urlscan.io logo urlscan.io
SecurityTrails logo

www.facebook.com-0ffer.com Open in urlscan Pro
68.65.122.201  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: https://www.facebook.com-0ffer.com/
Submission: On December 29 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 20 HTTP transactions. The main IP is 68.65.122.201, located in Los Angeles, United States and belongs to NAMECHEAP-NET - Namecheap, Inc., US. The main domain is www.facebook.com-0ffer.com.
TLS certificate: Issued by COMODO RSA Domain Validation Secure S... on February 6th 2018. Valid for: 2 years.
This is the only time www.facebook.com-0ffer.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Facebook (Social Network)

Domain & IP information

IP Address AS Autonomous System
1 68.65.122.201 22612 (NAMECHEAP...)
17 2a03:2880:f01... 32934 (FACEBOOK)
1 212.217.4.145 6713 (IAM-AS)
2 3 2a03:2880:f11... ()
20 4
1    68.65.122.201 (Los Angeles, United States)

ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US)
PTR: premium24-1.web-hosting.com
www.facebook.com-0ffer.com
17    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
static.xx.fbcdn.net
1    212.217.4.145 (Morocco)

ASN6713 (IAM-AS, MA)
PTR: static-145-4-217-212.dialup.iam.net.ma
scontent.frba2-1.fna.fbcdn.net
3    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN- ()
facebook.com
fbcdn.net
fbsbx.com
Domain Requested by
17 static.xx.fbcdn.net www.facebook.com-0ffer.com
static.xx.fbcdn.net
1 fbsbx.com www.facebook.com-0ffer.com
1 fbcdn.net 1 redirects
1 facebook.com 1 redirects
1 scontent.frba2-1.fna.fbcdn.net www.facebook.com-0ffer.com
1 www.facebook.com-0ffer.com
20 6

This site contains links to these domains. Also see Links.

Domain
lm.facebook.com
Subject Issuer Validity Valid
*.web-hosting.com
COMODO RSA Domain Validation Secure Server CA		 2018-02-06 -
2020-04-04		 2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-12-06 -
2020-03-05		 3 months crt.sh
*.frba2-1.fna.fbcdn.net
DigiCert SHA2 High Assurance Server CA		 2019-12-05 -
2020-03-04		 3 months crt.sh
fbcdn.net
DigiCert SHA2 High Assurance Server CA		 2019-12-11 -
2020-03-10		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.facebook.com-0ffer.com/
Frame ID: 2BDFBF80B66E9188A78C3E0415DEF3A9
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i

Page Statistics

20
Requests

95 %
HTTPS

50 %
IPv6

4
Domains

6
Subdomains

4
IPs

3
Countries

378 kB
Transfer

1182 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://facebook.com/security/hsts-pixel.gif?c=3.2 HTTP 302
  • https://fbcdn.net/security/hsts-pixel.gif?c=2 HTTP 302
  • https://fbsbx.com/security/hsts-pixel.gif

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.facebook.com-0ffer.com/ 		100 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
68.65.122.201 Los Angeles, United States, ASN22612 (NAMECHEAP-NET - Namecheap, Inc., US),
Reverse DNS
premium24-1.web-hosting.com
Software
Apache /
Resource Hash
1d422f8d79e65ec838ff1ef6cbca088f005dc24c844b49d9e5202772eaa18fed

Request headers

:method
GET
:authority
www.facebook.com-0ffer.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-User
?1

Response headers

status
200
date
Sun, 29 Dec 2019 18:12:44 GMT
server
Apache
last-modified
Sun, 29 Dec 2019 18:10:36 GMT
accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-length
26777
content-type
text/html
_fGMedxCUqx.js
static.xx.fbcdn.net/rsrc.php/v3iooI4/yz/l/en_GB/ 		74 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iooI4/yz/l/en_GB/_fGMedxCUqx.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
563184c2995902344ec496d3379c43dec1d7c8b9a0ed93763073068736a26cd2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
r5CQk+PJvbc8+bqloLv+0w==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
22068
x-fb-debug
48gujwnpa/0IL882VGUU6H5fQV78p3++6dATEtfEGiX1OfUKj++bjOjg7UZv5iJEbdmjZnS/ovXjxaMiNBWtTA==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
9lD4sqA6jmX.js
static.xx.fbcdn.net/rsrc.php/v3/yK/r/ 		110 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yK/r/9lD4sqA6jmX.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
3ed7bb4619eb445c32506731245edbf8d84bcf4a67b25bf540016d9f718893a8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
qpfccIBiG8ooTq/dJ+GUmA==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
29175
x-fb-debug
ZlWiNrRqCOVHWLVYR2Qt5qLUb82J6RL2y3Ch/a8ZM8esZbYIP9Pk5DVyrj1vhbVOFNu/mJvY6XjaReLSmevYrA==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
gS8opAKUrWn.js
static.xx.fbcdn.net/rsrc.php/v3iN6O4/y0/l/en_GB/ 		44 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iN6O4/y0/l/en_GB/gS8opAKUrWn.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
a4f008f9bd2f995fb247ae2038762bb3cbbc3ff23112790aa44ef9dc96f9735d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
RyZ/MYvgNJyNMjp84+Kb1g==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
14690
x-fb-debug
NgC9cF36bZBFCthhyxmVyyvFXxJECU2nENZ22EPRvUqdgSJTqkcomgA9RCeestV61H02avU6Udb0k1SNCEo9YA==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
IW7LGCEmjta.js
static.xx.fbcdn.net/rsrc.php/v3/yJ/r/ 		51 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yJ/r/IW7LGCEmjta.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
6672b44ab330aa965a25507274749f29c2ec2b3ae21edbdc463c23e5b3cb3867
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:44 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
iPKp21RdAvWfJKHp9ge0ag==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
13351
x-fb-debug
fY+XW6Trhhvl67Ov8TuFkV3kH8A7hGSGDJmq8GBohIaRtECGfEtbpBNNOnMkYsV76r0ylPFW3E6WWv0NnW6+Vw==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Sat, 26 Dec 2020 20:24:06 GMT
cJVUtb6J08D.js
static.xx.fbcdn.net/rsrc.php/v3i3kA4/y-/l/en_GB/ 		91 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3i3kA4/y-/l/en_GB/cJVUtb6J08D.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c659a8410ea3060f0fc575c61ede62d6a350fc8c4c17256cc555c4017d50a142
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:44 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
kOfSTaTWSvx+MuzFa+KnOA==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
23991
x-fb-debug
OBkxuWSaJ31S55ci6dUkvbiELnuHiPniIkylTXuMTupHxYQ+VlObziBHWoKqE0Jb//p7dVYZW4xRXTVEt7mIsQ==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:44 GMT
L0ycFLmtv_R.js
static.xx.fbcdn.net/rsrc.php/v3inQB4/yr/l/en_GB/ 		90 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3inQB4/yr/l/en_GB/L0ycFLmtv_R.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0795187c201f1246c78d1f5c1c163157b85312c9c519a1c38d716181b9a14aee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:44 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
RRDeiZ1zlJPXJQYQv4kafg==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
19868
x-fb-debug
IliA/RAILa5lw/piqoewY42cx7wkKm+oFf0GzMNaBnTwo9IVcehCMur3m7d07T6HVRwlNAgQDfWjwUp5o9PaKw==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:44 GMT
svFKQXueTby.js
static.xx.fbcdn.net/rsrc.php/v3/y7/r/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y7/r/svFKQXueTby.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
522428fd2693381b58705586cb3350c66c4b4ba1d52716086b14a9cefb8130b3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:44 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
9wg0fdDGYUGTXAcRqk4U2A==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
2406
x-fb-debug
qTobjCpYDPvlzJ4QOPHy3yF/U65i1YMaskr3Yq73vdRNDOPP4vm3jeDnIaPQ0VN70mfuW+qbYNUvv3oGHutDWw==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 14 Dec 2020 20:36:35 GMT
iNdJfMD9XGd.css
static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/ 		69 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/iNdJfMD9XGd.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
407ca25b66227bf588fe530c3b04932421051221e8445b879d40a41d764b6ffb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
XY7ZWqZ3KRJ9UqkV55OZ0w==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
16485
x-fb-debug
BWndwzIUJsxsU2ghfIk/D8c3piz7TGb7ipbHx1WFHnM7tjtble4WpqEdObDaksshyE/Z8IyPw7PvayY3Sf1w9A==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
Ax6H5Mh0gSF.css
static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ys/l/0,cross/Ax6H5Mh0gSF.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0cdbbdc860a84576c43a1a88728ade865e5271e88032774fef5eeae895475333
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:44 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
A13aYQHUhOCS90lK/vofyA==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
3034
x-fb-debug
/D3C9r+Ctm3dwjpjbmv8tqg7Axu2kMgqQDCgH2b6j6xGiZ8xohF0u1rIZg5TzEXY9iLvBzpypgRp7HUCOZUVMw==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 00:02:05 GMT
eDptvoKfHxf.js
static.xx.fbcdn.net/rsrc.php/v3/ys/r/ 		214 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/eDptvoKfHxf.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
06f81c18631a3eb7d32c9c9f37f548609fcb0fd28855bcf2cbb194b0237825b6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
Q3KW1HPBur+QhH+7t+VI2A==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
57712
x-fb-debug
WIOIcbAjFw7/Uh/Pjw3rHYN8iNHGR0e8IL1BGmSREe7F3TcVGIXUiYqsxjxSxxgITyfVnftEsOx83uAMjO0Z1g==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
23065717_2058763144353975_2145607202558181376_n.png
scontent.frba2-1.fna.fbcdn.net/v/t39.2081-6/c0.0.76.76a/p75x75/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://scontent.frba2-1.fna.fbcdn.net/v/t39.2081-6/c0.0.76.76a/p75x75/23065717_2058763144353975_2145607202558181376_n.png?_nc_cat=1&_nc_ohc=PhRT4N-1g4gAQlj6lyJ61BETUNTIZFCPnIK52dvRJzsDdqpj5w6im4HlA&_nc_ht=scontent.frba2-1.fna&oh=5ea233ea6abd288b19b44e8ca9ec5dc7&oe=5E46AC4E
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
212.217.4.145 , Morocco, ASN6713 (IAM-AS, MA),
Reverse DNS
static-145-4-217-212.dialup.iam.net.ma
Software
/
Resource Hash
5b4a7e7749b5b54edc154462c26b106e82d2830a9c6e62e3feb6882d7822f933

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-haystack-needlechecksum
2669938893
date
Sun, 29 Dec 2019 18:12:44 GMT
x-fb-config-version-elb-prod
664
last-modified
Fri, 17 Nov 2017 13:35:23 GMT
access-control-allow-origin
*
accept-ranges
bytes
x-fb-config-version-flb-prod
307
content-type
image/png
status
200
access-control-expose-headers
X-FB-CEC-Video-Limit
cache-control
max-age=1209600, no-transform
x-needle-checksum
3513963331
x-fb-config-version-olb-prod
664
timing-allow-origin
*
content-length
11970
hsts-pixel.gif
fbsbx.com/security/
Redirect Chain
  • https://facebook.com/security/hsts-pixel.gif?c=3.2
  • https://fbcdn.net/security/hsts-pixel.gif?c=2
  • https://fbsbx.com/security/hsts-pixel.gif
43 B
752 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fbsbx.com/security/hsts-pixel.gif
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN (),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
HjV9hKkqfBWVI7OmuAftifpB5GdxqGiRhfx1d8/nG004leQnzHDRhH02DKJsfq/aYyJEJlBNgEXrUdT2gn1+Mw==
date
Sun, 29 Dec 2019 18:12:44 GMT
x-frame-options
DENY
content-type
image/gif
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
private, no-cache, no-store, must-revalidate
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT

Redirect headers

x-fb-debug
O61qdVGBJYiLQ6ex5eDQz9Q0Fn1RACK3yFDzajY9mzwk+jTVTB69AIcCtHzzfozqN16nW1D4LeMxrrdDQIWBxA==
access-control-allow-origin
*
date
Sun, 29 Dec 2019 18:12:44 GMT
location
https://fbsbx.com/security/hsts-pixel.gif
content-type
text/html; charset="utf-8"
status
302
strict-transport-security
max-age=31536000; preload; includeSubDomains
alt-svc
h3-24=":443"; ma=3600
content-length
0
Z6Jze-e4yks.js
static.xx.fbcdn.net/rsrc.php/v3/yx/r/ 		79 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yx/r/Z6Jze-e4yks.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0b2e81096a2c4b46e45d9285ed8ddc7f6205ef89a0f06de58a4245cca5ff3e26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
XDbsCsSPwsBfIq4T7OmrPQ==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
22626
x-fb-debug
RBa+MSJG4cIzXlCf551iHPLHCaIzt0Jj5901oM2P/wvdcSrU91WVVU5LNLbFN7x3fONaql+0N3Ix/uA30le+Pg==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
-H9YOg7ZAQP.js
static.xx.fbcdn.net/rsrc.php/v3inLb4/yb/l/en_GB/ 		51 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3inLb4/yb/l/en_GB/-H9YOg7ZAQP.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
bbea89698c1b720bae5b2dfdfdbf353bd77c222a2e2f193095a03b2f6d5ad380
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
ZEoGgo8Dm6fYopauujD0Kw==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
14656
x-fb-debug
fg2WUzH4kqOilS9AM2RtkLY8AACGx6LIQkEfcjg9E9GXtQQ7K9dIVvz0MbyfVXOlaMjArCF6QVjyajHo9g3UuQ==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
QQbSu8Niuwx.js
static.xx.fbcdn.net/rsrc.php/v3iLl54/yF/l/en_GB/ 		104 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3iLl54/yF/l/en_GB/QQbSu8Niuwx.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
91fe1869777cd2b0e96f473d8a095997c1917634d45fce55db86b663dd7151ff
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.facebook.com-0ffer.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sun, 29 Dec 2019 18:12:45 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
q+AisWvc2YVrVZbXfHbp7Q==
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
29367
x-fb-debug
XPlhs5DIwpjy3a2TcGB/htZGa9eIq6AFIzkhyxBEhHg4vZrcbxUA1bKTIQsp1rDPyvtNEGLP8b7vJl+cM9a3mQ==
x-fb-trip-id
420120009
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Mon, 28 Dec 2020 18:12:45 GMT
C3cU-MYeWEh.png
static.xx.fbcdn.net/rsrc.php/v3/yV/r/ 		68 KB
69 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yV/r/C3cU-MYeWEh.png
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
92e35c79978e493aa68acc364dbace9b736af68d883347a831188d8c5eb65ff5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/iNdJfMD9XGd.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
25iuagaay1anq2t6RJF0bx2hd7Q1tmqCchnEw1WdFFYEeumrdCsG/xwxsOXF0l/DYELEaxRIkg7DXu0UNTZZTQ==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
nzJHj5lq7eEQ6GC6Ne3NAA==
access-control-allow-origin
*
date
Sun, 29 Dec 2019 18:12:46 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
69997
expires
Mon, 28 Dec 2020 18:12:46 GMT
5NR43BsYs8o.png
static.xx.fbcdn.net/rsrc.php/v3/yO/r/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yO/r/5NR43BsYs8o.png
Requested by
Host: www.facebook.com-0ffer.com
URL: https://www.facebook.com-0ffer.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/iNdJfMD9XGd.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
C5uDAKqG0oHbe6sLyJqeJqAJE3tH+1Qx2m9+WoANTdG6byEES4WE5G3F7Ur6Z6a5rxCTRD3fUDybVdcY4b6grw==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
zS7nNbuF+qoavNDFbgWDdA==
access-control-allow-origin
*
date
Sun, 29 Dec 2019 18:12:45 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
1307
expires
Mon, 14 Dec 2020 22:57:36 GMT
kMZsERY12X9.png
static.xx.fbcdn.net/rsrc.php/v3/yI/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/kMZsERY12X9.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iooI4/yz/l/en_GB/_fGMedxCUqx.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
37bb73c6015ddb1ea5720b88980135bd3eb1603b619d3870c947ebd61f70be9e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/iNdJfMD9XGd.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
ArGgG8oFmJYLs1Yx5Ioe6woj+9wtLGq8b1ZNA86Kpu6xIQRDHd6lReBCWXEkfM3gPAFU0h865RDMyZmD/PJmAg==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
OHMloBxaJkx1FTkBeKDOZQ==
access-control-allow-origin
*
date
Sun, 29 Dec 2019 18:12:46 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
1416
expires
Mon, 21 Dec 2020 09:16:53 GMT
C-DoQACmfug.png
static.xx.fbcdn.net/rsrc.php/v3/yd/r/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/yd/r/C-DoQACmfug.png
Requested by
Host: static.xx.fbcdn.net
URL: https://static.xx.fbcdn.net/rsrc.php/v3iooI4/yz/l/en_GB/_fGMedxCUqx.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
c2946cbb6e49f679c5c9e3cf1f433e95c4b42783a97e733612c373e268ccf7a6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0,cross/iNdJfMD9XGd.css?_nc_x=Ij3Wp8lg5Kz
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-debug
1mJxXrv9PLOQF6T+enOokaM5Qf0+ek0AbiCmEFQWlU0K/diqG2P07LRSaG9Gz7GCq8L+fQ/p98mIoCgU6w/f3g==
x-fb-trip-id
420120009
x-content-type-options
nosniff
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-md5
94744kTrThTW+5IkG9Dmuw==
access-control-allow-origin
*
date
Sun, 29 Dec 2019 18:12:46 GMT
content-type
image/png
status
200
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
alt-svc
h3-24=":443"; ma=3600
content-length
1507
expires
Thu, 17 Dec 2020 22:08:59 GMT

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Facebook (Social Network)

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| envFlush object| Env number| __DEV__ undefined| __p function| emptyFunction function| __annotator function| __bodyWrapper function| __t function| __w function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireDynamic function| requireLazy function| __d function| $RefreshReg$ function| $RefreshSig$ object| ErrorSerializer object| ErrorGuard object| ErrorUtils object| TimeSlice function| CavalryLogger function| __updateOrientation function| ProfilingCounters object| bigPipe object| MAjaxify string| _script_path function| __fbNativeSetTimeout function| __fbNativeClearTimeout function| __fbNativeSetInterval function| __fbNativeClearInterval function| __fbNativeRequestAnimationFrame function| __fbNativeCancelAnimationFrame

1 Cookies

Domain/Path Name / Value
.facebook.com-0ffer.com/ Name: wd
Value: 1585x1200

1 Console Messages

Source Level URL
Text
console-api error URL: https://static.xx.fbcdn.net/rsrc.php/v3/ys/r/eDptvoKfHxf.js?_nc_x=Ij3Wp8lg5Kz(Line 51)
Message:
ErrorUtils caught an error: "find(<node>, "button", "m_login_button"): matched no nodes.". Subsequent errors won't be logged; see https://fburl.com/debugjs.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

facebook.com
fbcdn.net
fbsbx.com
scontent.frba2-1.fna.fbcdn.net
static.xx.fbcdn.net
www.facebook.com-0ffer.com
212.217.4.145
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
68.65.122.201
06f81c18631a3eb7d32c9c9f37f548609fcb0fd28855bcf2cbb194b0237825b6
0795187c201f1246c78d1f5c1c163157b85312c9c519a1c38d716181b9a14aee
0b2e81096a2c4b46e45d9285ed8ddc7f6205ef89a0f06de58a4245cca5ff3e26
0cdbbdc860a84576c43a1a88728ade865e5271e88032774fef5eeae895475333
1d422f8d79e65ec838ff1ef6cbca088f005dc24c844b49d9e5202772eaa18fed
37bb73c6015ddb1ea5720b88980135bd3eb1603b619d3870c947ebd61f70be9e
3ed7bb4619eb445c32506731245edbf8d84bcf4a67b25bf540016d9f718893a8
407ca25b66227bf588fe530c3b04932421051221e8445b879d40a41d764b6ffb
522428fd2693381b58705586cb3350c66c4b4ba1d52716086b14a9cefb8130b3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
563184c2995902344ec496d3379c43dec1d7c8b9a0ed93763073068736a26cd2
5b4a7e7749b5b54edc154462c26b106e82d2830a9c6e62e3feb6882d7822f933
6672b44ab330aa965a25507274749f29c2ec2b3ae21edbdc463c23e5b3cb3867
91fe1869777cd2b0e96f473d8a095997c1917634d45fce55db86b663dd7151ff
92e35c79978e493aa68acc364dbace9b736af68d883347a831188d8c5eb65ff5
9615b777212478a41835e410c9897cd544b98c5473b7b73cbec777f1db2d5404
a4f008f9bd2f995fb247ae2038762bb3cbbc3ff23112790aa44ef9dc96f9735d
bbea89698c1b720bae5b2dfdfdbf353bd77c222a2e2f193095a03b2f6d5ad380
c2946cbb6e49f679c5c9e3cf1f433e95c4b42783a97e733612c373e268ccf7a6
c659a8410ea3060f0fc575c61ede62d6a350fc8c4c17256cc555c4017d50a142