Report - facebook.usasoftware.xyz/

Report Overview

Submitted URL
facebook.usasoftware.xyz/
IP
204.12.208.162
ASN
#32097 WII
Submitted
2022-09-02 23:30:46
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
56

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.89.136.7
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	746 B	216.58.211.10
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.35
facebook.usasoftware.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	9.3 kB	663 kB	204.12.208.162
ocsp.globalsign.com	2075	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	356 B	1.9 kB	104.18.20.226
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	40 kB	34.120.237.76
unpkg.com	11693	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	772 B	1.1 kB	104.16.123.175
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
connect.facebook.net	139	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	856 B	90 kB	31.13.72.12
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.7 kB	142.250.74.3
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.36
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	156 kB	104.17.25.14
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	987 B	2.2 kB	93.184.220.29
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	5.3 kB	23.36.76.226
cdn.jsdelivr.net	439	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	422 B	1.4 kB	151.101.85.229
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	26 kB	142.250.74.163

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

Scan Date	Severity	Indicator	Alert
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.
2022-09-02	medium	facebook.usasoftware.xyz/	Facebook, Inc.

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-09-02	medium	facebook.usasoftware.xyz/	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/stylesheet/welcome.css?version=4.0.1	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/stylesheet/leaflet.css?version=4.0.1	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.css?version=4.0.1	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0	Phishing
2022-09-02	medium	facebook.usasoftware.xyz/themes/wowonder/javascript/script.js?version=4.0.1	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

Files detected

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.3
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
938 B (938 bytes)
Hash
935378acecff43f26d50e54bb2f76982
74e2db898043011caf2b36085922fc9d3483d763
12dcf35ed9fb4f412f851191f2977671452dfe7cf7b0fce621dd84dcc8556e1b

Detections

Analyzer	Verdict	Alert
VirusTotal	0/0

JavaScript (22)

	URL	Size	First Seen	Last Seen
	facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js	34 kB	2023-03-07	2024-04-23
Pretty URL facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2024-04-23 09:56:46 Times Seen46 Hash 66496508982b09545c4707eab62a7659 962ad9cb87afa140a644178e5f3c53e2514ea1e5 c3180e12eb685444ab411102850ff11a8dbf30e573348e0ad8a82cefb49132f1 Loading...

	facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js	21 kB	2023-03-07	2024-04-20
Pretty URL facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:27:47 Last Seen2024-04-20 07:30:29 Times Seen119 Hash 762e212e474887426c95f101d575024d 494300a29c210c28eafa9be961d019f349395cb7 6838daba9201ad885ef13c42f4570ff1caea4d4fd602f491493cbbcd038aea7b Loading...

	cdn.jsdelivr.net/npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1	1.3 kB	2023-03-07	2024-04-24
Pretty URL cdn.jsdelivr.net/npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1 IP 151.101.85.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:13 Last Seen2024-04-24 11:56:10 Times Seen3432 Hash 700b877cd3ade98ce6cd4be349d81a5c c1c36e6927436231eb20474356b29667c4c648aa 000854d782781aff1b16ea5451c1da3d07efadd35ab911ccb7e4b851571a25bd Loading...

	facebook.usasoftware.xyz/	1.1 kB	2023-03-07	2023-03-07
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-03-07 12:12:41 Times Seen1 Hash f547d94105762ed041c9b9c8f10a024e 8c66f94df4d7841ff700266530ca32d68a0d7aa6 552a824c7fe11a95f50aca66dbece56573c67538adec982b18fe5786b3cdcac4 Loading...

	connect.facebook.net/en_US/sdk.js	3.1 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/en_US/sdk.js IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-03-07 12:12:41 Times Seen1 Hash 342365a8f35f1e707fa5b886c5a72599 daa8c1f3d8b2500febcf4a8c1d60efff265bb9a0 20564ea00a733f548085ccd4840ff2f5b2ca3a2894fd811f2b098e4af2803cd7 Loading...

	cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1	33 kB	2023-03-07	2024-04-05
Pretty URL cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1 IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:16 Last Seen2024-04-05 22:47:03 Times Seen845 Hash 08c22600590b700e7d2a6b417c958c19 2bcecfc314286c88c409447c4f12073ca82a0390 d7d277ad3ded41d89d82daaa750df136efbe19dec4a0ffda83fd31d651e2d316 Loading...

	unknown	0 B	2023-03-07	2024-04-24
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 13:14:13 Times Seen37038997 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1	90 kB	2023-03-07	2023-12-21
Pretty URL facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1 IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:16 Last Seen2023-12-21 19:02:57 Times Seen97 Hash 18430a0bec28a812ddb4f5afab34b7ae 12c5a61ca35b5e199a8757e9b1ce67a998a60238 8c1483688e63edac18ed51483e3a65b50cef380e68d1c31905b851275098d367 Loading...

	facebook.usasoftware.xyz/	127 B	2023-03-07	2023-12-15
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-12-15 00:47:18 Times Seen29 Hash eac13c22886fe21c588a1bc8bfef6b06 d021ee5d98c62636163821fd76667c3ccdc43bf3 9f5fd8fc893d8f1839929a9a3610607e77c413ecd4e892e93ec25c7c9839aab4 Loading...

	connect.facebook.net/en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753	306 kB	2023-03-07	2023-03-07
Pretty URL connect.facebook.net/en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753 IP 31.13.72.12 ASN #32934 FACEBOOK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-03-07 12:12:41 Times Seen1 Hash 2d8a2b6622e630007bea56ca9a6f60fa 3a4ad12f2d3846884ccb5e883054de50da2cc6a9 87675a987dffcb8a4fde0bdaf301ed370399cbf23778dfcf422a74e92ba1789b Loading...

	facebook.usasoftware.xyz/themes/wowonder/javascript/welcome.js?version=4.0.1	1.1 kB	2023-03-07	2023-12-21
Pretty URL facebook.usasoftware.xyz/themes/wowonder/javascript/welcome.js?version=4.0.1 IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:34 Last Seen2023-12-21 19:02:58 Times Seen93 Hash b93da2d8d3fb655b1c49796c0b7650f9 91585f2c38f65bcd2395b8d7104483bc0b659df6 3584f378d55f7382ed2894c0072c2edd1817f8f0c299d0b24c1f569aa89d5abb Loading...

	facebook.usasoftware.xyz/	50 B	2023-03-07	2023-12-15
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-12-15 00:47:18 Times Seen31 Hash 9c1e0488aede2d05e4a7ead8ce92b3ab 6ad0be48057c560b447ca957aed89679e6b68b70 f4386d106169f1115bde0b89542ddd8378b0fbac2ae1d9de3a8d577dbf7f3b7f Loading...

	facebook.usasoftware.xyz/	14 kB	2023-03-07	2023-05-01
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-05-01 19:09:09 Times Seen3 Hash 2cc796de2826126f204b380fed32e3bf da6cac5ed3a7b578539ca47c0aecb3a6fbe4819f a7ea383aea465341f5ea7f5817971d1fcb3c14280a4c5dddad2e248cca470b1f Loading...

	facebook.usasoftware.xyz/	7.5 kB	2023-03-07	2023-08-06
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-08-06 19:25:12 Times Seen20 Hash 9557d688dc90e9214cec348ea996552e 2d2c510463b247daada09a902f485047702e9fc7 2bf5ad1c5aabcb3a444dc97b0e77e06a8618fb0c3621f8822819d855a4790202 Loading...

	facebook.usasoftware.xyz/	6.7 kB	2023-03-07	2023-03-07
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-03-07 12:12:41 Times Seen1 Hash 8c018c59f58649755772fe308cbe94a9 9db043097c8e3adb1765bb6c10d28117cbed6d37 12cc6bf5d5eed217cda3556fbb2acbfd4ec3841307884fbcb0a0ab32bedd2701 Loading...

	cdnjs.cloudflare.com/ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js	694 kB	2023-03-07	2023-09-30
Pretty URL cdnjs.cloudflare.com/ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js IP 104.17.25.14 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-09-30 01:30:54 Times Seen6 Hash 5197e91a5561aa601f6553f85aa83129 b88636b413e93a709426e20304ed338aff7c714f 2f952b0cbf39a677377554aea51121596bab1de9fff0aadd137b20fbe42bfc54 Loading...

	unpkg.com/flickity@2/dist/flickity.pkgd.min.js	58 kB	2023-03-07	2024-04-24
Pretty URL unpkg.com/flickity@2/dist/flickity.pkgd.min.js IP 104.16.123.175 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:10:32 Last Seen2024-04-24 11:14:43 Times Seen1207 Hash f008f38402e0f28ae683ab8ef252a231 a6914b55fb0898392144a406986ac00f7e9f8460 3aa6d58d974d052d6bad494e15bff103c518e148e59054c006564610b41103d2 Loading...

	facebook.usasoftware.xyz/	938 B	2023-03-07	2023-03-07
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-03-07 12:12:41 Times Seen1 Hash 72a23608b5ab95548c5b7a2f04f605c9 14cb90d64c29950260b4157d490b46964f8663ea e9ad98127c0c03d0e09e784dbe45b3356a2f0a4cc712747815a2d12c79504079 Loading...

	facebook.usasoftware.xyz/	647 B	2023-03-07	2023-03-07
Pretty URL facebook.usasoftware.xyz/ IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2023-03-07 12:12:41 Times Seen1 Hash c8705aab18f6f40ad2cf2891a86bc8ab 9fec457cf8a2ffd083911faecdfcda9fe7519a4b 881b604f8e9f2176c2a06187733b1546ca96472eb59a5a0d715dab1841f5475d Loading...

	facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js	69 kB	2023-03-07	2024-04-21
Pretty URL facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2024-04-21 08:27:45 Times Seen415 Hash 2316d5f067a1f861d2565a592376fea3 a6560c8aed6fc7350e2ca96fcd98211bc18fc235 6d09ab65ee323e742b2d363ed6063295f34c06e19f9d3fc72ac0865fef57baaa Loading...

	facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1	27 kB	2023-03-07	2024-02-12
Pretty URL facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1 IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:12:41 Last Seen2024-02-12 06:26:53 Times Seen40 Hash f6ea6d0fb3d717cc7952c8ce57323225 2c486907e53160aa2bfa8c172fa0351ce40658e7 a8809d962a56732e4db4cdea94557fc29c8179b7bed5d5ad70e90bfde650115e Loading...

	facebook.usasoftware.xyz/themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1	394 kB	2023-03-07	2024-01-02
Pretty URL facebook.usasoftware.xyz/themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1 IP 204.12.208.162 ASN #32097 WII Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:29:13 Last Seen2024-01-02 19:42:13 Times Seen201 Hash 9992ac8fe6b57f68ea55fab6a0910da8 12d63772e5a33af9a8ecc72878795e4a9297f639 50f5ba9edad362ce455cfd1482803e1dbaa117a523e5b63baf7708f22b7070b9 Loading...

HTTP Transactions (61)

URL IP Response Size

firefox.settings.services.mozilla.com/v1/

143.204.55.36

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 02 Sep 2022 22:35:50 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: XDno8bPhVTDVr2Npr6Yc1fcl94hXecUhoCsC1i1VuNtK6uFhesA5ZA==
Age: 3285

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
bcdebf7a2bad5db595e8a0c1abb2ddcb
249dda2fa5e37b8a8f3a8c797193bf0874b6eedc
9b43ec48b16f96449208a0094c4d660806a2a2d344b5862dbff4c393bf3f9f9f

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9B43EC48B16F96449208A0094C4D660806A2A2D344B5862DBFF4C393BF3F9F9F"
Last-Modified: Thu, 01 Sep 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7230
Expires: Sat, 03 Sep 2022 01:31:05 GMT
Date: Fri, 02 Sep 2022 23:30:35 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.35

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Sep 2022 01:15:17 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: x_PtRodDbZfYO0xfwuloBMv-duHiT9-rOufULj-eC-UeWzTzmL7c_A==
age: 80118
X-Firefox-Spdy: h2

facebook.usasoftware.xyz/

204.12.208.162

200 OK

20 kB

URL HTTP/1.1
facebook.usasoftware.xyz/
IP
204.12.208.162:0
ASN
#32097 WII

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2728), with CRLF, LF line terminators
Size
20 kB (20479 bytes)
Hash
6627eb63c5a8420ba6e879f7b4413dcd
dbeaa14bab3a838643bad53a03718012bb7add7e
19ddfc0a1c3c6bdbe1c98f5ee2d8e983fe79247275b8431936e659a5ae283ce5

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET / HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:35 GMT
Server: Apache
X-FRAME-OPTIONS: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=3c9b11e046fccfa82c0e8ef7612b3c02; path=/; HttpOnly
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
_us=1662247835; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
_us=1662247835; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000
mode=day; expires=Mon, 30-Aug-2032 23:30:35 GMT; Max-Age=315360000; path=/
access=1; expires=Sat, 03-Sep-2022 23:30:35 GMT; Max-Age=86400; path=/
src=1; expires=Sun, 03-Sep-2023 05:19:21 GMT; Max-Age=31556926; path=/
Vary: Accept-Encoding
Content-Encoding: gzip
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 20479
Content-Type: text/html; charset=UTF-8

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Sep 2022 23:30:35 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/css/bootstrap-select.min.css?version=4.0.1

104.17.25.14

200 OK

1.3 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/css/bootstrap-select.min.css?version=4.0.1
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (6433), with CRLF line terminators
Size
1.3 kB (1315 bytes)
Hash
98f3f12cd23319c083e39ee892304d59
98449008bf9b865df4d620fe867d97b8f1d8ee3f
5643d4b9ada3acf7608d873c15d770e661b3bec28e129fab9e0cd5278fcd7049

HTTP Headers

GET /ajax/libs/bootstrap-select/1.12.4/css/bootstrap-select.min.css?version=4.0.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: text/css; charset=utf-8
content-length: 1315
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-19ff"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 11451639
expires: Wed, 23 Aug 2023 23:30:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xvK1hgWJh2oWZ1dOmtWUSywVx9AAfRA90Od4Px0lXK4h49D70k9s%2BK6dCrJ0WGSapcr%2Br%2BIpcnFoS1gaqeiwzS5RDTXfXb00NnG8%2F2rPNDgqQXGre4MQY0bJVnkCE%2FjgMHBIZQak"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744a08cf4f2db503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1

104.17.25.14

200 OK

8.7 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32004)
Size
8.7 kB (8703 bytes)
Hash
1b444a291b27ff5ef4a14f49505946cf
e606ad6b35dcd69aa7c137cba11afafeeaea3e8f
6c6137ed92e435221c3310950fa25ff94731c619ce0b090163296bcdc77d2e01

HTTP Headers

GET /ajax/libs/bootstrap-select/1.12.4/js/bootstrap-select.min.js?version=4.0.1 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 8703
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03d8e-8263"
last-modified: Mon, 04 May 2020 16:06:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 7605062
expires: Wed, 23 Aug 2023 23:30:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F7%2BbNi8JzdUdhRPigzbUDKXr%2FObaFVLW0zBFwcjJ21Sagz4JngoHJVdb6GLkUTgEWzHchfxh%2Ft9wEUOpbxMVdWosGDVB8cIehfqx5VUCwW98cgs82v7PK2DCam78o%2FgMyF2zOlPe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744a08cf5f31b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js

104.17.25.14

200 OK

142 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js
IP
104.17.25.14:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (38674)
Size
142 kB (142499 bytes)
Hash
62118fbf2b04b08e63295992487a98e5
50997016896beea40d7188ef156f09755a9df6e2
efb679baf540dc3434ca9644ab8f64e5596f5e630781251492e5853f7599cb7e

HTTP Headers

GET /ajax/libs/html2pdf.js/0.9.2/html2pdf.bundle.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: application/javascript; charset=utf-8
content-length: 142499
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e9d-a9610"
last-modified: Mon, 04 May 2020 16:11:09 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 5204170
expires: Wed, 23 Aug 2023 23:30:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3L%2FG3z8rq%2FDkf5Vjba8uSrXyd0lHxAUIATATzaf9naDzUYL6mEmhAN1oy4tSFgNTCmnqFTQirTsDM2v772QhaXjMBEu6dV6lhRLHFmA0okuNldrQ1gpW1gQzUSsQNyL3qJEzp%2BG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 744a08cf5f38b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1

151.101.85.229

200 OK

597 B

URL HTTP/2
cdn.jsdelivr.net/npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1
IP
151.101.85.229:0
ASN
#54113 FASTLY

File type
Unicode text, UTF-8 text, with very long lines (1090)
Size
597 B (597 bytes)
Hash
d092834263c7b00d7de63acd3faf80e3
5f7b89769c97ad01fc128176e2f37520e787f718
1894fcaba76bd3052337c4c30dd4211cffdd4e6c2f1fe0d1da7da98b4573d206

HTTP Headers

GET /npm/jquery-ui-touch-punch@0.2.3/jquery.ui.touch-punch.min.js?version=4.0.1 HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.2.3
x-jsd-version-type: version
etag: W/"50b-wcNuaSdDYjHrIEdDVrKWZ8TGSKo"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 02 Sep 2022 23:30:36 GMT
age: 1299103
x-served-by: cache-fra19139-FRA, cache-bma1620-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
content-length: 597
X-Firefox-Spdy: h2

ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1

104.18.20.226

200 OK

1.5 kB

URL HTTP/1.1
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP
104.18.20.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.5 kB (1462 bytes)
Hash
9fb9b899692083ee410c29dcc9b5b3a0
ea62247c662baecc18b1902568c7617cc5ef6cd1
56905e083e78b3a365aa552259fbab7378b5997787267f5b9110b5c3c2897461

HTTP Headers

POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "3AFBBFC57E7789C922AF40DFBAA8FBEF8FA5C603"
Expires: Sat, 03 Sep 2022 10:00:00 GMT
Last-Modified: Fri, 02 Sep 2022 22:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 3006
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 744a08cfefb7b51b-OSL

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Last-Modified: Fri, 02 Sep 2022 22:22:28 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

connect.facebook.net/en_US/sdk.js

31.13.72.12

200 OK

1.7 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (1961)
Size
1.7 kB (1686 bytes)
Hash
9ae999838dc7d514b498b11b242177ec
604396a04219b7ce9cdb8023493ca0af037c1449
6760c4003764bb0e73f2c243c6c4baa22252447304a26970536a0ff0b9b5df42

HTTP Headers

GET /en_US/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 342365a8f35f1e707fa5b886c5a72599
etag: "652d45a0c5626404f98afccb91ac22ef"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Fri, 02 Sep 2022 23:36:30 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: mumZg43H1RS0mLEbJCF37A==
x-fb-debug: y68nlCGOY4S/DuEsbg6G2YeNvtOredWv85HfCE83gJoGPMIym8/QvZDTG0HtnpOMTmOKmtUCyXpkoZwVaXXDIA==
content-length: 1686
x-fb-trip-id: 1904183273
date: Fri, 02 Sep 2022 23:30:36 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

facebook.usasoftware.xyz/themes/wowonder/stylesheet/welcome.css?version=4.0.1

204.12.208.162

200 OK

5.2 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/stylesheet/welcome.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
assembler source, ASCII text, with very long lines (3643), with CRLF line terminators
Size
5.2 kB (5194 bytes)
Hash
ad424fc65c4755aa55f9b47652d33b64
96712af1fa3f758253cd432a8266721bf50116b1
2bd3c58c03453e984ac85866806a8e31bf2df5ba89d42dd779a24728f7dc444c

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/stylesheet/welcome.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 15 Feb 2022 18:58:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 5194
Content-Type: text/css

facebook.usasoftware.xyz/themes/wowonder/stylesheet/font-awesome-4.7.0/css/font-awesome.min.css?version=4.0.1

204.12.208.162

200 OK

6.7 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/stylesheet/font-awesome-4.7.0/css/font-awesome.min.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (30837)
Size
6.7 kB (6662 bytes)
Hash
7be64e8875f7d7173a1d66c15ff240c6
6ad6ecada99ad7fdc26f2695866735ffd515a9f1
8f2ea84e3d61c7c69f9fc974d11dd72a15dbcde069eb780cbf50f5dc434980d9

HTTP Headers

GET /themes/wowonder/stylesheet/font-awesome-4.7.0/css/font-awesome.min.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 23 Aug 2017 00:18:26 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 6662
Content-Type: text/css

facebook.usasoftware.xyz/themes/wowonder/stylesheet/leaflet.css?version=4.0.1

204.12.208.162

200 OK

3.0 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/stylesheet/leaflet.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with CRLF line terminators
Size
3.0 kB (3019 bytes)
Hash
84ff3953721a125afa6ac67e5d6d816c
b5b5368e74de5570696f2416ae8faee610b2dcac
f4067f2a23a620eb914c639d1c56c55203baeced487cccce4dcca3f752fbf36a

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/stylesheet/leaflet.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 28 Nov 2018 20:33:32 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 3019
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
b1ad004f11b9c337660dfc7b6a5091de
5e017d69c3549cd9d9b33d11486989bec8500b5a
6dfad0eaa16c37e2c7c9264636adcf2b3eed1577d44df08c388a983b810121b2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4088
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Last-Modified: Fri, 02 Sep 2022 22:22:28 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
20cc30f2a41f9c5e824ea46460548950
c153b447d44cbbe8f30d7f490605d1a430af20a1
0f8bb96e7dfd8a6bb3d7eae1a958195cb8ca9f20e0ad8cd952c34267ff0625f3

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.36

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.36:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Retry-After, ETag, Backoff, Last-Modified, Pragma, Cache-Control, Expires, Content-Type, Content-Length, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 02 Sep 2022 22:38:16 GMT
Expires: Fri, 02 Sep 2022 23:31:24 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: IWrzTi0k1pDmm43QPqzTMslEE4Bja6PM3CgJo5EgZm9iqPXyMMAU4A==
Age: 3140

facebook.usasoftware.xyz/themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1

204.12.208.162

200 OK

2.6 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (332)
Size
2.6 kB (2604 bytes)
Hash
b6d83949da3b415379df15c43d8de883
fdb16481c695239bc92f7e44a0ed539fe58eb3d2
e5dc2857d50155c4daff1f33bd828e87cb1f6b294050b0ca8605892a938a51f1

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/stylesheet/movies/style.movies.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2022 18:40:58 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 2604
Content-Type: text/css

facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.css?version=4.0.1

204.12.208.162

200 OK

3.7 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (27142), with CRLF line terminators
Size
3.7 kB (3718 bytes)
Hash
d01534bc3c0b84d3cb9b03be0166886c
37d7cd51a0f667a004853d04d30c1151c9e3fd9a
981fa4600d74111cfc7dbd6f22e3a58931ba47346ada98cd0235d81ecdd538ab

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/player/fluidplayer.min.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 10 Jul 2019 19:16:34 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 3718
Content-Type: text/css

facebook.usasoftware.xyz/themes/wowonder/javascript/leaflet.js?version=4.0.1

204.12.208.162

200 OK

39 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/leaflet.js?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (65380), with CRLF line terminators
Size
39 kB (39006 bytes)
Hash
24f5acd40c364c45ca02e92e4a5c59aa
54d763549666a2bf3a9924a7507a422c8e6afa7a
884036f937473904429461b7db164e1f0425349d73c2ba69d2c1a008b0bba9a7

HTTP Headers

GET /themes/wowonder/javascript/leaflet.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 28 Nov 2018 20:33:04 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 39006
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/stylesheet/general-style-plugins.css?version=4.0.1

204.12.208.162

200 OK

47 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/stylesheet/general-style-plugins.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (65536), with no line terminators
Size
47 kB (47362 bytes)
Hash
fffaf8caa6f8d78b7431c9c2dea68f5f
abc2ac8e5b5d799d98304ad4866434a02e09277a
eb83cbc8808d30ec21e070914519fe545913a4fff900542a013e8b5e97f720e3

HTTP Headers

GET /themes/wowonder/stylesheet/general-style-plugins.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sun, 06 Feb 2022 19:03:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 47362
Content-Type: text/css

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

938 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
938 B (938 bytes)
Hash
935378acecff43f26d50e54bb2f76982
74e2db898043011caf2b36085922fc9d3483d763
12dcf35ed9fb4f412f851191f2977671452dfe7cf7b0fce621dd84dcc8556e1b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1

204.12.208.162

200 OK

19 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/player/fluidplayer.min.js?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (65536), with no line terminators
Size
19 kB (19315 bytes)
Hash
128bffaa1c11f589377bff6042b80531
efff8add6b6339d60fbf27bfef631929985af0f8
884808d45f26045190657df4c88f3b03e5a337043bf7a952aeb235c4fcfb7f2d

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/player/fluidplayer.min.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 10 Jul 2019 19:16:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 19315
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js

204.12.208.162

200 OK

9.4 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/qrcode.js
IP
204.12.208.162:0
ASN
#32097 WII

File type
HTML document, Unicode text, UTF-8 text, with very long lines (3129), with CRLF line terminators
Size
9.4 kB (9437 bytes)
Hash
8b6eb6286586848c42ef8a4e80625902
8650a00151ea2541791b890a5cdf9efe0ae46cb7
620db4952cf121fef683c9f2638512539a24d5c270ccdf209c6d896652b65ccf

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/javascript/qrcode.js HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 12 Oct 2021 22:52:28 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 9437
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js

204.12.208.162

200 OK

19 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/socket.io.js
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (32094)
Size
19 kB (19296 bytes)
Hash
61d52c24abd8c15ee8351fa61a4e989a
1525ef4bd09f1926f8d44e353c22be42b818b3fb
69964b3b6f3a0be025265b48d7a6f5d342cf440f2b18c397258259e9b5e9230a

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/javascript/socket.io.js HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sat, 17 Oct 2020 03:21:18 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 19296
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js

204.12.208.162

200 OK

5.3 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text
Size
5.3 kB (5267 bytes)
Hash
97a3ffd22f4a455a45b921f706f680d7
157fd88a3fcfea89cef0bde8640d1ab526be9d15
d7674e8a54c5ca967191e068b9fc293273a823848b0549998c3a0dabe0a2b392

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/javascript/bootstrap-tagsinput-latest/src/bootstrap-tagsinput.js HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Tue, 03 Nov 2015 02:26:42 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 5267
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1

204.12.208.162

200 OK

1.1 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text
Size
1.1 kB (1118 bytes)
Hash
a028ad951e55be0c3faa87a98ad4ab83
232b8b4663ecfae3f6d7cc731d5495c99e7acbde
8d83d54e6c9e1a4e3f221fa6246516effbc1402d690bc9744be0172ec0e662fa

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/javascript/green-audio-player/green-audio-player.css?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Fri, 11 Feb 2022 16:12:46 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=99
Content-Length: 1118
Content-Type: text/css

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
21daf45cdda2eb462873226bb5c1f0fb
4d4621bbf1461f35f7e536c1dbd9de71978ffa23
8164c742d013bdc2836cac1167acfe482547347ab6a1daefa15475f694dae057

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5635
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:36 GMT
Last-Modified: Fri, 02 Sep 2022 21:56:41 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471

facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1

204.12.208.162

200 OK

6.1 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (3564)
Size
6.1 kB (6106 bytes)
Hash
a7b0218825ae5c0af53e5ac261202b23
0570cecd2fd844e7dd6ec17a4544b09dc1f8b702
fca6a798560938905025ad159135ed93b85645703d140f34e3d10937ffd41bbb

HTTP Headers

GET /themes/wowonder/javascript/green-audio-player/green-audio-player.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 25 Mar 2020 03:59:36 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Length: 6106
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1

204.12.208.162

200 OK

107 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (32030)
Size
107 kB (106929 bytes)
Hash
acac61ce1f307acd3dc4aa15b2cb83bd
42b541d97ae1402f64363d17cbd031e1c3c7d601
e1d72975830ce91835adcfa302620949f725aa630b5055b6da5db4fe27d7d838

HTTP Headers

GET /themes/wowonder/javascript/jquery-3.1.1.min.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Thu, 04 Oct 2018 17:30:56 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 106929
Content-Type: application/javascript

facebook.usasoftware.xyz/themes/wowonder/javascript/welcome.js?version=4.0.1

204.12.208.162

200 OK

440 B

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/welcome.js?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (1088), with no line terminators
Size
440 B (440 bytes)
Hash
5499fe0141866e24a6745eb3d0f5e94c
f4faf60142a4f61f9b9b80271edbf1720dbb113d
1a736a1da65246b4ec838d858b8f39cb67ba60aae81d7ceb817577320006cac4

HTTP Headers

GET /themes/wowonder/javascript/welcome.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 03 Oct 2018 22:37:28 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 440
Content-Type: application/javascript

facebook.usasoftware.xyz/upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0

204.12.208.162

200 OK

4.1 kB

URL HTTP/1.1
facebook.usasoftware.xyz/upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0
IP
204.12.208.162:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 70", baseline, precision 8, 150x150, components 3\012- data
Size
4.1 kB (4082 bytes)
Hash
ab7b6b4cf48a1f0a63bace3c7305b8c5
c6eba4518e46d8abe7ea4abc3330846e5d3b2d2c
36023c4fd0fba9d658ea80fb5d349c7885c132411fc0b22483e15e7d54c11f80

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /upload/photos/2022/05/FIoynfv1JqwwMvvpvBMA_07_a801eae58d62b3bb76f17e5ad0226400_avatar.jpg?cache=0 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sat, 07 May 2022 13:03:58 GMT
Accept-Ranges: bytes
Content-Length: 4082
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:36 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Access-Control-Allow-Origin: *
Content-Type: image/jpeg

facebook.usasoftware.xyz/themes/wowonder/img/logo.png

204.12.208.162

200 OK

826 B

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/img/logo.png
IP
204.12.208.162:0
ASN
#32097 WII

File type
PNG image data, 190 x 21, 8-bit/color RGBA, non-interlaced\012- data
Size
826 B (826 bytes)
Hash
524245ef073b1b0d83e9511904ec4854
a3e9849829f8a4b9fab8971c9db3d9e6b5724b2f
e28278f0c9cdb938a910ff07e1a64fa61eaa3e9836622193111427a70b89d02b

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /themes/wowonder/img/logo.png HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Sat, 07 May 2022 12:50:42 GMT
Accept-Ranges: bytes
Content-Length: 826
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:36 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=98
Content-Type: image/png

facebook.usasoftware.xyz/themes/wowonder/javascript/script.js?version=4.0.1

204.12.208.162

200 OK

81 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/javascript/script.js?version=4.0.1
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with very long lines (727), with CRLF line terminators
Size
81 kB (80597 bytes)
Hash
d4e3c13efb6740b0c30da06a13291c4c
d3299e0624b0385e84e0d9f5ed600bc96f61a7a8
2383528eeba0ad36b901f47ed807a8fdbab2c6367ba1e83c33731b4db5feedf0

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.
fortinet	Phishing

HTTP Headers

GET /themes/wowonder/javascript/script.js?version=4.0.1 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Wed, 09 Feb 2022 21:10:22 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Sun, 02 Oct 2022 23:30:36 GMT
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Length: 80597
Content-Type: application/javascript

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

52.89.136.7

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.89.136.7:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8nkmDRQ3ps5Wm4IvZ76ZFQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Dk1Z9chFlW+wfGdPCy0PmuF27sY=

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.163

200 OK

8.0 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 187178
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

142.250.74.163

200 OK

7.7 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:30:59 GMT
expires: Thu, 31 Aug 2023 19:30:59 GMT
cache-control: public, max-age=31536000
age: 187178
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

200 OK

7.9 kB

URL HTTP/2
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 31 Aug 2022 19:32:09 GMT
expires: Thu, 31 Aug 2023 19:32:09 GMT
cache-control: public, max-age=31536000
age: 187108
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
7ce90d6fafa13d92fcf445b688f0389f
480461a46fc291cbcdf6218c7743779d7e862788
dd33483769f6c715aeb257c2955147c1a5a47b0af1684190247701465af8af6c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Sep 2022 23:30:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

facebook.usasoftware.xyz/themes/wowonder/img/backgrounds/welcome.jpg

204.12.208.162

200 OK

266 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/img/backgrounds/welcome.jpg
IP
204.12.208.162:0
ASN
#32097 WII

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x853, components 3\012- data
Size
266 kB (266340 bytes)
Hash
0c1aebe521eab54f67a8b1cee0ae8f1c
fb4ca408d76a5835eebebfc6039a4bba70c3c9ac
eb9ce0e3a51d6a5259bca95c7f7b61ccf507b376d57be8b2372f601934f49250

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /themes/wowonder/img/backgrounds/welcome.jpg HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:36 GMT
Server: Apache
Last-Modified: Thu, 27 Jan 2022 15:37:54 GMT
Accept-Ranges: bytes
Content-Length: 266340
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:36 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=97
Content-Type: image/jpeg

connect.facebook.net/en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753

31.13.72.12

200 OK

87 kB

URL HTTP/2
connect.facebook.net/en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753
IP
31.13.72.12:0
ASN
#32934 FACEBOOK

File type
ASCII text, with very long lines (13175)
Size
87 kB (86687 bytes)
Hash
d2583bd61b29da2a0879901ee9b90a37
2518e6c6e3f3fc3393353ff8986924aaa4659a34
9708a08f5bd158bdd844f074b6689a8abddfa8ec425f3ad8e6ab76a8c7248606

HTTP Headers

GET /en_US/sdk.js?hash=b89c6f3b5f5a7ecc464ce772bdbc5753 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 2d8a2b6622e630007bea56ca9a6f60fa
etag: "97aa9f57ae203f4063e6abc9bdf1dd59"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Sat, 02 Sep 2023 22:15:07 GMT
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: 0lg71hsp2ioIeZAe6bkKNw==
x-fb-debug: 0y/dG3Ty1HC7YiGjvjp1OPs4fHBEiabnTuO9vHPAt7G7uR+WF73aKa7GBqspLOME79D85+wnXn4JOORspEWEbw==
content-length: 86687
x-fb-trip-id: 1904183273
date: Fri, 02 Sep 2022 23:30:37 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

facebook.usasoftware.xyz/themes/wowonder/img/icon.png

204.12.208.162

200 OK

5.9 kB

URL HTTP/1.1
facebook.usasoftware.xyz/themes/wowonder/img/icon.png
IP
204.12.208.162:0
ASN
#32097 WII

File type
PNG image data, 104 x 100, 8-bit/color RGBA, non-interlaced\012- data
Size
5.9 kB (5945 bytes)
Hash
54da82a8ca5594e2f7a17e0e4f383611
c6ec8d1c4ba1f4394eee1edbe8a08214afa8fc9f
3c19892d63f11747cd92996a88a8ed73b1cc779651ff4189b8485dfb77975135

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /themes/wowonder/img/icon.png HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:37 GMT
Server: Apache
Last-Modified: Thu, 16 Jun 2016 20:28:48 GMT
Accept-Ranges: bytes
Content-Length: 5945
Cache-Control: max-age=31536000
Expires: Sat, 02 Sep 2023 23:30:37 GMT
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=96
Content-Type: image/png

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
12f00eac4bda78b5d4c4bc00e96be439
5d6d88dbf72f208bc33c9af693440aec02e5f11c
4a85dc99793413780fdfde032e83995c0a15775eb09123f53a1ba9b789f91a55

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4A85DC99793413780FDFDE032E83995C0A15775EB09123F53A1BA9B789F91A55"
Last-Modified: Wed, 31 Aug 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2170
Expires: Sat, 03 Sep 2022 00:06:48 GMT
Date: Fri, 02 Sep 2022 23:30:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e7beff9-947d-413f-a36c-3dc74d9e7e15.jpeg

34.120.237.76

200 OK

5.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e7beff9-947d-413f-a36c-3dc74d9e7e15.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.5 kB (5457 bytes)
Hash
0de9027ed264cacf67433af503eb3d24
7a63830b43a8bc9d0ca570b7ef7886e0b1e32a97
cd8af5bd5ac0371755bb944e0b6eb8f7265079aa8bebd39a030b6633c91abf27

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9e7beff9-947d-413f-a36c-3dc74d9e7e15.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5457
x-amzn-requestid: 5c03bf43-e084-4669-b092-2d167a74306c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XtgFEFdZIAMF-VQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-630ee086-084a524b4fbc9029198ddea5;Sampled=0
x-amzn-remapped-date: Wed, 31 Aug 2022 04:16:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I8xPKgVUoLMZwMdmXaierFYFKOlq8lbUwfkAHHqK3jg25XndJRNFHw==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:43:34 GMT
age: 71224
etag: "7a63830b43a8bc9d0ca570b7ef7886e0b1e32a97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91a99bc-e0f0-4e9a-a1bf-8fdb59ff4c05.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.5 kB (3484 bytes)
Hash
a7224ed75214e01c7c1538ab32a3068a
e9065d619bfc3b8010221b91c4efdf012cc6760a
380b97a517a4d3aba9992d98402622696631407d1224eee7aefd990a6d65fe93

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe91a99bc-e0f0-4e9a-a1bf-8fdb59ff4c05.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3484
x-amzn-requestid: ba336a54-fb73-4d34-b5a9-75b202fa7d8d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XcSVCEv3oAMFkhQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6307fdb9-7730a0c8032e78cf125359b8;Sampled=0
x-amzn-remapped-date: Thu, 25 Aug 2022 22:54:49 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: ylZpeN_x2J8QX0tWRaRYBvcEpMNoovC29oi6_64E_enBppHFbxRvqQ==
via: 1.1 ffe7114eb67ff864ff5a46aa2b63ce6e.cloudfront.net (CloudFront), 1.1 989017835f43d594873bde5a7ee7fe5e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:08:58 GMT
age: 4900
etag: "e9065d619bfc3b8010221b91c4efdf012cc6760a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F089ff420-2c17-4cce-ad25-52e8fc69f2a9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.6 kB (4610 bytes)
Hash
660183cada6c24962d977deeaf36bb9b
1128b6b873eee3bf510c2a30898b18649da28b91
bb9a4142b5b033d3852e3068f906ca968b040444855dd5ecf58997d555d37a3b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F089ff420-2c17-4cce-ad25-52e8fc69f2a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4610
x-amzn-requestid: 98e2dc42-99bd-44c4-a6fe-ac5051bdf89b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XTiVCGAjoAMFk4g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63047db9-17d982296b87329d21506071;Sampled=0
x-amzn-remapped-date: Tue, 23 Aug 2022 07:11:53 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wKtM5ooiu4W4w0DHDlqlVxBXkh8K1CbSkNx4hNta_mUSK-r-mLAGxw==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 707e733794d52100fde0ab21bf0b1462.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:43:30 GMT
age: 71228
etag: "1128b6b873eee3bf510c2a30898b18649da28b91"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad663de8-dd74-4ef6-b834-52448e7d423f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.1 kB (8062 bytes)
Hash
baa99ebdef2eb1b3b0d0f89c8efe9e82
7ac3fd98ce0fbae3292a6dd621faf1716c97cd90
e968972fad46460d01dfe41876f5f79d13421e1bdcbea4cb4c090925550b482d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fad663de8-dd74-4ef6-b834-52448e7d423f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8062
x-amzn-requestid: 95048506-bd41-41c3-9c61-8c1fa4d76222
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: XwqDQFbwoAMFc8A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631023ae-45421a57181cb85a56f85f39;Sampled=0
x-amzn-remapped-date: Thu, 01 Sep 2022 03:14:54 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 6V5eqFCVOuGaq3DfNB4hanZly4dfynnBCHDWmkPAyOXHxxyhpE-Gwg==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 6396e88c437c096ef98930ce29f731a2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 03:41:59 GMT
age: 71319
etag: "7ac3fd98ce0fbae3292a6dd621faf1716c97cd90"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7501 bytes)
Hash
23b580e2b673257d24b9c2e80c4c48ce
f3a3d835a37f9b23e7458f9b7bc721bc415b61cc
c0e3559fde3dd08cdbd360f39dddcc98dd7c1b3aebd0861cc07105872a116d11

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7d7b349-4711-4e66-bc42-888934e385a2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7501
x-amzn-requestid: bf297fc4-9164-45ee-bfab-06761a52e3ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: X2eMJEP1IAMFdpA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6312771a-6b3e6416133d67a83d8a1469;Sampled=0
x-amzn-remapped-date: Fri, 02 Sep 2022 21:35:22 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: datd5eYK6nOAUdEpy_y4gcqsVmCqjP4qhzTnlJ9pSrquoYk2PPugTA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 01147dcc35d57fc0238a3c1700c13f16.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 22:02:34 GMT
age: 5284
etag: "f3a3d835a37f9b23e7458f9b7bc721bc415b61cc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.0 kB (4994 bytes)
Hash
60769237af4f32c663d494d91a672d08
31305131f340191799484f212e15513bd1204e88
6df36e459f3a2d0271732b645009b116e6671363f6c3050d22bbfe2d911a77bd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e53e5b7-d429-4f33-bd77-ce946421df55.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4994
x-amzn-requestid: de39357f-d378-4bb8-b4d9-7dd4f82fbb58
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Xgj-kEHvoAMFyBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6309b390-119fa01e254e89cb39a1b794;Sampled=0
x-amzn-remapped-date: Sat, 27 Aug 2022 06:02:56 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 1yjBt3dqEztIRHo4yR3ZzI67J4lWUMS8R44-PpkeDJ4KNdCTPkmh-w==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Sep 2022 04:45:35 GMT
age: 67503
etag: "31305131f340191799484f212e15513bd1204e88"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

facebook.usasoftware.xyz/requests.php?hash=009ddf882e325322b301&f=update_data&user_id=0&before_post_id=0&check_posts=false&hash_posts=false&_=1662161435129

204.12.208.162

200 OK

19 B

URL HTTP/1.1
facebook.usasoftware.xyz/requests.php?hash=009ddf882e325322b301&f=update_data&user_id=0&before_post_id=0&check_posts=false&hash_posts=false&_=1662161435129
IP
204.12.208.162:0
ASN
#32097 WII

File type
ASCII text, with no line terminators
Size
19 B (19 bytes)
Hash
dc574bed4351e5af700cb42901f5f5b8
e2392bdaab4ba2aab026db185f496b126e48ea03
2334125a96d25750ca3eb6be8f417c4dcfa39a1b3bc3f94596f7931bef550c79

Detections

Analyzer	Verdict	Alert
openphish	Facebook, Inc.

HTTP Headers

GET /requests.php?hash=009ddf882e325322b301&f=update_data&user_id=0&before_post_id=0&check_posts=false&hash_posts=false&_=1662161435129 HTTP/1.1
Host: facebook.usasoftware.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://facebook.usasoftware.xyz
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Fri, 02 Sep 2022 23:30:43 GMT
Server: Apache
X-FRAME-OPTIONS: SAMEORIGIN
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=1d6cebbaec3aeba7b1cda9f4ad28a371; path=/; HttpOnly
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
ad-con=%7B%26quot%3Bdate%26quot%3B%3A%26quot%3B2022-09-02%26quot%3B%2C%26quot%3Bads%26quot%3B%3A%5B%5D%7D; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
_us=1662247843; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
_us=1662247843; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000
mode=day; expires=Mon, 30-Aug-2032 23:30:43 GMT; Max-Age=315360000; path=/
access=1; expires=Sat, 03-Sep-2022 23:30:43 GMT; Max-Age=86400; path=/
Vary: Accept-Encoding
Content-Encoding: br
Connection: keep-alive, Keep-Alive
Keep-Alive: timeout=5, max=100
Content-Length: 19
Content-Type: text/html; charset=UTF-8

unpkg.com/flickity@2/dist/flickity.pkgd.min.js

104.16.123.175

302 Found

0 B

URL HTTP/2
unpkg.com/flickity@2/dist/flickity.pkgd.min.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /flickity@2/dist/flickity.pkgd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://facebook.usasoftware.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: public, s-maxage=600, max-age=60
location: /flickity@2.3.0/dist/flickity.pkgd.min.js
vary: Accept, Accept-Encoding
via: 1.1 fly.io
fly-request-id: 01GC08K1RV5AJTS0EZMKYQTM31-ams
cf-cache-status: HIT
age: 80
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 744a08cf7f22b518-OSL
X-Firefox-Spdy: h2

unpkg.com/flickity@2.3.0/dist/flickity.pkgd.min.js

104.16.123.175

200 OK

0 B

URL HTTP/2
unpkg.com/flickity@2.3.0/dist/flickity.pkgd.min.js
IP
104.16.123.175:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /flickity@2.3.0/dist/flickity.pkgd.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://facebook.usasoftware.xyz/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Sep 2022 23:30:36 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"e136-ppFLVfsImDkhRKQGmGrAD36fhGA"
via: 1.1 fly.io
fly-request-id: 01FQ9VZY0MM9D6E2TFNQ5YF17K
cf-cache-status: HIT
age: 22226323
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 744a08cfcf99b518-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext

216.58.211.10

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext
IP
216.58.211.10:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Open+Sans:300,400&subset=cyrillic,greek,latin-ext HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://facebook.usasoftware.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 02 Sep 2022 23:30:36 GMT
date: Fri, 02 Sep 2022 23:30:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

JavaScript (22)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL