25f
eae03743579c99ec2308b61addb7b21150c99382bb57cf30a1b3d2f513528999

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/bulk-route-definitions/ HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-FB-LSD: AVqKAHKGgBQ
X-ASBD-ID: 129477
Content-Length: 442
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:25 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: 3b/rAsNhQ8mYOc1DLAlg2wAJcEAkzb+hm+g6ydZUQ54kHsG31Z4O7zkHfDmERxNL46Za0gAiUW7cFbr1/RpmZQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1380, tbw=5133, tp=-1, tpl=-1, uplat=144, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked

47.91.149.178/ajax/bulk-route-definitions/

47.91.149.178

200 OK

261 B

URL POST HTTP/1.1
47.91.149.178/ajax/bulk-route-definitions/
IP
47.91.149.178:80
ASN
#45102 Alibaba US Technology Co., Ltd.

Requested by
http://47.91.149.178/privacy/policy

File type
ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
23361c6258114025e2c25776093261dd
cf081118da328e7fa757b884daada17eacde8548
563d153acb50872c43694a19722656e377f4c2d3f2a85cccad90210980555e7c

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /ajax/bulk-route-definitions/ HTTP/1.1
Host: 47.91.149.178
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
X-FB-LSD: AVqKAHKGgBQ
X-ASBD-ID: 129477
Content-Length: 458
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/privacy/policy
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 06:07:25 GMT
Server: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fips
Content-Type: application/x-javascript; charset=utf-8
cross-origin-resource-policy: cross-origin
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: private, no-cache, no-store, must-revalidate
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/comet_error_reports/?device_level=unknown"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/comet_error_reports\/?device_level=unknown"}]}
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
Vary: Sec-Fetch-Site,Sec-Fetch-Mode,Accept-Encoding
Strict-Transport-Security: max-age=15552000; preload
X-FB-Debug: ZquryJFgBFOAD9iujnruuhqrIMD1KPHsChaXYnftQ+aN1uJoQHINjA3DeBOAtfOp8qtZNJlKjtQixzTY0zAREQ==
X-FB-Connection-Quality: EXCELLENT; q=0.9, rtt=2, rtx=0, c=10, mss=1380, tbw=5132, tp=-1, tpl=-1, uplat=139, ullat=0
Alt-Svc: h3=":443"; ma=86400
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked

agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3l4L3IvRnMyWkp1VGRVcEguanM/X25jX3g9SWozV3A4bGc1S3o=

0.0.0.0

0 B

URL GET
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3l4L3IvRnMyWkp1VGRVcEguanM/X25jX3g9SWozV3A4bGc1S3o=
IP
0.0.0.0:0
ASN
#0

Requested by
http://47.91.149.178/privacy/policy

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3l4L3IvRnMyWkp1VGRVcEguanM/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1
Host: agent.joinf.cn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://47.91.149.178
DNT: 1
Connection: keep-alive
Referer: http://47.91.149.178/
Pragma: no-cache
Cache-Control: no-cache

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (11)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML