Report - facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398

Report Overview

Visited public
2024-12-18 06:12:28
Tags
Submit Tags
URL
facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
Finishing URL
facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
IP / ASN
172.65.190.172
#13335 CLOUDFLARENET
Title
thenewsclues.com this domain has already been registered. However, interested party can still solicit a request to buy it from owner.

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cf-oss.gname.net	unknown	2014-11-13	2024-10-17	2024-12-12	1.8 kB	20 kB	172.64.154.251
facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com	unknown	2023-11-23	2022-10-12	2023-05-10	1.2 kB	917 B	172.65.190.172

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-12-18 06:12:03	high	Client IP	172.65.190.172	ET PHISHING Generic Phishkit Activity (GET)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (1)

	URL	From	Size	First Seen	Last Seen
	cf-oss.gname.net/index.js?v=20240912	ScriptElement	4.0 kB	2024-09-12	2025-01-19
Pretty URL cf-oss.gname.net/index.js?v=20240912 IP 172.64.154.251 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-09-12 21:16 Last Seen2025-01-19 22:20 Times Seen246 Hash 4a210df7ac00fa08e4e20c8066899692 ad9320ef95bb2e72505d7e850969c5bdcd19bcc4 e7f4bb7897746a740547ac3fb048e9941c54db5dfd84055e51c52ba51fe28826 Loading...

HTTP Transactions (6)

URL IP Response Size

GET facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398

172.65.190.172

503 Service Temporarily Unavailable

287 B

URL User Request GET HTTP/1.1
facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
IP
172.65.190.172:80
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with no line terminators
Size
287 B (287 bytes)
Hash
32e55461d285b9051ce0b4f0a42aec1b
f50e885254b62136d4d3fb253d866826c4f3b4e1
636e5be3f0c0b3654c28c83856338ed5acbca1be97c996e4ac16377c32c3d195

Detections

NIDS	Severity	Alert
suricata	high	ET PHISHING Generic Phishkit Activity (GET)

HTTP Headers

GET /login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398 HTTP/1.1
Host: facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Temporarily Unavailable
Server: Tengine
Date: Wed, 18 Dec 2024 06:12:03 GMT
Content-Type: text/html
Content-Length: 287
Connection: keep-alive

GET cf-oss.gname.net/logo.png

172.64.154.251

200 OK

3.5 kB

URL GET HTTP/2
cf-oss.gname.net/logo.png
IP
172.64.154.251:443
ASN
#13335 CLOUDFLARENET

Requested by
http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
Certificate
IssuerGoogle Trust Services
Subjectcf-oss.gname.net
FingerprintEB:A2:44:F2:4C:5F:3B:E5:42:13:C6:A3:85:63:57:2A:76:D5:63:75
ValiditySun, 15 Dec 2024 17:17:35 GMT - Sat, 15 Mar 2025 18:17:34 GMT

File type
PNG image data, 262 x 76, 8-bit colormap, non-interlaced
Size
3.5 kB (3524 bytes)
Hash
aad9ff825f9115ee4e8cf2cdf91232c9
6a4bf5ba18c5ad0a82d9dc50e21331a8eeee0e24
2d742fc7139f91cac68cf82f3ab13f035114761da4816e23724c5a9ce2827fbd

HTTP Headers

GET /logo.png HTTP/1.1
Host: cf-oss.gname.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cf-oss.gname.net/index.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 18 Dec 2024 06:12:03 GMT
content-type: image/png
content-length: 3524
access-control-allow-origin: *
cache-control: public, max-age=2073600
etag: "e4941544be613ec19264374bdade7eed"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BVK%2B9ekOnbGvMCY3jGuOjPRJocy9cAyifC6biKjxf0rC%2F0Ejul%2Bb9vYZk5p5X8cYgVAbqN%2FzsGMIx73%2BINakgzh0usM3sOa0vMAK54yeGN2XrBRBux6yFaNDqZQ3UMIFszWL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
expires: Sat, 11 Jan 2025 06:12:03 GMT
accept-ranges: bytes
server: cloudflare
cf-ray: 8f3cffc2df8cb51d-OSL
X-Firefox-Spdy: h2

GET cf-oss.gname.net/bg-g.png

172.64.154.251

200 OK

8.1 kB

URL GET HTTP/2
cf-oss.gname.net/bg-g.png
IP
172.64.154.251:443
ASN
#13335 CLOUDFLARENET

Requested by
http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
Certificate
IssuerGoogle Trust Services
Subjectcf-oss.gname.net
FingerprintEB:A2:44:F2:4C:5F:3B:E5:42:13:C6:A3:85:63:57:2A:76:D5:63:75
ValiditySun, 15 Dec 2024 17:17:35 GMT - Sat, 15 Mar 2025 18:17:34 GMT

File type
PNG image data, 532 x 532, 4-bit colormap, non-interlaced
Size
8.1 kB (8087 bytes)
Hash
7e0fb5ec7b18c23dd233fe24c6145082
f41a859ffc1bc1fbca993bcfa5648b7c4d81768a
c798ab1113936c5c7a5c4c8ef5b06e1f63e101b335495500efa8499a37d8c157

HTTP Headers

GET /bg-g.png HTTP/1.1
Host: cf-oss.gname.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cf-oss.gname.net/index.css
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 18 Dec 2024 06:12:03 GMT
content-type: image/png
content-length: 8087
access-control-allow-origin: *
cache-control: public, max-age=2073600
etag: "88e1112d29745e13dbddeb5313d5ab15"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhqyYhbXWRMcJ6t8nroQXtV8pdbzGfZ%2BhUj7LGzdW5vEVAayUuy7eaT2DEA6cjIUsNpaUS1ffZT7Xa9Bee%2BEw1evuQFZzWZjcz70WCvFWRRZ1uX4YZKVlC6T6imcKVkaQUCW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
cf-cache-status: MISS
expires: Sat, 11 Jan 2025 06:12:03 GMT
accept-ranges: bytes
server: cloudflare
cf-ray: 8f3cffc2df8db51d-OSL
X-Firefox-Spdy: h2

GET facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/favicon.ico

172.65.190.172

503 Service Temporarily Unavailable

287 B

URL GET HTTP/1.1
facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/favicon.ico
IP
172.65.190.172:80
ASN
#13335 CLOUDFLARENET

Requested by
http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398

File type
HTML document, ASCII text, with no line terminators
Size
287 B (287 bytes)
Hash
32e55461d285b9051ce0b4f0a42aec1b
f50e885254b62136d4d3fb253d866826c4f3b4e1
636e5be3f0c0b3654c28c83856338ed5acbca1be97c996e4ac16377c32c3d195

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 503 Service Temporarily Unavailable
Server: Tengine
Date: Wed, 18 Dec 2024 06:12:03 GMT
Content-Type: image/x-icon
Content-Length: 287
Connection: keep-alive

GET cf-oss.gname.net/index.css

172.64.154.251

200 OK

1.7 kB

URL GET HTTP/2
cf-oss.gname.net/index.css
IP
172.64.154.251:443
ASN
#13335 CLOUDFLARENET

Requested by
http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
Certificate
IssuerGoogle Trust Services
Subjectcf-oss.gname.net
FingerprintEB:A2:44:F2:4C:5F:3B:E5:42:13:C6:A3:85:63:57:2A:76:D5:63:75
ValiditySun, 15 Dec 2024 17:17:35 GMT - Sat, 15 Mar 2025 18:17:34 GMT

File type
gzip compressed data, from Unix
Size
1.7 kB (1652 bytes)
Hash
02823c0b7773aaadd0f41574894af0f8
d76cec1eb7b386537be85c76aa6f0187411a3393
3090cb7ecabddb4a447894e9134c106cb26ae977accfcaa73434eb545b1c47cd

HTTP Headers

GET /index.css HTTP/1.1
Host: cf-oss.gname.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 18 Dec 2024 06:12:03 GMT
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=2073600
etag: W/"731ac10c2e13a8809c175adc735c3225"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HJrMOhd0khhYny29%2BoqWxV8RHNCmJ6RFASkYBXmJWJ5PrI7zOJj6ZB3d%2FLzdPPd8jpvvo9tZRnQyiVbXSrCb8PvLo3vXU15G8CEgkBrA1roeKfwaQY35d76AzccTFtmwE%2BV7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
expires: Sat, 11 Jan 2025 06:12:03 GMT
server: cloudflare
cf-ray: 8f3cffc1deb5b51d-OSL
X-Firefox-Spdy: h2

GET cf-oss.gname.net/index.js?v=20240912

172.64.154.251

200 OK

4.0 kB

URL GET HTTP/2
cf-oss.gname.net/index.js?v=20240912
IP
172.64.154.251:443
ASN
#13335 CLOUDFLARENET

Requested by
http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/login.php?cmd=login_submit&id=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398&session=5dca07725a44fc46cc0a4840e4ea03985dca07725a44fc46cc0a4840e4ea0398
Certificate
IssuerGoogle Trust Services
Subjectcf-oss.gname.net
FingerprintEB:A2:44:F2:4C:5F:3B:E5:42:13:C6:A3:85:63:57:2A:76:D5:63:75
ValiditySun, 15 Dec 2024 17:17:35 GMT - Sat, 15 Mar 2025 18:17:34 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3833), with no line terminators
Size
4.0 kB (4029 bytes)
Hash
62ec712e7a456068acab8a86c810f17d
99b702b5c5c31afae6ade21d03b5083b1a811a5b
e0b907996423be41915cd5a5620559d5ff0f1bbd67f5457cbbdb370110d70c3d

HTTP Headers

GET /index.js?v=20240912 HTTP/1.1
Host: cf-oss.gname.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: http://facebook-review-terms-conditions-ticket-id-2364323433.thenewsclues.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 18 Dec 2024 06:12:03 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=2073600
etag: W/"094b659dddfc6aa71de23a3d0c0b2e04"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2xw4wUSZ6Dsl2AgccQOsFG3eSBPpKwjayeZuGaoGaZ6CzaxbF9P8gw3O9QEj9zMBZ0CndzXi%2Fw7aDb%2FekPfISphzAhzTyMV%2Bv6sL0DUos5%2F6Pu0%2F189CMMGy9K56jSgi9rEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
content-encoding: gzip
cf-cache-status: MISS
expires: Sat, 11 Jan 2025 06:12:03 GMT
server: cloudflare
cf-ray: 8f3cffc1deb6b51d-OSL
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (1)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (6)

URL User Request GET HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/1.1

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers