Report - facebookreport56.tk/

Report Overview

Submitted URL
facebookreport56.tk/
IP
135.148.174.5
ASN
#16276 OVH SAS
Submitted
2022-09-20 22:26:27
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
38

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	329 B	737 B	93.184.220.29
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	54.149.83.187
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.77.32
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	963 B	172.64.155.188
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	64 kB	34.120.237.76
server.datamanager.click	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	1.2 kB	135.148.174.5
db.onlinewebfonts.com	55878	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	421 B	382 B	185.126.226.146
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.110
facebookreport56.tk	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	501 kB	135.148.174.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.
2022-09-18	medium	facebookreport56.tk/	Facebook, Inc.

PhishTank

Scan Date	Severity	Indicator	Alert
2022-09-18	medium	facebookreport56.tk/	Other

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-20	medium	facebookreport56.tk/	Phishing
2022-09-20	medium	facebookreport56.tk/runtime.acf0dec4155e77772545.js	Phishing
2022-09-20	medium	facebookreport56.tk/polyfills.a6cee9d4b9da9e6c7e50.js	Phishing
2022-09-20	medium	facebookreport56.tk/main.0e8d7d59ce512c604ee7.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-20	medium	facebookreport56.tk	Sinkholed
2022-09-20	medium	facebookreport56.tk	Sinkholed
2022-09-20	medium	facebookreport56.tk	Sinkholed
2022-09-20	medium	facebookreport56.tk	Sinkholed
2022-09-20	medium	facebookreport56.tk	Sinkholed
2022-09-20	medium	facebookreport56.tk	Sinkholed
2022-09-20	medium	facebookreport56.tk	Sinkholed

JavaScript (3)

	URL	Size	First Seen	Last Seen
	facebookreport56.tk/runtime.acf0dec4155e77772545.js	1.5 kB	2023-03-07	2024-04-25
Pretty URL facebookreport56.tk/runtime.acf0dec4155e77772545.js IP 135.148.174.5 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:11 Last Seen2024-04-25 14:47:10 Times Seen801 Hash 1244d3f2f28ecc6619157927aca95200 a9aafcf49f49145093fc831efd9b8e2f6c71bb9c 6c5acbb82a46a4971660f65131241dffcc28828f4dbd76b8ec7bab0b468250f8 Loading...

	facebookreport56.tk/polyfills.a6cee9d4b9da9e6c7e50.js	38 kB	2023-03-07	2024-03-03
Pretty URL facebookreport56.tk/polyfills.a6cee9d4b9da9e6c7e50.js IP 135.148.174.5 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:11 Last Seen2024-03-03 16:08:12 Times Seen13 Hash c363d15d922d953582cf8a46ab0dd7ab dbc502f030c7bb83c7caa1feee7aff990831f7d9 286a59ecef6ff0ff2ebbcb68f1352402c8704d5273028258d1dc73d40e586213 Loading...

	facebookreport56.tk/main.0e8d7d59ce512c604ee7.js	1.0 MB	2023-03-07	2023-03-17
Pretty URL facebookreport56.tk/main.0e8d7d59ce512c604ee7.js IP 135.148.174.5 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:11 Last Seen2023-03-17 10:39:09 Times Seen1 Hash 605c2fb5d1192002c78042ce01ec9be7 39e259cfe5e8f13310ca5c92cd41d75a259c04b4 d0cdf5f7901ecbda5f16b782e930927f38acbd80a18418e9b8f1143650e14020 Loading...

HTTP Transactions (30)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
804f8bbb7f556d51a5f52d5ebd5b6eef
922cd7e06df278615a04abb81d811d14596c8180
ef4804d381a34ab67873a7755621081c49c646310e085a9b2356ae07098f6021

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Backoff, Retry-After, Content-Type
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 20 Sep 2022 21:39:34 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: It9sHZeNEhZYJyKbKG0EW1gV6GG5Tv6RWTESI5aBmd49sTJiOtVZSQ==
Age: 2802

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a26d0784548ecab22f417f3d689daf23
8893b79366bbadeb5c8d587b8f023e310694df1c
35baaae7b3ce3110ebb2b075881cfab55ecf3eab57d834283fd18ac691b41fa2

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35BAAAE7B3CE3110EBB2B075881CFAB55ECF3EAB57D834283FD18AC691B41FA2"
Last-Modified: Tue, 20 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13146
Expires: Wed, 21 Sep 2022 02:05:22 GMT
Date: Tue, 20 Sep 2022 22:26:16 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain

143.204.55.110

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
6113f8408c59aebe188d6af273b90743
7398873bf00f99944eaa77ad3ebc0d43c23dba6b
b6e0cc9ad68306208a160f3835fb8da76acc5a82d8fde1da5a98e1de1c11a770

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-30-18-47-44.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 10 Sep 2022 18:47:45 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 20 Sep 2022 04:35:14 GMT
etag: "6113f8408c59aebe188d6af273b90743"
x-cache: Hit from cloudfront
via: 1.1 6cb1d4b545e7beb4ead790454f4807c6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: R_A1W-1zu9oa3y1DoWd71xpfVvIwWOJk7LHPg8Z3GG4SguLNvaoH8w==
age: 64263
X-Firefox-Spdy: h2

facebookreport56.tk/

135.148.174.5

200 OK

626 B

URL HTTP/1.1
facebookreport56.tk/
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
626 B (626 bytes)
Hash
3f08194706df95b6003121486ecb68ad
39bf18df78a77bf0bc50559333501f11ae3397c8
8c558db9351271ca37e2a7ed2f7083ac0dcee6611250f82e52c70c5c8dc538d2

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
phishtank	Other
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Sun, 28 Aug 2022 09:39:06 GMT
Accept-Ranges: bytes
ETag: "3910594c2bad81:0"
Vary: Accept-Encoding
Date: Tue, 20 Sep 2022 22:26:16 GMT
Content-Length: 626

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 22:26:17 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

facebookreport56.tk/runtime.acf0dec4155e77772545.js

135.148.174.5

200 OK

940 B

URL HTTP/1.1
facebookreport56.tk/runtime.acf0dec4155e77772545.js
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (1485), with no line terminators
Size
940 B (940 bytes)
Hash
bc916f6a6f624107ca2244467b4f941a
66ffce7c34c44db93ceba050a3da8d3aa31a1e6b
4b05916c334201f9200dab030d489e0bf15a26b876a587159bbb9554a5c4ba44

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /runtime.acf0dec4155e77772545.js HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://facebookreport56.tk/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 28 Aug 2022 09:39:06 GMT
Accept-Ranges: bytes
ETag: "7771454c2bad81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 20 Sep 2022 22:26:16 GMT
Content-Length: 940

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 20 Sep 2022 22:03:22 GMT
Expires: Tue, 20 Sep 2022 22:32:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a2b4f68a89fc87406bff22c95fc07fba.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Neij0PwMLMN24IJdpDm7pVHsVIpUrHoe5twgR__PeDcK6azyECMy0g==
Age: 1375

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
0c42c1d56482fa6d11a38f93bc291d58
e3d9b89a22a0ad7cb6fd9031ea7bb355df78f259
cdfde7b5884fdd1c5c6c102f7e288029beda0dd72ced6621e8d055e519e39f03

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Tue, 20 Sep 2022 22:26:17 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 18 Sep 2022 10:45:07 GMT
Expires: Sun, 25 Sep 2022 10:45:06 GMT
Etag: "e3d9b89a22a0ad7cb6fd9031ea7bb355df78f259"
Cache-Control: max-age=389328,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74ddfb59bd34b4e8-OSL

facebookreport56.tk/styles.c9105ee458e38d6dd088.css

135.148.174.5

200 OK

35 kB

URL HTTP/1.1
facebookreport56.tk/styles.c9105ee458e38d6dd088.css
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
Unicode text, UTF-8 text, with very long lines (65091)
Size
35 kB (35157 bytes)
Hash
ae43e4508f572fa022cf9e00d1fce773
3d5f47df010beada3e11b167b5797792bbda9db4
ecbb95d4a3f64fe5001b5f967a954951829103da011c5c6dbf39b619e50548ef

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
quad9	Sinkholed

HTTP Headers

GET /styles.c9105ee458e38d6dd088.css HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://facebookreport56.tk/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Sun, 28 Aug 2022 09:39:06 GMT
Accept-Ranges: bytes
ETag: "6032464c2bad81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 20 Sep 2022 22:26:16 GMT
Content-Length: 35157

facebookreport56.tk/polyfills.a6cee9d4b9da9e6c7e50.js

135.148.174.5

200 OK

16 kB

URL HTTP/1.1
facebookreport56.tk/polyfills.a6cee9d4b9da9e6c7e50.js
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (37547), with no line terminators
Size
16 kB (15646 bytes)
Hash
3ae9ddf7b38d0454eb6d5619748555fa
aacbb5f92a77ae47871379544849b4917754a38a
0305bf5cc1828b151fd1dbd697a5743cea375469f5347ee436ff5d73f4d8e0ff

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /polyfills.a6cee9d4b9da9e6c7e50.js HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://facebookreport56.tk/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 28 Aug 2022 09:39:06 GMT
Accept-Ranges: bytes
ETag: "6032464c2bad81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 20 Sep 2022 22:26:16 GMT
Content-Length: 15646

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
edf07cd621f733b0eb50c632387ebf4f
61a082d26501c2c8d481b1676d0de2e585269613
e5c4324e4c55824b86f48bf0b9a1d317a82e7d3c19bdea7a91d78ce98d68a980

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4015
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 20 Sep 2022 22:26:17 GMT
Last-Modified: Tue, 20 Sep 2022 21:19:22 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

54.149.83.187

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.149.83.187:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: vfWVWQ3D+49XfOBIKksxlg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: njSQRw1x3WHG5ChaDWr1Zuv6grI=

facebookreport56.tk/main.0e8d7d59ce512c604ee7.js

135.148.174.5

200 OK

416 kB

URL HTTP/1.1
facebookreport56.tk/main.0e8d7d59ce512c604ee7.js
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
ASCII text, with very long lines (65536), with no line terminators
Size
416 kB (415823 bytes)
Hash
f78c158a889f075ea4142ade5ae2c928
ddf35cfb385f47ccc76d79bf5f9d04c1d37f23a8
c6db8b523185a95483c289b4904da479299f7605d9b4b49cd006b53163df2b08

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /main.0e8d7d59ce512c604ee7.js HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://facebookreport56.tk/

HTTP/1.1 200 OK
Cache-Control: no-cache
Transfer-Encoding: chunked
Content-Type: application/javascript
Content-Encoding: gzip
Last-Modified: Sun, 28 Aug 2022 09:39:06 GMT
Accept-Ranges: bytes
ETag: "6032464c2bad81:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/10.0
Date: Tue, 20 Sep 2022 22:26:16 GMT

facebookreport56.tk/favicon.ico

135.148.174.5

200 OK

5.4 kB

URL HTTP/1.1
facebookreport56.tk/favicon.ico
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Size
5.4 kB (5430 bytes)
Hash
de76b0c210c815ef282d5b59de8a0567
023038e2dfd649047be4fbba79c78dd80bc4cd90
c636a92a12eb33629e6dcadc67e49651ac54e8f3b18a03c805668505f05c885a

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://facebookreport56.tk/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/x-icon
Last-Modified: Fri, 10 Jun 2022 08:48:29 GMT
Accept-Ranges: bytes
ETag: "7a33b1dba67cd81:0"
Server: Microsoft-IIS/10.0
Date: Tue, 20 Sep 2022 22:26:19 GMT
Content-Length: 5430

facebookreport56.tk/assets/images/img2.png

135.148.174.5

200 OK

26 kB

URL HTTP/1.1
facebookreport56.tk/assets/images/img2.png
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
PNG image data, 1344 x 504, 8-bit/color RGBA, non-interlaced\012- data
Size
26 kB (25544 bytes)
Hash
962b81349baed687a58a57a2daaeb44c
621016b0c39ff28c920ee02d7202027a5afd882c
13c3ec7529624dcd9037cc2056cb326a29fd35664b6d22dde977e4edb3cecb40

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
quad9	Sinkholed

HTTP Headers

GET /assets/images/img2.png HTTP/1.1
Host: facebookreport56.tk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://facebookreport56.tk/

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/png
Last-Modified: Fri, 08 Jul 2022 05:18:56 GMT
Accept-Ranges: bytes
ETag: "367ce8388a92d81:0"
Server: Microsoft-IIS/10.0
Date: Tue, 20 Sep 2022 22:26:19 GMT
Content-Length: 25544

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17420
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 22:26:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17420
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 22:26:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17420
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 22:26:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17420
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 22:26:19 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
85aa2dcaf76d25900c78356e5e1c254f
46cd66c9921a162c9e67cfa7d85bc82e5967d531
741815f43b76661b9edde512bc9061cb4bc659b297e7d822bf8e68e5aac9d23d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "741815F43B76661B9EDDE512BC9061CB4BC659B297E7D822BF8E68E5AAC9D23D"
Last-Modified: Sun, 18 Sep 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17420
Expires: Wed, 21 Sep 2022 03:16:39 GMT
Date: Tue, 20 Sep 2022 22:26:19 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg

34.120.237.76

200 OK

8.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.8 kB (8826 bytes)
Hash
4eb6d1b35f680bfec656941b6167fd23
344c6000dbdafdb5105edc93a082d640c3e95ddc
67fc85fa0f1a55d57ab9db6f4c723fb9116ef3b2c5282dbdd42d9c37396bd7b9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0461a18-eff3-4de5-b1f6-be49fa5db229.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8826
x-amzn-requestid: cf0c711e-4ec9-4f87-a60f-41374262a114
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYweUHIyoAMFYQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202df5-17ad5d4e25a754586e531d05;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:15:01 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OEbpCQXLpTCDZH4OlzVvvsc-bSgbsIoXRgX6f-nKVwJTL5-SVTCHeA==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:48:37 GMT
age: 2262
etag: "344c6000dbdafdb5105edc93a082d640c3e95ddc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11552 bytes)
Hash
370f018032c47c9e5c11e6afa4ffdd1f
639c8d2d6f1cf5fa6d742925ea61386d600dd368
6084e769cbcc679110c174e8031439f80bcfa0027d1c39c7b6626c54692da120

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3d9d6ae0-dc0d-4bab-98fe-eb30bb5f5b2d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11552
x-amzn-requestid: 5457ef1c-d92b-4cd5-a704-64c1ff0cb2b3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1mFRXIAMFv5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-3cd341153ca71b7c069b6ead;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: mRLExeUrP-mJL7eNWxdoPgYc-Wamgb7OrZBAjP5L5aBkMhE9IYF_7g==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:30 GMT
age: 2689
etag: "639c8d2d6f1cf5fa6d742925ea61386d600dd368"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273857c4-a36e-4755-b3c4-1ff5fcd3d260.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11440 bytes)
Hash
a4a275a6a20ad8a21f49b3ed73098126
5dfdf9835782ef3825a45bfcc7f38dfe3a754df0
933a6d502e92d7320ad9f3204c768b0d7d757f136d4c9c130e418e74a36dde06

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F273857c4-a36e-4755-b3c4-1ff5fcd3d260.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11440
x-amzn-requestid: eda42fc3-bfca-4c15-856f-fae709e79c4b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YYvZ5EcDIAMF9lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63202c3f-3ae1bd425e29e23c2ee71933;Sampled=0
x-amzn-remapped-date: Tue, 13 Sep 2022 07:07:43 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: UscDE1v3vDPb-3zj6gYkmlNRx4gBIYgiTMf4bYivsZm3Q-0kFOO10Q==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 5fe5f2a3903f1378941d92eceaf3fa16.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 22:12:22 GMT
age: 837
etag: "5dfdf9835782ef3825a45bfcc7f38dfe3a754df0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (12048 bytes)
Hash
c2db94039cb675cb250519fe57b2b3c9
37222a70df5d9a69073b4b32ebc3a5da60006001
444f4359ac25747e7c5d7e09202f195d407bc94a4933ac7ebbbaf9839bf59aff

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F06a0b4c5-4223-42cf-b012-2e09b250c8c1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12048
x-amzn-requestid: bc551b18-fddb-4502-8c11-b8de83d75def
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwlKzF9FoAMFp_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329b578-7e030b2e0af1d1c309d2dde6;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 12:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: q4_aUdJyUhQIezjvo7LtOw_0pV-W3EkdLVzVnVB4_4gHSK9AYhrTxA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 12:43:36 GMT
etag: "37222a70df5d9a69073b4b32ebc3a5da60006001"
content-type: image/jpeg
age: 34963
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19a7100-8d4f-4c0a-8865-191670cb2db4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6667 bytes)
Hash
9c4ba493d60a12accc1dc9c3299fa01d
65886e11d9f792452cceea23444722ff4028b081
b287b0bf2b3dc834a657dc98a9eef006577554306fa481bbc9de5a16943129f1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb19a7100-8d4f-4c0a-8865-191670cb2db4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6667
x-amzn-requestid: 1798057c-208d-471e-8d5c-602631418afd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yxy1nHvsoAMF23A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-632a31bd-121c21f710767cde77a06945;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 21:33:49 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vdjC0dj8L5qN-SdmlBD_TD0T0hdFtWzmnC9_AdJVP5qTi9dWz6_K9g==
via: 1.1 e71753cf85369390852fdcb22bf59aa8.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:40:13 GMT
age: 2766
etag: "65886e11d9f792452cceea23444722ff4028b081"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febae4a05-492e-4ab9-a79b-7e3f27cfc01e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.9 kB (6904 bytes)
Hash
2cb692de2fcf108bf060af0b9599869f
443706b089783f7a16d4b001948a141a83ace053
06bedf63121d961420176535071c3a98d39e1d4586acb734d00ad80ce2b291ce

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Febae4a05-492e-4ab9-a79b-7e3f27cfc01e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6904
x-amzn-requestid: 1c4e2685-d06f-45fc-ab93-8678905f3804
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YwcI5HuLoAMFoRA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6329a705-099ce127249e148456270c11;Sampled=0
x-amzn-remapped-date: Tue, 20 Sep 2022 11:41:57 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: sRlJblY5obOlucutG9WQ_WPl5QGdA-0XsxIkHGkShaHvezNeqwGrkw==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Sep 2022 21:41:43 GMT
age: 2676
etag: "443706b089783f7a16d4b001948a141a83ace053"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

server.datamanager.click/apiKey/negotiate?negotiateVersion=1

135.148.174.5

204 No Content

0 B

URL HTTP/1.1
server.datamanager.click/apiKey/negotiate?negotiateVersion=1
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /apiKey/negotiate?negotiateVersion=1 HTTP/1.1
Host: server.datamanager.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with,x-signalr-user-agent
Referer: http://facebookreport56.tk/
Origin: http://facebookreport56.tk
Connection: keep-alive
Cache-Control: max-age=0

HTTP/1.1 204 No Content
Server: Microsoft-IIS/10.0
Access-Control-Allow-Origin: http://facebookreport56.tk
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: x-requested-with,x-signalr-user-agent
Access-Control-Allow-Methods: POST
X-Powered-By: ASP.NET
Date: Tue, 20 Sep 2022 22:26:19 GMT

server.datamanager.click/apiKey/negotiate?negotiateVersion=1

135.148.174.5

200 OK

316 B

URL HTTP/1.1
server.datamanager.click/apiKey/negotiate?negotiateVersion=1
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type
JSON data\012- , ASCII text, with very long lines (316), with no line terminators
Size
316 B (316 bytes)
Hash
f8be7229014f7d1c7f508f818ba18e81
180ce42825a1b7de31d75017b7f91395418d0988
03848c4f9c9a8a3a0e7f20873c2a5bb26a6ebbe6470baa130f4859f24e1ad6bf

HTTP Headers

POST /apiKey/negotiate?negotiateVersion=1 HTTP/1.1
Host: server.datamanager.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://facebookreport56.tk/
Content-Type: text/plain;charset=UTF-8
X-Requested-With: XMLHttpRequest
X-SignalR-User-Agent: Microsoft SignalR/6.0 (6.0.8; Unknown OS; Browser; Unknown Runtime Version)
Origin: http://facebookreport56.tk
Content-Length: 0
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: application/json
Server: Microsoft-IIS/10.0
Access-Control-Allow-Origin: http://facebookreport56.tk
Access-Control-Allow-Credentials: true
X-Powered-By: ASP.NET
Date: Tue, 20 Sep 2022 22:26:19 GMT
Content-Length: 316

server.datamanager.click/apiKey?id=GXAcFnI-YvvhyUC6zoztQg

135.148.174.5

101 Switching Protocols

0 B

URL HTTP/1.1
server.datamanager.click/apiKey?id=GXAcFnI-YvvhyUC6zoztQg
IP
135.148.174.5:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apiKey?id=GXAcFnI-YvvhyUC6zoztQg HTTP/1.1
Host: server.datamanager.click
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Sec-WebSocket-Version: 13
Origin: http://facebookreport56.tk
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 3D4TiPmM2+iANPRb3HpEOQ==
Connection: keep-alive, Upgrade
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Upgrade: websocket
Server: Microsoft-IIS/10.0
Sec-WebSocket-Accept: F+9bUKgozsY7cLQkWek+TfyFpIo=
Access-Control-Allow-Origin: http://facebookreport56.tk
Access-Control-Allow-Credentials: true
Connection: Upgrade
X-Powered-By: ASP.NET
Date: Tue, 20 Sep 2022 22:26:20 GMT

db.onlinewebfonts.com/c/0c5e6f133b0b25edfed47aca4ab57676?family=Segoe+UI+Historic

185.126.226.146

200 OK

0 B

URL HTTP/2
db.onlinewebfonts.com/c/0c5e6f133b0b25edfed47aca4ab57676?family=Segoe+UI+Historic
IP
185.126.226.146:0
ASN
#9009 M247 Ltd

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /c/0c5e6f133b0b25edfed47aca4ab57676?family=Segoe+UI+Historic HTTP/1.1
Host: db.onlinewebfonts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebookreport56.tk/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Tue, 20 Sep 2022 22:25:23 GMT
content-type: text/css
vary: Accept-Encoding, Accept-Encoding
x-powered-by: PHP/5.4.45
cache-control: public,max-age=86400,must-revalidate
access-control-allow-origin: *
access-control-allow-headers: X-Requested-With
access-control-allow-methods: GET,POST,OPTIONS
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (30)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/2

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/2

IP

ASN

File type