Report - recoverysetts.com/

Report Overview

Submitted URL
recoverysetts.com/
IP
172.67.190.78
ASN
#13335 CLOUDFLARENET
Submitted
2023-06-06 00:19:01
Access
public
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
34

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
facebook.recoverysetts.com	unknown	2023-06-02	2023-06-03	2023-06-03	11 kB	1.7 MB	104.21.84.85
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-06-05	1.3 kB	2.8 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-06-05	2.2 kB	108 kB	216.58.207.227
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-06-05	1.0 kB	32 kB	142.250.74.106
recoverysetts.com	unknown	2023-06-02	2023-06-02	2023-06-05	476 B	30 kB	104.21.84.85

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-05	medium	recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/
2023-06-03	medium	facebook.recoverysetts.com/

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (21)

	URL	Size	First Seen	Last Seen
	facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.4	1.4 kB	2023-03-07	2024-04-23
Pretty URL facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.4 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:40 Last Seen2024-04-23 13:49:38 Times Seen1377 Hash 82b34a0f20682b94458a89521a92c7ca cd97bdd72c8f7ca65a37ea7d78ff71580633169a c05ee8fac93fde19412046a913b9aecd86210aba6b72cff7c94e01170dd11e3b Loading...

	facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=6.2.2	6.8 kB	2023-03-07	2024-04-24
Pretty URL facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=6.2.2 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:04 Last Seen2024-04-24 18:46:15 Times Seen894 Hash fe613818cd7f3c64b3ec76afe137910f 18d1d3234b216d233bd27b20cbb4d4800ca0d3d9 7b3a7e4265228a39bea0d22ac1aedb86219a7b521a831827f7f4579ca5ae4156 Loading...

	facebook.recoverysetts.com/wp-content/themes/Divi/js/custom.unified.js?ver=4.6.4	485 kB	2023-06-05	2023-11-05
Pretty URL facebook.recoverysetts.com/wp-content/themes/Divi/js/custom.unified.js?ver=4.6.4 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-06-05 05:34:48 Last Seen2023-11-05 21:05:10 Times Seen6 Hash 7ae2fe77021cd1506ca83a539abdaf13 0278af14f0b2b7157365e74281b0bed8d0f9a601 7b71ec4a7f5c569f49f460744f16be15ebfaffbbe2e8afab3a10c8db7b773593 Loading...

	facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0	18 kB	2023-04-05	2024-04-25
Pretty URL facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 02:48:12 Last Seen2024-04-25 04:27:26 Times Seen31374 Hash e495a4709e3eae31c67f8263f25d2d39 d43ba6a092e4823a71f3bff75d5ed279a481636b 1c1fef6e6b4f9832603850b9b6562e74d9a6a3700ba836efe88facc577121e8b Loading...

	facebook.recoverysetts.com/	47 B	2023-03-07	2024-04-25
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:48 Last Seen2024-04-25 11:09:18 Times Seen6632 Hash 2f518cfc8223c53c44094f57eacc972f a919f586352875054a0a7f438c3e3d33cb5768b3 1d89df5c4aeb93c45e67d479e74ca02e5a104d7e421e4f2415e4a204c9816b0b Loading...

	facebook.recoverysetts.com/	366 B	2023-06-05	2023-06-06
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 05:34:47 Last Seen2023-06-06 02:19:02 Times Seen2 Hash 1508fded9fc817d13e30b5dc817a50ed a1d59200ec7acd53c71b4baaed54af0c397cc74f dea95737229adf00ab62e0c82a9a9ed319d116af6c35be29432d2248a2cf5804 Loading...

	facebook.recoverysetts.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5	4.9 kB	2023-03-07	2024-04-24
Pretty URL facebook.recoverysetts.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-24 18:24:18 Times Seen24388 Hash b33ab4d5dcf02436276a717e9d1b7c18 f47b9a9c41b3b11c9dffabca22945727c3ec6566 9bd82960d99b3a76f4af77a88a346bd61f87bac5ff2f385ee28cd669d8f22134 Loading...

	facebook.recoverysetts.com/	2.2 kB	2023-06-05	2023-06-06
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 05:34:47 Last Seen2023-06-06 02:19:02 Times Seen2 Hash 9190a5c95b0999f4afafc713ff3e3be1 45419667d85c0d0b839ca6d1ab86892cf5dba5d4 fe9d46b063950dc4a0d23fb56e6747ca8728eaddb02986ce22b5c1ff834b7678 Loading...

	facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2	8.2 kB	2023-03-13	2024-04-25
Pretty URL facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:32:06 Last Seen2024-04-25 13:12:27 Times Seen50826 Hash dda652db133fddb9b80a05c6d1b5c540 60c8514c57a5db2980c4b046b0dd479bd427357b c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4 Loading...

	facebook.recoverysetts.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae	10 kB	2023-03-08	2024-04-24
Pretty URL facebook.recoverysetts.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:32 Last Seen2024-04-24 16:05:58 Times Seen25613 Hash 8cd696505481e74ffee89b4995f37379 ee9aad199ef2bc60a3460f4c52f37d22907b2ec9 01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874 Loading...

	facebook.recoverysetts.com/	131 B	2023-06-05	2023-06-06
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-05 05:34:47 Last Seen2023-06-06 02:19:02 Times Seen2 Hash 911f9be1fbc38a0658e03da8665259df 9544f919e49fca91f4fea68bbd96e0564f54a2f8 6e882c592a507e2ce41633fc3b7b9dc030f43cfd932acb755816ab9f76a58d34 Loading...

	facebook.recoverysetts.com/	1.8 kB	2023-06-06	2023-06-06
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-06 02:19:02 Last Seen2023-06-06 02:19:02 Times Seen1 Hash 36437b040dddd585d599129db0dc17e0 aace1f53e5ec9ca6db7646f703969997b8c7add2 67772135432c84e19428168191f931159474a0a68c1442ea95bb43e73c411f81 Loading...

	facebook.recoverysetts.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0	13 kB	2023-03-07	2024-04-25
Pretty URL facebook.recoverysetts.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:08:52 Last Seen2024-04-25 08:42:46 Times Seen76202 Hash 5cfa2b481de6e87c2190a0e3538515d8 0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3 Loading...

	facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=6.2.2	1.7 kB	2023-03-07	2024-04-24
Pretty URL facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=6.2.2 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:07:04 Last Seen2024-04-24 18:46:14 Times Seen915 Hash 92dc42790a6d4f5f3b673548025baa03 dad0f904f6e712b00004203c93e1c421491cf21b 6c1510ef35e8322bf3c09c53aa955cd3b0a9e5ac65d15dd518c84ffc4b511c9f Loading...

	unknown	36 B	2023-04-11	2024-04-23
Pretty Introduced by eventHandler Embedded in HTML false Observations First Seen2023-04-11 15:41:00 Last Seen2024-04-23 13:49:37 Times Seen1346 Hash 7bc7c374f288c77ef1ffffbab60a9d9d 5ce41f8f066cfe0a8988d92a1f4c1cb8f7667816 ad66e30024a2ef2ce08471f92c7b87dc63a24ecad7d53e4d7349307e780cb115 Loading...

	facebook.recoverysetts.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11	6.6 kB	2023-03-14	2024-04-24
Pretty URL facebook.recoverysetts.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-14 07:30:15 Last Seen2024-04-24 19:12:41 Times Seen37722 Hash 9a4f28a615173df36cb84be2b345816e f709263841708d9e40268f24a0072ff4fe811b35 6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6 Loading...

	facebook.recoverysetts.com/wp-content/plugins/divi-contact-form-helper/assets/public/js/app.min.js?ver=1.5.2	15 kB	2023-05-03	2024-01-09
Pretty URL facebook.recoverysetts.com/wp-content/plugins/divi-contact-form-helper/assets/public/js/app.min.js?ver=1.5.2 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-03 15:37:31 Last Seen2024-01-09 09:24:35 Times Seen22 Hash 1bceba370a79283f8105aa33e0f4196d b5f61a4fa90b791b2ecfee47d6aa36a16a63caf1 32ef80ec9ea0d765cc46fdec0686021591c3af87270b7ed1079fdc95319fc512 Loading...

	facebook.recoverysetts.com/	68 B	2023-03-07	2024-04-25
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-25 13:12:27 Times Seen22473 Hash d30f13da1f424ee0383b76edc55881e1 7e348a5f57ab13eedbc4ed917cdeee5bb9f9bd46 cf01a621447e67a81629bc28276677c86c48fd72c44cba83a82448574aadfd60 Loading...

	facebook.recoverysetts.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4	90 kB	2023-03-29	2024-04-25
Pretty URL facebook.recoverysetts.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4 IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-29 22:52:25 Last Seen2024-04-25 12:55:18 Times Seen102874 Hash 0e850a69bc7fd0acc2e92ce6eee87959 8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a Loading...

	facebook.recoverysetts.com/	1.7 kB	2023-06-06	2023-06-06
Pretty URL facebook.recoverysetts.com/ IP 104.21.84.85 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-06-06 02:19:02 Last Seen2023-06-06 02:19:02 Times Seen1 Hash 4e9be536c832f89ee0ffe1f63967f8f0 b00ff802f60d7e666fd44dfca0bcc69bacfdcfc6 f02c29e8e5756285f854814470a34a3ab9e028dd4f2a7f668dd38aba5a60c00d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 04207c24a63069dd1328d4e415fa70aa	8.5 kB	2023-03-07	2024-04-23
Pretty Observations First Seen2023-03-07 01:02:48 Last Seen2024-04-23 13:49:38 Times Seen1076 Hash 04207c24a63069dd1328d4e415fa70aa 807d20a9492e8dda4ae9ea2129aa5e56c761d5a8 bffafb30adf0c09bfbf909eaa779391296499123dc3d90e429056ec896b2ebb9 Loading...

HTTP Transactions (33)

URL IP Response Size

facebook.recoverysetts.com/wp-content/uploads/2023/06/logo-1-1280x451.jpg

104.21.84.85

200 OK

32 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/uploads/2023/06/logo-1-1280x451.jpg
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 82", baseline, precision 8, 1280x451, components 3\012- data
Size
32 kB (31644 bytes)
Hash
8c18ea4eaadda297c5f5f54624e8b37e
4363f5be3fa9bc05eba70c017ffd2671c46da2ac
491462e2315a0d96f3d941d585811dde7251e4a70f19b0d74ce149b14008e081

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/uploads/2023/06/logo-1-1280x451.jpg HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: image/jpeg
content-length: 31644
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 19:26:38 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y5A6nzK8p%2BhMEdewiCYp6W9QYHqMHpc5zuflrCVR8K8gSAOTpai0zFszBOLBzbfLiGBzqcuMWdgbGvCQY5WSbbI7tSckzxi4UFEbjbTGI68n2l7igCV6PnYY2YZi0%2FeoN6wOkcKxxwhPJGkixA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2c7ada692b067b-OSL
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=6.2.2

104.21.84.85

200 OK

1.2 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=6.2.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text
Size
1.2 kB (1176 bytes)
Hash
92dc42790a6d4f5f3b673548025baa03
dad0f904f6e712b00004203c93e1c421491cf21b
6c1510ef35e8322bf3c09c53aa955cd3b0a9e5ac65d15dd518c84ffc4b511c9f

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/themes/Divi/core/admin/js/recaptcha.js?ver=6.2.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 17:41:29 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RQXub%2FdYSoiRWpD%2F6BaLNLmyQevFNzd5bhENkMPuE%2Bn6HD7A%2BUdMGGtY9ZbWyAL3mL5F8gznKJ0KFF%2FftxvzL%2F5EtHwgTIZGpQmwaE2EQ5yVdbHmM%2FeAzYzCl5VoMTA3hJcN6iqScnokNa6cmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada5926067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-content/et-cache/56/et-core-unified-56-16857343249536.min.css

104.21.84.85

200 OK

1.5 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/et-cache/56/et-core-unified-56-16857343249536.min.css
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (5859), with no line terminators
Size
1.5 kB (1497 bytes)
Hash
7da7a9b8b869c2ec12572b00a26262b1
5dccb9c8a9560db01c39391f0f5ae0870fce0a79
96fd5e85d90c1f2b4468bb3041d902c3af3e7ddef631032664f104de161cc297

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/et-cache/56/et-core-unified-56-16857343249536.min.css HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 19:32:05 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H4%2BxSgsFddOYiE4UuxgmT0pWwd0oE4l2t7ZHW1kpnNLjMpcAns0WpMhoM0wZQJ1JxNZjpK5fo1Q5Oi9e%2FqbH3jJq1shS2AMDX744P%2FsneqvB7NZWYg9ioxCysoywk3TuI0oV%2F0%2BAOhdLIqTieA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada5927067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Jun 2023 00:18:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

facebook.recoverysetts.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2

104.21.84.85

200 OK

30 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/css/dist/block-library/style.min.css?ver=6.2.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (48325)
Size
30 kB (30364 bytes)
Hash
47cdb0e81ea341ad27a1a0b0ba6b02d8
6195a67b0b7f7919f07309e2c8ce71f3d4729d03
aca566587618e75fa291a419c7c430be02e03fc72f6105658c1bc8e7d59a65e4

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.2.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 10 Mar 2023 00:22:37 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Izi3CaraqouqcOHJYfSMcZVtizDiVihhqnAib64vgTQtO6KKTzQjkOYSnY%2BExsAMJr1mAg44kzUkq2%2BShqssx1bIquSB%2FJkTfn%2F2LGxXF7l03xBSUXVZOCyxU3QTyD2SXuMV5RJf%2FdsHk6qObg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada491c067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Jun 2023 00:18:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Jun 2023 00:18:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

facebook.recoverysetts.com/wp-content/plugins/divi-contact-form-helper/assets/public/js/app.min.js?ver=1.5.2

104.21.84.85

200 OK

53 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/plugins/divi-contact-form-helper/assets/public/js/app.min.js?ver=1.5.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (15257), with CRLF line terminators
Size
53 kB (53321 bytes)
Hash
1bceba370a79283f8105aa33e0f4196d
b5f61a4fa90b791b2ecfee47d6aa36a16a63caf1
32ef80ec9ea0d765cc46fdec0686021591c3af87270b7ed1079fdc95319fc512

HTTP Headers

GET /wp-content/plugins/divi-contact-form-helper/assets/public/js/app.min.js?ver=1.5.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 18:02:29 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z9i5RqW%2ByEcBDSeA42XzRz8OW%2FJO0GmStSkLs8rAdNiI%2BpxH%2ByG1Sgi0dH2NKMaZakt1o3QmUK%2BupsfCe4yZNN7DO63doIEc82iwLnAdcl%2B0tonLynH1Ml8%2F%2FldmI15Il1ZoRfZSpC%2BhfLsSIw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada6932067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2

104.21.84.85

200 OK

6.9 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (8171), with no line terminators
Size
6.9 kB (6945 bytes)
Hash
dda652db133fddb9b80a05c6d1b5c540
60c8514c57a5db2980c4b046b0dd479bd427357b
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrnGP1PcSGIDIktNbMhSH%2BpdLljERnmR1N8MJGCXJLudPfrGeRSgPtxKE91RJCItNrEGiLcxwRwSMSfqUsFCEYkMYN27O7f1BvCEFEn3XN3CTdPwYmpNkCIZ%2Bgz41FVVx1F4cB9YIY0LtE81DA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada692d067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

216.58.207.227

200 OK

35 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 35184, version 1.0\012- data
Size
35 kB (35184 bytes)
Hash
e06bc2c4268be1352a361c19bb4d01f1
f928d453b71dc16ae59b73696905b8344cc8ffe9
b153ed5268005996e0bf3f4aa64b436e0f1721c44122101441f683ca5f7763a6

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://facebook.recoverysetts.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35184
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 04:04:45 GMT
expires: Fri, 31 May 2024 04:04:45 GMT
cache-control: public, max-age=31536000
age: 418440
last-modified: Tue, 02 May 2023 15:11:25 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/abeezee/v22/esDR31xSG-6AGleN2tWkkA.woff2

216.58.207.227

200 OK

17 kB

URL GET HTTP/2
fonts.gstatic.com/s/abeezee/v22/esDR31xSG-6AGleN2tWkkA.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 17072, version 1.0\012- data
Size
17 kB (17072 bytes)
Hash
45462752342c1004d9c92488ebcb5e0b
3abfc280cfddd6bc1962e7e2d582af70e799f35e
e9b78ce1cbff9e258afa3a91f5b9a0fe64ce792691eda7f66b9eaad19e468e83

HTTP Headers

GET /s/abeezee/v22/esDR31xSG-6AGleN2tWkkA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://facebook.recoverysetts.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17072
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 03 Jun 2023 09:52:34 GMT
expires: Sun, 02 Jun 2024 09:52:34 GMT
cache-control: public, max-age=31536000
age: 224771
last-modified: Tue, 19 Apr 2022 18:27:20 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e7e560a1588ea25ad25242200936b149
946009b90527a122f590495540ca0d02f29945ec
cc56fa95fb4433116e1625385459b3dbab6ee45fd47a0c51789d9e50dc4e01e6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 06 Jun 2023 00:18:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

facebook.recoverysetts.com/wp-content/themes/Divi/style.css?ver=4.6.4

104.21.84.85

200 OK

794 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/themes/Divi/style.css?ver=4.6.4
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (64513)
Size
794 kB (794142 bytes)
Hash
0fe07920e662a53e112afc1be5f71674
57492329ca29b73f1c34d93ee7d856ec03644dd8
543eeb14d93cc8c33124add8005f4c3ae8b1e5d08613ba6bc70789299a11c7a1

HTTP Headers

GET /wp-content/themes/Divi/style.css?ver=4.6.4 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 17:41:55 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e74UKF0ZjUt9kjBIswHZD5Z4irGsowESWR1QPbCOw2ADrD9%2BuZS9vrnxZQwC6eqKzWHSQ%2FjPYWN5Kn0a1bNAfL9olBRIoxX0Dbd2QoMcBrP1Wo7%2Fdovjvn21boYgvUnyjgSX6IWlS00wLDYAlg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada4920067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

216.58.207.227

200 OK

48 kB

URL GET HTTP/2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Size
48 kB (48412 bytes)
Hash
31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5

HTTP Headers

GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://facebook.recoverysetts.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Jun 2023 11:49:35 GMT
expires: Fri, 31 May 2024 11:49:35 GMT
cache-control: public, max-age=31536000
age: 390550
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

facebook.recoverysetts.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4

104.21.84.85

200 OK

90 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.4
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (65447)
Size
90 kB (89815 bytes)
Hash
0e850a69bc7fd0acc2e92ce6eee87959
8be6d9e7f7a61ccf0b8eac8a8144d770b608a19c
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a

HTTP Headers

GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.4 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Wed, 08 Mar 2023 18:37:33 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bh5J2boQ5QU4TLZwBWy%2BhIEQezhp92QvhHbRLeQDtcARro74Bi%2Bxf%2FvyOS2Ks0cgfF9NGl9Zxax6v0qn%2FpJhQgEZmCH%2BKX1eaOcFvKHTe3tpDZ2Fo9A6IICSEYZNoEcqOn3EjC5UpqVgTvpvsw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada5923067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0

104.21.84.85

200 OK

13 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (13326)
Size
13 kB (13424 bytes)
Hash
5cfa2b481de6e87c2190a0e3538515d8
0fccf3c8ab2c10b4dcc7970e64ce997ab1622f68
9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.0 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Mon, 06 Feb 2023 20:59:15 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y4G5qBjA5uKvwLIaLQZ9QdJl%2BZzyehtCi1VqkGFK61chNq1u3up220vrw1Wvgutk7%2FMj%2BxEzh6NOk8EBbBBd0ck8wXpNbWE2v99Koj0cC%2B3Q2qWxvQHXbea1S9qMBDNQsLpdNy8MJ1%2BMrCI9sQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada5924067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0

104.21.84.85

200 OK

18 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type

Size
18 kB (17823 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Tue, 20 Sep 2022 15:43:29 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WAfH7JbWKEYPiIBRhU3Fb5v1HIhrx9CMrCcRDzTGIpU5lAhOGKGvxSXgQ2QTGCHp0jl50V%2B%2BWNDeMZu3l%2FRcd0yfLHq4%2FvNavHskaF3sU6rf3%2Bsvvd9PhzeqR%2FbSkOrlEFia%2B6xlJEsbdECNpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada692c067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/css/dashicons.min.css?ver=6.2.2

104.21.84.85

200 OK

59 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/css/dashicons.min.css?ver=6.2.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (58981)
Size
59 kB (59016 bytes)
Hash
d68d6bf519169d86e155bad0bed833f8
27ba9c67d0e775fc4e6dd62011daf4c3902698fc
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-includes/css/dashicons.min.css?ver=6.2.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Wed, 03 Mar 2021 21:16:22 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CF4x%2BZCTGDcwanZ07Mb8xtilvtM8q0pbYxNENFck1XChnijheqVQBZ%2BMVbvH9YfC9Ci2wNMWvOM9I0pavUwkCxaPv%2FmH7II8nvxgB5bhVUVr20CSuU4lj96gPqFhdBEbSJtkBxCeoexL1Fz%2B8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada5922067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/abeezee/v22/esDR31xSG-6AGleN2tukkIcH.woff2

216.58.207.227

200 OK

4.4 kB

URL GET HTTP/2
fonts.gstatic.com/s/abeezee/v22/esDR31xSG-6AGleN2tukkIcH.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintC8:5A:9A:D9:6A:F5:00:15:5B:5D:99:FE:FE:CA:1D:7C:19:4D:F8:D5
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
Web Open Font Format (Version 2), TrueType, length 4444, version 1.0\012- data
Size
4.4 kB (4444 bytes)
Hash
d0e33d88a75c9631e1a9a4c77e015d61
aeb41de3f7e848a34068cd0a83d14d175ba32107
6790535a3152159eca3d516054282bcce9dea02d61360a1b3cf1b5b85ff8cb74

HTTP Headers

GET /s/abeezee/v22/esDR31xSG-6AGleN2tukkIcH.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://facebook.recoverysetts.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 4444
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 May 2023 00:37:43 GMT
expires: Thu, 30 May 2024 00:37:43 GMT
cache-control: public, max-age=31536000
age: 517262
last-modified: Tue, 19 Apr 2022 18:36:14 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.4

104.21.84.85

200 OK

1.4 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.4
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (1521), with no line terminators
Size
1.4 kB (1360 bytes)
Hash
860668950507584533d1be1dc85aad1d
c3dec21a94908b82e7265745e88cab783445c350
81c7deddbd094fe423506eb99a8735b42c2f19b58974fbe0835c2f64ce01fec5

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/themes/Divi/core/admin/js/common.js?ver=4.6.4 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 17:41:29 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iol9V9H%2BFf5grouT%2F7OkhUs%2F5%2Fh9Zfq3dF4VboATg42wHoPbRwNActyCyrHptnj2byws3BMuUTdEHjte2XyO0rALDGCRDksilRXIcEmj%2F6E4UmQUq29%2F1h2ff9rZi9YpA4aYZaajZFn4TR23nw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada6935067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/css/classic-themes.min.css?ver=6.2.2

104.21.84.85

200 OK

291 B

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/css/classic-themes.min.css?ver=6.2.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with no line terminators
Size
291 B (291 bytes)
Hash
2485a0fab337da61deb41cc4aa994c1b
af1a1d4c6b7c287dc881dd4f46b6b547ac5a5353
7e0bdafc01d81aed845a69d0a32120145155f75aca4c603d8952de7ecc5c6410

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=6.2.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Mon, 13 Feb 2023 20:50:19 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1oNb2BqYGArdICtEHSBX0QhK0k%2Br4j%2BtvCqNNpB02FjczgLvSGim34cBFP52WjLjcTMuyoP2OzqabA2UCEvx0Doafc70mTcOTbmsfgFGK667hHau%2Fx7y9u70HEO7WnostSaM1aUdCugOSMWA9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada491d067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap

142.250.74.106

200 OK

29 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text
Size
29 kB (29395 bytes)
Hash
9d77f1845ee51b118b031c8a5ae8a328
e19f82399b2295217e16d485cda807de5813965f
61eeaf3752ec4a775d833ab1ffe79787a750f59cb9c2933aad9cc276a36eb5fb

HTTP Headers

GET /css?family=Open+Sans:300italic,400italic,600italic,700italic,800italic,400,300,600,700,800&subset=latin,latin-ext&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Jun 2023 00:18:45 GMT
date: Tue, 06 Jun 2023 00:18:45 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

facebook.recoverysetts.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11

104.21.84.85

200 OK

6.6 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (6777), with no line terminators
Size
6.6 kB (6607 bytes)
Hash
4b5583c1e3d9c4f85089eebae5b0ea63
8f1a4ba1dabf9fb35cfc2a2ebd08b93a91c0923b
4c4ee791f1baebfe9e127c3341a2eda8e6e8a5debf27d91fae8c04cd2adb1527

HTTP Headers

GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.11 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ApADEOP4MbHICEyFm%2FBK7F1nBTs2EbTE4lDUu2ci6x7heEgLWSN96znnZYczLdoolenonTFneCp2Ck7uwUVozHrfoG3ZcIoTaUsNguQ%2BYxAsuT70jgkR5hnQGqUKKaz1EZy2sWZS7YL1cnAhcA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada692e067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-content/uploads/2023/06/txt.png

104.21.84.85

200 OK

18 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/uploads/2023/06/txt.png
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
PNG image data, 983 x 150, 8-bit/color RGBA, non-interlaced\012- data
Size
18 kB (17518 bytes)
Hash
3e3e9bacd5dac225f86c45af6b426a5d
804962332bda4a21117ba17463b3d782ebe1e12c
082f1bfa58998ba56a0a827d4ad10dfba5d6c72be08b9d1857a2ba68deb29017

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/uploads/2023/06/txt.png HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: image/png
content-length: 17518
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:29 GMT
last-modified: Fri, 02 Jun 2023 19:30:45 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74655
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r%2B7KHz9jwx3Lm6m43192c1sxfRL4KIlTZUPs30f5A3p9561%2FY5rYvGIYb4EvYzzkaEH1J%2FlqYZWJ0DGhumxt%2Bsx1K%2FYZiRM%2BzCRx1wSxo%2BcYpxfv1tufogibRqyl2Benw%2Bmff5giVMrzbPwzag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2c7adc69b6067b-OSL
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-content/themes/Divi/js/custom.unified.js?ver=4.6.4

104.21.84.85

200 OK

485 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/themes/Divi/js/custom.unified.js?ver=4.6.4
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type

Size
485 kB (485411 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/themes/Divi/js/custom.unified.js?ver=4.6.4 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 17:41:51 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HFzjDftD6KS89rrcro6k1zux6V6f9gpxgIDrfZRq4xII6MD00Vg7AgQ%2Fng3k2KNoT6um7Sl6zlBiGDNz5xTytzUcYgTNkp9BgigSyap1B7mNtXOIas8p%2FwCDijAitjuoSTH9%2Bzbwgw3pyiz0iA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada6930067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5

104.21.84.85

200 OK

4.9 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (4987), with no line terminators
Size
4.9 kB (4910 bytes)
Hash
e444768b3714d28b26a18c3bec1bc79e
d5fdbb62fa29e5e683a025c1ad9defb6ed8825cb
f84cea9ee397e7d7c6a05e5a2700470a37b5e08cae8a16977f46a7f9a7192e51

HTTP Headers

GET /wp-includes/js/dist/hooks.min.js?ver=4169d3cf8e8d95a3d6d5 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Mon, 11 Apr 2022 12:04:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROSJuRzKzQQw8aJ1n7WCNtd1qSPPdwPemo%2Bjd%2Fu6FLnUfUoZQh4GEdzEytaYv%2FACAPaLFji9v%2BqoSIWVyLmjGJ4MlLKCkj25z2vJDNF49HSE4YgrWKOZdrOkRHnTHyKzXrFeoy7l4aijKmboRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada6933067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae

104.21.84.85

200 OK

10 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
data
Size
10 kB (10230 bytes)
Hash
8cd696505481e74ffee89b4995f37379
ee9aad199ef2bc60a3460f4c52f37d22907b2ec9
01c3955df67a9b9d1367957e2c187729eae46b72e92c2b52bdb217b14a8fc874

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-includes/js/dist/i18n.min.js?ver=9e794f35a71bb98672ae HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 23 Sep 2022 19:55:30 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2pbIJp8mxIqUqevvHk7CCQJhzayIggvXnKBLshBurgSPjj62VSKXPrtwe2tuhLZjWoqGiTpuenJd%2F%2BI7E2KIrp4b%2F1afXY%2FChbwOhYiqhkMbExYWTXeqBz7Pq7z7ZhNRuTOVXKYOMJcxrnRbNg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada6931067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.googleapis.com/css?family=ABeeZee:regular,italic&subset=latin&display=swap

142.250.74.106

200 OK

1.6 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=ABeeZee:regular,italic&subset=latin&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT

File type
ASCII text, with very long lines (1603), with no line terminators
Size
1.6 kB (1567 bytes)
Hash
116dc496a2741e59ddb41333a9d40444
ba28f14e8a153e68325921b9ecc5c34993d34499
64b427329b2d46d66914d8bea98b692ed43f423044d86b764cd181dc28c8282b

HTTP Headers

GET /css?family=ABeeZee:regular,italic&subset=latin&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 06 Jun 2023 00:18:45 GMT
date: Tue, 06 Jun 2023 00:18:45 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=6.2.2

104.21.84.85

200 OK

6.8 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=6.2.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (6902), with no line terminators
Size
6.8 kB (6817 bytes)
Hash
75398e0ada2e6191468308c357a0897d
3d3095b5ca892558fc66fcd5d742479f1bb7a03f
179bab43361c40c5922deec5f87289219733b8ea84d4beafcd40842316b65580

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/themes/Divi/core/admin/js/es6-promise.auto.min.js?ver=6.2.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: application/javascript
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 17:41:29 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNKKm%2Fn90WPmMbbyC3amVBrIAnSPhZrG9enC6ffp4hRyuPi8V9yHGE2%2BSB3WUamo2tnIqnn3DZRZaI%2B%2F9xV8W5zW%2FmutiLYDPV7sHeycLbWE6CSaL5Av%2FCNfAXDJAjnOvn8zqldX7uqL%2FC0pyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada5925067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/favicon.ico

104.21.84.85

404 Not Found

1.2 kB

URL GET HTTP/3
facebook.recoverysetts.com/favicon.ico
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1276), with no line terminators
Size
1.2 kB (1238 bytes)
Hash
24b426fea67958554911ff4c943fdfe4
b92889146d4c1bbddccabe58ca15c814ea066f72
335fd88e127ff1b19e6c5af3c801186182f064e4c6747b9a76a0b3988553716c

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 404 Not Found
date: Tue, 06 Jun 2023 00:18:46 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
x-turbo-charged-by: LiteSpeed
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iICt8rcyYCxJ94aVytOaLMSl%2FvNGM9Y%2BsDN3taP2p3%2Fs4NI92tShE9%2FzucEugwujh5oaqvxaWFCT4nTUafp3vwlEsw3PrmQcIlKZ1Fx2w6grialS%2BohmsE33UcQTRNVXhqDkL1P8j7DIAW0L4w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2c7add29ec067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

recoverysetts.com/

104.21.84.85

301 Moved Permanently

29 kB

URL User Request GET HTTP/2
recoverysetts.com/
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type

Size
29 kB (29106 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET / HTTP/1.1
Host: recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 06 Jun 2023 00:18:44 GMT
content-type: text/html; charset=UTF-8
location: https://facebook.recoverysetts.com/
x-powered-by: PHP/7.4.33
x-redirect-by: WordPress
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fK32Dd48yfaHOcqgeOKs7l0rako7i%2FnJBphWiMOFhS8SXIrnNBeIoRC9UWcW3h1t75AbATUiXiitpzTD5AqewOSYwEER9OhFnJsV%2FRtQ9gaPQhQYhbljorVfcuYA1sUF4ddeew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ad0dc800b69-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

facebook.recoverysetts.com/

104.21.84.85

200 OK

29 kB

URL User Request GET HTTP/3
facebook.recoverysetts.com/
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type

Size
29 kB (29106 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET / HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
link: <https://facebook.recoverysetts.com/wp-json/>; rel="https://api.w.org/", <https://facebook.recoverysetts.com/wp-json/wp/v2/pages/56>; rel="alternate"; type="application/json", <https://facebook.recoverysetts.com/>; rel=shortlink
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V0k6hs9nEp7aHoaltQ%2BZsV3mz4j4YETpfH5VgPq4o7uzdAhpkoa%2FbRj9Onbh%2FV8a1COhL0ZdSCwh0PgPDRi7EDb8K4E0eMdL%2BVSPALx1MGEBbt2DRx%2FhCpndHZMYy%2FjRArogCSa1wKIhjj0Rkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ad4efa5067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

facebook.recoverysetts.com/wp-content/plugins/divi-contact-form-helper/assets/public/css/app.min.css?ver=1.5.2

104.21.84.85

200 OK

6.5 kB

URL GET HTTP/3
facebook.recoverysetts.com/wp-content/plugins/divi-contact-form-helper/assets/public/css/app.min.css?ver=1.5.2
IP
104.21.84.85:443
ASN
#13335 CLOUDFLARENET

Requested by
https://facebook.recoverysetts.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectrecoverysetts.com
Fingerprint98:82:B8:B3:D3:60:7E:F8:D2:83:22:57:8B:23:AF:EB:A0:4E:2C:6B
ValidityFri, 02 Jun 2023 18:02:58 GMT - Thu, 31 Aug 2023 18:02:57 GMT

File type
ASCII text, with very long lines (6543), with no line terminators
Size
6.5 kB (6533 bytes)
Hash
61c3b0ec57b22b29f39195079ef7c424
eb049793450885bca02641c93bef09900f83da67
2ece301849d758dcdd4a019350f40aeca40fa1b3aa8c4efbb79c748de333ee6d

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /wp-content/plugins/divi-contact-form-helper/assets/public/css/app.min.css?ver=1.5.2 HTTP/1.1
Host: facebook.recoverysetts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://facebook.recoverysetts.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Tue, 06 Jun 2023 00:18:45 GMT
content-type: text/css
cache-control: public, max-age=604800
expires: Mon, 12 Jun 2023 03:34:28 GMT
last-modified: Fri, 02 Jun 2023 18:02:29 GMT
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 74656
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5t7ysk55zh%2FT%2FFn6vuy%2BzEMCkL%2BTaTXzL11qc09G3zAUWwSMQZbCLKnqp14rcvnNv9xX5HJmC5Xhq0hFUlFkZdwgAGfq%2BxfiXu%2BC6g%2B%2Fn73azLME7YDhwQJQrDugsE%2Bb6iobkjbRxA585Yq9hg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2c7ada4921067b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (21)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML