| m-facebookqfl.gxscv.com/ |  104.21.54.171 | | 2.9 kB |
IP104.21.54.171:0
File typeHTML document, ASCII text, with CRLF line terminators Hasha9b79cc5fd1b67c37749fa79c58ae73f dbcef05405b3a0ed8b4ea6aa355199e16079be7e dda4e88d19b47a0ea8710990fc11d58ff446e9006e284202f738f2004c2459da
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Facebook | | OpenPhish | phishing | Facebook, Inc. |
GET / HTTP/1.1
Host: m-facebookqfl.gxscv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 29 Mar 2024 06:12:16 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T9JBseZDAveux8t%2Bj9hW%2Faeod6gDpLxQFVI6NsXPij%2F881qq23YwZkvn%2BmoVLYr0kkk8MF5qxG7%2BLjNvt5p%2BFSSxBQs%2F6oO%2FUHNdro5DfNtp7d2eK36Z3Uk%2BEv29BaCmV7W7dzZrM0V5WQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bdb50f4a8256aa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
|
|
| fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 |  216.58.207.227 | 200 OK | 16 kB |
URL GET HTTP/2fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 IP216.58.207.227:443
Requested byhttps://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ CertificateIssuerGoogle Trust Services LLC Subject*.gstatic.com FingerprintF3:56:10:42:A8:3C:BF:F5:89:9C:4C:C0:F8:E3:DC:C4:1C:E9:34:9E ValidityMon, 26 Feb 2024 08:18:21 GMT - Mon, 20 May 2024 08:18:20 GMT
File typeWeb Open Font Format (Version 2), TrueType, length 15744, version 1.0 Hash15d9f621c3bd1599f0169dcf0bd5e63e 7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52 f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://m-facebookqfl.gxscv.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 28 Mar 2024 17:37:50 GMT
expires: Fri, 28 Mar 2025 17:37:50 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 45271
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/css/fb_style.css | 104.21.54.171 | 200 OK | 56 kB |
URL GET HTTP/3m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/css/fb_style.css IP104.21.54.171:443
Requested byhttps://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ CertificateIssuerGoogle Trust Services LLC Subjectgxscv.com Fingerprint17:12:7D:72:63:EE:9C:FE:89:45:A9:2A:34:8E:DA:2C:07:C4:D1:8B ValiditySat, 10 Feb 2024 18:47:46 GMT - Fri, 10 May 2024 18:47:45 GMT
Hashf5990efce538cfdfebb8910b2b41b24e 931725ac8a506dfdfee26c2422db01b407bda91e 5dd5413d9c5dc9802971efb610dd11c8fa5678e2ec853507749cb0d0042b9030
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Facebook | | OpenPhish | phishing | Facebook, Inc. |
GET /vhsfhqpdhdsih6/css/fb_style.css HTTP/1.1
Host: m-facebookqfl.gxscv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 29 Mar 2024 06:12:21 GMT
content-type: text/css
last-modified: Wed, 22 Jul 2020 16:28:34 GMT
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ss%2BZqw40n%2Fx02u2wF9GVD%2FZdlkhEym4VaDGuuWhOQPpo7TB61f2GTgIo3nUSOF9DG%2BdZ3V%2Fr%2Fqnhq%2F2YiKD9WNQShd%2FeGswZ3pDjiB7REai1mUmo0CYygEx99g%2BINiiIFL3Lwn0x7Gk3zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bdb525c8f9b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| m-facebookqfl.gxscv.com/vhsfhqpdhdsih6 | 104.21.54.171 | 301 Moved Permanently | 726 B |
URL User Request GET HTTP/3m-facebookqfl.gxscv.com/vhsfhqpdhdsih6 IP104.21.54.171:443
CertificateIssuerGoogle Trust Services LLC Subjectgxscv.com Fingerprint17:12:7D:72:63:EE:9C:FE:89:45:A9:2A:34:8E:DA:2C:07:C4:D1:8B ValiditySat, 10 Feb 2024 18:47:46 GMT - Fri, 10 May 2024 18:47:45 GMT
Hash74bbf7ad1de05937460ba3b04c47522a 06a771c78ddf96884614153c818024dfa89e7e2e b12d310441e7026a32c88fe25cfe0a14c1df2f19024d95cfc75731581b248c2b
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Facebook | | OpenPhish | phishing | Facebook, Inc. |
GET /vhsfhqpdhdsih6 HTTP/1.1
Host: m-facebookqfl.gxscv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Fri, 29 Mar 2024 06:12:17 GMT
content-type: text/html; charset=iso-8859-1
location: http://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=c4xWnyco76ZJSoMOK2d9F%2Bx7T6aCQvR6X62dodTfPLi7ky2wA%2FWxxy%2BDWKlujnRflfNejrG%2Bfn0lS6E1gk0w0jLdUD2Y%2BYsP3F%2FN11IckmOq7uoGxLYIGBecVLG4poW5NRXDgyFqk3w1dw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bdb515b90eb4f4-OSL
alt-svc: h3=":443"; ma=86400
|
|
| m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/img/icon-fb.png | 104.21.54.171 | 404 Not Found | 315 B |
URL GET HTTP/3m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/img/icon-fb.png IP104.21.54.171:443
Requested byhttps://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ CertificateIssuerGoogle Trust Services LLC Subjectgxscv.com Fingerprint17:12:7D:72:63:EE:9C:FE:89:45:A9:2A:34:8E:DA:2C:07:C4:D1:8B ValiditySat, 10 Feb 2024 18:47:46 GMT - Fri, 10 May 2024 18:47:45 GMT
File typeHTML document, ASCII text, with very long lines (326), with no line terminators Hash97ef40509b73c101d6815511c3adf98d a4242322497ea630ea72e26ba297a95a2bbe5ccd 322c1f60d9d454c801f7cff3173ef16b61cf9963a64e09a4d9e21d36218b56be
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Facebook | | OpenPhish | phishing | Facebook, Inc. |
GET /vhsfhqpdhdsih6/img/icon-fb.png HTTP/1.1
Host: m-facebookqfl.gxscv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 404 Not Found
date: Fri, 29 Mar 2024 06:12:20 GMT
content-type: text/html; charset=iso-8859-1
cache-control: max-age=14400
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5w9Ch%2FWMW1EMTfETMkf2Uj3EO0uQX2KDfYNyEAv073lAzvibLZa%2FG7FfDv3KSrAJwM1hiIkJ7mZCQJp9rkoNa6uDXA9nYZwu40UKz0xOnkx9S5%2F%2BSgZyEtkjKQh04GAmIok2FqHrqfSRrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 86bdb5267959b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|
| fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 | 142.250.74.106 | 200 OK | 12 kB |
URL GET HTTP/2fonts.googleapis.com/css?family=Roboto:300,400,500,700|Teko:300,400,500 IP142.250.74.106:443
Requested byhttps://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ CertificateIssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint04:B9:D9:E0:01:DB:5E:AB:5A:FF:F0:D9:ED:39:0F:C1:63:18:51:0B ValidityMon, 26 Feb 2024 08:18:27 GMT - Mon, 20 May 2024 08:18:26 GMT
Hash807349734f3707b50b73c3fd626526e8 2f3ab67f0ffa01bc1f0c180cae9085ecc8d96d63 ce7d7e11e41b1b3619cbdf436bbf2557fda2d97d434e65fab281207ffae5c0d0
GET /css?family=Roboto:300,400,500,700|Teko:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m-facebookqfl.gxscv.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 29 Mar 2024 06:12:21 GMT
date: Fri, 29 Mar 2024 06:12:21 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
|
|
| i.ibb.co/yRc51C8/header.png |  162.19.58.156 | 200 OK | 54 kB |
URL GET HTTP/2i.ibb.co/yRc51C8/header.png IP162.19.58.156:443
Requested byhttps://m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ CertificateIssuerLet's Encrypt Subjectibb.co Fingerprint47:33:B4:39:55:FC:BC:18:08:79:9C:6C:9D:F3:CF:3A:89:C4:99:62 ValidityWed, 07 Feb 2024 12:41:56 GMT - Tue, 07 May 2024 12:41:55 GMT
File typePNG image data, 720 x 398, 8-bit colormap, non-interlaced Hashc565a6a54aea99c0df8a5f7ba8615ad5 7f165a3d203e562583bbab06f8f756b3c8733835 5c4d4dde7b53da22a5ad4c30dfa48c8c9a2e7f10491fabf1fdc3863e077cde01
GET /yRc51C8/header.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m-facebookqfl.gxscv.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 29 Mar 2024 06:12:21 GMT
content-type: image/png
content-length: 53765
last-modified: Fri, 01 Nov 2019 15:17:32 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
|
|
| m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ | 104.21.54.171 | 200 OK | 1.9 kB |
URL User Request GET HTTP/3m-facebookqfl.gxscv.com/vhsfhqpdhdsih6/ IP104.21.54.171:443
CertificateIssuerGoogle Trust Services LLC Subjectgxscv.com Fingerprint17:12:7D:72:63:EE:9C:FE:89:45:A9:2A:34:8E:DA:2C:07:C4:D1:8B ValiditySat, 10 Feb 2024 18:47:46 GMT - Fri, 10 May 2024 18:47:45 GMT
File typeHTML document, Unicode text, UTF-8 text, with very long lines (2129), with no line terminators Hashde753b8512f4e0d40a9ab33081e57720 99cbfe25d5f032a22d4733fb7d70bc52697f67a9 8651d1d4d04fef3a4358f9a8650ced292477e0e9e83ab64d0aa39f29f7f38292
| Analyzer | Verdict | Alert |
|---|
| urlquery | phishing | Phishing - Facebook | | OpenPhish | phishing | Facebook, Inc. |
GET /vhsfhqpdhdsih6/ HTTP/1.1
Host: m-facebookqfl.gxscv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 29 Mar 2024 06:12:19 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=97LRamJNbEg2j8BYoa%2FTgiIs6YpgfHLJ6XGBCb15qNonvgpCMa3Lrqx5JTfFPKJb%2BfNzPXuBWQ9Xr2B603xx%2FZqc40hczRLDg6rkz8bnvt0dJPYf5yeH4%2BEEw4rlNlmTTg%2BtrSgbLctNxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 86bdb51a6b47b4f4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
|
|