r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4102
Expires: Tue, 06 Dec 2022 03:01:46 GMT
Date: Tue, 06 Dec 2022 01:53:24 GMT
Connection: keep-alive
ocsp.digicert.com/
200 OK 471 B IP
Hash ee088fab9b287e174cfd1f2c735a909f
25c3335b514a36ad1a24d00413d60c3d394f5161
494e96358ff12366213d7cc0f9197648c6c62ec14fa0d2c78732a683fa26b192
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1283
Cache-Control: max-age=118758
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 01:53:24 GMT
Etag: "638dc877-1d7"
Expires: Wed, 07 Dec 2022 10:52:42 GMT
Last-Modified: Mon, 05 Dec 2022 10:31:19 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6593
Expires: Tue, 06 Dec 2022 03:43:17 GMT
Date: Tue, 06 Dec 2022 01:53:24 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 06 Dec 2022 01:20:20 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1984
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: sPT9HDa1ZBoUCBR6he3jtvRfa+hXA7jykq9jvPWyWR5CiAro9FivKTkPHRH2GkJ1usM/BC0mE/s=
x-amz-request-id: KS84VF9ZAJYWMBGA
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 06 Dec 2022 01:48:44 GMT
age: 280
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 06 Dec 2022 01:53:24 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
confirmationpage243246.co.vu/
200 OK 31 kB URL HTTP/1.1 confirmationpage243246.co.vu/
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (976), with CRLF line terminators
Hash 9893ca81de309eb9ab8abae2af162bab
d7eeec221a83215f772d0ad97e968a8c66bb894f
8f98f59e4a94688413ff75eb29c70cf7562275c7aa24599bb285b612021d63e4
GET / HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
X-Powered-By: PHP/7.3.6
Set-Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Date: Tue, 06 Dec 2022 01:55:11 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/LBeK2AdVA10.css
200 OK 3.5 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/LBeK2AdVA10.css
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (2776)
Hash 5da4e35b93f63d34c524624f75c206da
82609d05f2bec37396cde376707cce24501e330f
c220f52e2c832fe3e068763e69d5821f992f231c530dace7675eb8f0253f37bc
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/LBeK2AdVA10.css HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:11 GMT
Content-Type: text/css
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 3456
Date: Tue, 06 Dec 2022 01:55:11 GMT
Server: LiteSpeed
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 06 Dec 2022 01:08:58 GMT
cache-control: public,max-age=3600
age: 2666
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
confirmationpage243246.co.vu/Account%20security_files/Gk3ISkHbjNq.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 3.4 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/Gk3ISkHbjNq.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (1166)
Hash 2fa86c75722cd217d260a0a9e66bd284
0e668adeafae34082b89f80be4d4fb968abbba4b
c017851895b88f5bd4f459d22d8f081b4dcebc187989831717e4ea616e0571e0
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/Gk3ISkHbjNq.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 3416
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/2jr_tFUjDMy.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 235 B URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/2jr_tFUjDMy.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
Hash 96d5a6840fa57b919c48251fefc5fea7
e816c4a3cbe2fefa22858b78b22c3b5706681016
8b4b9cdc2cb5f220150cb3bfea298c5b3d876fb876da674d8d5624867124cd3d
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/2jr_tFUjDMy.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 235
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/3s7j1GL9cZl.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 48 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/3s7j1GL9cZl.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (5535)
Hash b30e3d8bc1b224838a169529555207b6
fff7e8cbe378b03a16bda62fb6c6eb0ba3fa6526
4d8cccf3526c561bfe36bac0087da7600fec145917ccda36e31512015d9c73e4
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/3s7j1GL9cZl.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 48454
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
ocsp.digicert.com/
200 OK 471 B IP
Hash 2b9d6a686aa3c4ea24568425e43a5221
d53bb4c9579bd1db78a0520619e888aec79f750f
c38734a8dbe51217d73896c0bf7f5c38c107fd79e0dee24b717f130377e9b5f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1271
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 01:53:25 GMT
Etag: "638db4ac-1d7"
Last-Modified: Tue, 06 Dec 2022 01:32:14 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
confirmationpage243246.co.vu/Account%20security_files/M4WYEDn5b1N.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 7.8 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/M4WYEDn5b1N.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (5262)
Hash 0d46d14a15dda151eff79557cd07d90c
889643e17e234ad08d39293468b2c53c80a5abcc
178e758f778499842d6d610dcbf85540f893204853549ffe0cf0625e3d48999f
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/M4WYEDn5b1N.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 7817
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/hHHTJ66daSh.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 21 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/hHHTJ66daSh.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (6352)
Hash 605066fe23cdda58bd51cd84f578f83a
f587b5ee7d9c8784ed1ada0482abbaea0b17a95c
bcaf71e36867ff12bf5af0340d114b33f7ed92ca14b3a8ed11ac583d21e46781
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/hHHTJ66daSh.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 21021
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/wQjEXDzhVd7.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 31 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/wQjEXDzhVd7.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (7872)
Hash e828936a4a6b9e78e35e727bcd0fb65a
8b40abdcbf73244a54c1262033f54cb5125cf5c0
21c2a8eb713429aa2b8375646d8900e8cdbbd00340a301fe449e0f1ae14262f8
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/wQjEXDzhVd7.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 30974
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/cN-N4Eu_deZ.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 7.3 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/cN-N4Eu_deZ.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (7220)
Hash ff5680b0a0befeaf3954a1dc6adc5430
528077cfb7a85ea5b1faa4520c5307b490e80f22
095eceabca5358699a8efc64f4e44b27576d45c2ab864f1f50c3401676f9a827
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/cN-N4Eu_deZ.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 7286
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: c4MmHkv0VmUmpvtc1rQprw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: dUeTlSnVvUb94454LIuixL1BSkI=
confirmationpage243246.co.vu/Account%20security_files/UMjce8g8u4Z.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 34 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/UMjce8g8u4Z.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (18915)
Hash 6b820ccae0e90edc41c7af3f0cf2848f
814165bd828a66b65316d15a1b29a0db6c3eeff9
d6b20099af664a818b3ea84be24c5a6bc1d7783722865d055ed8f452ac46fbc7
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/UMjce8g8u4Z.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 34448
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/gxlhI1GBV6m.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 85 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/gxlhI1GBV6m.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (6747)
Hash ece429dbe9bc0a3a86cef1bc1452319f
a5c8ec9d82961fa125a88fe52f8acc203e545dc7
5efb3dab2de811f8512e622c02e6834aa0ce0085fbc7c66b2d5f9b83047907b9
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/gxlhI1GBV6m.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 84988
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/xCNlQDi1ngo.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 31 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/xCNlQDi1ngo.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (3656)
Hash d9d12fd2b2d38632147100297754fc58
1bdafb63a86a8ffd840717535c645fceb3946d7f
08032e0d311d265c7b0d7b8ed45e26c6350179a691a8d33f029b66f928ee81d6
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/xCNlQDi1ngo.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 30918
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/0LOtvn7s0n2.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 46 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/0LOtvn7s0n2.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type C source, ASCII text, with very long lines (11864)
Hash af05df97232c6b823457f68430351446
1fe302de88eae0aaa9c80a550f6ff06fe14b9e57
bae18e47dcd78f9d1606679d9e117d719e0d95350cf416654ba9f38b906e5323
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/0LOtvn7s0n2.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 45623
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/rP8p7Irlvdn.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 13 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/rP8p7Irlvdn.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (7784)
Hash 74c37db1fb674688b8a3c788f606cfc2
5f853171902310c50dd4e7c952472fa25a1669d6
ad71dbec91c3bf9fa25435f33eb961bc091a81c96cec0443f42356822f75a592
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/rP8p7Irlvdn.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 13294
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/eknh9Re3ab9.css
200 OK 307 B URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/eknh9Re3ab9.css
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (460)
Hash 861b14d0af826bc517265587ca7db32c
55411183bc1803cf89f75e0585d3d535dd65a724
71bf820593e6c102d1ec0a8bb589bbe032850d10b673e1bd5b09b996fde5f762
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/eknh9Re3ab9.css HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: text/css
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 307
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/ogGTLy0m35N.css
200 OK 8.9 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/ogGTLy0m35N.css
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (7512)
Hash a567031496747dae5d559f2c5bb1b179
cc2b6e53665f54aaaf9d5e1036b1f0ff407dd3ae
b500c6d9e85461c3693fbe23ac2bdc3e6c12edd5d0f609964e73f2d3f526c1a6
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/ogGTLy0m35N.css HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: text/css
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 8903
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/8v0m3wwOBP2.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 71 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/8v0m3wwOBP2.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (11051)
Hash 1da8aac41c22699a8a70a6e7b247f369
1fab373c1b8d7113f30b97cb0a508c20c021be2d
0f0fe57e50692ac123af51a59e27ca1505d5879845695acaf252408f79e53238
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/8v0m3wwOBP2.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 71385
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/tMCGgMHbEWk.css
200 OK 4.2 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/tMCGgMHbEWk.css
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (1508)
Hash e0d5b7a769828bffd2400ed940f2e557
9c2bb5bc62c470e4209745c7241527cf7e6707a2
1721ad815117004a2742fb92e780e9c2e0653d8f4383d9b7beaa2f9295237a5e
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/tMCGgMHbEWk.css HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: text/css
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 4233
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/0gtnVJ5rfTK.css
200 OK 8.3 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/0gtnVJ5rfTK.css
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (6645)
Hash 537598fe573e48ad5c014b65a86f02b4
489789c4d6db2b774b644b48cdd29a100de12ad4
a8a4f87e7cf9811b7a49de63e04eb94dee7f218654c36211ebf05c68f37e55af
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/0gtnVJ5rfTK.css HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: text/css
Last-Modified: Wed, 08 Dec 2021 17:22:48 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 8298
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/translateelement.css
200 OK 3.6 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/translateelement.css
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (18670)
Hash bf184debfffb6049e3861cf9baf29e23
20a5d7f9147681084558ba871d9bb2077253de30
de5e0f6e792243a2738e3deb5c8359a412f257dfe27edd87681d8cef0a838c21
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/translateelement.css HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: text/css
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 3645
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/W0cYX1tntdY.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 39 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/W0cYX1tntdY.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type C source, ASCII text, with very long lines (10479)
Hash 68c7b423ddc685d3af03be29f055905b
456ee5e49f78d1fe5e0ad41993ed1ecf5691edd0
7c8e927e8a052d4b5c80bb750b951b1148766ab3cf330586d5368c2273ddaa3e
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/W0cYX1tntdY.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 39195
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/facebook.svg
200 OK 1.1 kB URL HTTP/1.1 confirmationpage243246.co.vu/facebook.svg
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (2384)
Hash 3f0541e27276a18703a184e1950054bd
cd299d152ca0a32181018c28bf2d70177d915a14
766fc03ea4090097fe191bf4cf068aecf044194335337c5086b33f90415a44e6
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /facebook.svg HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: image/svg+xml
Last-Modified: Sat, 18 Dec 2021 08:59:46 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Vary: Accept-Encoding,User-Agent
Content-Length: 1074
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
confirmationpage243246.co.vu/Account%20security_files/translate_24dp.png
200 OK 846 B URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/translate_24dp.png
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash e9cd262114358f26b7608b56905185dc
6dbde0a96deaab2b529723ce26c62043cf9180ab
5a861509b658aa24fc3aed2867ac3c061e7d818d90b9990959afc6d1b5d4ff99
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/translate_24dp.png HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: image/png
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 846
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=1&event=prelude_onload&client_event_time=1670291603.271&time_from_nav_start_ms=2203&jazoest=22060&previous_event=nav_started&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon
404 Not Found 1.2 kB URL HTTP/1.1 confirmationpage243246.co.vu/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=1&event=prelude_onload&client_event_time=1670291603.271&time_from_nav_start_ms=2203&jazoest=22060&previous_event=nav_started&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
POST /ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=1&event=prelude_onload&client_event_time=1670291603.271&time_from_nav_start_ms=2203&jazoest=22060&previous_event=nav_started&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Origin: http://confirmationpage243246.co.vu
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
Content-Length: 0
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 1238
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/icons.png
200 OK 7.9 kB URL HTTP/1.1 confirmationpage243246.co.vu/icons.png
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type PNG image data, 171 x 86, 8-bit/color RGBA, non-interlaced\012- data
Hash e520c3db17869c260e8b1b785668c3db
f64bada4e69f4601706df12022e0b976967e4575
5c9598c52ea130472e3041027ac8cc35501bc199421462e1b528c0fc18ae59c3
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /icons.png HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: image/png
Last-Modified: Wed, 08 Dec 2021 18:02:18 GMT
Accept-Ranges: bytes
Content-Length: 7901
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
confirmationpage243246.co.vu/Account%20security_files/OqQDSI5NZpt.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 178 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/OqQDSI5NZpt.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (7157)
Size 178 kB (178302 bytes)
Hash eec888e08962f655062bca1915aa5c62
bd550068cb78f31108c3388b3cde370b95cf8ce4
7a5b838a28d1a7e73533aa2f2167c1de89487f16e9cd7e6a930710693ad05e6c
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/OqQDSI5NZpt.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 178302
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3993
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 01:53:26 GMT
Connection: keep-alive
confirmationpage243246.co.vu/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=3&event=jewels_visible&client_event_time=1670291603.336&time_from_nav_start_ms=2268&jazoest=22060&previous_event=first_paint&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon
404 Not Found 1.2 kB URL HTTP/1.1 confirmationpage243246.co.vu/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=3&event=jewels_visible&client_event_time=1670291603.336&time_from_nav_start_ms=2268&jazoest=22060&previous_event=first_paint&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
POST /ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=3&event=jewels_visible&client_event_time=1670291603.336&time_from_nav_start_ms=2268&jazoest=22060&previous_event=first_paint&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Origin: http://confirmationpage243246.co.vu
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
Content-Length: 0
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 1238
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3993
Expires: Tue, 06 Dec 2022 02:59:59 GMT
Date: Tue, 06 Dec 2022 01:53:26 GMT
Connection: keep-alive
confirmationpage243246.co.vu/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=2&event=first_paint&client_event_time=1670291603.336&time_from_nav_start_ms=2268&jazoest=22060&previous_event=prelude_onload&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon
404 Not Found 1.2 kB URL HTTP/1.1 confirmationpage243246.co.vu/ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=2&event=first_paint&client_event_time=1670291603.336&time_from_nav_start_ms=2268&jazoest=22060&previous_event=prelude_onload&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 0bde7d4b3da67537eaf9188e6f8049cf
64300fc482d01d38b40ab20e15960b6509665e5a
5dc1ae0b875dc0d78dbc5532226f5f31b762b4d1229984f605d27bf895ab6807
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
POST /ajax/mtouch_perf_page_load_timings/?lid=7037750802906714093-0&seq_num=2&event=first_paint&client_event_time=1670291603.336&time_from_nav_start_ms=2268&jazoest=22060&previous_event=prelude_onload&log_to_scuba=false&fb_dtsg=AQEeSudqCxLiEhc%3A9%3A1637830325&num_cores=16&transmission_method=beacon HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Origin: http://confirmationpage243246.co.vu
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
Content-Length: 0
HTTP/1.1 404 Not Found
Connection: Keep-Alive
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html
Content-Length: 1238
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg
200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8055d0db573ab34924db3b60ed788bb2
a4aae05e7a929fc7f652f56748d2a2da9c44ac45
f6a9555f112882d4ac284c6dc26ae0f02f6ccf8ee312615e01ebec8242bade1f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1d62ac4e-2ac8-4e49-a61b-a48cff80ffd2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9987
x-amzn-requestid: 3d4d7dd0-2be0-46c1-a9c0-aa3cce2e8c81
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSvUHhJIAMFZYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64c8-63a6960043564aa762caaabe;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:16 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cE8n21yLSOS1FFSW_80l4MKNtJ9uJj7SXJS1Xza-lTYruvI2Wvkwlw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:11 GMT
age: 14715
etag: "a4aae05e7a929fc7f652f56748d2a2da9c44ac45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 38b97436af942d5eb1111ca7043259a0
0234fe32c84c4711f0619714f3ac6d3db1b717d3
a76a7721355abbaecd5c8cb5218e7e4626dc345eb26e7541c71bf4ceaa7ae5d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6d735c66-8946-4145-a67f-e17dd48087bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11175
x-amzn-requestid: 9c93ddca-1247-44af-a364-e617f69ace26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSzYEnEoAMFa2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e2-7d38ea383725901524bc2ca0;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fNsYsKfPUM8QaG7-F1tSBDdsNit1BfYpWddNssXwyFO2HgdA0RpjAQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:54:21 GMT
age: 14345
etag: "0234fe32c84c4711f0619714f3ac6d3db1b717d3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
200 OK 5.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49c08cd33e41826af9dd4a8a912e0ddf
bde85bd98858e4b13484a9cc3263b4db7fb5d348
43471e7b4da8e4e58b842d05cb073ef150ff119eaa6890c86162f03a140459cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273773ed-3135-47d7-b4ff-5e390a90fecf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5273
x-amzn-requestid: 5ab71aaf-6757-46dc-86fc-0a866958d22f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSz2EqfIAMFqng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64e5-15ae9d330e005f547161b4df;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:45 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YFtwPRjtJcX51t_xVdpS2-J222bVL8KEildkseLJ_pVbCFkljZ-Q0A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:47:49 GMT
age: 14737
etag: "bde85bd98858e4b13484a9cc3263b4db7fb5d348"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7f2c354a00ab51d4a41221b6bf191c10
01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4
7d3c8417e1db0db41ceb8b4bf3f506864392dd1ad29319a06a8a6055f6f2ed12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffaf0de04-19bf-4944-9ac5-5178afafb192.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11352
x-amzn-requestid: 7c3fc7bb-eb1f-46ec-8e92-b6ffc6261848
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csSwuF1ToAMFiIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e64d1-7c53152a279f00595b9886bd;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:38:25 GMT
x-amz-cf-pop: SFO5-P2, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: EQorA5VTb0s2BEIWBkdkhDho-bLdLVvu8LnAIQsQqsIjgBLneYqCzg==
via: 1.1 b6d577696b14c86cbfeb5b3459f38c50.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:48:22 GMT
age: 14704
etag: "01ceb7233fe05ad8dff3a0a43eef879ea2b83ec4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2f60a6490f38a772dcd50a1132e98e1b
ff254a1df087d2c157d88a6ef04e395dc49efe5e
653e40becd103cd76cc2f194a87e933e8c548d346f87520fefca3b16430fc4ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa99f7bcf-386e-4655-b6f0-99abdf67f097.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8469
x-amzn-requestid: c17eff92-da62-4f0f-9e75-2741012ec43a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: co_sqFSjoAMFQ6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638d131d-61d61d2f0bb01ecb21b809ea;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 21:37:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TKSlCefkyQ7VDufJJOh1D7zhioft93jfOsoXxTD4ncAK5ktxlPvIoA==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 21:52:07 GMT
age: 14479
etag: "ff254a1df087d2c157d88a6ef04e395dc49efe5e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5e953213b7b13b8ee202406147fac52
67a09d8cd23ed444667b225f7fbf4bb17b9f42dd
cf6b2502f0a992148f9401c16a329cae5a6c21fb81f03131f3e69c58bc608110
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F42536ef2-6e40-4541-ac60-0ff74058daa7.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15732
x-amzn-requestid: 7467ddb0-b9f9-47e9-ac31-c7599fe45698
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csVIIESBIAMFU6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e689a-79e3f8b66e1cf72f3283ac5b;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:54:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3seQ7H4qrlKKpuIWUobiey92ZMkB4jWqd5v6T6379g0V0y6XdVFvWQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Mon, 05 Dec 2022 22:09:28 GMT
age: 13438
etag: "67a09d8cd23ed444667b225f7fbf4bb17b9f42dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
confirmationpage243246.co.vu/security-1.png
200 OK 15 kB URL HTTP/1.1 confirmationpage243246.co.vu/security-1.png
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced\012- data
Hash cafe11017b67dc4fcbd7fa38a3e5d4ba
5962c89e0750cabff113df27203b311c48e8ee20
0856d82350787c040c648f22087aca6a0e96f40f7096728cfb4bc87a6d9c002e
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /security-1.png HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Cache-Control: public, max-age=604800
Expires: Tue, 13 Dec 2022 01:55:13 GMT
Content-Type: image/png
Last-Modified: Sat, 30 Jul 2022 18:25:50 GMT
Accept-Ranges: bytes
Content-Length: 15090
Date: Tue, 06 Dec 2022 01:55:13 GMT
Server: LiteSpeed
Vary: User-Agent
www.gstatic.com/images/branding/product/2x/translate_24dp.png
200 OK 1.8 kB URL HTTP/1.1 www.gstatic.com/images/branding/product/2x/translate_24dp.png
IP
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash c69c796362406f9e11c7f4bf5bb628da
e489ce95ab56208090868882113d7416abf46775
4dac0026fbfa2615dce30c0af12830863fe885f84387a0147b9e338f548d5d82
GET /images/branding/product/2x/translate_24dp.png HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://confirmationpage243246.co.vu/
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Origin
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
Content-Length: 1842
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Fri, 02 Dec 2022 06:00:57 GMT
Expires: Sat, 02 Dec 2023 06:00:57 GMT
Cache-Control: public, max-age=31536000
Age: 330749
Last-Modified: Thu, 14 Oct 2021 09:08:00 GMT
Content-Type: image/png
ocsp.digicert.com/
200 OK 471 B IP
Hash a179b3b6ab78e29169af8cc2363d6280
501cd2871c5b70c56852c6cd0c87f383504ca933
ceecf34d673dd0d910e3622aa0fa8d84fea748592acc796286c4ec5e76fbc170
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5260
Cache-Control: max-age=136391
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 01:53:26 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:46:37 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
static.xx.fbcdn.net/rsrc.php/v3/yj/r/gB76kJXPYJV.png
200 OK 6.7 kB URL HTTP/2 static.xx.fbcdn.net/rsrc.php/v3/yj/r/gB76kJXPYJV.png
IP
File type PNG image data, 196 x 196, 8-bit colormap, non-interlaced\012- data
Hash 389dfa18be34d8cf767e06fd5cde4ec6
47b751cffab47d076816c63ce08d3e84600376ee
3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5
GET /rsrc.php/v3/yj/r/gB76kJXPYJV.png HTTP/1.1
Host: static.xx.fbcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://confirmationpage243246.co.vu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: image/png
access-control-allow-origin: *
last-modified: Mon, 01 Jan 2001 08:00:00 GMT
content-md5: OJ36GL402M92fgb9XN5Oxg==
expires: Mon, 27 Nov 2023 03:50:00 GMT
cache-control: public,max-age=31536000,immutable
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
timing-allow-origin: *
x-fb-debug: lzheFC6nM8wbSDBC49JZs1f6PEEHlIe6mjXIWnijEU3yBm8wEdHm8EY+1qBv8UUcP4bVia3Ys+1S/2xN/chGTQ==
priority: u=3,i
content-length: 6690
x-fb-trip-id: 1679558926
date: Tue, 06 Dec 2022 01:53:26 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 471 B IP
Hash a179b3b6ab78e29169af8cc2363d6280
501cd2871c5b70c56852c6cd0c87f383504ca933
ceecf34d673dd0d910e3622aa0fa8d84fea748592acc796286c4ec5e76fbc170
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5260
Cache-Control: max-age=136391
Content-Type: application/ocsp-response
Date: Tue, 06 Dec 2022 01:53:26 GMT
Etag: "638dfdd1-1d7"
Expires: Wed, 07 Dec 2022 15:46:37 GMT
Last-Modified: Mon, 05 Dec 2022 14:18:57 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
confirmationpage243246.co.vu/Account%20security_files/-7rtbzkhkiz.js.t%E1%BA%A3i%20xu%E1%BB%91ng
200 OK 586 kB URL HTTP/1.1 confirmationpage243246.co.vu/Account%20security_files/-7rtbzkhkiz.js.t%E1%BA%A3i%20xu%E1%BB%91ng
IP
ASN #131392 GMO-Z.com Runsystem Joint Stock Company
File type ASCII text, with very long lines (5318)
Size 586 kB (585682 bytes)
Hash 6d592bd6ab0e8354a7d8179ab3c38bc2
8499b82820aa8d997a8e7a65f254916cee668b8d
2569f09c86fd39ec4ddf0dc54dd22b8c5a078eca719f11f7bc9737803717ee3c
Analyzer Verdict Alert urlquery phishing Phishing - Facebook
GET /Account%20security_files/-7rtbzkhkiz.js.t%E1%BA%A3i%20xu%E1%BB%91ng HTTP/1.1
Host: confirmationpage243246.co.vu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://confirmationpage243246.co.vu/
Connection: keep-alive
Cookie: PHPSESSID=a6272a893647dcd060b9c1386116b8b1
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Type: application/octet-stream
Last-Modified: Sun, 05 Dec 2021 17:24:52 GMT
Accept-Ranges: bytes
Content-Length: 585682
Date: Tue, 06 Dec 2022 01:55:12 GMT
Server: LiteSpeed
Vary: User-Agent
103.18.6.27
93.184.220.29
34.102.187.140
23.36.77.32
157.240.200.14