firefox.settings.services.mozilla.com/v1/
143.204.55.36200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 22:35:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XDno8bPhVTDVr2Npr6Yc1fcl94hXecUhoCsC1i1VuNtK6uFhesA5ZA==
Age: 3285
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7230
Expires: Sat, 03 Sep 2022 01:31:05 GMT
Date: Fri, 02 Sep 2022 23:30:35 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x_PtRodDbZfYO0xfwuloBMv-duHiT9-rOufULj-eC-UeWzTzmL7c_A==
age: 80118
X-Firefox-Spdy: h2
facebook.usasoftware.xyz/
204.12.208.162200 OK 20 kB URL HTTP/1.1 facebook.usasoftware.xyz/
IP 204.12.208.162:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2728), with CRLF, LF line terminators
Hash 6627eb63c5a8420ba6e879f7b4413dcd
dbeaa14bab3a838643bad53a03718012bb7add7e
19ddfc0a1c3c6bdbe1c98f5ee2d8e983fe79247275b8431936e659a5ae283ce5
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET / HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:35 GMT
Server: Apache
X-FRAME-OPTIONS: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=3c9b11e046fccfa82c0e8ef7612b3c02; path=/; HttpOnly
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
_us=1662247835; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
_us=1662247835; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
mode=day; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000; path=/
access=1; expires=Sat, 03-Sep-2022 23:30:35 GMT; Max-Age=86400; path=/
src=1; expires=Sun, 03-Sep-2023 05:19:21 GMT; Max-Age=31556926; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 20479
Content-Type: text/html; charset=UTF-8
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 23:30:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/css/bootstrap-select.min.css?version=4.0.1
104.17.25.14200 OK 1.3 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/css/bootstrap-select.min.css?version=4.0.1
IP 104.17.25.14:0
File type ASCII text, with very long lines (6433), with CRLF line terminators
Hash 98f3f12cd23319c083e39ee892304d59
98449008bf9b865df4d620fe867d97b8f1d8ee3f
5643d4b9ada3acf7608d873c15d770e661b3bec28e129fab9e0cd5278fcd7049
GET /ajax/libs/bootstrap-select/1.12.4/css/bootstrap-select.min.css?version=4.0.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: text/css; charset=utf-8
content-length: 1315
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-19ff"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 11451639
expires: Wed, 23 Aug 2023 23:30:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvK1hgWJh2oWZ1dOmtWUSywVx9AAfRA90Od4Px0lXK4h49D70k9s%2BK6dCrJ0WGSapcr%2Br%2BIpcnFoS1gaqeiwzS5RDTXfXb00NnG8%2F2rPNDgqQXGre4MQY0bJVnkCE%2FjgMHBIZQak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744a08cf4f2db503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1
104.17.25.14200 OK 8.7 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1
IP 104.17.25.14:0
File type ASCII text, with very long lines (32004)
Hash 1b444a291b27ff5ef4a14f49505946cf
e606ad6b35dcd69aa7c137cba11afafeeaea3e8f
6c6137ed92e435221c3310950fa25ff94731c619ce0b090163296bcdc77d2e01
GET /ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 8703
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-8263"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 7605062
expires: Wed, 23 Aug 2023 23:30:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7%2BbNi8JzdUdhRPigzbUDKXr%2FObaFVLW0zBFwcjJ21Sagz4JngoHJVdb6GLkUTgEWzHchfxh%2Ft9wEUOpbxMVdWosGDVB8cIehfqx5VUCwW98cgs82v7PK2DCam78o%2FgMyF2zOlPe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744a08cf5f31b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js
104.17.25.14200 OK 142 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js
IP 104.17.25.14:0
File type Unicode text, UTF-8 text, with very long lines (38674)
Size 142 kB (142499 bytes)
Hash 62118fbf2b04b08e63295992487a98e5
50997016896beea40d7188ef156f09755a9df6e2
efb679baf540dc3434ca9644ab8f64e5596f5e630781251492e5853f7599cb7e
GET /ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 142499
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9d-a9610"
last-modified: Mon, 04 May 2020 16:11:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5204170
expires: Wed, 23 Aug 2023 23:30:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3L%2FG3z8rq%2FDkf5Vjba8uSrXyd0lHxAUIATATzaf9naDzUYL6mEmhAN1oy4tSFgNTCmnqFTQirTsDM2v772QhaXjMBEu6dV6lhRLHFmA0okuNldrQ1gpW1gQzUSsQNyL3qJEzp%2BG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744a08cf5f38b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.jsdelivr.net/npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1
151.101.85.229200 OK 597 B URL HTTP/2 cdn.jsdelivr.net/npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1
IP 151.101.85.229:0
File type Unicode text, UTF-8 text, with very long lines (1090)
Hash d092834263c7b00d7de63acd3faf80e3
5f7b89769c97ad01fc128176e2f37520e787f718
1894fcaba76bd3052337c4c30dd4211cffdd4e6c2f1fe0d1da7da98b4573d206
GET /npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.2.3
x-jsd-version-type: version
etag: W/"50b-wcNuaSdDYjHrIEdDVrKWZ8TGSKo"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Sep 2022 23:30:36 GMT
age: 1299103
x-served-by: cache-fra19139-FRA, cache-bma1620-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 597
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 9fb9b899692083ee410c29dcc9b5b3a0
ea62247c662baecc18b1902568c7617cc5ef6cd1
56905e083e78b3a365aa552259fbab7378b5997787267f5b9110b5c3c2897461
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "3AFBBFC57E7789C922AF40DFBAA8FBEF8FA5C603"
Expires: Sat, 03 Sep 2022 10:00:00 GMT
Last-Modified: Fri, 02 Sep 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3006
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744a08cfefb7b51b-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Last-Modified: Fri, 02 Sep 2022 22:22:28 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 9ae999838dc7d514b498b11b242177ec
604396a04219b7ce9cdb8023493ca0af037c1449
6760c4003764bb0e73f2c243c6c4baa22252447304a26970536a0ff0b9b5df42
GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 342365a8f35f1e707fa5b886c5a72599
etag: "652d45a0c5626404f98afccb91ac22ef"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 02 Sep 2022 23:36:30 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: mumZg43H1RS0mLEbJCF37A==
x-fb-debug: y68nlCGOY4S/DuEsbg6G2YeNvtOredWv85HfCE83gJoGPMIym8/QvZDTG0HtnpOMTmOKmtUCyXpkoZwVaXXDIA==
content-length: 1686
x-fb-trip-id: 1904183273
date: Fri, 02 Sep 2022 23:30:36 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
facebook.usasoftware.xyz/themes/wowonder/stylesheet/welcome.css?version=4.0.1
204.12.208.162200 OK 5.2 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/stylesheet/welcome.css?version=4.0.1
IP 204.12.208.162:0
File type assembler source, ASCII text, with very long lines (3643), with CRLF line terminators
Hash ad424fc65c4755aa55f9b47652d33b64
96712af1fa3f758253cd432a8266721bf50116b1
2bd3c58c03453e984ac85866806a8e31bf2df5ba89d42dd779a24728f7dc444c
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/stylesheet/welcome.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 15 Feb 2022 18:58:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 5194
Content-Type: text/css
facebook.usasoftware.xyz/themes/wowonder/stylesheet/font-awesome-4.7.0/css/font-awesome.min.css?version=4.0.1
204.12.208.162200 OK 6.7 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/stylesheet/font-awesome-4.7.0/css/font-awesome.min.css?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (30837)
Hash 7be64e8875f7d7173a1d66c15ff240c6
6ad6ecada99ad7fdc26f2695866735ffd515a9f1
8f2ea84e3d61c7c69f9fc974d11dd72a15dbcde069eb780cbf50f5dc434980d9
GET /themes/wowonder/stylesheet/font-awesome-4.7.0/css/font-awesome.min.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 23 Aug 2017 00:18:26 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 6662
Content-Type: text/css
facebook.usasoftware.xyz/themes/wowonder/stylesheet/leaflet.css?version=4.0.1
204.12.208.162200 OK 3.0 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/stylesheet/leaflet.css?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with CRLF line terminators
Hash 84ff3953721a125afa6ac67e5d6d816c
b5b5368e74de5570696f2416ae8faee610b2dcac
f4067f2a23a620eb914c639d1c56c55203baeced487cccce4dcca3f752fbf36a
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/stylesheet/leaflet.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 28 Nov 2018 20:33:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 3019
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Last-Modified: Fri, 02 Sep 2022 22:22:28 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.36200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.36:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 02 Sep 2022 22:38:16 GMT
Expires: Fri, 02 Sep 2022 23:31:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IWrzTi0k1pDmm43QPqzTMslEE4Bja6PM3CgJo5EgZm9iqPXyMMAU4A==
Age: 3140
facebook.usasoftware.xyz/themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1
204.12.208.162200 OK 2.6 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (332)
Hash b6d83949da3b415379df15c43d8de883
fdb16481c695239bc92f7e44a0ed539fe58eb3d2
e5dc2857d50155c4daff1f33bd828e87cb1f6b294050b0ca8605892a938a51f1
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2022 18:40:58 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 2604
Content-Type: text/css
facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.css?version=4.0.1
204.12.208.162200 OK 3.7 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.css?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (27142), with CRLF line terminators
Hash d01534bc3c0b84d3cb9b03be0166886c
37d7cd51a0f667a004853d04d30c1151c9e3fd9a
981fa4600d74111cfc7dbd6f22e3a58931ba47346ada98cd0235d81ecdd538ab
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/player/fluidplayer.min.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 10 Jul 2019 19:16:34 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 3718
Content-Type: text/css
facebook.usasoftware.xyz/themes/wowonder/javascript/leaflet.js?version=4.0.1
204.12.208.162200 OK 39 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/leaflet.js?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (65380), with CRLF line terminators
Hash 24f5acd40c364c45ca02e92e4a5c59aa
54d763549666a2bf3a9924a7507a422c8e6afa7a
884036f937473904429461b7db164e1f0425349d73c2ba69d2c1a008b0bba9a7
GET /themes/wowonder/javascript/leaflet.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 28 Nov 2018 20:33:04 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 39006
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/stylesheet/general-style-plugins.css?version=4.0.1
204.12.208.162200 OK 47 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/stylesheet/general-style-plugins.css?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fffaf8caa6f8d78b7431c9c2dea68f5f
abc2ac8e5b5d799d98304ad4866434a02e09277a
eb83cbc8808d30ec21e070914519fe545913a4fff900542a013e8b5e97f720e3
GET /themes/wowonder/stylesheet/general-style-plugins.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sun, 06 Feb 2022 19:03:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 47362
Content-Type: text/css
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 938 B IP 142.250.74.3:0
File type gzip compressed data, max compression\012- data
Hash 935378acecff43f26d50e54bb2f76982
74e2db898043011caf2b36085922fc9d3483d763
12dcf35ed9fb4f412f851191f2977671452dfe7cf7b0fce621dd84dcc8556e1b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1
204.12.208.162200 OK 19 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 128bffaa1c11f589377bff6042b80531
efff8add6b6339d60fbf27bfef631929985af0f8
884808d45f26045190657df4c88f3b03e5a337043bf7a952aeb235c4fcfb7f2d
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/player/fluidplayer.min.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 10 Jul 2019 19:16:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 19315
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js
204.12.208.162200 OK 9.4 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js
IP 204.12.208.162:0
File type HTML document, Unicode text, UTF-8 text, with very long lines (3129), with CRLF line terminators
Hash 8b6eb6286586848c42ef8a4e80625902
8650a00151ea2541791b890a5cdf9efe0ae46cb7
620db4952cf121fef683c9f2638512539a24d5c270ccdf209c6d896652b65ccf
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/javascript/qrcode.js HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 12 Oct 2021 22:52:28 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 9437
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js
204.12.208.162200 OK 19 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js
IP 204.12.208.162:0
File type ASCII text, with very long lines (32094)
Hash 61d52c24abd8c15ee8351fa61a4e989a
1525ef4bd09f1926f8d44e353c22be42b818b3fb
69964b3b6f3a0be025265b48d7a6f5d342cf440f2b18c397258259e9b5e9230a
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/javascript/socket.io.js HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sat, 17 Oct 2020 03:21:18 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 19296
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js
204.12.208.162200 OK 5.3 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js
IP 204.12.208.162:0
Hash 97a3ffd22f4a455a45b921f706f680d7
157fd88a3fcfea89cef0bde8640d1ab526be9d15
d7674e8a54c5ca967191e068b9fc293273a823848b0549998c3a0dabe0a2b392
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2015 02:26:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 5267
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1
204.12.208.162200 OK 1.1 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1
IP 204.12.208.162:0
Hash a028ad951e55be0c3faa87a98ad4ab83
232b8b4663ecfae3f6d7cc731d5495c99e7acbde
8d83d54e6c9e1a4e3f221fa6246516effbc1402d690bc9744be0172ec0e662fa
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Fri, 11 Feb 2022 16:12:46 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 1118
Content-Type: text/css
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5635
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Last-Modified: Fri, 02 Sep 2022 21:56:41 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1
204.12.208.162200 OK 6.1 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (3564)
Hash a7b0218825ae5c0af53e5ac261202b23
0570cecd2fd844e7dd6ec17a4544b09dc1f8b702
fca6a798560938905025ad159135ed93b85645703d140f34e3d10937ffd41bbb
GET /themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 25 Mar 2020 03:59:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 6106
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1
204.12.208.162200 OK 107 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (32030)
Size 107 kB (106929 bytes)
Hash acac61ce1f307acd3dc4aa15b2cb83bd
42b541d97ae1402f64363d17cbd031e1c3c7d601
e1d72975830ce91835adcfa302620949f725aa630b5055b6da5db4fe27d7d838
GET /themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Thu, 04 Oct 2018 17:30:56 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 106929
Content-Type: application/javascript
facebook.usasoftware.xyz/themes/wowonder/javascript/welcome.js?version=4.0.1
204.12.208.162200 OK 440 B URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/welcome.js?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (1088), with no line terminators
Hash 5499fe0141866e24a6745eb3d0f5e94c
f4faf60142a4f61f9b9b80271edbf1720dbb113d
1a736a1da65246b4ec838d858b8f39cb67ba60aae81d7ceb817577320006cac4
GET /themes/wowonder/javascript/welcome.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 03 Oct 2018 22:37:28 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 440
Content-Type: application/javascript
facebook.usasoftware.xyz/upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0
204.12.208.162200 OK 4.1 kB URL HTTP/1.1 facebook.usasoftware.xyz/upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0
IP 204.12.208.162:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 150x150, components 3\012- data
Hash ab7b6b4cf48a1f0a63bace3c7305b8c5
c6eba4518e46d8abe7ea4abc3330846e5d3b2d2c
36023c4fd0fba9d658ea80fb5d349c7885c132411fc0b22483e15e7d54c11f80
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sat, 07 May 2022 13:03:58 GMT
Accept-Ranges: bytes
Content-Length: 4082
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:36 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Access-Control-Allow-Origin: *
Content-Type: image/jpeg
facebook.usasoftware.xyz/themes/wowonder/img/logo.png
204.12.208.162200 OK 826 B URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/img/logo.png
IP 204.12.208.162:0
File type PNG image data, 190 x 21, 8-bit/color RGBA, non-interlaced\012- data
Hash 524245ef073b1b0d83e9511904ec4854
a3e9849829f8a4b9fab8971c9db3d9e6b5724b2f
e28278f0c9cdb938a910ff07e1a64fa61eaa3e9836622193111427a70b89d02b
Analyzer Verdict Alert openphish Facebook, Inc.
GET /themes/wowonder/img/logo.png HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sat, 07 May 2022 12:50:42 GMT
Accept-Ranges: bytes
Content-Length: 826
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:36 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/png
facebook.usasoftware.xyz/themes/wowonder/javascript/script.js?version=4.0.1
204.12.208.162200 OK 81 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/javascript/script.js?version=4.0.1
IP 204.12.208.162:0
File type ASCII text, with very long lines (727), with CRLF line terminators
Hash d4e3c13efb6740b0c30da06a13291c4c
d3299e0624b0385e84e0d9f5ed600bc96f61a7a8
2383528eeba0ad36b901f47ed807a8fdbab2c6367ba1e83c33731b4db5feedf0
Analyzer Verdict Alert openphish Facebook, Inc.
fortinet Phishing
GET /themes/wowonder/javascript/script.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 09 Feb 2022 21:10:22 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 80597
Content-Type: application/javascript
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.89.136.7101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.136.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8nkmDRQ3ps5Wm4IvZ76ZFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Dk1Z9chFlW+wfGdPCy0PmuF27sY=
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
142.250.74.163200 OK 8.0 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Hash 72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149
GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 187178
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
142.250.74.163200 OK 7.7 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Hash a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 187178
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
142.250.74.163200 OK 7.9 kB URL HTTP/2 fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Hash 9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:32:09 GMT
expires: Thu, 31 Aug 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 187108
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
facebook.usasoftware.xyz/themes/wowonder/img/backgrounds/welcome.jpg
204.12.208.162200 OK 266 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/img/backgrounds/welcome.jpg
IP 204.12.208.162:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x853, components 3\012- data
Size 266 kB (266340 bytes)
Hash 0c1aebe521eab54f67a8b1cee0ae8f1c
fb4ca408d76a5835eebebfc6039a4bba70c3c9ac
eb9ce0e3a51d6a5259bca95c7f7b61ccf507b376d57be8b2372f601934f49250
Analyzer Verdict Alert openphish Facebook, Inc.
GET /themes/wowonder/img/backgrounds/welcome.jpg HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Thu, 27 Jan 2022 15:37:54 GMT
Accept-Ranges: bytes
Content-Length: 266340
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:36 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Type: image/jpeg
connect.facebook.net/en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753
31.13.72.12200 OK 87 kB URL HTTP/2 connect.facebook.net/en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753
IP 31.13.72.12:0
File type ASCII text, with very long lines (13175)
Hash d2583bd61b29da2a0879901ee9b90a37
2518e6c6e3f3fc3393353ff8986924aaa4659a34
9708a08f5bd158bdd844f074b6689a8abddfa8ec425f3ad8e6ab76a8c7248606
GET /en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 2d8a2b6622e630007bea56ca9a6f60fa
etag: "97aa9f57ae203f4063e6abc9bdf1dd59"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 02 Sep 2023 22:15:07 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 0lg71hsp2ioIeZAe6bkKNw==
x-fb-debug: 0y/dG3Ty1HC7YiGjvjp1OPs4fHBEiabnTuO9vHPAt7G7uR+WF73aKa7GBqspLOME79D85+wnXn4JOORspEWEbw==
content-length: 86687
x-fb-trip-id: 1904183273
date: Fri, 02 Sep 2022 23:30:37 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
facebook.usasoftware.xyz/themes/wowonder/img/icon.png
204.12.208.162200 OK 5.9 kB URL HTTP/1.1 facebook.usasoftware.xyz/themes/wowonder/img/icon.png
IP 204.12.208.162:0
File type PNG image data, 104 x 100, 8-bit/color RGBA, non-interlaced\012- data
Hash 54da82a8ca5594e2f7a17e0e4f383611
c6ec8d1c4ba1f4394eee1edbe8a08214afa8fc9f
3c19892d63f11747cd92996a88a8ed73b1cc779651ff4189b8485dfb77975135
Analyzer Verdict Alert openphish Facebook, Inc.
GET /themes/wowonder/img/icon.png HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:37 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2016 20:28:48 GMT
Accept-Ranges: bytes
Content-Length: 5945
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:37 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Type: image/png
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e7beff9-947d-413f-a36c-3dc74d9e7e15.jpeg
34.120.237.76200 OK 5.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e7beff9-947d-413f-a36c-3dc74d9e7e15.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0de9027ed264cacf67433af503eb3d24
7a63830b43a8bc9d0ca570b7ef7886e0b1e32a97
cd8af5bd5ac0371755bb944e0b6eb8f7265079aa8bebd39a030b6633c91abf27
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e7beff9-947d-413f-a36c-3dc74d9e7e15.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5457
x-amzn-requestid: 5c03bf43-e084-4669-b092-2d167a74306c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XtgFEFdZIAMF-VQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ee086-084a524b4fbc9029198ddea5;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 04:16:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8xPKgVUoLMZwMdmXaierFYFKOlq8lbUwfkAHHqK3jg25XndJRNFHw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:43:34 GMT
age: 71224
etag: "7a63830b43a8bc9d0ca570b7ef7886e0b1e32a97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91a99bc-e0f0-4e9a-a1bf-8fdb59ff4c05.jpeg
34.120.237.76200 OK 3.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91a99bc-e0f0-4e9a-a1bf-8fdb59ff4c05.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7224ed75214e01c7c1538ab32a3068a
e9065d619bfc3b8010221b91c4efdf012cc6760a
380b97a517a4d3aba9992d98402622696631407d1224eee7aefd990a6d65fe93
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91a99bc-e0f0-4e9a-a1bf-8fdb59ff4c05.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3484
x-amzn-requestid: ba336a54-fb73-4d34-b5a9-75b202fa7d8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XcSVCEv3oAMFkhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6307fdb9-7730a0c8032e78cf125359b8;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 22:54:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ylZpeN_x2J8QX0tWRaRYBvcEpMNoovC29oi6_64E_enBppHFbxRvqQ==
via: 1.1 ffe7114eb67ff864ff5a46aa2b63ce6e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:08:58 GMT
age: 4900
etag: "e9065d619bfc3b8010221b91c4efdf012cc6760a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F089ff420-2c17-4cce-ad25-52e8fc69f2a9.jpeg
34.120.237.76200 OK 4.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F089ff420-2c17-4cce-ad25-52e8fc69f2a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 660183cada6c24962d977deeaf36bb9b
1128b6b873eee3bf510c2a30898b18649da28b91
bb9a4142b5b033d3852e3068f906ca968b040444855dd5ecf58997d555d37a3b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F089ff420-2c17-4cce-ad25-52e8fc69f2a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4610
x-amzn-requestid: 98e2dc42-99bd-44c4-a6fe-ac5051bdf89b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XTiVCGAjoAMFk4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63047db9-17d982296b87329d21506071;Sampled=0
x-amzn-remapped-date: Tue, 23 Aug 2022 07:11:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wKtM5ooiu4W4w0DHDlqlVxBXkh8K1CbSkNx4hNta_mUSK-r-mLAGxw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:43:30 GMT
age: 71228
etag: "1128b6b873eee3bf510c2a30898b18649da28b91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad663de8-dd74-4ef6-b834-52448e7d423f.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad663de8-dd74-4ef6-b834-52448e7d423f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash baa99ebdef2eb1b3b0d0f89c8efe9e82
7ac3fd98ce0fbae3292a6dd621faf1716c97cd90
e968972fad46460d01dfe41876f5f79d13421e1bdcbea4cb4c090925550b482d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad663de8-dd74-4ef6-b834-52448e7d423f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8062
x-amzn-requestid: 95048506-bd41-41c3-9c61-8c1fa4d76222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwqDQFbwoAMFc8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631023ae-45421a57181cb85a56f85f39;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:14:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6V5eqFCVOuGaq3DfNB4hanZly4dfynnBCHDWmkPAyOXHxxyhpE-Gwg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:41:59 GMT
age: 71319
etag: "7ac3fd98ce0fbae3292a6dd621faf1716c97cd90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:02:34 GMT
age: 5284
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
34.120.237.76200 OK 5.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1yjBt3dqEztIRHo4yR3ZzI67J4lWUMS8R44-PpkeDJ4KNdCTPkmh-w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 04:45:35 GMT
age: 67503
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
facebook.usasoftware.xyz/requests.php?hash=009ddf882e325322b301&f=update_data&user_id=0&before_post_id=0&check_posts=false&hash_posts=false&_=1662161435129
204.12.208.162200 OK 19 B URL HTTP/1.1 facebook.usasoftware.xyz/requests.php?hash=009ddf882e325322b301&f=update_data&user_id=0&before_post_id=0&check_posts=false&hash_posts=false&_=1662161435129
IP 204.12.208.162:0
File type ASCII text, with no line terminators
Hash dc574bed4351e5af700cb42901f5f5b8
e2392bdaab4ba2aab026db185f496b126e48ea03
2334125a96d25750ca3eb6be8f417c4dcfa39a1b3bc3f94596f7931bef550c79
Analyzer Verdict Alert openphish Facebook, Inc.
GET /requests.php?hash=009ddf882e325322b301&f=update_data&user_id=0&before_post_id=0&check_posts=false&hash_posts=false&_=1662161435129 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:43 GMT
Server: Apache
X-FRAME-OPTIONS: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=1d6cebbaec3aeba7b1cda9f4ad28a371; path=/; HttpOnly
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
_us=1662247843; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
_us=1662247843; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
mode=day; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000; path=/
access=1; expires=Sat, 03-Sep-2022 23:30:43 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 19
Content-Type: text/html; charset=UTF-8
unpkg.com/flickity@2/dist/flickity.pkgd.min.js
104.16.123.175302 Found 0 B URL HTTP/2 unpkg.com/flickity@2/dist/flickity.pkgd.min.js
IP 104.16.123.175:0
GET /flickity@2/dist/flickity.pkgd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /flickity@2.3.0/dist/flickity.pkgd.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GC08K1RV5AJTS0EZMKYQTM31-ams
cf-cache-status: HIT
age: 80
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 744a08cf7f22b518-OSL
X-Firefox-Spdy: h2
unpkg.com/flickity@2.3.0/dist/flickity.pkgd.min.js
104.16.123.175200 OK 0 B URL HTTP/2 unpkg.com/flickity@2.3.0/dist/flickity.pkgd.min.js
IP 104.16.123.175:0
GET /flickity@2.3.0/dist/flickity.pkgd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://facebook.usasoftware.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"e136-ppFLVfsImDkhRKQGmGrAD36fhGA"
via: 1.1 fly.io
fly-request-id: 01FQ9VZY0MM9D6E2TFNQ5YF17K
cf-cache-status: HIT
age: 22226323
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 744a08cfcf99b518-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext
216.58.211.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext
IP 216.58.211.10:0
GET /css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Sep 2022 23:30:36 GMT
date: Fri, 02 Sep 2022 23:30:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2