Report - m.fb-login.com/

Report Overview

Submitted URL
m.fb-login.com/
IP
72.167.103.117
ASN
#398101 GO-DADDY-COM-LLC
Submitted
2024-04-18 04:13:16
Access
public
Website Title
Facebook
Final URL
m.fb-login.com/
Tags
meta facebook phishing social
urlquery detections
Phishing - Facebook

Detections

urlquery
7
Network Intrusion Detection
0
Threat Detection Systems
12

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
m.fb-login.com	unknown	unknown	No data	No data	3.2 kB	151 kB	72.167.103.117
img1.wsimg.com	9893	2008-03-17	2012-06-20	2024-04-17	858 B	21 kB	95.101.10.129
events.api.secureserver.net	125179	1998-03-30	2020-06-23	2024-04-18	2.4 kB	928 B	104.84.152.58
csp.secureserver.net	unknown	1998-03-30	2022-12-18	2024-04-18	2.1 kB	2.3 kB	104.110.14.92
top.anotherlevel.app	unknown	unknown	No data	No data	2.1 kB	1.2 kB	146.70.81.214
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-17	497 B	1.7 kB	142.250.74.106
ipapi.co	195030	2016-04-19	2017-01-31	2024-04-17	896 B	2.9 kB	172.67.69.226

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2024-04-17	medium	m.fb-login.com/	Facebook, Inc.
2024-04-17	medium	m.fb-login.com/	Facebook, Inc.
2024-04-17	medium	m.fb-login.com/	Facebook, Inc.
2024-04-17	medium	m.fb-login.com/	Facebook, Inc.
2024-04-17	medium	m.fb-login.com/	Facebook, Inc.
2024-04-17	medium	m.fb-login.com/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (3)

	URL	Size	First Seen	Last Seen
	m.fb-login.com/	376 B	2024-04-18	2024-04-18
Pretty URL m.fb-login.com/ IP 72.167.103.117 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 06:13:23 Last Seen2024-04-18 06:13:23 Times Seen1 Hash 84dffd7f363a9e892df1278afe5cab76 0344912ee53503e9f8d379b6b8b9e01f3f3f3b89 52c6d804a43c64466cf7cdc703bed3615d5dd38c848151ca444feb07f6dc08e9 Loading...

	img1.wsimg.com/traffic-assets/js/tccl.min.js	106 kB	2024-03-22	2024-05-01
Pretty URL img1.wsimg.com/traffic-assets/js/tccl.min.js IP 95.101.10.129 ASN #20940 Akamai International B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2024-03-22 17:30:50 Last Seen2024-05-01 01:23:18 Times Seen422 Hash fdf3f3c180ae2aa6864f9c46a83a37a9 59f698af339af479bc5447e5da54778d909c7068 e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664 Loading...

	m.fb-login.com/static/js/main.24507848.js	362 kB	2024-04-18	2024-04-18
Pretty URL m.fb-login.com/static/js/main.24507848.js IP 72.167.103.117 ASN #398101 GO-DADDY-COM-LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 06:13:23 Last Seen2024-04-18 06:13:23 Times Seen2 Hash 9f876cc38be8f8f0d1e18bca73fad108 eb6975b4703e7dac99ddc4488c4a4f7416114de7 5d2dccc3fbd11e69a4fa757d0ac82d6c71034c0ec82cf1d13d5cdc322ab94247 Loading...

HTTP Transactions (21)

URL IP Response Size

m.fb-login.com/

72.167.103.117

200 OK

566 B

URL User Request GET HTTP/2
m.fb-login.com/
IP
72.167.103.117:443
ASN
#398101 GO-DADDY-COM-LLC

Certificate
IssuerLet's Encrypt
Subjectm.fb-login.com
Fingerprint02:61:D2:74:15:A4:A4:80:EE:73:DC:70:DA:37:14:0F:05:0E:B7:25
ValidityWed, 17 Apr 2024 20:53:37 GMT - Tue, 16 Jul 2024 20:53:36 GMT

File type
HTML document, ASCII text, with very long lines (1341), with no line terminators
Size
566 B (566 bytes)
Hash
1b3a7505f94d526013c905d558f916df
6c529a4d223b2baab3fc48597051b95e86cb3174
d1aeb6a52bbf5ce21b67ef7de6ad1fae4a8bad390c64bef5e1effe4a35b87e50

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET / HTTP/1.1
Host: m.fb-login.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 19:08:10 GMT
etag: "7ba002f-368-6164f93503a80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 566
content-type: text/html
date: Thu, 18 Apr 2024 04:12:51 GMT
server: Apache
X-Firefox-Spdy: h2

img1.wsimg.com/traffic-assets/js/tccl.min.js

95.101.10.129

301 Moved Permanently

0 B

URL GET HTTP/2
img1.wsimg.com/traffic-assets/js/tccl.min.js
IP
95.101.10.129:443
ASN
#20940 Akamai International B.V.

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintB7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD
ValidityTue, 19 Sep 2023 21:06:14 GMT - Sun, 20 Oct 2024 21:06:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /traffic-assets/js/tccl.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
content-length: 0
location: https://img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 04:12:51 GMT
date: Thu, 18 Apr 2024 04:12:51 GMT
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js

95.101.10.129

200 OK

20 kB

URL GET HTTP/2
img1.wsimg.com/signals/js/clients/scc-c2/scc-c2.min.js
IP
95.101.10.129:443
ASN
#20940 Akamai International B.V.

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.wsimg.com
FingerprintB7:FF:50:92:4F:A1:64:14:99:A1:DE:DB:55:C9:FA:92:78:6B:89:DD
ValidityTue, 19 Sep 2023 21:06:14 GMT - Sun, 20 Oct 2024 21:06:14 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (20488 bytes)
Hash
fdf3f3c180ae2aa6864f9c46a83a37a9
59f698af339af479bc5447e5da54778d909c7068
e301943f5f3cb3486ab3f4c75c0315e96891268a76b8663b6a490324e39d1664

HTTP Headers

GET /signals/js/clients/scc-c2/scc-c2.min.js HTTP/1.1
Host: img1.wsimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://m.fb-login.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
x-amz-id-2: lQSW4L69bW74G6Q9HX8KhlWi+8qlaOmckwsGIl8CWlBjmnYwvI51YmDK4+p8T6s/aeyKrCJMbnY=
x-amz-request-id: 6EHPQTR1A2W9QC2A
last-modified: Fri, 22 Mar 2024 13:06:20 GMT
etag: "fdf3f3c180ae2aa6864f9c46a83a37a9"
x-amz-server-side-encryption: AES256
x-amz-meta-version: 0.2.5
x-amz-version-id: NUbpk_ypfZoRQFFJE7rB4qpj7fMsB7r1
accept-ranges: bytes
content-type: text/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=1800
expires: Thu, 18 Apr 2024 04:42:51 GMT
date: Thu, 18 Apr 2024 04:12:51 GMT
content-length: 20488
timing-allow-origin: *
access-control-allow-origin: *
X-Firefox-Spdy: h2

m.fb-login.com/static/css/main.cf63c09b.css

72.167.103.117

200 OK

33 kB

URL GET HTTP/2
m.fb-login.com/static/css/main.cf63c09b.css
IP
72.167.103.117:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectm.fb-login.com
Fingerprint02:61:D2:74:15:A4:A4:80:EE:73:DC:70:DA:37:14:0F:05:0E:B7:25
ValidityWed, 17 Apr 2024 20:53:37 GMT - Tue, 16 Jul 2024 20:53:36 GMT

File type
ASCII text, with very long lines (59616)
Size
33 kB (32799 bytes)
Hash
aeb043daf0fd8b04658efef3369e1545
98b9ed2d6446b99a24f50aa7675c9895ce07703c
58f0aaefb934521c185f7c02f8ee33fb85f69abc7fedcbefef662f94dd84a6c7

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static/css/main.cf63c09b.css HTTP/1.1
Host: m.fb-login.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 19:08:10 GMT
etag: "7ba0037-25fc0-6164f93503a80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 32799
content-type: text/css
date: Thu, 18 Apr 2024 04:12:51 GMT
server: Apache
X-Firefox-Spdy: h2

m.fb-login.com/static/js/main.24507848.js

72.167.103.117

200 OK

110 kB

URL GET HTTP/2
m.fb-login.com/static/js/main.24507848.js
IP
72.167.103.117:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectm.fb-login.com
Fingerprint02:61:D2:74:15:A4:A4:80:EE:73:DC:70:DA:37:14:0F:05:0E:B7:25
ValidityWed, 17 Apr 2024 20:53:37 GMT - Tue, 16 Jul 2024 20:53:36 GMT

File type
JavaScript source, ASCII text, with very long lines (65465)
Size
110 kB (110240 bytes)
Hash
9f876cc38be8f8f0d1e18bca73fad108
eb6975b4703e7dac99ddc4488c4a4f7416114de7
5d2dccc3fbd11e69a4fa757d0ac82d6c71034c0ec82cf1d13d5cdc322ab94247

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static/js/main.24507848.js HTTP/1.1
Host: m.fb-login.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 19:08:10 GMT
etag: "7ba007a-585d9-6164f93503a80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 110240
content-type: text/javascript
date: Thu, 18 Apr 2024 04:12:51 GMT
server: Apache
X-Firefox-Spdy: h2

104.84.152.58

200 OK

43 B

URL GET HTTP/2
events.api.secureserver.net/t/1/tl/event?dh=m.fb-login.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=6b84e516-9ab0-4ca9-b325-a1244d10db82&vtg=6b84e516-9ab0-4ca9-b325-a1244d10db82&dp=%2F&trace_id=86c68ed20557436c838e94d4af80dd0a&cts=2024-04-18T04%3A12%3A52.077Z&hit_id=76c0a7ce-062a-4cb3-a6e3-a4b20012823b&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491156%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229844744%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2118707490&z=125039162
IP
104.84.152.58:443
ASN
#20940 Akamai International B.V.

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.api.secureserver.net
Fingerprint86:0A:54:3C:14:92:76:57:19:E1:8B:86:AE:B6:C7:06:3C:C8:7A:58
ValidityMon, 10 Jul 2023 19:26:59 GMT - Sat, 10 Aug 2024 19:26:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /t/1/tl/event?dh=m.fb-login.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=6b84e516-9ab0-4ca9-b325-a1244d10db82&vtg=6b84e516-9ab0-4ca9-b325-a1244d10db82&dp=%2F&trace_id=86c68ed20557436c838e94d4af80dd0a&cts=2024-04-18T04%3A12%3A52.077Z&hit_id=76c0a7ce-062a-4cb3-a6e3-a4b20012823b&ht=pageview&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491156%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229844744%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2118707490&z=125039162 HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: https://m.fb-login.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Thu, 18 Apr 2024 04:12:52 GMT
X-Firefox-Spdy: h2

events.api.secureserver.net/t/1/tl/event?dh=m.fb-login.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=6b84e516-9ab0-4ca9-b325-a1244d10db82&vtg=6b84e516-9ab0-4ca9-b325-a1244d10db82&dp=%2F&trace_id=86c68ed20557436c838e94d4af80dd0a&cts=2024-04-18T04%3A12%3A52.289Z&hit_id=229b1a74-6e06-4c35-b9f6-d99fe26513c8&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491156%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229844744%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2118707490&z=1076354219&tce=1713413571355&tcs=1713413570880&tdc=1713413572282&tdclee=1713413572281&tdcles=1713413572277&tdi=1713413572077&tdl=1713413571654&tdle=1713413570880&tdls=1713413570880&tfs=1713413570879&tns=1713413570857&trqs=1713413571355&tre=1713413571504&trps=1713413571504&tles=1713413572282&tlee=0&nt=navigate&nav_type=hard

104.84.152.58

200 OK

43 B

URL GET HTTP/2
events.api.secureserver.net/t/1/tl/event?dh=m.fb-login.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=6b84e516-9ab0-4ca9-b325-a1244d10db82&vtg=6b84e516-9ab0-4ca9-b325-a1244d10db82&dp=%2F&trace_id=86c68ed20557436c838e94d4af80dd0a&cts=2024-04-18T04%3A12%3A52.289Z&hit_id=229b1a74-6e06-4c35-b9f6-d99fe26513c8&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491156%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229844744%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2118707490&z=1076354219&tce=1713413571355&tcs=1713413570880&tdc=1713413572282&tdclee=1713413572281&tdcles=1713413572277&tdi=1713413572077&tdl=1713413571654&tdle=1713413570880&tdls=1713413570880&tfs=1713413570879&tns=1713413570857&trqs=1713413571355&tre=1713413571504&trps=1713413571504&tles=1713413572282&tlee=0&nt=navigate&nav_type=hard
IP
104.84.152.58:443
ASN
#20940 Akamai International B.V.

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.api.secureserver.net
Fingerprint86:0A:54:3C:14:92:76:57:19:E1:8B:86:AE:B6:C7:06:3C:C8:7A:58
ValidityMon, 10 Jul 2023 19:26:59 GMT - Sat, 10 Aug 2024 19:26:59 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
325472601571f31e1bf00674c368d335
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

HTTP Headers

GET /t/1/tl/event?dh=m.fb-login.com&dr=&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&client_name=scc-c2&cv=0.2.5&vg=6b84e516-9ab0-4ca9-b325-a1244d10db82&vtg=6b84e516-9ab0-4ca9-b325-a1244d10db82&dp=%2F&trace_id=86c68ed20557436c838e94d4af80dd0a&cts=2024-04-18T04%3A12%3A52.289Z&hit_id=229b1a74-6e06-4c35-b9f6-d99fe26513c8&ea=pageperf&ht=perf&eid=traffic.tcc.instrumentation.navigation.timing&trfd=%7B%22ap%22%3A%22cpsh-oh%22%2C%22server%22%3A%22p3plzcpnl491156%22%2C%22dcenter%22%3A%22p3%22%2C%22cp_id%22%3A%229844744%22%2C%22cp_cache%22%3A%22%22%2C%22cp_cl%22%3A%228%22%7D&ap=cpsh-oh&vci=2118707490&z=1076354219&tce=1713413571355&tcs=1713413570880&tdc=1713413572282&tdclee=1713413572281&tdcles=1713413572277&tdi=1713413572077&tdl=1713413571654&tdle=1713413570880&tdls=1713413570880&tfs=1713413570879&tns=1713413570857&trqs=1713413571355&tre=1713413571504&trps=1713413571504&tles=1713413572282&tlee=0&nt=navigate&nav_type=hard HTTP/1.1
Host: events.api.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: image/gif
content-length: 43
access-control-allow-origin: https://m.fb-login.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
cache-control: private
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
date: Thu, 18 Apr 2024 04:12:52 GMT
X-Firefox-Spdy: h2

csp.secureserver.net/eventbus

104.110.14.92

200 OK

0 B

URL OPTIONS HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://m.fb-login.com/
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: 88f0ab06-7483-43a5-b68d-35749a1cd513
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type,authorization
x-amz-apigw-id: WZ2WyFohoAMEBJg=
Access-Control-Allow-Methods: OPTIONS,POST
x-amzn-trace-id: Root=1-66209dc4-345d1c830e4d431c54e6b6c4
x-envoy-upstream-service-time: 4
Expires: Thu, 18 Apr 2024 04:12:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 18 Apr 2024 04:12:52 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

csp.secureserver.net/eventbus

104.110.14.92

200 OK

0 B

URL OPTIONS HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Referer: https://m.fb-login.com/
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: b572b65b-97cc-410e-9707-995f4cb03663
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: content-type,authorization
x-amz-apigw-id: WZ2WyEYCoAMEU7g=
Access-Control-Allow-Methods: OPTIONS,POST
x-amzn-trace-id: Root=1-66209dc4-59ddf8733ce2642321fda91c
x-envoy-upstream-service-time: 5
Expires: Thu, 18 Apr 2024 04:12:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 18 Apr 2024 04:12:52 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

csp.secureserver.net/eventbus

104.110.14.92

200 OK

0 B

URL OPTIONS HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: api-key b18ef4f046435b64a469b32c3c1c20a3
Content-Type: application/json
Content-Length: 1050
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: 258d487a-2594-4ed7-8c3e-6e9f8cf41cc8
Access-Control-Allow-Origin: *
x-amz-apigw-id: WZ2WzHHzIAMEtng=
x-amzn-trace-id: Root=1-66209dc4-5fcfcdc5504f8fde12e86409
x-envoy-upstream-service-time: 101
Expires: Thu, 18 Apr 2024 04:12:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 18 Apr 2024 04:12:52 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

m.fb-login.com/apple-touch-icon.png

72.167.103.117

200 OK

3.9 kB

URL GET HTTP/2
m.fb-login.com/apple-touch-icon.png
IP
72.167.103.117:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectm.fb-login.com
Fingerprint02:61:D2:74:15:A4:A4:80:EE:73:DC:70:DA:37:14:0F:05:0E:B7:25
ValidityWed, 17 Apr 2024 20:53:37 GMT - Tue, 16 Jul 2024 20:53:36 GMT

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Size
3.9 kB (3919 bytes)
Hash
3e9533e36b37b665d85d920c8a58283d
7c0b7cd6fa47ca73ee7c7971f84c6728a5db811f
16161eafeb5ffaa11292d6defea260b5ab286329ea801f6e924a8feab65840eb

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /apple-touch-icon.png HTTP/1.1
Host: m.fb-login.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Cookie: _tccl_visitor=6b84e516-9ab0-4ca9-b325-a1244d10db82; _tccl_visit=6b84e516-9ab0-4ca9-b325-a1244d10db82; _scc_session=pc=1&C_TOUCH=2024-04-18T04:12:52.076Z
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 19:07:54 GMT
etag: "7ba002e-f4f-6164f925c1680"
accept-ranges: bytes
content-length: 3919
content-type: image/png
date: Thu, 18 Apr 2024 04:12:52 GMT
server: Apache
X-Firefox-Spdy: h2

m.fb-login.com/favicon-16x16.png

72.167.103.117

200 OK

822 B

URL GET HTTP/2
m.fb-login.com/favicon-16x16.png
IP
72.167.103.117:443
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectm.fb-login.com
Fingerprint02:61:D2:74:15:A4:A4:80:EE:73:DC:70:DA:37:14:0F:05:0E:B7:25
ValidityWed, 17 Apr 2024 20:53:37 GMT - Tue, 16 Jul 2024 20:53:36 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
822 B (822 bytes)
Hash
be9b2c044c6f5e1706f07c040da977e7
ed7227409e617008c554bd89f92d42ce74b2fb2a
95d92c83de08c2a0cd4b4c4c564debf02db09b1bcfc6957e9f63d2344e866bd4

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /favicon-16x16.png HTTP/1.1
Host: m.fb-login.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Cookie: _tccl_visitor=6b84e516-9ab0-4ca9-b325-a1244d10db82; _tccl_visit=6b84e516-9ab0-4ca9-b325-a1244d10db82; _scc_session=pc=1&C_TOUCH=2024-04-18T04:12:52.076Z
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 19:07:54 GMT
etag: "7ba002b-336-6164f925c1680"
accept-ranges: bytes
content-length: 822
content-type: image/png
date: Thu, 18 Apr 2024 04:12:52 GMT
server: Apache
X-Firefox-Spdy: h2

csp.secureserver.net/eventbus

104.110.14.92

200 OK

0 B

URL OPTIONS HTTP/1.1
csp.secureserver.net/eventbus
IP
104.110.14.92:443
ASN
#16625 AKAMAI-AS

Requested by
https://m.fb-login.com/
Certificate
IssuerStarfield Technologies, Inc.
Subject*.secureserver.net
FingerprintB6:20:47:6F:3C:E3:DC:99:70:44:2D:CB:6A:E0:1C:12:A4:A5:A0:5C
ValidityTue, 10 Oct 2023 22:44:19 GMT - Sun, 10 Nov 2024 22:44:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /eventbus HTTP/1.1
Host: csp.secureserver.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Authorization: api-key 8da2217409854bee82e12dc4ca0b39fb
Content-Type: application/json
Content-Length: 1781
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 202 Accepted
Content-Type: application/json
Content-Length: 0
x-amzn-requestid: e7521924-b8a7-48fe-9ed3-966615b1599b
Access-Control-Allow-Origin: *
x-amz-apigw-id: WZ2WzFrzIAMEDWA=
x-amzn-trace-id: Root=1-66209dc4-668c4f0e04767b271d9dc436
x-envoy-upstream-service-time: 368
Expires: Thu, 18 Apr 2024 04:12:53 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 18 Apr 2024 04:12:53 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400 ; includeSubDomains ; preload

top.anotherlevel.app/api/activity/shadow

146.70.81.214

200 OK

2 B

URL POST HTTP/1.1
top.anotherlevel.app/api/activity/shadow
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /api/activity/shadow HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://m.fb-login.com/
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 04:12:53 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
vary: Origin
access-control-allow-methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT
access-control-max-age: 600
access-control-allow-credentials: true
access-control-allow-origin: https://m.fb-login.com
access-control-allow-headers: content-type

fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap

142.250.74.106

200 OK

1.1 kB

URL GET HTTP/2
fonts.googleapis.com/css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://m.fb-login.com/
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint47:5A:64:7D:9F:47:34:07:31:91:97:F7:04:42:7A:D5:EA:AD:07:4E
ValidityMon, 04 Mar 2024 07:16:44 GMT - Mon, 27 May 2024 07:16:43 GMT

File type
gzip compressed data, max compression
Size
1.1 kB (1099 bytes)
Hash
7c05d172cab68c38611a3a1c2569072a
a0efd546e4d7ac90cc559d12f22d76f8dbb7e148
f42d2f81e9f3a830bf58af59557f68ccc0d3848bc6549001a0fa49ddaa8f1f1e

HTTP Headers

GET /css2?family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,300;1,400;1,500;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 04:12:52 GMT
date: Thu, 18 Apr 2024 04:12:52 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

m.fb-login.com/static/media/fb-acjinafnsilsebyl.b1cfbf0dc49d882cc320.svg

72.167.103.117

1.1 kB

URL GET
m.fb-login.com/static/media/fb-acjinafnsilsebyl.b1cfbf0dc49d882cc320.svg
IP
72.167.103.117:0
ASN
#398101 GO-DADDY-COM-LLC

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectm.fb-login.com
Fingerprint02:61:D2:74:15:A4:A4:80:EE:73:DC:70:DA:37:14:0F:05:0E:B7:25
ValidityWed, 17 Apr 2024 20:53:37 GMT - Tue, 16 Jul 2024 20:53:36 GMT

File type
SVG Scalable Vector Graphics image
Size
1.1 kB (1082 bytes)
Hash
665dd80e557128ca83c069e756e8a687
25684ac0c8c748a9c6fdc9cf2b74b1f197ff061b
be1a79177f078daadb07a28bed64ce33c1a143fb1e2dc21865482f9b504528e2

Detections

Analyzer	Verdict	Alert
urlquery	phishing	Phishing - Facebook
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /static/media/fb-acjinafnsilsebyl.b1cfbf0dc49d882cc320.svg HTTP/1.1
Host: m.fb-login.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Cookie: _tccl_visitor=6b84e516-9ab0-4ca9-b325-a1244d10db82; _tccl_visit=6b84e516-9ab0-4ca9-b325-a1244d10db82; _scc_session=pc=1&C_TOUCH=2024-04-18T04:12:52.076Z
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
last-modified: Wed, 17 Apr 2024 19:08:10 GMT
etag: "7ba006e-9f0-6164f93503a80-br"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: br
content-length: 1082
content-type: image/svg+xml
date: Thu, 18 Apr 2024 04:12:53 GMT
server: Apache
X-Firefox-Spdy: h2

top.anotherlevel.app/api/set_status/null/login

146.70.81.214

200 OK

36 B

URL GET HTTP/1.1
top.anotherlevel.app/api/set_status/null/login
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type
JSON text data
Size
36 B (36 bytes)
Hash
765920e039936e6a4efcef8bf71b17ee
752c679ee557891cae4eefd593c77913f7372dc2
3a81f99aaef5363691cb6067c2fe3c2b5eea5da386a7f80fcf7eafdd42e90de1

HTTP Headers

GET /api/set_status/null/login HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 04:12:53 GMT
Content-Type: application/json
Content-Length: 36
Connection: keep-alive
access-control-allow-origin: *
access-control-allow-credentials: true

top.anotherlevel.app/stealth

146.70.81.214

0 B

URL
top.anotherlevel.app/stealth
IP
146.70.81.214:0
ASN
#9009 M247 Europe SRL

Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stealth HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://m.fb-login.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 51NBcqf8Km3XlNJua3O/lQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 04:12:54 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KTwyFkk/2jPhqQFdIh/cmxkzpb8=
Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12

ipapi.co/json//

172.67.69.226

200 OK

744 B

URL GET HTTP/2
ipapi.co/json//
IP
172.67.69.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectipapi.co
FingerprintF4:65:F9:9B:26:CD:26:53:C7:F0:24:4D:F3:3B:E2:8E:8F:8F:60:D7
ValiditySat, 09 Mar 2024 17:29:09 GMT - Fri, 07 Jun 2024 17:29:08 GMT

File type
ASCII text, with very long lines (870), with no line terminators
Size
744 B (744 bytes)
Hash
f55d46bc645189e127961c66c5efb9b4
6ae674e090a2e80a4d512a8848ab34d7c11b65bc
6cb703f7995717251d724238bca09c5dc99a14d99aafd1836fc59ada3d36101f

HTTP Headers

GET /json// HTTP/1.1
Host: ipapi.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:12:54 GMT
content-type: application/json
allow: GET, OPTIONS, OPTIONS, HEAD, POST
x-frame-options: DENY
vary: Host, origin
access-control-allow-origin: https://m.fb-login.com
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ncn46jpxxUMSmbgq3%2FfIw8dYprQJ%2Bj59XKpE%2BcnzYl2IcIvK5A0jxlvctt4bO7hTxsx7S2OfME4wa5C0HqyxihUl6ktiDpTFumZIHFPA%2BFqGh9c6F2kX0f2V"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8761d1b5c8557129-OSL
content-encoding: br
X-Firefox-Spdy: h2

ipapi.co/json//

172.67.69.226

200 OK

744 B

URL GET HTTP/2
ipapi.co/json//
IP
172.67.69.226:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjectipapi.co
FingerprintF4:65:F9:9B:26:CD:26:53:C7:F0:24:4D:F3:3B:E2:8E:8F:8F:60:D7
ValiditySat, 09 Mar 2024 17:29:09 GMT - Fri, 07 Jun 2024 17:29:08 GMT

File type
ASCII text, with very long lines (870), with no line terminators
Size
744 B (744 bytes)
Hash
f55d46bc645189e127961c66c5efb9b4
6ae674e090a2e80a4d512a8848ab34d7c11b65bc
6cb703f7995717251d724238bca09c5dc99a14d99aafd1836fc59ada3d36101f

HTTP Headers

GET /json// HTTP/1.1
Host: ipapi.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.fb-login.com
DNT: 1
Connection: keep-alive
Referer: https://m.fb-login.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 04:12:52 GMT
content-type: application/json
allow: OPTIONS, POST, HEAD, GET, OPTIONS
x-frame-options: DENY
vary: Host, origin
access-control-allow-origin: https://m.fb-login.com
x-content-type-options: nosniff
referrer-policy: same-origin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p1nx6ngOd7AJsGBCOePm9FliSViNsBK8R5zmmuKiKFgy8WbzLMnibPyeJBCH28Bku%2FfPZsBH1%2BTllqL%2BzBik%2BOzTFG0jE6Mi4VbcJ0FNyhxbiA0usFRKW5rJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8761d1aae9a37129-OSL
content-encoding: br
X-Firefox-Spdy: h2

top.anotherlevel.app/stealth

146.70.81.214

101 Switching Protocols

0 B

URL GET HTTP/1.1
top.anotherlevel.app/stealth
IP
146.70.81.214:443
ASN
#9009 M247 Europe SRL

Requested by
https://m.fb-login.com/
Certificate
IssuerLet's Encrypt
Subjecttop.anotherlevel.app
Fingerprint97:3E:5A:E4:F2:E9:28:A6:4E:FB:25:58:A3:E0:AF:24:9A:6F:EB:61
ValidityFri, 12 Apr 2024 12:56:31 GMT - Thu, 11 Jul 2024 12:56:30 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stealth HTTP/1.1
Host: top.anotherlevel.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://m.fb-login.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 51NBcqf8Km3XlNJua3O/lQ==
DNT: 1
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Server: nginx/1.22.1
Date: Thu, 18 Apr 2024 04:12:54 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: KTwyFkk/2jPhqQFdIh/cmxkzpb8=
Sec-WebSocket-Extensions: permessage-deflate; server_max_window_bits=12

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (3)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (21)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET HTTP/2

IP

ASN

Requested by

Certificate